Re: orbs.org accuses qmail of mailbomb relaying!

[Russ Allbery]

Philip, Tim (CNBC Asia) <[EMAIL PROTECTED]> writes:

> Thanks for all the interest in my original posting to
> this list. My question was:-

> "Is it possible to stop qmail from generating multiple
>  bounce messages when mail with a forged sender address
>  is received for multiple bad (non-local) mailboxes?"

> I guess the simple answer is, NO. (Is this correct?)

Not quite.  The answer is that qmail doesn't do this under normal
circumstances.  It only does this if you're accepting mail that you're not
sure is valid and then forwarding it to another system for delivery; if
that happens, the single message with multiple recipients ends up being
split apart into multiple messages.

I bet you could find ways of doing exactly the same thing to sendmail.  I
really don't think this is a problem peculiar to qmail.

-- 
Russ Allbery ([EMAIL PROTECTED]) 

Re: orbs.org accuses qmail of mailbomb relaying!

[Adam McKenna]

On Mon, Jul 24, 2000 at 02:03:32PM +0800, Philip, Tim (CNBC Asia) wrote:
> Thanks for all the interest in my original posting to
> this list. My question was:-
> 
> "Is it possible to stop qmail from generating multiple
>  bounce messages when mail with a forged sender address
>  is received for multiple bad (non-local) mailboxes?"
> 
> I guess the simple answer is, NO. (Is this correct?)

The answer is, "qmail does NOT DO THAT except in certain configurations."

The specific configuration where this happens is when the qmail server is
acting as an intermediary, such as a secondary MX.  In this case, upon
receiving the multiple-rcpt message, it will forward it on as many separate
messages (since this is what qmail does), and the destination host (whether
it is qmail or not) will send out the required number of bounce messages.

--Adam

RE: orbs.org accuses qmail of mailbomb relaying!

[Philip, Tim (CNBC Asia)]

Thanks for all the interest in my original posting to
this list. My question was:-

"Is it possible to stop qmail from generating multiple
 bounce messages when mail with a forged sender address
 is received for multiple bad (non-local) mailboxes?"

I guess the simple answer is, NO. (Is this correct?)

PS I don't want to get involved in the ORBS debate [although
it is most probably a bit late ;-)], but one of the original
orbs probe messages in my mail logs had the following line:-

Received: from unknown (HELO relaytest.orbs.vuurwerk.nl) (unknown)

Does this mean that vuurwerk.nl is part of orbs and postings
from people at vuurwerk.nl shouldn't be viewed as the comments
of an innocent mail administrator?!!

PPS qmail rules.

Re: orbs.org accuses qmail of mailbomb relaying!

[Russ Allbery]

Eric Cox <[EMAIL PROTECTED]> writes:

> Some would argue that MAPS abused their position when they listed ORBS -
> they do have a competing service, do they not?

And ORBS is both spamming and operating a spam support service under the
definition of that service.  Suppose you run a security consulting service
and as part of that service you publish vulnerabilities in commonly used
products, as well as provide a network scanner.  Now suppose you find a
security vulnerability in someone else's network scanner.  Do you publish
that vulnerability?

-- 
Russ Allbery ([EMAIL PROTECTED]) 

Re: orbs.org accuses qmail of mailbomb relaying!

[Russ Allbery]

Eric Cox <[EMAIL PROTECTED]> writes:
> Russ Allbery wrote:

>> You're aware that some machines *which didn't relay* were being tested
>> by ORBS as frequently as once a *day*, aren't you?  Or are you just
>> going by Alan Brown's account of what he does, which tends to be a
>> little...  sanitized?

> Once a day?  Doesn't the test take almost a week?  It did in my case.

It takes however long Alan decides to make it take.  The rules change
arbitrarily depending on who the target is and what mood he's in, and
they're not reflected on the web pages.

> And no, I don't believe anything unless I test it myself.  During the
> last bruhaha, I reported my own mailer as an open relay, so I could have
> it tested.  After it was tested, I reported it again, to which ORBS
> responded that it had been tested recently, and could not be tested
> again for 30/60/90 days (I don't remember which).

You haven't annoyed Alan.

> It seems to me that if ORBS is testing every day, there's some kind of
> problem.  Why not try to work with them to get the problem fixed,
> instead of declaring "nuke the site from orbit" immediately?

Because of the sheer number of these sorts of "problems" that have
occurred, generally denied to have ever existed.  It's all anecdotal, I
realize.  But I don't hear these things about RSS or about the RBL.

>> You're also aware that ORBS continues to spam the postmasters of
>> machines which have never relayed in their entire existence?

> Wasn't aware of that.

I get spam from them on a regular basis.  Sure, it's a lot less in volume
than the spam I get from other sources... at least right now.  But I've
made them aware that it's unwanted, those machines have *never* relayed,
and it continues.

It's unsolicited, and it's sent in bulk.  It's spam.  And it does nothing
to stop spam.

>> You're also aware that ORBS provides a service to spammers, providing a
>> downloadable database of open relays and essentially inviting spammers
>> to please use them?

> All of which are blocked by ORBS.

Ah, I see, so extortion is a good way to fight spam?

> RBL provides a similar list of spam-friendly domains, all of which are
> blocked by RBL.

You cannot do more than check a single IP address and get a yes or no
response without having a signed agreement with the RBL team.  At the
moment, I don't believe they even allow you to download their whole list
at all since they're reworking the agreement.  ORBS, in stark contrast,
makes the entire list available as a convenient download on their web
site, suitable for being fed into spamming software.  Seems to me that
part of the goal here is to force people into using ORBS by increasing the
spam of everyone who doesn't, or at least it sure gives that impression.

> Hardly.  You've got it completely backwards.  I'm looking at my own spam
> numbers (that's what going on), and seeing that ORBS is helping much
> more than MAPS.

MAPS is a bunch of separate black-lists.

ORBS is not comparable to the RBL; their goals are completely different.
The purpose of ORBS is to filter spam.  The purpose of the RBL is not to
filter spam.  The purpose of the RBL is to be a sufficiently large stick
that it will scare people away from spamming in the first place, and it's
quite effective at being that.

ORBS is more directly comparable to the RSS.  RSS requires evidence that a
relay is actually being spammed through before it lists them, and RSS
doesn't scan people's networks.  ORBS doesn't care if the relay has ever
been abused, and ORBS actively scans.  Because of that, ORBS is more
effective at blocking spam.  ORBS is also more effective at blocking
things that aren't spam.  The false positive rate and the politics I have
to accept by using ORBS are too much to ask, as far as I'm concerned.

> Whatever happened to helping other people make their services better, 
> rather than declaring all-out war on them and trying to destroy them?

Why don't you ask Alan that?  Maybe he should stop picking fights.

> We're misplacing all of the anger that we have for spammers onto ORBS
> simply because a few test messages find their way in just like spam, and
> declaring war without even thinking it through.

No, sir, I think you should speak for yourself.  I'm not misplacing any
anger.  I'm angry at ORBS because they're abusing the Internet in
precisely the same way that spammers do, supposedly for a good cause
(which spammers also claim) and in the process they're making fighting
spam *harder* because people who want to put a stop to abuse of their
resources are confused with fanatics like Alan Brown.  I've tried very
hard to give ORBS the benefit of the doubt, but particularly with this
latest all-out attack against AboveNet I'm seeing a lot more in common
between ORBS and the spammers than between ORBS and the legitimate users
of the Internet.

-- 
Russ Allbery ([EMAIL PROTECTED]) 

Re: orbs.org accuses qmail of mailbomb relaying!

[Russell Nelson]

Peter van Dijk writes:
 > On Sun, Jul 23, 2000 at 08:22:41AM -0400, Russell Nelson wrote:
 > > Yup.  I'm just going by history here.  MAPS has never abused their
 > > position, whereas ORBS is known to block non-spammers simply because
 > > they refuse to allow ORBS to scan them.
 > 
 > Argh. Get that misconception *out your head*.
 > 
 > People who disallow ORBS to scan them get listed as *untestable*, not as
 > *open relays*. ORBS doesn't block.

Are these records in relays.orbs.org?  How can you say that ORBS
doesn't block them, then?  Oh, I see, ORBS made up their own semantics
for the DNS zone entries.  Semantics which nobody else uses.

 > Hint: use outputs.orbs.org instead of relays.orbs.org if your RBL-checker
 > is buggy. That way it will only block open relays and allow untested hosts
 > through.

That's very nice, but what about the people blocking using
relays.orbs.org?  Who told them that they would find DNS entries
belonging to hosts which had never spammed?  This is other than what
people were led to expect.  It's Yet Another reason why ORBS is not to
be trusted.

-- 
-russ nelson <[EMAIL PROTECTED]>  http://russnelson.com
Crynwr sells support for free software  | PGPok | Tornadoes, earthquakes,
521 Pleasant Valley Rd. | +1 315 268 1925 voice | hurricanes and government:
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   | uncontrollable forces

Re: orbs.org accuses qmail of mailbomb relaying!

[David Dyer-Bennet]

Adam McKenna <[EMAIL PROTECTED]> writes on 23 July 2000 at 21:43:27 -0400
 > On Sun, Jul 23, 2000 at 07:36:55PM -0500, David Dyer-Bennet wrote:
 > >  > By using the word "competing", you're implying that admins have a choice of
 > >  > running one or the other, but not both.  This isn't the case.  Admins can run
 > >  > any combination of RSS, RBL, ORBS and DUL (not to mention several other
 > >  > similar services).
 > > 
 > > That's not at all the way the word is usually used.  Coke and Pepsi
 > > are competing products, even though I can buy and drink both.  Ford
 > > and Chrysler are in competition even though people can buy multiple
 > > cars.  And so forth.  
 > 
 > I don't think that context is appropriate in this case.  What MAPS is doing
 > isn't preventing anyone from running ORBS.

I agree, and neither are most other pairs of "competing" products.  I
feel that "competing" is a perfectly reasonable description.
-- 
Photos: http://dd-b.lighthunters.net/ Minicon: http://www.mnstf.org/minicon
Bookworms: http://ouroboros.demesne.com/ SF: http://www.dd-b.net/dd-b 
David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED]

Re: qmail: cannot mail to root

[John L. Fjellstad]

On Sun, Jul 23, 2000 at 12:39:44AM +0200, [EMAIL PROTECTED] wrote:
 
> Oookay... I've read those... But i still don't quite get it. Am I now
> supposed to put into the .qmail-root my own account's email-address or the email
> for the root's account? (the latter seems pretty dull)

Just yours.  For instance, in my ~alias/.qmail-root, I have "&john" (no quotes), which
means forward to john on local host.

Basically, it works like this. Someone writes a message to
[EMAIL PROTECTED]

qmail checks the /etc/password (or user assign) file for the user.  
Finds the user root and retrieves the home directory location.  
Checks the permission for the home directory (/root). It won't deliver to any directory
with owner root.
Forwards the mail to user alias.
qmail-local checks for .qmail-root.
Finds it.
Checks delivery instructions in .qmail-root.
Follows the instructions.

There is a nice picture for it in qmail/doc/PIC.local2alias

-- 
John__
email: [EMAIL PROTECTED]   Quis custodiet ipsos custodes
icq: thales @ 17755648

Re: orbs.org accuses qmail of mailbomb relaying!

[Adam McKenna]

On Sun, Jul 23, 2000 at 07:36:55PM -0500, David Dyer-Bennet wrote:
>  > By using the word "competing", you're implying that admins have a choice of
>  > running one or the other, but not both.  This isn't the case.  Admins can run
>  > any combination of RSS, RBL, ORBS and DUL (not to mention several other
>  > similar services).
> 
> That's not at all the way the word is usually used.  Coke and Pepsi
> are competing products, even though I can buy and drink both.  Ford
> and Chrysler are in competition even though people can buy multiple
> cars.  And so forth.  

I don't think that context is appropriate in this case.  What MAPS is doing
isn't preventing anyone from running ORBS.

--Adam

Re: orbs.org accuses qmail of mailbomb relaying!

[David Dyer-Bennet]

Adam McKenna <[EMAIL PROTECTED]> writes on 23 July 2000 at 19:53:13 -0400
 > On Sun, Jul 23, 2000 at 04:21:53PM -0700, Eric Cox wrote:
 > > There is a very good explanation for that.  It's because a large ISPs 
 > > that block the ORBS tester become a ready-made repository of open 
 > > relays for spammers to use. That is assuming they don't also 
 > > vigilantly patrol their own netspace for spammers.
 > > 
 > > Some would argue that MAPS abused their position when they listed 
 > > ORBS - they do have a competing service, do they not?
 > 
 > By using the word "competing", you're implying that admins have a choice of
 > running one or the other, but not both.  This isn't the case.  Admins can run
 > any combination of RSS, RBL, ORBS and DUL (not to mention several other
 > similar services).

That's not at all the way the word is usually used.  Coke and Pepsi
are competing products, even though I can buy and drink both.  Ford
and Chrysler are in competition even though people can buy multiple
cars.  And so forth.  
-- 
Photos: http://dd-b.lighthunters.net/ Minicon: http://www.mnstf.org/minicon
Bookworms: http://ouroboros.demesne.com/ SF: http://www.dd-b.net/dd-b 
David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED]

Re: orbs.org accuses qmail of mailbomb relaying!

[David Benfell]

On Sun, Jul 23, 2000 at 04:10:42PM -0700, Eric Cox wrote:
> 
> Whatever happened to helping other people make their services better, 
> rather than declaring all-out war on them and trying to destroy them? 
> We're misplacing all of the anger that we have for spammers onto ORBS 
> simply because a few test messages find their way in just like spam, 
> and declaring war without even thinking it through.
> 
That's uncalled for.

ORBS has stepped way over the line on numerous occasions.  Instead of
"helping other people make their services better," they apply a
sledgehammer.  If anyone started this war, it's ORBS.

As for the supposed benefits of ORBS and RBL and whatever else, I find
a good mailfilter or procmail script to be the most effective.

But this is all way off topic for this list.

-- 
David Benfell
[EMAIL PROTECTED]
ICQ 59438240 [e-mail first for access]
---
There are no physicists in the hottest parts of hell, because the
existence of a "hottest part" implies a temperature difference, and
any marginally competent physicist would immediately use this to
run a heat engine and make some other part of hell comfortably cool.
This is obviously impossible.
-- Richard Davisson
 
[from fortune]

 

Re: orbs.org accuses qmail of mailbomb relaying!

[Adam McKenna]

On Sun, Jul 23, 2000 at 04:21:53PM -0700, Eric Cox wrote:
> There is a very good explanation for that.  It's because a large ISPs 
> that block the ORBS tester become a ready-made repository of open 
> relays for spammers to use. That is assuming they don't also 
> vigilantly patrol their own netspace for spammers.
> 
> Some would argue that MAPS abused their position when they listed 
> ORBS - they do have a competing service, do they not?

By using the word "competing", you're implying that admins have a choice of
running one or the other, but not both.  This isn't the case.  Admins can run
any combination of RSS, RBL, ORBS and DUL (not to mention several other
similar services).

--Adam

Re: orbs.org accuses qmail of mailbomb relaying!

[Eric Cox]

Russell Nelson wrote:
> 
> David Dyer-Bennet writes:
>  > Russell Nelson <[EMAIL PROTECTED]> writes on 22 July 2000 at 09:15:45 -0400
>  >
>  >  > Alan is the south end of a horse going north.  Given the way he runs
>  >  > orbs.org and the accusations he makes of people, I'm amazed that
>  >  > anyone uses ORBS.
>  >
>  > Ugly all around.
> 
> Yup.  I'm just going by history here.  MAPS has never abused their
> position, whereas ORBS is known to block non-spammers simply because
> they refuse to allow ORBS to scan them.


There is a very good explanation for that.  It's because a large ISPs 
that block the ORBS tester become a ready-made repository of open 
relays for spammers to use. That is assuming they don't also 
vigilantly patrol their own netspace for spammers.

Some would argue that MAPS abused their position when they listed 
ORBS - they do have a competing service, do they not?


Eric

Re: orbs.org accuses qmail of mailbomb relaying!

[Eric Cox]

Russ Allbery wrote:
> 
> Eric Cox <[EMAIL PROTECTED]> writes:
> 
> > But in the last one, when ORBS listed in the RBL, ORBS was totally in
> > the right.  I saw grown men, (admins!) trying to defend the position
> > that by ORBS sending up to 16 messages through their servers a few times
> > a _year_, ORBS was abusing the email system.
> 
> You're aware that some machines *which didn't relay* were being tested by
> ORBS as frequently as once a *day*, aren't you?  Or are you just going by
> Alan Brown's account of what he does, which tends to be a little...
> sanitized?

Once a day?  Doesn't the test take almost a week?  It did in my case.

And no, I don't believe anything unless I test it myself.  During the last 
bruhaha, I reported my own mailer as an open relay, so I could have it 
tested.  After it was tested, I reported it again, to which ORBS responded 
that it had been tested recently, and could not be tested again for 30/60/90 
days (I don't remember which).  During the original test, I recieved 2 of the 
16 or so test messages in my admin box.  Considering the ORBS list blocks 
between 10 and 30 spams a day, even at my puny corporate site, I don't mind 
one bit. (RBL blocks somewhere between 0 and 5 per day)

And, here are the results of my latest test, on the 7th of this month:
--
Database Check - 63.78.39.192 

 63.78.39.192 is not in the main automated open relay database 
--

and, if I try to get it checked again:
--
--> 63.78.39.192 has previously been tested by ORBS and doesn't seem to permit
relay.
--

It seems to me that if ORBS is testing every day, there's some kind of 
problem.  Why not try to work with them to get the problem fixed, instead 
of declaring "nuke the site from orbit" immediately?


> You're also aware that ORBS continues to spam the postmasters of machines
> which have never relayed in their entire existence?

Wasn't aware of that.

> You're also aware that ORBS provides a service to spammers, providing a
> downloadable database of open relays and essentially inviting spammers to
> please use them?  

All of which are blocked by ORBS.  RBL provides a similar list of 
spam-friendly domains, all of which are blocked by RBL.  What's your 
point?

> That, all by itself, is entirely and completely within
> the domain of spam support services and should get them put directly on
> the RBL.  I think it's actually rather inconsistent of the RBL that
> they're *not* on it for doing that, although I can understand the
> political reasons for not doing so given that Alan Brown seems to have an
> endless capacity for duping people like yourself who aren't looking at
> what's actually going on and are buying his stories hook, line, and
> sinker.

Hardly.  You've got it completely backwards.  I'm looking at my own spam 
numbers (that's what going on), and seeing that ORBS is helping much more 
than MAPS.  

Whatever happened to helping other people make their services better, 
rather than declaring all-out war on them and trying to destroy them? 
We're misplacing all of the anger that we have for spammers onto ORBS 
simply because a few test messages find their way in just like spam, 
and declaring war without even thinking it through.

Eric

Re: orbs.org accuses qmail of mailbomb relaying!

[Nathan J. Mehl]

In the immortal words of Eric Cox ([EMAIL PROTECTED]):
> 
> I can't comment on this latest battle of wills between MAPS and 
> ORBS, because I know nothing of BGP routing.  But in the last one, 
> when ORBS listed in the RBL, ORBS was totally in the right.  I saw 
> grown men, (admins!) trying to defend the position that by ORBS 
> sending up to 16 messages through their servers a few times a _year_, 
> ORBS was abusing the email system.  Mind you, these were servers 
> that relayed 200K to a million messages a day - the ORBS tests 
> amounted to a tiny fraction a of fraction of the spam it would 
> have prevented.

Were those messages:

- sent in bulk?  Yes.

- unsolicited by the owner of the server?  Almost always.

- impossible to opt out of except by blocking the sender's
  networks?  Completely.

This is an area where reasonable people may disagree.  If you believe
spam is defined by content, then no, the ORBS probes are not spam.
If, however, you believe that spam is defined by all or some subset of
the above criteria, then they are.  If you own your own network, you
craft your filters accordingly.

And please, please, please let's stop calling this a MAPS-vs-ORBS
issue.  This is ORBS vs. AboveNet, and Alan is trying desperatly to
bring MAPS into it for reasons which should be transparently obvious.
MAPS is not AboveNet, any more than DJB is the University of Illinois.

-n

-<[EMAIL PROTECTED]>
"Many argue that it is an outrage to expect Elián González to live in a place 
that tolerates no dissent or freedom of political expression. But I don't think
Miami is so bad."  (--Maureen Dowd)
-

Qmail 1.03

[Bob Ross]

I'm going to try and ask this the best I can.

I already have Qmail with TCP running, and has been doing so for almost
three years. I'm getting ready to change domain names.

The questoin is I want to add the new domain righ now so that users will be
able to collect mail sent to either domain to make the transiction easier.
Do I just add the new domain in the same locations as the old domain under
the /var/qmail/control files? to allow mail to [EMAIL PROTECTED] and mail to
[EMAIL PROTECTED] to show up in the same mailbox?.

This would allow me to setup the users much easier than just droping one and
dealing with all the support calls that will be generated.

Thanks
Bob Ross

Re: Solaris / DoS / Broken bare LF mailers / thousands of qmail-smtpd&qmail-queue procs

[Jamie Heilman]

>   - 3. The sending IP is using a broken mailer that's
> generating bare LFs, and this mailer regards the
> resulting temporary error code generated by qmail
> as 'Please try again straightaway'.
> 
> I'd be particularly interested to know if anyone has come
> across the 3rd possibility...

Yup, I see it happen on occasion.  I usually sniff the message off the wire
to see if its anything I care about then toss a deny rule into my tcprules
for that ip to stop the hammering.  Sending the remote party a message is
nice too though I rarely get any cluefull responses.

-- 
Jamie Heilman   http://wcug.wwu.edu/~jamie/
"We must be born with an intuition of mortality.  Before we know the words
 for it, before we know there are words, out we come bloodied and squalling
 with the knowledge that for all the compasses in the world, there's only
 direction, and time is its only measure."  -Rosencrantz

Re: qmailanalog compatible with multilog?

[Bruce Guenter]

On Sun, Jul 23, 2000 at 07:20:31PM -, John Conover wrote:
> Is qmailanalog compatible with multilog when qmail is run under tcpserver?

Yes and no.  Multilog produces tai64n timestamps, while qmailanalog only
understands the older tai timestamps.  A couple of conversion programs
exist.
-- 
Bruce Guenter <[EMAIL PROTECTED]>   http://em.ca/~bruceg/

 PGP signature

Re: qmailanalog compatible with multilog?

[Ronny Haryanto]

On 23-Jul-2000, John Conover wrote:
> Is qmailanalog compatible with multilog when qmail is run under tcpserver?

I'm using qmailanalog 0.70 and I need to pipe the logs to tai64nfrac
first before feeding them to matchup. You can find tai64nfrac from
http://qmail.org/top.html

Ronny

qmailanalog compatible with multilog?

[John Conover]

Is qmailanalog compatible with multilog when qmail is run under tcpserver?

Thanks,

John

-- 

John ConoverTel. 408.370.2688  [EMAIL PROTECTED]
631 Lamont Ct.  Cel. 408.772.7733
Campbell, CA 95008  Fax. 408.379.9602  http://www.johncon.com

Re: Solaris / DoS / Broken bare LF mailers / thousands of qmail-smtpd&qmail-queue procs

[Charles Cazabon]

Andrew <[EMAIL PROTECTED]> wrote:
>   - 3. The sending IP is using a broken mailer that's
> generating bare LFs, and this mailer regards the
> resulting temporary error code generated by qmail
> as 'Please try again straightaway'.
>
> I'd be particularly interested to know if anyone has come
> across the 3rd possibility...

Some versions of MS Exchange are known to do this; I don't remember if it's 
currently fixed or not.  There may be other NT-based MTAs which also do
this (Lotus?).

Best bet is to find the IP in question, and connect to its SMTP port.  If
it's a broken MTA, try to contact its postmaster and encourage them to get
the latest update or patch.

Charles 
--
---
Charles Cazabon<[EMAIL PROTECTED]>
GPL'ed software available at:  http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
---

Solaris / DoS / Broken bare LF mailers / thousands of qmail-smtpd&qmail-queue procs

[Andrew]

Hi All,

Going through the archives to research a problem I've
"seen with my own eyes", I'd appreciate any feedback,
war stories, comments from readers of this list:

I'm working with a company that sometimes sees it's
qmail servers take a huge hit, with very many qmail-smtpd
and qmail-queue processes suddenly appearing. This
appears superficially to be a DoS attack, and I understand
that high numbers of SMTP connections originate from the
same source IP. Qmail is setup under Solaris 2.7.

Reading through the archives, there appear to be various
possibilities:
  - 1. It really is a malicious DoS attack.
  - 2. Solaris is broken (esp. posts on this list from TAG on
7th June and 8th June)
  - 3. The sending IP is using a broken mailer that's
generating bare LFs, and this mailer regards the
resulting temporary error code generated by qmail
as 'Please try again straightaway'.

I'd be particularly interested to know if anyone has come
across the 3rd possibility...

Note that the systems concerned don't currently use
the fixcrio filter - but I don't necessarily want to use this
for fear of breaking perfectly good E-mails at the same time.

I'd appreciate your comments on this.

cheers,

Andrew.

Re: Want to know your potential multiple recipient savings?

[markd]

On Sun, Jul 23, 2000 at 10:08:16AM -0700, John White wrote:
> On Sat, Jul 22, 2000 at 12:45:57PM -0700, [EMAIL PROTECTED] wrote:
> > o Aggregation is by FQDN, not MX target
> 
> Again, why?  I thought the whole argument was to trade speed for
> "network good-neighbor"-ness.

Again, laziness. The perl script doesn't do any DNS lookups - it just
reads a log file and gives a (hopefully) moderately useful hint. Sure it's
not perfect, but it's got to be better starting point than all that
speculation...


Regards.

Re: Want to know your potential multiple recipient savings?

[markd]

On Sun, Jul 23, 2000 at 10:06:57AM -0700, John White wrote:
> On Sat, Jul 22, 2000 at 12:45:57PM -0700, [EMAIL PROTECTED] wrote:
> > o DNS overhead is not counted
> 
> I'm still not clear why this isn't counted.  I mean, it -is-
> part of the traffic, is it not?  Is it your contention that
> there's no difference in the dns traffic between the two
> methods?

Laziness. A perl script that's scanning qmail logs has no easy access
to this information.


Regards.

Re: Want to know your potential multiple recipient savings?

[John White]

On Sat, Jul 22, 2000 at 12:45:57PM -0700, [EMAIL PROTECTED] wrote:
> o Aggregation is by FQDN, not MX target

Again, why?  I thought the whole argument was to trade speed for
"network good-neighbor"-ness.

John

Re: Want to know your potential multiple recipient savings?

[John White]

On Sat, Jul 22, 2000 at 12:45:57PM -0700, [EMAIL PROTECTED] wrote:
> o DNS overhead is not counted

I'm still not clear why this isn't counted.  I mean, it -is-
part of the traffic, is it not?  Is it your contention that
there's no difference in the dns traffic between the two
methods?

John

Re: Attitude

[David Dyer-Bennet]

Adam McKenna <[EMAIL PROTECTED]> writes on 23 July 2000 at 02:49:36 -0400
 > On Sun, Jul 23, 2000 at 12:37:55AM -0500, David Dyer-Bennet wrote:
 > > Probably our responses are by now somewhat cryptic, encoded in local
 > > language that's completely clear to those of us who've been through
 > > the argument umpteen times before.  And which is probably NOT clear to
 > > you; sorry about that!  
 > 
 > Yes, let me translate for David:
 > 
 > "Shut Up and Go Away"

Thanks, but actually I didn't mean anything of the sort.  
-- 
Photos: http://dd-b.lighthunters.net/ Minicon: http://www.mnstf.org/minicon
Bookworms: http://ouroboros.demesne.com/ SF: http://www.dd-b.net/dd-b 
David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED]

Re: Want to know your potential multiple recipient savings?

[markd]

On Sun, Jul 23, 2000 at 08:14:57AM -0400, Russell Nelson wrote:
> [EMAIL PROTECTED] writes:
>  > This results is indicative at best - here are some caveats:
>  > 
>  > o DNS overhead is not counted
> 
> In his measurements that indicated that qmail used less bandwidth in
> real-life situations than sendmail, Dan counted the DNS traffic due to 
> sendmail.  You'd have to.

Of course. All I want this script to do is give people a hint as to
whether they're wasting their time worrying about it or not.

If the hint says "don't even bother thinking about it", good. If it says
"hey man you *may* be able to save a lot of bandwidth" good. At least
it's a starting point to work from.

Since many claim (myself included) that most people will end up in the
don't even bother thinking about it" camp, the caveats are intended
to make the hint conservative so that no one can accuse it of favouring
qmail. In other words, this script is doing everything it can to trend
the numbers against qmail - I don't think that's going to significantly
change the outcome that most people get.


Regards.

Re: r all these possible with qmail

[wolfgang zeikat]

see http://cr.yp.to/qmail/faq.html
and Life with qmail at http://Web.InfoAve.Net/~dsill/lwq.html
for answers to at least some of your questions.

r all these possible with qmail

[reach_prashant]

hello friends 
 

  i am planning to config qmail server for a big production system ,
but am confused what to use (sendmail or qmail) , i am a newbie as far as 
qmail is concern , but was using sendmail for past some time 

 i have installed and tested qmail  , but still  have some doubts 
 , please help me   

 1> how can i load balance as well as run redundent qmail processes ( like
qmaild,qmail-smtpd , others ) 

   so that in case  of  some software/hardware failure will not cause any
mail  service outage 

2> how can i tell my qmail to relay  just for some range of ip networks 

3> how can i tell my qmail  to accept mails only from  those domains who
have valid DNS  MX records 

4> suppose my mail server is accepting mails for  first.com ,second.com etc
 domains  ,

 so how can i masquarade mails relayed through my qmail-SMTP server ( that
coming from SMTP clients like microsoft's outlook , netscape messanger etc
clients)

 means  if UID belongs to  first.domain  then it should be masquaraded as
[EMAIL PROTECTED]   if otheruser belongs to second domain then it should go as
a [EMAIL PROTECTED]  


 i think  in SMTP  it simply passes address that user had configured in
his/her SMTP  client  , so how to masquarade that address with 

qmail, 

  

5>  users belonging to same domain  can have mailboxes on seperate hosts 

 i am using qmail-ldap patch 

in which there are atteributes like 

MailMessageStore
Mailhost  

 but its not working 
for say  "user1" have id "[EMAIL PROTECTED]" with 
MailMessageStore :  /home/user1/email/Maildir
Mailhost : Host1

and  "USER2" have ID  "[EMAIL PROTECTED] "   with 
MailMessageStore : /home/USER2/email/Maildir
Mailhost : host2


both these are virtual users and does't have system account , they are
there in LDAP  , 

have ~/control/ldapuid
 ~/control/ldapgid 

 having  uid  and gid  of one system user that i have created just to
specify  here (in ldapuid,ldapgid control  file)   

 this user owns  home directory   of all the users  who doent have system
account and just have LDAP account  

 but my  problem  is when i specify diff MailHost ? ( other then the host
on which i have created that special system user)  who should own 
homedir/maildir   on that other Mailhost  , 

 is there any work around for this problem 

with warmest regards 

thanks a lot 
Prashant Desai 

Re: Want to know your potential multiple recipient savings?

[Frank Tegtmeyer]

> In his measurements that indicated that qmail used less bandwidth in
> real-life situations than sendmail, Dan counted the DNS traffic due to 
> sendmail.

And I have never seen numbers, only Dan's claims. It's hard to argue using 
them without being backed up by numbers.

Regards, Frank

Re: orbs.org accuses qmail of mailbomb relaying!

[Peter van Dijk]

On Sun, Jul 23, 2000 at 08:22:41AM -0400, Russell Nelson wrote:
> David Dyer-Bennet writes:
>  > Russell Nelson <[EMAIL PROTECTED]> writes on 22 July 2000 at 09:15:45 -0400
>  > 
>  >  > Alan is the south end of a horse going north.  Given the way he runs
>  >  > orbs.org and the accusations he makes of people, I'm amazed that
>  >  > anyone uses ORBS.
>  > 
>  > Ugly all around.
> 
> Yup.  I'm just going by history here.  MAPS has never abused their
> position, whereas ORBS is known to block non-spammers simply because
> they refuse to allow ORBS to scan them.

Argh. Get that misconception *out your head*.

People who disallow ORBS to scan them get listed as *untestable*, not as
*open relays*. ORBS doesn't block. It provides listing which admins can use
to block, or tag, or defer, or *whatever*. It leaves the choice of blocking
only open relays or also untestable hosts to the *admin*.

That djb's rblsmtpd implemented this incorrectly is not Alan's (Brown, the
ORBS dude) fault.

Hint: use outputs.orbs.org instead of relays.orbs.org if your RBL-checker
is buggy. That way it will only block open relays and allow untested hosts
through.

Greetz, Peter.
-- 
[EMAIL PROTECTED] - Peter van Dijk [student:developer:ircoper]

Re: orbs.org accuses qmail of mailbomb relaying!

[Russell Nelson]

David Dyer-Bennet writes:
 > Russell Nelson <[EMAIL PROTECTED]> writes on 22 July 2000 at 09:15:45 -0400
 > 
 >  > Alan is the south end of a horse going north.  Given the way he runs
 >  > orbs.org and the accusations he makes of people, I'm amazed that
 >  > anyone uses ORBS.
 > 
 > Ugly all around.

Yup.  I'm just going by history here.  MAPS has never abused their
position, whereas ORBS is known to block non-spammers simply because
they refuse to allow ORBS to scan them.

-- 
-russ nelson <[EMAIL PROTECTED]>  http://russnelson.com
Crynwr sells support for free software  | PGPok | Tornadoes, earthquakes,
521 Pleasant Valley Rd. | +1 315 268 1925 voice | hurricanes and government:
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   | uncontrollable forces

Re: Want to know your potential multiple recipient savings?

[Russell Nelson]

[EMAIL PROTECTED] writes:
 > This results is indicative at best - here are some caveats:
 > 
 > o DNS overhead is not counted

In his measurements that indicated that qmail used less bandwidth in
real-life situations than sendmail, Dan counted the DNS traffic due to 
sendmail.  You'd have to.

-- 
-russ nelson <[EMAIL PROTECTED]>  http://russnelson.com
Crynwr sells support for free software  | PGPok | Tornadoes, earthquakes,
521 Pleasant Valley Rd. | +1 315 268 1925 voice | hurricanes and government:
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   | uncontrollable forces

Re: Duplicate Msgs

[Russell Nelson]

Sumith Ail writes:
 > Hi All...
 > 
 > My Setup qmail+vpopmail. I'd like to eliminate
 > duplicate msgs... so I installed eliminate-dup package
 > and made the necessary .qmail file under
 > /home/vpopmail/domains/test.com/sumith/
 > 
 > now instead of only the duplicate msgs getting deleted
 > all the messages are getting deleted... Any IDEA whats
 > going wrong

What does the log file say about those deliveries?

-- 
-russ nelson <[EMAIL PROTECTED]>  http://russnelson.com
Crynwr sells support for free software  | PGPok | Tornadoes, earthquakes,
521 Pleasant Valley Rd. | +1 315 268 1925 voice | hurricanes and government:
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   | uncontrollable forces

Re: Attitude

[Russell Nelson]

Adam McKenna writes:
 > On Sun, Jul 23, 2000 at 12:37:55AM -0500, David Dyer-Bennet wrote:
 > > Probably our responses are by now somewhat cryptic, encoded in local
 > > language that's completely clear to those of us who've been through
 > > the argument umpteen times before.  And which is probably NOT clear to
 > > you; sorry about that!  
 > 
 > Yes, let me translate for David:
 > 
 > "Shut Up and Go Away"

No, that's unfair to David.  He's not saying that.  Instead, he's
(collectively) apologizing for an attempt to short-circuit the topic.
It's not a question of attitude, it's a question of "That's a basic
design decision of qmail.  You cannot easily change it.  Therefore, if
you find that an actual problem is created (as opposed to a perceived
problem), you should switch to a different MTA."

-- 
-russ nelson <[EMAIL PROTECTED]>  http://russnelson.com
Crynwr sells support for free software  | PGPok | Tornadoes, earthquakes,
521 Pleasant Valley Rd. | +1 315 268 1925 voice | hurricanes and government:
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   | uncontrollable forces

Re: poor performance under tcpserver

[asantos]

From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
>compared to time taken by qmail-smtpd running under tcpserver  may be i
>have done  some bad config of tcpserver as i dont know much about tcpserver


Add -R to tcpserver. Probably its taking that much time because it is trying
to ident the remote host.
http://binarios.com/miscnotes/ucspi-tcp.html#_tcpserver might come in handy
to check all the parameters.

Armando

Checkpoppasswd again! HELP!!!

[Manav]

Hi All, I am a newbie to linux and qmail (it couldnt go any worse!), but even
after seeing numerous posts on the topic, I still couldnt configure my qmail.

1. Installed qmail according to instructions by DBJ.
 2. I now want support for multiple domains, so I followed the instructions by
PG. Here is what I have now:- 

/var/qmail/control/virtualdomains : zoot.com:zoot-com 

/var/qmail/control/rcpthosts : proton.com zoot.com 

(/var/qmail/control/locals does not contain zoot.com ) 

/var/qmail/users/assign :
=zoot-com-joe:popuser:510:503:/home/popuser/popboxes/zoot-com/joe 

where 510 is the UID and 503 is the GID of system user popuser. 

/var/qmail/users/poppasswd :
joe::popuser:/home/popuser/popboxes/zoot-com/joe 

/home/popuser/popboxes/zoot-com/joe/.qmail : ./Maildir/ 

/etc/inetd.conf : pop3 stream tcp nowait root /var/qmail/bin/qmail-popup
qmail-popup zoot.com /bin/checkpoppasswd /var/qmail/bin/qmail-pop3d Maildir 

Now the problem is, when i try to POP mails using Microsoft Outlook Express or
even telnet, it gives me "-ERR authentication failure". 
1. I use PG's mkpasswd.pl to generate the password. Once again the question is
what seed do i specify? If i dont specify any, then checkpoppasswd takes the
first two characters as seed, right? But it doesnt work! 
2. Do I need to have a new line for in /etc/inetd.conf for each domain that I
support? 
3. Is there a single document (is that asking too much?) that specifies the
intricacies involved with installing qmail and other patches? 

TIA, 
Manavendra Gupta. 




Get free email and a permanent address at http://www.netaddress.com/?N=1

poor performance under tcpserver

[reach_prashant]

  hi friends 
  thanks for your help , now the system is working perfectly , ecxcept one
problem   

  i have observed that when i run qmail-smtpd under inetd.conf   , the
responce time ( time it will take to go mails from microsofts outlook or
other mailclient  or even perl programe of www interface is much much less)
 from qmail-smtpd
  
compared to time taken by qmail-smtpd running under tcpserver  may be i
have done  some bad config of tcpserver as i dont know much about tcpserver
  
 i have just installed  V 0.88 of ucspi-tcpserver programme with 
qmail-ldap  ,

installation  of tcpserver is default ( i have just untared
ucspi-tcpserver tarball then  make setup check ,make install etc  )

   and got tcpserver bin files in /usr/local/bin/



  if you have any idea then please tell me what could be the reason  
its (qmail-smtpd) really really taking much time (2-3 times) under
tcpserver then under inetd.conf  
  
  thanks once again

 with warmest regards 
 Prashant Desai

qmail Digest 23 Jul 2000 10:00:01 -0000 Issue 1071

[qmail-digest-help]

qmail Digest 23 Jul 2000 10:00:01 - Issue 1071

Topics (messages 45269 through 45348):

Re: orbs.org accuses qmail of mailbomb relaying!
45269 by: Michael T. Babcock
45270 by: Michael T. Babcock
45271 by: Michael T. Babcock
45272 by: Michael T. Babcock
45273 by: Michael T. Babcock
45274 by: Michael T. Babcock
45275 by: Michael T. Babcock
45276 by: Michael T. Babcock
45278 by: Michael T. Babcock
45279 by: Russell Nelson
45280 by: Russell Nelson
45281 by: Russell Nelson
45285 by: Peter van Dijk
45294 by: Pavel Kankovsky
45297 by: Michael T. Babcock
45298 by: Michael T. Babcock
45307 by: John White
45312 by: Michael T. Babcock
45313 by: Peter van Dijk
45314 by: Michael T. Babcock
45319 by: Russ Allbery
45320 by: Michael T. Babcock
45321 by: Russ Allbery
45324 by: Eric Cox
45329 by: Joe Kelsey
45331 by: Joe Kelsey
45336 by: David Dyer-Bennet
45338 by: David Dyer-Bennet
45339 by: David Dyer-Bennet
45340 by: Russ Allbery
45344 by: Adam McKenna
45346 by: Eric Cox
45348 by: Russ Allbery

Attitude
45277 by: Michael T. Babcock
45289 by: markd.bushwire.net
45337 by: David Dyer-Bennet
45345 by: Adam McKenna

Duplicate Msgs
45282 by: Sumith Ail

Re: qmqpc load balancing
45283 by: Russell Nelson
45311 by: Michael T. Babcock
45333 by: Austad, Jay

Yet another /var/spool/mail questions
45284 by: David Bouw

"Filters have been made for Sendmail and Postfix to deal with this issue" : and qmail 
???
45286 by: Olivier M.
45291 by: asantos
45292 by: Olivier M.
45293 by: asantos
45342 by: Bruce Guenter
45343 by: Bruce Guenter

some broken mailer [[EMAIL PROTECTED]: Returned mail: User unknown]
45287 by: Peter van Dijk

another broken mailer [[EMAIL PROTECTED]: Returned Mail: user 
[EMAIL PROTECTED] unknown!]
45288 by: Peter van Dijk
45296 by: Aaron L. Meehan
45316 by: Michael T. Babcock

Re: another broken mailer
45290 by: asantos

Want to know your potential multiple recipient savings?
45295 by: markd.bushwire.net
45341 by: Bruce Guenter

Re: Unable to send a huge file
45299 by: Michael T. Babcock

Re: Permissions Dilemma?
45300 by: Michael T. Babcock

Re: [spam score 2.14/10.0 -pobox] qmqpc load balancing
45301 by: Michael T. Babcock

Re: minifaq
45302 by: Michael T. Babcock

Re: remote load management, was orbs.org nonsense
45303 by: John R. Levine
45318 by: Michael T. Babcock

procmail preline acting like a local user
45304 by: Jeff Gray

Re: Data in exel to Vpopmail
45305 by: Michael T. Babcock
45306 by: John R. Levine

Re: procmail preline acting like a local user (fwd)
45308 by: Jeff Gray

Re: Returned mail: User unknown]
45309 by: Michael T. Babcock

Re: Alan @ ORBS
45310 by: Michael T. Babcock

Re: procmail preline acting like a local user - again, sorry
45315 by: Jeff Gray
45322 by: asantos
45330 by: Jeff Gray

Re: another broken mailer - #2
45317 by: Michael T. Babcock

qmail: cannot mail to root
45323 by: jandeluyck.gmx.net
45325 by: John L. Fjellstad
45326 by: wolfgang zeikat
45327 by: jandeluyck.gmx.net
45328 by: Ricardo Cerqueira

Re: pop3 outgoing config issue
45332 by: Charles Cazabon

Re: qmail died again... 3x in 3 weeks
45334 by: Eric Cox

pop3 won't die
45335 by: Jeff Jones

Re: problem with virtual user
45347 by: Eric Cox

Administrivia:

To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]

To subscribe to the digest, e-mail:
[EMAIL PROTECTED]

To bug my human owner, e-mail:
[EMAIL PROTECTED]

To post to the list, e-mail:
[EMAIL PROTECTED]


--



If I say 'sendmail', you'll say 'see, you should've used qmail' ... but I'll
say 'and how many other sites are using sendmail that will appreciate it?'.

Just telll me the first time someone finds a really cool porn AVI on some
site and E-mails it to all of his collegues at a different office and the 25
or 30 copies all show up in parallel to the remote site.

PS, 2 months ago.

Petr Novotny wrote:

> On 21 Jul 00, at 11:17, Michael T. Babcock wrote:
>
> > > While you ponder the answer to those questions, qmail will have
> > > delivered the mail.
> >
> > Or crashed a mailserver.
>
> Please stop that. When was the last time you saw a crashed
> mailserver due to getting too many mails? And what was the
> software?





John White wrote:

> On Fri, Jul 21, 2000 at 11:20:00AM -0400, Michael T. Babcock wrote:
> > No, but if qmail 

Re: orbs.org accuses qmail of mailbomb relaying!

[Russ Allbery]

Eric Cox <[EMAIL PROTECTED]> writes:

> I can't comment on this latest battle of wills between MAPS and ORBS,
> because I know nothing of BGP routing.

Short version:  ORBS's upstream ISP is intentionally asking AboveNet to
advertise a netblock that includes ORBS despite AboveNet making it clear
precisely what will happen when they do that.  AboveNet is just obeying
their contract with their customer, essentially.  ORBS's upstream is
trying to solve the problems they're creating themselves by not dealing
with this some other way by advertising separate routes to ORBS space,
which should work fine, except that they can't seem to do it competently.

The contention that AboveNet is somehow intentionally attracting ORBS
traffic is hogwash; they're advertising what their customer is asking them
to advertise and have made very public precisely what their internal
blocks are.  The even more outrageous claim is that AboveNet is somehow
making the separate routes flap, which from all the available independent
evidence appears to be nothing more than either a pure lie or complete
ignorance.

ORBS has plenty to complain about with their immediate upstream, and in
fact the list of addresses on their web page to complain at (said web page
otherwise being full of horribly distorted misinformation) includes a
bunch of people at their immediate upstream.  But they're all bundled
under the category of MAPS people, when of course they have nothing to do
with MAPS at all, or AboveNet either for that matter.

And, of course, there's the minor point that I'm pretty sure AboveNet has
been blocking ORBS since long before they bought MIBH and aquired Vixie as
a VP.

> But in the last one, when ORBS listed in the RBL, ORBS was totally in
> the right.  I saw grown men, (admins!) trying to defend the position
> that by ORBS sending up to 16 messages through their servers a few times
> a _year_, ORBS was abusing the email system.

You're aware that some machines *which didn't relay* were being tested by
ORBS as frequently as once a *day*, aren't you?  Or are you just going by
Alan Brown's account of what he does, which tends to be a little...
sanitized?

You're also aware that ORBS continues to spam the postmasters of machines
which have never relayed in their entire existence?

You're also aware that ORBS provides a service to spammers, providing a
downloadable database of open relays and essentially inviting spammers to
please use them?  That, all by itself, is entirely and completely within
the domain of spam support services and should get them put directly on
the RBL.  I think it's actually rather inconsistent of the RBL that
they're *not* on it for doing that, although I can understand the
political reasons for not doing so given that Alan Brown seems to have an
endless capacity for duping people like yourself who aren't looking at
what's actually going on and are buying his stories hook, line, and
sinker.

-- 
Russ Allbery ([EMAIL PROTECTED]) 

Re: problem with virtual user

[Eric Cox]

Jens Georg wrote:
> 
> hi,
> 
> i have a little confusing problem with qmail:
> 
> i can send email to [EMAIL PROTECTED] (where bob is a real user), but i cannot
> send email to i.e. [EMAIL PROTECTED] where bobby is a virtual user. somebody
> can help me please ? this works sometimes, but after rebooting the machine
> i.e. sometimes i get a "sorry, no mailbox " message.

What does your config look like?

Eric

Re: orbs.org accuses qmail of mailbomb relaying!

[Eric Cox]

Russ Allbery wrote:
> 
> David Dyer-Bennet <[EMAIL PROTECTED]> writes:
> 
> > And either ORBS is blowing *amazing* clouds of smoke or MAPS is really
> > putting the boot in in their private way, in ways I can't approve of.
> 
> ORBS is blowing *amazing* clouds of smoke.  Either that, or Alan Brown has
> literally no clue whatsoever how Internet routing works.  This is one of
> the things that's rather annoying those of us who have heard a lot of the
> story from various sides.

Hi Russ!

I can't comment on this latest battle of wills between MAPS and 
ORBS, because I know nothing of BGP routing.  But in the last one, 
when ORBS listed in the RBL, ORBS was totally in the right.  I saw 
grown men, (admins!) trying to defend the position that by ORBS 
sending up to 16 messages through their servers a few times a _year_, 
ORBS was abusing the email system.  Mind you, these were servers 
that relayed 200K to a million messages a day - the ORBS tests 
amounted to a tiny fraction a of fraction of the spam it would 
have prevented.

And, as a result of above.net blocking ORBS, I find myself having 
to play whack-a-mole with spammers within above.net more and more 
each week - just reported one yesterday.

I suppose neither side is right, they're both being very childish 
about all this.

(My apologies to the list for keeping this OT thread going - I'll 
shut up now)


Eric