shared folders
Hi, I don't know whether this is a qmail or courier-imap question, but Iam hoping someone can help me out. I am trying to set up shared folders using courier-imap and qmail, but I am having problems. The problem is that the shared system ignores the ./new dir and only looks at ./cur . This means that the shared folder works fine for emails copied into the shared folder, but emails delivered to the directory don't show up. Is there a way to make the emails turn up in cur instead of new? thanks, Colin
Re: hack for filtering i love you worm
On Thu, May 04, 2000 at 07:28:32PM -0400, Searcher wrote: exit(31) if /name="LOVE-LETTER-FOR-YOU.TXT.vbs"/o; Am I missing something here? Nothing except that fact that the real solution is to fix the broken mail clients. IMHO, virus scanners and the like are fundamentally broken. Neil -- "The lyf so short, the craft so long to lerne." -- Chaucer
Re: hack for filtering i love you worm
"Benjamin de los Angeles Jr." wrote: Can you sight pros/cons of using your antivirus software compared to AmaVis? [I used it's perlscanner interface to match on the attachment filename while waiting for the Antivirus vendors to come up with an "official" fix :-)] See http://www.geocities.com/jhaar/scan4virus/ Well, I think you refer to AMaViS-Perl? AMaViS-Perl does not require any qmail patch(es) and supports more antivirus software. scan4virus provides a "generic filter/scanner" to filter out eMails with a specific attachment name - which in case of "I love you" is a good thing, but it's very easy to change the file name (or the subject line), according to BugTraq this has happend. (Btw, stopping hoaxes is a also a difficult task - anyone can change subject or the body easily ...). Well, scan4virus is specific to qmail, whereas AMaViS supports sendmail postfix, too (the shell script version supports exim, too). Jason? :-) best regards, Rainer Link -- Rainer Link | Member of Virus Help Munich (www.vhm.haitec.de) [EMAIL PROTECTED] | Member of AMaViS Development Team (amavis.org) rainer.w3.to | Maintainer FAQ "antivirus for Linux" (av-linux.w3.to)
Re: hack for filtering i love you worm
but hoe can one use Amavis with qmail, p'se help Eric On Fri, 5 May 2000, Rainer Link wrote: "Benjamin de los Angeles Jr." wrote: Can you sight pros/cons of using your antivirus software compared to AmaVis? [I used it's perlscanner interface to match on the attachment filename while waiting for the Antivirus vendors to come up with an "official" fix :-)] See http://www.geocities.com/jhaar/scan4virus/ Well, I think you refer to AMaViS-Perl? AMaViS-Perl does not require any qmail patch(es) and supports more antivirus software. scan4virus provides a "generic filter/scanner" to filter out eMails with a specific attachment name - which in case of "I love you" is a good thing, but it's very easy to change the file name (or the subject line), according to BugTraq this has happend. (Btw, stopping hoaxes is a also a difficult task - anyone can change subject or the body easily ...). Well, scan4virus is specific to qmail, whereas AMaViS supports sendmail postfix, too (the shell script version supports exim, too). Jason? :-) best regards, Rainer Link -- Rainer Link | Member of Virus Help Munich (www.vhm.haitec.de) [EMAIL PROTECTED] | Member of AMaViS Development Team (amavis.org) rainer.w3.to | Maintainer FAQ "antivirus for Linux" (av-linux.w3.to)
Re: hack for filtering i love you worm
On Fri, May 05, 2000 at 12:18:11PM +1200, Jason Haar wrote: You can try my scan4virus anti-virus harness. Specifically written for Qmail. Capable of multi-scanner support and will FEED YOUR CAT! :-) See, I told you all day yesterday... ;- [I used it's perlscanner interface to match on the attachment filename while waiting for the Antivirus vendors to come up with an "official" fix :-)] Just wanted to say thank you again, Jason! I did the same thing. Shame the radio news didn't say what size that attachment was (yes, that virus was on radio an tv news in Sweden yesterday) H+BEDV was first out for me. You might want to notice that their German version is updated more often than the English version... And their program is free for personal use. http://www.antivir.de/ See http://www.geocities.com/jhaar/scan4virus/ -Johan -- Johan Almqvist
Re: hack for filtering i love you worm
On Fri, May 05, 2000 at 10:19:53AM +0200, Rainer Link wrote: "Benjamin de los Angeles Jr." wrote: Can you sight pros/cons of using your antivirus software compared to AmaVis? [I used it's perlscanner interface to match on the attachment filename while waiting for the Antivirus vendors to come up with an "official" fix :-)] See http://www.geocities.com/jhaar/scan4virus/ Well, I think you refer to AMaViS-Perl? AMaViS-Perl does not require any qmail patch(es) and supports more antivirus software. Well, nor does scan4virus. You could just move the real qmail-queue to another location, call the scan4virus script ("antivirus-qmail-queue.pl") qmail-queue and change the "real" qmail-queue path and name in that script... scan4virus provides a "generic filter/scanner" to filter out eMails with a specific attachment name - which in case of "I love you" is a good thing, but it's very easy to change the file name (or the subject line), according to BugTraq this has happend. Yes, but scan4virus also interfaces to all known(?) virus scanners out there, if they're installed. And for such quick fixes as were needed in this case, the attachment name fix was the most effective. I now stop all .vbs files. Can't see why someone would send one of these. Well, scan4virus is specific to qmail, whereas AMaViS supports sendmail postfix, too (the shell script version supports exim, too). Oh, I'm sure scan4virus can be hacked into sendmail.cf if you'd want that... -Johan -- Johan Almqvist
SUSE and qmail/Spamcontrol
Hi, I gathered some infos about setting up QMAIL under SUSE Linux in my Web-page http://www.fehcom.de/qmail_en.html Additionally, I have integreted the MFCHECK patch into my SPAMCONTROL with some gadgets. Everybody is welcome to use and comment it. Cheers. eh. +---+ | fffhh http://www.fehcom.deDr. Erwin Hoffmann | | ff hh| | ffeee ccc ooomm mm mm Wiener Weg 8 | | fff ee ee hh hh cc oo oo mmm mm mm 50858 Koeln| | ff ee eee hh hh cc oo oo mm mm mm| | ff eee hh hh cc oo oo mm mm mm Tel 0221 484 4923 | | ff hh hhccc ooomm mm mm Fax 0221 484 4924 | +---+
qmail Digest 5 May 2000 10:00:01 -0000 Issue 992
qmail Digest 5 May 2000 10:00:01 - Issue 992 Topics (messages 40984 through 41085): lots of XXX and Sendmail 8.8.8 40984 by: João Dinis 40988 by: Chris Stratford Re: stralloc problem 40985 by: Daniel Neri Converting sendmail mailboxes to qMail 40986 by: Isaiah Chua 40987 by: Vince Vielhaber 40991 by: Russell P. Sutherland qmail-unscribe 40989 by: Erry Rahmawan Re: Backing up HUGE Maildir systems 40990 by: Uwe Ohse 40998 by: Jeff Hayward 41009 by: markd.bushwire.net 41010 by: John Gonzalez/netMDC admin 41011 by: John Gonzalez/netMDC admin 41020 by: Brian Johnson 41021 by: John Gonzalez/netMDC admin 41051 by: Racer X Re: redirecting some email 40992 by: Uwe Ohse 40993 by: Jason Brooke Re: Making progress 40994 by: Dave Sill 40995 by: Tim Hunter qmail won't start!? 40996 by: Isaiah Chua 41016 by: Dave Sill Re: accustamp|tailocal|matchup 40997 by: Dave Sill 41027 by: Kins Orekhov 41031 by: Dave Sill 41034 by: Mikko Hänninen 41036 by: Dave Sill 41070 by: Peter Samuel 41072 by: David Dyer-Bennet 41073 by: Peter Samuel 41074 by: David Dyer-Bennet 41075 by: Juan E Suris Re: No retry and no bounce? 40999 by: Dave Sill Re: Another question on mailboxes 41000 by: Dave Sill Re: Problems using qmail on very large site 41001 by: root 41012 by: root 41030 by: Yuan P Li 41049 by: root qmail-unsubscribe 41002 by: Patrick, Robert 41013 by: Erry Rahmawan 41015 by: Dave Sill Send retries 41003 by: Martin Renner 41004 by: Dave Sill The "I love you virus" .. and content based filtering 41005 by: Nicolas MONNET 41007 by: Johan Almqvist 41019 by: Jennifer Tippens 41067 by: Noel Mistula Global Address Book? 41006 by: Albert Hopkins Messages stop getting delivered 41008 by: Narvekar, Ashish blocking mails by subject? 41014 by: Jerry Walsh Re: Emergency with the queue 41017 by: Dave Sill Re: Delivers and retrieves... 41018 by: Dave Sill System Requirements 41022 by: Mark Douglas 41024 by: markd.bushwire.net 41026 by: Steve Wolfe Re: Setup of local delivery fastforward (newbie question) 41023 by: Dave Sill Two Delivered-To headers - Why ? 41025 by: PPPindia 41028 by: Soffen, Matthew 41032 by: PPPindia 41033 by: Dave Sill 41035 by: PPPindia 41037 by: Soffen, Matthew 41038 by: Dave Sill Smtp-poplock 41029 by: Bert Beaudin 41039 by: Vince Vielhaber Alias file 41040 by: Mario Rafael qmail needs more time to finish. Sleeping 1 second... 41041 by: Flemming Funch 41042 by: markd.bushwire.net 41052 by: Peter van Dijk 41071 by: Peter Samuel PLEASE HELP! Messages stop getting delivered 41043 by: Narvekar, Ashish 41044 by: markd.bushwire.net hack for filtering "i love you" worm 41045 by: Neil Schemenauer 41046 by: John Gonzalez/netMDC admin 41047 by: Neil Schemenauer 41048 by: Bruce Guenter 41050 by: Bruce Guenter 41055 by: Searcher 41059 by: Jason Haar 41077 by: Benjamin de los Angeles Jr. 41078 by: Bruce Guenter 41080 by: Neil Schemenauer 41081 by: Rainer Link 41082 by: Mulindwa Eric 41083 by: Johan Almqvist 41084 by: Johan Almqvist multiple rcpt patch idea etc 41053 by: David L. Nicol VMS mail.mai files? 41054 by: David L. Nicol ETRN and QMail 41056 by: Jose de Leon 41058 by: Jon Rust 41061 by: Jose de Leon 41064 by: Jon Rust 41065 by: Peter van Dijk 41068 by: Jon Rust qmail abuse... 41057 by: Luke Chiam db files for vpopmail and courier imap 41060 by: Cono D'Elia qmailqueue install prob 41062 by: Jon Rust 41063 by: Peter van Dijk 41066 by: Jon Rust Global filtering 41069 by: Bennett Samowich Rejecting emails 41076 by: Ronneil Camara shared folders 41079 by: Colin Humphreys SUSE and qmail/Spamcontrol 41085 by: Erwin Hoffmann Administrivia: To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To subscribe to the digest, e-mail: [EMAIL PROTECTED] To bug my human owner, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] -- Hello, from some time now, i'm receiving messages corrupted with sequences of the char 'X'. It dos not happen with all the messages, only with a few, but it is persistent. Sometimes it corrupts the header making the all messages unreadable.
Re: hack for filtering i love you worm
Hi, I did setup your qmail-filter.py and test works # echo "test 1" | mail -s okay myself # echo "test 2" | mail -s ILOVEYOU myself qmail-inject: fatal: mail server permanently rejected message (#5.3.0) # echo "test 2" | mail -s ILOVEYOU [EMAIL PROTECTED] qmail-inject: fatal: mail server permanently rejected message (#5.3.0) but when I send an email thought eudora using smtp of this serveur or not to a pop on this serveur, email is not rejected. any idea ? PS I restarted all thanks ! Octave Neil Schemenauer a écrit : qmail-filter.pyName: qmail-filter.py Type: Plain Text (text/plain) -- Amicalement, oCtAvE Connexion terminée par expiration du délai d'attente
reverting back to mbox format with qmail
Hi there I'm having problems with qmail and procmail, were procmail is being able to deliver into the $HOME/Maildir directort, and seems to want to put it all in /var/mail/user, even when we change authenticate.c file, so we have decided to revert back to the mailbox format and put up with it. Does anyoe have a script to conert mailboxes back to the mbox format from the qmail maildir format? cheers nicholas
No Mail Log ?!
Hello everyone, I am using Qmail on Suse 6.3, using /var/spool/mail/USERDIR. For an unknown reason, the mail logs have been cleared and Qmail does not log anything anymore... I have looked in syslog and qmail does not report any errors either. Maybe permissions are wrong on the /var/log/mail file ?? what should they be? Does anybody have any suggestions? (No the hard drive is not full :)) Regards Cedric Revest --- Cedric Revest Britnet Ltd http://www.britnet.co.uk/ Direct Line: 0208 962 9542 Fax: 0208 964 8457
Qmail filter for ILOVEYOU
Hi, This has probably been asked already but I've literally just joined. How can I filter and reject ILOVEYOU messages in Qmail. Any pointers would be appreciated Best regards Rod
Problem with tcpserver
Hi, I am new to this distribution list. Please forgive me if I am not posting to the correct DL. I have a problem to setup a new qmail server. When I trying to enable selective relaying with tcpserver/tcprules for qmail-smtpd, I always got *** 553 sorry, that domain isn't in my list of allowed *** rcpthosts (#5.7.1) To make it simple, I have already tried to put a single rule :allow, RELAYCLIENT="" inside tcp.smtp file and convert it to tcp.smtp.cdb. (no error message) Sill failed. What I have tried is use an OLD cdb file from the retiring server. It works! I have already lost the original rule file in text format. Is there any special way to generate the cdb file?? Is there any suggestion/suspection? Here is my configuration: - Redhat 6.2 - uscpi-tcp 8.0 / 8.4 / 8.8 - qmail 1.03 (install from rpm packages) Appreciated for your help! Regards, Clark __ Do You Yahoo!? Send instant messages get email alerts with Yahoo! Messenger. http://im.yahoo.com/
Atención:::::VIRUS!!!!!!!!!!!!!!
Me ha infectado el virus I LOVE YOU, a alguno de vosotros le ha tenido que llegar, lo siento.
Re: hack for filtering i love you worm
I tried installing the hack as described, but when I try the test, I get an arror saying [root@ns bin]# echo "test 1" | mail -s okay [EMAIL PROTECTED] [root@ns bin]# qmail-inject: fatal: unable to exec qq (#4.3.0) Anyone know what this could be? When I try to execute the py script, it says bash: ./qmail-filter.py: No such file or directory I double checked that the path to python is correct in the script file. /Jesper
Re: qmail won't start!?
hi Dave, The init scripts are in, In what/where? And what's in them? And what platform are you using? Sorry I didn't give enough info. The init scripts are in my /etc/rc.d/init.d dir and softlinked to the various /etc/rcx.d directories. I'm using RH6.2, and used the RPM package to first compile the src then installed it using rpm. By "nothing happens" do you mean that the script runs but doesn't output anything, runs but exits immediately, or what? It runs, but immediately exits. You can't start qmail from inetd.conf. Perhaps you mean qmail-smtpd? Yes, I meant qmail-smtpd.
Re: Problem with tcpserver
On Fri, May 05, 2000 at 03:31:57AM -0700, Clark Hon wrote: I have a problem to setup a new qmail server. When I trying to enable selective relaying with tcpserver/tcprules for qmail-smtpd, I always got *** 553 sorry, that domain isn't in my list of allowed *** rcpthosts (#5.7.1) To make it simple, I have already tried to put a single rule :allow, RELAYCLIENT="" ^ Take out the space. Chris
Re: hack for filtering i love you worm
Mulindwa Eric wrote: but hoe can one use Amavis with qmail, p'se help Please have a look at http://www.unixzone.com/virus - I would suggest to use AMaViS-Perl-5. It should work out-of-the-box. If you run into troubles, please ask me directly. HTH best regards, Rainer Link -- Rainer Link | Member of Virus Help Munich (www.vhm.haitec.de) [EMAIL PROTECTED] | Member of AMaViS Development Team (amavis.org) rainer.w3.to | Maintainer FAQ "antivirus for Linux" (av-linux.w3.to)
Re: hack for filtering i love you worm
Jesper Hess Nielsen a écrit : I tried installing the hack as described, but when I try the test, I get an arror saying [root@ns bin]# echo "test 1" | mail -s okay [EMAIL PROTECTED] [root@ns bin]# qmail-inject: fatal: unable to exec qq (#4.3.0) Anyone know what this could be? When I try to execute the py script, it says bash: ./qmail-filter.py: No such file or directory #!/usr/bin/python # You might have to modify the Python path at the top. which python and fix the first line Amicalement, oCtAvE Connexion terminée par expiration du délai d'attente
Virus Scanners
Any recommendations on server virus scanners that run in harmony with qmail on linux, and if so, why the recommendation? Thanks, jason
Re: hack for filtering i love you worm
If you had taken the time to read the whole mail I sent, You would notice that I already had double checked the location of python. That is not the problem - something else is not working right. /Jesper - Original Message - From: "octave klaba" [EMAIL PROTECTED] To: "Jesper Hess Nielsen" [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, May 05, 2000 1:46 PM Subject: Re: hack for filtering "i love you" worm Jesper Hess Nielsen a écrit : I tried installing the hack as described, but when I try the test, I get an arror saying [root@ns bin]# echo "test 1" | mail -s okay [EMAIL PROTECTED] [root@ns bin]# qmail-inject: fatal: unable to exec qq (#4.3.0) Anyone know what this could be? When I try to execute the py script, it says bash: ./qmail-filter.py: No such file or directory #!/usr/bin/python # You might have to modify the Python path at the top. which python and fix the first line Amicalement, oCtAvE Connexion terminée par expiration du délai d'attente
Re: hack for filtering i love you worm
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 5 May 00, at 13:50, Jesper Hess Nielsen wrote: If you had taken the time to read the whole mail I sent, You would notice that I already had double checked the location of python. That is not the problem - something else is not working right. chmod +x /var/qmail/bin/that-script-filename perhaps? -BEGIN PGP SIGNATURE- Version: PGP 6.0.2 -- QDPGP 2.60 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBORKoe1MwP8g7qbw/EQK+XQCgoTAFg93O4YoKe3ihN1EhFETaEXwAnRWK /N9090LPOKs6n3Xubs7OsG+V =U5QP -END PGP SIGNATURE- -- Petr Novotny, ANTEK CS [EMAIL PROTECTED] http://www.antek.cz PGP key ID: 0x3BA9BC3F -- Don't you know there ain't no devil there's just God when he's drunk. [Tom Waits]
Re: hack for filtering i love you worm
I have ALREADY done everything stated at the beginning of the script file (which I have attached for clarity - some of you may not have seen it). When I have done all this, I get an error when performing the test : [root@ns bin]# echo "test 1" | mail -s okay [EMAIL PROTECTED] [root@ns bin]# qmail-inject: fatal: unable to exec qq (#4.3.0) When I try to run the script directly : [root@ns bin]# ./qmail-filter.py bash: ./qmail-filter.py: No such file or directory Now. Does anyone have any ideas what the problem could be? I've tried running strace ./qmail-filter.py, but it only outputs a "exec: file not found" error. /Jesper -[SNIP]- #!/usr/bin/python # # A quick hack to filter the ILOVEYOU worm with qmail. Use: # # $ cp qmail-filter.py /var/qmail/bin # $ cd /var/qmail/bin # $ chmod +x qmail-filter.py # $ mv qmail-queue qmail-queue-real; ln -s qmail-filter.py qmail-queue # # Test: # # $ echo "test 1" | mail -s okay myself # $ echo "test 2" | mail -s ILOVEYOU myself # # You might have to modify the Python path at the top. This is a # temporary fix. Remove it after the dust settles: # # $ cd /var/qmail/bin # $ mv qmail-queue-real qmail-queue # # Neil Schemenauer [EMAIL PROTECTED] PATTERN = r"^Subject: ILOVEYOU\s*$" QMAIL_QUEUE = "/var/qmail/bin/qmail-queue-real" import re import string import sys import os import tempfile def mktemp(): for i in range(10): tmp = tempfile.mktemp() try: fd = os.open(tmp, os.O_RDWR|os.O_CREAT|os.O_EXCL, 0700) except OSError: continue file = os.fdopen(fd, "w+b") os.unlink(tmp) return file return None try: mess = mktemp() if not mess: os._exit(53) # write error header = 1 while 1: line = sys.stdin.readline() if not line: break if line in ("\r\n", "\n"): header = 0 if header and re.search(PATTERN, line): os._exit(31) # blocked, permanent error mess.write(line) mess.flush() mess.seek(0) os.dup2(mess.fileno(), 0) os.execv(QMAIL_QUEUE, ()) except: os._exit(81) # internal error ---[SNIP]-
Re: hack for filtering i love you worm
On Fri, May 05, 2000 at 01:59:39PM +0200, Jesper Hess Nielsen spoke thusly: I have ALREADY done everything stated at the beginning of the script file (which I have attached for clarity - some of you may not have seen it). When I have done all this, I get an error when performing the test : [root@ns bin]# echo "test 1" | mail -s okay [EMAIL PROTECTED] [root@ns bin]# qmail-inject: fatal: unable to exec qq (#4.3.0) When I try to run the script directly : [root@ns bin]# ./qmail-filter.py bash: ./qmail-filter.py: No such file or directory This looks like the error you get when the path to your interpreter on the shebang line is incorrect. Tim.
Re: hack for filtering i love you worm
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 5 May 00, at 13:59, Jesper Hess Nielsen wrote: [root@ns bin]# ./qmail-filter.py bash: ./qmail-filter.py: No such file or directory I see. What does "head -n1 qmail-filter.py|od -c" say? Is there anything about character "015" or "\r" or so? Then you need to delete DOS-like end-of-line characters. -BEGIN PGP SIGNATURE- Version: PGP 6.0.2 -- QDPGP 2.60 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBORKqwFMwP8g7qbw/EQITcgCg8ZCWR3Rc04kHKT48tt5gryf8HOQAoIuN AVub7s3cLN50Bz6fASIiUw+s =VVpT -END PGP SIGNATURE- -- Petr Novotny, ANTEK CS [EMAIL PROTECTED] http://www.antek.cz PGP key ID: 0x3BA9BC3F -- Don't you know there ain't no devil there's just God when he's drunk. [Tom Waits]
Re: hack for filtering i love you worm
On Fri, May 05, 2000 at 01:10:53PM +0200, Jesper Hess Nielsen wrote: I tried installing the hack as described, but when I try the test, I get an arror saying [root@ns bin]# echo "test 1" | mail -s okay [EMAIL PROTECTED] [root@ns bin]# qmail-inject: fatal: unable to exec qq (#4.3.0) Anyone know what this could be? When I try to execute the py script, it says bash: ./qmail-filter.py: No such file or directory ldd /path/to/python Maybe you're missing a library. Regards; RC -- +--- | Ricardo Cerqueira | PGP Key fingerprint - B7 05 13 CE 48 0A BF 1E 87 21 83 DB 28 DE 03 42 | Novis - Engenharia ISP / Rede Técnica | Pç. Duque Saldanha, 1, 7º E / 1050-094 Lisboa / Portugal | Tel: +351 21 3166730/00 (24h/dia) - Fax: +351 21 3166701
Re: accustamp|tailocal|matchup
"David Dyer-Bennet" [EMAIL PROTECTED] wrote: Peter Samuel [EMAIL PROTECTED] wrote: And you editor can't read in the results of a program? I can think offhand of a couple of ways of doing it, but all of them are grossly inefficient and take lots of keystrokes. There may well be an easy way I'm overlooking, too. Nothing exotic, I'm an emacs user. I'm not starting a new instance, I'm visiting the log file from my existing instance. rant ``Nothing exotic, I'm an emacs user''? Emacs? Have you heard the debates whether Emacs was an OS, a shell, or an editor? Have you seen the emacs mailreaders, shell modes, IRC interfaces, and web browser? What you want to do is absolutely trivial in emacs, and you can bind it to a single keystroke. /rant Anyway, what you want to do is absolutely trivial in emacs, and you can bind it to a single keystroke. Len. -- You're repeating the same old ``forks are bad and execs are disastrous'' litany without _profiling_ where your time is actually going. -- Dan Bernstein
Re: Qmail filter for ILOVEYOU
Rodney Edwards [EMAIL PROTECTED] wrote: This has probably been asked already but I've literally just joined. How can I filter and reject ILOVEYOU messages in Qmail? Congratulations! You may be the first new subscriber whose question is at least 1) timely, and 2) not a FAQ! You get a cigar! Any pointers would be appreciated Let me point you to the qmail archive: http://www-archive.ornl.gov:8000/. There have been some quick-and-dirty hacks suggested over the last couple of days, but since I don't run Windows I haven't paid much attention. Searching on ``ILOVEYOU'' should turn them up. Hope this helps, Len. -- Frugal Tip #31: Incrementally reduce your year-to-year operating expenditures while aggressively recognizing unrealized receivables in the current quarter.
Re: Virus Scanners
On Fri, May 05, 2000 at 09:51:52PM +1000, Jason Brooke wrote: Any recommendations on server virus scanners that run in harmony with qmail on linux, and if so, why the recommendation? H+BEDV antivir, from www.hbedv.com and www.antivir.de. Free for non-commercial use, no fuzz with web interfaces and the like (just command-line), fast updates. German version is better than english, though. Thanks, jason -Johan -- Johan Almqvist
Re: No Mail Log ?!
Hello everyone, I am using Qmail on Suse 6.3, using /var/spool/mail/USERDIR. For an unknown reason, the mail logs have been cleared and Qmail does not log anything anymore... I have looked in syslog and qmail does not report any errors either. Maybe permissions are wrong on the /var/log/mail file ?? what should they be? Does anybody have any suggestions? (No the hard drive is not full :)) Regards Cedric Revest This may be due to the feature of syslogd that if the file it's supposed to be writing to doesn't exist, it doesn't create it, nothing gets logged. If that's the case, try touching the log file and see if the messages start coming. Chris Harris System Manager STL Ltd. ph. 01228 512512 ext. 2211 fax 01228 514949
Re: Global filtering
At 9:33 PM -0400 5/4/00, Bennett Samowich wrote: Greetings, I am relatively new to qmail, so forgive me if this is too simple... With all of the current goings on about the "luv bug", I have a question concerning qmail and filtering. My customer base uses sendmail primarily, while I have been experimenting with qmail at my site. With the sendmail sites I was able to implement a configuration "hack" to stop initial instances of the message. I was also able to implement a global procmail filter to accomplish the same thing. My question is this: Does qmail have the ability to implement global filters. I know that I can put procmail lines in each users .qmail file, but that seems like alot of work. IIRC, the default delivery instruction in /var/qmail/rc can be a pipe to a program. So you can qmail-start "| preline /path/to/procmail" and have mail by default run through procmail. Of course, you still have a .qmail problem: any user with a .qmail will override the default instruction. "man qmail-command" gives you some details. Thanks in advance, - Bennett -- -- Paul J. Schinder NASA Goddard Space Flight Center Code 693 [EMAIL PROTECTED]
Re: hack for filtering i love you worm
On Fri, May 05, 2000 at 02:56:38AM -0600, Neil Schemenauer [EMAIL PROTECTED] wrote: On Thu, May 04, 2000 at 07:28:32PM -0400, Searcher wrote: exit(31) if /name="LOVE-LETTER-FOR-YOU.TXT.vbs"/o; Am I missing something here? Nothing except that fact that the real solution is to fix the broken mail clients. IMHO, virus scanners and the like are fundamentally broken. I agree with that. Since this one actually burns people, maybe people will learn not to run attachments unless they are expecting them and they are from someone they have a good reason to trust. I am suprised that we aren't already seeing viruses that mutate by encrypting themselves (to make virus scanning harder by greatly reducing the fixed part of the payload) and using varients in the deliverly envelope at each iteration. Using the same filename for the attachment and the same subject each time the virus transmits itself makes it too easy to detect the message.
how do i apply QMAILQUEUE
hi i am sorry for this very easy question, but i am playing around and can not work it out. how can i apply the QMAILQUEUE patch? i made a file with the patch in it, qmailqueue-patch, which looks like: -- start --- qmail-1.03-orig/MakefileMon Jun 15 04:53:16 1998 +++ qmail-1.03/Makefile Tue Jan 19 10:52:24 1999@@ -1483,12 +1483,12 @@ trigger.o fmtqfn.o quote.o now.o readsubdir.o qmail.o date822fmt.o \ datetime.a case.a ndelay.a getln.a wait.a seek.a fd.a sig.a open.a \ lock.a stralloc.a alloc.a substdio.a error.a str.a fs.a auto_qmail.o \ -auto_split.o+auto_split.o env.a ./load qmail-send qsutil.o control.o constmap.o newfield.o \ prioq.o trigger.o fmtqfn.o quote.o now.o readsubdir.o \ qmail.o date822fmt.o datetime.a case.a ndelay.a getln.a \ wait.a seek.a fd.a sig.a open.a lock.a stralloc.a alloc.a \ - substdio.a error.a str.a fs.a auto_qmail.o auto_split.o + substdio.a error.a str.a fs.a auto_qmail.o auto_split.o env.a qmail-sen d.0: \ qmail-send.8diff -u qmail-1.03-orig/qmail.c qmail-1.03/qmail.c --- qmail-1.03-orig/qmail.c Mon Jun 15 04:53:16 1998 +++ qmail-1.03/qmail.c Tue Jan 19 09:57:36 1999@@ -6,14 +6,25 @@ #include "fd.h " #include "qmail.h" #include "auto_qmail.h"+#include "env.h" -static char *binqqargs[2] = { "bin/qmail-queue", 0 } ; +static char *binqqargs[2] = { 0, 0 } ;++static void setup_qqargs()+{ + if(!binqqargs[0])+binqqargs[0] = env_get("QMAILQUEUE"); + if(!binqqargs[0])+binqqargs[0] = "bin/qmail-queue";+} int qmail_open(qq) struct qmail *qq; { int pim[2]; int pie[2];++ setup_qqargs(); if (pipe(pim) == -1) return -1; if (pipe(pie) == -1) { close(pim[0]); close(pim[1]); return -1; } - end i tried to apply it: caramel:/usr/local/src # ls -d qmail* qmail-1.03/ qmail.tar.gz qmailanalog-0.70/ qmailanalog-0_70.tar.gz qmailqueue-patch caramel:/usr/local/src # patch qmailqueue-patch Hmm... I can't seem to find a patch in there anywhere. caramel:/usr/local/src # what am i doing wrong? any help is greatly appreciated jan stifter
Re: Virus Scanners
Jason Brooke wrote: Any recommendations on server virus scanners that run in harmony with qmail on linux, and if so, why the recommendation? Please have a look at http://av-linux.w3.to, esp. the Mini-FAQ as text file (direct link is http://www.ce.is.fh-furtwangen.de/~link/security/av-linux_e.txt) (please bookmark only http://av-linux.w3.to - thnx) HTH cu, Rainer -- Rainer Link | Member of Virus Help Munich (www.vhm.haitec.de) [EMAIL PROTECTED] | Member of AMaViS Development Team (amavis.org) rainer.w3.to | Maintainer FAQ "antivirus for Linux" (av-linux.w3.to)
Re: hack for filtering i love you worm
Well, to thourghly test any of these scripts for qmail.. you need a copy or infected e-mail to run through the script. Does anyone have an infected e-mail to post? Or a URL where I can get one? Just adding a script is useless gotta test it out. BTW, should we send the bill to Bill Gates or Ballmer for allowing thier software to yet again grind the internet to a freaking halt. My Pine/Linux box has been virus free for 3+ years! Paul Farber Farber Technology [EMAIL PROTECTED] Ph 570-628-5303 Fax 570-628-5545 On Fri, 5 May 2000, Rainer Link wrote: Mulindwa Eric wrote: but hoe can one use Amavis with qmail, p'se help Please have a look at http://www.unixzone.com/virus - I would suggest to use AMaViS-Perl-5. It should work out-of-the-box. If you run into troubles, please ask me directly. HTH best regards, Rainer Link -- Rainer Link | Member of Virus Help Munich (www.vhm.haitec.de) [EMAIL PROTECTED] | Member of AMaViS Development Team (amavis.org) rainer.w3.to | Maintainer FAQ "antivirus for Linux" (av-linux.w3.to)
Re: hack for filtering i love you worm
On Fri, May 05, 2000 at 09:47:57AM -0400, Paul Farber wrote: Well, to thourghly test any of these scripts for qmail.. you need a copy or infected e-mail to run through the script. Does anyone have an infected e-mail to post? Or a URL where I can get one? Just adding a script is useless gotta test it out. http://www.almqvist.net/~johan/virus.txt BTW, should we send the bill to Bill Gates or Ballmer for allowing thier software to yet again grind the internet to a freaking halt. My Pine/Linux box has been virus free for 3+ years! -Johan -- Johan Almqvist
Re: hack for filtering i love you worm
Well, to thourghly test any of these scripts for qmail.. you need a copy or infected e-mail to run through the script. You must be the only person in the world without a copy! Seriously though, you don't need a copy of the virus. Just create an email with the correct subject line, and with a correctly named attachment. That should be enough to test your script ___ This message has been checked for all known viruses by the MessageLabs Virus Control Centre. For further information visit http://www.messagelabs.com/stats.asp
Re: db files for vpopmail and courier imap
Cono D'Elia wrote: Hello, Is there a limitation for the amount of users courier imap and vpopmail can support using the db type files? Is it better to go with an sql database instead? Thanks, Cono. There is no limitation of cdb password files. However, modifications to the file (add/delete/mod) start taking long amounts of time 30 seconds when you have more than 5,000 users. ken jones inter7
shim before final local delivery?
Hello all, Is there a way to insert a shim (or shell wrapper) before qmail-local deleivers a local message? IE, check for message size if $RECIEPENT = 'baduser' or some such thing? It would seem administratively easier to apply these type of filters for a large group of users that way rather than ~/.qmail-default 'ing all the home dirs. Paul Farber Farber Technology [EMAIL PROTECTED] Ph 570-628-5303 Fax 570-628-5545
Re: ETRN and QMail
On Thu, May 04, 2000 at 05:51:46PM -0700, Jon Rust wrote: At 2:43 AM +0200 5/5/00, Peter van Dijk wrote: So much for security, eh? Hrmf. You have apoint there. :-/ Guess I should think before typing. Of course, by limiting the range of IPs allowed to trigger the download, you could decrease the exposure, but it would be far from perfect. No, you're on the right track. Have tcpserver on the private port trigger authentication via the qmail-popup and checkpassword. tcpserver sets the incoming ip address in an environment variable, and you can trigger serial- mail from the tcpserver commandline. John
Re: ETRN and QMail
On Thu, 4 May 2000, Jon Rust wrote: At 2:43 AM +0200 5/5/00, Peter van Dijk wrote: So much for security, eh? Hrmf. You have apoint there. :-/ Guess I should think before typing. Of course, by limiting the range of IPs allowed to trigger the download, you could decrease the exposure, but it would be far from perfect. (crawling back into lurk mode) jon Exchange servers can be made to run an arbitrary program upon completing the initiation of the dialup connection. Give them program which initiates a pop3 or spop3 connection, authenticates itself at the server, then quits. And there is a wrapper for this behaviour on www.qmail.org. ssh can also be made to do this, but that would need a system account on the mailserver for each such user. Albeit their shell can be the script maildir2smtp. Robert Varga
QMAILQUEUE seems not to work with scan4virus
hi, i applied the QMAILQUEUE patch to qmail. i start my qmail-smtpd with supervise /var/lock/svc/qmail-smtpd tcpserver -v -q -x/etc/tcp.smtp.cdb\ -u101 -g101 0 smtp /var/qmail/bin/qmail-smtpd 21 | \ setuser qmaill accustamp | \ setuser qmaill tailocal /var/log/qmail-smtpd.log and it works. if i do an export QMAILQUEUE="/var/qmail/bin/antivirus-qmail-queue.pl" in front of the above command, no mail is working: caramel:/var/log # telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 caramel.medres.ch ESMTP helo 250 caramel.medres.ch mail from: test 250 ok rcpt to: [EMAIL PROTECTED] 250 ok data 354 go ahead . 451 qq temporary problem (#4.3.0) quit 221 caramel.medres.ch Connection closed by foreign host. caramel:/var/log # the file qmail-smtpd.log shows the following lines: 2000-05-05 16:44:31.581449 Can't do setuid what is the problem? what can i do? any hints are greatly appreciated jan
Re: how do i apply QMAILQUEUE
On Fri, 05 May 2000 15:21:43 +0200, Jan Stifter [EMAIL PROTECTED] wrote: i solved it. my patch was broken. sorry jan
Re: shim before final local delivery?
Paul Farber [EMAIL PROTECTED] wrote: Is there a way to insert a shim (or shell wrapper) before qmail-local delivers a local message? Simple; write a wrapper called ``qmail-local'', which in the end exec's the original qmail-local (which you should rename, of course). The interface is remarkably simple. From qmail-local(8): SYNOPSIS qmail-local [ -nN ] user homedir local dash ext domain sender defaultdelivery DESCRIPTION ... The standard input for qmail-local must be a seekable file, so that qmail-local can read it more than once. See? It's a snap. (If you don't know how, I'll do it for a small fee.) It would seem administratively easier to apply these type of filters for a large group of users that way rather than ~/.qmail-default 'ing all the home dirs. In fact this latter ``solution'' doesn't work anyway--unless the users cannot create .qmail files. Extensions for which more specific .qmail-ext files exist are delivered according to those instructions, bypassing .qmail-default entirely. Len. -- Frugal Tip #19: Discover the secret to happiness, then sell the franchise rights.
Re: Alias file
Mario Rafael [EMAIL PROTECTED] wrote: Hi :), I have several questions I have an /var/spool/mail/alias file that is getting bigger and bigger each moment, what it's is purpose?, It's the user "alias"'s mailbox. It's sometimes where root/postmaster mail ends up. I have taken a lookt at it and it seems that the messages double bouncing are stored there... how can I directly throw those messages to /dev/null?, thanks in advance. echo devnull /var/qmail/control/doublebounceto echo # ~alias/.qmail-devnull Then restart qmail. -Dave
Re: qmail abuse...
"Luke Chiam" [EMAIL PROTECTED] wrote: I suspect someone is sending bulk mail using our qmail server, as we are getting a lot of rebounced mail and delivery failure notice. A spammer might be sending stuff out with your domain in the envelope return path. That would cause bounces to come to you even if the messages didn't come from you. (They could be doing that to avoid anti-spam mechanisms that require a valid domain in the return path.) One of your users could be sending spam. Presumably this would be apparent from examing the double bounces. You could be an open relay. See: http://Web.InfoAve.Net/~dsill/lwq.html#relaying -Dave
Re: Global filtering
Bennett Samowich [EMAIL PROTECTED] wrote: Does qmail have the ability to implement global filters. I know that I can put procmail lines in each users .qmail file, but that seems like alot of work. qmail doesn't have a filtering mechanism built in, but one can be constructed pretty easily using the technique described in the following article: http://www.faqts.com/knowledge-base/view.phtml/aid/2142/fid/203/lang/en -Dave
Re: qmail won't start!?
"Isaiah Chua" [EMAIL PROTECTED] wrote: Sorry I didn't give enough info. The init scripts are in my /etc/rc.d/init.d dir and softlinked to the various /etc/rcx.d directories. I'm using RH6.2, and used the RPM package to first compile the src then installed it using rpm. By "nothing happens" do you mean that the script runs but doesn't output anything, runs but exits immediately, or what? It runs, but immediately exits. That's normal. Init scripts generally run stuff in the background so the system can move on to the next script. Do the qmail processes show up when you run ps? See: http://Web.InfoAve.Net/~dsill/lwq.html#processes -Dave
PERL filtering...
I have recently deployed a freeware procmail script that does a very good job filtering out various forms or malicious mail. So far it has caught all the ILOVEYOU mail and a few of the variants we have seen. Since I use QMail on my own machine, can procmail scripts be used with QMail? Most of the script uses some well crafted PERL code, so if not, it could probably be shoe-horned into a form that QMail will utilize. Any suggestions?
RE: qmail abuse...
I guess the bounce mail comes from my side since I'm trying to configure my qmail also but still having some problems. Sorry for that. I've restored my old config and later, I will test again. My qmail setup is different. My qmail is configured as an email gateway only. So there are no users in my qmail server. I hope you can help with this kind of scenario. -Original Message- From: Dave Sill [mailto:[EMAIL PROTECTED]] Sent: Saturday, May 06, 2000 1:18 AM To: [EMAIL PROTECTED] Subject: Re: qmail abuse... "Luke Chiam" [EMAIL PROTECTED] wrote: I suspect someone is sending bulk mail using our qmail server, as we are getting a lot of rebounced mail and delivery failure notice. A spammer might be sending stuff out with your domain in the envelope return path. That would cause bounces to come to you even if the messages didn't come from you. (They could be doing that to avoid anti-spam mechanisms that require a valid domain in the return path.) One of your users could be sending spam. Presumably this would be apparent from examing the double bounces. You could be an open relay. See: http://Web.InfoAve.Net/~dsill/lwq.html#relaying -Dave
qmail-mrtg qfilelog
Is there some way to make qmail-mrtg work with qfilelog log files? I am doing my logging monthly .. that is i have log data piped through qfilelog into /var/log/qmail/sendlog and a /var/log/qmail/smtpd/smtpdlog which grow for an entire month and then get rolled over, and are parsed with matchup/zoverall and friends. Is it possible to have the qmail-mrtg scripts read these two files? -- Mark Drummond|ICQ#19153754|mailto:[EMAIL PROTECTED] UNIX System Administrator|Royal Military College of Canada The Kingston Linux Users Group|http://signals.rmc.ca/klug/ Saving the World ... One CPU at a Time
Re: PERL filtering...
on 5/5/00 10:32 AM, John W. Lemons III had the thought: I have recently deployed a freeware procmail script that does a very good job filtering out various forms or malicious mail. So far it has caught all the ILOVEYOU mail and a few of the variants we have seen. Since I use QMail on my own machine, can procmail scripts be used with QMail? Most of the script uses some well crafted PERL code, so if not, it could probably be shoe-horned into a form that QMail will utilize. Any suggestions? You are better off using something like scan4virus at the queue level. http://www.geocities.com/jhaar/scan4virus/ While it is probably not advised, I am using it without the QMAILQUEUE patch. Instead, the scan4virus program receives the mail, scans it, then passes it to my renamed qmail-queue program. Right now I deny all .vbs attachments. Yes, this is rather draconian and there might be a 1 in 100,000,000,000,000 chance that someone really needs to send a .vbs attachment. Those are the breaks... Pat -- Freestyle Interactive | http://www.freestyleinteractive.com | 415.778.0610
Re: hack for filtering i love you worm
At 5/5/2000 09:47 AM -0400, Paul Farber wrote or quoted: Well, to thourghly test any of these scripts for qmail.. you need a copy or infected e-mail to run through the script. Good point. Does anyone have an infected e-mail to post? Or a URL where I can get one? Just adding a script is useless gotta test it out. Yeah, I got emailed a copy of the I-LOVE-YOU-LETTER.TXT.vbs last night, and it's still in my Maildir on my server. Should I just email it to you, or does the whole list want a copy? - Kai MacTane System Administrator Online Partners.com, Inc. - From the Jargon File: (v4.0.0, 25 Jul 1996) finger trouble /n./ Mistyping, typos, or generalized keyboard incompetence (this is surprisingly common among hackers, given the amount of time they spend at keyboards). "I keep putting colons at the end of statements instead of semicolons", "Finger trouble again, eh?".
Re: hack for filtering i love you worm
At 5/4/2000 11:29 PM -0600, Bruce Guenter wrote or quoted: Anyone can rename that .vbs to what ever they want and send it around again so wouldn't it be more efficient to filter all .vbs attachments? Nope, you're exactly right. However, the question was, how do I filter the "ILOVEYOU" worm, and the above is a quick (and somewhat dirty) answer. If you know how to identify VBS source, with the absence of a MIME type, please tell us. I intend to do this for my employers, so I'm not just being facetious. I really think this is the way to go as well. I've been telling my employer since yesterday morning that the Subject: line is probably the single most easily mutatable thing about this email, and that it would make much more sense to just stop any mail containing a .vbs attachment. I looked at the copy on my disk, and found the following at the beginning: Content-Type: application/octet-stream; name="LOVE-LETTER-FOR-YOU.TXT.vbs" Content-Disposition: attachment; filename="LOVE-LETTER-FOR-YOU.TXT.vbs" Content-Transfer-Encoding: base64 You could probably just do a regex match on: ^Content-type: \S+\; name=\".+\.vbs\" (Note: I have not tested that regex yet. It may not even function. It is quick-and-dirty, and even if it *does* work, there are probably better ways to do it.) In particular, there's probably a better way to express that .+\.vbs, although I note that \w+\.vbs and \S+\.vbs are *not* the way to do it, as filenames may contain spaces and other characters. - Kai MacTane System Administrator Online Partners.com, Inc. - From the Jargon File: (v4.0.0, 25 Jul 1996) finger trouble /n./ Mistyping, typos, or generalized keyboard incompetence (this is surprisingly common among hackers, given the amount of time they spend at keyboards). "I keep putting colons at the end of statements instead of semicolons", "Finger trouble again, eh?".
Antigen found =love-letter-for-you.txt.vbs file
Antigen for Exchange found LOVE-LETTER-FOR-YOU.TXT.vbs matching =love-letter-for-you.txt.vbs file filter. The file is currently Detected. The message, "Re: hack for filtering "i love you" worm", was sent from Kai MacTane and was discovered in IMC Queues\Inbound located at Matchlogic/MATCHLOGIC/HOUSTON.
Re: PERL filtering...
Hi, You are better off using something like scan4virus at the queue level. http://www.geocities.com/jhaar/scan4virus/ setuping scan4vuris I have this error Cannot find unzip on your system! 2 stupid questions: - where can I find it out for linux ? - do I need to use McAfee with ? if yes, whch version ? an url ? thanks Octave Amicalement, oCtAvE Connexion terminée par expiration du délai d'attente
Re: PERL filtering...
on 5/5/00 10:55 AM, octave klaba had the thought: setuping scan4vuris I have this error Cannot find unzip on your system! 2 stupid questions: - where can I find it out for linux ? http://freshmeat.net - do I need to use McAfee with ? if yes, whch version ? an url ? No, but should have at least one kind of scanner. It is easier if you use one that is already tested and on the list. Or you can simply use the built in perl scanner. Freshmeat also has links for cirus scanners. Pat -- Freestyle Interactive | http://www.freestyleinteractive.com | 415.778.0610
How do I invoke the qmail-users Mechanism ??
Hi. I dont understand how to invoke the qmail-users system. I have a server and /var/qmail/users/ is empty. I would like to be able to use the "assign" mechanism. How do i do this ? I tried to run qmail-pw2u but it just seems to hang forever. This is how it says to do it in Life with Qmail. Also if i start using 'assign' will it somehow mess up my exisiting config ? Does qmail have to be restarted as well ?? thanks in advance ! tony
Re: Antigen found =love-letter-for-you.txt.vbs file
At 5/5/2000 11:54 AM -0600, ANTIGEN_HOUSTON wrote or quoted: Antigen for Exchange found LOVE-LETTER-FOR-YOU.TXT.vbs matching =love-letter-for-you.txt.vbs file filter. The file is currently Detected. The message, "Re: hack for filtering "i love you" worm", was sent from Kai MacTane and was discovered in IMC Queues\Inbound located at Matchlogic/MATCHLOGIC/HOUSTON. Hmmm. Looks like someone's already filtering on just the string I sent out. I wonder if they're filtering all .vbs files? Content-Type: application/octet-stream; name="This is Bogus.vbs" Content-Disposition: attachment; filename="This is Bogus.vbs" - Kai MacTane System Administrator Online Partners.com, Inc. - From the Jargon File: (v4.0.0, 25 Jul 1996) finger trouble /n./ Mistyping, typos, or generalized keyboard incompetence (this is surprisingly common among hackers, given the amount of time they spend at keyboards). "I keep putting colons at the end of statements instead of semicolons", "Finger trouble again, eh?".
Antigen found =*.vbs file
Antigen for Exchange found This is Bogus.vbs matching =*.vbs file filter. The file is currently Deleted. The message, "Re: Antigen found =love-letter-for-you.txt.vbs file", was sent from Kai MacTane and was discovered in IMC Queues\Inbound located at Matchlogic/MATCHLOGIC/HOUSTON.
Re: How do I invoke the qmail-users Mechanism ??
"Tony D'Andrade" [EMAIL PROTECTED] wrote: Hi. I dont understand how to invoke the qmail-users system. I have a server and /var/qmail/users/ is empty. I would like to be able to use the "assign" mechanism. How do i do this ? I tried to run qmail-pw2u but it just seems to hang forever. Did you read the qmail-pw2u man page? This is how it says to do it in Life with Qmail. No, LWQ doesn't tell you how to run qmail-pw2u. The purpose of the qmail-users coverage in LWQ is to supplement the man pages, not to replace them. Also if i start using 'assign' will it somehow mess up my exisiting config ? That depends upon what you put in /var/qmail/users. Does qmail have to be restarted as well ?? No. -Dave
Qmail-send
We can only send out 22 messages from remote queue at once and when the server has finished delivering those 22 it does not queue up to deliver any more. We have over 8,000 message in our remote queue and sending qmail-send an -ALRM does not get it to restart sending. We have to stop and start it by hand each time. Any help would be greatly apprecaited or request for more info. Concurrency is set to 100 remote queues and it is not even using them all. Qmail 1.03 running on a SGI Challenge S - Irix 6.5 -Eric Davis [EMAIL PROTECTED]
Re: PERL filtering...
On Fri, May 05, 2000 at 02:32:10PM -0500, John W. Lemons III wrote: [A whole pile of extensions cut] Most of these will never need to be sent or received by a user and all can contain malicious code. Any other suggestions? Yes. Fix the mail client or switch to one that does not execute untrusted code without prompting. Neil -- Real programmers don't make mistrakes
Re: Future of qmail: will it care about viri/worms/etc?
"Keith Warno" [EMAIL PROTECTED] wrote: The continued discussions about the "love bug" and qmail "hacks" for dealing with it have me disturbed. I won't knock djb; the man needs to write an OS one of these days. :) However there should be no need to "hack" qmail to get it to filter unwanted mail and I'm wondering if future versions of qmail will care. I'll be suprised if the next version of qmail doesn't have better support for filtering/processing messages. DJB is good at addressing users needs in subsequent releases. Look at the development of DNScache or the early qmail days for two examples. Dave Sill's "general approach" for filtering is, well... I couldn't help but crack up when I read it [01]. This is by no means intended to be offensive; it's just funny to read that a *possible* solution for getting qmail to do what I want is to install it twice. Well, I always try to entertain, as well as inform. :-) The [01] method is crude, but quite flexible and powerful--and requires no modification to the source code. Maybe windoze will do what I want if I install it twice eh? ermm.. no, been there, done that. More of a good thing is sometimes better, but more of a bad thing...? CERT also talked about filters for sendmail, postfix, and procmail [02]. No mention of qmail. Probably because the "vendors" submitted that information, but DJB didn't. -Dave
Re: accustamp|tailocal|matchup
Kins Orekhov [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: And can't you look at them by passing them through tai64nlocal each time? Can you spell "shell script wrapper"? :) I *asked* the list about *some program* which can do reverse time translation for my *already existing logs* - from Local to TAI. Correct. And Peter answered your question: ``Can you spell `shell script wrapper'?'' Translated, he just told you to write a script called ``look-at-old-logs'', which runs tai64nlocal on the old log files, and then displays them to you. Then, whenever you want to look at old logs, you run ``look-at-old-logs'', and voila! The magic happens all over again. That's the wonderful thing about computers: they never get bored. And your response(s) (especially last one) never answered my question. It did. However, to benefit from the answer required some work from you. If you want somebody to do the work for you, pay them. (I'll do it if you prepay, in US dollars. Say, $250 for 2.5 hours work, and if I'm done sooner, I'll refund the difference.) Len. -- Frugal Tip #41: Remember, the best things in life are free. That means if you can resell them, that's a 100% profit margin.
RE: PERL filtering...
Consider filtering the following as well: *.reg Regedit will inject its contents into your registry without any warning if you open this file *.hlp Windose help files can contain auto-executing vb script *.hta html application, can contain vb script, javascript etc.(MSHTA.EXE will run them when you click on them) *.shs shell automation code *.vbs vb script *.chm compiled HTML help file, also can contain vb script, javascript etc. Most of these will never need to be sent or received by a user and all can contain malicious code. Any other suggestions? Here's a snip from a bugtraq post... snip Sean Malloy [EMAIL PROTECTED] is letting us known that changing the virus to use a WSF extension instead of VBS is just as affective. WSF stands for Windows Scripting File. Antivirus vendors that want to be proactive might want to add this extension to their signatures. /snip Mark
Re: Connecting to my email server..
I don't know exactly what types of NAT firewalling there are, but I'll assume you mean something like IPmasquerading with Port forwarding (25 forwarded to you internal machine). You can't send packets to your external (real) IP and then have them come back into the network. For instance, my web server is inside my network. If I try to access www.youwasahero.com, it will time out. On the otherhand, my FTP server is on the firewall/gateway box, so if I access ftp.youwasahero.com that works, because the packets don't have to leave the network and then come back in. Here are your options: 1) Put your qmail server on the gateway/firewall machine (this is what I do). 2) Set up a DNS server for your internal network. Make an entry so that mail.int.foobar.com resolves to your INTERNAL IP address for the mail server. (this is how I handle my internal web server. For the real world DNS records, www.youwasahero.com resolves to my external (real) IP address, and port 80 is forwarded. For my private internal DNS server, www.youwasahero.com resolves to the IP address of the web server on the internal network, 192.168.0.5.) I hope that makes sense. "Steve Peace(Internal)" wrote: First off, let me thank everyone in this mailing list for assiting me in setting up my qmail server. Within about 4 weeks, I now have a functioning server that will send and receive email from the internet and internally. A special koodoos to Dave Sill for writing LWQ. Your Document was a huge amount of help. I now have a server running on RedHat 6.1 with Qmail 1.03. I seem to be having one problem. My server sits behind a NAT firewall. I have 2 NICs in my server, one with an internal non routeable adrress, and another with a real ip address that my new ISP has given to me. I contacted my former/other provider that is hosting our website and also registered our domain, to get the MX records changed to point to my new mail server. This has been done as far as I can tell. when I do a nslookup on mail.foobar.com I get back the correct address. Also I can receive email from the outside world. My problem lies with attaching to mail.foobar.com. When I am behind the firewall I can attach to mail.int.foobar.com and everything is working, but when I try to attach to mail.foobar.com, I time out. Listed below is the output of qmail-showctl. It all seems to be OK when I look at it, but I'm just a newbie. Any help would be greatly appreciated.qmail home directory: /var/qmail.
Re: PERL filtering...
I have recently deployed a freeware procmail script that does a very good job filtering out various forms or malicious mail. So far it has caught all the ILOVEYOU mail and a few of the variants we have seen. Since I use QMail on my own machine, can procmail scripts be used with QMail? Most of the script uses some well crafted PERL code, so if not, it could probably be shoe-horned into a form that QMail will utilize. Any suggestions? You are better off using something like scan4virus at the queue level. http://www.geocities.com/jhaar/scan4virus/ While it is probably not advised, I am using it without the QMAILQUEUE patch. Instead, the scan4virus program receives the mail, scans it, then passes it to my renamed qmail-queue program. Right now I deny all .vbs attachments. Yes, this is rather draconian and there might be a 1 in 100,000,000,000,000 chance that someone really needs to send a .vbs attachment. Those are the breaks... Thanks Pat... That was the point I was trying to get across yesterday... It can be renamed and sent through over and over so why not filter all .vbs attachments? I tried to emphasize the point that non tech uses are killing us with their carelessness so we have to protect them from vbs scripts in order to protect ourselves. On the same note I carried it through to all exe files as well. If they need to be sent by good users- What's the big deal in changing the extension to .exx? Bad guys will send an exe and hope it is run on double click while an exx.obviously won't till the end user changes the extension back to .exe. My point is, if we don't stop viruses and Trojans from spreading then Uncle Sam will try and we do not want that to happen considering the mess we have with this child safety act. I wonder at times if they don't create these problems so they have an excuse to try to control the net! The news I saw and read leaned heavily towards government offices and military bases being affected. :( Rick == paranoid!
RE: Two Delivered-To headers - Why ?
We frequently get two Delivered-To headers when one qmail mailbox forwards to another qmail mailbox. Dave -Original Message- From: PPPindia [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 04, 2000 1:57 PM To: [EMAIL PROTECTED] Subject: Two Delivered-To headers - Why ? Setup: LAN, Redhat 6.1, qmail, vpopmail/vchkpw, Mailman list software Default domain : sanshri.com, Virtual domain : ppp.com Mailman list is configured for the virtual domain ppp.com Problem : Two Delivered-To headers are being generated - one addressed to the alias, and the other with the actual destination address - the mailman list owner address. (see below) I am having this problem not only in this case, but also when i manually create an alias in the default domain sanshri.com So far i have never been able to create an alias entry without the mail having two delivered-to headers ? I do not have this problem when i create an alias through qmailadmin/vpopmail. The alias setup for the virtual domain is as follows : - In /domains/ppp.com/.qmail-pppshar | preline /home/mailman/mail/wrapper post pppshar In .qmail-default the vdelivermail is called... and the default line put by vpopmail is there undisturbed in /var/qmail/users/assign Headers : Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: (qmail 1040 invoked from network); 4 May 2000 12:02:28 - Received: from unknown (HELO sanshri.com) ([EMAIL PROTECTED]) by 192.168.0.15 with SMTP; 4 May 2000 12:02:28 - Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: (qmail 986 invoked from network); 4 May 2000 11:57:05 - Received: from unknown (HELO ppp) (192.168.0.3) by 192.168.0.15 with SMTP; 4 May 2000 11:57:05 - Message-ID: 003f01bfb5be$ddd1ef80$0300a8c0@ppp From: "listc" [EMAIL PROTECTED] To: [EMAIL PROTECTED] - What could be the problem here ? I want only one Delivered-To header in the messages. Please help ksamy ++ PPPshar- Internet for your LAN with one Internet account netMailshar -Email for every desktop with one 'Net account. MailAssistant - Speaking Email Notifier GetAgain - resume interrupted downloads. Visit http://www.pppindia.com/software ++
Fw: Re: IL0VEY0U worm
For those not on the BugTraq mailing list. This is yet another update about the worm from the moderator of BugTraq. There's all sorts of useful info here. You may also want to poke around at www.securityfocus.com . kw - Original Message - From: "Elias Levy" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: 05 May 2000, Friday 15:37 Subject: Re: IL0VEY0U worm Another update. VARIANTS Toni Tiainen [EMAIL PROTECTED] reports of a new variant they are calling LoveLetter.E with spreads with a subject of "Mothers Day Order Confirmation" with a message body of (indented two spaces): Thanks for your purchase! We have proceeded to charge your credit card for the amount of $326.92 for the mothers day diamond special. We have attached a detailed invoice to this email. Please print out the attachment and keep it in a safe place. Thanks Again and Have a Happy Mothers Day! The attachment is named "mothersday.vbs". This variant deleted all files with an extension of ".bat". F-Secure Anti-Virus for Firewalls with the latest signature file can detect and delete this variant. For more info check out http://www.f-secure.com/v-descs/love.htm The LoveLetter.B variant has a subject of "Susitikim shi vakara kavos puodukui...". Brian Moore [EMAIL PROTECTED] reports seeing at least one variant where the VBS virus was not an attachment but it was instead uuencoded. This may fool antivirus products. Look out for the string "begin 600 LOVE-LETTER-FOR-YOU.TXT.vbs" in the message. Could this be the result of some MTA rewriting the message? Trend Micro has released pattern file number 695 which includes definitions to detect the variants reported by Dan Simoes [EMAIL PROTECTED] (the tabs to spaces variant). Sean Malloy [EMAIL PROTECTED] is letting us known that changing the virus to use a WSF extension instead of VBS is just as affective. WSF stands for Windows Scripting File. Antivirus vendors that want to be proactive might want to add this extension to their signatures. The file contents would look something like this: job id="iloveyou" script language="VBScript" 'insert code here /script /job or as Sean points out you could encode it to obfuscate it by doing: job id="iloveyouencrypted" script language="VBScript.Encode" #@~^EQ==vbxd^?DDPmKN^?~t^?DnOwYAAA==^#~@ /script /job where "#@~^EQ==vbxd^?DDPmKN^?~t^?DnOwYAAA==^#~@' is the encoded worm. It seems the "fwd: Joke" variant attachment is "Very Funny.vbs" (note the space) and not "VeryFunny.vbs". Or maybe its a new variant. FILTERING - As many of you pointed out filtering based on the subject line is less than perfect. Sadly that is the best you can do with many MTAs without some hacking. If others can come up with ways to filter based on attachments let us know. If you can filter by attachment look out for files with these extensions: VBS, VBE, WSF, WSH, HTA. Also the second regexp filter I recommended for Postfix was wrong. Postfix can only match message headers, not attachment headers. So the line "/Content.*\.vbs/ REJECT" will have no effect on the worm. You are left with filtering by subject (e.g. "/^Subject:.*ILOVEYOU/ REJECT"). Jose Nazario [EMAIL PROTECTED] has updated his sendmail rules. As suggested by Keith Petersen it now generates 501 errors (rather than 553's, which causes an Exchange server to keep retrying delivery) and it now handles the Joke variants. http://biocserver.bioc.cwru.edu/~jose/iloveyouhack.txt Jimmy Corio [EMAIL PROTECTED] has provided the following procmail recipe: # # Look for ILOVEYOU worm. File copy in /var/mail/ILoveYouSave and # notify that an infected mail file may have come in. # - jc3 05/04/00 # :0 B * ^Content-Type: application/octet-stream;.*($|).*name="LOVE-LETTER-FOR-YOU.TXT.vbs" { ILOVEYOULOG="/var/mail/ILoveYouSave" :0 c $ILOVEYOULOG :0 h | (formail -i"Subject: Potential ILOVEYOU worm email received" \ -i"To:[EMAIL PROTECTED]" \ -i"Content-type: text/plain; charset=\"us-ascii\""; \ echo "Potential I Love You virus received. Check Log."; \ echo "Date: `/bin/date`"; \ ) | \ $SENDMAIL -oi [EMAIL PROTECTED] } Please note you need to change the email address it sends warning messages to, and you should also modify it to catch the "Very Funny.vbs" attachment. ANTIVIRUS - Daniel Doekal [EMAIL PROTECTED] reports that does not seems to stop the virus with the 24.4.2000 signature file and that LiveUpdate has not yet listed a newer signature file. At the same type the are conflicting reports that Norton does detect the virus but as the older BubbleBoy virus or by using its Bloodhound heuristics technology. Adele Shakal [EMAIL PROTECTED] points us to DrSolomon's fix at http://www.drsolomons.com/home/extra.zip Bernhard Schneck [EMAIL PROTECTED] points us to this German antivirus vendor fix http://www.antivir.de/presse/loveletter.htm RECOVERY
Re: qmail-mrtg qfilelog
"Mark E. Drummond" wrote: Is there some way to make qmail-mrtg work with qfilelog log files? I am doing my logging monthly .. that is i have log data piped through qfilelog into /var/log/qmail/sendlog and a /var/log/qmail/smtpd/smtpdlog which grow for an entire month and then get rolled over, and are parsed with matchup/zoverall and friends. Is it possible to have the qmail-mrtg scripts read these two files? Cancel my last ... I have switched to multilog and I am modifying the qmail-mrtg scripts to use multilog formatted log files. If anyone else is interested in them I can provide them when finished. -- Mark Drummond|ICQ#19153754|mailto:[EMAIL PROTECTED] UNIX System Administrator|Royal Military College of Canada The Kingston Linux Users Group|http://signals.rmc.ca/klug/ Saving the World ... One CPU at a Time
Future of qmail: will it care about viri/worms/etc?
Hello all. The continued discussions about the "love bug" and qmail "hacks" for dealing with it have me disturbed. I won't knock djb; the man needs to write an OS one of these days. :) However there should be no need to "hack" qmail to get it to filter unwanted mail and I'm wondering if future versions of qmail will care. Dave Sill's "general approach" for filtering is, well... I couldn't help but crack up when I read it [01]. This is by no means intended to be offensive; it's just funny to read that a *possible* solution for getting qmail to do what I want is to install it twice. Maybe windoze will do what I want if I install it twice eh? ermm.. no, been there, done that. CERT also talked about filters for sendmail, postfix, and procmail [02]. No mention of qmail. qmail is a programmer's MTA. (Un)fortunately the world isn't full of programmers. When things like the "love bug" hit the main stream, getting everyone to frantically and quickly slam their doors shut in the faces of all that is unwanted, qmail users should be able to do the same. Er, that is, without having to write some quick, untested "hack" to do it. Or install a 2nd copy of qmail and then write a quick, untested "hack". qmail needs filtering rules for this "love bug" sort of thing, ie, a new control file or set of control files. These days, filtering by the MTA is probably more of a necessity than a feature. Then again, this is all merely my US $0.02. kw /* ** Keith Warno ** Developer Sys Admin ** http://www.HaggleWare.com/ */ [01]http://www.faqts.com/knowledge-base/view.phtml/aid/2142/fid/203/lang/en [02]http://www.cert.org/advisories/CA-2000-04.html
Connecting to my email server..
First off, let me thank everyone in this mailing list for assiting me in setting up my qmail server. Within about 4 weeks, I now have a functioning server that will send and receive email from the internet and internally. A special koodoos to Dave Sill for writing LWQ. Your Document was a huge amount of help. I now have a server running on RedHat 6.1 with Qmail 1.03. I seem to be having one problem. My server sits behind a NAT firewall. I have 2 NICs in my server, one with an internal non routeable adrress, and another with a real ip address that my new ISP has given to me. I contacted my former/other provider that is hosting our website and also registered our domain, to get the MX records changed to point tomy newmail server. This has been done as far as I can tell. when I do a nslookup on mail.foobar.com I get back the correct address. Also I can receive email from the outside world. My problem lies with attaching to mail.foobar.com. When I am behind the firewall I can attach to mail.int.foobar.com and everything is working, but when I try to attach to mail.foobar.com, I time out. Listed below is the output of qmail-showctl. It all seems to be OK when I look at it, but I'm just a newbie. Any help would be greatly appreciated. qmail home directory: /var/qmail. user-ext delimiter: -. paternalism (in decimal): 2. silent concurrency limit: 120. subdirectory split: 23. user ids: 501, 502, 503, 0, 504, 505, 506, 507. group ids: 501, 502. badmailfrom: bouncefrom: (Default.) Bounce user name is MAILER-DAEMON. bouncehost: (Default.) Bounce host name is foobar.com. concurrencylocal: (Default.) Local concurrency is 10. concurrencyremote: (Default.) Remote concurrency is 20. databytes: SMTP DATA limit is 2000 bytes. defaultdomain: Default domain name is foobar.com. defaulthost: (Default.) Default host name is foobar.com. doublebouncehost: (Default.) 2B recipient host: foobar.com. doublebounceto: (Default.) 2B recipient user: postmaster. envnoathost: (Default.) Presumed domain name is foobar.com. helohost: (Default.) SMTP client HELO host name is foobar.com. idhost: (Default.) Message-ID host name is foobar.com. localiphost: (Default.) Local IP address becomes foobar.com. locals: Messages for mail.foobar.com are delivered locally. Messages for foobar.com are delivered locally. me: My name is foobar.com. percenthack: (Default.) The percent hack is not allowed. plusdomain: Plus domain name is foobar.com. qmqpservers: (Default.) No QMQP servers. queuelifetime: (Default.) Message lifetime in the queue is 604800 seconds. rcpthosts: SMTP clients may send messages to recipients at foobar.com. SMTP clients may send messages to recipients at mail.foobar.com. SMTP clients may send messages to recipients at mail.int.foobar.com. morercpthosts: (Default.) No effect. morercpthosts.cdb: (Default.) No effect. smtpgreeting: (Default.) SMTP greeting: 220 foobar.com. smtproutes: (Default.) No artificial SMTP routes. timeoutconnect: (Default.) SMTP client connection timeout is 60 seconds. timeoutremote: (Default.) SMTP client data timeout is 1200 seconds. timeoutsmtpd: (Default.) SMTP server data timeout is 1200 seconds. virtualdomains: (Default.) No virtual domains.
Re: qmail-mrtg qfilelog
"Mark E. Drummond" wrote: Cancel my last ... I have switched to multilog and I am modifying the qmail-mrtg scripts to use multilog formatted log files. If anyone else is interested in them I can provide them when finished. Hmmm, while working on this I just noticed that there is a descrepancy between the time returned by perl's `time` (or $^T) and the time -- Mark Drummond|ICQ#19153754|mailto:[EMAIL PROTECTED] UNIX System Administrator|Royal Military College of Canada The Kingston Linux Users Group|http://signals.rmc.ca/klug/ Saving the World ... One CPU at a Time Please excuse me if I am terse. I answer dozens of emails every day.
Re: Future of qmail: will it care about viri/worms/etc?
On Fri, May 05, 2000 at 03:27:40PM -0400, Keith Warno wrote: Hello all. The continued discussions about the "love bug" and qmail "hacks" for dealing with it have me disturbed. I won't knock djb; the man needs to write an OS one of these days. :) However there should be no need to "hack" qmail to get it to filter unwanted mail and I'm wondering if future versions of qmail will care. Dave Sill's "general approach" for filtering is, well... I couldn't help but crack up when I read it [01]. This is by no means intended to be offensive; it's just funny to read that a *possible* solution for getting qmail to do what I want is to install it twice. I presume you understood Dave to mean run two instances of qmail, not merely to install and re-install. Once instance would accept the mail, filter it and pass it off to the other instance for delivery. Of course you knew that, you just fine it funny for some reason. Also, having a mail gateway is fairly common corporate practise, so having a qmail instance as a gateway with a global filtering strategy is pretty trivial by delivering thru ~alias/.qmail-default then forwarding on. Finally, there *is* a well defined interface at which all mail going thru qmail can be filtered. It's called qmail-queue. Nothing is stopping any enterprising person or organization from writing or commercializing a filtering system that wraps qmail-queue. It could even be written to provide the same interface as the filtering API that sendmail now deploys so those commercial filters could be transparently used with either MTA. Regards.
Re: Future of qmail: will it care about viri/worms/etc?
on 5/5/00 12:27 PM, Keith Warno had the thought: qmail is a programmer's MTA. (Un)fortunately the world isn't full of programmers. When things like the "love bug" hit the main stream, getting everyone to frantically and quickly slam their doors shut in the faces of all that is unwanted, qmail users should be able to do the same. Er, that is, without having to write some quick, untested "hack" to do it. Or install a 2nd copy of qmail and then write a quick, untested "hack". qmail needs filtering rules for this "love bug" sort of thing, ie, a new control file or set of control files. These days, filtering by the MTA is probably more of a necessity than a feature. What makes you think that the fixes that instantly sprang up for sendmail, et. all weren't quick hacks? With the design of qmail I am able to do more general filtering and it keeps me from having to use a 1 meg procfile recipe. I use scan4virus. The problem that this presents is that there is always more than one way to do it so you have 18 different perl scripts to do the same task ;-) We have a dedicated test machine for qmail, so testing 'quick hacks' usually isn't a problem. I know this isn't an option for everyone, but before you apply any kind of patch to sendmail or other MTAs I would think you want to test it as well. Pat -- Freestyle Interactive | http://www.freestyleinteractive.com | 415.778.0610
Re: smtp-auth?
listy-dyskusyjne Krzysztof Dabrowski writes: At 20:06 2000-05-03, Russell Nelson wrote: But it looks to me like he's reversed the password and the timestamp parameters to checkpassword. so the order is : LOGIN, PASSWORD, TIMESTAMP my cmd5checkpassword accepts: login name terminated by \e0, a cram-md5 challenge terminated by \e0, and a cram-md5 response terminated by qmail-pop3d's apop command sends first parameter, second parameter, timestamp, where the "timestamp" parameter is actually pid.timestamp@hostname. That would correspond to login, response, and challenge for MD5. Not that it *really* matters since CRAM-MD5 and APOP use algorithms with different details. -- -russ nelson [EMAIL PROTECTED] http://russnelson.com Crynwr sells support for free software | PGPok | "Ask not what your country 521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | do for you..." -Perry M.
RE: Connecting to my email server..
When I attempt to connect to telnet mail.foobar.com 25I get mail.foobar.com: Unknown host I will make two assumptions, 1) mail.foobar.com does not exist (DNS broke,etc) 2) your domain is not foobar.com and you are editing the output of qmail-showctl Please send us the TRUE information since dealing with mailservers is often a DNS issue also send us the commands you use to start qmail -Original Message-From: Steve Peace(Internal) [mailto:[EMAIL PROTECTED]]Sent: Friday, May 05, 2000 3:12 PMTo: [EMAIL PROTECTED]Subject: Connecting to my email server.. First off, let me thank everyone in this mailing list for assiting me in setting up my qmail server. Within about 4 weeks, I now have a functioning server that will send and receive email from the internet and internally. A special koodoos to Dave Sill for writing LWQ. Your Document was a huge amount of help. I now have a server running on RedHat 6.1 with Qmail 1.03. I seem to be having one problem. My server sits behind a NAT firewall. I have 2 NICs in my server, one with an internal non routeable adrress, and another with a real ip address that my new ISP has given to me. I contacted my former/other provider that is hosting our website and also registered our domain, to get the MX records changed to point tomy newmail server. This has been done as far as I can tell. when I do a nslookup on mail.foobar.com I get back the correct address. Also I can receive email from the outside world. My problem lies with attaching to mail.foobar.com. When I am behind the firewall I can attach to mail.int.foobar.com and everything is working, but when I try to attach to mail.foobar.com, I time out. Listed below is the output of qmail-showctl. It all seems to be OK when I look at it, but I'm just a newbie. Any help would be greatly appreciated. qmail home directory: /var/qmail. user-ext delimiter: -. paternalism (in decimal): 2. silent concurrency limit: 120. subdirectory split: 23. user ids: 501, 502, 503, 0, 504, 505, 506, 507. group ids: 501, 502. badmailfrom: bouncefrom: (Default.) Bounce user name is MAILER-DAEMON. bouncehost: (Default.) Bounce host name is foobar.com. concurrencylocal: (Default.) Local concurrency is 10. concurrencyremote: (Default.) Remote concurrency is 20. databytes: SMTP DATA limit is 2000 bytes. defaultdomain: Default domain name is foobar.com. defaulthost: (Default.) Default host name is foobar.com. doublebouncehost: (Default.) 2B recipient host: foobar.com. doublebounceto: (Default.) 2B recipient user: postmaster. envnoathost: (Default.) Presumed domain name is foobar.com. helohost: (Default.) SMTP client HELO host name is foobar.com. idhost: (Default.) Message-ID host name is foobar.com. localiphost: (Default.) Local IP address becomes foobar.com. locals: Messages for mail.foobar.com are delivered locally. Messages for foobar.com are delivered locally. me: My name is foobar.com. percenthack: (Default.) The percent hack is not allowed. plusdomain: Plus domain name is foobar.com. qmqpservers: (Default.) No QMQP servers. queuelifetime: (Default.) Message lifetime in the queue is 604800 seconds. rcpthosts: SMTP clients may send messages to recipients at foobar.com. SMTP clients may send messages to recipients at mail.foobar.com. SMTP clients may send messages to recipients at mail.int.foobar.com. morercpthosts: (Default.) No effect. morercpthosts.cdb: (Default.) No effect. smtpgreeting: (Default.) SMTP greeting: 220 foobar.com. smtproutes: (Default.) No artificial SMTP routes. timeoutconnect: (Default.) SMTP client connection timeout is 60 seconds. timeoutremote: (Default.) SMTP client data timeout is 1200 seconds. timeoutsmtpd: (Default.) SMTP server data timeout is 1200 seconds. virtualdomains: (Default.) No virtual domains.
Re: qmail-mrtg qfilelog - oops
"Mark E. Drummond" wrote: Cancel my last ... I have switched to multilog and I am modifying the qmail-mrtg scripts to use multilog formatted log files. If anyone else is interested in them I can provide them when finished. Let's try that again. Hmmm, while working on this I just noticed that there is a descrepancy between the time returned by perl's `time` (or $^T) and the time on my multilog logs. Here is an example: --BEGIN QUOTE-- bastion# tail /var/log/qmail/sendlog 957550606.725794 status: local 0/10 remote 0/20 957550606.726275 end msg 175750 957550614.220152 new msg 175750 957550614.220404 info msg 175750: bytes 1102 from [EMAIL PROTECTED] qp 11557 uid 51015 957550614.467704 starting delivery 88634: msg 175750 to remote [EMAIL PROTECTED] 957550614.467785 status: local 0/10 remote 1/20 957550614.578268 delivery 88634: success: 137.94.1.134_accepted_message./Remote_host_said:_250_Message_received:_FU3MS600.HM3/ 957550614.608559 status: local 0/10 remote 0/20 957550614.609030 end msg 175750 957550627.961157 status: exiting bastion# perl test 957558159 : 957558159 bastion# --END QUOTE-- the script "test" is just: #!/usr/local/bin/perl print time," : $^T\n"; -- Mark Drummond|ICQ#19153754|mailto:[EMAIL PROTECTED] UNIX System Administrator|Royal Military College of Canada The Kingston Linux Users Group|http://signals.rmc.ca/klug/ Saving the World ... One CPU at a Time Please excuse me if I am terse. I answer dozens of emails every day.
RE: PERL filtering...
Right now I deny all .vbs attachments. Yes, this is rather draconian and there might be a 1 in 100,000,000,000,000 chance that someone really needs to send a .vbs attachment. Those are the breaks... That was the point I was trying to get across yesterday... It can be renamed and sent through over and over so why not filter all .vbs attachments? I tried to emphasize the point that non tech uses are killing us with their carelessness so we have to protect them from vbs scripts in order to protect ourselves. On the same note I carried it through to all exe files as well. If they need to be sent by good users- What's the big deal in changing the extension to .exx? Bad guys will send an exe and hope it is run on double click while an exx.obviously won't till the end user changes the extension back to .exe. Consider filtering the following as well: *.reg Regedit will inject its contents into your registry without any warning if you open this file *.hlp Windose help files can contain auto-executing vb script *.hta html application, can contain vb script, javascript etc.(MSHTA.EXE will run them when you click on them) *.shs shell automation code *.vbs vb script *.chm compiled HTML help file, also can contain vb script, javascript etc. Most of these will never need to be sent or received by a user and all can contain malicious code. Any other suggestions?
ETRN problem with qmail
I am hoping you can help me with a qmail problem... We have the etrn patch installed and etrn was working up until last night, but now it is not working. We telnet to the server on port 25 and issue an etrn command for a domain in our etrn file and it says reports an internal etrn failure. The message is: opening etrntrigger: No such device or address Any idea of what we can look at? The etrntrigger file in there in /var/qmail and the permissions are okay from what we can see. We have even rebult qmail. -Eric Davis [EMAIL PROTECTED]
Re: Connecting to my email server..
Thanks for the assist, I should have realized that, but I have Friday on the brain. Excuse me while I wipe the egg off of my face :-) - Original Message - From: [EMAIL PROTECTED] To: "Steve Peace(Internal)" [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, May 05, 2000 3:59 PM Subject: Re: Connecting to my email server.. I don't know exactly what types of NAT firewalling there are, but I'll assume you mean something like IPmasquerading with Port forwarding (25 forwarded to you internal machine). You can't send packets to your external (real) IP and then have them come back into the network. For instance, my web server is inside my network. If I try to access www.youwasahero.com, it will time out. On the otherhand, my FTP server is on the firewall/gateway box, so if I access ftp.youwasahero.com that works, because the packets don't have to leave the network and then come back in. Here are your options: 1) Put your qmail server on the gateway/firewall machine (this is what I do). 2) Set up a DNS server for your internal network. Make an entry so that mail.int.foobar.com resolves to your INTERNAL IP address for the mail server. (this is how I handle my internal web server. For the real world DNS records, www.youwasahero.com resolves to my external (real) IP address, and port 80 is forwarded. For my private internal DNS server, www.youwasahero.com resolves to the IP address of the web server on the internal network, 192.168.0.5.) I hope that makes sense. "Steve Peace(Internal)" wrote: First off, let me thank everyone in this mailing list for assiting me in setting up my qmail server. Within about 4 weeks, I now have a functioning server that will send and receive email from the internet and internally. A special koodoos to Dave Sill for writing LWQ. Your Document was a huge amount of help. I now have a server running on RedHat 6.1 with Qmail 1.03. I seem to be having one problem. My server sits behind a NAT firewall. I have 2 NICs in my server, one with an internal non routeable adrress, and another with a real ip address that my new ISP has given to me. I contacted my former/other provider that is hosting our website and also registered our domain, to get the MX records changed to point to my new mail server. This has been done as far as I can tell. when I do a nslookup on mail.foobar.com I get back the correct address. Also I can receive email from the outside world. My problem lies with attaching to mail.foobar.com. When I am behind the firewall I can attach to mail.int.foobar.com and everything is working, but when I try to attach to mail.foobar.com, I time out. Listed below is the output of qmail-showctl. It all seems to be OK when I look at it, but I'm just a newbie. Any help would be greatly appreciated.qmail home directory: /var/qmail.
Re: Qmail-send
"Eric Davis" [EMAIL PROTECTED] wrote: We can only send out 22 messages from remote queue at once and when the server has finished delivering those 22 it does not queue up to deliver any more. We have over 8,000 message in our remote queue and sending qmail-send an -ALRM does not get it to restart sending. We have to stop and start it by hand each time. Any help would be greatly apprecaited or request for more info. Concurrency is set to 100 remote queues and it is not even using them all. Qmail 1.03 running on a SGI Challenge S - Irix 6.5 What Do The Logs Say(tm)? What does qmail-qstat say? Have you checked your trigger? See: http://Web.InfoAve.Net/~dsill/lwq.html#trigger -Dave
Re: hack for filtering i love you worm
Rainer Link wrote: "Benjamin de los Angeles Jr." wrote: Can you sight pros/cons of using your antivirus software compared to AmaVis? [I used it's perlscanner interface to match on the attachment filename while waiting for the Antivirus vendors to come up with an "official" fix :-)] See http://www.geocities.com/jhaar/scan4virus/ Well, I think you refer to AMaViS-Perl? AMaViS-Perl does not require any qmail patch(es) and supports more antivirus software. scan4virus provides a "generic filter/scanner" to filter out eMails with a specific attachment name - which in case of "I love you" is a good thing, but it's very easy to change the file name (or the subject line), according to BugTraq this has happend. Err - no scan4virus contains a "generic filter" IN ADDITION TO support for other commercial virus scanners. Currently Trend, MacAffee, HBEDV and Sophos. My original rationale for developing my own virusscanner wrapper was that I had some security concerns with AmaVis which weren't shared by the author, it didn't support Qmail, and it was a shell script instead of a more "secure" language like perl (well, "perl -T"). Maybe some of these reasons no longer apply, but I doubt it operates as efficiently as scan4virus does (i.e. at the qmail-queue level) - that would be difficult to do and retain conpatibility with postfix and sendmail... Anyway, variety is the spice of life... -- Jason Haar
Re: accustamp|tailocal|matchup
Because we look at them too often :) And can't you look at them by passing them through tai64nlocal each time? Can you spell "shell script wrapper"? :) I *asked* the list about *some program* which can do reverse time translation for my *already existing logs* - from Local to TAI. I *know* how solve my problem for newly generated logs, but my question was about *old* logs. Isn't it clear? And your response(s) (especially last one) never answered my question. -- Kins Orekhov Outlook Technologies, Inc. E-mail: [EMAIL PROTECTED] Phone: 773-775-2099, ext. 226 http://swoop.outlook.net
qmail and debugging
Hello, What is they way to send qmail's output to standard output so I can view qmail's transaction's like sendmail in verbose mode. I know this was posted somewhere I though it was on life with qmail but it doesn't seem to be there anymore. If anyone has the url of could just send me the command line syntax I would appreciate it. Thanks in advance.
Re: Antigen found =love-letter-for-you.txt.vbs file
Kai MacTane wrote: At 5/5/2000 11:54 AM -0600, ANTIGEN_HOUSTON wrote or quoted: Antigen for Exchange found LOVE-LETTER-FOR-YOU.TXT.vbs matching =love-letter-for-you.txt.vbs file filter. The file is currently Detected. The message, "Re: hack for filtering "i love you" worm", was sent from Kai MacTane and was discovered in IMC Queues\Inbound located at Matchlogic/MATCHLOGIC/HOUSTON. Hmmm. Looks like someone's already filtering on just the string I sent out. I wonder if they're filtering all .vbs files? Our exchange admin is. __ David Nicol 816.235.1187 [EMAIL PROTECTED] "Lord Macbeth knew he was approaching the SITE of the rout from the SIGHT of odd body parts scattered on the blasted heath."
Re: Future of qmail: will it care about viri/worms/etc?
On Fri, May 05, 2000 at 12:21:40PM -0700, [EMAIL PROTECTED] wrote: Finally, there *is* a well defined interface at which all mail going thru qmail can be filtered. It's called qmail-queue. Nothing is stopping any enterprising person or organization from writing or commercializing a filtering See http://www.geocities.com/jhaar/scan4virus/ - qmail-queue replacement that can run a variety or commercial virus scanners (as well as it's inbuilt one) over all Email that has to go through qmail-queue (i.e. everything). Been there - done that. -- Cheers Jason Haar Unix/Network Specialist, Trimble NZ Phone: +64 3 9635 377 Fax: +64 3 9635 417
Re: Future of qmail: will it care about viri/worms/etc?
Keith Warno wrote: there should be no need to "hack" qmail And there isn't! Why do people persist on insecure MUAs? __ David Nicol 816.235.1187 [EMAIL PROTECTED] "Lord Macbeth knew he was approaching the SITE of the rout from the SIGHT of odd body parts scattered on the blasted heath."
Re: Future of qmail: will it care about viri/worms/etc?
"David L. Nicol" wrote: Keith Warno wrote: there should be no need to "hack" qmail And there isn't! Why do people persist on insecure MUAs? My sentiment exactly. Why should I have to expend valuable time and resources fixing Microsofts dud ware. Here in .au there are rumblings of legislation for ISPs to block virii, these people have no concept of the difference between a virus and a worm or any other type of exploit, yet pressure is mounting on ISPs and, if legislated, means ISPs will be liable for loss and damage and loss of production because MS constantly fail to secure their systems. To effect this type of policy one would need to prohibit all attachments, scan each mail for vb/java script and why not peersonally read/censure each mail /rant Kevin
Re: Future of qmail: will it care about viri/worms/etc?
But if you are the first one to sell 'secure' qmail servers you will be the MS of .au! Take a bad thing and make it into a good one. That and make profit along the way! Paul Farber Farber Technology [EMAIL PROTECTED] Ph 570-628-5303 Fax 570-628-5545 On Fri, 5 May 2000, Kevin Waterson wrote: "David L. Nicol" wrote: Keith Warno wrote: there should be no need to "hack" qmail And there isn't! Why do people persist on insecure MUAs? My sentiment exactly. Why should I have to expend valuable time and resources fixing Microsofts dud ware. Here in .au there are rumblings of legislation for ISPs to block virii, these people have no concept of the difference between a virus and a worm or any other type of exploit, yet pressure is mounting on ISPs and, if legislated, means ISPs will be liable for loss and damage and loss of production because MS constantly fail to secure their systems. To effect this type of policy one would need to prohibit all attachments, scan each mail for vb/java script and why not peersonally read/censure each mail /rant Kevin
Re: Future of qmail: will it care about viri/worms/etc?
there should be no need to "hack" qmail And there isn't! Why do people persist on insecure MUAs? I'll chime in on this, even though my view may not be the same as everyone else's. The problem isn't MUA's. The problem is that users were duped into executing a program of a malicious intent. That isn't anything new. In fact, it isn't even restricted to MUA's. The recent root-exploit of Apache.org involved duping a root user into executing malicious code. It's just a fact of life, until every user in the world is not only educated (hah, when will that happen?), but sufficiently competant to analyze programs on their own, virii will still exist. And een if those utopian conditions existed, we'd just find trickier ways to spread the virii. Because of that, viral scanning is a necessity for large corporations, to save themselves a lot of monetary loss. They simply need to protect themselves through viral scanning. The ability to have incoming/outgoing mail scanned does not solve the problem, but is a very, very good first step. Few experienced administrators would fail to use some sort of firewalling/filtering on their company's Internet connection. If they wanted to, they could simply throw the blame on insecure programs / OS / systems, but they don't. The use the firewall / filtering because it's a fast, easy way to block many attacks. Not all, but many. Central email virus scanning is the same thing. When I sent my analysis of the "iloveyou" virus to BugTraq, I was deluged with email - all of them bounces. Because my message started with "ilove you", many, many mail servers had blocked it. That was within something like 12 hours of the release. Think of the immense amount of headaches the system administrators for those companies saved themselves. The ounce of prevention was worth a metric ton of cure. There is also the issue of cost. Is it cheaper to purchase one SMP machine to scan mail on the server for virii, or to license a hundred copies of a virus scanner, and then puy each machine more RAM and CPU, so that they can still work as efficiently while the virus scanner watches what they do? Scanning mail on the server may not be your preference. However, it is a very valuable and useful resource, that is just as valid as using firewalls to prevent attacks against insecure machines on the inside network. If someone in the open-source community doesn't anty up and make server-side mail scanning work well, someone in the private sector will. Let's make the world a Better Place, and do it first. Shoot, just this morning, my MOTHER of all people called me up and asked why they couldn't stop the virus at the mail server. : ) steve
Re: ETRN problem with qmail
We have the etrn patch installed and etrn was working up until last night, Where might one find this patch? Digging around qmail.org didn't produce anything. Thanks, [EMAIL PROTECTED]
Open Today.
Reduce your international phone bill by over 50%. Join our easy-to-use callback service today for free. No monthly minimums, surcharges or set-up fees apply, just low flat rates 24 hours, everyday. Visit our website: http://hometown.aol.com/gotelcom/ and enter to win $500 in FREE phone calls, or email us for more info: [EMAIL PROTECTED] Check out our low rates below. Complete listing of rates for all countries available on our website. Prices are per minute in USD. To get the rates add cost of country you are calling FROM to cost of country you are calling TO. Algeria 0.27 Argentina0.36 Argentina Buenos Aires 0.18 Australia0.10 Austria 0.11 Bahamas 0.15 Bahrain 0.42 Bangladesh 0.63 Belgium 0.10 Brazil 0.27 Brazil Rio de Jan. 0.20 Brazil Sao Paulo 0.20 Canada 0.08 Chile0.15 China0.27 Colombia 0.25 Cyprus 0.23 Denmark 0.10 Djibouti 0.74 Egypt0.59 Finland 0.10 France 0.08 Georgia 0.46 Germany 0.08 Ghana0.36 Greece 0.20 Hong Kong 0.10 Hungary 0.26 India0.60 Indonesia0.33 Indonesia Jakarta0.20 Iran 0.62 Ireland 0.10 Israel 0.13 Italy0.11 Japan0.10 Jordan 0.51 Kazakhstan 0.36 Kenya0.74 Kuwait 0.54 Lebanon 0.55 Liberia 0.38 Libya0.27 Malaysia 0.20 Malta0.17 Mauritania 0.58 Mexico 0.18 Morocco 0.46 Netherlands 0.07 New Zealand 0.09 Nigeria 0.70 Norway 0.08 Oman 0.53 Pakistan 0.69 Philippines 0.29 Poland 0.28 Qatar0.53 Romania 0.35 Russia 0.39 Russia Moscow0.18 Russia St. Petersburg0.20 Saudi Arabia0.61 Singapore Rep. 0.15 Somalia 0.60 South Africa 0.35 South Africa Johannesburg0.22 South Korea 0.12 Spain0.13 Sri Lanka0.64 Sudan0.39 Sweden 0.08 Switzerland 0.10 Syria0.57 Taiwan 0.11 Tajikistan 0.47 Thailand 0.35 Tunisia 0.40 Turkey 0.39 Turkmenistan 0.46 Ukraine 0.29 United Arab Emirates0.35 United Kingdom 0.07 USA 0.05 Venezuela0.33 Yemen0.74 - Rates apply 24 hrs/day, 7 days per week - NO sign-up fees, NO monthly fees, and NO surcharges - You DO NOT have to SWITCH your current provider - Ideal for Home and Business use - Callback service is available to/from anywhere in the world. Contact us for more information and complete rate table at: Email: [EMAIL PROTECTED] http://hometown.aol.com/gotelcom/ If you would like to be removed from our list, please reply to: [EMAIL PROTECTED] with the word "remove" in the subject line.
Re: Open Today.
At 03:20 PM 5/4/00 +, [EMAIL PROTECTED] wrote: why this qmail mailling list doesn't use the rblsmtpd to prevent from Dial Up user abuse ? Delivered-To: mailing list [EMAIL PROTECTED] Received: (qmail 32716 invoked from network); 5 May 2000 23:34:51 - Received: from ac81110d.ipt.aol.com (HELO mx.boston.juno.com) (172.129.17.13) by muncher.math.uic.edu with SMTP; 5 May 2000 23:34:51 -
.qmail questions
Is there anyway to restrict which users/groups can execute commands via the | option in there .qmail file? I realise that the problem could be solved by not giving users access to the .qmail file but this is not always an option. The biggest problem is an ftp/mail user could write a .qmail which mails them the /etc/passwd file giving them access to the userlist. Another question. Does anyone know how to take the results of a command and forward the message to those usernames (I have a command that lists all users in a specific virtual domain). It would be nice to have a "dynamic mailing list". A final questions is does anyone have a script to forward the results of a command to the person who sent the message? ie. run amalist then send the result of the command to the user who emailed [EMAIL PROTECTED]? Thank you for you help.
Re: hack for filtering i love you worm
On Thu, 4 May 2000 19:28:32 -0400, "Searcher" [EMAIL PROTECTED] said: R Anyone can rename that .vbs to what ever they want and send it around R again so wouldn't it be more efficient to filter all .vbs attachments? The only safe way to handle this is to check any attachment for a Registry reference or an indication that Visual Basic is being run. Few if any legitimate attachments should be referring to the Registry, and all the mischief seems to be done via VB scripts. Unpacking an infected attachment (different virus) and running strings on it gave me the following: HKEY_CURRENT_USER\Software\Microsoft\Office\ VB_Nam VBProjectOh VBComponents temp\VBE C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VBA\VBA332.DLL \VBE\MSForms.EXD -- Karl Vogel ASC/YCOA, Wright-Patterson AFB, OH 45433, USA [EMAIL PROTECTED] or [EMAIL PROTECTED]
adduser?
I've installed qmail, and I can send messages out to the world just fine.. but I can't "get" messages from the world. The faq's and howto pages have me confused. I read something about the /users/assign file, but am completely confused about setting that up. All I want at this point is to allow a user to get mail from anywhere. If I already have [EMAIL PROTECTED], how do I get mail to the Mailbox directory? After I get this part figured out, hopefully the virtual domain part won't be all that difficult. I'm using Mandrake 7.02. Thanks.
Re: adduser?
James wrote: I've installed qmail, and I can send messages out to the world just fine.. but I can't "get" messages from the world. The faq's and howto pages have me confused. I read something about the /users/assign file, but am completely confused about setting that up. All I want at this point is to allow a user to get mail from anywhere. If I already have [EMAIL PROTECTED], how do I get mail to the Mailbox directory? After I get this part figured out, hopefully the virtual domain part won't be all that difficult. I'm using Mandrake 7.02. Thanks. If you send a message to a user within your server, is he able to receive it? I had a problem more or less like yours, in my case my users were not able to retrieve any e-mail.
checkpassword and Openbsd 2.6
I am using Openbsd 2.6 and I am having a problem with checkpassword. When I do the test in the install doc for checkpassword /var/qmail/bin/qmail-popup host /bin/checkpassword pwd It works fine, verifies my user id and password. When I try to telnet to the server using it's fqdn on port 110 I get this: atlas# telnet atlas.teoi.net 110 Trying 206.30.147.56... Connected to atlas.teoi.net. Escape character is '^', +OK ([EMAIL PROTECTED]) user dale +OK pass mypass -ERR authorization failed Connection closed by foreign host. atlas# If I telnet to localhost i get the same error as above but the line with the numbers@atlas etc has different numbers. The same happens if I try this from any machine in my subnet. Here is what one of my machines with win98se outlook express (the one for IE5) spit out at me There was a problem logging onto your mail server. Your Password was rejected. Account: 'atlas.teoi.net', Server: 'atlas.teoi.net', Protocol: POP3, Server Response: '-ERR authorization failed', Port: 110, Secure(SSL): No, Server Error: 0x800CCC90, Error Number: 0x800CCC92 I can send mail out and get it at the destination address with out any problems. I have tried turning on and off the "require authentication" option in outlook but no luck...gave me another error which was obvious (not running ssh/ssl on the pop3d). I haven't tried this in netscape communicator's mail, the only machine I have it on is mine running RH61 and ns 4.61. I am using the win98 box with outlook so I don't have to mess with my netscape on my machine. I'm going to replace my slackware box with the openbsd eventually. Another thing I noticed is my pop3 sessions are getting logged, splogger is logging my smtp but they are setup the same as far as I know. Here are my start up's for both: if [ -x /usr/local/bin/tcpserver ]; then echo -n ' Qmail-smtp'; /usr/local/bin/tcpserver -x /etc/tcp.smtp.cdb -v -u 2850 -g 32750 0 smtp /var/qmail/bin/qmail-smtpd 21 \ /var/qmail/bin/splogger smtpd 3 fi if [ -x /usr/local/bin/tcpserver ]; then echo -n ' Qmail-pop3'; /usr/local/bin/tcpserver -v -R 0 pop3 /var/qmail/bin/qmail-popup atlas.teoi.net \ /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir 21 \ /var/qmail/bin/splogger pop3d 3 fi Please let me know if this wrong, it appears to work for the smtp without a problem. I saw an example on one of the web sites that put a | right after 21 and when I did that splogger wouldn't load...error said it couldn't find it. I took the | out and and it loaded but pop3d is only one not logging. Thanks in advance for any ideas/suggestions. Dale