problems sending local email with qmail

[Eric Lalonde]

I am trying to set up qmail on the network twilight.daylightfading.org.
I am at the point in the INSTALL files where I am trying to send an email to
myself via qmail-inject. However, this is failing.
When I try
echo to: Mason | /var/qmail/bin/qmail-inject
the following error lines appear in /var/log/maillog:

Jan 22 21:53:59 twilight qmail: 948606839.260998 new msg 198762
Jan 22 21:53:59 twilight qmail: 948606839.263002 info msg 198762: bytes 811
from <> qp 3236 uid 517
Jan 22 21:53:59 twilight qmail: 948606839.267310 starting delivery 27: msg
198762 to local [EMAIL PROTECTED]
Jan 22 21:53:59 twilight qmail: 948606839.268783 status: local 1/10 remote
0/20
Jan 22 21:53:59 twilight qmail: 948606839.297786 delivery 27: failure:
Sorry,_no_mailbox_here_by_that_name._(#5.1.1)/
Jan 22 21:53:59 twilight qmail: 948606839.300358 status: local 0/10 remote
0/20
Jan 22 21:53:59 twilight qmail: 948606839.314548 bounce msg 198762 qp 3239
Jan 22 21:53:59 twilight qmail: 948606839.315908 end msg 198762

Qmail then bounces the email to the postmaster. I see it says that there is
no mailbox here by that name, however, that should not be the case, as I am
logged into the user as Mason at the time of mail attempt.
If anyone has any idea of what I have neglected to do, or what I have done
wrong, please let me know.

Eric

Re: High-load servers

[Mark Delany]

On Sun, Jan 23, 2000 at 01:57:58AM +0100, Ruben van der Leij wrote:
> On Sat, Jan 22, 2000 at 04:36:21PM -0800, Mark Delany wrote:
> 
> > One NetApp (regardless of how huge and regardless of how expensive)
> > means one point of failure, does it not?
> 
> Yup. You do have a bunch of uplinks, leaving the building through separate
> conduits, multiple power-supplies and backup-generators, and preferably a
> second facility in another city? (In case of a meteor-hit.)

That's getting carried away actually. If you have a remote facility and a means
of automated cutover, perhaps via DNS, then unit redundancy isn't necessary.


Regards.

Re: defer pop sessions

[Russell Nelson]

Michael N. Boyiazis writes:
 > If that is not possible, I have also played w/ checkpassword so
 > that it sets an environment variable telling to look or not look 
 > for mail.

If the user's Maildir is not available, have the checkpassword switch
to a "nomailbox" user whose Maildir is always empty.

-- 
-russ nelson <[EMAIL PROTECTED]>  http://russnelson.com
Crynwr sells support for free software  | PGPok | "Ask not what your country
521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   | do for you..."  -Perry M.

Re: SMTP AUTH - was: High-load servers...

[cmikk]

On Sat, 22 Jan 2000 18:57:10 +0100 , listy-dyskusyjne Krzysztof Dabrowski writes:
> 
> >relaying.  What control mechanism are you using?  SMTP after POP is pretty
> >easy, and I think there's stuff already on the qmail web site implementing
> >it.
> 
> There is atleast one smtp client from redmond that never does POP before 
> SMTP if there is something to send prefering to do POP after SMTP :).
> Because of that we (large ISP with roaming customers) can not use it.

Actually, we (a large ISP with roaming customers)
do just fine -- we just make it clear when you sign
up that you must POP before sending mail, unless
you are using one of our dial-ups.

> The right thing is to use SMTP AUTH but the only patch available leaves 
> much  things to improve.
> POP before smtp also stinks because you have to recreate an "allowed IP's 
> list" after every POP connection and this also is performace killer.

Not necessarily: I hacked open-smtp to touch a
(per-IP) file whenever someone authed from a roaming
IP.  I then placed an extra command in the qmail-smtpd
pipeline that would check the timestamp on this
file, and if it was "young" enough, set RELAYCLIENT.

So far, no performance problems -- and it even works
on clusters of mail relays, if you share the set of
files via NFS.

-- 
Chris Mikkelson  | Setting delivery schedules is easy enough using the
[EMAIL PROTECTED] | I Ching, astrology, psychic hotlines, or any of the 
 | well-known scatomantic and necromantic methodologies.
 | Meeting your prophetic deadlines, though, is another
 | bowl of entrails.   -- Stan Kelly-Bootle

[Announce] oMail 0.2 - Initial Public Release

[Olivier M.]

   oMail 0.2
   -
   A PHP/perl based qmail+vmailmgrd Maildomain Administration Web interface

   oMail is a web front end to qmail/vmailmgrd. It can be used by domain
   owners to easily administer their mail accounts without bothering the
   sysadmin. Working features: manage mailboxes (pop3) and aliases,
   change passwords, support for french, englich and german. Planed
   features: autoresponder support, single user administration interface,
   webmail.

   URLs:
   Download: ftp://omail.omnis.ch/omail/omail-0.2.tar.gz 
   Homepage: ftp://omail.omnis.ch/omail/ 
   Changelog: ftp://omail.omnis.ch/omail/omail/ChangeLog 

   Please note that it is currently Alpha-state software.

   There are some screenshots available under 
 ftp://omail.omnis.ch/omail/screenshots/


Enjoy! Comments are of course welcome!
Olivier

defer pop sessions

[Michael N. Boyiazis]

Greetings,
   Using Russell's suggestion, I am able to defer mail to certain
users using our hacked qmail-getpw...

I'd like to do the same w/ people POP'ing mail.  We have a script
which gives the impression of no mail, but that replaces everything
after pop3 on the tcpserver line for when we want to do it for all 
users (and seems to run as root?).

The problem is I don't know until after qmail-popup which user
is checking mail.  So if I could avoid checkpassword for the
affected users (after reading a control file) and just return 
"no mail", that would be great, while the rest I'd send through
checkpassword and on to qmail-pop3d w/o delay.  

If that is not possible, I have also played w/ checkpassword so
that it sets an environment variable telling to look or not look 
for mail.  So a script after checkpassword might work too.  I'm 
able to get the env var into a script, but telling some users
they have no mail has been elusive.

We have our maildir's owned by mailq and grab our password info
from a database.  User directories are located w/ a hash algorithm.

Any suggestions?
Thanks,
-- 
mike b. ---
[EMAIL PROTECTED]http://home.sprynet.com/~boyiazis/mikehome.htm
"I propose we leave math to the machines and go play outside."  Calvin
---
__
NetZero - Defenders of the Free World
Get your FREE Internet Access and Email at
http://www.netzero.net/download/index.html

Sorry To All of you !!!! (about My sister...)

[bossman]

Sorry about my post to your newsgroup. It was meant to be posted in
dk.binaer.erotik. Once again sorry for the inconvience 

Re: High-load servers

[Mark Delany]

One NetApp (regardless of how huge and regardless of how expensive)
means one point of failure, does it not?


Regards.


On Sat, Jan 22, 2000 at 12:05:48PM +0100, Guan Yang wrote:

> An crazy idea for infinite scalability and n-1 redundancy:
> 
> 1. A rackful of SMTP servers, running mini-qmail and qmail-qmqpc, behind
> pickdns.
> 
> 2. A small amount of qmail servers running qmail and qmail-qpqpd.
> 
> 3. A huge, expensive NetApp.
> 
> 4. A rackful of POP3 servers, running only qmail-pop3d, behind pickdns.
> 
> 5. A rackful of SqWebMail servers, behind pickdns.
> 
> 6. A small amount of replicated MySQL servers running authentication.
> 
> 
> Are there any problems with such an arrangement? Is it scalable? Is it
> overkill for ~1 million users?
> -- 
> Ideas don't stay in some minds very long because they don't like
> solitary confinement.

She deserves 18 e-mails from each of us

[Gregory J. Forkin]

I don't usually chime in, but I agree with Mark. Since this is an email 
sotware list, I think that we should teach people like hotmail a lesson 
about prudent use of email and accounts.

This might also be a good test of the their email server.

Re: My sister, who just turned 18 is looking for work...

[Mark Elliott]

WHAT THE HELL IS THIS?  IF YOU HAPPENED TO READ THE NAME OF THE NEWSGROUP,
YOU MIGHT NOTICE IT'S NOT ONE OF YOUR PORN GROUPS!!!  DO NOT POST HERE!

I believe I speak for everyone.

- Original Message -
From: "bossman" <[EMAIL PROTECTED]>
Newsgroups: sunsite.mail.qmail
To: <[EMAIL PROTECTED]>
Sent: Saturday, January 22, 2000 2:55 PM
Subject: My sister, who just turned 18 is looking for work...


> My sister, who just turned 18 is looking for work...
> she says she wants to be in movies(XXX) What do you think?
>
> http://www.exit69.com/members/cum/mysister.htm
>

Re: The perennial Maildir question, perhaps with a new twist

[Stig Sandbeck Mathisen]

* Steve Wolfe (Sat, Jan 22, 2000 at 02:12:04PM -0700)

> both users have ~/Maildir, ~/Maildir/new, ~/Maildir/current, and
> ~/Maildir/tmp.  All are 0700, and owned by {username}.users
> 
> 
> What should I be looking for?

It should be:

# Make a maildir.
ssm@hastur: ssm $/var/qmail/bin/maildirmake Maildir

Check permissions
ssm@hastur: ssm $find Maildir/ -ls
2150901 drwx--   5 ssm  ssm  1024 Jan 22 23:56 Maildir/
2150991 drwx--   2 ssm  ssm  1024 Jan 22 23:56 Maildir/tmp
2151011 drwx--   2 ssm  ssm  1024 Jan 22 23:56 Maildir/new
2151021 drwx--   2 ssm  ssm  1024 Jan 22 23:56 Maildir/cur


And it is "cur", not "current".

-- 
 SSM - Stig Sandbeck Mathisen
  Trust the Computer, the Computer is your Friend

My sister, who just turned 18 is looking for work...

[bossman]

My sister, who just turned 18 is looking for work...
she says she wants to be in movies(XXX) What do you think?

http://www.exit69.com/members/cum/mysister.htm

Getting error from qmail

[Patterner]

Hi allwell, I *had* everything working smoothly, but I went and loused it
up and now I'm having some troubles with qmail again.  Here's what I get:
alert: cannot start: unable to switch to queue directory.

I've looked through the archives, and I checked the permissions on the queue
directory and they're
drwxr-x---  11  qmailqqmail
Which seems to be correctAnyone have any other ideas?

chris

__
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com

Re: SMTP AUTH - was: High-load servers...

[listy-dyskusyjne Krzysztof Dabrowski]

At 20:29 2000-01-22 , Sam wrote:
>On Sat, 22 Jan 2000, listy-dyskusyjne Krzysztof Dabrowski wrote:
>
> > Actualy i'll be paid to enhance the SMTP AUTH patch to support more
> > authentication types so you can expect it next month if time permits.
>
>I'm curious - what mail client out there is capable of using anything
>besides LOGIN?  Is there anything out there that can AUTH itself with
>CRAM-MD5?

f.e. latest Eudora (4.2.)
Also Netscape has switched the auth type i don't remember the name but 
between 4.0 and 4.7 there were 2 different types of auth around.
Also Outlook expres suports 2 differenty types i.e. 4.0 don't work with 
qmail-smtp-auth patch while 5.0 does.
The Bat works.

I don't know what exact method each app uses but i have tested the all as a 
part of my job.

> > BTW: Has anybody hacked on SMTH AUTH??
>
>Yes, but not with Qmail.  Hence my interest.

Do you have any code ready? we can icorporate this into existing 
qmail-smtp-auth patch to get it to work with all client. Note that Cram-md5 
will require us to store passwords in separate format (md5 or clear) not it 
DES as usual.

Kris

The perennial Maildir question, perhaps with a new twist

[Steve Wolfe]

  I'm sure that this question is sure to be glossed over, because it's about
the "unable to scan $HOME/Maildir" - but this is weird, at least to me.

I have one address (We'll call it "A") that I can pop in and check email
for on the real domain (codon.com), and I can pop in and check email for any
user on virtual domains using vchkpwd.  However, other than "A", I cannot
get pop mail for any other user of the principle domain, with the error
message "Unable to scan $Home/Maildir".

  I can't find any differences in the setup for the different users. Here's
the line I'm using to start the pop3 daemon...

env - PATH="/var/qmail/bin:/usr/local/bin" tcpserver 0 pop-3 \
/var/qmail/bin/qmail-popup codon.com /virtuals/mail/bin/vchkpw \
/var/qmail/bin/qmail-pop3d Maildir

  More info:
---
Home dirs:
# grep A /etc/passwd
A:x:500:100:Steve Wolfe:/home/A:/bin/bash

# grep B /etc/passwd
B:x:509:100::/home/B:/bin/bash

Both home directories are correct.
-
Maildir:

both users have ~/Maildir, ~/Maildir/new, ~/Maildir/current, and
~/Maildir/tmp.  All are 0700, and owned by {username}.users


What should I be looking for?

steve

Re: High-load servers...

[Timothy L. Mayo]

On Sat, 22 Jan 2000, Michael Boman wrote:

> Can any of this qmail-queue wrappers be done so the queue is stored on a
> Network (shared) drive, so each server in a cluster of servers can take
> any of the messages is the queue and send it?
> 
> Please advice
>  Michael Boman

No, because qmail-queue is NOT the program that maintains the queue.
qmail-send keeps the current state of the queue in memory with the actual
contents residing on disk.  qmail-queue simply inserts the message into
the queue and tells qmail-send that it just added a message to the queue.
Nothing more.

-
Timothy L. Mayo mailto:[EMAIL PROTECTED]
Senior Systems Administrator
localconnect(sm)
http://www.localconnect.net/

The National Business Network Inc.  http://www.nb.net/
One Monroeville Center, Suite 850
Monroeville, PA  15146
(412) 810- Phone
(412) 810-8886 Fax

Re: SMTP AUTH - was: High-load servers...

[listy-dyskusyjne Krzysztof Dabrowski]

At 19:09 2000-01-22 , Guan Yang wrote:
>listy-dyskusyjne Krzysztof Dabrowski wrote:
> > Actualy i'll be paid to enhance the SMTP AUTH patch to support more
> > authentication types so you can expect it next month if time permits.
>
>I thought the SMTP AUTH patch used checkpassword, so you could use any
>checkpassword otherwise supported by qmail-pop3d.

I'm not sure about that. I mean, i'm sure that it uses checkpassword but 
i'm not sure it can be used that way because various smtp authentication 
uses various greetings messages and handshake. it's not only a matter of 
obfuscating password in this way or another. as far as i know check 
password accepts user and password and return true or false on verification.

If i'm wrong then it's better for us :)

Kris

Re: APOP

[Magnus Bodin]

On Sat, Jan 22, 2000 at 05:55:26PM +0100, J.M. Roth iip" wrote:
> ok thanks wow
> 
> what i was in fact wondering about
> does it run on the same port than pop3 (110) ?

yes.

> does the normal POP3 authentication still work or will only the APOP thing
> work after I created a user with the -a flag
> how do I recognize in fact (from the .vpasswd file or similar) which user
> has APOP enabled?

I pass on this question. It seems however that vpopmail's function pw_comp supports
for a "type" which will allow user/pass and APOP to live together or
be exclusively used. But unfortunately vadduser doesn't let you to set this type
to the values 0, 1 or 2 so I don't really understand how this is supposed to
be managed. Via qmailadmin?


Snippet from vpopmail.c: (3.4.11j)
/* Type can be: 0 -- try both APOP and user/passwd
1 -- user/passwd only
2 -- only do an APOP check
   If only APOP or PASSWD auth is compiled in (ie, not both), then the
   type field is ignored.
*/

/magnus

--
http://x42.com/

Re: Help,-ERR this user has no $HOME/Maildir?

[J.M. Roth \(iip\)]

try $HOSTNAME instead of $HOST

the command SET gives you a list of the environment

-- jmr
- Original Message - 
From: "Tetsu Ushijima" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, January 22, 2000 6:15 PM
Subject: Re: Help,-ERR this user has no $HOME/Maildir?


> michael writes:
> > +OK <2123.948385520@/bin/checkpassword>
> 
> Note that qmail-popup presents ``/bin/checkpassword'' as the
> domain part of the timestamp in this banner.
> 
> > qmail-popup $HOST $CHKPASS $COMMAND Maildir \
> 
> So it's likely that $HOST is not set.
> 
> -- 
> Tetsu Ushijima
> 

Re: Help,-ERR this user has no $HOME/Maildir?

[Tetsu Ushijima]

michael writes:
> +OK <2123.948385520@/bin/checkpassword>

Note that qmail-popup presents ``/bin/checkpassword'' as the
domain part of the timestamp in this banner.

> qmail-popup $HOST $CHKPASS $COMMAND Maildir \

So it's likely that $HOST is not set.

-- 
Tetsu Ushijima

SMTP AUTH - was: High-load servers...

[listy-dyskusyjne Krzysztof Dabrowski]

>relaying.  What control mechanism are you using?  SMTP after POP is pretty
>easy, and I think there's stuff already on the qmail web site implementing
>it.

There is atleast one smtp client from redmond that never does POP before 
SMTP if there is something to send prefering to do POP after SMTP :).
Because of that we (large ISP with roaming customers) can not use it.
The right thing is to use SMTP AUTH but the only patch available leaves 
much  things to improve.
POP before smtp also stinks because you have to recreate an "allowed IP's 
list" after every POP connection and this also is performace killer.
Actualy i'll be paid to enhance the SMTP AUTH patch to support more 
authentication types so you can expect it next month if time permits.

BTW: Has anybody hacked on SMTH AUTH??

Re: Web Mail Access

[J.M. Roth \(iip\)]

www.inter7.com/sqwebmail

-- jmr


- Original Message -
From: "Director tecnico del Nodo Nicarao -- Juan Navas"
<[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, January 22, 2000 6:40 PM
Subject: Web Mail Access


> Hi folks,
>
> I would like to know where can I find documentation on how to access a
> qmail user Mailbox (Read and send mail) from any browser (Netscape,
> Internet explorer, etc.) when they travel outside our country .
>
> I'm also looking for information that allow me to access ezmlm lists from
> a browser too.
>
> Juan Navas
> Nodo Nicarao
> Managua, Nicaragua
>
>

Web Mail Access

[Director tecnico del Nodo Nicarao -- Juan Navas]

Hi folks,

I would like to know where can I find documentation on how to access a
qmail user Mailbox (Read and send mail) from any browser (Netscape,
Internet explorer, etc.) when they travel outside our country .

I'm also looking for information that allow me to access ezmlm lists from
a browser too.

Juan Navas
Nodo Nicarao
Managua, Nicaragua

(no subject)

[ravivr]

SUBSCRIBE

Thanks,
RAVI.V.R

Re: APOP

[J.M. Roth \(iip\)]

ok thanks wow

what i was in fact wondering about
does it run on the same port than pop3 (110) ?
does the normal POP3 authentication still work or will only the APOP thing
work
after I created a user with the -a flag
how do I recognize in fact (from the .vpasswd file or similar) which user
has APOP enabled?

many thanks!!

-- jmr



- Original Message -
From: "Magnus Bodin" <[EMAIL PROTECTED]>
To: "J.M. Roth" <[EMAIL PROTECTED]>
Cc: "Juan E Suris" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; "VCHKPW
LIST" <[EMAIL PROTECTED]>
Sent: Saturday, January 22, 2000 5:34 PM
Subject: Re: APOP


> On Sat, Jan 22, 2000 at 10:29:31AM +0100, J.M. Roth wrote:
> > thanks, great!
> > how can I check with f.e. telnet if the APOP authentication is working?
>
> You must manually (preferable through a cmd line program) do the MD5
checksum
> computation as RFC1939  states on page 15.
>
> Commandline example:
>
> perl -MDigest::MD5(md5_hex) -le 'print
md5_hex(q(<[EMAIL PROTECTED]>tanstaaf))'
>
>
> /magnus
>
> --
> http://x42.com/
>

Re: APOP

[Magnus Bodin]

On Sat, Jan 22, 2000 at 10:29:31AM +0100, J.M. Roth wrote:
> thanks, great!
> how can I check with f.e. telnet if the APOP authentication is working?

You must manually (preferable through a cmd line program) do the MD5 checksum
computation as RFC1939  states on page 15.

Commandline example:

perl -MDigest::MD5(md5_hex) -le 'print 
md5_hex(q(<[EMAIL PROTECTED]>tanstaaf))'


/magnus

--
http://x42.com/

Re: High-load servers...

[Russ Allbery]

cmikk <[EMAIL PROTECTED]> writes:

> I've considered that, but unfortunately it's not that simple: these
> servers are also primary MXes for some domains (historical accident --
> fixing this is on my list ;-).  Thus, denying smtp connections from
> anywhere is out of the question.

Ahh... okay, that's a good reason.  :)

I have an ulterior motive in pursuing this; I'm considering switching our
primary user SMTP server for PC and Mac clients over to ofmipd from
sendmail and I'm wondering if people have decided not to use it for
reasons that would affect us.

Our bounce and vacation autoresponder server will likely be running qmail
by sometime next week.  We're looking at what MTA to use for our POP and
IMAP servers currently, since we've finally offloaded the rewriting and
forwarding logic and they can now be much simpler.

The mail routers are doing both LDAP and special CNAME lookups to route
incoming mail and having persistant LDAP connections to the LDAP servers
(rather than opening and closing connections for each message) is a
requirement long-term due to load (particularly since we're doing Kerberos
binds), so right now we're looking at either Postfix or staying with
sendmail (which is supposed to have persistant LDAP connections soon) for
those systems.  I'd like to consider qmail for those systems too, but it
doesn't support LDAP natively and I'm extremely nervous about the idea of
running a production mail system long-term on top of third-party patches.

(And yeah, before anyone asks, having changes in the LDAP directory be
immediately reflected in changes in the user mail forwarding is a
requirement so I can't just dump LDAP into something fastforward can use.)

-- 
Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/>

Re: High-load servers...

[Russ Allbery]

cmikk <[EMAIL PROTECTED]> writes:

> Well, we use tcpserver's -x option, for a static list of known customer
> IPs (e.g. our dial-up pools).  We use a variant of Russ's open-smtp
> package for roaming customers.

You should be able to do both of those with ofmipd.  tcpserver -x works
the same way; as long as open-smtp generates a tcpserver rules database,
tcpserver won't accept connections from anyone that you don't want to
allow unlimited relaying to and ofmipd's behavior is pretty much exactly
what you want.

-- 
Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/>

Re: High-load servers...

[Petr Novotny]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 22 Jan 00, at 9:54, [EMAIL PROTECTED] wrote:
> Well, we use tcpserver's -x option, for a static
> list of known customer IPs (e.g. our dial-up pools).
> We use a variant of Russ's open-smtp package for
> roaming customers.

Well, taking that idea of port redirection more on, you may
1. have the "static" redirection for "local users" IPs
2. have the "temporary" redirection for "roaming users" IPs
3. have the access to the port itself disabled for anyone else

(Ad #2: Adding the IP to the list of port-redirected IPs is the same 
type of problems as adding "IP:RELAYCLIENT=''" type of line to 
the -x database.)

The "non-authorized" user connects to port 25, running qmail-
smtpd, with no rewriting and no relaying. The "authorized" user, by 
connecting to port 25, in fact connects to port 26, running ofmipd, 
rewriting and relaying. Direct connect to port 26 is forbidden.

It all only boils down to a question: How fast are you able to reload 
the IP-redirection data?

-BEGIN PGP SIGNATURE-
Version: PGP 6.0.2 -- QDPGP 2.60 
Comment: http://community.wow.net/grt/qdpgp.html

iQA/AwUBOInlplMwP8g7qbw/EQJ7/ACgkFPF4nCd5gDyfOhAW32c7yvxfsQAn3en
BFCZmHEVqWI8M7QAgCAEB+6A
=KyR/
-END PGP SIGNATURE-
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
 [Tom Waits]

Re: High-load servers...

[cmikk]

On 22 Jan 2000 08:11:37 -0800 , Russ Allbery writes:
> cmikk <[EMAIL PROTECTED]> writes:
> 
> > Well, we use tcpserver's -x option, for a static list of known customer
> > IPs (e.g. our dial-up pools).  We use a variant of Russ's open-smtp
> > package for roaming customers.
> 
> You should be able to do both of those with ofmipd.  tcpserver -x works
> the same way; as long as open-smtp generates a tcpserver rules database,
> tcpserver won't accept connections from anyone that you don't want to
> allow unlimited relaying to and ofmipd's behavior is pretty much exactly
> what you want.

I've considered that, but unfortunately it's not that simple:
these servers are also primary MXes for some domains (historical
accident -- fixing this is on my list ;-).  Thus, denying smtp
connections from anywhere is out of the question.

-- 
Chris Mikkelson  |  Microsoft: Where do you want to go today?
[EMAIL PROTECTED] |  Linux: Where do you want to go tomorrow?
 |  FreeBSD: Are you guys coming or what?

Re: High-load servers...

[cmikk]

On 21 Jan 2000 23:39:13 -0800 , Russ Allbery writes:
> cmikk <[EMAIL PROTECTED]> writes:
> 
> > Since our mail servers perform relaying for roaming customers, they
> > would have to be open to any IP address.  Ofmipd does not allow you to
> > control relaying, last I checked, so that would require some hacking.
> 
> Neither does qmail-smtpd, when it comes to that sort of setup.

More explicitly: qmail-smtpd can use control/rcpthosts,
ofmipd does not.  Therefore, ofmipd is an open relay,
no matter how you run it, whereas qmail-smtpd is
only open if you set RELAYCLIENT.

>  You have
> to front-end either one with something that checks whether to allow
> relaying.  What control mechanism are you using?  SMTP after POP is pretty
> easy, and I think there's stuff already on the qmail web site implementing
> it.

Well, we use tcpserver's -x option, for a static
list of known customer IPs (e.g. our dial-up pools).
We use a variant of Russ's open-smtp package for
roaming customers.

-- 
Chris Mikkelson  |  Problems are posed by fools like me;
[EMAIL PROTECTED] |  But only Heuristics can search a tree.

Re: High-load servers...

[cmikk]

On 21 Jan 2000 23:41:08 -0800 , Russ Allbery writes:
> Bruce Guenter <[EMAIL PROTECTED]> writes:
> 
> > Could we see it?  I am almost finished writing a simple qmail-queue
> > wrapper that filters the body of the message through qmail-inject.  This
> > achieves the same header rewriting that the @fixme trick does, without
> > double delivery.  Once I finish it I'll post it.
> 
> This is the entire raison d'être of ofmipd, and it already supports tons
> of useful address rewriting rules, and also in the same package from djb
> (mess822) is a replacement qmail-inject that supports the same address
> rewriting mechanisms

Ofmipd is an open relay; new-inject (the qmail-inject
replacement) could be used, but only in the same
way as an @fixme-hooked script.

What I finally did was interpose some new-inject
code between qmail-smtpd and qmail-queue.

This allows me to take advantage of some of the nice
features of qmail-smtpd (rcpthosts, badmailfrom,
and patches like badrcptto), and still do rewriting.

-- 
Chris Mikkelson  | Vampireware; n, a project capable of sucking the 
[EMAIL PROTECTED] | lifeblood out of anyone unfortunate enough to be
 | assigned to it which never actually sees the light
 | of day, but nonetheless refuses to die. ([EMAIL PROTECTED])

Re: Vdeliver takes too long

[Li Hong]

look at this email
 
On Wed, Oct 13, 1999 at 04:33:27PM -0700, Jose de Leon 
wrote:> I'm using QMail 1.03, and using tcpserver instead of inetd.  
Linux 2.0.xx.> Some POP3 account users are complaining of slow POP3 
authentication.  About> 50% of the time, authentication times 
out.  I have noticed the problem too,> but once authenticated, 
download of email is quite fast.This may also be a result of slow DNS 
and/or IDENT lookups:- you may use the -R switch to disable IDENT lookups 
(very much recommended,  as most systems do not provide reliable info 
anyway).- you may use the -H switch to disable remote host name 
lookups.  This speeds up connections if DNS is slow or broken for the 
IPs  your customers come from. It also is useless if the IPs do not 
have  PTR records.Please note that these settings may also be 
useful if you startqmail-smtpd via tcpserver.> Are there not 
enough connections allocated for tcpserver?  How can I check> if 
maximum connections are being used?start your tcpserver with -v switch 
and direct its output to a logfile.There you should see messages 
like    tcpserver: status: 2/150That means that currently 
2 out of 150 max tcpservers are active.The max limit can be increased with 
-c, default is 40.> Or are there settings in QMail itself 
I need to change?No.\Maex-- SpaceNet 
GmbH 
|   http://www.Space.Net/   | Yeah, yo 
mama dressesResearch & Development    | mailto:[EMAIL PROTECTED] | you funny and 
you needJoseph-Dollinger-Bogen 14 |  Tel: +49 (89) 
32356-0    | a mouse to delete filesD-80807 
Muenchen  |  Fax: +49 
(89) 32356-299  |
 

  - Original Message - 
  From: Marcelo 
  Costa 
  To: Qmail List 
  Sent: Friday, January 21, 2000 6:18 PM
  Subject: Vdeliver takes too long
  
  Hi,
  i´m having a problem (i think 
so),
  the vdeliver process is taking too long to 
  deliver messages, even small
  messages.
   
  i´m using qmail + vpopmail + 
  qmailadmin.
   
   
  thanks,
   
  Marcelo

Re: High-load servers

[Guan Yang]

An crazy idea for infinite scalability and n-1 redundancy:

1. A rackful of SMTP servers, running mini-qmail and qmail-qmqpc, behind
pickdns.

2. A small amount of qmail servers running qmail and qmail-qpqpd.

3. A huge, expensive NetApp.

4. A rackful of POP3 servers, running only qmail-pop3d, behind pickdns.

5. A rackful of SqWebMail servers, behind pickdns.

6. A small amount of replicated MySQL servers running authentication.


Are there any problems with such an arrangement? Is it scalable? Is it
overkill for ~1 million users?
-- 
Ideas don't stay in some minds very long because they don't like
solitary confinement.

qmail Digest 22 Jan 2000 11:00:01 -0000 Issue 888

[qmail-digest-help]

qmail Digest 22 Jan 2000 11:00:01 - Issue 888

Topics (messages 35856 through 35910):

Re: Big Problem with virtualdomains, qmail mustn't rewrite recipi ent !
35856 by: Paul Trippett

Re: High-load servers...
35857 by: cmikk.uswest.net
35867 by: Mark Delany
35873 by: cmikk.uswest.net
35877 by: Mark Delany
35881 by: cmikk.uswest.net
35884 by: Dave Sill
35886 by: cmikk.uswest.net
35893 by: Russ Allbery
35897 by: cmikk.uswest.net
35898 by: Bruce Guenter
35899 by: Michael Boman
35902 by: Bruce Guenter
35903 by: Russ Allbery
35904 by: Russ Allbery
35909 by: John White
35910 by: Petr Novotny

Error
35858 by: Haifeng Guo
35859 by: Petr Novotny

Re: Cannot creating user account with an & in qmailadmin
35860 by: Dave Kitabjian

Re: relay-ctrl 1.2 problem
35861 by: Bruce Guenter
35874 by: Olivier M.

qmail refuses to start, cannot allocate memory. Please help!
35862 by: Ivailo Djilianov
35864 by: schinder.leprss.gsfc.nasa.gov

Recieving and deliverying mail without a domain in qmail
35863 by: Jacob Joseph
35891 by: David F. Hepner

Vdeliver takes too long
35865 by: Marcelo Costa

Cyrus - Qmail
35866 by: Lars Heuer

No return message when user not exists in virtual domain
35868 by: sistemas1.hipernet.es
35869 by: iv0

Some questions..(Micorsoft/qmail)
35870 by: Morten Ranheim
35871 by: Michael Cunningham
35872 by: Max

Configuration for high volume qmail box
35875 by: Max
35876 by: Faried Nawaz
35878 by: Max
35879 by: Russell Nelson
35880 by: Dave Sill
35882 by: Dave Sill
35887 by: Max

APOP
35883 by: J.M. Roth \(iip\)
35888 by: J.M. Roth
35892 by: Juan E Suris
35908 by: J.M. Roth

ANNOUNCE: imapvpop working site
35885 by: David Harris

Odd question
35889 by: Juan E Suris
35895 by: Sam

POP password checking
35890 by: Jacob Joseph
35894 by: Sam
35896 by: Jacob Joseph
35900 by: Jacob Joseph

Incorrect (?) response code 555 from qmail-smtpd
35901 by: Russ Allbery
35905 by: D. J. Bernstein
35907 by: Russ Allbery

Mbox format with qmail-local possible?
35906 by: Kristina

Administrivia:

To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]

To subscribe to the digest, e-mail:
[EMAIL PROTECTED]

To bug my human owner, e-mail:
[EMAIL PROTECTED]

To post to the list, e-mail:
[EMAIL PROTECTED]


--



this will happen if you use the same .qmail-(alias) file for the 2 domains
use separate ones thet point to the same place.

Reagrds,

Paul Trippett

-Original Message-
From: Puck [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 21, 2000 9:22 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Big Problem with virtualdomains, qmail mustn't rewrite
recipient !


Hi !

>>my virtualdomains file :
>>
>>schock-bad.de:schockbad
>>burgbad-service.de:schockbad
>>
>>Well, when i send mail to [EMAIL PROTECTED] , qmail rewrites the
> header to :
>>
>>Delivered-To: [EMAIL PROTECTED]
>>
>>it should be :
>>
>>Delivered-To: [EMAIL PROTECTED]
>>
>>
>>All mail for schock-bad.de and burgbad-service.de should be collected
> within only
>>one maildir, because schock-bad.de uses a windows-nt mailserver that can
only
>>retrieve mail from ONE pop3 !
>>
>>How can i "tell" qmail not to rewrite the header ?

> Hello,

> A: Three steps:
>1. Create /var/qmail/control/virutaldomains:
>schock-bad.de:schockbad
>   burgbad-service.de:schockbad
>2. Create a local UNIX Account "schockbad".
>(a) Log in as "schockbad" and
>create "Mailbox" or "Maildir" (depending on you QMAIL setup)
>eg: maildirmake $HOME/Maildir ; echo ./Maildir/ > ~/.qmail
>   eg: touch Mailbox ; echo ./Mailbox > ~/.qmail
>(b) Edit file .qmail-default
>   # /home/shockbad/.qmail-default
>   |forward [EMAIL PROTECTED] (matches your sample) --
or --
>   |forward "$EXT"@schock-bad.de (matches your wishes)
>3. Stop QMAIL and restart (changes become activ).

> If you have a file /var/qmail/alias/.qmail-shock... delete it !
> I'm not sure, whether you use POP3 to grep the mail from your QMAIL MTA or
> not.
> By the mechanisms shown above QMAIL does a SMTP delever to the NT-Server.
> Check the MX-Records for the NT-Server and your file
> /var/qmail/control/smtproutes.

You missunderstood me !

I have a qmail server which runs schock-bad.de for around 5 months now.
Now, there is one more domain burgbad-service.de whose mail should also
be deleivered to the schock-bad maildir, keeping the original reciever !

-> delivered-to: [EMAIL PROTECTED]

at the moment, qmail does the follow

Re: High-load servers...

[Petr Novotny]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 21 Jan 00, at 15:10, [EMAIL PROTECTED] wrote:

> Forwarding and rewriting in qmail do pretty much
> the same thing: deliver to some alias-controlled
> account, and then re-inject the message into the
> queue.  That's the expensive part, because then the
> message must go through qmail-send again.

'Scuse me, but the "fixme" trick is not neccessary on a decent 
operating system:

You use a "transparent proxy" redirection on IP level to redirect 
connections from known "broken" IP addresses to, say, port 26. 
(You also disable port 26 for anywhere else.) You have that 
ofmismtpd (or whatever the baby's called) listening on port 26 - or 
some customized qmail-smtpd.

(You may also fix qmail-inject if you need to rewrite headers of 
locally injected mails - but it usually is a sign of bad concept 
somewhere.)

That way, the mail that has to get rewritten gets rewritten _before_ 
it comes to qmail-queue - it means it's enqueued only once. 
Where's the performance penalty?

[It you don't know in advance which IPs inject mails neccessary for 
rewriting, then you have rewrite all the messages in qmail-smtpd, 
regardless of the origin anyway.]

[And if your system doesn't support port redirection on IP level, too 
bad. Get another one, or buy more hw because as you said you'd 
need it.]

-BEGIN PGP SIGNATURE-
Version: PGP 6.0.2 -- QDPGP 2.60 
Comment: http://community.wow.net/grt/qdpgp.html

iQA/AwUBOImas1MwP8g7qbw/EQJf2QCgqhjkksWAmyrzJxDKMI3i0iZW3K8AmwZJ
HPOqGMwMZQ0jbkQa7bglDDfO
=IVSg
-END PGP SIGNATURE-
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
 [Tom Waits]

Re: High-load servers...

[John White]

> On Fri, Jan 21, 2000 at 10:33:04PM -0600, Bruce Guenter wrote:
> > 
> > Could we see it?  I am almost finished writing a simple qmail-queue
> > wrapper that filters the body of the message through qmail-inject.  This
> > achieves the same header rewriting that the @fixme trick does, without
> > double delivery.  Once I finish it I'll post it.

Bruce: Russ Allbery's mjinject contains perl code for exactly
that operation (or easily modified for that).  Hmmm... But you're 
not working in perl, are you?
 
On Sat, Jan 22, 2000 at 12:48:11PM +0800, Michael Boman wrote:
> Can any of this qmail-queue wrappers be done so the queue is stored on a
> Network (shared) drive, so each server in a cluster of servers can take
> any of the messages is the queue and send it?

Michael,

1) qmail-queue is a program with the job of actually writing a message
   into the "qmaill queue" which is a directory and file structure for
   safely storing mail messages.  They are two different things.

   The "queue" was designed in a way which necessitates the exclusive
   use of a single qmail system.  Sorry.

2) It's not impossible to cluster servers to balance the "load."  
   First you have to define whether it's the incoming or outgoing
   message load which you have to balance.  Second, you have to realize
   that none of the solutions which will help you solve your problem
   will involve sharing a "queue" between multiple instanciations of
   qmail.  Each instance will have its own queue.

John White

Re: APOP

[J.M. Roth]

thanks, great!
how can I check with f.e. telnet if the APOP 
authentication is working?
 
-- jmr
 

  - Original Message - 
  From: 
  Juan E Suris 
  
  To: [EMAIL PROTECTED] 
  Cc: VCHKPW LIST 
  Sent: Saturday, January 22, 2000 2:25 
  AM
  Subject: Re: APOP
  
  
Hi!
 
Recently I was asked by a customer if we provided APOP 
authentication.
Currently we do not, but I planned on supporting it 
anyway.
So, what's the best way to go without having to reinstall 
all the mailboxes and password that are currently setup 
manually?
 
Right now I'm using the vpopmail (vchkpw) package with 
checkpassword.
I saw a patch to qmail and another password checker that 
added APOP to its features.
Can I specify which user can authenticate how? like: 
user1=onlyAPOP user2=both etc.? because this would be a difference in price 
if sold
Any good FAQ on this?
 
Regards!
J.M. Roth
  The new versions of vpopmail support APOP 
  verification on an individual user basis.
  Check www.inter7.com/vpopmail/
   
  JES

Re: Incorrect (?) response code 555 from qmail-smtpd

[Russ Allbery]

D J Bernstein <[EMAIL PROTECTED]> writes:

> If you have questions about SMTP, the Internet mail message-header
> format, or the Internet mail infrastructure, try my reference manuals:

>http://cr.yp.to/smtp.html
>http://cr.yp.to/immhf.html
>http://cr.yp.to/im.html

> You don't have to suffer through the RFCs; I did all the work for you.

Sometimes I have to quote the appropriate RFC in order to convince someone
else, though.  :)  Thanks, your pages contained a pointer to RFC 1869,
which specifies 555:

   If the server SMTP does not recognize or cannot implement one or more
   of the parameters associated with a particular MAIL FROM or RCPT TO
   command, it will return code 555.

I'll pass that back.

-- 
Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/>

Mbox format with qmail-local possible?

[Kristina]

Is there a way I can get qmail-local to deliver to /var/spool/mail/username 
file??

I know you can get the mbox format by using /bin/mail but I want
mbox format delivery with qmail-local!

Thankyou,
Kristina

Re: Incorrect (?) response code 555 from qmail-smtpd

[D. J. Bernstein]

If you have questions about SMTP, the Internet mail message-header
format, or the Internet mail infrastructure, try my reference manuals:

   http://cr.yp.to/smtp.html
   http://cr.yp.to/immhf.html
   http://cr.yp.to/im.html

You don't have to suffer through the RFCs; I did all the work for you.

Russ Allbery writes:
> RFC 821 says that x5y status codes are for mail system problems, while x0y
> status codes should be used for syntax errors:

In this case, RFC 821 is obsolete. A subsequent RFC added code 555 for
certain syntax errors.

> draft-ietf-drums-smtpupd-10.txt seems to agree.

smtpupd-10 is garbage. See http://cr.yp.to/smtp/klensin.html for further
explanation. In this case, Klensin simply screwed up.

---Dan