date:20000505

shared folders

2000-05-05 Thread Colin Humphreys




Hi,

I don't know whether this is a qmail or courier-imap question,
but Iam hoping someone can help me out. I am trying to set up
shared folders using courier-imap and qmail, but I am having
problems.

The problem is that the shared system ignores the ./new dir and
only looks at ./cur . This means that the shared folder works
fine for emails copied into the shared folder, but emails
delivered to the directory don't show up.

Is there a way to make the emails turn up in cur instead of new?

thanks,

Colin

Re: hack for filtering i love you worm

2000-05-05 Thread Neil Schemenauer


On Thu, May 04, 2000 at 07:28:32PM -0400, Searcher wrote:
exit(31) if /name="LOVE-LETTER-FOR-YOU.TXT.vbs"/o;
 
 Am I missing something here?

Nothing except that fact that the real solution is to fix the
broken mail clients.  IMHO, virus scanners and the like are
fundamentally broken.


Neil

-- 
"The lyf so short, the craft so long to lerne." -- Chaucer

Re: hack for filtering i love you worm

2000-05-05 Thread Rainer Link


"Benjamin de los Angeles Jr." wrote:
 
 Can you sight pros/cons of using your antivirus software compared to
 AmaVis?
  [I used it's perlscanner interface to match on the attachment filename while
  waiting for the Antivirus vendors to come up with an "official" fix :-)]
  See http://www.geocities.com/jhaar/scan4virus/

Well, I think you refer to AMaViS-Perl? AMaViS-Perl does not require any
qmail patch(es) and supports more antivirus software. 
scan4virus provides a "generic filter/scanner" to filter out eMails with
a specific attachment name - which in case of "I love you" is a good
thing, but it's very easy to change the file name (or the subject line),
according to BugTraq this has happend. 
(Btw, stopping hoaxes is a also a difficult task - anyone can change
subject or the body easily ...).
Well, scan4virus is specific to qmail, whereas AMaViS supports sendmail
 postfix, too (the shell script version supports exim, too).

Jason? :-)

best regards,
Rainer Link
-- 
Rainer Link  | Member of Virus Help Munich (www.vhm.haitec.de)   
[EMAIL PROTECTED] | Member of AMaViS Development Team (amavis.org)
rainer.w3.to | Maintainer FAQ "antivirus for Linux" (av-linux.w3.to)

Re: hack for filtering i love you worm

2000-05-05 Thread Mulindwa Eric


but hoe can one use Amavis with qmail, p'se help
Eric

On Fri, 5 May 2000, Rainer Link wrote:

 "Benjamin de los Angeles Jr." wrote:
  
  Can you sight pros/cons of using your antivirus software compared to
  AmaVis?
   [I used it's perlscanner interface to match on the attachment filename while
   waiting for the Antivirus vendors to come up with an "official" fix :-)]
   See http://www.geocities.com/jhaar/scan4virus/
 
 Well, I think you refer to AMaViS-Perl? AMaViS-Perl does not require any
 qmail patch(es) and supports more antivirus software. 
 scan4virus provides a "generic filter/scanner" to filter out eMails with
 a specific attachment name - which in case of "I love you" is a good
 thing, but it's very easy to change the file name (or the subject line),
 according to BugTraq this has happend. 
 (Btw, stopping hoaxes is a also a difficult task - anyone can change
 subject or the body easily ...).
 Well, scan4virus is specific to qmail, whereas AMaViS supports sendmail
  postfix, too (the shell script version supports exim, too).
 
 Jason? :-)
 
 best regards,
 Rainer Link
 -- 
 Rainer Link  | Member of Virus Help Munich (www.vhm.haitec.de)   
 [EMAIL PROTECTED] | Member of AMaViS Development Team (amavis.org)
 rainer.w3.to | Maintainer FAQ "antivirus for Linux" (av-linux.w3.to)

Re: hack for filtering i love you worm

2000-05-05 Thread Johan Almqvist


On Fri, May 05, 2000 at 12:18:11PM +1200, Jason Haar wrote:
 You can try my scan4virus anti-virus harness. Specifically written for
 Qmail. Capable of multi-scanner support and will FEED YOUR CAT! :-)

See, I told you all day yesterday... ;-

 [I used it's perlscanner interface to match on the attachment filename while
 waiting for the Antivirus vendors to come up with an "official" fix :-)]

Just wanted to say thank you again, Jason! I did the same thing. Shame the
radio news didn't say what size that attachment was (yes, that virus was
on radio an tv news in Sweden yesterday)

H+BEDV was first out for me. You might want to notice that their German
version is updated more often than the English version... And their
program is free for personal use. http://www.antivir.de/

 See http://www.geocities.com/jhaar/scan4virus/

-Johan
-- 
Johan Almqvist

Re: hack for filtering i love you worm

2000-05-05 Thread Johan Almqvist


On Fri, May 05, 2000 at 10:19:53AM +0200, Rainer Link wrote:
 "Benjamin de los Angeles Jr." wrote:
  
  Can you sight pros/cons of using your antivirus software compared to
  AmaVis?
   [I used it's perlscanner interface to match on the attachment filename while
   waiting for the Antivirus vendors to come up with an "official" fix :-)]
   See http://www.geocities.com/jhaar/scan4virus/
 
 Well, I think you refer to AMaViS-Perl? AMaViS-Perl does not require any
 qmail patch(es) and supports more antivirus software. 

Well, nor does scan4virus. You could just move the real qmail-queue to
another location, call the scan4virus script ("antivirus-qmail-queue.pl")
qmail-queue and change the "real" qmail-queue path and name in that
script...

 scan4virus provides a "generic filter/scanner" to filter out eMails with
 a specific attachment name - which in case of "I love you" is a good
 thing, but it's very easy to change the file name (or the subject line),
 according to BugTraq this has happend.

Yes, but scan4virus also interfaces to all known(?) virus scanners out
there, if they're installed. And for such quick fixes as were needed in
this case, the attachment name fix was the most effective. I now stop all
.vbs files. Can't see why someone would send one of these.

 Well, scan4virus is specific to qmail, whereas AMaViS supports sendmail
  postfix, too (the shell script version supports exim, too).

Oh, I'm sure scan4virus can be hacked into sendmail.cf if you'd want
that...

-Johan
-- 
Johan Almqvist

SUSE and qmail/Spamcontrol

2000-05-05 Thread Erwin Hoffmann


Hi,

I gathered some infos about setting up QMAIL under SUSE Linux in my
Web-page http://www.fehcom.de/qmail_en.html

Additionally, I have integreted the MFCHECK patch into my SPAMCONTROL with
some gadgets. 

Everybody is welcome to use and comment it.

Cheers.
eh.
+---+
|  fffhh http://www.fehcom.deDr. Erwin Hoffmann |
| ff  hh|
| ffeee     ccc   ooomm mm  mm   Wiener Weg 8   |
| fff  ee ee  hh  hh   cc   oo   oo  mmm  mm  mm 50858 Koeln|
| ff  ee eee  hh  hh  cc   oo oo mm   mm  mm|
| ff  eee hh  hh   cc   oo   oo  mm   mm  mm Tel 0221 484 4923  |
| ff      hh  hhccc   ooomm   mm  mm Fax 0221 484 4924  |
+---+

qmail Digest 5 May 2000 10:00:01 -0000 Issue 992

2000-05-05 Thread qmail-digest-help



qmail Digest 5 May 2000 10:00:01 - Issue 992

Topics (messages 40984 through 41085):

lots of XXX and Sendmail 8.8.8
40984 by: João Dinis
40988 by: Chris Stratford

Re: stralloc problem
40985 by: Daniel Neri

Converting sendmail mailboxes to qMail
40986 by: Isaiah Chua
40987 by: Vince Vielhaber
40991 by: Russell P. Sutherland

qmail-unscribe
40989 by: Erry Rahmawan

Re: Backing up HUGE Maildir systems
40990 by: Uwe Ohse
40998 by: Jeff Hayward
41009 by: markd.bushwire.net
41010 by: John Gonzalez/netMDC admin
41011 by: John Gonzalez/netMDC admin
41020 by: Brian Johnson
41021 by: John Gonzalez/netMDC admin
41051 by: Racer X

Re: redirecting some email
40992 by: Uwe Ohse
40993 by: Jason Brooke

Re: Making progress
40994 by: Dave Sill
40995 by: Tim Hunter

qmail won't start!?
40996 by: Isaiah Chua
41016 by: Dave Sill

Re: accustamp|tailocal|matchup
40997 by: Dave Sill
41027 by: Kins Orekhov
41031 by: Dave Sill
41034 by: Mikko Hänninen
41036 by: Dave Sill
41070 by: Peter Samuel
41072 by: David Dyer-Bennet
41073 by: Peter Samuel
41074 by: David Dyer-Bennet
41075 by: Juan E Suris

Re: No retry and no bounce?
40999 by: Dave Sill

Re: Another question on mailboxes
41000 by: Dave Sill

Re: Problems using qmail on very large site
41001 by: root
41012 by: root
41030 by: Yuan P Li
41049 by: root

qmail-unsubscribe
41002 by: Patrick, Robert
41013 by: Erry Rahmawan
41015 by: Dave Sill

Send retries
41003 by: Martin Renner
41004 by: Dave Sill

The "I love you virus" .. and content based filtering
41005 by: Nicolas MONNET
41007 by: Johan Almqvist
41019 by: Jennifer Tippens
41067 by: Noel Mistula

Global Address Book?
41006 by: Albert Hopkins

Messages stop getting delivered
41008 by: Narvekar, Ashish

blocking mails by subject?
41014 by: Jerry Walsh

Re: Emergency with the queue
41017 by: Dave Sill

Re: Delivers and retrieves...
41018 by: Dave Sill

System Requirements
41022 by: Mark Douglas
41024 by: markd.bushwire.net
41026 by: Steve Wolfe

Re: Setup of local delivery fastforward (newbie question)
41023 by: Dave Sill

Two Delivered-To headers - Why ?
41025 by: PPPindia
41028 by: Soffen, Matthew
41032 by: PPPindia
41033 by: Dave Sill
41035 by: PPPindia
41037 by: Soffen, Matthew
41038 by: Dave Sill

Smtp-poplock
41029 by: Bert Beaudin
41039 by: Vince Vielhaber

Alias file
41040 by: Mario Rafael

qmail needs more time to finish.  Sleeping 1 second...
41041 by: Flemming Funch
41042 by: markd.bushwire.net
41052 by: Peter van Dijk
41071 by: Peter Samuel

PLEASE HELP! Messages stop getting delivered
41043 by: Narvekar, Ashish
41044 by: markd.bushwire.net

hack for filtering "i love you" worm
41045 by: Neil Schemenauer
41046 by: John Gonzalez/netMDC admin
41047 by: Neil Schemenauer
41048 by: Bruce Guenter
41050 by: Bruce Guenter
41055 by: Searcher
41059 by: Jason Haar
41077 by: Benjamin de los Angeles Jr.
41078 by: Bruce Guenter
41080 by: Neil Schemenauer
41081 by: Rainer Link
41082 by: Mulindwa Eric
41083 by: Johan Almqvist
41084 by: Johan Almqvist

multiple rcpt patch idea etc
41053 by: David L. Nicol

VMS mail.mai files?
41054 by: David L. Nicol

ETRN and QMail
41056 by: Jose de Leon
41058 by: Jon Rust
41061 by: Jose de Leon
41064 by: Jon Rust
41065 by: Peter van Dijk
41068 by: Jon Rust

qmail abuse...
41057 by: Luke Chiam

db files for vpopmail and courier imap
41060 by: Cono D'Elia

qmailqueue install prob
41062 by: Jon Rust
41063 by: Peter van Dijk
41066 by: Jon Rust

Global filtering
41069 by: Bennett Samowich

Rejecting emails
41076 by: Ronneil Camara

shared folders
41079 by: Colin Humphreys

SUSE and qmail/Spamcontrol
41085 by: Erwin Hoffmann

Administrivia:

To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]

To subscribe to the digest, e-mail:
[EMAIL PROTECTED]

To bug my human owner, e-mail:
[EMAIL PROTECTED]

To post to the list, e-mail:
[EMAIL PROTECTED]


--



Hello,

from some time now, i'm receiving messages
corrupted with sequences of the char 'X'.

It dos not happen with all the messages, only
with a few, but it is persistent. Sometimes it
corrupts the header making the all messages
unreadable.

Re: hack for filtering i love you worm

2000-05-05 Thread octave klaba


Hi,
I did setup your qmail-filter.py and test works
# echo "test 1" | mail -s okay myself
# echo "test 2" | mail -s ILOVEYOU myself
qmail-inject: fatal: mail server permanently rejected message (#5.3.0)
# echo "test 2" | mail -s ILOVEYOU [EMAIL PROTECTED]
qmail-inject: fatal: mail server permanently rejected message (#5.3.0)

but when I send an email thought eudora using smtp of this serveur or not
to a pop on this serveur, email is not rejected.

any idea ?

PS I restarted all

thanks !

Octave


Neil Schemenauer a écrit :
 
qmail-filter.pyName: qmail-filter.py
   Type: Plain Text (text/plain)

-- 
Amicalement,
oCtAvE 

Connexion terminée par expiration du délai d'attente

reverting back to mbox format with qmail

2000-05-05 Thread Nicholas Horwood


Hi there

I'm having problems with qmail and procmail, were procmail is being able
to deliver into the $HOME/Maildir directort, and seems to want to put it
all in /var/mail/user, even when we change authenticate.c file, so we
have decided to revert back to the mailbox format and put up with it.
Does anyoe have a script to conert mailboxes back to the mbox format
from the qmail maildir format?

cheers

nicholas

No Mail Log ?!

2000-05-05 Thread Cedric Revest


Hello everyone,

I am using Qmail on Suse 6.3, using /var/spool/mail/USERDIR.

For an unknown reason, the mail logs have been cleared and Qmail does not
log anything anymore...

I have looked in syslog and qmail does not report any errors either.
Maybe permissions are wrong on the /var/log/mail file ?? what should they
be?

Does anybody have any suggestions? (No the hard drive is not full :))

Regards

Cedric Revest

---
Cedric Revest
Britnet Ltd
http://www.britnet.co.uk/

Direct Line: 0208 962 9542
Fax: 0208 964 8457

Qmail filter for ILOVEYOU

2000-05-05 Thread Rodney Edwards


Hi,

This has probably been asked already but I've literally just joined.

How can I filter and reject ILOVEYOU messages in Qmail.

Any pointers would be appreciated

Best regards

Rod

Problem with tcpserver

2000-05-05 Thread Clark Hon


Hi,

I am new to this distribution list. Please forgive me
if I am not posting to the correct DL. 

I have a problem to setup a new qmail server. When I
trying to enable selective relaying with
tcpserver/tcprules for qmail-smtpd, I always got

*** 553 sorry, that domain isn't in my list of allowed

*** rcpthosts (#5.7.1)

To make it simple, I have already tried to put a
single rule 
:allow, RELAYCLIENT=""
inside tcp.smtp file and convert it to tcp.smtp.cdb.
(no error message) Sill failed.

What I have tried is use an OLD cdb file from the
retiring server. It works! I have already lost the
original rule file in text format. Is there any
special way to generate the cdb file?? Is there any
suggestion/suspection?

Here is my configuration:
 - Redhat 6.2
 - uscpi-tcp 8.0 / 8.4 / 8.8
 - qmail 1.03 (install from rpm packages)

Appreciated for your help!

Regards,
Clark



__
Do You Yahoo!?
Send instant messages  get email alerts with Yahoo! Messenger.
http://im.yahoo.com/

Atención:::::VIRUS!!!!!!!!!!!!!!

2000-05-05 Thread Rafael Villalobos Prats


Me ha infectado el virus I LOVE YOU, a alguno de vosotros le ha tenido que
llegar, lo siento.

Re: hack for filtering i love you worm

2000-05-05 Thread Jesper Hess Nielsen


I tried installing the hack as described, but when I try the test, I get an
arror saying

[root@ns bin]# echo "test 1" | mail -s okay [EMAIL PROTECTED]
[root@ns bin]# qmail-inject: fatal: unable to exec qq (#4.3.0)

Anyone know what this could be?

When I try to execute the py script, it says

bash: ./qmail-filter.py: No such file or directory

I double checked that the path to python is correct in the script file.

/Jesper

Re: qmail won't start!?

2000-05-05 Thread Isaiah Chua


hi Dave,

 The init scripts are in,
 In what/where? And what's in them? And what platform are you using?

Sorry I didn't give enough info. The init scripts are in my /etc/rc.d/init.d
dir and softlinked to the various /etc/rcx.d directories. I'm using RH6.2,
and used the RPM package to first compile the src then installed it using
rpm.

 By "nothing happens" do you mean that the script runs but doesn't
 output anything, runs but exits immediately, or what?

It runs, but immediately exits.

 You can't start qmail from inetd.conf. Perhaps you mean qmail-smtpd?

Yes, I meant qmail-smtpd.

Re: Problem with tcpserver

2000-05-05 Thread Chris Johnson


On Fri, May 05, 2000 at 03:31:57AM -0700, Clark Hon wrote:
 I have a problem to setup a new qmail server. When I
 trying to enable selective relaying with
 tcpserver/tcprules for qmail-smtpd, I always got
 
 *** 553 sorry, that domain isn't in my list of allowed
 
 *** rcpthosts (#5.7.1)
 
 To make it simple, I have already tried to put a
 single rule 
 :allow, RELAYCLIENT=""
 ^

Take out the space.

Chris

Re: hack for filtering i love you worm

2000-05-05 Thread Rainer Link


Mulindwa Eric wrote:
 
 but hoe can one use Amavis with qmail, p'se help

Please have a look at http://www.unixzone.com/virus - I would suggest to
use AMaViS-Perl-5. It should work out-of-the-box. 
If you run into troubles, please ask me directly.

HTH

best regards,
Rainer Link

-- 
Rainer Link  | Member of Virus Help Munich (www.vhm.haitec.de)   
[EMAIL PROTECTED] | Member of AMaViS Development Team (amavis.org)
rainer.w3.to | Maintainer FAQ "antivirus for Linux" (av-linux.w3.to)

Re: hack for filtering i love you worm

2000-05-05 Thread octave klaba




Jesper Hess Nielsen a écrit :
 
 I tried installing the hack as described, but when I try the test, I get an
 arror saying
 
 [root@ns bin]# echo "test 1" | mail -s okay [EMAIL PROTECTED]
 [root@ns bin]# qmail-inject: fatal: unable to exec qq (#4.3.0)
 
 Anyone know what this could be?
 
 When I try to execute the py script, it says
 
 bash: ./qmail-filter.py: No such file or directory

#!/usr/bin/python
# You might have to modify the Python path at the top.  

which python and fix the first line

Amicalement,
oCtAvE 

Connexion terminée par expiration du délai d'attente

Virus Scanners

2000-05-05 Thread Jason Brooke



Any recommendations on server virus scanners that run in harmony with qmail
on linux, and if so, why the recommendation?

Thanks,
jason

Re: hack for filtering i love you worm

2000-05-05 Thread Jesper Hess Nielsen


If you had taken the time to read the whole mail I sent, You would notice
that I already had double checked the location of python. That is not the
problem - something else is not working right.

/Jesper

- Original Message -
From: "octave klaba" [EMAIL PROTECTED]
To: "Jesper Hess Nielsen" [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, May 05, 2000 1:46 PM
Subject: Re: hack for filtering "i love you" worm




 Jesper Hess Nielsen a écrit :
 
  I tried installing the hack as described, but when I try the test, I get
an
  arror saying
 
  [root@ns bin]# echo "test 1" | mail -s okay [EMAIL PROTECTED]
  [root@ns bin]# qmail-inject: fatal: unable to exec qq (#4.3.0)
 
  Anyone know what this could be?
 
  When I try to execute the py script, it says
 
  bash: ./qmail-filter.py: No such file or directory

 #!/usr/bin/python
 # You might have to modify the Python path at the top.

 which python and fix the first line

 Amicalement,
 oCtAvE

 Connexion terminée par expiration du délai d'attente

Re: hack for filtering i love you worm

2000-05-05 Thread Petr Novotny


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 5 May 00, at 13:50, Jesper Hess Nielsen wrote:

 If you had taken the time to read the whole mail I sent, You would notice
 that I already had double checked the location of python. That is not the
 problem - something else is not working right.

chmod +x /var/qmail/bin/that-script-filename perhaps?

-BEGIN PGP SIGNATURE-
Version: PGP 6.0.2 -- QDPGP 2.60 
Comment: http://community.wow.net/grt/qdpgp.html

iQA/AwUBORKoe1MwP8g7qbw/EQK+XQCgoTAFg93O4YoKe3ihN1EhFETaEXwAnRWK
/N9090LPOKs6n3Xubs7OsG+V
=U5QP
-END PGP SIGNATURE-
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
 [Tom Waits]

Re: hack for filtering i love you worm

2000-05-05 Thread Jesper Hess Nielsen


I have ALREADY done everything stated at the beginning of the script file
(which I have attached for clarity - some of you may not have seen it).
When I have done all this, I get an error when performing the test :

[root@ns bin]# echo "test 1" | mail -s okay [EMAIL PROTECTED]
[root@ns bin]# qmail-inject: fatal: unable to exec qq (#4.3.0)

When I try to run the script directly :

[root@ns bin]# ./qmail-filter.py

bash: ./qmail-filter.py: No such file or directory


Now. Does anyone have any ideas what the problem could be? I've tried
running strace ./qmail-filter.py, but it only outputs a "exec: file not
found" error.

/Jesper


-[SNIP]-

#!/usr/bin/python
#
# A quick hack to filter the ILOVEYOU worm with qmail.  Use:
#
#   $ cp qmail-filter.py /var/qmail/bin
#   $ cd /var/qmail/bin
#   $ chmod +x qmail-filter.py
#   $ mv qmail-queue qmail-queue-real; ln -s qmail-filter.py qmail-queue
#
# Test:
#
#   $ echo "test 1" | mail -s okay myself
#   $ echo "test 2" | mail -s ILOVEYOU myself
#
# You might have to modify the Python path at the top.  This is a
# temporary fix.  Remove it after the dust settles:
#
#   $ cd /var/qmail/bin
#   $ mv qmail-queue-real qmail-queue
#
# Neil Schemenauer [EMAIL PROTECTED]

PATTERN = r"^Subject: ILOVEYOU\s*$"
QMAIL_QUEUE = "/var/qmail/bin/qmail-queue-real"

import re
import string
import sys
import os
import tempfile

def mktemp():
for i in range(10):
tmp = tempfile.mktemp()
try:
fd = os.open(tmp, os.O_RDWR|os.O_CREAT|os.O_EXCL, 0700)
except OSError:
continue
file = os.fdopen(fd, "w+b")
os.unlink(tmp)
return file
return None


try:
mess = mktemp()
if not mess:
os._exit(53) # write error
header = 1
while 1:
line = sys.stdin.readline()
if not line:
break
if line in ("\r\n", "\n"):
header = 0
if header and re.search(PATTERN, line):
os._exit(31) # blocked, permanent error
mess.write(line)
mess.flush()
mess.seek(0)
os.dup2(mess.fileno(), 0)
os.execv(QMAIL_QUEUE, ())
except:
os._exit(81) # internal error


---[SNIP]-

Re: hack for filtering i love you worm

2000-05-05 Thread Tim Gollschewsky


On Fri, May 05, 2000 at 01:59:39PM +0200, Jesper Hess Nielsen spoke thusly:
 I have ALREADY done everything stated at the beginning of the script file
 (which I have attached for clarity - some of you may not have seen it).
 When I have done all this, I get an error when performing the test :
 
 [root@ns bin]# echo "test 1" | mail -s okay [EMAIL PROTECTED]
 [root@ns bin]# qmail-inject: fatal: unable to exec qq (#4.3.0)
 
 When I try to run the script directly :
 
 [root@ns bin]# ./qmail-filter.py
 
 bash: ./qmail-filter.py: No such file or directory

This looks like the error you get when the path to your interpreter on
the shebang line is incorrect.

Tim.

Re: hack for filtering i love you worm

2000-05-05 Thread Petr Novotny


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 5 May 00, at 13:59, Jesper Hess Nielsen wrote:

 [root@ns bin]# ./qmail-filter.py
 
 bash: ./qmail-filter.py: No such file or directory

I see. What does "head -n1 qmail-filter.py|od -c" say? Is there 
anything about character "015" or "\r" or so? Then you need to 
delete DOS-like end-of-line characters.

-BEGIN PGP SIGNATURE-
Version: PGP 6.0.2 -- QDPGP 2.60 
Comment: http://community.wow.net/grt/qdpgp.html

iQA/AwUBORKqwFMwP8g7qbw/EQITcgCg8ZCWR3Rc04kHKT48tt5gryf8HOQAoIuN
AVub7s3cLN50Bz6fASIiUw+s
=VVpT
-END PGP SIGNATURE-
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
 [Tom Waits]

Re: hack for filtering i love you worm

2000-05-05 Thread Ricardo Cerqueira


On Fri, May 05, 2000 at 01:10:53PM +0200, Jesper Hess Nielsen wrote:
 I tried installing the hack as described, but when I try the test, I get an
 arror saying
 
 [root@ns bin]# echo "test 1" | mail -s okay [EMAIL PROTECTED]
 [root@ns bin]# qmail-inject: fatal: unable to exec qq (#4.3.0)
 
 Anyone know what this could be?
 
 When I try to execute the py script, it says
 
 bash: ./qmail-filter.py: No such file or directory

ldd /path/to/python

Maybe you're missing a library.

Regards;
RC

-- 
+---
| Ricardo Cerqueira  
| PGP Key fingerprint  -  B7 05 13 CE 48 0A BF 1E  87 21 83 DB 28 DE 03 42 
| Novis  -  Engenharia ISP / Rede Técnica 
| Pç. Duque Saldanha, 1, 7º E / 1050-094 Lisboa / Portugal
| Tel: +351 21 3166730/00 (24h/dia) - Fax: +351 21 3166701

Re: accustamp|tailocal|matchup

2000-05-05 Thread Len Budney


"David Dyer-Bennet" [EMAIL PROTECTED] wrote:
 Peter Samuel [EMAIL PROTECTED] wrote:
   
   And you editor can't read in the results of a program?
 
 I can think offhand of a couple of ways of doing it, but all of them
 are grossly inefficient and take lots of keystrokes.  There may well
 be an easy way I'm overlooking, too.  Nothing exotic, I'm an emacs
 user.  I'm not starting a new instance, I'm visiting the log file from
 my existing instance.

rant
``Nothing exotic, I'm an emacs user''? Emacs? Have you heard the
debates whether Emacs was an OS, a shell, or an editor? Have you seen
the emacs mailreaders, shell modes, IRC interfaces, and web browser?
What you want to do is absolutely trivial in emacs, and you can bind it
to a single keystroke.
/rant

Anyway, what you want to do is absolutely trivial in emacs, and you can
bind it to a single keystroke.

Len.

--
You're repeating the same old ``forks are bad and execs are
disastrous'' litany without _profiling_ where your time is actually
going.
-- Dan Bernstein

Re: Qmail filter for ILOVEYOU

2000-05-05 Thread Len Budney


Rodney Edwards [EMAIL PROTECTED] wrote:
 
 This has probably been asked already but I've literally just joined.
 How can I filter and reject ILOVEYOU messages in Qmail?

Congratulations! You may be the first new subscriber whose question is
at least 1) timely, and 2) not a FAQ! You get a cigar!

 Any pointers would be appreciated

Let me point you to the qmail archive: http://www-archive.ornl.gov:8000/.
There have been some quick-and-dirty hacks suggested over the last couple
of days, but since I don't run Windows I haven't paid much attention.
Searching on ``ILOVEYOU'' should turn them up.

Hope this helps,
Len.

--
Frugal Tip #31:
Incrementally reduce your year-to-year operating expenditures while
aggressively recognizing unrealized receivables in the current quarter.

Re: Virus Scanners

2000-05-05 Thread Johan Almqvist


On Fri, May 05, 2000 at 09:51:52PM +1000, Jason Brooke wrote:
 
 Any recommendations on server virus scanners that run in harmony with qmail
 on linux, and if so, why the recommendation?

H+BEDV antivir, from www.hbedv.com and www.antivir.de. Free for
non-commercial use, no fuzz with web interfaces and the like (just
command-line), fast updates. German version is better than english,
though.

 Thanks,
 jason

-Johan
-- 
Johan Almqvist

Re: No Mail Log ?!

2000-05-05 Thread Chris Harris



 Hello everyone,
 
 I am using Qmail on Suse 6.3, using /var/spool/mail/USERDIR.
 
 For an unknown reason, the mail logs have been cleared and Qmail does not
 log anything anymore...
 
 I have looked in syslog and qmail does not report any errors either.
 Maybe permissions are wrong on the /var/log/mail file ?? what should they
 be?
 
 Does anybody have any suggestions? (No the hard drive is not full :))
 
 Regards
 
 Cedric Revest
 

This may be due to the feature of syslogd that if the file it's supposed to be 
writing to doesn't exist, it doesn't create it,  nothing gets logged. If that's 
the case, try touching the log file and see if the messages start coming.

Chris Harris
System Manager
STL Ltd.
ph. 01228 512512 ext. 2211
fax 01228 514949

Re: Global filtering

2000-05-05 Thread Paul Schinder


At 9:33 PM -0400 5/4/00, Bennett Samowich wrote:
Greetings,

I am relatively new to qmail, so forgive me if this is too simple...

With all of the current goings on about the "luv bug", I have a 
question concerning qmail and filtering.  My customer base uses 
sendmail primarily, while I have been experimenting with qmail at my 
site.  With the sendmail sites I was able to implement a 
configuration "hack" to stop initial instances of the message.  I 
was also able to implement a global procmail filter to accomplish 
the same thing.

My question is this:
Does qmail have the ability to implement global filters.  I know 
that I can put procmail lines in each users .qmail file, but that 
seems like alot of work.

IIRC, the default delivery instruction in /var/qmail/rc can be a pipe 
to a program.  So you can qmail-start "| preline /path/to/procmail" 
and have mail by default run through procmail.  Of course, you still 
have a .qmail problem: any user with a .qmail will override the 
default instruction.  "man qmail-command" gives you some details.


Thanks in advance,
- Bennett

-- 
--
Paul J. Schinder
NASA Goddard Space Flight Center
Code 693
[EMAIL PROTECTED]

Re: hack for filtering i love you worm

2000-05-05 Thread Bruno Wolff III


On Fri, May 05, 2000 at 02:56:38AM -0600,
  Neil Schemenauer [EMAIL PROTECTED] wrote:
 On Thu, May 04, 2000 at 07:28:32PM -0400, Searcher wrote:
 exit(31) if /name="LOVE-LETTER-FOR-YOU.TXT.vbs"/o;
  
  Am I missing something here?
 
 Nothing except that fact that the real solution is to fix the
 broken mail clients.  IMHO, virus scanners and the like are
 fundamentally broken.

I agree with that. Since this one actually burns people, maybe people
will learn not to run attachments unless they are expecting them and they
are from someone they have a good reason to trust.

I am suprised that we aren't already seeing viruses that mutate by encrypting
themselves (to make virus scanning harder by greatly reducing the fixed part
of the payload) and using varients in the deliverly envelope at each
iteration. Using the same filename for the attachment and the same subject
each time the virus transmits itself makes it too easy to detect the message.

how do i apply QMAILQUEUE

2000-05-05 Thread Jan Stifter


hi
i am sorry for this very easy question, but i am playing around and
can not work it out.

how can i apply the QMAILQUEUE patch?

i made a file with the patch in it, qmailqueue-patch, which looks
like:
-- start
--- qmail-1.03-orig/MakefileMon Jun 15 04:53:16 1998
+++ qmail-1.03/Makefile Tue Jan 19 10:52:24 1999@@ -1483,12 +1483,12
@@
 trigger.o fmtqfn.o quote.o now.o readsubdir.o qmail.o date822fmt.o \
 datetime.a case.a ndelay.a getln.a wait.a seek.a fd.a sig.a open.a \
 lock.a stralloc.a alloc.a substdio.a error.a str.a fs.a auto_qmail.o
\
-auto_split.o+auto_split.o env.a
./load qmail-send qsutil.o control.o constmap.o newfield.o \
prioq.o trigger.o fmtqfn.o quote.o now.o readsubdir.o \
qmail.o date822fmt.o datetime.a case.a ndelay.a getln.a \
wait.a seek.a fd.a sig.a open.a lock.a stralloc.a alloc.a \
-   substdio.a error.a str.a fs.a auto_qmail.o auto_split.o
+   substdio.a error.a str.a fs.a auto_qmail.o auto_split.o env.a
qmail-sen
d.0: \
 qmail-send.8diff -u qmail-1.03-orig/qmail.c qmail-1.03/qmail.c
--- qmail-1.03-orig/qmail.c Mon Jun 15 04:53:16 1998
+++ qmail-1.03/qmail.c  Tue Jan 19 09:57:36 1999@@ -6,14 +6,25 @@
#include "fd.h
"
 #include "qmail.h" #include "auto_qmail.h"+#include "env.h"
-static char *binqqargs[2] = { "bin/qmail-queue", 0 } ;
+static char *binqqargs[2] = { 0, 0 } ;++static void setup_qqargs()+{
+  if(!binqqargs[0])+binqqargs[0] = env_get("QMAILQUEUE");
+  if(!binqqargs[0])+binqqargs[0] = "bin/qmail-queue";+}  int
qmail_open(qq)
 struct qmail *qq; {   int pim[2];   int pie[2];++  setup_qqargs();
   if (pipe(pim) == -1) return -1;
   if (pipe(pie) == -1) { close(pim[0]); close(pim[1]); return -1; }
- end
i tried to apply it:

caramel:/usr/local/src # ls -d qmail*
qmail-1.03/
qmail.tar.gz
qmailanalog-0.70/
qmailanalog-0_70.tar.gz
qmailqueue-patch
caramel:/usr/local/src # patch  qmailqueue-patch
Hmm...  I can't seem to find a patch in there anywhere.
caramel:/usr/local/src #


what am i doing wrong?
any help is greatly appreciated
jan stifter

Re: Virus Scanners

2000-05-05 Thread Rainer Link


Jason Brooke wrote:
 
 Any recommendations on server virus scanners that run in harmony with qmail
 on linux, and if so, why the recommendation?

Please have a look at http://av-linux.w3.to, esp. the Mini-FAQ as text
file
(direct link is
http://www.ce.is.fh-furtwangen.de/~link/security/av-linux_e.txt)

(please bookmark only http://av-linux.w3.to - thnx)

HTH

cu, Rainer
-- 
Rainer Link  | Member of Virus Help Munich (www.vhm.haitec.de)   
[EMAIL PROTECTED] | Member of AMaViS Development Team (amavis.org)
rainer.w3.to | Maintainer FAQ "antivirus for Linux" (av-linux.w3.to)

Re: hack for filtering i love you worm

2000-05-05 Thread Paul Farber


Well, to thourghly test any of these scripts for qmail.. you need a copy
or infected e-mail to run through the script.

Does anyone have an infected e-mail to post?  Or a URL where I can get
one?  Just adding a script is useless gotta test it out.

BTW, should we send the bill to Bill Gates or Ballmer for allowing thier
software to yet again grind the internet to a freaking halt.  My
Pine/Linux box has been virus free for 3+ years!

Paul Farber
Farber Technology
[EMAIL PROTECTED]
Ph  570-628-5303
Fax 570-628-5545

On Fri, 5 May 2000, Rainer Link wrote:

 Mulindwa Eric wrote:
  
  but hoe can one use Amavis with qmail, p'se help
 
 Please have a look at http://www.unixzone.com/virus - I would suggest to
 use AMaViS-Perl-5. It should work out-of-the-box. 
 If you run into troubles, please ask me directly.
 
 HTH
 
 best regards,
 Rainer Link
 
 -- 
 Rainer Link  | Member of Virus Help Munich (www.vhm.haitec.de)   
 [EMAIL PROTECTED] | Member of AMaViS Development Team (amavis.org)
 rainer.w3.to | Maintainer FAQ "antivirus for Linux" (av-linux.w3.to)

Re: hack for filtering i love you worm

2000-05-05 Thread Johan Almqvist


On Fri, May 05, 2000 at 09:47:57AM -0400, Paul Farber wrote:
 Well, to thourghly test any of these scripts for qmail.. you need a copy
 or infected e-mail to run through the script.
 
 Does anyone have an infected e-mail to post?  Or a URL where I can get
 one?  Just adding a script is useless gotta test it out.

http://www.almqvist.net/~johan/virus.txt

 BTW, should we send the bill to Bill Gates or Ballmer for allowing thier
 software to yet again grind the internet to a freaking halt.  My
 Pine/Linux box has been virus free for 3+ years!

-Johan
-- 
Johan Almqvist

Re: hack for filtering i love you worm

2000-05-05 Thread Alex at MessageLabs


Well, to thourghly test any of these scripts for qmail.. you need a copy
or infected e-mail to run through the script.

You must be the only person in the world without a copy! Seriously though,
you don't need a copy of the virus. Just create an email with the correct
subject line, and with a correctly named attachment. That should be
enough to test your script




___
This message has been checked for all known viruses by the 
MessageLabs Virus Control Centre. For further information visit
http://www.messagelabs.com/stats.asp

Re: db files for vpopmail and courier imap

2000-05-05 Thread Ken Jones


 Cono D'Elia wrote:
 
 Hello,
 
 Is there a limitation for the amount of users courier imap and
 vpopmail can support using the db type files? Is it better to go with
 an sql database instead?
 
 
 Thanks,
 
 Cono.

There is no limitation of cdb password files. However, modifications
to the file (add/delete/mod) start taking long amounts of time 30
seconds
when you have more than 5,000 users. 

ken jones
inter7

shim before final local delivery?

2000-05-05 Thread Paul Farber


Hello all,

Is there a way to insert a shim (or shell wrapper) before qmail-local
deleivers a local message?

IE, check for message size if $RECIEPENT = 'baduser' or some such thing?

It would seem administratively easier to apply these type of filters for a
large group of users that way rather than ~/.qmail-default 'ing all the
home dirs.

Paul Farber
Farber Technology
[EMAIL PROTECTED]
Ph  570-628-5303
Fax 570-628-5545

Re: ETRN and QMail

2000-05-05 Thread John White


On Thu, May 04, 2000 at 05:51:46PM -0700, Jon Rust wrote:
 At 2:43 AM +0200 5/5/00, Peter van Dijk wrote:
 So much for security, eh?
 
 
 Hrmf. You have apoint there. :-/ Guess I should think before typing. 
 Of course, by limiting the range of IPs allowed to trigger the 
 download, you could decrease the exposure, but it would be far from 
 perfect.
 
No, you're on the right track.

Have tcpserver on the private port trigger authentication via
the qmail-popup and checkpassword.  tcpserver sets the incoming
ip address in an environment variable, and you can trigger serial-
mail from the tcpserver commandline.

John

Re: ETRN and QMail

2000-05-05 Thread Robert Varga




On Thu, 4 May 2000, Jon Rust wrote:

 At 2:43 AM +0200 5/5/00, Peter van Dijk wrote:
 So much for security, eh?
 
 
 Hrmf. You have apoint there. :-/ Guess I should think before typing. 
 Of course, by limiting the range of IPs allowed to trigger the 
 download, you could decrease the exposure, but it would be far from 
 perfect.
 
 (crawling back into lurk mode)
 
 jon
 

Exchange servers can be made to run an arbitrary program upon completing
the initiation of the dialup connection. Give them program which initiates
a pop3 or spop3 connection, authenticates itself at the server, then
quits. And there is a wrapper for this behaviour on www.qmail.org.

ssh can also be made to do this, but that would need a system account on
the mailserver for each such user. Albeit their shell can be the script
maildir2smtp.

Robert Varga

QMAILQUEUE seems not to work with scan4virus

2000-05-05 Thread Jan Stifter


hi,
i applied the QMAILQUEUE patch to qmail.

i start my qmail-smtpd with
supervise /var/lock/svc/qmail-smtpd tcpserver -v -q
-x/etc/tcp.smtp.cdb\
-u101 -g101 0 smtp /var/qmail/bin/qmail-smtpd 21 | \
setuser qmaill accustamp | \
setuser qmaill tailocal  /var/log/qmail-smtpd.log 

and it works.

if i do an

export QMAILQUEUE="/var/qmail/bin/antivirus-qmail-queue.pl"

in front of the above command, no mail is working:

caramel:/var/log # telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 caramel.medres.ch ESMTP
helo
250 caramel.medres.ch
mail from: test
250 ok
rcpt to: [EMAIL PROTECTED]
250 ok
data
354 go ahead
.
451 qq temporary problem (#4.3.0)
quit
221 caramel.medres.ch
Connection closed by foreign host.
caramel:/var/log #

the file qmail-smtpd.log shows the following lines:
2000-05-05 16:44:31.581449 Can't do setuid

what is the problem? what can i do?
any hints are greatly appreciated
jan

Re: how do i apply QMAILQUEUE

2000-05-05 Thread Jan Stifter


On Fri, 05 May 2000 15:21:43 +0200, Jan Stifter [EMAIL PROTECTED]
wrote:

i solved it. my patch was broken.
sorry
jan

Re: shim before final local delivery?

2000-05-05 Thread Len Budney


Paul Farber [EMAIL PROTECTED] wrote:
 
 Is there a way to insert a shim (or shell wrapper) before qmail-local
 delivers a local message?

Simple; write a wrapper called ``qmail-local'', which in the end
exec's the original qmail-local (which you should rename, of
course). The interface is remarkably simple. From qmail-local(8):

  SYNOPSIS
   qmail-local  [  -nN  ]  user homedir local dash ext domain
   sender defaultdelivery

  DESCRIPTION
   ...
   The standard input for  qmail-local  must  be  a  seekable
   file, so that qmail-local can read it more than once.

See? It's a snap. (If you don't know how, I'll do it for a small fee.)

 It would seem administratively easier to apply these type of filters for a
 large group of users that way rather than ~/.qmail-default 'ing all the
 home dirs.

In fact this latter ``solution'' doesn't work anyway--unless the users
cannot create .qmail files. Extensions for which more specific
.qmail-ext files exist are delivered according to those instructions,
bypassing .qmail-default entirely.

Len.

--
Frugal Tip #19:
Discover the secret to happiness, then sell the franchise rights.

Re: Alias file

2000-05-05 Thread Dave Sill


Mario Rafael [EMAIL PROTECTED] wrote:

   Hi :), I have several questions I have an /var/spool/mail/alias file
that is getting bigger and bigger each moment, what it's is purpose?,

It's the user "alias"'s mailbox. It's sometimes where root/postmaster
mail ends up.

I have taken a lookt at it and it seems that the messages double
bouncing are stored there... how can I directly throw those messages
to /dev/null?, thanks in advance.

echo devnull  /var/qmail/control/doublebounceto
echo #  ~alias/.qmail-devnull

Then restart qmail.

-Dave

Re: qmail abuse...

2000-05-05 Thread Dave Sill


"Luke Chiam" [EMAIL PROTECTED] wrote:

I suspect someone is sending bulk mail using our qmail server, as we are
getting a lot of rebounced mail and delivery failure notice.

A spammer might be sending stuff out with your domain in the envelope
return path. That would cause bounces to come to you even if the
messages didn't come from you. (They could be doing that to avoid
anti-spam mechanisms that require a valid domain in the return path.)

One of your users could be sending spam. Presumably this would be
apparent from examing the double bounces.

You could be an open relay. See:

  http://Web.InfoAve.Net/~dsill/lwq.html#relaying

-Dave

Re: Global filtering

2000-05-05 Thread Dave Sill


Bennett Samowich [EMAIL PROTECTED] wrote:

Does qmail have the ability to implement global filters.  I know that
I can put procmail lines in each users .qmail file, but that seems
like alot of work.

qmail doesn't have a filtering mechanism built in, but one can be
constructed pretty easily using the technique described in the
following article:

http://www.faqts.com/knowledge-base/view.phtml/aid/2142/fid/203/lang/en

-Dave

Re: qmail won't start!?

2000-05-05 Thread Dave Sill


"Isaiah Chua" [EMAIL PROTECTED] wrote:

Sorry I didn't give enough info. The init scripts are in my /etc/rc.d/init.d
dir and softlinked to the various /etc/rcx.d directories. I'm using RH6.2,
and used the RPM package to first compile the src then installed it using
rpm.

 By "nothing happens" do you mean that the script runs but doesn't
 output anything, runs but exits immediately, or what?

It runs, but immediately exits.

That's normal. Init scripts generally run stuff in the background so
the system can move on to the next script.

Do the qmail processes show up when you run ps? See:

  http://Web.InfoAve.Net/~dsill/lwq.html#processes

-Dave

PERL filtering...

2000-05-05 Thread John W. Lemons III


I have recently deployed a freeware procmail script that does a very good
job filtering out various forms or malicious mail.  So far it has caught all
the ILOVEYOU mail and a few of the variants we have seen.  Since I use QMail
on my own machine, can procmail scripts be used with QMail?  Most of the
script uses some well crafted PERL code, so if not, it could probably be
shoe-horned into a form that QMail will utilize.  Any suggestions?

RE: qmail abuse...

2000-05-05 Thread Ronneil Camara


I guess the bounce mail comes from my side since I'm trying to configure my
qmail also but still having some problems. Sorry for that. I've restored my
old config and later, I will test again. 

My qmail setup is different. My qmail is configured as an email gateway
only. So there are no users in my qmail server. I hope you can help with
this kind of scenario.

 -Original Message-
 From: Dave Sill [mailto:[EMAIL PROTECTED]]
 Sent: Saturday, May 06, 2000 1:18 AM
 To: [EMAIL PROTECTED]
 Subject: Re: qmail abuse...
 
 
 "Luke Chiam" [EMAIL PROTECTED] wrote:
 
 I suspect someone is sending bulk mail using our qmail 
 server, as we are
 getting a lot of rebounced mail and delivery failure notice.
 
 A spammer might be sending stuff out with your domain in the envelope
 return path. That would cause bounces to come to you even if the
 messages didn't come from you. (They could be doing that to avoid
 anti-spam mechanisms that require a valid domain in the return path.)
 
 One of your users could be sending spam. Presumably this would be
 apparent from examing the double bounces.
 
 You could be an open relay. See:
 
   http://Web.InfoAve.Net/~dsill/lwq.html#relaying
 
 -Dave

qmail-mrtg qfilelog

2000-05-05 Thread Mark E. Drummond


Is there some way to make qmail-mrtg work with qfilelog log files? I am
doing my logging monthly .. that is i have log data piped through
qfilelog into /var/log/qmail/sendlog and a /var/log/qmail/smtpd/smtpdlog
which grow for an entire month and then get rolled over, and are parsed
with matchup/zoverall and friends.

Is it possible to have the qmail-mrtg scripts read these two files?

-- 
Mark Drummond|ICQ#19153754|mailto:[EMAIL PROTECTED]
UNIX System Administrator|Royal Military College of Canada
The Kingston Linux Users Group|http://signals.rmc.ca/klug/
Saving the World ... One CPU at a Time

Re: PERL filtering...

2000-05-05 Thread Patrick Berry


on 5/5/00 10:32 AM, John W. Lemons III had the thought:

 I have recently deployed a freeware procmail script that does a very good
 job filtering out various forms or malicious mail.  So far it has caught all
 the ILOVEYOU mail and a few of the variants we have seen.  Since I use QMail
 on my own machine, can procmail scripts be used with QMail?  Most of the
 script uses some well crafted PERL code, so if not, it could probably be
 shoe-horned into a form that QMail will utilize.  Any suggestions?

You are better off using something like scan4virus at the queue level.
http://www.geocities.com/jhaar/scan4virus/

While it is probably not advised, I am using it without the QMAILQUEUE
patch.  Instead, the scan4virus program receives the mail, scans it, then
passes it to my renamed qmail-queue program.

Right now I deny all .vbs attachments.  Yes, this is rather draconian and
there might be a 1 in 100,000,000,000,000 chance that someone really needs
to send a .vbs attachment.  Those are the breaks...

Pat

-- 
Freestyle Interactive | http://www.freestyleinteractive.com | 415.778.0610

Re: hack for filtering i love you worm

2000-05-05 Thread Kai MacTane


At 5/5/2000 09:47 AM -0400, Paul Farber wrote or quoted:
Well, to thourghly test any of these scripts for qmail.. you need a copy
or infected e-mail to run through the script.

Good point.

Does anyone have an infected e-mail to post?  Or a URL where I can get
one?  Just adding a script is useless gotta test it out.

Yeah, I got emailed a copy of the I-LOVE-YOU-LETTER.TXT.vbs last night, and 
it's still in my Maildir on my server. Should I just email it to you, or 
does the whole list want a copy?

-
  Kai MacTane
  System Administrator
   Online Partners.com, Inc.
-
 From the Jargon File: (v4.0.0, 25 Jul 1996)

finger trouble /n./

Mistyping, typos, or generalized keyboard incompetence (this is
surprisingly common among hackers, given the amount of time they
spend at keyboards). "I keep putting colons at the end of statements
instead of semicolons", "Finger trouble again, eh?".

Re: hack for filtering i love you worm

2000-05-05 Thread Kai MacTane


At 5/4/2000 11:29 PM -0600, Bruce Guenter wrote or quoted:
  Anyone can rename that .vbs to what ever they want and send it around again
  so wouldn't it be more efficient to filter all .vbs attachments?

Nope, you're exactly right.  However, the question was, how do I filter
the "ILOVEYOU" worm, and the above is a quick (and somewhat dirty)
answer.  If you know how to identify VBS source, with the absence of a
MIME type, please tell us.  I intend to do this for my employers, so I'm
not just being facetious.

I really think this is the way to go as well. I've been telling my employer 
since yesterday morning that the Subject: line is probably the single most 
easily mutatable thing about this email, and that it would make much more 
sense to just stop any mail containing a .vbs attachment.

I looked at the copy on my disk, and found the following at the beginning:

Content-Type: application/octet-stream; name="LOVE-LETTER-FOR-YOU.TXT.vbs"
Content-Disposition: attachment; filename="LOVE-LETTER-FOR-YOU.TXT.vbs"
Content-Transfer-Encoding: base64

You could probably just do a regex match on:

^Content-type: \S+\; name=\".+\.vbs\"

(Note: I have not tested that regex yet. It may not even function. It is 
quick-and-dirty, and even if it *does* work, there are probably better ways 
to do it.)

In particular, there's probably a better way to express that .+\.vbs, 
although I note that \w+\.vbs and \S+\.vbs are *not* the way to do it, as 
filenames may contain spaces and other characters.

-
  Kai MacTane
  System Administrator
   Online Partners.com, Inc.
-
 From the Jargon File: (v4.0.0, 25 Jul 1996)

finger trouble /n./

Mistyping, typos, or generalized keyboard incompetence (this is
surprisingly common among hackers, given the amount of time they
spend at keyboards). "I keep putting colons at the end of statements
instead of semicolons", "Finger trouble again, eh?".

Antigen found =love-letter-for-you.txt.vbs file

2000-05-05 Thread ANTIGEN_HOUSTON


Antigen for Exchange found LOVE-LETTER-FOR-YOU.TXT.vbs matching
=love-letter-for-you.txt.vbs file filter.
The file is currently Detected.  The message, "Re: hack for filtering "i
love you" worm", was
sent from Kai MacTane  and was discovered in IMC Queues\Inbound
located at Matchlogic/MATCHLOGIC/HOUSTON.

Re: PERL filtering...

2000-05-05 Thread octave klaba


Hi,

 You are better off using something like scan4virus at the queue level.
 http://www.geocities.com/jhaar/scan4virus/

setuping scan4vuris I have this error

Cannot find unzip on your system!

2 stupid questions:
- where can I find it out for linux ?
- do I need to use McAfee with ? if yes, whch version ? an url ?

thanks
Octave

Amicalement,
oCtAvE 

Connexion terminée par expiration du délai d'attente

Re: PERL filtering...

2000-05-05 Thread Patrick Berry


on 5/5/00 10:55 AM, octave klaba had the thought:

 setuping scan4vuris I have this error
 
 Cannot find unzip on your system!
 
 2 stupid questions:
 - where can I find it out for linux ?

http://freshmeat.net

 - do I need to use McAfee with ? if yes, whch version ? an url ?

No, but should have at least one kind of scanner.  It is easier if you use
one that is already tested and on the list.  Or you can simply use the built
in perl scanner.  Freshmeat also has links for cirus scanners.

Pat

-- 
Freestyle Interactive | http://www.freestyleinteractive.com | 415.778.0610

How do I invoke the qmail-users Mechanism ??

2000-05-05 Thread Tony D'Andrade




Hi. I dont understand how to invoke the qmail-users system.  I have a
server and /var/qmail/users/ is empty.  I would like to be able to use
the "assign" mechanism.  How do i do this ?   I tried to run qmail-pw2u
but it just seems to hang forever.  This is how it says to do it in 
Life with Qmail. Also if i start using 'assign' will it somehow mess up my 
exisiting config ?  Does qmail have to be restarted as well ??

thanks in advance !
tony

Re: Antigen found =love-letter-for-you.txt.vbs file

2000-05-05 Thread Kai MacTane


At 5/5/2000 11:54 AM -0600, ANTIGEN_HOUSTON wrote or quoted:
Antigen for Exchange found LOVE-LETTER-FOR-YOU.TXT.vbs matching
=love-letter-for-you.txt.vbs file filter.
The file is currently Detected.  The message, "Re: hack for filtering "i
love you" worm", was sent from Kai MacTane  and was discovered in IMC 
Queues\Inbound located at Matchlogic/MATCHLOGIC/HOUSTON.

Hmmm. Looks like someone's already filtering on just the string I sent out.

I wonder if they're filtering all .vbs files?

Content-Type: application/octet-stream; name="This is Bogus.vbs"
Content-Disposition: attachment; filename="This is Bogus.vbs"

-
  Kai MacTane
  System Administrator
   Online Partners.com, Inc.
-
 From the Jargon File: (v4.0.0, 25 Jul 1996)

finger trouble /n./

Mistyping, typos, or generalized keyboard incompetence (this is
surprisingly common among hackers, given the amount of time they
spend at keyboards). "I keep putting colons at the end of statements
instead of semicolons", "Finger trouble again, eh?".

Antigen found =*.vbs file

2000-05-05 Thread ANTIGEN_HOUSTON


Antigen for Exchange found This is Bogus.vbs matching =*.vbs file filter.
The file is currently Deleted.  The message, "Re: Antigen found
=love-letter-for-you.txt.vbs file", was
sent from Kai MacTane  and was discovered in IMC Queues\Inbound
located at Matchlogic/MATCHLOGIC/HOUSTON.

Re: How do I invoke the qmail-users Mechanism ??

2000-05-05 Thread Dave Sill


"Tony D'Andrade" [EMAIL PROTECTED] wrote:

Hi. I dont understand how to invoke the qmail-users system.  I have a
server and /var/qmail/users/ is empty.  I would like to be able to use
the "assign" mechanism.  How do i do this ?   I tried to run qmail-pw2u
but it just seems to hang forever.

Did you read the qmail-pw2u man page?

This is how it says to do it in Life with Qmail.

No, LWQ doesn't tell you how to run qmail-pw2u. The purpose of the
qmail-users coverage in LWQ is to supplement the man pages, not to
replace them.

Also if i start using 'assign' will it somehow mess up my 
exisiting config ?

That depends upon what you put in /var/qmail/users.

Does qmail have to be restarted as well ??

No.

-Dave

Qmail-send

2000-05-05 Thread Eric Davis




We can only send out 22 messages from remote queue 
at once and when the
server has finished delivering those 22 it does not 
queue up to deliver any more.
We have over 8,000 message in our remote queue and 
sending qmail-send an
-ALRM does not get it to restart sending. We 
have to stop and start it by hand
each time. Any help would be greatly 
apprecaited or request for more info.

Concurrency is set to 100 remote queues and it is 
not even using them all.

Qmail 1.03 running on a SGI Challenge S - Irix 
6.5

-Eric Davis
[EMAIL PROTECTED]

Re: PERL filtering...

2000-05-05 Thread Neil Schemenauer


On Fri, May 05, 2000 at 02:32:10PM -0500, John W. Lemons III wrote:
[A whole pile of extensions cut]
 Most of these will never need to be sent or received by a user and all can
 contain malicious code.  Any other suggestions?

Yes.  Fix the mail client or switch to one that does not execute
untrusted code without prompting.

Neil

-- 
Real programmers don't make mistrakes

Re: Future of qmail: will it care about viri/worms/etc?

2000-05-05 Thread Dave Sill


"Keith Warno" [EMAIL PROTECTED] wrote:

The continued discussions about the "love bug" and qmail "hacks" for dealing
with it have me disturbed.  I won't knock djb; the man needs to write an OS
one of these days.  :)  However there should be no need to "hack" qmail to
get it to filter unwanted mail and I'm wondering if future versions of qmail
will care.

I'll be suprised if the next version of qmail doesn't have better
support for filtering/processing messages. DJB is good at addressing
users needs in subsequent releases. Look at the development of
DNScache or the early qmail days for two examples.

Dave Sill's "general approach" for filtering is, well... I couldn't help but
crack up when I read it [01].  This is by no means intended to be offensive;
it's just funny to read that a *possible* solution for getting qmail to do
what I want is to install it twice.

Well, I always try to entertain, as well as inform. :-)

The [01] method is crude, but quite flexible and powerful--and
requires no modification to the source code.

Maybe windoze will do what I want if I install it twice eh?  ermm.. no, been
there, done that.

More of a good thing is sometimes better, but more of a bad thing...?

CERT also talked about filters for sendmail, postfix, and procmail [02].  No
mention of qmail.

Probably because the "vendors" submitted that information, but DJB
didn't.

-Dave

Re: accustamp|tailocal|matchup

2000-05-05 Thread Len Budney


Kins Orekhov [EMAIL PROTECTED] wrote:
 [EMAIL PROTECTED] wrote:
  And can't you look at them by passing them through tai64nlocal each
  time? Can you spell "shell script wrapper"? :)
 
 I *asked* the list about *some program* which can do reverse time
 translation for my *already existing logs* - from Local to TAI.

Correct. And Peter answered your question: ``Can you spell `shell script
wrapper'?''

Translated, he just told you to write a script called ``look-at-old-logs'',
which runs tai64nlocal on the old log files, and then displays
them to you. Then, whenever you want to look at old logs, you run
``look-at-old-logs'', and voila! The magic happens all over again.
That's the wonderful thing about computers: they never get bored.

 And your response(s) (especially last one) never answered my question.

It did. However, to benefit from the answer required some work from you.
If you want somebody to do the work for you, pay them. (I'll do it if
you prepay, in US dollars. Say, $250 for 2.5 hours work, and if I'm done
sooner, I'll refund the difference.)

Len.

--
Frugal Tip #41:
Remember, the best things in life are free. That means if you can resell
them, that's a 100% profit margin.

RE: PERL filtering...

2000-05-05 Thread Mark D. Wilkins


 Consider filtering the following as well:
 
 *.reg Regedit will inject its contents into your 
 registry without any
 warning if you open this file
 *.hlp Windose help files can contain auto-executing vb script
 *.hta html application, can contain vb script, 
 javascript etc.(MSHTA.EXE
 will run them when you click on them)
 *.shs shell automation code
 *.vbs vb script
 *.chm compiled HTML help file, also can contain vb 
 script, javascript etc.
 
 Most of these will never need to be sent or received by a 
 user and all can
 contain malicious code.  Any other suggestions?

Here's a snip from a bugtraq post...

snip
Sean Malloy [EMAIL PROTECTED] is letting us known that changing the
virus to use a WSF extension instead of VBS is just as affective.
WSF stands for Windows Scripting File. Antivirus vendors that want to
be proactive might want to add this extension to their signatures.
/snip

Mark

Re: Connecting to my email server..

2000-05-05 Thread spacetask


I don't know exactly what types of NAT firewalling there are, but I'll
assume you mean something like IPmasquerading with Port forwarding (25
forwarded to you internal machine).

You can't send packets to your external (real) IP and then have them
come back into the network.
For instance, my web server is inside my network.  If I try to access
www.youwasahero.com, it will time out.
On the otherhand,  my FTP server is on the firewall/gateway box, so if I
access ftp.youwasahero.com that works, because the packets don't have to
leave the network and then come back in.

Here are your options:
1)  Put your qmail server on the gateway/firewall machine (this is what
I do).

2) Set up a DNS server for your internal network.  Make an entry so that
mail.int.foobar.com resolves to your INTERNAL IP address for the mail
server. (this is how I handle my internal web server.  For the real
world DNS records, www.youwasahero.com resolves to my external (real) IP
address, and port 80 is forwarded. For my private internal DNS server,
www.youwasahero.com resolves to the IP address of the web server on the
internal network, 192.168.0.5.)

I hope that makes sense.


"Steve Peace(Internal)" wrote:

 First off, let me thank everyone in this mailing list for assiting me
 in setting up my qmail server.  Within about 4 weeks, I now have a
 functioning server that will send and receive email from the internet
 and internally.  A special koodoos to Dave Sill for writing LWQ.  Your
 Document was a huge amount of help.  I now have a server running on
 RedHat 6.1 with Qmail 1.03.  I seem to be having one problem.  My
 server sits behind a NAT firewall.  I have 2 NICs in my server, one
 with an internal non routeable adrress, and another with a real ip
 address that my new ISP has given to me.  I contacted my former/other
 provider that is hosting our website and also registered our domain,
 to get the MX records changed to point to my new mail server.  This
 has been done as far as I can tell.  when I do a nslookup on
 mail.foobar.com I get back the correct address.  Also I can receive
 email from the outside world.  My problem lies with attaching to
 mail.foobar.com.  When I am behind the firewall I can attach to
 mail.int.foobar.com and everything is working, but when I try to
 attach to mail.foobar.com, I time out.  Listed below is the output of
 qmail-showctl.  It all seems to be OK when I look at it, but I'm just
 a newbie.  Any help would be greatly appreciated.qmail home directory:
 /var/qmail.

Re: PERL filtering...

2000-05-05 Thread Searcher


  I have recently deployed a freeware procmail script that does a very
good
  job filtering out various forms or malicious mail.  So far it has caught
all
  the ILOVEYOU mail and a few of the variants we have seen.  Since I use
QMail
  on my own machine, can procmail scripts be used with QMail?  Most of the
  script uses some well crafted PERL code, so if not, it could probably be
  shoe-horned into a form that QMail will utilize.  Any suggestions?

 You are better off using something like scan4virus at the queue level.
 http://www.geocities.com/jhaar/scan4virus/

 While it is probably not advised, I am using it without the QMAILQUEUE
 patch.  Instead, the scan4virus program receives the mail, scans it, then
 passes it to my renamed qmail-queue program.

 Right now I deny all .vbs attachments.  Yes, this is rather draconian and
 there might be a 1 in 100,000,000,000,000 chance that someone really needs
 to send a .vbs attachment.  Those are the breaks...

Thanks Pat...

That was the point I was trying to get across yesterday...  It can be
renamed and sent  through over and over so why not filter all .vbs
attachments?  I tried to emphasize the point that non tech uses are killing
us with their carelessness so we have to protect them from vbs scripts in
order to protect ourselves.

On the same note I carried it through to all exe files as well.  If they
need to be sent by good users-  What's the big deal in changing the
extension to .exx?  Bad guys will send an exe and hope it is run on double
click while an exx.obviously won't till the end user changes the extension
back to .exe.

My point is, if we don't stop viruses and Trojans from spreading then Uncle
Sam will try and we do not want that to happen considering the mess we have
with this child safety act.  I wonder at times if they don't create these
problems so they have an excuse to try to control the net!  The news I saw
and read leaned heavily towards government offices and military bases being
affected. :(

Rick  == paranoid!

RE: Two Delivered-To headers - Why ?

2000-05-05 Thread Dave Kitabjian


We frequently get two Delivered-To headers when one qmail mailbox
forwards to another qmail mailbox.

Dave

 -Original Message-
 From: PPPindia [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, May 04, 2000 1:57 PM
 To: [EMAIL PROTECTED]
 Subject: Two Delivered-To headers - Why ?
 
 
 Setup:
 LAN, Redhat 6.1, qmail, vpopmail/vchkpw, Mailman list software
 Default domain : sanshri.com, Virtual domain : ppp.com 
 Mailman list is configured for the virtual domain ppp.com
 
 Problem : Two Delivered-To headers are being generated
 - one addressed to the alias, and the other with the actual
 destination address - the mailman list owner address. (see below)
 I am having this problem not only in this case, but also
 when i manually create an alias in the default domain sanshri.com
 
 So far i have never been able to create an alias entry 
 without the mail having two delivered-to headers ?
 I do not have this problem when i create an alias
 through qmailadmin/vpopmail.
 
 The alias setup for the virtual domain is as follows : -
 In /domains/ppp.com/.qmail-pppshar
 | preline /home/mailman/mail/wrapper post pppshar
 
 In .qmail-default the vdelivermail is called...
 and the default line put by vpopmail is there undisturbed
 in /var/qmail/users/assign
 
 Headers :
 Return-Path: [EMAIL PROTECTED]
 Delivered-To: [EMAIL PROTECTED]
 Received: (qmail 1040 invoked from network); 4 May 2000 12:02:28 -
 Received: from unknown (HELO sanshri.com) ([EMAIL PROTECTED])
   by 192.168.0.15 with SMTP; 4 May 2000 12:02:28 -
 Return-Path: [EMAIL PROTECTED]
 Delivered-To: [EMAIL PROTECTED]
 Received: (qmail 986 invoked from network); 4 May 2000 11:57:05 -
 Received: from unknown (HELO ppp) (192.168.0.3)
   by 192.168.0.15 with SMTP; 4 May 2000 11:57:05 -
 Message-ID: 003f01bfb5be$ddd1ef80$0300a8c0@ppp
 From: "listc" [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 -
 
 What could be the problem here ?
 I want only one Delivered-To header in the messages.
 
 Please help
 ksamy
 ++
 PPPshar- Internet for your LAN with one Internet account
 netMailshar -Email for every desktop with one 'Net account.
 MailAssistant - Speaking Email Notifier
 GetAgain - resume interrupted downloads.
 Visit http://www.pppindia.com/software
 ++

Fw: Re: IL0VEY0U worm

2000-05-05 Thread Keith Warno


For those not on the BugTraq mailing list.

This is yet another update about the worm from the moderator of BugTraq.
There's all sorts of useful info here.

You may also want to poke around at www.securityfocus.com .

kw

- Original Message -
From: "Elias Levy" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: 05 May 2000, Friday 15:37
Subject: Re: IL0VEY0U worm


Another update.


VARIANTS


Toni Tiainen [EMAIL PROTECTED] reports of a new variant
they are calling LoveLetter.E with spreads with a subject of
"Mothers Day Order Confirmation" with a message body of (indented
two spaces):

  Thanks for your purchase!

  We have proceeded to charge your credit card for the amount of $326.92 for
  the mothers day diamond special. We have attached a detailed invoice to
this
  email. Please print out the attachment and keep it in a safe place.

  Thanks Again and Have a Happy Mothers Day!

The attachment is named "mothersday.vbs". This variant deleted all files
with an extension of ".bat". F-Secure Anti-Virus for Firewalls with
the latest signature file can detect and delete this variant. For
more info check out http://www.f-secure.com/v-descs/love.htm

The LoveLetter.B variant has a subject of
"Susitikim shi vakara kavos puodukui...".

Brian Moore [EMAIL PROTECTED] reports seeing at least one variant where
the VBS virus was not an attachment but it was instead uuencoded.
This may fool antivirus products. Look out for the string
"begin 600 LOVE-LETTER-FOR-YOU.TXT.vbs" in the message. Could this
be the result of some MTA rewriting the message?

Trend Micro has released pattern file number 695 which includes
definitions to detect the variants reported by Dan Simoes [EMAIL PROTECTED]
(the tabs to spaces variant).

Sean Malloy [EMAIL PROTECTED] is letting us known that changing the
virus to use a WSF extension instead of VBS is just as affective.
WSF stands for Windows Scripting File. Antivirus vendors that want to
be proactive might want to add this extension to their signatures.
The file contents would look something like this:

job id="iloveyou"
script language="VBScript"
'insert code here
/script
/job

or as Sean points out you could encode it to obfuscate it by doing:

job id="iloveyouencrypted"
script language="VBScript.Encode"
#@~^EQ==vbxd^?DDPmKN^?~t^?DnOwYAAA==^#~@
/script
/job

where "#@~^EQ==vbxd^?DDPmKN^?~t^?DnOwYAAA==^#~@' is the encoded
worm.

It seems the "fwd: Joke" variant attachment is "Very Funny.vbs" (note the
space) and not "VeryFunny.vbs". Or maybe its a new variant.


FILTERING
-

As many of you pointed out filtering based on the subject line is less
than perfect. Sadly that is the best you can do with many MTAs without
some hacking. If others can come up with ways to filter based on
attachments let us know. If you can filter by attachment look out
for files with these extensions: VBS, VBE, WSF, WSH, HTA.

Also the second regexp filter I recommended for Postfix was wrong.
Postfix can only match message headers, not attachment headers. So
the line "/Content.*\.vbs/ REJECT" will have no effect on the worm.
You are left with filtering by subject (e.g. "/^Subject:.*ILOVEYOU/
REJECT").

Jose Nazario [EMAIL PROTECTED] has updated his sendmail
rules. As suggested by Keith Petersen it now generates 501 errors (rather
than 553's, which causes an Exchange server to keep retrying delivery) and
it now handles the Joke variants.
http://biocserver.bioc.cwru.edu/~jose/iloveyouhack.txt

Jimmy Corio [EMAIL PROTECTED] has provided the following procmail
recipe:

#
# Look for ILOVEYOU worm.  File copy in /var/mail/ILoveYouSave and
# notify that an infected mail file may have come in.
# - jc3 05/04/00
#
:0 B
* ^Content-Type:
application/octet-stream;.*($|).*name="LOVE-LETTER-FOR-YOU.TXT.vbs"
{   
  ILOVEYOULOG="/var/mail/ILoveYouSave"

  :0 c
  $ILOVEYOULOG

  :0 h
| (formail -i"Subject: Potential ILOVEYOU worm email received" \
  -i"To:[EMAIL PROTECTED]" \
  -i"Content-type: text/plain; charset=\"us-ascii\""; \
  echo "Potential I Love You virus received.  Check Log."; \
  echo "Date: `/bin/date`"; \
  ) | \
  $SENDMAIL -oi [EMAIL PROTECTED]
}

Please note you need to change the email address it sends warning messages
to, and you should also modify it to catch the "Very Funny.vbs" attachment.


ANTIVIRUS
-

Daniel Doekal [EMAIL PROTECTED] reports that does not seems to stop the virus
with the 24.4.2000 signature file and that LiveUpdate has not yet listed
a newer signature file. At the same type the are conflicting reports that
Norton does detect the virus but as the older BubbleBoy virus or by using
its Bloodhound heuristics technology.

Adele Shakal [EMAIL PROTECTED] points us to DrSolomon's fix at
http://www.drsolomons.com/home/extra.zip

Bernhard Schneck [EMAIL PROTECTED] points us to this
German antivirus vendor fix http://www.antivir.de/presse/loveletter.htm


RECOVERY

Re: qmail-mrtg qfilelog

2000-05-05 Thread Mark E. Drummond


"Mark E. Drummond" wrote:
 
 Is there some way to make qmail-mrtg work with qfilelog log files? I am
 doing my logging monthly .. that is i have log data piped through
 qfilelog into /var/log/qmail/sendlog and a /var/log/qmail/smtpd/smtpdlog
 which grow for an entire month and then get rolled over, and are parsed
 with matchup/zoverall and friends.
 
 Is it possible to have the qmail-mrtg scripts read these two files?

Cancel my last ... I have switched to multilog and I am modifying the
qmail-mrtg scripts to use multilog formatted log files. If anyone else
is interested in them I can provide them when finished.

-- 
Mark Drummond|ICQ#19153754|mailto:[EMAIL PROTECTED]
UNIX System Administrator|Royal Military College of Canada
The Kingston Linux Users Group|http://signals.rmc.ca/klug/
Saving the World ... One CPU at a Time

Future of qmail: will it care about viri/worms/etc?

2000-05-05 Thread Keith Warno


Hello all.

The continued discussions about the "love bug" and qmail "hacks" for dealing
with it have me disturbed.  I won't knock djb; the man needs to write an OS
one of these days.  :)  However there should be no need to "hack" qmail to
get it to filter unwanted mail and I'm wondering if future versions of qmail
will care.

Dave Sill's "general approach" for filtering is, well... I couldn't help but
crack up when I read it [01].  This is by no means intended to be offensive;
it's just funny to read that a *possible* solution for getting qmail to do
what I want is to install it twice.

Maybe windoze will do what I want if I install it twice eh?  ermm.. no, been
there, done that.

CERT also talked about filters for sendmail, postfix, and procmail [02].  No
mention of qmail.

qmail is a programmer's MTA.  (Un)fortunately the world isn't full of
programmers.  When things like the "love bug" hit the main stream, getting
everyone to frantically and quickly slam their doors shut in the faces of
all that is unwanted, qmail users should be able to do the same.  Er, that
is, without having to write some quick, untested "hack" to do it.  Or
install a 2nd copy of qmail and then write a quick, untested "hack".

qmail needs filtering rules for this "love bug" sort of thing, ie, a new
control file or set of control files.  These days, filtering by the MTA is
probably more of a necessity than a feature.

Then again, this is all merely my US $0.02.

kw
/*
** Keith Warno
** Developer  Sys Admin
** http://www.HaggleWare.com/
*/

[01]http://www.faqts.com/knowledge-base/view.phtml/aid/2142/fid/203/lang/en
[02]http://www.cert.org/advisories/CA-2000-04.html

Connecting to my email server..

2000-05-05 Thread Steve Peace\(Internal\)




First off, let me thank everyone in this mailing list for 
assiting me in setting up my qmail server. Within about 4 weeks, I now 
have a functioning server that will send and receive email from the internet and 
internally. A special koodoos to Dave Sill for writing LWQ. Your 
Document was a huge amount of help. I now have a server running on RedHat 
6.1 with Qmail 1.03. I seem to be having one problem. My server sits 
behind a NAT firewall. I have 2 NICs in my server, one with an internal 
non routeable adrress, and another with a real ip address that my new ISP has 
given to me. I contacted my former/other provider that is hosting our 
website and also registered our domain, to get the MX records changed to point 
tomy newmail server. This has been done as far as I can 
tell. when I do a nslookup on mail.foobar.com I get back the correct 
address. Also I can receive email from the outside world. My problem 
lies with attaching to mail.foobar.com. When I am behind the firewall I 
can attach to mail.int.foobar.com and everything is working, but when I try to 
attach to mail.foobar.com, I time out. Listed below is the output of 
qmail-showctl. It all seems to be OK when I look at it, but I'm just a 
newbie. Any help would be greatly appreciated.

qmail home directory: /var/qmail.
user-ext delimiter: -.
paternalism (in decimal): 2.
silent concurrency limit: 120.
subdirectory split: 23.
user ids: 501, 502, 503, 0, 504, 505, 506, 507.
group ids: 501, 502.
badmailfrom: 
bouncefrom: (Default.) Bounce user name is MAILER-DAEMON.
bouncehost: (Default.) Bounce host name is foobar.com.
concurrencylocal: (Default.) Local concurrency is 10.
concurrencyremote: (Default.) Remote concurrency is 20.
databytes: SMTP DATA limit is 2000 bytes.
defaultdomain: Default domain name is foobar.com.
defaulthost: (Default.) Default host name is foobar.com.
doublebouncehost: (Default.) 2B recipient host: foobar.com.
doublebounceto: (Default.) 2B recipient user: postmaster.
envnoathost: (Default.) Presumed domain name is foobar.com.
helohost: (Default.) SMTP client HELO host name is foobar.com.
idhost: (Default.) Message-ID host name is foobar.com.
localiphost: (Default.) Local IP address becomes foobar.com.
locals: 
Messages for mail.foobar.com are delivered locally.
Messages for foobar.com are delivered locally.
me: My name is foobar.com.
percenthack: (Default.) The percent hack is not allowed.
plusdomain: Plus domain name is foobar.com.
qmqpservers: (Default.) No QMQP servers.
queuelifetime: (Default.) Message lifetime in the queue is 604800 
seconds.
rcpthosts: 
SMTP clients may send messages to recipients at foobar.com.
SMTP clients may send messages to recipients at mail.foobar.com.
SMTP clients may send messages to recipients at mail.int.foobar.com.
morercpthosts: (Default.) No effect.
morercpthosts.cdb: (Default.) No effect.
smtpgreeting: (Default.) SMTP greeting: 220 foobar.com.
smtproutes: (Default.) No artificial SMTP routes.
timeoutconnect: (Default.) SMTP client connection timeout is 60 seconds.
timeoutremote: (Default.) SMTP client data timeout is 1200 seconds.
timeoutsmtpd: (Default.) SMTP server data timeout is 1200 seconds.
virtualdomains: (Default.) No virtual domains.

Re: qmail-mrtg qfilelog

2000-05-05 Thread Mark E. Drummond


"Mark E. Drummond" wrote:
 
 Cancel my last ... I have switched to multilog and I am modifying the
 qmail-mrtg scripts to use multilog formatted log files. If anyone else
 is interested in them I can provide them when finished.

Hmmm, while working on this I just noticed that there is a descrepancy
between the time returned by perl's `time` (or $^T) and the time
-- 
Mark Drummond|ICQ#19153754|mailto:[EMAIL PROTECTED]
UNIX System Administrator|Royal Military College of Canada
The Kingston Linux Users Group|http://signals.rmc.ca/klug/
Saving the World ... One CPU at a Time

Please excuse me if I am terse. I answer dozens of emails every day.

Re: Future of qmail: will it care about viri/worms/etc?

2000-05-05 Thread markd


On Fri, May 05, 2000 at 03:27:40PM -0400, Keith Warno wrote:
 Hello all.
 
 The continued discussions about the "love bug" and qmail "hacks" for dealing
 with it have me disturbed.  I won't knock djb; the man needs to write an OS
 one of these days.  :)  However there should be no need to "hack" qmail to
 get it to filter unwanted mail and I'm wondering if future versions of qmail
 will care.
 
 Dave Sill's "general approach" for filtering is, well... I couldn't help but
 crack up when I read it [01].  This is by no means intended to be offensive;
 it's just funny to read that a *possible* solution for getting qmail to do
 what I want is to install it twice.

I presume you understood Dave to mean run two instances of qmail, not merely
to install and re-install.  Once instance would accept the mail, filter it and
pass it off to the other instance for delivery. Of course you knew that, you
just fine it funny for some reason.

Also, having a mail gateway is fairly common corporate practise, so having
a qmail instance as a gateway with a global filtering strategy is pretty trivial
by delivering thru ~alias/.qmail-default then forwarding on.

Finally, there *is* a well defined interface at which all mail going thru
qmail can be filtered. It's called qmail-queue. Nothing is stopping any
enterprising person or organization from writing or commercializing a filtering
system that wraps qmail-queue. It could even be written to provide the same
interface as the filtering API that sendmail now deploys so those commercial
filters could be transparently used with either MTA.


Regards.

Re: Future of qmail: will it care about viri/worms/etc?

2000-05-05 Thread Patrick Berry


on 5/5/00 12:27 PM, Keith Warno had the thought:
 
 qmail is a programmer's MTA.  (Un)fortunately the world isn't full of
 programmers.  When things like the "love bug" hit the main stream, getting
 everyone to frantically and quickly slam their doors shut in the faces of
 all that is unwanted, qmail users should be able to do the same.  Er, that
 is, without having to write some quick, untested "hack" to do it.  Or
 install a 2nd copy of qmail and then write a quick, untested "hack".
 
 qmail needs filtering rules for this "love bug" sort of thing, ie, a new
 control file or set of control files.  These days, filtering by the MTA is
 probably more of a necessity than a feature.

What makes you think that the fixes that instantly sprang up for sendmail,
et. all weren't quick hacks?  With the design of qmail I am able to do more
general filtering and it keeps me from having to use a 1 meg procfile
recipe.  I use scan4virus.

The problem that this presents is that there is always more than one way to
do it so you have 18 different perl scripts to do the same task ;-)

We have a dedicated test machine for qmail, so testing 'quick hacks' usually
isn't a problem.  I know this isn't an option for everyone, but before you
apply any kind of patch to sendmail or other MTAs I would think you want to
test it as well.
 
Pat
-- 
Freestyle Interactive | http://www.freestyleinteractive.com | 415.778.0610

Re: smtp-auth?

2000-05-05 Thread Russell Nelson


listy-dyskusyjne Krzysztof Dabrowski writes:
  At 20:06 2000-05-03, Russell Nelson wrote:
  But it looks to me like he's reversed the password and the
  timestamp parameters to checkpassword.
  
  so the order is : LOGIN, PASSWORD, TIMESTAMP
  
  my cmd5checkpassword accepts:
  
  login name terminated by \e0,
  a cram-md5 challenge terminated by \e0,
  and a cram-md5 response terminated by

qmail-pop3d's apop command sends first parameter, second parameter,
timestamp, where the "timestamp" parameter is actually
pid.timestamp@hostname.  That would correspond to login, response, and 
challenge for MD5.

Not that it *really* matters since CRAM-MD5 and APOP use algorithms
with different details.

-- 
-russ nelson [EMAIL PROTECTED]  http://russnelson.com
Crynwr sells support for free software  | PGPok | "Ask not what your country
521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   | do for you..."  -Perry M.

RE: Connecting to my email server..

2000-05-05 Thread Tim Hunter




When I 
attempt to connect to telnet mail.foobar.com 25I get mail.foobar.com: 
Unknown host

I will 
make two assumptions,
1) 
mail.foobar.com does not exist (DNS broke,etc)
2) 
your domain is not foobar.com and you are editing the output of 
qmail-showctl

Please 
send us the TRUE information since dealing with mailservers is often a DNS 
issue

also 
send us the commands you use to start qmail

  -Original Message-From: Steve Peace(Internal) 
  [mailto:[EMAIL PROTECTED]]Sent: Friday, May 05, 2000 3:12 
  PMTo: [EMAIL PROTECTED]Subject: Connecting to my email 
  server..
  First off, let me thank everyone in this mailing list for 
  assiting me in setting up my qmail server. Within about 4 weeks, I now 
  have a functioning server that will send and receive email from the internet 
  and internally. A special koodoos to Dave Sill for writing LWQ. 
  Your Document was a huge amount of help. I now have a server running on 
  RedHat 6.1 with Qmail 1.03. I seem to be having one problem. My 
  server sits behind a NAT firewall. I have 2 NICs in my server, one with 
  an internal non routeable adrress, and another with a real ip address that my 
  new ISP has given to me. I contacted my former/other provider that is 
  hosting our website and also registered our domain, to get the MX records 
  changed to point tomy newmail server. This has been done as 
  far as I can tell. when I do a nslookup on mail.foobar.com I get back 
  the correct address. Also I can receive email from the outside 
  world. My problem lies with attaching to mail.foobar.com. When I 
  am behind the firewall I can attach to mail.int.foobar.com and everything is 
  working, but when I try to attach to mail.foobar.com, I time out. Listed 
  below is the output of qmail-showctl. It all seems to be OK when I look 
  at it, but I'm just a newbie. Any help would be greatly 
  appreciated.
  
  qmail home directory: /var/qmail.
  user-ext delimiter: -.
  paternalism (in decimal): 2.
  silent concurrency limit: 120.
  subdirectory split: 23.
  user ids: 501, 502, 503, 0, 504, 505, 506, 507.
  group ids: 501, 502.
  badmailfrom: 
  bouncefrom: (Default.) Bounce user name is MAILER-DAEMON.
  bouncehost: (Default.) Bounce host name is foobar.com.
  concurrencylocal: (Default.) Local concurrency is 10.
  concurrencyremote: (Default.) Remote concurrency is 20.
  databytes: SMTP DATA limit is 2000 bytes.
  defaultdomain: Default domain name is foobar.com.
  defaulthost: (Default.) Default host name is foobar.com.
  doublebouncehost: (Default.) 2B recipient host: foobar.com.
  doublebounceto: (Default.) 2B recipient user: postmaster.
  envnoathost: (Default.) Presumed domain name is foobar.com.
  helohost: (Default.) SMTP client HELO host name is foobar.com.
  idhost: (Default.) Message-ID host name is foobar.com.
  localiphost: (Default.) Local IP address becomes foobar.com.
  locals: 
  Messages for mail.foobar.com are delivered locally.
  Messages for foobar.com are delivered locally.
  me: My name is foobar.com.
  percenthack: (Default.) The percent hack is not allowed.
  plusdomain: Plus domain name is foobar.com.
  qmqpservers: (Default.) No QMQP servers.
  queuelifetime: (Default.) Message lifetime in the queue is 604800 
  seconds.
  rcpthosts: 
  SMTP clients may send messages to recipients at foobar.com.
  SMTP clients may send messages to recipients at mail.foobar.com.
  SMTP clients may send messages to recipients at mail.int.foobar.com.
  morercpthosts: (Default.) No effect.
  morercpthosts.cdb: (Default.) No effect.
  smtpgreeting: (Default.) SMTP greeting: 220 foobar.com.
  smtproutes: (Default.) No artificial SMTP routes.
  timeoutconnect: (Default.) SMTP client connection timeout is 60 
seconds.
  timeoutremote: (Default.) SMTP client data timeout is 1200 seconds.
  timeoutsmtpd: (Default.) SMTP server data timeout is 1200 seconds.
  virtualdomains: (Default.) No virtual 
domains.

Re: qmail-mrtg qfilelog - oops

2000-05-05 Thread Mark E. Drummond


"Mark E. Drummond" wrote:
 
 Cancel my last ... I have switched to multilog and I am modifying the
 qmail-mrtg scripts to use multilog formatted log files. If anyone else
 is interested in them I can provide them when finished.

Let's try that again.

Hmmm, while working on this I just noticed that there is a descrepancy
between the time returned by perl's `time` (or $^T) and the time on my
multilog logs. Here is an example:

--BEGIN QUOTE--
bastion# tail /var/log/qmail/sendlog
957550606.725794 status: local 0/10 remote 0/20
957550606.726275 end msg 175750
957550614.220152 new msg 175750
957550614.220404 info msg 175750: bytes 1102 from [EMAIL PROTECTED] qp 11557
uid 51015
957550614.467704 starting delivery 88634: msg 175750 to remote
[EMAIL PROTECTED]
957550614.467785 status: local 0/10 remote 1/20
957550614.578268 delivery 88634: success:
137.94.1.134_accepted_message./Remote_host_said:_250_Message_received:_FU3MS600.HM3/
957550614.608559 status: local 0/10 remote 0/20
957550614.609030 end msg 175750
957550627.961157 status: exiting
bastion# perl test
957558159 : 957558159
bastion#
--END QUOTE--

the script "test" is just:

#!/usr/local/bin/perl
print time," : $^T\n";

-- 
Mark Drummond|ICQ#19153754|mailto:[EMAIL PROTECTED]
UNIX System Administrator|Royal Military College of Canada
The Kingston Linux Users Group|http://signals.rmc.ca/klug/
Saving the World ... One CPU at a Time

Please excuse me if I am terse. I answer dozens of emails every day.

RE: PERL filtering...

2000-05-05 Thread John W. Lemons III


 Right now I deny all .vbs attachments.  Yes, this is rather draconian and
 there might be a 1 in 100,000,000,000,000 chance that someone really
needs
 to send a .vbs attachment.  Those are the breaks...

That was the point I was trying to get across yesterday...  It can be
renamed and sent  through over and over so why not filter all .vbs
attachments?  I tried to emphasize the point that non tech uses are killing
us with their carelessness so we have to protect them from vbs scripts in
order to protect ourselves.

On the same note I carried it through to all exe files as well.  If they
need to be sent by good users-  What's the big deal in changing the
extension to .exx?  Bad guys will send an exe and hope it is run on double
click while an exx.obviously won't till the end user changes the extension
back to .exe.

Consider filtering the following as well:

*.reg   Regedit will inject its contents into your registry without any
warning if you open this file
*.hlp   Windose help files can contain auto-executing vb script
*.hta   html application, can contain vb script, javascript etc.(MSHTA.EXE
will run them when you click on them)
*.shs   shell automation code
*.vbs   vb script
*.chm   compiled HTML help file, also can contain vb script, javascript etc.

Most of these will never need to be sent or received by a user and all can
contain malicious code.  Any other suggestions?

ETRN problem with qmail

2000-05-05 Thread Eric Davis




I am hoping you can help me with a qmail 
problem...

We have the etrn patch installed and etrn was 
working up until last night,
but now it is not working. We telnet to the 
server on port 25 and issue an
etrn command for a domain in our etrn file and it 
says reports an internal
etrn failure.

The message is: opening etrntrigger: No 
such device or address

Any idea of what we can look at? The 
etrntrigger file in there in /var/qmail and
the permissions are okay from what we can 
see. We have even rebult qmail.

-Eric Davis
[EMAIL PROTECTED]

Re: Connecting to my email server..

2000-05-05 Thread Steve Peace

Thanks for the assist,  I should have realized that, but I have Friday on
the brain.  Excuse me while I wipe the egg off of my face :-)

- Original Message -
From: [EMAIL PROTECTED]
To: "Steve Peace(Internal)" [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Friday, May 05, 2000 3:59 PM
Subject: Re: Connecting to my email server..

 I don't know exactly what types of NAT firewalling there are, but I'll
 assume you mean something like IPmasquerading with Port forwarding (25
 forwarded to you internal machine).

 You can't send packets to your external (real) IP and then have them
 come back into the network.
 For instance, my web server is inside my network.  If I try to access
 www.youwasahero.com, it will time out.
 On the otherhand,  my FTP server is on the firewall/gateway box, so if I
 access ftp.youwasahero.com that works, because the packets don't have to
 leave the network and then come back in.

 Here are your options:
 1)  Put your qmail server on the gateway/firewall machine (this is what
 I do).

 2) Set up a DNS server for your internal network.  Make an entry so that
 mail.int.foobar.com resolves to your INTERNAL IP address for the mail
 server. (this is how I handle my internal web server.  For the real
 world DNS records, www.youwasahero.com resolves to my external (real) IP
 address, and port 80 is forwarded. For my private internal DNS server,
 www.youwasahero.com resolves to the IP address of the web server on the
 internal network, 192.168.0.5.)

 I hope that makes sense.

 "Steve Peace(Internal)" wrote:

  First off, let me thank everyone in this mailing list for assiting me
  in setting up my qmail server.  Within about 4 weeks, I now have a
  functioning server that will send and receive email from the internet
  and internally.  A special koodoos to Dave Sill for writing LWQ.  Your
  Document was a huge amount of help.  I now have a server running on
  RedHat 6.1 with Qmail 1.03.  I seem to be having one problem.  My
  server sits behind a NAT firewall.  I have 2 NICs in my server, one
  with an internal non routeable adrress, and another with a real ip
  address that my new ISP has given to me.  I contacted my former/other
  provider that is hosting our website and also registered our domain,
  to get the MX records changed to point to my new mail server.  This
  has been done as far as I can tell.  when I do a nslookup on
  mail.foobar.com I get back the correct address.  Also I can receive
  email from the outside world.  My problem lies with attaching to
  mail.foobar.com.  When I am behind the firewall I can attach to
  mail.int.foobar.com and everything is working, but when I try to
  attach to mail.foobar.com, I time out.  Listed below is the output of
  qmail-showctl.  It all seems to be OK when I look at it, but I'm just
  a newbie.  Any help would be greatly appreciated.qmail home directory:
  /var/qmail.

Re: Qmail-send

2000-05-05 Thread Dave Sill


"Eric Davis" [EMAIL PROTECTED] wrote:

We can only send out 22 messages from remote queue at once and when
the server has finished delivering those 22 it does not queue up to
deliver any more.  We have over 8,000 message in our remote queue and
sending qmail-send an -ALRM does not get it to restart sending.  We
have to stop and start it by hand each time.  Any help would be
greatly apprecaited or request for more info.

Concurrency is set to 100 remote queues and it is not even using them
all.

Qmail 1.03 running on a SGI Challenge S - Irix 6.5

What Do The Logs Say(tm)?

What does qmail-qstat say?

Have you checked your trigger? See:

  http://Web.InfoAve.Net/~dsill/lwq.html#trigger

-Dave

Re: hack for filtering i love you worm

2000-05-05 Thread Jason Haar


Rainer Link wrote:

 "Benjamin de los Angeles Jr." wrote:
 
  Can you sight pros/cons of using your antivirus software compared to
  AmaVis?
   [I used it's perlscanner interface to match on the attachment filename while
   waiting for the Antivirus vendors to come up with an "official" fix :-)]
   See http://www.geocities.com/jhaar/scan4virus/

 Well, I think you refer to AMaViS-Perl? AMaViS-Perl does not require any
 qmail patch(es) and supports more antivirus software.
 scan4virus provides a "generic filter/scanner" to filter out eMails with
 a specific attachment name - which in case of "I love you" is a good
 thing, but it's very easy to change the file name (or the subject line),
 according to BugTraq this has happend.

Err - no scan4virus contains a "generic filter" IN ADDITION TO support for other
commercial virus scanners.

Currently Trend, MacAffee, HBEDV and Sophos.

My original rationale for developing my own virusscanner wrapper was that I  had
some security concerns with AmaVis which weren't shared by the author, it didn't
support Qmail, and it was a shell script instead of a more "secure" language like
perl (well, "perl -T").

Maybe some of these reasons no longer apply, but I doubt it operates as efficiently
as scan4virus does (i.e. at the qmail-queue level) - that would be difficult to do
and retain conpatibility with postfix and sendmail...

Anyway, variety is the spice of life...

--
Jason Haar

Re: accustamp|tailocal|matchup

2000-05-05 Thread Kins Orekhov


  Because we look at them too often :)
 
 And can't you look at them by passing them through tai64nlocal each
 time? Can you spell "shell script wrapper"? :)

I *asked* the list about *some program* which can do reverse time
translation for my *already existing logs* - from Local to TAI.
I *know* how solve my problem for newly generated logs, but my question
was about *old* logs.

Isn't it clear?

And your response(s) (especially last one) never answered my question.

-- 
Kins Orekhov
Outlook Technologies, Inc.
E-mail: [EMAIL PROTECTED]
Phone: 773-775-2099, ext. 226
http://swoop.outlook.net

qmail and debugging

2000-05-05 Thread clifford thurber


Hello,
What is they way to send qmail's output to standard output so I can view
qmail's transaction's like sendmail in verbose mode. I know this was posted
somewhere I though it was on life with qmail but it doesn't seem to be
there anymore. If anyone has the url of could just send me the command line
syntax I would appreciate it. Thanks in advance.

Re: Antigen found =love-letter-for-you.txt.vbs file

2000-05-05 Thread David L. Nicol


Kai MacTane wrote:
 
 At 5/5/2000 11:54 AM -0600, ANTIGEN_HOUSTON wrote or quoted:
 Antigen for Exchange found LOVE-LETTER-FOR-YOU.TXT.vbs matching
 =love-letter-for-you.txt.vbs file filter.
 The file is currently Detected.  The message, "Re: hack for filtering "i
 love you" worm", was sent from Kai MacTane  and was discovered in IMC
 Queues\Inbound located at Matchlogic/MATCHLOGIC/HOUSTON.
 
 Hmmm. Looks like someone's already filtering on just the string I sent out.
 
 I wonder if they're filtering all .vbs files?

Our exchange admin is.


__
  David Nicol 816.235.1187 [EMAIL PROTECTED]
"Lord Macbeth knew he was approaching the SITE of the rout
 from the SIGHT of odd body parts scattered on the blasted heath."

Re: Future of qmail: will it care about viri/worms/etc?

2000-05-05 Thread Jason Haar


On Fri, May 05, 2000 at 12:21:40PM -0700, [EMAIL PROTECTED] wrote:
 Finally, there *is* a well defined interface at which all mail going thru
 qmail can be filtered. It's called qmail-queue. Nothing is stopping any
 enterprising person or organization from writing or commercializing a filtering

See http://www.geocities.com/jhaar/scan4virus/ - qmail-queue
replacement that can run a variety or commercial virus scanners (as well as
it's inbuilt one) over all Email that has to go through qmail-queue (i.e.
everything).

Been there - done that.

-- 
Cheers

Jason Haar

Unix/Network Specialist, Trimble NZ
Phone: +64 3 9635 377 Fax: +64 3 9635 417

Re: Future of qmail: will it care about viri/worms/etc?

2000-05-05 Thread David L. Nicol


Keith Warno wrote:
 
 there should be no need to "hack" qmail

And there isn't!  Why do people persist on insecure MUAs?




__
  David Nicol 816.235.1187 [EMAIL PROTECTED]
"Lord Macbeth knew he was approaching the SITE of the rout
 from the SIGHT of odd body parts scattered on the blasted heath."

Re: Future of qmail: will it care about viri/worms/etc?

2000-05-05 Thread Kevin Waterson


"David L. Nicol" wrote:

 Keith Warno wrote:
 
  there should be no need to "hack" qmail

 And there isn't!  Why do people persist on insecure MUAs?

My sentiment exactly.
Why should I have to expend valuable time and resources fixing
Microsofts dud ware.
Here in .au there are rumblings of legislation for ISPs to block virii,
these people have no concept of the difference between a virus and
a worm or any other type of exploit, yet pressure is mounting on ISPs
and, if legislated, means ISPs will be liable for loss and damage and
loss of production because MS constantly fail to secure their systems.
To effect this type of policy one would need to prohibit all
attachments,
scan each mail for vb/java script and why not peersonally read/censure
each mail
/rant

Kevin

Re: Future of qmail: will it care about viri/worms/etc?

2000-05-05 Thread Paul Farber


But if you are the first one to sell 'secure' qmail servers you will be
the MS of .au!

Take a bad thing and make it into a good one.  That and make profit along
the way!

Paul Farber
Farber Technology
[EMAIL PROTECTED]
Ph  570-628-5303
Fax 570-628-5545

On Fri, 5 May 2000, Kevin Waterson wrote:

 "David L. Nicol" wrote:
 
  Keith Warno wrote:
  
   there should be no need to "hack" qmail
 
  And there isn't!  Why do people persist on insecure MUAs?
 
 My sentiment exactly.
 Why should I have to expend valuable time and resources fixing
 Microsofts dud ware.
 Here in .au there are rumblings of legislation for ISPs to block virii,
 these people have no concept of the difference between a virus and
 a worm or any other type of exploit, yet pressure is mounting on ISPs
 and, if legislated, means ISPs will be liable for loss and damage and
 loss of production because MS constantly fail to secure their systems.
 To effect this type of policy one would need to prohibit all
 attachments,
 scan each mail for vb/java script and why not peersonally read/censure
 each mail
 /rant
 
 Kevin

Re: Future of qmail: will it care about viri/worms/etc?

2000-05-05 Thread Steve Wolfe


  there should be no need to "hack" qmail

 And there isn't!  Why do people persist on insecure MUAs?

  I'll chime in on this, even though my view may not be the same as
everyone else's.

 The problem isn't MUA's.  The problem is that users were duped into
executing a program of a malicious intent.

  That isn't anything new.  In fact, it isn't even restricted to MUA's.
The recent root-exploit of Apache.org involved duping a root user into
executing malicious code.  It's just a fact of life, until every user in
the world is not only educated (hah, when will that happen?), but
sufficiently competant to analyze programs on their own, virii will still
exist.  And een if those utopian conditions existed, we'd just find
trickier ways to spread the virii.

Because of that, viral scanning is a necessity for large corporations,
to save themselves a lot of monetary loss.  They simply need to protect
themselves through viral scanning.  The ability to have incoming/outgoing
mail scanned does not solve the problem, but is a very, very good first
step.

   Few experienced administrators would fail to use some sort of
firewalling/filtering on their company's Internet connection.  If they
wanted to, they could simply throw the blame on insecure programs / OS /
systems, but they don't.  The use the firewall / filtering because it's a
fast, easy way to block many attacks.  Not all, but many.  Central email
virus scanning is the same thing.

When I sent my analysis of the "iloveyou" virus to BugTraq, I was
deluged with email - all of them bounces.  Because my message started with
"ilove you", many, many mail servers had blocked it.  That was within
something like 12 hours of the release.  Think of the immense amount of
headaches the system administrators for those companies saved themselves.
The ounce of prevention was worth a metric ton of cure.

 There is also the issue of cost.  Is it cheaper to purchase one SMP
machine to scan mail on the server for virii, or to license a hundred
copies of a virus scanner, and then puy each machine more RAM and CPU, so
that they can still work as efficiently while the virus scanner watches
what they do?

   Scanning mail on the server may not be your preference.  However, it is
a very valuable and useful resource, that is just as valid as using
firewalls to prevent attacks against insecure machines on the inside
network.

  If someone in the open-source community doesn't anty up and make
server-side mail scanning work well, someone in the private sector will.
Let's make the world a Better Place, and do it first.

  Shoot, just this morning, my MOTHER of all people called me up and asked
why they couldn't stop the virus at the mail server. : )

steve

Re: ETRN problem with qmail

2000-05-05 Thread rvanzant


 We have the etrn patch installed and etrn was working up until last
night,

 Where might one find this patch?  Digging around qmail.org didn't
produce
anything.

Thanks,
[EMAIL PROTECTED]

Open Today.

2000-05-05 Thread zxmmnnuv1l1l


Reduce your international phone bill by over 50%.  Join our 
easy-to-use callback service today for free.

No monthly minimums, surcharges or set-up fees apply, just low flat 
rates 24 hours, everyday.   

Visit our website: http://hometown.aol.com/gotelcom/ and enter to 
win $500 in FREE phone calls, or email us for more info: 
[EMAIL PROTECTED]

Check out our low rates below.   Complete listing of rates for all 
countries available on our website. Prices are per minute in USD. 

To get the rates add cost of country you are calling FROM to cost 
of country you are calling TO.

Algeria  0.27
Argentina0.36
Argentina Buenos Aires   0.18
Australia0.10
Austria  0.11
Bahamas  0.15
Bahrain  0.42
Bangladesh   0.63
Belgium  0.10
Brazil   0.27
Brazil Rio de Jan.   0.20
Brazil Sao Paulo 0.20
Canada   0.08
Chile0.15
China0.27
Colombia 0.25
Cyprus   0.23
Denmark  0.10
Djibouti 0.74
Egypt0.59
Finland  0.10
France   0.08
Georgia  0.46
Germany  0.08
Ghana0.36
Greece   0.20
Hong  Kong   0.10
Hungary  0.26
India0.60
Indonesia0.33
Indonesia Jakarta0.20
Iran 0.62
Ireland  0.10
Israel   0.13
Italy0.11
Japan0.10
Jordan   0.51
Kazakhstan   0.36
Kenya0.74
Kuwait   0.54
Lebanon  0.55
Liberia  0.38
Libya0.27
Malaysia 0.20
Malta0.17
Mauritania   0.58
Mexico   0.18
Morocco  0.46
Netherlands  0.07
New Zealand  0.09
Nigeria  0.70
Norway   0.08
Oman 0.53
Pakistan 0.69
Philippines  0.29
Poland   0.28
Qatar0.53
Romania  0.35
Russia   0.39
Russia Moscow0.18
Russia St. Petersburg0.20
Saudi  Arabia0.61
Singapore  Rep.  0.15
Somalia  0.60
South Africa 0.35
South Africa Johannesburg0.22
South Korea  0.12
Spain0.13
Sri Lanka0.64
Sudan0.39
Sweden   0.08
Switzerland  0.10
Syria0.57
Taiwan   0.11
Tajikistan   0.47
Thailand 0.35
Tunisia  0.40
Turkey   0.39
Turkmenistan 0.46
Ukraine  0.29
United  Arab Emirates0.35
United Kingdom   0.07
USA  0.05
Venezuela0.33
Yemen0.74

- Rates apply 24 hrs/day, 7 days per week
- NO sign-up fees, NO monthly fees, and NO surcharges
- You DO NOT have to SWITCH your current provider
- Ideal for Home and Business use
- Callback service is available to/from anywhere in the world.

Contact us for more information and complete rate table at:

Email: [EMAIL PROTECTED]
http://hometown.aol.com/gotelcom/

If you would like to be removed from our list, please reply to: 
[EMAIL PROTECTED] with the word "remove" in 
the subject line.

Re: Open Today.

2000-05-05 Thread Irwan


At 03:20 PM 5/4/00 +, [EMAIL PROTECTED] wrote:

why this qmail mailling list doesn't use the rblsmtpd to prevent from Dial 
Up user abuse ?
Delivered-To: mailing list [EMAIL PROTECTED]
Received: (qmail 32716 invoked from network); 5 May 2000 23:34:51 -
Received: from ac81110d.ipt.aol.com (HELO mx.boston.juno.com) (172.129.17.13)
by muncher.math.uic.edu with SMTP; 5 May 2000 23:34:51 -

.qmail questions

2000-05-05 Thread Chris Hanlon


Is there anyway to restrict which users/groups can execute commands via the 
| option in there .qmail file?  I realise that the problem could be solved 
by not giving users access to the .qmail file but this is not always an 
option.  The biggest problem is an ftp/mail user could write a .qmail which 
mails them the /etc/passwd file giving them access to the userlist.

Another question.  Does anyone know how to take the results of a command 
and forward the message to those usernames (I have a command that lists all 
users in a specific virtual domain).  It would be nice to have a "dynamic 
mailing list".

A final questions is does anyone have a script to forward the results of a 
command to the person who sent the message? ie. run amalist then send the 
result of the command to the user who emailed [EMAIL PROTECTED]?

Thank you for you help.

Re: hack for filtering i love you worm

2000-05-05 Thread vogelke


 On Thu, 4 May 2000 19:28:32 -0400, 
 "Searcher" [EMAIL PROTECTED] said:

R Anyone can rename that .vbs to what ever they want and send it around
R again so wouldn't it be more efficient to filter all .vbs attachments?

   The only safe way to handle this is to check any attachment for a
   Registry reference or an indication that Visual Basic is being run.
   Few if any legitimate attachments should be referring to the Registry,
   and all the mischief seems to be done via VB scripts.

   Unpacking an infected attachment (different virus) and running strings
   on it gave me the following:

HKEY_CURRENT_USER\Software\Microsoft\Office\
VB_Nam
VBProjectOh
VBComponents
temp\VBE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VBA\VBA332.DLL
\VBE\MSForms.EXD

-- 
Karl Vogel
ASC/YCOA, Wright-Patterson AFB, OH 45433, USA
[EMAIL PROTECTED]  or  [EMAIL PROTECTED]

adduser?

2000-05-05 Thread James


I've installed qmail, and I can send messages out to the world just fine..
but I can't "get" messages from the world.

The faq's and howto pages have me confused.  I read something about the
/users/assign file, but am completely confused about setting that up.  All
I want at this point is to allow a user to get mail from anywhere.  If I
already have [EMAIL PROTECTED], how do I get mail to the Mailbox directory?

After I get this part figured out, hopefully the virtual domain part won't
be all that difficult.

I'm using Mandrake 7.02.

Thanks.

Re: adduser?

2000-05-05 Thread Bolivar Diaz Galarza


James wrote:
 
 I've installed qmail, and I can send messages out to the world just fine..
 but I can't "get" messages from the world.
 
 The faq's and howto pages have me confused.  I read something about the
 /users/assign file, but am completely confused about setting that up.  All
 I want at this point is to allow a user to get mail from anywhere.  If I
 already have [EMAIL PROTECTED], how do I get mail to the Mailbox directory?
 
 After I get this part figured out, hopefully the virtual domain part won't
 be all that difficult.
 
 I'm using Mandrake 7.02.
 
 Thanks.


If you send a message to a user within your server, is he able to
receive it?

I had a problem more or less like yours, in my case my users were not
able to retrieve any e-mail.

checkpassword and Openbsd 2.6

2000-05-05 Thread Dale Miracle


I am using Openbsd 2.6 and I am having a problem with checkpassword.
When I do the test in the install  doc for checkpassword

/var/qmail/bin/qmail-popup host /bin/checkpassword pwd

It works fine, verifies my user id and password.  When I try to telnet
to the server using it's fqdn on port 110  I get this:

atlas# telnet atlas.teoi.net 110
Trying 206.30.147.56...
Connected to atlas.teoi.net.
Escape character is '^',
+OK ([EMAIL PROTECTED])
user dale
+OK
pass mypass
-ERR authorization failed
Connection closed by foreign host.
atlas#

If I telnet to localhost i get the same error as above but the line with
the numbers@atlas etc  has different numbers.  The same happens if I try
this from any machine in my subnet.  Here is what one of my machines
with win98se  outlook express (the one for IE5) spit out at me

There was a problem logging onto your mail server. Your Password was
rejected. Account: 'atlas.teoi.net', Server: 'atlas.teoi.net', Protocol:
POP3, Server Response: '-ERR authorization failed', Port: 110,
Secure(SSL): No, Server Error: 0x800CCC90, Error Number: 0x800CCC92

I can send mail out and get it at the destination address with out any
problems.  I have tried turning on and off the "require authentication"
option in outlook but no luck...gave me another error which was obvious
(not running ssh/ssl on the pop3d).  I haven't tried this in netscape
communicator's mail, the only machine I have it on is mine running RH61
and ns 4.61.   I am using the win98 box with outlook so I don't have to
mess with my netscape on my machine.  I'm going to replace my slackware
box with the openbsd eventually.  Another thing I noticed is my pop3
sessions are getting logged, splogger is logging my smtp but they are
setup the same as far as I know.  Here are my start up's for both:

if [ -x /usr/local/bin/tcpserver ]; then
 echo -n ' Qmail-smtp'; /usr/local/bin/tcpserver -x /etc/tcp.smtp.cdb -v
-u 2850 -g 32750 0 smtp /var/qmail/bin/qmail-smtpd 21 \
/var/qmail/bin/splogger smtpd 3 
fi

if [ -x /usr/local/bin/tcpserver ]; then
 echo -n ' Qmail-pop3'; /usr/local/bin/tcpserver -v -R 0 pop3
/var/qmail/bin/qmail-popup atlas.teoi.net \ /bin/checkpassword
/var/qmail/bin/qmail-pop3d Maildir 21 \ /var/qmail/bin/splogger pop3d
3 
fi

Please let me know if this wrong, it appears to work for the smtp
without a problem.  I saw an example on one of the web sites that put a
|  right after 21 and when I did that splogger wouldn't load...error
said it couldn't find it.  I took the | out and and it loaded but pop3d
is only one not logging.

Thanks in advance for any ideas/suggestions.
Dale

1 2 >

1 - 100 of 108 matches

Mail list logo