Re: qmail, DNS, and relaying for a hidden host
Greg Owen {gowen} wrote:
How does Qmail act as an outbound relay for a host who is not listed in
DNS?
I'm setting up a network which has two Qmail mail relays on the DMZ, and
the mail server (mail store) on the internal network. The firewall allows
the mail store to talk to the mail relays (and vice versa), and the mail
relays to talk to the Internet (and vice versa).
Greg,
Check out the O'Reilly book "Building Internet Firewalls" (? may be
slightly wrong title). It has a lot of useful suggestions which may
help you.
I have a similar setup, ie mail is received by a "bastion host" on our
perimeter network (DMZ) and forwarded to the internal mail host on our
internal network through a router doing address translation, ie the
internal network uses 172.16.x.
I acually use QMQP to transfer mail from the bastion host to the
internal mail host. The bastion host runs qmail-smtpd to receive
incoming mail, and uses qmail-qmqpc to send it all through the firewall
to the internal mail host. No mail is delivered locally on the bastion
host; all locally generated system mail is delivered to the internal
mail host.
I don't bother using the bastion host as an outgoing relay; I send all
mail direct from the internal mail host. There's not really much more
of a security rick since you only have to open up the router for
outgoing packets (from what I can gather). Though it wouldn't be too
much trouble allowing the internal machine to use the bastion host as an
outgoing relay as the bastion host uses the "internal" DNS ie as
specified in resolv.conf.
1) Add the mail store to Internet-available DNS? Security guidelines
say not to do this, in order to deny information to attackers, but that's
always seemed a pretty weak argument to me (once someone is in a position to
use the information, they're in a position to gather the information pretty
easily).
Nope.
2) Set the firewall to allow the mail relays to query the INTERNAL DNS
servers, which will know about this host and will forward other requests
back out the firewall to the ISP's DNS server? Seems inefficient, and
presumably is as bad or worse than #1 security wise (cracker need only break
DMZ to get all DNS info, as opposed to breaking onto the internal network).
This is what I do.
3) Set up a forwarding DNS server on the DMZ which knows about the
internal mail store, but doesn't pass that info on to the Internet?
Nope. You seem to be confusing DNS server and DNS client. You can
specify that the bastion host uses the internal DNS to resolve names for
its own processes and run a DNS server on the same box containing
completely different information.
4) Entering an [dotted quad] into smtproutes fixes this on the inbound
relay case. Is there a similar fax for the outbound relay case?
Why not send outgoing mail directly?
R.
--
Two rules to success in life:
1. Don't tell people everything you know.
-- Sassan Tat
RE: ETRN, qmail-1.03 and etrn patch v0.1f
I've read the page about etrn, and I think the author made some mistakes (at least on his first page, I'm saying anything about the code). Maildir2smtp does NOT require a seperate queue to be created: you just let the mail be delivered at a normal mailbox, and when the person connects using POP3, maildir2smtp starts delivering mail to that ip address. This is a great advantage for when you're using dynamic ip addresses: you don't always know which ip address a client gets. This solution of etrn relies on the fact that all mail should stay in a queue. But why? In a maildir, you've much more control about the size (quota) and all, which I think is a feature many people appreciate. When mails stay in the queue, it can grow beyond your control and crash your own machine. So to summarize: use maildir2smtp, not etrn. -- From: Andrew Spencer[SMTP:[EMAIL PROTECTED]] Sent: Wednesday, March 17, 1999 9:44 PM To: [EMAIL PROTECTED] Subject: ETRN, qmail-1.03 and etrn patch v0.1f This is the first time I've posted to the list, so if I've missed something, kindly let me know... I checked the FAQ but didn't find anything... This is concerning the etrn solution I found at this URL: http://www.cqc.com/~pacman/projects/qmail-etrn/ I am currently using a P90/Redhat 5.2 test station using qmail-1.03 installed via the memphis rpm's. (qmail-1.03-11ucspi.i386.rpm, based on a src rpm) I then compiled the qmail-1.03, patched with etrn diff v0.1f on another test station also running Redhat 5.2 and the memphis 1.03 rpm. (only have a limited HD on the testing station) Compared the binaries from my existing /var/qmail/bin to qmail-1.03/ and moved in the changed binaries... Restarted... Took a bit to get the permissions on etrntrigger and /var/qmail/queue/lock/tcpto but it appears to be working... The etrn command is received and says ok But I'm not seeing an "instantaneous" outflow of held mail... I use qmHandle -l to see what's sitting in the queue, and I have the test mx10 go offline, watch the mail pool by watching for deferrals in the wmail log, and then I bring it back online and issue the etrn command via port 25... 250 ok... But no outgoing mail traffic... In amount 5-10minutes it will starting spooling out and everything is fine... The only thing I can think of is the patch isn't quite right... I have noticed that nothing shows up in qmail-tcpto but I've gotten varied results in regenerating qmail-tcpto tables for specific IP address on "unmodified" qmail installs... I can see healthy qmail-tcpto responses on our outgoing mail server, but everytime I trick it into holding email a specific IP using static mail routes I don't see it show up in the qmail-tcpto tables... Is 5-10 minutes response from an ETRN, in this configuration normal or? Any checks I can make to make sure that tcpto "tables"(?) are working ok... I have attempted to find other ETRN solutions, and have found mention of AutoTRN(?) but can't find anything concrete on it If you have URLs or leads on an ETRN package you can email me directly... Any input would be greatly appreciated... Andrew Spencer Qmail Admin / RMCI [EMAIL PROTECTED]
RE: ETRN, qmail-1.03 and etrn patch v0.1f
I've read the page about etrn, and I think the author made some mistakes (at least on his first page, I'm saying anything about the code). [snip] This solution of etrn relies on the fact that all mail should stay in a queue. But why? In a maildir, you've much more control about the size (quota) and all, which I think is a feature many people appreciate. When mails stay in the queue, it can grow beyond your control and crash your own machine. So to summarize: use maildir2smtp, not etrn. That's one part of the truth. The rest is that for maildir/maildir2smtp you need to know _in advance_ for which domains you have this feature. ETRN is much more democratic - every domain for which you have the mail in queue can ask you to deliver it now. In "normal" setup you probably don't need etrn - the messages in queue are either outgoing or going to your clients. I can't think of an example where etrn cuts it more easily than maildir2smtp does but that probably doesn't mean there is one... Just my 0.02 whatever. -- Petr Novotny, ANTEK CS [EMAIL PROTECTED] http://www.antek.cz -- Don't you know there ain't no devil there's just God when he's drunk. [Tom Waits]
qmail sends single message meny times
Hi, I'm using qmail to secure our students mail server, to use quotas etc... When user sends a message to meny resipients qmail sends particular message for evryone of them, evan I'm using "smart relay" (/var/qmail/control/smtproutes::post-office.ru.acad.bg) . The problem is when particular recipients address is hundreds of times in the message header: To: [EMAIL PROTECTED], [EMAIL PROTECTED] qmail will produce hundreds of messages to single user. In this case sendmail sends a single message. Also it rewrites aliases and sends a single message to particular address. How can qmail gains sendmail's behaviour? -- Iavor Trapkov
Re: Relaying problem (new approach)
- torben fjerdingstad [EMAIL PROTECTED]: | The problem. | I have, too many times, seen mail.isp.dk reject mail to | my customers domains with the following error: | | "Sorry. Although I'm listed as a best-preference MX or A for that host," | "it isn't in my control/locals file, so I don't treat it as local. (#5.4.6)" | | The error message above contains two statements: | My customers domain names are not in control/locals. That is true. | Our mail relay is listed as the best-preference MX. That is wrong. Have you tried running dnsmxip (in the qmail source directory) against the customer's domain? | I cannot imagine that DNS can claim our mail server to be the best | MX for our costomer's domain, which it is not, and never has been. Do you control the authoritative DNS server for the customer's domain yourself? Could it be that someone occasionally screws up the name server, actually rendering your server the best MX? Apart from that, and the possibility that you have a buggy name server around, I see no reason why you should get the behaviour you describe. | DNS says (made up names): | | customer.dk. --- customer's zone | IN MX 10 mail.customer.dk. -- customer's server | IN MX 20 mail.isp.dk. --- Our server As it should be. | Testing is difficult because I can only send mail from our networks, | so rcpthosts is never consulted. Testing from outside is possible | using telnet, but I don't have a shell account on the outside. Like I indicated, there is always dnsmxip. And you can telnet directly to your server's SMTP port and try a few mail from: and rcpt to: commands. - Harald
Re: Relaying problem (new approach)
On Thu, Mar 18, 1999 at 12:52:53PM +0100, torben fjerdingstad wrote: DNS says (made up names): customer.dk. --- customer's zone IN MX 10 mail.customer.dk. -- customer's server IN MX 20 mail.isp.dk. --- Our server "Sorry. Although I'm listed as a best-preference MX or A for that host," "it isn't in my control/locals file, so I don't treat it as local. (#5.4.6)" Testing is difficult because I can only send mail from our networks, so rcpthosts is never consulted. Testing from outside is possible using telnet, but I don't have a shell account on the outside. 1) PLEASE don't "make up names". This makes it impossible to e.g. track down problems with DNS for the people on the list. 2) Are you sure the zone files are authoritative? If there is a mistake and you took the above lines from the zone file it may not reflect the situation as in DNS. Same if you forgot to increment the serial. 3) Are you sure the setup with a lower prio MX is true (and WAS!!!) at the moment qmail received the mail. Note that there are some delays in DNS when updating DNS zones due to caching. 4) We have a setup like yours for some thousand domains and it works perfectly for nearly two years (without having the domains in smtproutes) 5) rcpthosts only tells qmail-smtpd which domains are allowed as destination addresses in the envelope. It has nothing to do with the error messages you get. Local testing is perfect, as your problem is with further delivery of the email and in that case (once it's on your system) rcpthosts doesn't matter any longer. -- SpaceNet GmbH | http://www.Space.Net/ | In a world without Research Development| mailto:[EMAIL PROTECTED] | walls and fences, Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| who needs D-80807 Muenchen | Fax: +49 (89) 32356-299 | Windows and Gates?
Re: again NIS and qmail: refined question
On Wed, Mar 17, 1999 at 04:29:21PM +0300, [EMAIL PROTECTED] wrote: Hi, I`ve find out the problem, that made deliveries of local messages impossible - since all the users has the ~ set as /tmp (they have only vsm pop3 accounts) qmail refuses to deliver messages ... the [Q] is where do I tweak qmail sources for it to be more tolerant about this matter? I`ve checked conf-patrn ... my attempts to change bits in it didn`t work out ... Would some [c|qmail] gurus help me (: ? Read FAQ 4.9 Greetz, Peter. -- .| Peter van Dijk | mo|VERWEG stoned worden of coden .| [EMAIL PROTECTED] | mo|VERWEG dat is de levensvraag | mo|VERWEG coden of stoned worden | mo|VERWEG stonend worden En coden | mo|VERWEG hmm | mo|VERWEG dan maar stoned worden en slashdot lezen:)
Re: dot-qmail security
On Tue, 16 Mar 1999, Dave Sill wrote: Brad Shelton [EMAIL PROTECTED] wrote: All you have to do is create it as root and make it readable by the mail process for the user. They can read it, but they can't replace it. Not true. If the user can write the directory, they can replace it. They can _read_ it, but not write to it at all. :-) Maildir and other files / directories must be made by root and chown'ed to the user. I didn't say "write", I said "replace". E.g.: Script started on Tue Mar 16 15:39:17 1999 sh-2.00$ ls -la total 40 drwxr-xr-x2 de5 user 40 Mar 16 15:39 . drwxr-xr-x 54 de5 user 20480 Mar 16 15:37 .. -r--r--r--1 root sys0 Mar 16 15:38 bar -rw-r--r--1 de5 user 0 Mar 16 15:39 typescript sh-2.00$ cat bar sh-2.00$ echo foobar sh: bar: Permission denied sh-2.00$ rm bar bar: 444 mode. Remove ? (yes/no)[no] : y sh-2.00$ ls -la total 40 drwxr-xr-x2 de5 user 28 Mar 16 15:39 . drwxr-xr-x 54 de5 user 20480 Mar 16 15:37 .. -rw-r--r--1 de5 user 0 Mar 16 15:39 typescript sh-2.00$ exit script done on Tue Mar 16 15:39:53 1999 I know my UNIX quite well, thank you.. It's obvious that you can remove directory-entries owned by anyone, in a directory owned by you. That has nothing to do with the suggestion though, that the _home-directory_ of the user should be owned by root. Perhaps you thought it was Maildir which should be owned by root?.. -Dave
Relaying problem (new approach)
Sorry about asking my question again. This time I try really hard to explain the case. I thought my question was trivial, and the answer too. (It must be). I run a mail relay for an ISP. A customer says: "Can we use your mail relay as a secondary MX?" I say: "Okay, just give me at list of the domain names we should accept mail for". I put this list into control/rcpthosts on mail.isp.dk (name not real) and get mail.isp.dk added as a lower precedence MX in my customer's zone files. That should be enough, right? Nothing more necessary. The problem. I have, too many times, seen mail.isp.dk reject mail to my customers domains with the following error: "Sorry. Although I'm listed as a best-preference MX or A for that host," "it isn't in my control/locals file, so I don't treat it as local. (#5.4.6)" The error message above contains two statements: My customers domain names are not in control/locals. That is true. Our mail relay is listed as the best-preference MX. That is wrong. I cannot imagine that DNS can claim our mail server to be the best MX for our costomer's domain, which it is not, and never has been. DNS says (made up names): customer.dk. --- customer's zone IN MX 10 mail.customer.dk. -- customer's server IN MX 20 mail.isp.dk. --- Our server To "fix" the reject problem I always make entries for my customers domains into control/smtproutes, pointing to their best preference MX host. It works, but I can't believe that hardcoding the best MX is the way to do it. Testing is difficult because I can only send mail from our networks, so rcpthosts is never consulted. Testing from outside is possible using telnet, but I don't have a shell account on the outside. -- Med venlig hilsen / Regards Netdriftgruppen / Network Management Group UNI-C Tlf./Phone +45 35 87 89 41Mail: UNI-C Fax. +45 35 87 89 90 Bygning 304 E-mail: [EMAIL PROTECTED] DK-2800 Lyngby
Re: dot-qmail security
Joel Eriksson [EMAIL PROTECTED] wrote: That has nothing to do with the suggestion though, that the _home-directory_ of the user should be owned by root. Perhaps you thought it was Maildir which should be owned by root?.. No, I thought the assertion was that making .qmail files owned by root made them tamper-proof. -Dave
Re: ETRN, qmail-1.03 and etrn patch v0.1f
On Thu, Mar 18, 1999 at 12:10:31PM +, Petr Novotny wrote: That's one part of the truth. The rest is that for maildir/maildir2smtp you need to know _in advance_ for which domains you have this feature. ETRN is much more democratic - every domain for which you have the mail in queue can ask you to deliver it now. With qmail's model, this can be a problem. If you are already delivering messages at full concurrency, and then 3 or 4 domains send ETRNs around the same time, they will be starved. qmail may not finish up existing deliveries for quite a while, and these domains will have to wait until then. That's why I maintain that ETRN in qmail is not the best way. AutoTURN is much better, because each client gets their own process to send them email, and the serialization isn't so bad, because modem connections are slow anyway. Using maildirs gives many advantages too, like control over size and filtering messages at the ISP to save downstream sites from unwanted messages, especially for sites that have to pay for connect time and volume. -- System Administrator See complete headers for address, homepage and phone numbers
Re: Relaying problem (new approach)
On Thu, Mar 18, 1999 at 01:27:09PM +0100, Harald Hanche-Olsen wrote: - torben fjerdingstad [EMAIL PROTECTED]: | The problem. | I have, too many times, seen mail.isp.dk reject mail to | my customers domains with the following error: | | "Sorry. Although I'm listed as a best-preference MX or A for that host," | "it isn't in my control/locals file, so I don't treat it as local. (#5.4.6)" | | The error message above contains two statements: | My customers domain names are not in control/locals. That is true. | Our mail relay is listed as the best-preference MX. That is wrong. Have you tried running dnsmxip (in the qmail source directory) against the customer's domain? No. I had not noticed that utility. I used nslookup -q=mx domain which appears to be equivalent. | I cannot imagine that DNS can claim our mail server to be the best | MX for our costomer's domain, which it is not, and never has been. Do you control the authoritative DNS server for the customer's domain yourself? Could it be that someone occasionally screws up the name server, actually rendering your server the best MX? Apart from that, and the possibility that you have a buggy name server around, I see no reason why you should get the behaviour you describe. No. In the cases I remember DNS was delegated to the customer's name server. I run the ISP's nameserver so I am used to check DNS. I could not find any error in DNS for the customer's domains. | DNS says (made up names): | | customer.dk. --- customer's zone | IN MX 10 mail.customer.dk. -- customer's server | IN MX 20 mail.isp.dk. --- Our server As it should be. | Testing is difficult because I can only send mail from our networks, | so rcpthosts is never consulted. Testing from outside is possible | using telnet, but I don't have a shell account on the outside. Like I indicated, there is always dnsmxip. And you can telnet directly to your server's SMTP port and try a few mail from: and rcpt to: commands. Hmmm.. you are right. Right now it seems to work as it should without a rule in smtproutes. I think I will try to remove some more of those smtproutes and wait to see what happens. Strange. I have seen my problem for at least 3 quite differens receipient domains, where DNS looked fine. There might have been a transient DNS error, but that should not give a hard error, I think. Thanks. -- Med venlig hilsen / Regards Netdriftgruppen / Network Management Group UNI-C Tlf./Phone +45 35 87 89 41Mail: UNI-C Fax. +45 35 87 89 90 Bygning 304 E-mail: [EMAIL PROTECTED] DK-2800 Lyngby
Re: Relaying problem (new approach)
From: torben fjerdingstad [EMAIL PROTECTED] Date: Thu, 18 Mar 1999 15:47:50 +0100 No. In the cases I remember DNS was delegated to the customer's name server. I run the ISP's nameserver so I am used to check DNS. I could not find any error in DNS for the customer's domains. Is it possible that these were domains in which they had just added the MX and the old zone data was still cached in various places in the DNS, so your qmail didn't have access to the latest zone yet? You might need to flush the bind cache on your DNS server before things will work properly. Chris -- Chris Garrigues Deep Eddy Internet Consulting +1 512 432 4046 609 Deep Eddy AvenueO- http://www.DeepEddy.Com/~cwg/ Austin, TX 78703-4513 My email address is an experiment in SPAM elimination. For an explanation of what we're doing, see http://www.DeepEddy.Com/tms.html Nobody ever got fired for buying Microsoft, but they could get fired for relying on Microsoft. PGP signature
Re: Relaying problem (new approach)
On Thu, Mar 18, 1999 at 09:13:56AM -0600, Chris Garrigues wrote: From: torben fjerdingstad [EMAIL PROTECTED] Date: Thu, 18 Mar 1999 15:47:50 +0100 No. In the cases I remember DNS was delegated to the customer's name server. I run the ISP's nameserver so I am used to check DNS. I could not find any error in DNS for the customer's domains. Is it possible that these were domains in which they had just added the MX and the old zone data was still cached in various places in the DNS, so your qmail didn't have access to the latest zone yet? You might need to flush the bind cache on your DNS server before things will work properly. No. In the cases I remember, the MX had been set up for weeks before the problem popped up. I guess the primary MX host has not responded, so the mail got routed to our mail server which has a lower precedence, and therefore not normally gets mail for the customer. I think you can understand I get scared when our mail server rejects mail for our customers with a fatal error message. DNS errors may be the explanation, but DNS was fine at the times I checked it. It has been helpful to me to get confirmed that the customer's domain names belong in control/rcpthosts only, in my setup. -- Med venlig hilsen / Regards Netdriftgruppen / Network Management Group UNI-C Tlf./Phone +45 35 87 89 41Mail: UNI-C Fax. +45 35 87 89 90 Bygning 304 E-mail: [EMAIL PROTECTED] DK-2800 Lyngby
Re: Relaying problem (new approach)
- "Chris Garrigues" [EMAIL PROTECTED]: | Is it possible that these were domains in which they had just added | the MX and the old zone data was still cached in various places in | the DNS, so your qmail didn't have access to the latest zone yet? But then his server would not even be aware that it was an MX for the domain in question, so the problem simply would not arise. - torben fjerdingstad [EMAIL PROTECTED]: | I cannot imagine that DNS can claim our mail server to be the best | MX for our costomer's domain, which it is not, and never has been. ** - Harald
Re: ETRN, qmail-1.03 and etrn patch v0.1f
Hello, Is it possible to setup AutoTURN so that the user doesn't have to have a static IP? So far that's the only downside I've seen. -j --- Robert J. Adams [EMAIL PROTECTED] http://www.siscom.net Looking to outsource news? http://www.newshosting.com SISCOM Network Administration - President, SISCOM Inc. Phone: 937-222-8150 FAX: 937-222-8153 -Original Message- From: Anand Buddhdev [EMAIL PROTECTED] To: Petr Novotny [EMAIL PROTECTED] Cc: Van Liedekerke Franky [EMAIL PROTECTED]; [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Thursday, March 18, 1999 8:53 AM Subject: Re: ETRN, qmail-1.03 and etrn patch v0.1f On Thu, Mar 18, 1999 at 12:10:31PM +, Petr Novotny wrote: That's one part of the truth. The rest is that for maildir/maildir2smtp you need to know _in advance_ for which domains you have this feature. ETRN is much more democratic - every domain for which you have the mail in queue can ask you to deliver it now. With qmail's model, this can be a problem. If you are already delivering messages at full concurrency, and then 3 or 4 domains send ETRNs around the same time, they will be starved. qmail may not finish up existing deliveries for quite a while, and these domains will have to wait until then. That's why I maintain that ETRN in qmail is not the best way. AutoTURN is much better, because each client gets their own process to send them email, and the serialization isn't so bad, because modem connections are slow anyway. Using maildirs gives many advantages too, like control over size and filtering messages at the ISP to save downstream sites from unwanted messages, especially for sites that have to pay for connect time and volume. -- System Administrator See complete headers for address, homepage and phone numbers
Strange Bounce
This is one of the stranger bounces I've seen. Has anyone seen something similar? Remote host said: 500 Session already established. The domain name [sol.acs.uwosh.edu] passed in with HELO will be ignored. The current domain name of sending SMTP is [mlwkwi-ns1.usxc.net]. -- Chuck Milam I.T. Division - Academic Computing [EMAIL PROTECTED] University of Wisconsin at Oshkosh
Connection closed on qmail-smtpd using tcp-env
I'm getting a connection closed when I telnet from the localhost to port 25 after I install qmail using inetd and tcp-env. My conf lines are as follows. # inetd.conf line, split for sanity of this message. # smtp stream tcp nowait qmaild /usr/local/bin/tcpd /var/qmail/bin/tcp-env /var/qmail/bin/qmail-smtpd # # end # services # smtp25/tcp # # end # hosts.allow, this is the first line, I understand that tcpd goes in sequence. # tcp-env: 127.0.0.1 : setenv=RELAYCLIENT # # end If I take off the tcp-env and make use of the rcpthosts file and simply use the inetd.conf line from the INSTALL file, it works fine. But when I make use of tcpd, it pukes. Now my tcpd works fine, because I have many lines in my hosts.allow, and other services respond to it fine. Also my hosts.deny is set to ALL:ALL. Thanks. Reid Sutherland Network Administrator ISYS Technology Inc. http://www.isys.ca Fingerprint: 1683 001F A573 B6DF A074 0C96 DBE0 A070 28BE EEA5
Re: ETRN, qmail-1.03 and etrn patch v0.1f
Robert J. Adams writes: Hello, Is it possible to setup AutoTURN so that the user doesn't have to have a static IP? So far that's the only downside I've seen. Better to use Anand's turnmail script. http://www.qmail.org/turnmail. -- -russ nelson [EMAIL PROTECTED] http://crynwr.com/~nelson Crynwr supports Open Source(tm) Software| PGPok | There is good evidence 521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
Documentation
In order to never ask a cuestión like this again: were can I find documentation for qmail ? , the most easy readable there is is there some kind of tutorial anyware? Sorry, but the situation of sendmail in my server is critical, I have just instaled qmail and I need it up runing for yesterday. Thanks
Re: Relaying problem (new approach)
On Thu, 18 Mar 1999, torben fjerdingstad wrote: I put this list into control/rcpthosts on mail.isp.dk (name not real) and get mail.isp.dk added as a lower precedence MX in my customer's zone files. That should be enough, right? Nothing more necessary. The problem. I have, too many times, seen mail.isp.dk reject mail to my customers domains with the following error: "Sorry. Although I'm listed as a best-preference MX or A for that host," "it isn't in my control/locals file, so I don't treat it as local. (#5.4.6)" I might be wrong (I tend to muddle my way through problems), but just today I was adding another subdomain to handle mail for and I ran into the same error message. As far as I can tell (sorry, I don't have the FAQ memorized...yet), in addition to rcpthosts, you also have to have it in either locals (for local mail) or virtualdomains (for everything else). The only problem I see with having it as a virtualdomain is that 'how is the customer supposed to pick up his/her/its mail?' It won't be automatically sent out. A question about secondary MX's: How are they supposed to handle the mail they get? They can't immediately send it off, because the primary MX might be down. .Shawn
outgoing mail
Is there any way to cc: outgoing messages? We have an employee that we want to copy all of his incoming and outgoing messages to another userid. Is there a way to do that? Travis microserv
Qmail-Make Version 3.0 Build-Cfg version 2
Hey fellow Qmailers, I'm nearing completion with my Qmail-Make Build-Cfg scripts. These scripts fully automate the process of creating domains. They also have the power of converting Sendmail Aliases/Domain Listings with references to Passwd users in to complete qmail assigns password files. This script has been used to move several thousand accounts from a sendmail platform to qmail platform and is very much meant to automate this process. The scripts are still in beta but if you would like copies feel free to email me. Julian Brown Network Administrator [EMAIL PROTECTED]
Re: Documentation
Text written by Diego Puertas at 08:30 PM 3/18/99 +:
In order to never ask a cuestión like this again:
¡Hola a Venezuela de los EE.UU.! Trataré a contestar en español -- lo
estudié en liceo, por eso puede ser un poquito débil.
[Greetings to Venezuela from the U.S! I'm going to try to answer in Spanish
-- I learned it high school, so it may be a bit rusty.]
were can I find documentation for qmail ? , the most easy readable there
is
Hay un Proyecto por Documentación de Qmail al URL:
[There is the Qmail Documentation Project at the URL:]
http://qmail-docs.surfdirect.com.au/
Ese contiene los paginas manuales ("man pages") por qmail 1.03 y 1.01 en
formato HTML, y muchos "FAQs" que tratan de recibimiento virtual, la
retransmisión selectiva, y la registración.
[It contains the qmail man pages (for versions 1.03 and 1.01) in HTML
format, plus many FAQs on subjects like virtual hosting, selective
relaying, and logging.]
Tristamente, toda la documentación es en ingles.
[Sadly, all the documentation is in English.]
is there some kind of tutorial anyware?
Es lástima que no hay tutoriál electrónico por qmail (o si hay, no lo
conozco).
[Unfortunately, there are no qmail tutorials online (that I know of).]
Ojalá que mi español no sea tan malo como creo -- tuve que utilizar el
servicio de traducción de AltaVista para algunos términos técnicos, y esa
traducción puede ser totalmente incorrecta.
[I hope my Spanish isn't as awful as I think it is -- I had to use
AltaVista's translation service for some technical terms, and that
translation may be completely wrong.]
-
Kai MacTane
System Administrator
Online Partners.com, Inc.
-
From the Jargon File: (v4.0.0, 25 Jul 1996)
fix /n.,v./
What one does when a problem has been reported too many times to
be ignored.
Re: Documentation
Kai, i think you probably spent entirely too much time researching and
replying to this message =)
On Thu, 18 Mar 1999, Kai MacTane wrote:
-| Text written by Diego Puertas at 08:30 PM 3/18/99 +:
-| In order to never ask a cuestión like this again:
-|
-| ¡Hola a Venezuela de los EE.UU.! Trataré a contestar en español -- lo
-| estudié en liceo, por eso puede ser un poquito débil.
-|
-| [Greetings to Venezuela from the U.S! I'm going to try to answer in Spanish
-| -- I learned it high school, so it may be a bit rusty.]
-|
-| were can I find documentation for qmail ? , the most easy readable there
-| is
-|
-| Hay un Proyecto por Documentación de Qmail al URL:
-| [There is the Qmail Documentation Project at the URL:]
-|
-| http://qmail-docs.surfdirect.com.au/
-|
-| Ese contiene los paginas manuales ("man pages") por qmail 1.03 y 1.01 en
-| formato HTML, y muchos "FAQs" que tratan de recibimiento virtual, la
-| retransmisión selectiva, y la registración.
-|
-| [It contains the qmail man pages (for versions 1.03 and 1.01) in HTML
-| format, plus many FAQs on subjects like virtual hosting, selective
-| relaying, and logging.]
-|
-| Tristamente, toda la documentación es en ingles.
-| [Sadly, all the documentation is in English.]
-|
-| is there some kind of tutorial anyware?
-|
-| Es lástima que no hay tutoriál electrónico por qmail (o si hay, no lo
-| conozco).
-|
-| [Unfortunately, there are no qmail tutorials online (that I know of).]
-|
-| Ojalá que mi español no sea tan malo como creo -- tuve que utilizar el
-| servicio de traducción de AltaVista para algunos términos técnicos, y esa
-| traducción puede ser totalmente incorrecta.
-|
-| [I hope my Spanish isn't as awful as I think it is -- I had to use
-| AltaVista's translation service for some technical terms, and that
-| translation may be completely wrong.]
-|
-| -
-| Kai MacTane
-| System Administrator
-| Online Partners.com, Inc.
-| -
-| From the Jargon File: (v4.0.0, 25 Jul 1996)
-|
-| fix /n.,v./
-|
-| What one does when a problem has been reported too many times to
-| be ignored.
-|
-|
___ _ __ _
__ /___ ___ /__ John Gonzalez/Net.Tech
__ __ \ __ \ __/_ __ `__ \/ __ /_ ___/ MDC Computers/netMDC!
_ / / / `__/ /_ / / / / / / /_/ / / /__ (505)437-7600/fax-437-3052
/_/ /_/\___/\__/ /_/ /_/ /_/\__,_/ \___/ http://www.netmdc.com
[-[system info]---]
6:30pm up 42 days, 1:10, 2 users, load average: 0.00, 0.05, 0.07
Re: NIS and qmail: solved
On Fri, Mar 19, 1999 at 03:28:11AM +0300, [EMAIL PROTECTED] wrote:
I thought it could be intresting for smd. to read about how it is possible to
make qmail work on a pop3 toaster were all users have no homedirs (well the
homedir is set to /tmp for everybody), and with NIS on:
1) ypcat -k passwd passwd
2) awk '{$1="";print}' passwd passwd_
(thanx to Mate Wierdl [EMAIL PROTECTED] for that one)
2) sed -e 's/ //g' passwd_ passwd__
3) /var/qmail/bin/qmail-pw2u -H passwd__ /var/qmail/users/assign
4) /var/qmail/bin/qmail-newu
(thanx to Peter van Dijk for pointing me to FAQ (% )
okay, that is rather ugly ... but all works fine.
hardly.. this is the recommended solution I think...
no qmail patching was needed ... as usual.
:)
On Thu, Mar 18, 1999 at 01:00:22AM +0100, Peter van Dijk wrote:
[ssnip]
Read FAQ 4.9
Well what can I say.. short hints rule :)
Greetz, Peter.
--
.| Peter van Dijk | mo|VERWEG stoned worden of coden
.| [EMAIL PROTECTED] | mo|VERWEG dat is de levensvraag
| mo|VERWEG coden of stoned worden
| mo|VERWEG stonend worden En coden
| mo|VERWEG hmm
| mo|VERWEG dan maar stoned worden en slashdot lezen:)
Re: Documentation
Text written by John Gonzalez/netMDC admin at 06:34 PM 3/18/99 -0700: Kai, i think you probably spent entirely too much time researching and replying to this message =) grin The research wasn't that much trouble -- I already have the QDP bookmarked. The reply was a bit of an effort, but it beats letting my Spanish atrophy completely. - Kai MacTane System Administrator Online Partners.com, Inc. - From the Jargon File: (v4.0.0, 25 Jul 1996) crawling horror /n./ Ancient crufty hardware or software that is kept obstinately alive by forces beyond the control of the hackers at a site. Like dusty deck or gonkulator, but connotes that the thing described is not just an irritation but an active menace to health and sanity.
Re: splogger replacement?
On Thu, Mar 18, 1999 at 02:10:13AM -, John Conover wrote: The syslog on my machine takes more resources than qmail in: exec env - PATH="/var/qmail/bin:$PATH" qmail-start ./Mailbox splogger qmail Is there a replacement for splogger that will log qmail's activity into its own log so that I won't have to use syslog? I also use tcpserver instead of inetd, and would like to log activity on those ports, too. You could try my qfilelog, a fairly trivial non-rotating file logger, available at: http://www.qcc.sk.ca/~bguenter/distrib/qlogtools/ -- Bruce Guenter, QCC Communications Corp. EMail: [EMAIL PROTECTED] Phone: (306)249-0220 WWW: http://www.qcc.sk.ca/~bguenter/
qmail Digest 18 Mar 1999 11:00:01 -0000 Issue 583
qmail Digest 18 Mar 1999 11:00:01 - Issue 583
Topics (messages 23053 through 23093):
NIS and qmail
23053 by: [EMAIL PROTECTED]
23068 by: Mark Delany [EMAIL PROTECTED]
probleet with qmail and defunc processes
23054 by: Franky Van Liedekerke [EMAIL PROTECTED]
23055 by: Harald Hanche-Olsen [EMAIL PROTECTED]
Relaying problem (kind of)
23056 by: torben fjerdingstad [EMAIL PROTECTED]
23058 by: Anand Buddhdev [EMAIL PROTECTED]
23060 by: torben fjerdingstad [EMAIL PROTECTED]
again NIS and qmail: refined question
23057 by: [EMAIL PROTECTED]
23090 by: Peter van Dijk [EMAIL PROTECTED]
keeping users from running shells
23059 by: Jeff Hayward [EMAIL PROTECTED]
23066 by: Mark Delany [EMAIL PROTECTED]
Virtual Domains.
23061 by: "Daniel V. Pedersen" [EMAIL PROTECTED]
23069 by: Mark Delany [EMAIL PROTECTED]
delivery errors?
23062 by: Samuel Dries-Daffner [EMAIL PROTECTED]
23063 by: "Sam" [EMAIL PROTECTED]
23064 by: Samuel Dries-Daffner [EMAIL PROTECTED]
23065 by: Mark Delany [EMAIL PROTECTED]
23067 by: "Wil Boucher" [EMAIL PROTECTED]
23070 by: Mark Delany [EMAIL PROTECTED]
ETRN, qmail-1.03 and etrn patch v0.1f
23071 by: Andrew Spencer [EMAIL PROTECTED]
23073 by: Andrew Spencer [EMAIL PROTECTED]
23093 by: Van Liedekerke Franky [EMAIL PROTECTED]
e-mail hanging ... at 12:00 - 1:30
23072 by: "t" [EMAIL PROTECTED]
Problems starting qmail
23074 by: Ernesto Miranda [EMAIL PROTECTED]
23075 by: Peter van Dijk [EMAIL PROTECTED]
Rcpthosts
23076 by: Michael Bryan [EMAIL PROTECTED]
23077 by: "Sam" [EMAIL PROTECTED]
23078 by: Michael Bryan [EMAIL PROTECTED]
23079 by: "Sam" [EMAIL PROTECTED]
Unusual Delivery Problem
23080 by: "Aaron L. Meehan" [EMAIL PROTECTED]
ezmlm and "delay notifies" (was: Re: mini-bounce)
23081 by: Tim Pierce [EMAIL PROTECTED]
23082 by: "Greg Owen {gowen}" [EMAIL PROTECTED]
splogger replacement?
23083 by: John Conover [EMAIL PROTECTED]
23085 by: Stefan Paletta [EMAIL PROTECTED]
Mails that refused to be dequeued
23084 by: Operations [EMAIL PROTECTED]
qmail, DNS, and relaying for a hidden host
23086 by: "Greg Owen {gowen}" [EMAIL PROTECTED]
23087 by: "Greg Owen {gowen}" [EMAIL PROTECTED]
23089 by: "Timothy L. Mayo" [EMAIL PROTECTED]
23092 by: Robin Bowes [EMAIL PROTECTED]
Bounces off of incorrect smtproutes
23088 by: "Greg Owen {gowen}" [EMAIL PROTECTED]
dot-qmail security
23091 by: Joel Eriksson [EMAIL PROTECTED]
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To bug my human owner, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
--
Hi,
I can`t make qmail deliver mail on a box that is NIS base (users have only
pop3 accounts there and no homedirs)
qmail keeps loggin infamous #5.1.1 mistake ...
any ideas about what I could have messed up?
Pashah
--
http://www.spb.sitek.net/~pashah/public-key-0x97739141.pgp
At 02:15 PM 3/17/99 +0300, [EMAIL PROTECTED] wrote:
Hi,
I can`t make qmail deliver mail on a box that is NIS base (users have only
pop3 accounts there and no homedirs)
qmail keeps loggin infamous #5.1.1 mistake ...
Might be helpful if you actually give us the full log extracts rather than
paraphrasing them...
On what basis did you set up these "pop3 accounts" within NIS+ and on what
basis have you got qmail set up to find these mailboxes?
Regards.
Hi,
I'm seeing a lot of zombies in my process list (qmail 1.03 with anti
spam from Sam). Is this a known problem or do I need some patch? Or do
they time out?
8 Z qmailq 549 546 0
0 0:00 defunct
8 Z qmailq 2288 2284 0
0 0:00 defunct
8 Z qmailq 28210 28207 0
0 0:00 defunct
8 Z qmailq 2473 2469 0
0 0:00 defunct
8 Z qmailq 27260 27256 0
0 0:00 defunct
8 Z qmailq 26578 26574 0
0 0:00 defunct
8 Z qmailq 852 849 0
0 0:00 defunct
- Franky Van Liedekerke [EMAIL PROTECTED]:
| I'm seeing a lot of zombies in my process list (qmail 1.03 with anti
| spam from Sam). Is this a known problem or do I need some patch? Or do
| they time out?
Zombies are processes whose parents have not waited for them. They
never time out. The stay until the parent wait()s, or the parent
exits without waiting, in which case the init process takes over
