Re: orbs.org accuses qmail of mailbomb relaying!
David Dyer-Bennet [EMAIL PROTECTED] writes: And either ORBS is blowing *amazing* clouds of smoke or MAPS is really putting the boot in in their private way, in ways I can't approve of. ORBS is blowing *amazing* clouds of smoke. Either that, or Alan Brown has literally no clue whatsoever how Internet routing works. This is one of the things that's rather annoying those of us who have heard a lot of the story from various sides. -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/
Re: Want to know your potential multiple recipient savings?
On Sat, Jul 22, 2000 at 12:45:57PM -0700, [EMAIL PROTECTED] wrote: I've written a little perl script to analyze a qmail log. Have you looked at qmailanalog? Could it help you if it does not already do what you want? This scripts gives a hint as to what you might save in bandwidth if qmail supported multiple recipients. The zoverall script in qmailanalog will give you a maximum bound to this number. On my SMTP proxy (450MB over 9.5 days, not that big yet), a maximum of 20% could have been saved. This results is indicative at best - here are some caveats: o failed deliveries are not counted Reasonable, since nearly all failed deliveries will fail before the "DATA" command. o Aggregation is by FQDN, not MX target Which is the only reasonable way to do it. If you aggregate based on MX target, you need to do (and wait for!) DNS lookups on all recipients of each message. This is a good way of slowing things down for no real gain. o The incremental costs of subsequent deliveries via multiple recipients is assumed to be zero. Which is one of the contentious points in the whole discussion. This one *REALLY* needs some real-world measurements, which would be quite difficult to do. There will likely be a point (in terms of message size) where the time cost of opening up more connections (in parallel, remember) will be less than the cost of issuing another RCPT. You could simulate this by producing a test message, and (1) forking off N copies of qmail-remote with a single recipient, and (2) forking off 1 copy of qmail-remote with N recipients, and time how long it takes for the qmail-remotes to exit. Repeat with a series of message sizes. On my proxy again, the median size is around 3000 bytes (including headers), just as a guide for how to distribute the sizes. Make sure the system you benchmark with is far enough remote to cause significant latencies (100ms or worse), or try various systems with various latencies. Since the script is only lightly tested, I'm soliciting a few volunteers who are willing to run this script on their log files and send the results back to me (and/or the list if you so desire). I'd be willing to do this, I'm somewhat curious myself. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Filters have been made for Sendmail and Postfix to deal with this issue : and qmail ???
On Sat, Jul 22, 2000 at 05:49:51PM +0200, Olivier M. wrote:
Again a security problem with outlook : look at the announce
on securityfocus:
http://www.securityfocus.com/vdb/bottom.html?section=solutionvid=1481
Well, these filters are quite simple : but how could I setup such a workaround
on my old qmail server ? What about a /var/qmail/regexpreject ? What do you
think ? Could be a feature for a qmail 1.04... :)
Check out qmail-qfilter, and write a filter that looks for date lines
longer than 80 characters while copying the message. Reject any message
that contains them. In Perl (untested):
perl -p 'exit 31 if /^Date: .{80,}/oi'
And I didn't even need to patch qmail :-) (although qmail-qfilter works
best used with the rather trivial QMAILQUEUE patch).
--
Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/
PGP signature
Re: Filters have been made for Sendmail and Postfix to deal with this issue : and qmail ???
On Sun, Jul 23, 2000 at 12:27:36AM -0600, Bruce Guenter wrote:
On Sat, Jul 22, 2000 at 05:49:51PM +0200, Olivier M. wrote:
http://www.securityfocus.com/vdb/bottom.html?section=solutionvid=1481
Check out qmail-qfilter, and write a filter that looks for date lines
longer than 80 characters while copying the message. Reject any message
that contains them. In Perl (untested):
perl -p 'exit 31 if /^Date: .{80,}/oi'
Just to correct myself, the following Perl is more correct:
while() {
print;
last if /^\n$/o;
exit 31 if /^Date: .{80,}/oi;
}
while() {
print;
}
--
Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/
PGP signature
Re: orbs.org accuses qmail of mailbomb relaying!
On Sat, Jul 22, 2000 at 04:18:21PM -0400, Michael T. Babcock wrote: You've just missed a point of Qmail though. If a major point of Qmail's existence is to provide reliable E-mail delivery, then this _must_ include cooperating with other MTAs (without violating standards) at least enough to keep from crashing / giving them headaches so that we don't 'encourage' them to lose mail ... (through failures of their own). Sorry, but no. Reliability is preserved. If the remote mailer is not available, for whatever reason, qmail will queue the mail and retry again later. --Adam
Re: Attitude
On Sun, Jul 23, 2000 at 12:37:55AM -0500, David Dyer-Bennet wrote: Probably our responses are by now somewhat cryptic, encoded in local language that's completely clear to those of us who've been through the argument umpteen times before. And which is probably NOT clear to you; sorry about that! Yes, let me translate for David: "Shut Up and Go Away" --Adam
Re: orbs.org accuses qmail of mailbomb relaying!
Russ Allbery wrote: David Dyer-Bennet [EMAIL PROTECTED] writes: And either ORBS is blowing *amazing* clouds of smoke or MAPS is really putting the boot in in their private way, in ways I can't approve of. ORBS is blowing *amazing* clouds of smoke. Either that, or Alan Brown has literally no clue whatsoever how Internet routing works. This is one of the things that's rather annoying those of us who have heard a lot of the story from various sides. Hi Russ! I can't comment on this latest battle of wills between MAPS and ORBS, because I know nothing of BGP routing. But in the last one, when ORBS listed in the RBL, ORBS was totally in the right. I saw grown men, (admins!) trying to defend the position that by ORBS sending up to 16 messages through their servers a few times a _year_, ORBS was abusing the email system. Mind you, these were servers that relayed 200K to a million messages a day - the ORBS tests amounted to a tiny fraction a of fraction of the spam it would have prevented. And, as a result of above.net blocking ORBS, I find myself having to play whack-a-mole with spammers within above.net more and more each week - just reported one yesterday. I suppose neither side is right, they're both being very childish about all this. (My apologies to the list for keeping this OT thread going - I'll shut up now) Eric
Re: problem with virtual user
Jens Georg wrote: hi, i have a little confusing problem with qmail: i can send email to [EMAIL PROTECTED] (where bob is a real user), but i cannot send email to i.e. [EMAIL PROTECTED] where bobby is a virtual user. somebody can help me please ? this works sometimes, but after rebooting the machine i.e. sometimes i get a "sorry, no mailbox " message. What does your config look like? Eric
Re: orbs.org accuses qmail of mailbomb relaying!
Eric Cox [EMAIL PROTECTED] writes: I can't comment on this latest battle of wills between MAPS and ORBS, because I know nothing of BGP routing. Short version: ORBS's upstream ISP is intentionally asking AboveNet to advertise a netblock that includes ORBS despite AboveNet making it clear precisely what will happen when they do that. AboveNet is just obeying their contract with their customer, essentially. ORBS's upstream is trying to solve the problems they're creating themselves by not dealing with this some other way by advertising separate routes to ORBS space, which should work fine, except that they can't seem to do it competently. The contention that AboveNet is somehow intentionally attracting ORBS traffic is hogwash; they're advertising what their customer is asking them to advertise and have made very public precisely what their internal blocks are. The even more outrageous claim is that AboveNet is somehow making the separate routes flap, which from all the available independent evidence appears to be nothing more than either a pure lie or complete ignorance. ORBS has plenty to complain about with their immediate upstream, and in fact the list of addresses on their web page to complain at (said web page otherwise being full of horribly distorted misinformation) includes a bunch of people at their immediate upstream. But they're all bundled under the category of MAPS people, when of course they have nothing to do with MAPS at all, or AboveNet either for that matter. And, of course, there's the minor point that I'm pretty sure AboveNet has been blocking ORBS since long before they bought MIBH and aquired Vixie as a VP. But in the last one, when ORBS listed in the RBL, ORBS was totally in the right. I saw grown men, (admins!) trying to defend the position that by ORBS sending up to 16 messages through their servers a few times a _year_, ORBS was abusing the email system. You're aware that some machines *which didn't relay* were being tested by ORBS as frequently as once a *day*, aren't you? Or are you just going by Alan Brown's account of what he does, which tends to be a little... sanitized? You're also aware that ORBS continues to spam the postmasters of machines which have never relayed in their entire existence? You're also aware that ORBS provides a service to spammers, providing a downloadable database of open relays and essentially inviting spammers to please use them? That, all by itself, is entirely and completely within the domain of spam support services and should get them put directly on the RBL. I think it's actually rather inconsistent of the RBL that they're *not* on it for doing that, although I can understand the political reasons for not doing so given that Alan Brown seems to have an endless capacity for duping people like yourself who aren't looking at what's actually going on and are buying his stories hook, line, and sinker. -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/
qmail Digest 23 Jul 2000 10:00:01 -0000 Issue 1071
qmail Digest 23 Jul 2000 10:00:01 - Issue 1071 Topics (messages 45269 through 45348): Re: orbs.org accuses qmail of mailbomb relaying! 45269 by: Michael T. Babcock 45270 by: Michael T. Babcock 45271 by: Michael T. Babcock 45272 by: Michael T. Babcock 45273 by: Michael T. Babcock 45274 by: Michael T. Babcock 45275 by: Michael T. Babcock 45276 by: Michael T. Babcock 45278 by: Michael T. Babcock 45279 by: Russell Nelson 45280 by: Russell Nelson 45281 by: Russell Nelson 45285 by: Peter van Dijk 45294 by: Pavel Kankovsky 45297 by: Michael T. Babcock 45298 by: Michael T. Babcock 45307 by: John White 45312 by: Michael T. Babcock 45313 by: Peter van Dijk 45314 by: Michael T. Babcock 45319 by: Russ Allbery 45320 by: Michael T. Babcock 45321 by: Russ Allbery 45324 by: Eric Cox 45329 by: Joe Kelsey 45331 by: Joe Kelsey 45336 by: David Dyer-Bennet 45338 by: David Dyer-Bennet 45339 by: David Dyer-Bennet 45340 by: Russ Allbery 45344 by: Adam McKenna 45346 by: Eric Cox 45348 by: Russ Allbery Attitude 45277 by: Michael T. Babcock 45289 by: markd.bushwire.net 45337 by: David Dyer-Bennet 45345 by: Adam McKenna Duplicate Msgs 45282 by: Sumith Ail Re: qmqpc load balancing 45283 by: Russell Nelson 45311 by: Michael T. Babcock 45333 by: Austad, Jay Yet another /var/spool/mail questions 45284 by: David Bouw "Filters have been made for Sendmail and Postfix to deal with this issue" : and qmail ??? 45286 by: Olivier M. 45291 by: asantos 45292 by: Olivier M. 45293 by: asantos 45342 by: Bruce Guenter 45343 by: Bruce Guenter some broken mailer [[EMAIL PROTECTED]: Returned mail: User unknown] 45287 by: Peter van Dijk another broken mailer [[EMAIL PROTECTED]: Returned Mail: user [EMAIL PROTECTED] unknown!] 45288 by: Peter van Dijk 45296 by: Aaron L. Meehan 45316 by: Michael T. Babcock Re: another broken mailer 45290 by: asantos Want to know your potential multiple recipient savings? 45295 by: markd.bushwire.net 45341 by: Bruce Guenter Re: Unable to send a huge file 45299 by: Michael T. Babcock Re: Permissions Dilemma? 45300 by: Michael T. Babcock Re: [spam score 2.14/10.0 -pobox] qmqpc load balancing 45301 by: Michael T. Babcock Re: minifaq 45302 by: Michael T. Babcock Re: remote load management, was orbs.org nonsense 45303 by: John R. Levine 45318 by: Michael T. Babcock procmail preline acting like a local user 45304 by: Jeff Gray Re: Data in exel to Vpopmail 45305 by: Michael T. Babcock 45306 by: John R. Levine Re: procmail preline acting like a local user (fwd) 45308 by: Jeff Gray Re: Returned mail: User unknown] 45309 by: Michael T. Babcock Re: Alan @ ORBS 45310 by: Michael T. Babcock Re: procmail preline acting like a local user - again, sorry 45315 by: Jeff Gray 45322 by: asantos 45330 by: Jeff Gray Re: another broken mailer - #2 45317 by: Michael T. Babcock qmail: cannot mail to root 45323 by: jandeluyck.gmx.net 45325 by: John L. Fjellstad 45326 by: wolfgang zeikat 45327 by: jandeluyck.gmx.net 45328 by: Ricardo Cerqueira Re: pop3 outgoing config issue 45332 by: Charles Cazabon Re: qmail died again... 3x in 3 weeks 45334 by: Eric Cox pop3 won't die 45335 by: Jeff Jones Re: problem with virtual user 45347 by: Eric Cox Administrivia: To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To subscribe to the digest, e-mail: [EMAIL PROTECTED] To bug my human owner, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] -- If I say 'sendmail', you'll say 'see, you should've used qmail' ... but I'll say 'and how many other sites are using sendmail that will appreciate it?'. Just telll me the first time someone finds a really cool porn AVI on some site and E-mails it to all of his collegues at a different office and the 25 or 30 copies all show up in parallel to the remote site. PS, 2 months ago. Petr Novotny wrote: On 21 Jul 00, at 11:17, Michael T. Babcock wrote: While you ponder the answer to those questions, qmail will have delivered the mail. Or crashed a mailserver. Please stop that. When was the last time you saw a crashed mailserver due to getting too many mails? And what was the software? John White wrote: On Fri, Jul 21, 2000 at 11:20:00AM -0400, Michael T. Babcock wrote: No, but if qmail is making the
poor performance under tcpserver
hi friends thanks for your help , now the system is working perfectly , ecxcept one problem i have observed that when i run qmail-smtpd under inetd.conf , the responce time ( time it will take to go mails from microsofts outlook or other mailclient or even perl programe of www interface is much much less) from qmail-smtpd compared to time taken by qmail-smtpd running under tcpserver may be i have done some bad config of tcpserver as i dont know much about tcpserver i have just installed V 0.88 of ucspi-tcpserver programme with qmail-ldap , installation of tcpserver is default ( i have just untared ucspi-tcpserver tarball then make setup check ,make install etc ) and got tcpserver bin files in /usr/local/bin/ if you have any idea then please tell me what could be the reason its (qmail-smtpd) really really taking much time (2-3 times) under tcpserver then under inetd.conf thanks once again with warmest regards Prashant Desai
Checkpoppasswd again! HELP!!!
Hi All, I am a newbie to linux and qmail (it couldnt go any worse!), but even after seeing numerous posts on the topic, I still couldnt configure my qmail. 1. Installed qmail according to instructions by DBJ. 2. I now want support for multiple domains, so I followed the instructions by PG. Here is what I have now:- /var/qmail/control/virtualdomains : zoot.com:zoot-com /var/qmail/control/rcpthosts : proton.com zoot.com (/var/qmail/control/locals does not contain zoot.com ) /var/qmail/users/assign : =zoot-com-joe:popuser:510:503:/home/popuser/popboxes/zoot-com/joe where 510 is the UID and 503 is the GID of system user popuser. /var/qmail/users/poppasswd : joe::popuser:/home/popuser/popboxes/zoot-com/joe /home/popuser/popboxes/zoot-com/joe/.qmail : ./Maildir/ /etc/inetd.conf : pop3 stream tcp nowait root /var/qmail/bin/qmail-popup qmail-popup zoot.com /bin/checkpoppasswd /var/qmail/bin/qmail-pop3d Maildir Now the problem is, when i try to POP mails using Microsoft Outlook Express or even telnet, it gives me "-ERR authentication failure". 1. I use PG's mkpasswd.pl to generate the password. Once again the question is what seed do i specify? If i dont specify any, then checkpoppasswd takes the first two characters as seed, right? But it doesnt work! 2. Do I need to have a new line for in /etc/inetd.conf for each domain that I support? 3. Is there a single document (is that asking too much?) that specifies the intricacies involved with installing qmail and other patches? TIA, Manavendra Gupta. Get free email and a permanent address at http://www.netaddress.com/?N=1
Re: poor performance under tcpserver
From: [EMAIL PROTECTED] [EMAIL PROTECTED] compared to time taken by qmail-smtpd running under tcpserver may be i have done some bad config of tcpserver as i dont know much about tcpserver Add -R to tcpserver. Probably its taking that much time because it is trying to ident the remote host. http://binarios.com/miscnotes/ucspi-tcp.html#_tcpserver might come in handy to check all the parameters. Armando
Re: Attitude
Adam McKenna writes: On Sun, Jul 23, 2000 at 12:37:55AM -0500, David Dyer-Bennet wrote: Probably our responses are by now somewhat cryptic, encoded in local language that's completely clear to those of us who've been through the argument umpteen times before. And which is probably NOT clear to you; sorry about that! Yes, let me translate for David: "Shut Up and Go Away" No, that's unfair to David. He's not saying that. Instead, he's (collectively) apologizing for an attempt to short-circuit the topic. It's not a question of attitude, it's a question of "That's a basic design decision of qmail. You cannot easily change it. Therefore, if you find that an actual problem is created (as opposed to a perceived problem), you should switch to a different MTA." -- -russ nelson [EMAIL PROTECTED] http://russnelson.com Crynwr sells support for free software | PGPok | Tornadoes, earthquakes, 521 Pleasant Valley Rd. | +1 315 268 1925 voice | hurricanes and government: Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | uncontrollable forces
Re: Duplicate Msgs
Sumith Ail writes: Hi All... My Setup qmail+vpopmail. I'd like to eliminate duplicate msgs... so I installed eliminate-dup package and made the necessary .qmail file under /home/vpopmail/domains/test.com/sumith/ now instead of only the duplicate msgs getting deleted all the messages are getting deleted... Any IDEA whats going wrong What does the log file say about those deliveries? -- -russ nelson [EMAIL PROTECTED] http://russnelson.com Crynwr sells support for free software | PGPok | Tornadoes, earthquakes, 521 Pleasant Valley Rd. | +1 315 268 1925 voice | hurricanes and government: Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | uncontrollable forces
Re: Want to know your potential multiple recipient savings?
[EMAIL PROTECTED] writes: This results is indicative at best - here are some caveats: o DNS overhead is not counted In his measurements that indicated that qmail used less bandwidth in real-life situations than sendmail, Dan counted the DNS traffic due to sendmail. You'd have to. -- -russ nelson [EMAIL PROTECTED] http://russnelson.com Crynwr sells support for free software | PGPok | Tornadoes, earthquakes, 521 Pleasant Valley Rd. | +1 315 268 1925 voice | hurricanes and government: Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | uncontrollable forces
Re: orbs.org accuses qmail of mailbomb relaying!
David Dyer-Bennet writes: Russell Nelson [EMAIL PROTECTED] writes on 22 July 2000 at 09:15:45 -0400 Alan is the south end of a horse going north. Given the way he runs orbs.org and the accusations he makes of people, I'm amazed that anyone uses ORBS. Ugly all around. Yup. I'm just going by history here. MAPS has never abused their position, whereas ORBS is known to block non-spammers simply because they refuse to allow ORBS to scan them. -- -russ nelson [EMAIL PROTECTED] http://russnelson.com Crynwr sells support for free software | PGPok | Tornadoes, earthquakes, 521 Pleasant Valley Rd. | +1 315 268 1925 voice | hurricanes and government: Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | uncontrollable forces
Re: orbs.org accuses qmail of mailbomb relaying!
On Sun, Jul 23, 2000 at 08:22:41AM -0400, Russell Nelson wrote: David Dyer-Bennet writes: Russell Nelson [EMAIL PROTECTED] writes on 22 July 2000 at 09:15:45 -0400 Alan is the south end of a horse going north. Given the way he runs orbs.org and the accusations he makes of people, I'm amazed that anyone uses ORBS. Ugly all around. Yup. I'm just going by history here. MAPS has never abused their position, whereas ORBS is known to block non-spammers simply because they refuse to allow ORBS to scan them. Argh. Get that misconception *out your head*. People who disallow ORBS to scan them get listed as *untestable*, not as *open relays*. ORBS doesn't block. It provides listing which admins can use to block, or tag, or defer, or *whatever*. It leaves the choice of blocking only open relays or also untestable hosts to the *admin*. That djb's rblsmtpd implemented this incorrectly is not Alan's (Brown, the ORBS dude) fault. Hint: use outputs.orbs.org instead of relays.orbs.org if your RBL-checker is buggy. That way it will only block open relays and allow untested hosts through. Greetz, Peter. -- [EMAIL PROTECTED] - Peter van Dijk [student:developer:ircoper]
Re: Want to know your potential multiple recipient savings?
In his measurements that indicated that qmail used less bandwidth in real-life situations than sendmail, Dan counted the DNS traffic due to sendmail. And I have never seen numbers, only Dan's claims. It's hard to argue using them without being backed up by numbers. Regards, Frank
r all these possible with qmail
hello friends i am planning to config qmail server for a big production system , but am confused what to use (sendmail or qmail) , i am a newbie as far as qmail is concern , but was using sendmail for past some time i have installed and tested qmail , but still have some doubts , please help me 1 how can i load balance as well as run redundent qmail processes ( like qmaild,qmail-smtpd , others ) so that in case of some software/hardware failure will not cause any mail service outage 2 how can i tell my qmail to relay just for some range of ip networks 3 how can i tell my qmail to accept mails only from those domains who have valid DNS MX records 4 suppose my mail server is accepting mails for first.com ,second.com etc domains , so how can i masquarade mails relayed through my qmail-SMTP server ( that coming from SMTP clients like microsoft's outlook , netscape messanger etc clients) means if UID belongs to first.domain then it should be masquaraded as [EMAIL PROTECTED] if otheruser belongs to second domain then it should go as a [EMAIL PROTECTED] i think in SMTP it simply passes address that user had configured in his/her SMTP client , so how to masquarade that address with qmail, 5 users belonging to same domain can have mailboxes on seperate hosts i am using qmail-ldap patch in which there are atteributes like MailMessageStore Mailhost but its not working for say "user1" have id "[EMAIL PROTECTED]" with MailMessageStore : /home/user1/email/Maildir Mailhost : Host1 and "USER2" have ID "[EMAIL PROTECTED] " with MailMessageStore : /home/USER2/email/Maildir Mailhost : host2 both these are virtual users and does't have system account , they are there in LDAP , have ~/control/ldapuid ~/control/ldapgid having uid and gid of one system user that i have created just to specify here (in ldapuid,ldapgid control file) this user owns home directory of all the users who doent have system account and just have LDAP account but my problem is when i specify diff MailHost ? ( other then the host on which i have created that special system user) who should own homedir/maildir on that other Mailhost , is there any work around for this problem with warmest regards thanks a lot Prashant Desai
Re: r all these possible with qmail
see http://cr.yp.to/qmail/faq.html and Life with qmail at http://Web.InfoAve.Net/~dsill/lwq.html for answers to at least some of your questions.
Re: Want to know your potential multiple recipient savings?
On Sun, Jul 23, 2000 at 08:14:57AM -0400, Russell Nelson wrote: [EMAIL PROTECTED] writes: This results is indicative at best - here are some caveats: o DNS overhead is not counted In his measurements that indicated that qmail used less bandwidth in real-life situations than sendmail, Dan counted the DNS traffic due to sendmail. You'd have to. Of course. All I want this script to do is give people a hint as to whether they're wasting their time worrying about it or not. If the hint says "don't even bother thinking about it", good. If it says "hey man you *may* be able to save a lot of bandwidth" good. At least it's a starting point to work from. Since many claim (myself included) that most people will end up in the don't even bother thinking about it" camp, the caveats are intended to make the hint conservative so that no one can accuse it of favouring qmail. In other words, this script is doing everything it can to trend the numbers against qmail - I don't think that's going to significantly change the outcome that most people get. Regards.
Re: Attitude
Adam McKenna [EMAIL PROTECTED] writes on 23 July 2000 at 02:49:36 -0400 On Sun, Jul 23, 2000 at 12:37:55AM -0500, David Dyer-Bennet wrote: Probably our responses are by now somewhat cryptic, encoded in local language that's completely clear to those of us who've been through the argument umpteen times before. And which is probably NOT clear to you; sorry about that! Yes, let me translate for David: "Shut Up and Go Away" Thanks, but actually I didn't mean anything of the sort. -- Photos: http://dd-b.lighthunters.net/ Minicon: http://www.mnstf.org/minicon Bookworms: http://ouroboros.demesne.com/ SF: http://www.dd-b.net/dd-b David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED]
Re: Want to know your potential multiple recipient savings?
On Sat, Jul 22, 2000 at 12:45:57PM -0700, [EMAIL PROTECTED] wrote: o DNS overhead is not counted I'm still not clear why this isn't counted. I mean, it -is- part of the traffic, is it not? Is it your contention that there's no difference in the dns traffic between the two methods? John
Re: Want to know your potential multiple recipient savings?
On Sat, Jul 22, 2000 at 12:45:57PM -0700, [EMAIL PROTECTED] wrote: o Aggregation is by FQDN, not MX target Again, why? I thought the whole argument was to trade speed for "network good-neighbor"-ness. John
Re: Want to know your potential multiple recipient savings?
On Sun, Jul 23, 2000 at 10:06:57AM -0700, John White wrote: On Sat, Jul 22, 2000 at 12:45:57PM -0700, [EMAIL PROTECTED] wrote: o DNS overhead is not counted I'm still not clear why this isn't counted. I mean, it -is- part of the traffic, is it not? Is it your contention that there's no difference in the dns traffic between the two methods? Laziness. A perl script that's scanning qmail logs has no easy access to this information. Regards.
Re: Want to know your potential multiple recipient savings?
On Sun, Jul 23, 2000 at 10:08:16AM -0700, John White wrote: On Sat, Jul 22, 2000 at 12:45:57PM -0700, [EMAIL PROTECTED] wrote: o Aggregation is by FQDN, not MX target Again, why? I thought the whole argument was to trade speed for "network good-neighbor"-ness. Again, laziness. The perl script doesn't do any DNS lookups - it just reads a log file and gives a (hopefully) moderately useful hint. Sure it's not perfect, but it's got to be better starting point than all that speculation... Regards.
Solaris / DoS / Broken bare LF mailers / thousands of qmail-smtpdqmail-queue procs
Hi All, Going through the archives to research a problem I've "seen with my own eyes", I'd appreciate any feedback, war stories, comments from readers of this list: I'm working with a company that sometimes sees it's qmail servers take a huge hit, with very many qmail-smtpd and qmail-queue processes suddenly appearing. This appears superficially to be a DoS attack, and I understand that high numbers of SMTP connections originate from the same source IP. Qmail is setup under Solaris 2.7. Reading through the archives, there appear to be various possibilities: - 1. It really is a malicious DoS attack. - 2. Solaris is broken (esp. posts on this list from TAG on 7th June and 8th June) - 3. The sending IP is using a broken mailer that's generating bare LFs, and this mailer regards the resulting temporary error code generated by qmail as 'Please try again straightaway'. I'd be particularly interested to know if anyone has come across the 3rd possibility... Note that the systems concerned don't currently use the fixcrio filter - but I don't necessarily want to use this for fear of breaking perfectly good E-mails at the same time. I'd appreciate your comments on this. cheers, Andrew.
qmailanalog compatible with multilog?
Is qmailanalog compatible with multilog when qmail is run under tcpserver? Thanks, John -- John ConoverTel. 408.370.2688 [EMAIL PROTECTED] 631 Lamont Ct. Cel. 408.772.7733 Campbell, CA 95008 Fax. 408.379.9602 http://www.johncon.com
Re: qmailanalog compatible with multilog?
On 23-Jul-2000, John Conover wrote: Is qmailanalog compatible with multilog when qmail is run under tcpserver? I'm using qmailanalog 0.70 and I need to pipe the logs to tai64nfrac first before feeding them to matchup. You can find tai64nfrac from http://qmail.org/top.html Ronny
Re: qmailanalog compatible with multilog?
On Sun, Jul 23, 2000 at 07:20:31PM -, John Conover wrote: Is qmailanalog compatible with multilog when qmail is run under tcpserver? Yes and no. Multilog produces tai64n timestamps, while qmailanalog only understands the older tai timestamps. A couple of conversion programs exist. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Solaris / DoS / Broken bare LF mailers / thousands of qmail-smtpdqmail-queue procs
- 3. The sending IP is using a broken mailer that's generating bare LFs, and this mailer regards the resulting temporary error code generated by qmail as 'Please try again straightaway'. I'd be particularly interested to know if anyone has come across the 3rd possibility... Yup, I see it happen on occasion. I usually sniff the message off the wire to see if its anything I care about then toss a deny rule into my tcprules for that ip to stop the hammering. Sending the remote party a message is nice too though I rarely get any cluefull responses. -- Jamie Heilman http://wcug.wwu.edu/~jamie/ "We must be born with an intuition of mortality. Before we know the words for it, before we know there are words, out we come bloodied and squalling with the knowledge that for all the compasses in the world, there's only direction, and time is its only measure." -Rosencrantz
Qmail 1.03
I'm going to try and ask this the best I can. I already have Qmail with TCP running, and has been doing so for almost three years. I'm getting ready to change domain names. The questoin is I want to add the new domain righ now so that users will be able to collect mail sent to either domain to make the transiction easier. Do I just add the new domain in the same locations as the old domain under the /var/qmail/control files? to allow mail to [EMAIL PROTECTED] and mail to [EMAIL PROTECTED] to show up in the same mailbox?. This would allow me to setup the users much easier than just droping one and dealing with all the support calls that will be generated. Thanks Bob Ross
Re: orbs.org accuses qmail of mailbomb relaying!
In the immortal words of Eric Cox ([EMAIL PROTECTED]): I can't comment on this latest battle of wills between MAPS and ORBS, because I know nothing of BGP routing. But in the last one, when ORBS listed in the RBL, ORBS was totally in the right. I saw grown men, (admins!) trying to defend the position that by ORBS sending up to 16 messages through their servers a few times a _year_, ORBS was abusing the email system. Mind you, these were servers that relayed 200K to a million messages a day - the ORBS tests amounted to a tiny fraction a of fraction of the spam it would have prevented. Were those messages: - sent in bulk? Yes. - unsolicited by the owner of the server? Almost always. - impossible to opt out of except by blocking the sender's networks? Completely. This is an area where reasonable people may disagree. If you believe spam is defined by content, then no, the ORBS probes are not spam. If, however, you believe that spam is defined by all or some subset of the above criteria, then they are. If you own your own network, you craft your filters accordingly. And please, please, please let's stop calling this a MAPS-vs-ORBS issue. This is ORBS vs. AboveNet, and Alan is trying desperatly to bring MAPS into it for reasons which should be transparently obvious. MAPS is not AboveNet, any more than DJB is the University of Illinois. -n -[EMAIL PROTECTED] "Many argue that it is an outrage to expect Elián González to live in a place that tolerates no dissent or freedom of political expression. But I don't think Miami is so bad." (--Maureen Dowd) http://www.blank.org/memory/-
Re: orbs.org accuses qmail of mailbomb relaying!
Russ Allbery wrote: Eric Cox [EMAIL PROTECTED] writes: But in the last one, when ORBS listed in the RBL, ORBS was totally in the right. I saw grown men, (admins!) trying to defend the position that by ORBS sending up to 16 messages through their servers a few times a _year_, ORBS was abusing the email system. You're aware that some machines *which didn't relay* were being tested by ORBS as frequently as once a *day*, aren't you? Or are you just going by Alan Brown's account of what he does, which tends to be a little... sanitized? Once a day? Doesn't the test take almost a week? It did in my case. And no, I don't believe anything unless I test it myself. During the last bruhaha, I reported my own mailer as an open relay, so I could have it tested. After it was tested, I reported it again, to which ORBS responded that it had been tested recently, and could not be tested again for 30/60/90 days (I don't remember which). During the original test, I recieved 2 of the 16 or so test messages in my admin box. Considering the ORBS list blocks between 10 and 30 spams a day, even at my puny corporate site, I don't mind one bit. (RBL blocks somewhere between 0 and 5 per day) And, here are the results of my latest test, on the 7th of this month: -- Database Check - 63.78.39.192 63.78.39.192 is not in the main automated open relay database -- and, if I try to get it checked again: -- -- 63.78.39.192 has previously been tested by ORBS and doesn't seem to permit relay. -- It seems to me that if ORBS is testing every day, there's some kind of problem. Why not try to work with them to get the problem fixed, instead of declaring "nuke the site from orbit" immediately? You're also aware that ORBS continues to spam the postmasters of machines which have never relayed in their entire existence? Wasn't aware of that. You're also aware that ORBS provides a service to spammers, providing a downloadable database of open relays and essentially inviting spammers to please use them? All of which are blocked by ORBS. RBL provides a similar list of spam-friendly domains, all of which are blocked by RBL. What's your point? That, all by itself, is entirely and completely within the domain of spam support services and should get them put directly on the RBL. I think it's actually rather inconsistent of the RBL that they're *not* on it for doing that, although I can understand the political reasons for not doing so given that Alan Brown seems to have an endless capacity for duping people like yourself who aren't looking at what's actually going on and are buying his stories hook, line, and sinker. Hardly. You've got it completely backwards. I'm looking at my own spam numbers (that's what going on), and seeing that ORBS is helping much more than MAPS. Whatever happened to helping other people make their services better, rather than declaring all-out war on them and trying to destroy them? We're misplacing all of the anger that we have for spammers onto ORBS simply because a few test messages find their way in just like spam, and declaring war without even thinking it through. Eric
Re: orbs.org accuses qmail of mailbomb relaying!
On Sun, Jul 23, 2000 at 04:21:53PM -0700, Eric Cox wrote: There is a very good explanation for that. It's because a large ISPs that block the ORBS tester become a ready-made repository of open relays for spammers to use. That is assuming they don't also vigilantly patrol their own netspace for spammers. Some would argue that MAPS abused their position when they listed ORBS - they do have a competing service, do they not? By using the word "competing", you're implying that admins have a choice of running one or the other, but not both. This isn't the case. Admins can run any combination of RSS, RBL, ORBS and DUL (not to mention several other similar services). --Adam
Re: orbs.org accuses qmail of mailbomb relaying!
On Sun, Jul 23, 2000 at 04:10:42PM -0700, Eric Cox wrote: Whatever happened to helping other people make their services better, rather than declaring all-out war on them and trying to destroy them? We're misplacing all of the anger that we have for spammers onto ORBS simply because a few test messages find their way in just like spam, and declaring war without even thinking it through. That's uncalled for. ORBS has stepped way over the line on numerous occasions. Instead of "helping other people make their services better," they apply a sledgehammer. If anyone started this war, it's ORBS. As for the supposed benefits of ORBS and RBL and whatever else, I find a good mailfilter or procmail script to be the most effective. But this is all way off topic for this list. -- David Benfell [EMAIL PROTECTED] ICQ 59438240 [e-mail first for access] --- There are no physicists in the hottest parts of hell, because the existence of a "hottest part" implies a temperature difference, and any marginally competent physicist would immediately use this to run a heat engine and make some other part of hell comfortably cool. This is obviously impossible. -- Richard Davisson [from fortune]
Re: orbs.org accuses qmail of mailbomb relaying!
Adam McKenna [EMAIL PROTECTED] writes on 23 July 2000 at 19:53:13 -0400 On Sun, Jul 23, 2000 at 04:21:53PM -0700, Eric Cox wrote: There is a very good explanation for that. It's because a large ISPs that block the ORBS tester become a ready-made repository of open relays for spammers to use. That is assuming they don't also vigilantly patrol their own netspace for spammers. Some would argue that MAPS abused their position when they listed ORBS - they do have a competing service, do they not? By using the word "competing", you're implying that admins have a choice of running one or the other, but not both. This isn't the case. Admins can run any combination of RSS, RBL, ORBS and DUL (not to mention several other similar services). That's not at all the way the word is usually used. Coke and Pepsi are competing products, even though I can buy and drink both. Ford and Chrysler are in competition even though people can buy multiple cars. And so forth. -- Photos: http://dd-b.lighthunters.net/ Minicon: http://www.mnstf.org/minicon Bookworms: http://ouroboros.demesne.com/ SF: http://www.dd-b.net/dd-b David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED]
Re: orbs.org accuses qmail of mailbomb relaying!
On Sun, Jul 23, 2000 at 07:36:55PM -0500, David Dyer-Bennet wrote: By using the word "competing", you're implying that admins have a choice of running one or the other, but not both. This isn't the case. Admins can run any combination of RSS, RBL, ORBS and DUL (not to mention several other similar services). That's not at all the way the word is usually used. Coke and Pepsi are competing products, even though I can buy and drink both. Ford and Chrysler are in competition even though people can buy multiple cars. And so forth. I don't think that context is appropriate in this case. What MAPS is doing isn't preventing anyone from running ORBS. --Adam
Re: qmail: cannot mail to root
On Sun, Jul 23, 2000 at 12:39:44AM +0200, [EMAIL PROTECTED] wrote: Oookay... I've read those... But i still don't quite get it. Am I now supposed to put into the .qmail-root my own account's email-address or the email for the root's account? (the latter seems pretty dull) Just yours. For instance, in my ~alias/.qmail-root, I have "john" (no quotes), which means forward to john on local host. Basically, it works like this. Someone writes a message to [EMAIL PROTECTED] qmail checks the /etc/password (or user assign) file for the user. Finds the user root and retrieves the home directory location. Checks the permission for the home directory (/root). It won't deliver to any directory with owner root. Forwards the mail to user alias. qmail-local checks for .qmail-root. Finds it. Checks delivery instructions in .qmail-root. Follows the instructions. There is a nice picture for it in qmail/doc/PIC.local2alias -- John__ email: [EMAIL PROTECTED] Quis custodiet ipsos custodes icq: thales @ 17755648
Re: orbs.org accuses qmail of mailbomb relaying!
Adam McKenna [EMAIL PROTECTED] writes on 23 July 2000 at 21:43:27 -0400 On Sun, Jul 23, 2000 at 07:36:55PM -0500, David Dyer-Bennet wrote: By using the word "competing", you're implying that admins have a choice of running one or the other, but not both. This isn't the case. Admins can run any combination of RSS, RBL, ORBS and DUL (not to mention several other similar services). That's not at all the way the word is usually used. Coke and Pepsi are competing products, even though I can buy and drink both. Ford and Chrysler are in competition even though people can buy multiple cars. And so forth. I don't think that context is appropriate in this case. What MAPS is doing isn't preventing anyone from running ORBS. I agree, and neither are most other pairs of "competing" products. I feel that "competing" is a perfectly reasonable description. -- Photos: http://dd-b.lighthunters.net/ Minicon: http://www.mnstf.org/minicon Bookworms: http://ouroboros.demesne.com/ SF: http://www.dd-b.net/dd-b David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED]
Re: orbs.org accuses qmail of mailbomb relaying!
Peter van Dijk writes: On Sun, Jul 23, 2000 at 08:22:41AM -0400, Russell Nelson wrote: Yup. I'm just going by history here. MAPS has never abused their position, whereas ORBS is known to block non-spammers simply because they refuse to allow ORBS to scan them. Argh. Get that misconception *out your head*. People who disallow ORBS to scan them get listed as *untestable*, not as *open relays*. ORBS doesn't block. Are these records in relays.orbs.org? How can you say that ORBS doesn't block them, then? Oh, I see, ORBS made up their own semantics for the DNS zone entries. Semantics which nobody else uses. Hint: use outputs.orbs.org instead of relays.orbs.org if your RBL-checker is buggy. That way it will only block open relays and allow untested hosts through. That's very nice, but what about the people blocking using relays.orbs.org? Who told them that they would find DNS entries belonging to hosts which had never spammed? This is other than what people were led to expect. It's Yet Another reason why ORBS is not to be trusted. -- -russ nelson [EMAIL PROTECTED] http://russnelson.com Crynwr sells support for free software | PGPok | Tornadoes, earthquakes, 521 Pleasant Valley Rd. | +1 315 268 1925 voice | hurricanes and government: Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | uncontrollable forces
Re: orbs.org accuses qmail of mailbomb relaying!
Eric Cox [EMAIL PROTECTED] writes: Russ Allbery wrote: You're aware that some machines *which didn't relay* were being tested by ORBS as frequently as once a *day*, aren't you? Or are you just going by Alan Brown's account of what he does, which tends to be a little... sanitized? Once a day? Doesn't the test take almost a week? It did in my case. It takes however long Alan decides to make it take. The rules change arbitrarily depending on who the target is and what mood he's in, and they're not reflected on the web pages. And no, I don't believe anything unless I test it myself. During the last bruhaha, I reported my own mailer as an open relay, so I could have it tested. After it was tested, I reported it again, to which ORBS responded that it had been tested recently, and could not be tested again for 30/60/90 days (I don't remember which). You haven't annoyed Alan. It seems to me that if ORBS is testing every day, there's some kind of problem. Why not try to work with them to get the problem fixed, instead of declaring "nuke the site from orbit" immediately? Because of the sheer number of these sorts of "problems" that have occurred, generally denied to have ever existed. It's all anecdotal, I realize. But I don't hear these things about RSS or about the RBL. You're also aware that ORBS continues to spam the postmasters of machines which have never relayed in their entire existence? Wasn't aware of that. I get spam from them on a regular basis. Sure, it's a lot less in volume than the spam I get from other sources... at least right now. But I've made them aware that it's unwanted, those machines have *never* relayed, and it continues. It's unsolicited, and it's sent in bulk. It's spam. And it does nothing to stop spam. You're also aware that ORBS provides a service to spammers, providing a downloadable database of open relays and essentially inviting spammers to please use them? All of which are blocked by ORBS. Ah, I see, so extortion is a good way to fight spam? RBL provides a similar list of spam-friendly domains, all of which are blocked by RBL. You cannot do more than check a single IP address and get a yes or no response without having a signed agreement with the RBL team. At the moment, I don't believe they even allow you to download their whole list at all since they're reworking the agreement. ORBS, in stark contrast, makes the entire list available as a convenient download on their web site, suitable for being fed into spamming software. Seems to me that part of the goal here is to force people into using ORBS by increasing the spam of everyone who doesn't, or at least it sure gives that impression. Hardly. You've got it completely backwards. I'm looking at my own spam numbers (that's what going on), and seeing that ORBS is helping much more than MAPS. MAPS is a bunch of separate black-lists. ORBS is not comparable to the RBL; their goals are completely different. The purpose of ORBS is to filter spam. The purpose of the RBL is not to filter spam. The purpose of the RBL is to be a sufficiently large stick that it will scare people away from spamming in the first place, and it's quite effective at being that. ORBS is more directly comparable to the RSS. RSS requires evidence that a relay is actually being spammed through before it lists them, and RSS doesn't scan people's networks. ORBS doesn't care if the relay has ever been abused, and ORBS actively scans. Because of that, ORBS is more effective at blocking spam. ORBS is also more effective at blocking things that aren't spam. The false positive rate and the politics I have to accept by using ORBS are too much to ask, as far as I'm concerned. Whatever happened to helping other people make their services better, rather than declaring all-out war on them and trying to destroy them? Why don't you ask Alan that? Maybe he should stop picking fights. We're misplacing all of the anger that we have for spammers onto ORBS simply because a few test messages find their way in just like spam, and declaring war without even thinking it through. No, sir, I think you should speak for yourself. I'm not misplacing any anger. I'm angry at ORBS because they're abusing the Internet in precisely the same way that spammers do, supposedly for a good cause (which spammers also claim) and in the process they're making fighting spam *harder* because people who want to put a stop to abuse of their resources are confused with fanatics like Alan Brown. I've tried very hard to give ORBS the benefit of the doubt, but particularly with this latest all-out attack against AboveNet I'm seeing a lot more in common between ORBS and the spammers than between ORBS and the legitimate users of the Internet. -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/
Re: orbs.org accuses qmail of mailbomb relaying!
Eric Cox [EMAIL PROTECTED] writes: Some would argue that MAPS abused their position when they listed ORBS - they do have a competing service, do they not? And ORBS is both spamming and operating a spam support service under the definition of that service. Suppose you run a security consulting service and as part of that service you publish vulnerabilities in commonly used products, as well as provide a network scanner. Now suppose you find a security vulnerability in someone else's network scanner. Do you publish that vulnerability? -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/
RE: orbs.org accuses qmail of mailbomb relaying!
Thanks for all the interest in my original posting to this list. My question was:- "Is it possible to stop qmail from generating multiple bounce messages when mail with a forged sender address is received for multiple bad (non-local) mailboxes?" I guess the simple answer is, NO. (Is this correct?) PS I don't want to get involved in the ORBS debate [although it is most probably a bit late ;-)], but one of the original orbs probe messages in my mail logs had the following line:- Received: from unknown (HELO relaytest.orbs.vuurwerk.nl) (unknown) Does this mean that vuurwerk.nl is part of orbs and postings from people at vuurwerk.nl shouldn't be viewed as the comments of an innocent mail administrator?!! PPS qmail rules.
