qmail Digest 2 Mar 2000 11:00:00 -0000 Issue 928

[qmail-digest-help]

qmail Digest 2 Mar 2000 11:00:00 - Issue 928

Topics (messages 38012 through 38094):

/etc/tcpcontrol/smtp.cdb not working (Re: can't stop qmail (supervise-scripts))
38012 by: Smoerk

Re: Forwarding emails
38013 by: Ricardo Cerqueira
38014 by: Roger O. Svenning
38015 by: Roger O. Svenning
38036 by: iv0

Re: How big is a big queue?
38016 by: brianb-qmail.technet.evoserve.com

RCPT <[EMAIL PROTECTED]> confuses qmail
38017 by: Uncle George
38077 by: Uncle George
38078 by: Uncle George

Re: I spoke too soon.
38018 by: Russell Nelson

Re: A complete log rolling & reporting system?
38019 by: Russell Nelson
38033 by: Dave Sill
38065 by: Pavel Kankovsky
38068 by: Dave Sill

Should this have been rejected?
38020 by: Mark E. Drummond
38059 by: Dave Sill

Re: qmail-smtpd and multilog
38021 by: Bruno Wolff III

Making an smtproute to nowhere
38022 by: torben fjerdingstad
38024 by: Petr Novotny
38025 by: Chris Johnson
38037 by: torben fjerdingstad

ORBS database
38023 by: Dan Ammellinn
38028 by: Frank Tegtmeyer
38030 by: Frank Tegtmeyer

Greetings and a dopey question:
38026 by: Bennett
38029 by: Chris Johnson
38032 by: Frank Tegtmeyer
38039 by: Bennett

Re: qmqp and local delivery
38027 by: Fred Lindberg

Re: qmail-pop3d not conforming to RFC1939?!
38031 by: iv0
38034 by: iv0
38035 by: Russell Nelson
38038 by: iv0
38042 by: Len Budney

Problem with tcpserver and pop3
38040 by: Webmaster
38058 by: Dave Sill

Re: Lost Mail
38041 by: Uwe Ohse
38043 by: Tom Reinertson

list server and rcpthosts file
38044 by: clifford thurber
38048 by: Chris Johnson
38052 by: clifford thurber
38054 by: Frank Tegtmeyer
38055 by: Chris Johnson
38061 by: clifford thurber
38062 by: Frank Tegtmeyer
38064 by: Dave Sill
38066 by: Frank Tegtmeyer
38069 by: Dave Sill
38070 by: Chris Johnson

fastforward virtual domains [emergency]
38045 by: Dan Laffin

Message 252 when VRFYing
38046 by: Shera
38049 by: Dave Sill
38050 by: Anand Buddhdev
38051 by: Timothy L. Mayo
38060 by: Russell Nelson

daemontools v6.1 and _Life with qmail_
38047 by: Grier Ellis
38053 by: Dave Sill

receiving mail
38056 by: Lee Trotter
38057 by: Dave Sill

Re: Multiple Mails...
38063 by: Dave Sill

Re: ETRN
38067 by: Robert Sanderson

Re: POP3 Slowdown solved (I think)
38071 by: Faried Nawaz

Re: migrating virtuals from sendmail
38072 by: Faried Nawaz

Unix as it should be
38073 by: Russell Nelson

Re: Forward Messages to a secondary Mail Server
38074 by: Jeff Russell, AIT

Qmail installation
38075 by: Lee Trotter

Re: [qmail] Unix as it should be
38076 by: ari
38079 by: Bruno Wolff III

Re: Effective anti spamming
38080 by: Aaron L. Meehan
38081 by: Adam McKenna
38082 by: Sascha Schumann
38089 by: Sam

Re: Ineffective anti spamming
38083 by: Ruben van der Leij

Cannot get Qmail to compile
38084 by: BaimoonInc.aol.com
38086 by: Stephen Mills

Re: Mailing list bandwidth
38085 by: Steve Wolfe
38088 by: net.ncal.verio.com
38090 by: andy huhn

Qmail on FreeBSD 3.3
38087 by: David Uzzell

Forward/Duplicate messages to hosts behind
38091 by: Andy WONG
38093 by: Stephen Mills

Mail doesn't go to Maildir
38092 by: Stein Ma

vpopmail and Netscape
38094 by: Erich Zigler

Administrivia:

To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]

To subscribe to the digest, e-mail:
[EMAIL PROTECTED]

To bug my human owner, e-mail:
[EMAIL PROTECTED]

To post to the list, e-mail:
[EMAIL PROTECTED]


--



>> >> >> 2. qmail-smtpd does not care about /etc/tcprules/smtp.cdb. I cannot
>> >> >> send mails localy via smtp, because the smtp does not relay. I put
>[...]
>> exec tcpserver -u "$uid" -g "$gid" -c "$concurrency" -v \
>> -x /etc/tcpcontrol/smtp.cdb 0 smtp $rbl \
>> qmail-pipe fixcr -- qmail-smtpd

>
>This uses /etc/tcpcontrol/smtp.cdb as opposed to /etc/tcprules/smtp.cdb, which
>  ^^^^
>is what you said you use.

Okay, the directory is /etc/tcpcontrol, not /etc/tcprules. My mail was
wrong not my configuration.

I still have the problem, that /etc/tcpcontrol/smtp.cdb is ignored. I
put

:deny

in smtp.rules (and created a new smtp.cdb) and connections were not
refused.

>As far a the supervise bit is concerned... try 'svc -dx '.
>If the process is still run

Re: SMTP in distributed DOS

[Lorens Kockum]

On the qmail list [EMAIL PROTECTED] wrote:
>At 11:04 AM 2/20/00 -0800, Dirk Harms-Merbitz wrote:
>>Just imagine what happens when some script kiddie uses a few ten
>>thousand trojaned cable/dsl connected home computers to send email
>>to tens of thousands of domains and they all bounce back to your
>>mail server!
>
>Those hosts would need to be open relays.

No they do not need to be open relays.  If they are qmail
servers that is perfect for the purpose.

Re: vpopmail and Netscape

[Chris Johnson]

On Thu, Mar 02, 2000 at 12:05:34AM -0600, Erich Zigler wrote:
> Im having several complaints from people using Netscape 4.7's email client.
> Seems when they are trying to log into the server that Netscape is only
> sending user@ not [EMAIL PROTECTED] So the user then cannot get their mail.

Netscape assumes that if you entered an @ in your user name, you must have made
a mistake, so it helpfully strips off everything after it for you. There's no
way to get it not to do that.

I think that vpopmail supports % as a separator, so your users should be able
to use user%domain.com as a user name.

Chris

Message 252 revisited

[Shera]

Hello,

I asked about message 252 yesterday and was told that to have the smtp
server not vrfy users was a security feature.  I do understand this
perfectly.  But shouldn't this be an option for the sysadmin to turn off
and on or to have a deny file to only allow certain people to access the
vrfy command?   According to different RFCs (below) this is the recommend
form to handle vrfy.   I am not a email guru, only a self taught
mini-sysadmin and I am just trying to figure out what is better, becouse of
lack of guru knowledge I must use the RFCs to see the standards and try to
make sure that my system follows these standards, and to allow for the most
secure system possible.   There are times that I need to vrfy users from
remote and in the past the easiest and only form I knew was through the
smtp server, but now using qmail it is impossible.   I would just like to
understand why qmail does not allow this to be an option as in sendmail.

  RFC ---

>RFC2505
>February 1999
>Category: Best Current Practice
>2.11. SMTP VRFY and EXPN
>
>   Both SMTP VRFY and EXPN provide means for a potential spammer to test
>   whether the addresses on his list are valid (VRFY) and even get more
>   addresses (EXPN). Therefore, the MTA SHOULD control who is is allowed
>   to issue these commands. This may be "on/off" or it may use access
>   lists similar to those mentioned previously.
>
>   Note that the "VRFY" command is required according to RFC821, [1].
>   The response can, though, be "252 Argument not checked" to represent
>   "off" or blocked via an access list. This should be the default.
>
>   Default for the "EXPN" command should be "off".
>
>

>RFC1123  MAIL -- SMTP & RFC-822 October 1989
>
> CNAME.
>
>  5.2.3  VRFY and EXPN Commands: RFC-821 Section 3.3
>
> A receiver-SMTP MUST implement VRFY and SHOULD implement EXPN
> (this requirement overrides RFC-821).  However, there MAY be
> configuration information to disable VRFY and EXPN in a
> particular installation; this might even allow EXPN to be
> disabled for selected lists.
>
> A new reply code is defined for the VRFY command:
>
>  252 Cannot VRFY user (e.g., info is not local), but will
>  take message for this user and attempt delivery.
>
> DISCUSSION:
>  SMTP users and administrators make regular use of these
>  commands for diagnosing mail delivery problems.  With the
>  increasing use of multi-level mailing list expansion
>  (sometimes more than two levels), EXPN has been
>  increasingly important for diagnosing inadvertent mail
>  loops.  On the other hand,  some feel that EXPN represents
>  a significant privacy, and perhaps even a security,
>  exposure.
>
>

Re: Message 252 revisited

[petervd]

On Thu, Mar 02, 2000 at 09:35:02AM -0400, Shera wrote:
> Hello,
> 
[snip]
> secure system possible.   There are times that I need to vrfy users from
> remote and in the past the easiest and only form I knew was through the
> smtp server, but now using qmail it is impossible.   I would just like to
> understand why qmail does not allow this to be an option as in sendmail.

It's the qmail design that makes it impossible - qmail-smtpd (which,
obviously, handles SMTP :) has no knowledge of users, because it doesn't
need to.

Allowing vrfy would require massive patching.

>   RFC ---
> 
> >RFC2505
> >February 1999
> >Category: Best Current Practice
> >2.11. SMTP VRFY and EXPN
> >
> >   Both SMTP VRFY and EXPN provide means for a potential spammer to test
> >   whether the addresses on his list are valid (VRFY) and even get more
> >   addresses (EXPN). Therefore, the MTA SHOULD control who is is allowed
> >   to issue these commands. This may be "on/off" or it may use access
> >   lists similar to those mentioned previously.

MTA SHOULD control. MTA does control. MTA says no :)
> >
> >   Note that the "VRFY" command is required according to RFC821, [1].
> >   The response can, though, be "252 Argument not checked" to represent
> >   "off" or blocked via an access list. This should be the default.

This is what qmail does.

> >   Default for the "EXPN" command should be "off".

Same here.

> >RFC1123  MAIL -- SMTP & RFC-822 October 1989
> >
> > CNAME.
> >
> >  5.2.3  VRFY and EXPN Commands: RFC-821 Section 3.3
> >
> > A receiver-SMTP MUST implement VRFY and SHOULD implement EXPN
> > (this requirement overrides RFC-821).  However, there MAY be
> > configuration information to disable VRFY and EXPN in a
> > particular installation; this might even allow EXPN to be
> > disabled for selected lists.
> >
> > A new reply code is defined for the VRFY command:
> >
> >  252 Cannot VRFY user (e.g., info is not local), but will
> >  take message for this user and attempt delivery.

This is what qmail uses.

> > DISCUSSION:
> >  SMTP users and administrators make regular use of these
> >  commands for diagnosing mail delivery problems.  With the
> >  increasing use of multi-level mailing list expansion
> >  (sometimes more than two levels), EXPN has been
> >  increasingly important for diagnosing inadvertent mail
> >  loops.  On the other hand,  some feel that EXPN represents
> >  a significant privacy, and perhaps even a security,
> >  exposure.

The point in qmail isn't even privacy, or the security mentioned here.
The whole point is that qmail-smtpd doesn't know about users because
it doesn't have to.

I hope that sorts it out for you.

Greetz, Peter.
-- 
Peter van Dijk - student/sysadmin/ircoper/madly in love/pretending coder 
|  
| 'C makes it easy to shoot yourself in the foot;
|  C++ makes it harder, but when you do it blows your whole leg off.'
| Bjarne Stroustrup, Inventor of C++

Re: Message 252 revisited

[Petr Novotny]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 2 Mar 00, at 9:35, Shera wrote:

> I asked about message 252 yesterday and was told that to have the smtp
> server not vrfy users was a security feature.  I do understand this
> perfectly.  But shouldn't this be an option for the sysadmin to turn
> off and on or to have a deny file to only allow certain people to
> access the vrfy command?

You did not listen? You were told, several times, that qmail can't 
do it and won't ever do it. Rewrite qmail if you need it.

>   There
> are times that I need to vrfy users from remote and in the past the
> easiest and only form I knew was through the smtp server, but now
> using qmail it is impossible.

Lots of other MTAs don't implement vrfy. What's your point?

>   I would just like to understand why
> qmail does not allow this to be an option as in sendmail.

Because qmail is not sendmail. If you want a megabyte binary with 
long history of buffer overflows running as root on your system, help 
yourself.

The first main design decision is to have qmail-smtpd as 
lightweight as possible. Even on a really loaded machine,
qmail-smtpd lives; why? Because it does not need to make a 
zillion system calls before queuing the message and indicating 
success.

The second decision comes from the existence of
.qmail-anything-default files. It's impossible to predict if the program 
there returns 100 (user does not exist) or 0 (exists).

Usually, making explicitely no effort is much better than making 
half-assed effort and fail. Do you buy this explanation?

-BEGIN PGP SIGNATURE-
Version: PGP 6.0.2 -- QDPGP 2.60 
Comment: http://community.wow.net/grt/qdpgp.html

iQA/AwUBOL5h/lMwP8g7qbw/EQIZXwCeN2vYcP8iUDuJGv5kP3xe8efrFDgAoO2V
EFop1siE/NEqccGRbR1E/wgE
=7Dnu
-END PGP SIGNATURE-
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
 [Tom Waits]

Re: SMTP in distributed DOS

[James Raftery]

On Thu, Mar 02, 2000 at 11:34:11AM -, Lorens Kockum wrote:
> No they do not need to be open relays.  If they are qmail
> servers that is perfect for the purpose.

Why? There is no appreciable gain. To be effective the attacker needs to
send a small amount of traffic, which is amplified by a large factor and
directed to the victim.

Sending a 1K message to qmail with the intention of it bouncing to your
victim yields a bounce with your original 1K message plus ~200 bytes of
the QSBMF bounce message. If you get a 10K message to bounce, you yield
10K plus ~200 bytes. Those gains are too low to be useful.


james
-- 
James Raftery (JBR54)  -  Programmer Hostmaster  -  IE TLD Hostmaster
  IE Domain Registry, University College Dublin Computing Services,
  Computer Centre, Belfield, Dublin 4, Ireland.
http://www.domainregistry.ie/ Ph: (+353 1) 7062375 Fx: (+353 1) 7062862

Re: SMTP in distributed DOS

[petervd]

On Thu, Mar 02, 2000 at 01:49:32PM +, James Raftery wrote:
> On Thu, Mar 02, 2000 at 11:34:11AM -, Lorens Kockum wrote:
> > No they do not need to be open relays.  If they are qmail
> > servers that is perfect for the purpose.
> 
> Why? There is no appreciable gain. To be effective the attacker needs to
> send a small amount of traffic, which is amplified by a large factor and
> directed to the victim.
> 
> Sending a 1K message to qmail with the intention of it bouncing to your
> victim yields a bounce with your original 1K message plus ~200 bytes of
> the QSBMF bounce message. If you get a 10K message to bounce, you yield
> 10K plus ~200 bytes. Those gains are too low to be useful.

You're missing a point: the message is sent with a couple of 100 recipients.
All these recipients will bounce the message - separately. There's your
amplification :)

Greetz, Peter.
-- 
Peter van Dijk - student/sysadmin/ircoper/madly in love/pretending coder 
|  
| 'C makes it easy to shoot yourself in the foot;
|  C++ makes it harder, but when you do it blows your whole leg off.'
| Bjarne Stroustrup, Inventor of C++

Re: SMTP in distributed DOS

[Bruno Wolff III]

On Thu, Mar 02, 2000 at 11:34:11AM -,
  Lorens Kockum <[EMAIL PROTECTED]> wrote:
> On the qmail list [EMAIL PROTECTED] wrote:
> >At 11:04 AM 2/20/00 -0800, Dirk Harms-Merbitz wrote:
> >>Just imagine what happens when some script kiddie uses a few ten
> >>thousand trojaned cable/dsl connected home computers to send email
> >>to tens of thousands of domains and they all bounce back to your
> >>mail server!
> >
> >Those hosts would need to be open relays.
> 
> No they do not need to be open relays.  If they are qmail
> servers that is perfect for the purpose.

You can use any system that won't know whether or not the message can be
delivered while processing the smtp transaction.

This would include MX's that don't do final deliverly and addresses that
result in failure at final deliverly (procmail rejections) under sendmail.

Other problems are autoresponders including trouble ticket responders and
vacation responders. Even rate limited vacation responders can probably
be tricked in to repeated sending mail to an address, as very few are really
aware of what the email address is, and only handle an encoded representation
of the address.

However none of these attacks gives much amplification. It may provide
some anonymity if the bounce or automated response doesn't include tracking
information from the original message.

The people most effected by MTA's that can't bounce email at the site
boundry are the postmasters. I have to wade through a lot of spam double
bounces here because messages typically come in on a different machine
than the one where the end users account is, so mail doesn't get bounced
until after one of our servers has accepted responsibility for the email.

Re: Message 252 revisited

[dsr]

On Thu, 2 Mar 2000 09:35:02 -0400 (AST), Shera <[EMAIL PROTECTED]> wrote:
>
> Hello,
>
> I asked about message 252 yesterday and was told that to have the smtp
> server not vrfy users was a security feature.  I do understand this
> perfectly.  But shouldn't this be an option for the sysadmin to turn off
> and on or to have a deny file to only allow certain people to access the
> vrfy command?   According to different RFCs (below) this is the recommend
> form to handle vrfy.  

Well, accepting and answering vrfy is a MUST, but always returning
252 is a perfectly legitimate response.

>   There are times that I need to vrfy users from
> remote and in the past the easiest and only form I knew was through the
> smtp server, but now using qmail it is impossible.   I would just like to
> understand why qmail does not allow this to be an option as in sendmail.

At the time you are having an SMTP conversation, qmail does *not know*
whether any given address on this machine is deliverable or not. There
are several reasons for this, which other folk have explained.

If you could explain why you need to vrfy users, there might be
another method we could suggest to accomplish the same end-goal.

-dsr-

Re: SMTP in distributed DOS

[Bruno Wolff III]

On Thu, Mar 02, 2000 at 02:53:41PM +0100,
  [EMAIL PROTECTED] wrote:
> 
> You're missing a point: the message is sent with a couple of 100 recipients.
> All these recipients will bounce the message - separately. There's your
> amplification :)

This is a gain if you are sending the original message through a small pipe
to a mail server that has better connectivity and will relay for you.

Re: SMTP in distributed DOS

[petervd]

On Thu, Mar 02, 2000 at 08:03:04AM -0600, Bruno Wolff III wrote:
> On Thu, Mar 02, 2000 at 02:53:41PM +0100,
>   [EMAIL PROTECTED] wrote:
> > 
> > You're missing a point: the message is sent with a couple of 100 recipients.
> > All these recipients will bounce the message - separately. There's your
> > amplification :)
> 
> This is a gain if you are sending the original message through a small pipe
> to a mail server that has better connectivity and will relay for you.

Which is my point :)

Greetz, Peter.
-- 
Peter van Dijk - student/sysadmin/ircoper/madly in love/pretending coder 
|  
| 'C makes it easy to shoot yourself in the foot;
|  C++ makes it harder, but when you do it blows your whole leg off.'
| Bjarne Stroustrup, Inventor of C++

Re: SMTP in distributed DOS

[James Raftery]

On Thu, Mar 02, 2000 at 02:53:41PM +0100, [EMAIL PROTECTED] wrote:
> You're missing a point: the message is sent with a couple of 100 recipients.
> All these recipients will bounce the message - separately.

No it doesn't :) Try it (with qmail, of course) One message with failed
deliveries results in *one* bounce message with a list of the failures
enclosed. [See below]

> There's your amplification :)

Each additional failure adds a few bytes. Not exactly earth-shattering :)

james
-- 
James Raftery (JBR54)  -  Programmer Hostmaster  -  IE TLD Hostmaster
  IE Domain Registry, University College Dublin Computing Services,
  Computer Centre, Belfield, Dublin 4, Ireland.
http://www.domainregistry.ie/ Ph: (+353 1) 7062375 Fx: (+353 1) 7062862


>From MAILER-DAEMON Thu Mar 02 14:10:57 2000
Return-Path: <>
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 14057 invoked for bounce); 2 Mar 2000 14:10:57 -
Date: 2 Mar 2000 14:10:57 -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: failure notice
Status: RO
Content-Length: 1202
Lines: 35

Hi. This is the qmail-send program at banba.domainregistry.ie.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<[EMAIL PROTECTED]>:
Sorry, no mailbox here by that name. (#5.1.1)

<[EMAIL PROTECTED]>:
Sorry, no mailbox here by that name. (#5.1.1)

<[EMAIL PROTECTED]>:
Sorry, no mailbox here by that name. (#5.1.1)

--- Below this line is a copy of the message.

Return-Path: <[EMAIL PROTECTED]>
Received: (qmail 14050 invoked by uid 510); 2 Mar 2000 14:10:56 -
Date: Thu, 2 Mar 2000 14:10:56 +
From: James Raftery <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Bouncy, bouncy
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i


Hmm

-- 
James Raftery (JBR54)  -  Programmer Hostmaster  -  IE TLD Hostmaster
  IE Domain Registry, University College Dublin Computing Services,
  Computer Centre, Belfield, Dublin 4, Ireland.
http://www.domainregistry.ie/ Ph: (+353 1) 7062375 Fx: (+353 1) 7062862

RE: Forward/Duplicate messages to hosts behind

[Greg Owen]

I'm going off of memory here, but I think this should do it.  Test
before using in production.

> I would like to have the qmail configurated to 
> FORWARD/DUPLICATE EVERY incoming message (no matter whoever 
> the receiver) to two different host behind. (Both hosts are 
> not linux machines and one host is for production while the 
> another is for development/migration)

Put "domain.com" in rcpthosts, and put "domain.com:alias-domain" in
virtualdomains.  This will ensure that you accept mail for domain.com, and
that when it arrives the ".qmail-domain" file for the "alias" user will be
used to determine delivery instructions.

In /var/qmail/alias/.qmail-domain-default, put the following two
lines:

|forward "$DEFAULT"@production.domain.com
|forward "$DEFAULT"@development.domain.com



A second way to do it would be to set up QUEUE_EXTRA as described in
FAQ 8.2 and in ~alias/.qmail-log put the "|forward ..." line for the
development copy, then have an smtproutes entry that says
"domain.com:production.domain.com".  This way doesn't gain you much, and if
you accept mail for other domains, then development will get a copy of that
too - probably not what you want.

-- 
gowen -- Greg Owen -- [EMAIL PROTECTED]

Re: SMTP in distributed DOS

[petervd]

On Thu, Mar 02, 2000 at 02:15:19PM +, James Raftery wrote:
> On Thu, Mar 02, 2000 at 02:53:41PM +0100, [EMAIL PROTECTED] wrote:
> > You're missing a point: the message is sent with a couple of 100 recipients.
> > All these recipients will bounce the message - separately.
> 
> No it doesn't :) Try it (with qmail, of course) One message with failed
> deliveries results in *one* bounce message with a list of the failures
> enclosed. [See below]

What you really want is to have one mailserver deliver your one mail to
MXes for all those recipients, and then have those MXes bounce them
_theirselves_ - because they're qmail-servers, for example :)

Greetz, Peter.
-- 
Peter van Dijk - student/sysadmin/ircoper/madly in love/pretending coder 
|  
| 'C makes it easy to shoot yourself in the foot;
|  C++ makes it harder, but when you do it blows your whole leg off.'
| Bjarne Stroustrup, Inventor of C++

hosts?

[MooNDoGGie iS]

Hi,

I have qmail setup and running.  In my /var/qmail/control/smtproutes
I have ,

:mail.server

This tells qmail to direct my outbound mail to my ISP.
However when ever I have any local mail it also gets sent to my ISP's
server and because it has no QDM it gets bounced back.   I would like to
make all local mail stay on my LAN.  How do I do this?

Regards,
Andy
[EMAIL PROTECTED]

Qmail and ORBS

[Ryszard Lach]

Hi!

Since last monday I have problem with ORBS database. Due to spam relay my host
got into their list. I applied relaymailfrom+tarpit patch and now most of "relay
holes" on my site are blocked out. But I can't fix problem with exclamation and
percen sign - tester at orbs.org checks it. Therefore I have a question: how can
I fix this problem ? I really would like to remove my site from orbs... Below is
the test, which caused my host fail removal procedure:


>>> MAIL FROM:
<<< 250 ok
>>> RCPT TO:<"user-02782%nf.abuse.net">
<<< 250 ok

Do you have any ideas?

Siaco.

-- 
Ryszard Łach
Internet Designers s.c. 

Re: Qmail and ORBS

[Dave Sill]

Ryszard Lach <[EMAIL PROTECTED]> wrote:

 MAIL FROM:
><<< 250 ok
 RCPT TO:<"user-02782%nf.abuse.net">
><<< 250 ok
>
>Do you have any ideas?

Bogus test. See:

http://www.faqts.com/knowledge-base/view.phtml/aid/1198/fid/206/lang/en

-Dave

Re: hosts?

[Dave Sill]

MooNDoGGie iS <[EMAIL PROTECTED]> wrote:

>I have qmail setup and running.  In my /var/qmail/control/smtproutes
>I have ,
>
>:mail.server
>
>This tells qmail to direct my outbound mail to my ISP.
>However when ever I have any local mail it also gets sent to my ISP's
>server and because it has no QDM it gets bounced back.

What's a QDM?

>I would like to
>make all local mail stay on my LAN.  How do I do this?

Put your local host name(s) in control/locals.

-Dave

Re: Qmail and ORBS

[Sascha Schumann]

On Thu, Mar 02, 2000 at 04:44:22PM +0100, Ryszard Lach wrote:
> Hi!
> 
> Since last monday I have problem with ORBS database. Due to spam relay my host
> got into their list. I applied relaymailfrom+tarpit patch and now most of "relay
> holes" on my site are blocked out. But I can't fix problem with exclamation and
> percen sign - tester at orbs.org checks it. Therefore I have a question: how can
> I fix this problem ? I really would like to remove my site from orbs... Below is
> the test, which caused my host fail removal procedure:

ORBS will only put you into the database, if (a) you say something silly
or (b) the test email is relayed back to them.

> >>> RCPT TO:<"user-02782%nf.abuse.net">
> <<< 250 ok
> 
> Do you have any ideas?

qmail will reject this email internally, thus it will not be relayed.

- Sascha

Re: hosts?

[Uwe Ohse]

On Thu, Mar 02, 2000 at 10:42:23AM -0500, MooNDoGGie iS wrote:

> :mail.server
> 
> This tells qmail to direct my outbound mail to my ISP.
> However when ever I have any local mail it also gets sent to my ISP's
> server and because it has no QDM it gets bounced back.   I would like to
> make all local mail stay on my LAN.  How do I do this?

:mail.server
local.domain:

and make sure control/locals is set up correctly.

btw: what does QDM stand for?

Regards, Uwe

Re: Encryption and t-shirts

[Vern Hart]

On Tuesday, Michael Handler wrote:
> 
> Back:
> 
>("qmail" stylized text)
> (dolphin logo)
>  Secure, reliable, efficient.
>  Pick three.
> (white space)
> www.qmail.org

The latest round of designs are at http://vern.com/tshirts/qmail/

They are the above quote, plus the anti-sendmail quote.  Both with
each logo version.

Let me know the latest round of critiques.

Cheers,
Vern
-- 
\ \   / __| _ \  \ |   Vern Hart
 \ \ /  _|/ .  |   [EMAIL PROTECTED]
  \_/  ___|_|_\_|\_|

RE: Encryption and t-shirts

[Chad Day]

I don't care much for the Q-arrow logo, the dolphin is far far cooler.. so
my pick goes for dolphin 0 .. I like the font on the Secure, reliable,
efficient quote, but I think the anti-sendmail quote is cooler.

Chad

-Original Message-
From: Vern Hart [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 02, 2000 11:54 AM
To: [EMAIL PROTECTED]
Subject: Re: Encryption and t-shirts


On Tuesday, Michael Handler wrote:
> 
> Back:
> 
>("qmail" stylized text)
> (dolphin logo)
>  Secure, reliable, efficient.
>  Pick three.
> (white space)
> www.qmail.org

The latest round of designs are at http://vern.com/tshirts/qmail/

They are the above quote, plus the anti-sendmail quote.  Both with
each logo version.

Let me know the latest round of critiques.

Cheers,
Vern
-- 
\ \   / __| _ \  \ |   Vern Hart
 \ \ /  _|/ .  |   [EMAIL PROTECTED]
  \_/  ___|_|_\_|\_|

Re: SMTP in distributed DOS

[Bruno Wolff III]

On Thu, Mar 02, 2000 at 03:06:16PM +0100,
  [EMAIL PROTECTED] wrote:
> On Thu, Mar 02, 2000 at 08:03:04AM -0600, Bruno Wolff III wrote:
> > On Thu, Mar 02, 2000 at 02:53:41PM +0100,
> >   [EMAIL PROTECTED] wrote:
> > > 
> > > You're missing a point: the message is sent with a couple of 100 recipients.
> > > All these recipients will bounce the message - separately. There's your
> > > amplification :)
> > 
> > This is a gain if you are sending the original message through a small pipe
> > to a mail server that has better connectivity and will relay for you.
> 
> Which is my point :)

This circumstance isn't very important. If this is done through your
connection you are going to get into trouble. If it is somebody else's
than you have to first break into their system. The amplification is
significant if it is a lot easier to break into limited systems with
limited bandwidth that have well connected mail servers willing to relay
for them and the mail server doing the relaying will distinguish between
addresses that will result in email going to the same destination (which
isn't always possible) and only send one copy of a message to that host.

I do think that qmail would be better if it could refuse some invalid
addresses without accepting responsibility for a message first. However
it isn't because of using the server for DOS attacks, but rather to
ease the burden on the postmaster of handling double bounced spam.

Re: Encryption and t-shirts

[Peter Green]

On Thu, Mar 02, 2000 at 09:54:07AM -0700, Vern Hart wrote:
> 
> The latest round of designs are at http://vern.com/tshirts/qmail/
> 
> They are the above quote, plus the anti-sendmail quote.  Both with
> each logo version.
>
> Let me know the latest round of critiques.

My only beef would be with having three distinct fonts on the back of the
"Secure..." shirt. Personally, I'd put the URL in the same font as the quote
(or leave it off entirely...but it'd probably be better to keep it).

Minor nit to pick; overall, they look excellent!

/pg
-- 
Peter Green
Gospel Communications Network, SysAdmin
[EMAIL PROTECTED]

Re: Encryption and t-shirts

[John Gonzalez/netMDC admin]

On Thu, 2 Mar 2000, Vern Hart wrote:

>The latest round of designs are at http://vern.com/tshirts/qmail/
>
>They are the above quote, plus the anti-sendmail quote.  Both with
>each logo version.
>
>Let me know the latest round of critiques.

Vern, those look great. I'll take one of each with the 'Q' logo, not the
dolphin. :)

  ___   _  __   _  
__  /___ ___    /__  John Gonzalez/Net.Tech
__  __ \ __ \  __/_  __ `__ \/ __  /_  ___/ MDC Computers/netMDC!
_  / / / `__/ /_  / / / / / / /_/ / / /__ (505)437-7600/fax-437-3052
/_/ /_/\___/\__/ /_/ /_/ /_/\__,_/  \___/ http://www.netmdc.com
[-[system info]---]
 10:20am  up 37 days, 18:17,  5 users,  load average: 0.02, 0.11, 0.09

SPAMCONTROL patch

[Luis Bezerra]

Hello averyone,


How could I find the spamcontrol patch?

thanks in advance

--
-
Luís Bezerra de A. Junior
[EMAIL PROTECTED]
SecrelNet Informática LTDA
Fortaleza - Ceará - Brasil
Fone: 021852882090
-

RE: Encryption and t-shirts

[Bennett]

I have to say that I agree with chat,   Dolphin 0 is the best :)


On Thu, 2 Mar 2000, Chad Day wrote:

> I don't care much for the Q-arrow logo, the dolphin is far far cooler.. so
> my pick goes for dolphin 0 .. I like the font on the Secure, reliable,
> efficient quote, but I think the anti-sendmail quote is cooler.
> 
> Chad

Re: Effective anti spamming

[David Dyer-Bennet]

Aaron L. Meehan <[EMAIL PROTECTED]> writes on 1 March 2000 at 13:21:43 -0800
 > Quoting Mark E. Drummond ([EMAIL PROTECTED]):
 > > I am currently using rblsmtpd to block spammers on the RBL. I may add ORBS as
 > > well. Think I'll wait, gather some stats on how much is being blocked by RBL,
 > > and then compare with RBL+ORBS.
 > 
 > My anti-spam mantra is "RSS+RBL+DUL"
 > 
 > I hardly ever get spam these days.  Perhaps an average of one a week.
 > Am I just lucky?  I dunno for sure, but I opened a hotmail account
 > just for grins, never used it, and a month later already have 30+
 > spams.  Wierd.

You're just lucky; I have rss+rbl+dul blocking, and get a dozen or so
spams that make it through each day to my account.  

 > Since djb's quotes are hip right now, I'll invoke the "Profile, don't
 > speculate" rule (I think that was the quote...? ).  I really wanted to
 > see just how things were going and this thread is my excuse.
 > 
 > These stats are for Feb 24, 9:15pm local until now.
 > 
 > RSS has blocked 2294 smtp connections.
 > DUL has blocked 306 smtp connections.
 > RBL has blocked 3767 smtp connections.

My block counts for the 15 days preceding today are:
RSS(0): 102
DUL(1): 36
RBL(2): 11
-- 
Photos: http://dd-b.lighthunters.net/ Minicon: http://www.mnstf.org/minicon
Bookworms: http://ouroboros.demesne.com/ SF: http://www.dd-b.net/dd-b 
David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED]

Re: Encryption and t-shirts

[Kai MacTane]

At 3/2/2000 09:54 AM -0700, Vern Hart wrote or quoted:

>The latest round of designs are at http://vern.com/tshirts/qmail/
>[snip]
>Let me know the latest round of critiques.

I like the new scaling on the sendmail and qmail logos. It's now much 
easier to tell what the shirt is really endorsing.

-
  Kai MacTane
  System Administrator
   Online Partners.com, Inc.
-
 From the Jargon File: (v4.0.0, 25 Jul 1996)

house wizard /n./

A hacker occupying a technical-specialist, R&D, or systems position
at a commercial shop. A really effective house wizard can have influ-
ence out of all proportion to his/her ostensible rank and still not
have to wear a suit.

RE: Encryption and t-shirts

[Greg Owen]

All right, I'm going to throw yet another suggestion into the hat -
one for the mother of all T-Shirts.

Front: Qmail "Q" logo with the "Secure, Reliable, Efficient.  Pick
Three" quote under it in small lettering.

Back: The same as the back from "Qmail 0 (dolphin)" shirt (sendmail
bat/qmail dolphin/"Don't queue..." quote).  Add an exclamation part at the
end of the quote (we are, after all, EXCITED to be sending mail with qmail.)

The only problem I see with this is that using all three icons means
increased colors per shirt, which usually costs more.

-- 
gowen -- Greg Owen -- [EMAIL PROTECTED]

Solaris 7 SPARC problems

[Curtis Generous]

Has anyone been successful in getting QMAIL-1.03 to run on a SPARC running
Solaris 7, and compiled using the Sun C compiler?  Here is my environment:

This is SUN Netra T1 running Solaris 7:

m67[admin]% uname -a
SunOS m67 5.7 Generic_106541-08 sun4u sparc SUNW,UltraSPARC-IIi-cEngine


Here are my compile time flags in conf-cc:

cc -fast -xO4 -xdepend -xarch=v9


This is the C compiler being used:

m67[admin]% which cc
/opt/SUNWspro/bin/cc

m67[admin]% cc -V
cc: WorkShop Compilers 5.0 98/12/15 C 5.0


I can't get qmail started.  When I invoke the standard /var/qmail/rc script, it
exits immediately, with the following error logged in SYSLOG:

qmail-send lost spawn connection, died.

Any ideas or suggestions?  I have built qmail many times under Solaris
2.6 so am very familiar with the build process.  The 'make setup check'
went without a hitch. I haven't seen this error before and nothing in
the archives game any insights. 

TIA,

--curtis

Re: Solaris 7 SPARC problems

[markd]

How about a truss -f?

That might tell you why the spawned process is dying.

Also, you might want to quote the log files exactly next time. As a long-time user
of qmail you may be aware of how confusing a paraphrased error can be to people
trying to help you.


Regards.


On Thu, Mar 02, 2000 at 02:05:41PM -0500, Curtis Generous wrote:
> Has anyone been successful in getting QMAIL-1.03 to run on a SPARC running
> Solaris 7, and compiled using the Sun C compiler?  Here is my environment:
> 
> This is SUN Netra T1 running Solaris 7:
> 
> m67[admin]% uname -a
> SunOS m67 5.7 Generic_106541-08 sun4u sparc SUNW,UltraSPARC-IIi-cEngine
> 
> 
> Here are my compile time flags in conf-cc:
> 
> cc -fast -xO4 -xdepend -xarch=v9
> 
> 
> This is the C compiler being used:
> 
> m67[admin]% which cc
> /opt/SUNWspro/bin/cc
> 
> m67[admin]% cc -V
> cc: WorkShop Compilers 5.0 98/12/15 C 5.0
> 
> 
> I can't get qmail started.  When I invoke the standard /var/qmail/rc script, it
> exits immediately, with the following error logged in SYSLOG:
> 
> qmail-send lost spawn connection, died.
> 
> Any ideas or suggestions?  I have built qmail many times under Solaris
> 2.6 so am very familiar with the build process.  The 'make setup check'
> went without a hitch. I haven't seen this error before and nothing in
> the archives game any insights. 
> 
> TIA,
> 
> --curtis

Re: Effective anti spamming

[Chris Thorman]

Hi John,

Would you be willing to share the scripts/setup you use to achieve the labeling that 
you do?  I'd like to be able to replicate this on our end -- labeling is better than 
rejecting, I think, because it allows after-the-fact analysis, plus it allows 
different users to choose how aggressively they want to filter.

-c

At 1:35 PM -0800 2/29/00, Jon Rust wrote:
>At 3:27 PM -0500 2/29/00, Mark E. Drummond wrote:
>>I am currently using rblsmtpd to block spammers on the RBL. I may add ORBS as
>>well. Think I'll wait, gather some stats on how much is being blocked by RBL,
>>and then compare with RBL+ORBS.
>
>Sorry, no suggestions for the rest of your mail, but I do have a comment here. Be 
>very careful about blocking email with ORBS. You /will/ loose legit email. I use 
>rblcheck in conjunction with maildrop and a small perl script to add headers to 
>suspected spam (eg, "X-Spam: based on relay(1) 24.95.96.166"). I wanted to see what 
>sort of effect rblsmtpd would have. I compare the IP address of the last relay before 
>it got my server against
>
>relays.orbs.org
>rbl.maps.vix.com
>dul.maps.vix.com
>relays.mail-abuse.org
>
>Yes, ORBS catches a ton of spam. It also labels a lot of email that I'd like to see, 
>as spam. The others haven't. In particular relays.mail-abuse.org seems to catch a 
>fair amount of spam without mis-labeling any real mail (so far). Next would be DUL, 
>with RBL bringing up the rear. (Just going by numbers of matches.) Some that have 
>been ORBS listed: cauce.org (!!!), msdw.com, ebay.com, and networksolutions.com. Ouch.
>
>That's not to say ORBS isn't useful: it is. I generally try to contact the admin of 
>the machine to inform them that they are being used as a relay (or just open for 
>relay). If we can decrease the number of open relays using ORBS, then it's served its 
>purpose. But I would never use ORBS to block mail. (Not to mention the people who run 
>ORBS have been accused of adding servers run by people who don't agree with their 
>tactics, for no other reason but vengence. I can't verify that's true, but kinda 
>scary nonetheless.)
>
>jon



870 Market Street #1270   (415) 394-9818
San Francisco, CA 94102   (413) 473-0853 fax

Re: vpopmail and Netscape

[Marco Leeflang]

Erich Zigler wrote:

> Im having several complaints from people using Netscape 4.7's email client.
> Seems when they are trying to log into the server that Netscape is only
> sending user@ not [EMAIL PROTECTED] So the user then cannot get their mail.
>

use % in stead of @

so user%domain.com will work

greetings
marco leeflang


>
> --
> Erich Zigler  System Administrator
>  Last night I played a blank tape at full blast. The mime next door went
> nuts.

[press] isp-planet.com -- QMail: A Better Sendmail?

[David Harris]

http://www.isp-planet.com/equipment/qmail-a.html

Sorry if this is a duplicate posting.. I scanned back subject lines a couple of
days and didn't see anything.

 - David Harris
   Principal Engineer, DRH Internet Services

Re: [press] isp-planet.com -- QMail: A Better Sendmail?

[markd]

On Thu, Mar 02, 2000 at 03:30:34PM -0500, David Harris wrote:
> 
> http://www.isp-planet.com/equipment/qmail-a.html
> 
> Sorry if this is a duplicate posting.. I scanned back subject lines a couple of
> days and didn't see anything.

It's got a few technical errors specifically, qmail-send does *not*
run as root and qmail-queue is not setuid for user mailbox access.

qmail-send starts life as root but qmail-lspawn is the only program
that runs as root. qmail-queue is setuid to write queue files it
has nothing to do with user mailbox access at all.

But it's probably relatively accurate for a marketing blurb.


Regards.

RE: [press] isp-planet.com -- QMail: A Better Sendmail?

[Vince Vielhaber]

On 02-Mar-00 David Harris wrote:
> 
> http://www.isp-planet.com/equipment/qmail-a.html
> 
> Sorry if this is a duplicate posting.. I scanned back subject lines a couple of
> days and didn't see anything.

I'm confused as to what she's writing about:

---
QMail is open source. While you can't beat the
purchase price (free!), the source changes frequently as the large
community using QMail identifies problems, creates patches,
proposes new features, and develops add-ons. "Qmail itself
compiled fine the first time, but some friend modules are still wet
behind the ears," says Carey. 
---

QMail?  Can't be qmail.  The source hasn't changed since June '98 and
I recall Dan saying that no characters in its name are upper case.
Also:

---
When upgrading to a new version of vpopmail or SqWebMail, Carey
often bumps into new compile-time problems. "The problems
aren't major. I can usually fix the source. But I'm a sys admin, not
a C programmer. I don't have time to help refine the source." 
---

Last I checked vpopmail and SqWebMail weren't part of qmail.  Must be
the way them media types listen.

Vince.
-- 
==
Vince Vielhaber -- KA8CSHemail: [EMAIL PROTECTED]http://www.pop4.net
   128K ISDN: $24.95/mo or less - 56K Dialup: $17.95/mo or less at Pop4
Online Campground Directoryhttp://www.camping-usa.com
   Online Giftshop Superstorehttp://www.cloudninegifts.com
==

Re: [press] isp-planet.com -- QMail: A Better Sendmail?

[Steve Wolfe]

> Last I checked vpopmail and SqWebMail weren't part of qmail.  Must be
> the way them media types listen.

  When erroneous articles get mentioned in slashdot, the reader's letters
to the editor usually trigger a rewrite of the article.  Perhaps if someone
(Dan?) were to kindly mention the errors to the author, all could be
fixed...

steve

daemontools

[clifford thurber]

Hello,
I am installing the daemontools package and reading the docs. I was
wondering if anyone is using this to monitor other services besides qmail
and if so anyone had any recomendations on configurations. Thanks in advance.
Clifford Thurber
Web Systems Administrator
LiveUniverse.com
[EMAIL PROTECTED]
565 5th Ave. 29th Fl.
New York, NY 10017
Ph:212 883 6940  (131)
Fax:212 856 9134

Re: Effective anti spamming

[Jon Rust]

At 12:04 PM -0800 3/2/00, Chris Thorman wrote:
>Hi John,
>
>Would you be willing to share the scripts/setup you use to achieve 
>the labeling that you do?  I'd like to be able to replicate this on 
>our end -- labeling is better than rejecting, I think, because it 
>allows after-the-fact analysis, plus it allows different users to 
>choose how aggressively they want to filter.
>

I sent the relavent files to Chris. Anyone else who wants them can 
contact me directly.

jon

Re: SMTP in distributed DOS

[Pavel Kankovsky]

On Thu, 2 Mar 2000, James Raftery wrote:

> Each additional failure adds a few bytes. Not exactly earth-shattering :)

Let's assume only a single bounce message is generated.

It consists of three parts:
1. headers and some text
2. the list of address and error messages
3. the copy of the original message

Let's look at 2:
> <[EMAIL PROTECTED]>:
> Sorry, no mailbox here by that name. (#5.1.1)

The error message is quite long. In fact, it is probably longer than most
email addresses, even with additional "rcpt to:". If you send an empty
message to many bogus recipients (limited only by the amount of virtual
memory available to qmail-remote), you can get > 100% amplification easily
(compared to your own network traffic).

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."

Re: Unix as it should be

[Pavel Kankovsky]

On Wed, 1 Mar 2000, Russell Nelson wrote:

> Pavel Kankovsky writes:
>  > Damned omnipotent root. I hate unix.
> 
> Well, my feeling is that Unix is well designed.

If unix was well designed... (in random order)
- access to network ports and devices could be controlled
  as easily as access to files and block devices (no stupid arbitrary 
  rules like port<1024 root only, port>=1024 everyone)
- {sym,hard}-link races were not that tricky
- all objects (files, processes, users...) had a non-reusable id
- it would have a real resource allocation control
- if set[ug]id programs existed at all, it would be possible to
  write them in a secure way without melting one's brain
- it had a decent IPC
etc.

P.S. To whoever (I deleted more old messages than I wanted, ergo syslog
rebuttal is terminated :> ) who asked whether "feeding a log to a program
directly" was something like multilog's "!": the answer is yes.

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."

Re: [press] isp-planet.com -- QMail: A Better Sendmail?

[Peter Green]

On Thu, Mar 02, 2000 at 02:35:51PM -0700, Steve Wolfe wrote:
> 
> > Last I checked vpopmail and SqWebMail weren't part of qmail.  Must be
> > the way them media types listen.
> 
>   When erroneous articles get mentioned in slashdot, the reader's letters
> to the editor usually trigger a rewrite of the article.  Perhaps if someone
> (Dan?) were to kindly mention the errors to the author, all could be
> fixed...

Dan? "kindly"? :)

/pg
-- 
Peter Green
Gospel Communications Network, SysAdmin
[EMAIL PROTECTED]

Re: SMTP in distributed DOS

[Russ Allbery]

Pavel Kankovsky <[EMAIL PROTECTED]> writes:

> The error message is quite long. In fact, it is probably longer than
> most email addresses, even with additional "rcpt to:". If you send an
> empty message to many bogus recipients (limited only by the amount of
> virtual memory available to qmail-remote), you can get > 100%
> amplification easily (compared to your own network traffic).

100% amplification isn't particularly interesting.  Most of the existing
DoS attacks give you an order of magnitude of amplification or more.

-- 
Russ Allbery ([EMAIL PROTECTED]) 

Re: Unix as it should be

[Chris Garrigues]

> From:  Pavel Kankovsky <[EMAIL PROTECTED]>
> Date:  Thu, 2 Mar 2000 23:52:23 +0100 (MET)
>
> On Wed, 1 Mar 2000, Russell Nelson wrote:
> 
> > Pavel Kankovsky writes:
> >  > Damned omnipotent root. I hate unix.
> > 
> > Well, my feeling is that Unix is well designed.
> 
> If unix was well designed... (in random order)
> - access to network ports and devices could be controlled
>   as easily as access to files and block devices (no stupid arbitrary 
>   rules like port<1024 root only, port>=1024 everyone)
> - {sym,hard}-link races were not that tricky
> - all objects (files, processes, users...) had a non-reusable id
> - it would have a real resource allocation control
> - if set[ug]id programs existed at all, it would be possible to
>   write them in a secure way without melting one's brain
> - it had a decent IPC
> etc.

I refer anybody who wants to know what 'etc' covers to find a copy of "The 
UNIX-HATERS Handbook", by Simson Garfinkel, et. al.  ISBN 1-56884-203-1

It's been out of print for a while, but if you can find it, it's an 
entertaining read.  (Full disclosure:  I'm a contributor.)

Chris

-- 
Chris Garrigues virCIO
http://www.DeepEddy.Com/~cwg/   http://www.virCIO.Com
+1 512 432 4046 +1 512 374 0500
4314 Avenue C
O-  Austin, TX  78751-3709


  My email address is an experiment in SPAM elimination.  For an
  explanation of what we're doing, see http://www.DeepEddy.Com/tms.html 

Nobody ever got fired for buying Microsoft,
  but they could get fired for relying on Microsoft.



 PGP signature

Re: Solaris 7 SPARC problems

[Curtis Generous]

According to [EMAIL PROTECTED]:
> 
> How about a truss -f?
> 
> That might tell you why the spawned process is dying.
> 
> Also, you might want to quote the log files exactly next time. As a long-time user
> of qmail you may be aware of how confusing a paraphrased error can be to people
> trying to help you.
> 
> 
> Regards.

You're abosultely right - my apologies.  Here is the output of truss:


# truss /var/qmail/bin/qmail-start ./Mailbox

...
0write(0, " 0", 1)  = 1
/write(0, " /", 1)  = 1
10write(0, " 1 0", 2)   = 2
 remote write(0, "   r e m o t e  ", 8) = 8
0write(0, " 0", 1)  = 1
/write(0, " /", 1)  = 1
20write(0, " 2 0", 2)   = 2

write(0, "\n", 1)   = 1
time()  = 952033073
open("lock/trigger", O_RDONLY|O_NDELAY) = 8
time()  = 952033073
time()  = 952033073
poll(0x7FFFB630, 3, 0)  = 2
time()  = 952033073
read(2, 0x100118448, 2048)  = 0
alert: oh no! lost spawn connection! dying...
write(0, " a l e r t :   o h   n o".., 46)  = 46
read(4, 0x100118448, 2048)  = 0
alert: oh no! lost spawn connection! dying...
write(0, " a l e r t :   o h   n o".., 46)  = 46
open("mess/0", O_RDONLY|O_NDELAY)   = 9
fcntl(9, F_SETFD, 0x0001)   = 0
fstat(9, 0x7FFFB430)= 0
utime("remote/14/6791", 0x7FFFB770) = 0
status: exiting
write(0, " s t a t u s :   e x i t".., 16)  = 16
_exit(0)

Here is exact syslog entries:

Mar  2 16:35:45 m67 qmail: 952032945.637216 alert: oh no! lost spawn connection! 
dying...
Mar  2 16:35:45 m67 qmail: 952032945.637536 alert: oh no! lost spawn connection! 
dying...

--curtis


> 
> 
> On Thu, Mar 02, 2000 at 02:05:41PM -0500, Curtis Generous wrote:
> > Has anyone been successful in getting QMAIL-1.03 to run on a SPARC running
> > Solaris 7, and compiled using the Sun C compiler?  Here is my environment:
> > 
> > This is SUN Netra T1 running Solaris 7:
> > 
> > m67[admin]% uname -a
> > SunOS m67 5.7 Generic_106541-08 sun4u sparc SUNW,UltraSPARC-IIi-cEngine
> > 
> > 
> > Here are my compile time flags in conf-cc:
> > 
> > cc -fast -xO4 -xdepend -xarch=v9
> > 
> > 
> > This is the C compiler being used:
> > 
> > m67[admin]% which cc
> > /opt/SUNWspro/bin/cc
> > 
> > m67[admin]% cc -V
> > cc: WorkShop Compilers 5.0 98/12/15 C 5.0
> > 
> > 
> > I can't get qmail started.  When I invoke the standard /var/qmail/rc script, it
> > exits immediately, with the following error logged in SYSLOG:
> > 
> > qmail-send lost spawn connection, died.
> > 
> > Any ideas or suggestions?  I have built qmail many times under Solaris
> > 2.6 so am very familiar with the build process.  The 'make setup check'
> > went without a hitch. I haven't seen this error before and nothing in
> > the archives game any insights. 
> > 
> > TIA,
> > 

Re: Solaris 7 SPARC problems

[markd]

How about a truss -f?

On Thu, Mar 02, 2000 at 04:50:46PM -0500, Curtis Generous wrote:
> According to [EMAIL PROTECTED]:
> > 
> > How about a truss -f?
> > 
> > That might tell you why the spawned process is dying.
> > 
> > Also, you might want to quote the log files exactly next time. As a long-time user
> > of qmail you may be aware of how confusing a paraphrased error can be to people
> > trying to help you.
> > 
> > 
> > Regards.
> 
> You're abosultely right - my apologies.  Here is the output of truss:
> 
> 
> # truss /var/qmail/bin/qmail-start ./Mailbox
> 
> ...
> 0write(0, " 0", 1)  = 1
> /write(0, " /", 1)  = 1
> 10write(0, " 1 0", 2)   = 2
>  remote write(0, "   r e m o t e  ", 8) = 8
> 0write(0, " 0", 1)  = 1
> /write(0, " /", 1)  = 1
> 20write(0, " 2 0", 2)   = 2
> 
> write(0, "\n", 1)   = 1
> time()  = 952033073
> open("lock/trigger", O_RDONLY|O_NDELAY) = 8
> time()  = 952033073
> time()  = 952033073
> poll(0x7FFFB630, 3, 0)  = 2
> time()  = 952033073
> read(2, 0x100118448, 2048)  = 0
> alert: oh no! lost spawn connection! dying...
> write(0, " a l e r t :   o h   n o".., 46)  = 46
> read(4, 0x100118448, 2048)  = 0
> alert: oh no! lost spawn connection! dying...
> write(0, " a l e r t :   o h   n o".., 46)  = 46
> open("mess/0", O_RDONLY|O_NDELAY)   = 9
> fcntl(9, F_SETFD, 0x0001)   = 0
> fstat(9, 0x7FFFB430)= 0
> utime("remote/14/6791", 0x7FFFB770) = 0
> status: exiting
> write(0, " s t a t u s :   e x i t".., 16)  = 16
> _exit(0)
> 
> Here is exact syslog entries:
> 
> Mar  2 16:35:45 m67 qmail: 952032945.637216 alert: oh no! lost spawn connection! 
>dying...
> Mar  2 16:35:45 m67 qmail: 952032945.637536 alert: oh no! lost spawn connection! 
>dying...
> 
> --curtis
> 
> 
> > 
> > 
> > On Thu, Mar 02, 2000 at 02:05:41PM -0500, Curtis Generous wrote:
> > > Has anyone been successful in getting QMAIL-1.03 to run on a SPARC running
> > > Solaris 7, and compiled using the Sun C compiler?  Here is my environment:
> > > 
> > > This is SUN Netra T1 running Solaris 7:
> > > 
> > > m67[admin]% uname -a
> > > SunOS m67 5.7 Generic_106541-08 sun4u sparc SUNW,UltraSPARC-IIi-cEngine
> > > 
> > > 
> > > Here are my compile time flags in conf-cc:
> > > 
> > > cc -fast -xO4 -xdepend -xarch=v9
> > > 
> > > 
> > > This is the C compiler being used:
> > > 
> > > m67[admin]% which cc
> > > /opt/SUNWspro/bin/cc
> > > 
> > > m67[admin]% cc -V
> > > cc: WorkShop Compilers 5.0 98/12/15 C 5.0
> > > 
> > > 
> > > I can't get qmail started.  When I invoke the standard /var/qmail/rc script, it
> > > exits immediately, with the following error logged in SYSLOG:
> > > 
> > > qmail-send lost spawn connection, died.
> > > 
> > > Any ideas or suggestions?  I have built qmail many times under Solaris
> > > 2.6 so am very familiar with the build process.  The 'make setup check'
> > > went without a hitch. I haven't seen this error before and nothing in
> > > the archives game any insights. 
> > > 
> > > TIA,
> > > 

Re: SMTP in distributed DOS

[Dirk Harms-Merbitz]

Neither bouncing messages nor return receipts make sense for
ordinary messages. And for registered messages one needs
authentication and encryption anyway.

As far as DOS is concerned, amplification is much much higher.

The problem is this:

1) Hacker uses a tool to root compromise a few thousand home
   computers.

2) Hacker installs a little program that sends empty emails with 
   your email address as return address to a selection of the
   top 500 best connected mail hosts. It only sends a few hundred
   to a few thousand emails at a time and then sleeps for a random
   interval.

3) The well connected machines dutifully delivers bounce messages
   to your mail server. 

4) Amplification is very high. You send 100 bytes to generate a
   2000 byte error message. That's 2000%. 

   Even worse, how do you ever trace this back or make it stop?

Somebody is going to write a program that does something like
this. We might as well turn bounces off now before that happens.

I don't think that it is the mail server's place to divulge
which addresses are valid and which are not.

Dirk

On Thu, Mar 02, 2000 at 03:18:25PM -0800, Russ Allbery wrote:
> Pavel Kankovsky <[EMAIL PROTECTED]> writes:
> 
> > The error message is quite long. In fact, it is probably longer than
> > most email addresses, even with additional "rcpt to:". If you send an
> > empty message to many bogus recipients (limited only by the amount of
> > virtual memory available to qmail-remote), you can get > 100%
> > amplification easily (compared to your own network traffic).
> 
> 100% amplification isn't particularly interesting.  Most of the existing
> DoS attacks give you an order of magnitude of amplification or more.
> 
> -- 
> Russ Allbery ([EMAIL PROTECTED]) 

Re: Unix as it should be

[Henri J. Schlereth]

> I refer anybody who wants to know what 'etc' covers to find a copy of "The 
> UNIX-HATERS Handbook", by Simson Garfinkel, et. al.  ISBN 1-56884-203-1
> 
> It's been out of print for a while, but if you can find it, it's an 
> entertaining read.  (Full disclosure:  I'm a contributor.)
> 
> Chris
>
Yes! I managed to find a copy at a half-price bookstore, and as a
*nix fan many people are surprised to see that in my possesion.
Maybe it is time for a Microsoft-Haters Handbook?

Henri

-- 
-
"All data leaves a trail. The search for data leaves a trail.
The erasure of data leaves a trail.The absence of data, under
the right circumstances,can leave the clearest trail of all-
Dr. Kio Masada" 
-

Re: SMTP in distributed DOS

[Russ Allbery]

Dirk Harms-Merbitz <[EMAIL PROTECTED]> writes:

> Neither bouncing messages nor return receipts make sense for ordinary
> messages.

I disagree.

> 1) Hacker uses a tool to root compromise a few thousand home
>computers.

At which point they launch a smurf attack, which is considerably less
traceable and less preventable than what you're proposing.

Once that problem is solved, then I'll worry about this.

> 4) Amplification is very high. You send 100 bytes to generate a
>2000 byte error message. That's 2000%. 

>Even worse, how do you ever trace this back or make it stop?

Received points you directly at the compromised hosts, making this
inherently inferior from the cracker's standpoint than any attack which
can be performed with forged source addresses.

-- 
Russ Allbery ([EMAIL PROTECTED]) 

Re: Unix as it should be (OT)

[Jon Rust]

Heh, I have that book. I picked it up one day after struggling to get 
ClearCase running on HPUX 8 (or was it 9?) for about 2 weeks. Not 
good for the UNIX newbie. It will really unnecessarily skew your 
opinion against the OS. So many of the UNIX "features" they listed 
were out of date, even back then (1994). It took me several years to 
get over some of the bias I picked up in that book. :-)

And they never offered a solution for all of UNIX's short-comings. If 
a better OS can be made, why hadn't it? More of a "Whiner's Handbook" 
than anything, but still pretty funny in some parts. Hmm... I think 
I'll try to find it tonight...

Signed,
A Reformed UNIX Hater

At 7:25 PM -0600 3/2/00, Henri J. Schlereth wrote:
>> I refer anybody who wants to know what 'etc' covers to find a copy of "The
>> UNIX-HATERS Handbook", by Simson Garfinkel, et. al.  ISBN 1-56884-203-1
>>
>> It's been out of print for a while, but if you can find it, it's an
>> entertaining read.  (Full disclosure:  I'm a contributor.)
>>
>> Chris
>>
>Yes! I managed to find a copy at a half-price bookstore, and as a
>*nix fan many people are surprised to see that in my possesion.
>Maybe it is time for a Microsoft-Haters Handbook?
>
>Henri

Qmail Knowledge Base -- Call for help

[Nathan Wallace]

Dave Sill has helped me kick start a Qmail Knowledge Base.  There are
now 32 answers to 43 questions.  Check it out at:

http://qmail.faqts.com

We need the help of the community to build this resource.  Please
consider taking some time to share your knowledge.  A good way to
do this may be through answering mailing list questions in the
knowledge base and then pointing readers at the solution.

Other communities, such as PHP (http://php.faqts.com) have found a
FAQTs Knowledge Base to be a great way to capture the knowledge of the
community in a permanent, categorized and searchable format.  FAQTs
has complete version control, group editing facilities, full credit
for authors and email alerts.

WIN A PALM V!  This month one lucky contributor will win a Palm.  Every
contribution you make gives you an entry in the competition.  The more
contributions you make, the more entries you receive.  Read more here:

http://www.faqts.com/about/competition.phtml

Below are the qmail entries that have changed in the last 24 hours; new
and edited.  Posting these to the list gives readers a chance to review
and check their answers that have been summarised into the knowledge
base.

Cheers,

Nathan


## New Entries #


-
What does qmail do if the same address appears multiple times in a message header?
http://www.faqts.com/knowledge-base/view.phtml/aid/1442
-
Nathan Wallace
Dave Sill

qmail does what you tell it to do: no more, no less. Send a message
like:

  From: me
  To: you, you, you

  blah blah blah

and "you" will recieve three copies. Three is number of copies "you"
will receive. No more, no less. Three shall be the number of the copies,
and the number of the copies shall be three. Four shalt thou not
recieve, and neither receive thou two, excepting that thou then goest on
to receive three...


-
How can I quickly delete a lot of messages from the queue that are for a domain that 
doesn't exist?
http://www.faqts.com/knowledge-base/view.phtml/aid/1443
-
Nathan Wallace
Chris Johnson

Assuming portal.mdr.net is the bad domain, try this:

# echo '#' > ~alias/.qmail-baddomain-default
# echo portal.mdr.net:alias-baddomain >>
/var/qmail/control/virtualdomains
# echo portal.mdr.net:127.0.0.1 >> /var/qmail/control/smtproutes

Then run /var/qmail/bin/qmail-tcpok and send qmail-send a HUP and an
ALRM.  All your queued mail for portal.mdr.net will get delivered by
SMTP to 127.0.0.1 and will be handled by
~alias/.qmail-baddomain-default.  The single # in that file will cause
all the mail to be discarded.


-
Are there any books available for qmail?
http://www.faqts.com/knowledge-base/view.phtml/aid/1444
-
Nathan Wallace
Chris Johnson

There's no book, yet. A couple of guys on the list are working on one
though.

In the meantime, you might look at Dave Sill's excellent "Life with
qmail."  It's at 

http://Web.InfoAve.Net/~dsill/lwq.html


-
Does qmail support VRFY user?
Why do I always get 252 when I use VRFY?
http://www.faqts.com/knowledge-base/view.phtml/aid/1445
-
Nathan Wallace
Anand Buddhdev, Dave Sill

qmail doesn't implement VRFY because (1) qmail's modular design makes
it impractical, and (2) VRFY makes it easy to validate e-mail
addresses and local accounts--information that crackers and spammers
like.

It always returns "252 send some mail, i'll try my best" to clients who
attempt to use VRFY, whether the user exists or not.


-
How can I modify the LWQ startup scripts to start and stop only smtpd?
http://www.faqts.com/knowledge-base/view.phtml/aid/1446
-
Nathan Wallace
Dave Sill

Just add additional tags to the "case" statement, e.g.:

  stop-smtpd)
echo -n "Stopping qmail-smtpd: "
svc -d /var/supervise/qmail/smtpd
echo "done."
;;
  start-smtpd)
echo -n "Starting qmail-smtpd: "
svc -u /var/supervise/qmail/smtpd
echo "done."
;;


-
How can I duplicate every incoming message to two different hosts?
http://www.faqts.com/knowledge-base/view.phtml/aid/1447
-
Nathan Wallace
Greg Owen

I'm going off of memory here, but I think this should do it.  Test
before using in production.

Put "domain.com" in rcpthosts, and put "domain.com:alias-domain" in
virtualdomains.  This will ensure that you accept mail for domain.com,
and that 

Re: SMTP in distributed DOS

[Racer X]

- Original Message -
From: "Dirk Harms-Merbitz" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thu 2 Mar 2000 16:34
Subject: Re: SMTP in distributed DOS

> Neither bouncing messages nor return receipts make sense for
> ordinary messages. And for registered messages one needs
> authentication and encryption anyway.

Bounces don't make sense?  What other mechanism do you propose for
signaling a failed delivery?

[DOS rant deleted]

As Russ said, there are far more effective and less traceable DOS
attacks than this.  Even legitimate email could be used as a "DOS
attack"; what can we do to stop that?  The truth is we don't worry about
it.  The value of legitimate email is much, much higher than the
(comparatively minor) burden of receiving a bunch of crap.

> Somebody is going to write a program that does something like
> this. We might as well turn bounces off now before that happens.

I'd hazard a guess that you'd be violating some RFC.  Even if you
weren't, what should happen to failed messages?  They just get sent to
the bit bucket and disappear?

> I don't think that it is the mail server's place to divulge
> which addresses are valid and which are not.

Perhaps you should have a live postmaster read all bounces then before
returning to sender.

shag
=
Judd Bourgeois|   CNM Network  +1 (805) 520-7170
Software Architect|   1900 Los Angeles Avenue, 2nd Floor
[EMAIL PROTECTED]   |   Simi Valley, CA 93065

Quidquid latine dictum sit, altum viditur.

Qmail List Digest?

[Walt Mankowski]

Does this list have a digest?  I've tried sending a blank message to
[EMAIL PROTECTED], but I didn't get a reply.

Thanks.

Walt

Re: SMTP in distributed DOS

[Dirk Harms-Merbitz]

What information do you gain from a successfull delivery? You
don't know if anybody will read it. It could have gotten 
caught in a mail filter. Somebody could have messed up their
email client.

Failed messages should silently disappear. If you need to check
the spelling off the email address then a directory service
should be used.

People know when people don't email messages. 

Dirk

On Thu, Mar 02, 2000 at 08:26:32PM -0800, Racer X wrote:
> - Original Message -
> From: "Dirk Harms-Merbitz" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thu 2 Mar 2000 16:34
> Subject: Re: SMTP in distributed DOS
> 
> > Neither bouncing messages nor return receipts make sense for
> > ordinary messages. And for registered messages one needs
> > authentication and encryption anyway.
> 
> Bounces don't make sense?  What other mechanism do you propose for
> signaling a failed delivery?
> 
> [DOS rant deleted]
> 
> As Russ said, there are far more effective and less traceable DOS
> attacks than this.  Even legitimate email could be used as a "DOS
> attack"; what can we do to stop that?  The truth is we don't worry about
> it.  The value of legitimate email is much, much higher than the
> (comparatively minor) burden of receiving a bunch of crap.
> 
> > Somebody is going to write a program that does something like
> > this. We might as well turn bounces off now before that happens.
> 
> I'd hazard a guess that you'd be violating some RFC.  Even if you
> weren't, what should happen to failed messages?  They just get sent to
> the bit bucket and disappear?
> 
> > I don't think that it is the mail server's place to divulge
> > which addresses are valid and which are not.
> 
> Perhaps you should have a live postmaster read all bounces then before
> returning to sender.
> 
> shag
> =
> Judd Bourgeois|   CNM Network  +1 (805) 520-7170
> Software Architect|   1900 Los Angeles Avenue, 2nd Floor
> [EMAIL PROTECTED]   |   Simi Valley, CA 93065
> 
> Quidquid latine dictum sit, altum viditur.
> 
> 
> 

Fw: complex user routing

[dwqw]

 
-Original Message-From: 
sachin <[EMAIL PROTECTED]>To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>Date: 
Saturday, February 12, 2000 4:02 PMSubject: complex user routing 

 
-Original Message-From: 
sachin <[EMAIL PROTECTED]>To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>Date: 
Saturday, February 05, 2000 4:55 PMSubject: complex user routing 





hi all , 
sachin here , 
what i want is i am useing aceindia.com as local mail server. 
some user are located at diffrent location . there is also qmail 
mail server with aceindia.com as local mail server. what i want for 
that location user mail should send to my isp smtp server without 
changing the rcpt & from header. 
ex local user [EMAIL PROTECTED] other 
location user is [EMAIL PROTECTED] 
when i compose message for [EMAIL PROTECTED] it should user 
my isp smtp server fro sending mail . it is possible in sendmail why 
not in qmail 
or here is any way to do this 
further help is required 
[EMAIL PROTECTED] 

New to Qmail: Questions

[Vincent Danen]

Hi there, I'm extremely new to Qmail and installed it today to replace the
mail server on my primary server as well as use the install for the basis
for an article I'm writing.  Even though the install was pretty wierd, I
managed to make my way through it.  =)

A few questions, however, and I'm hoping I get back some good answers
otherwise I really have to think long and hard about how I'm going to
accomplish what I need to do.

I have two scenarios that may be accomplishable the same way.  The first
one, I have a sub-domain that I want to use for my telnet BBS, which has
it's own SMTP server.  The main server takes [EMAIL PROTECTED],
whereas the BBS has traditionally used [EMAIL PROTECTED]  The BBS
SMTP daemon is listening to port 1025.  My old SMTP server forward
*@bbs.freezer-burn.org to bbs.freezer-burn.org:1025 (basically the same
as localhost:1025).  Is there a way to do this with Qmail?  Can I do a
catch-all forward for a subdomain to a SMTP server on the same machine but
listening on a different port?

Another question that is sort of similar is I have a client that I host
web pages for, so their domain name points to my server and Apache handles
the virtualization, etc. etc.  However, they want to setup their own mail
server on one of their machines but keep me hosting their web pages (don't
ask, I don't understand it myself).  Is there a way I can forward all mail
to thisdomain.com to a remote IP address?  Same as above, forward
*@thisdomain.com to, say, 192.168.1.1 (or whatever IP address they are
using).  Is this possible?

My final question, and this might be off topic here, has to do with the
ezmlm program.  Is there a way to have a subscriber who doesn't get back
the messages he writes on a per-user basis?  Ie. I have a robot that sends
mail to a mailing list and I don't want mail going back to it because
it'll just resend it to the list and I've got a vicious circle on my
hands.  All other users I would want to have their messages echoed back to
them.  Is this possible somehow as well?

On the whole, I'm struggling with it a little bit, but I think I should be
able to switch over to Qmail fulltime shortly and really like the program.

-- 
Vincent Danen, ICQ: 54924721 . telnet://bbs.freezer-burn.org
BBBS/LiI . Internet Rex for Linux Beta . Freezer Burn BBS
Linux Information and other Goodies at Freezer Burn:  www.freezer-burn.org