RE: Anti Virus
True, and I shouldn't have recommended Norton Enterprise without the use of some other filtering software to hold back the yucky vbs, sh, ... files, but even then our organisation (and how many others?) deals with corporations from all over the world who do various bits of work for us - art, programming, web site design...I guess corporate policy and training is the best solution but a combo of good anti-virus software and good filtering software (perhaps something to alert sysadmin with it the script attached so it can be verified and either permanently banned or passed through?) would do most people fairly well... Brett. Manager InterPlanetary Solutions http://ipsware.com/ -Original Message- From: Noel Mistula [mailto:[EMAIL PROTECTED]] Sent: Friday, August 04, 2000 4:02 PM To: Brett Randall; qmail Subject: Re: Anti Virus But then again, scripts kiddies are "Always" one step ahead compared to the dat files of your beautiful Norton Enterprise Antivirus. cheers Noel -Original Message- From: Brett Randall [EMAIL PROTECTED] To: qmail [EMAIL PROTECTED] Date: Friday, 4 August 2000 15:51 Subject: RE: Anti Virus Sorry, forgot to add that we use Norton Antivirus as a 'plug-in' for the Lotus Notes e-mail server on our internet-viewable SMTP machine. This of course adds the possibility of much more functionality, which we use as if it was sand on the beach in summer, but that's up to your organisation's needs : Brett Manager InterPlanetary Solutions http://ipsware.com/ -Original Message- From: Brett Randall [mailto:[EMAIL PROTECTED]] Sent: Friday, August 04, 2000 3:44 PM To: qmail Subject: RE: Anti Virus On another note... Our organisation has an NT (sorry : ) box which acts as the primary MX server for our domain. All mail goes to it and gets scanned via the (brilliant, automatic, no-maintenance) Norton Antivirus Enterprise software (worth a little money but what is your company's data worth to you?). It then just relays it on to the internal mail machine (via an MX lookup in the internal DNS for the same domain as the e-mail was sent to). We route several domains through the one server, and it works like a dream! Brett. Manager InterPlanetary Solutions http://ipsware.com/
Re: Anti Virus
* Brett Randall [EMAIL PROTECTED] writes: From: Noel Mistula [mailto:[EMAIL PROTECTED]] From: Brett Randall [EMAIL PROTECTED] From: Brett Randall [mailto:[EMAIL PROTECTED]] Dear Brett and Randall, your way of quoting *may* be convenient for you. It is, however, annoying for probably everyone else (particularly people not reading your "threads" in a row. It also adds a *massive* amount of unnecessary overhead. May I suggest your grabbing a copy - really, just about any - of the netiquette and fixing your mail toys? Our organisation has an NT (sorry : ) box which acts as the primary MX server for our domain. All mail goes to it and gets scanned via the (brilliant, automatic, no-maintenance) Norton Antivirus Enterprise software So you are basically advocating running a piece of exremely expensive software with a mixed track record of functionality, running on an unstable, expensive and insecure operating system for production services? (worth a little money but what is your company's data worth to you?). My company is worth enough to me not to trust closed-source, proprietary software from a foreign country. Particularly since I've seen NT send encrypted emails to a firewall in the MS network after installation. Thank you very much. It then just relays it on to the internal mail machine (via an MX lookup in the internal DNS for the same domain as the e-mail was sent to). We route several domains through the one server, and it works like a dream! Can you - in simple terms so a mere user like me can understand - explain to me what the advantage of this setup is over, say, RedHat Linux with Trend Micro's VirusWall (if you think you absolutely must rely on software you bought instead of the vast array of free software offering the same functionality but having the advantage of being open sourced)? But then again, scripts kiddies are "Always" one step ahead compared to the dat files of your beautiful Norton Enterprise Antivirus. Sorry, forgot to add that we use Norton Antivirus as a 'plug-in' for the Lotus Notes e-mail server on our internet-viewable SMTP machine. So, you're not only running an unstable OS but also an extremely flaky, bug-ridden MTA, and you actually have this setup connected to the internet. May I ask what your company is worth *to you*? This of course adds the possibility of much more functionality, which we use as if it was sand on the beach in summer, but that's up to your organisation's needs : It's more up to one's TCO calculations, isn't it? So, you're not only running an unstable OS but also an extremely flaky, bug-ridden MTA, have this setup connected to the internet, but also throw in more money to buy unneeded functionality that is likely to introduce more bugs. Can you explain your rationale, please? True, and I shouldn't have recommended Norton Enterprise without the use of some other filtering software to hold back the yucky vbs, sh, ... files, Wow, we're finally back on topic... *sigh* I'd like to thank Noel G. Mistula again for his little script. Works. What was the advantage of running an expensive peace of feature-ridden software from a dubious source again? but even then our organisation (and how many others?) deals with corporations from all over the world who do various bits of work for us - art, programming, web site design... You seem not to have grasped the concept of "service" yet. It goes like this: "you want my money? Here's a list of files we don't accept for security reasons. Basically everything that says Microsoft is, like, no-no. Got it? No? Here's our public security policy describing the conversion of your files to safe formats. Use it or learn to fear me." I guess corporate policy and training is the best solution It can be. If you add a little spice. Like "in violating our securiy policy, you're jeopardizing your colleagues' work and the reputation of the entire company and therefore make yourself subject to immediate sacking". I've seen this policy at work (first in an Ohio non-profit organization of all places) and it, well, works. /Telling/ people that everything Windows is Hiroshima waiting to happen to their company is not enough - you need to create a personal interest in these matters. It took a blatant display of arrogance and a lot of security "hype" but that's how I prevented NT/MS-Exchange to happen on our mailserver. I'm now running OpenBSD http://www.openbsd.org/ and qmail - everyone's *extremely* pleased with the result. qmail and DJB's other software as well as the software submitted by various people are simply excellent. I'd like to take the opportunity to express my heartfelt gratefulness for providing a stable, secure and [...] mail environment. but a combo of good anti-virus software and good filtering software I've said it once and I'll say it again: anti-virus software is snake oil. Under certain circumstances, it will buy you exactly nothing. Had I sent you ILOVEYOU the moment I got
Re: Anti Virus
On Fri, Aug 04, 2000 at 10:17:41AM +0200, Robin S. Socha wrote: your way of quoting *may* be convenient for you. It is, however, annoying for probably everyone else (particularly people not reading your "threads" in a row. It also adds a *massive* amount of unnecessary overhead. May I suggest your grabbing a copy - really, just about any - of the netiquette and fixing your mail toys? For christ sake, leave the guy alone. IMHO your incessant personal attacks are way more annoying than his quoting style. --Adam
Mail archive
Hi there, I need a way of archiving a copy of all mail that is delivered by qmail - something I used to do with postfix using 'always bcc' Whats the best way of doing this? BTW, I'm using 1.03 vpopmail 4.8.7. Cheers Iain Smith
Re: Mail archive
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 4 Aug 00, at 9:33, Iain Smith wrote: I need a way of archiving a copy of all mail that is delivered by qmail - something I used to do with postfix using 'always bcc' Whats the best way of doing this? FAQ #8.2 (less /var/qmail/doc/FAQ) -BEGIN PGP SIGNATURE- Version: PGP 6.0.2 -- QDPGP 2.60 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBOYp5KVMwP8g7qbw/EQLWHwCgjj3g5TAyZ66upaS4i44skQNpi7MAn0PN GLbNY2EpbhcypDnVSpm1SRZK =b/za -END PGP SIGNATURE- -- Petr Novotny, ANTEK CS [EMAIL PROTECTED] http://www.antek.cz PGP key ID: 0x3BA9BC3F -- Don't you know there ain't no devil there's just God when he's drunk. [Tom Waits]
How I can turn off delivery for user ?
Hello How I can turn off delivery for user ? I use procmail, and if "| preline procmail" line is exist in the .qmail file, I get two identical letters. First letter from qmail delivery Second letter from procmail delivery I need use only procmail delivery. Thanks.
qmail Digest 4 Aug 2000 10:00:00 -0000 Issue 1083
qmail Digest 4 Aug 2000 10:00:00 - Issue 1083 Topics (messages 46072 through 46127): Creation of /Maildir/user/ instead of ~/Maildir 46072 by: Thomas Fahle 46076 by: Brett Randall Re: trouble injecting bounce message 46073 by: Joel Gautschi Re: Mailing list performance 46074 by: P.Y. Adi Prasaja 46077 by: Dave Sill 46078 by: Dave Sill 46113 by: P.Y. Adi Prasaja Anti Virus 46075 by: Slider 46079 by: Robin S. Socha 46080 by: Slider 46088 by: Alexander Pennace 46089 by: Robin S. Socha 46090 by: Robin S. Socha 46100 by: Noel Mistula 46101 by: Jason Haar 46102 by: Noel Mistula 46115 by: Eric Cox 46119 by: Brett Randall 46120 by: Brett Randall 46121 by: Noel Mistula 46122 by: Brett Randall 46123 by: Robin S. Socha 46124 by: Adam McKenna qmail - cyrus 46081 by: Wolfgang Wagner 46082 by: Greg Owen Re: qmail+mrtg+multilog mods 46083 by: Cedric Fontaine 46085 by: Magnus Bodin 46096 by: Peter Green Re: source rpm 46084 by: Charles Cazabon backup of server is timing out 46086 by: Albert Hopkins 46087 by: Albert Hopkins Re: updated load balancing qmail-qmqpc.c mods 46091 by: Frank D. Cringle Problems with qmail startup on OpenBSD 2.7/Intel 46092 by: Charles Roten 46093 by: Greg Owen Re: maildirmake 46094 by: Eddie Greer Now redhat's mailling lists have been removed to mailman and postfix 46095 by: Irwan Hadi 46099 by: Robin S. Socha 46112 by: Irwan Hadi Configuring a "Store-and-Forward" backup qmail server 46097 by: Charles Roten 46098 by: James Raftery 46103 by: James R Grinter 46104 by: James R Grinter 46105 by: David Dyer-Bennet sslwrap problems 46106 by: Adam McKenna 46107 by: Ian Lance Taylor 46108 by: Adam McKenna Maildir archiving 46109 by: Michael T. Babcock 46110 by: Ben Beuchler 46111 by: Ben Beuchler Re: duplicating sendmail's virtusertable 46114 by: Sam Carleton 46116 by: David Dyer-Bennet using fetchmail on qmail machine 46117 by: Vincent Danen 46118 by: Peter Green Mail archive 46125 by: Iain Smith 46126 by: Petr Novotny How I can turn off delivery for user ? 46127 by: Kornyakov Yevgeny Administrivia: To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To subscribe to the digest, e-mail: [EMAIL PROTECTED] To bug my human owner, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] -- Hello all, I've come to a point where I'm stuck, and need some help. I have a separate partion called /Maildir on my LinuxBox. I want qmail to make the maildirs for each user below /Maildir eg. /Maildir/joedoe/Maildir instead of /home/joedoe/Maildir tia Thomas Ummm...why? Do the users store other information in their home folders? Why not just put all the home folders in the seperate partition? But, forsaking that, just make the .qmail file in each user's home directory point to /Maildir/user (or did you really want /Maildir/user/Maildir? If so, I ask the same question as above?). Will need a slight modification of the adduser script (I totally rewrite mine for each new situation) so that it writes the .qmail file relevantly instead of the generic one found in /etc/skel. BTW If you put all the home folders in the seperate partition (advised for simplicity), remember to change the folder names in /etc/passwd (obviously...) A simple perl script could do this pretty easily. eg: #!/usr/bin/perl -w while () { s!/home/(\W+)\:!/Maildir/\1\:!g; print; } Then a 'cat /etc/passwd | script /etc/passwd~' Check passwd~ and make sure it looks ok, then overwrite the old one. Easier is just to literally move the /home folder to the new partition and mount it as /home though. Manager InterPlanetary Solutions http://ipsware.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Thomas Fahle Sent: Thursday, August 03, 2000 8:14 PM To: [EMAIL PROTECTED] Subject: Creation of /Maildir/user/ instead of ~/Maildir Hello all, I've come to a point where I'm stuck, and need some help. I have a separate partion called /Maildir on my LinuxBox. I want qmail to make the maildirs for each user below /Maildir eg. /Maildir/joedoe/Maildir instead of /home/joedoe/Maildir tia Thomas thanks for your help. I've just found out another way to fix this problem. I used the queue-fix (http://www.netmeridian.com/e-huss/queue-fix.tar.gz) program by Eric Huss. It repairs or generates a qmail queue structure. You can use this to help move your queue location, or if
Re: using fetchmail on qmail machine
On Fri, Aug 04, 2000 at 12:34:27AM -0400, Peter Green wrote: ! I don't know if it's the ``normal'' behavior, but I have localhost in my ! control/locals with the identical setup to you. $ grep localhost /var/qmail/control/locals localhost Yep, it's there. From a casual perusal of config.sh in the qmail package it can be seen that it calls a program to get the IP addresses of all interfaces, then puts their PTR lookups into control/locals. Unless you lack a loopback interface :-) I believe that localhost should be in control/locals, at least by default. ---Chris K. -- Chris, the Young One |_ If you can't afford a backup system, you can't Auckland, New Zealand |_ afford to have important data on your computer. http://cloud9.hedgee.com/ |_ ---Tracy R. Reed PGP: 0xCCC6114E/0x706A6AAD |_
Newbie help: qmail as a relay gateway
First of: I'm a newbie both to sendmail qmail. (Read: don't flame me for my stupidity) The only thing I really achieved was compiling the packages (both sendmail qmail seem to "work" fine in a sense that all the test complete successful) If you can point me to the correct URLS or Steps I have to do, I'd be more than grateful, for I have been assigned this project without really knowing anything. We currently have this setup: internal MS Exchange Server I firewall (Linux-box with sendmail) I access router I Internet So our sendmail (apparently) does: relay all email to @bsbanksysteme.com/de/at/ch or @bs-ag.com/de/at to our Exchange Server and that server relays all outgoing mail to the firewall which sends it. Since I don't know how that configuration is called (authorized-relay? I realy don't know) I don't know which questions of the faq realy apply to me. Please help me out of my misery because I sincerely do hate sendmail. Ciao Leo
Re: Anti Virus
At 4:20 AM -0400 8/4/00, Adam McKenna wrote: On Fri, Aug 04, 2000 at 10:17:41AM +0200, Robin S. Socha wrote: your way of quoting *may* be convenient for you. It is, however, annoying for probably everyone else (particularly people not reading your "threads" in a row. It also adds a *massive* amount of unnecessary overhead. May I suggest your grabbing a copy - really, just about any - of the netiquette and fixing your mail toys? For christ sake, leave the guy alone. IMHO your incessant personal attacks are way more annoying than his quoting style. Does anyone else see what he's complaining about? I've read this thread using MacOS Eudora, and just looked at one of the messages with mutt, and I see nothing out of the ordinary. (Reminds me of the time some idiot flamed me on Usenet for using "}" instead of "" as the quoting character.) --Adam -- -- Paul J. Schinder NASA Goddard Space Flight Center Code 693 [EMAIL PROTECTED]
RE: Newbie help: qmail as a relay gateway
Yes, thank you, I have been looking thru that but since I don't know what my config is called, I don't know what to look at. I'm totally at loss, because I have never before configured a mail server. Just a short: do FAQ X.Y then install Package/Software Z then do FAQ A.B check everything is working enjoy That's what I have been hoping for. Thank you for your time Ciao Leo -Original Message- From: Robin S. Socha [SMTP:[EMAIL PROTECTED]] Sent: Friday, August 04, 2000 1:26 PM To: Leonard Tulipan Subject: Re: Newbie help: qmail as a relay gateway * Leonard Tulipan [EMAIL PROTECTED] writes: If you can point me to the correct URLS or Steps I have to do, I'd be more than grateful, for I have been assigned this project without really knowing anything. Have you checked /var/qmail/doc ? Read the FAQ and check the PICs. And: you cannot have both qmail and sendmail run at the same time. -- Robin S. Socha http://socha.net/
Re: Mailing list performance
"P.Y. Adi Prasaja" [EMAIL PROTECTED] wrote: On Thu, Aug 03, 2000 at 08:14:32AM -0400, Dave Sill wrote: He apparently confused incoming concurrency with outgoing concurrency. Luckily, Postfix defaults to 50, so the results are still valid. Then you wrong either :-) No, I'm not wrong. If you're going to "correct" someone, please check your facts first. From http://postfix.cloud9.net/rate.html: The default_process_limit parameter (default: 50) gives direct control over inbound and outbound delivery rates. This parameter controls the number of concurrent processes that implement a Postfix service (smtp client, smtp server, local delivery, etc.) It says 50, not 10. Default _maximum_ concurrency is 10, Perhaps you're thinking of default_destination_concurrency_limit? That's the *per destination* limit, not the overall concurrency limit. Even though the author increase the number at master.cf, say 1000 (as I said that it has nothing todo with concurrency, neither incoming nor outgoing, beside the fact that there are no _incoming/outgoing_ concurrency in postfix, the number is for differrent purpose). then the concurrency still be limited to 10 and will started at 5, etc... etc... Either you're wrong or the documentation on the web is wrong. I don't care enough to determine which is the case. Here is what the web docs say: From http://postfix.cloud9.net/rate.html: You can override [default_process_limit] for specific Postfix daemons by editing the master.cf file. For example, if you do not wish to receive 50 SMTP messages at the same time, you could specify: # == # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (50) # == . . . smtp inet n - - - 5 smtpd . . . -Dave
RE: Newbie help: qmail as a relay gateway
Install qmail as described in INSTALL. For each domain you want to receive mail for: 1) Put that domain name in /var/qmail/control/rctphosts 2) Put domain.com:[w.x.y.z] in /var/qmail/control/smtproutes, where w.x.y.z is the IP address of your internal exchange server. 3) Make sure that none of these domains are listed in /var/qmail/control/locals, or the mail will not make it to Exchange. 4) If you will also send mail from the bastion host directly, modify defaultdomain and defaulthost to your taste (man qmail-control will tell you where to find more info on them). These steps will set up inbound relay for your domains; the internet sends mail to qmail, and qmail forwards it all to Exchange. To allow Exchange to relay out through the machine, follow the selective relaying instructions at http://www.palomine.net/qmail/selectiverelay.html. -- gowen -- Greg Owen -- [EMAIL PROTECTED]
Re: How I can turn off delivery for user ?
Kornyakov Yevgeny [EMAIL PROTECTED] wrote: I use procmail, and if "| preline procmail" line is exist in the .qmail file, I get two identical letters. First letter from qmail delivery Second letter from procmail delivery I need use only procmail delivery. If the only line in the .qmail file is "|preline procmail", you'll only get one copy. -Dave
RE: maildirmake
"Eddie Greer" [EMAIL PROTECTED] wrote: thanks for responding. The answer that I am trying to find is whether the maildirmake command creates a file of any sort that keeps track of the mailboxes. No, maildirmake makes a maildir. That's all; nothing else. We changed someone's mailbox, What do you mean by that? Exactly what did you change? and copied the new current and tmp directories into their mailboxes but qmail did not redirect their mail (even after we did the maildirmake and specified their new home directory). qmail won't redirect their mail until you tell it to via a .qmail file or defauldelivery specification on the qmail-start command line. I am hoping that their is a way to modified a user home directory and Maildir folder without recreating the user from scratch. There's *never* a need to recreate a user from scratch under UNIX. -Dave
Re: update Re: help - qmail rejecting mail. no mailbox here by that name
J [EMAIL PROTECTED] wrote: I changed the alias to: .qmail-joe:bob with the contents: bobj I restarted all qmail daemons.. and unfortunatly I still get the "no mailbox here by that name". Any other sugguestions? No, that ought to work--assuming bobj is a valid mail user. For example: root@sws5# cd ~alias root@sws5# echo ./joebob .qmail-joe:bob root@sws5# echo To: joe.bob |qmail-inject root@sws5# cat joebob From [EMAIL PROTECTED] Fri Aug 04 12:29:17 2000 Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: (qmail 525673 invoked by uid 0); 4 Aug 2000 12:29:17 - Date: 4 Aug 2000 12:29:17 - Message-ID: [EMAIL PROTECTED] From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] -Dave
domain splitting
Hi I'm posting this on several mail-related newsgroups to try to get as much information as I can I hope no one regards this as a spam: I would like to host mail for a single domain (ie all users should be [EMAIL PROTECTED]) on several (geographically distributed) machines, with users in each area receiving their mail at the local mail sever. The hard part is, as bandwidth is a limiting issue, I don't want all the mail to be forwarded through a single host (eg if user1 at location A is sending a 5 MB attachement to user2 at location B, I don't want that to have to bounce off some central mail sever at location C). This means that all the mail servers serve the same domain name but have to be distinguishable (via DNS or sonmething sendmail does) by users served. It seems to me that this must be do-able since AOL and other large multinationals can't have all their mail go through some central hub. However since DNS won't resolve different hosts according to user name (since it knows nothing about the user sending/receiving the mail) the SMTP protocol must have some way of routing beyond DNS (ie so we can have one mail server which tells outside mail servers which internal mail server to send a particular message to accorind to user name -- without actually receiveing the message proper itself). This would require some kind of pre-sending negotiation between mail servers. Is such a thing possible? Does any of what I've said make sense to anybody, and if so can you clue me in on how to do this (or where to look to find out more). I've found some stuff about using qmail + PH that looks like it might be what I'm looking for (its a user address table thing that works with mail daemons) -- does anyone know more about this. Thank a lot in advance, Sheer
Re: Anti Virus
* Paul Schinder [EMAIL PROTECTED] writes: This is all grossly off topic. I suggest taking this thread off the list ASAP and apologize for the inconvenience caused by my unnecessary rudeness. [my complaint about overhead through uncropped quotes] Does anyone else see what he's complaining about? I've read this thread using MacOS Eudora, and just looked at one of the messages with mutt, and I see nothing out of the ordinary. Because I reformatted his mail according to age-old standards. In short, it boils down to the following: · your text goes below the quoted text; · trim and if necessary reformat malformed quotes to the absolute minimum, using "[...]" where necessary; · a line ends at 80 charactes max.; · no HTML, format-fla^Hwed, or similar "enhancements" on mailing lists - ASCII only; · an attribution line is 1 (one) line; · sigdashes are "-- " (aka dash, dash, blank RET - you, Paul, are missing the blank, rendering the whole thing useless for both my address book (which is aimed at snarfing information from signatures) and my email setup that automatically nukes signatures in replies); (Reminds me of the time some idiot flamed me on Usenet for using "}" instead of "" as the quoting character.) Might as well have been me. "" is for quoted text in a reply, "|" is for quotes from external sources. Using non-standard conformant quote strings breaks many editors in the way that text cannot be automatically reformatted to fit the "80 char per line" limit. It's nice and dandy that you can do loads of things you might think funny with your MUA - but it does not really mean you *have* to do them, right? I mean, I could do quoted-printable, text-enriched text with nested citations and a 10 line "attribution line". It's all here and I could even encode it according to some arcane standards. But it would annoy you just as much as mindless use of toys like Outlook annoys me (and AFAICS the majority of technically-minded users all over the Net). Rationale: some people actually pay for download. Full quotes with HTML make an email significantly bigger than necessary (like, 5 times per average) without buying the reader anything. All it takes is a little thoughtfulness on behalf of the users of inferior (or badly set up) software (cf. my sig for a good tool). Is that asked too much, Paul? -- Robin S. Socha http://socha.net/Gnus/
trouble
Hi All I've installed qmail+patches from source rpms on my RH 6.2 1386 linux box from Bruce Guenter source distribution 1. daemontools 70-1 2. ucpspi-tcp-0.88-1 3. supervise-scripts-2.4 4. qmail-1.03+patches-14 Everythings fine but the smtp server takes a long time to initialize..like when I telnet to port 25 on my localhost...the 220 host.domain.com ESMTP appears but after a long time. Has anybody experienced such a problem and was able to solve this... Thanx in advance - Sumith __ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/
RE: trouble
Everythings fine but the smtp server takes a long time to initialize..like when I telnet to port 25 on my localhost...the 220 host.domain.com ESMTP appears but after a long time. Has anybody experienced such a problem and was able to solve this... Your tcpserver invocation is probably trying to get IDENT info, which is the default. This times out after 26 seconds or so. Put '-R' into your tcpserver command line and the lag goes away, or open up port 113 on the firewall to allow IDENT traffic to freely flow. From http://cr.yp.to/ucspi-tcp/tcpserver.html: -r: (Default.) Attempt to obtain $TCPREMOTEINFO from the remote host. -R: Do not attempt to obtain $TCPREMOTEINFO from the remote host. To avoid loops, you must use this option for servers on TCP ports 53 and 113. -- gowen -- Greg Owen -- [EMAIL PROTECTED]
RE: Anti Virus
Because I reformatted his mail according to age-old standards. In short, it boils down to the following: Some ideas for the list and it turns to this? Any voters to return to the topic of how to stop our users getting virii attacks? Thanks for opinions, defences, and updates on the latest netiquette. Brett. Manager InterPlanetary Solutions http://ipsware.com/
Qmail-Spawn
Can anyone reflect a little light as to why I might be getting this error?? 965396867.707127 delivery 8637: deferral: qmail-spawn_unable_to_create_pipe._(#4.3.0)/ 965396867.707147 status: local 41/120 remote 0/20 965396867.707234 delivery 8638: deferral: qmail-spawn_unable_to_create_pipe._(#4.3.0)/ 965396867.707255 status: local 40/120 remote 0/20 965396867.707636 delivery 8639: deferral: qmail-spawn_unable_to_create_pipe._(#4.3.0)/ 965396867.707656 status: local 39/120 remote 0/20 965396867.707671 delivery 8640: deferral: qmail-spawn_unable_to_create_pipe._(#4.3.0)/ 965396867.707690 status: local 38/120 remote 0/20 965396867.707803 delivery 8641: deferral: qmail-spawn_unable_to_create_pipe._(#4.3.0) Thanks Slider
Re: Anti Virus
I beg you to cite the place where this list abides by these "Age-old standards". I've cited some standards about mailing lists to people before -- but usually along the lines of "don't quote 100 lines and give only 1 of your own" or "don't use 10 line signatures". I don't complain about whether my mail reader is only intelligent enough to recognise "-- " as a leader to a signature instead of "--" or "- Michael" ... That, and I much prefer to put my statements above the quoted text if my statement deals with the entirety of the comment (not just segments, as yours was), so that anyone following the list can quickly read what I have to say without scrolling. - Original Message - From: "Robin S. Socha" [EMAIL PROTECTED] Because I reformatted his mail according to age-old standards. In short, it boils down to the following: [ MTB: available in archives: http://www-archive.ornl.gov:8000/ ] Rationale: some people actually pay for download. Full quotes with HTML make an email significantly bigger than necessary (like, 5 times per average) without buying the reader anything. All it takes is a little thoughtfulness on behalf of the users of inferior (or badly set up) software (cf. my sig for a good tool). Is that asked too much, Paul? [ MTB: cf. http://cr.yp.to/sarcasm/modest-proposal.txt ]
qmail-pop3d problem
Hi, I have installed qmail-pop3d, checkpassword with qmail on redhat linux 6.2. I have entered the following lines in my "/etc/inetd.conf" file: pop-3 stream tcp nowait root /var/qmail/bin/qmail-popup qmail-popup \ foo.com /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir I am able to connect to 110 port but unable to authenticate. Following is the session: telnet foo.com 110 Trying 202.54.67.72... Connected to foo.com. Escape character is '^]'. +OK 15634.965386256@\ user naminfo +OK pass g -ERR authorization failed Connection closed by foreign host. Please help
Re: Qmail-Spawn
Slider writes: Can anyone reflect a little light as to why I might be getting this error?? Bad karma?? Too many years spent in pubs downing a warm one?? 965396867.707127 delivery 8637: deferral: qmail-spawn_unable_to_create_pipe._(#4.3.0)/ This is almost always due to some kind of operating system limit. Strace (truss in your case) is usually helpful. -- -russ nelson [EMAIL PROTECTED] http://russnelson.com | If you think Crynwr sells support for free software | PGPok | health care is expensive now 521 Pleasant Valley Rd. | +1 315 268 1925 voice | now, wait until you see Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | what it costs when it's free.
RE: qmail-pop3d problem
OK. First make sure that the Maildir is readable by the group and user that will be using it, then make sure that the folder actually exists and that the folders leading up to it (eg /home) are readableby all users. This was a problem for me once. No guarantees but take a look... Brett. Manager InterPlanetary Solutions http://ipsware.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Saturday, August 05, 2000 12:17 AM To: [EMAIL PROTECTED] Subject: qmail-pop3d problem Hi, I have installed qmail-pop3d, checkpassword with qmail on redhat linux 6.2. I have entered the following lines in my "/etc/inetd.conf" file: pop-3 stream tcp nowait root /var/qmail/bin/qmail-popup qmail-popup \ foo.com /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir I am able to connect to 110 port but unable to authenticate. Following is the session: telnet foo.com 110 Trying 202.54.67.72... Connected to foo.com. Escape character is '^]'. +OK 15634.965386256@\ user naminfo +OK pass g -ERR authorization failed Connection closed by foreign host. Please help
Re: domain splitting
Sheer El-Showk writes: I would like to host mail for a single domain (ie all users should be [EMAIL PROTECTED]) on several (geographically distributed) machines, with users in each area receiving their mail at the local mail sever. The hard part is, as bandwidth is a limiting issue, I don't want all the mail to be forwarded through a single host (eg if user1 at location A is sending a 5 MB attachement to user2 at location B, I don't want that to have to bounce off some central mail sever at location C). This means that all the mail servers serve the same domain name but have to be distinguishable (via DNS or sonmething sendmail does) by users served. Qmail lets you implement this using virtualdomains. You can virtualize a domain on a per-use basis. So tell the qmail running at location A that [EMAIL PROTECTED] is actually [EMAIL PROTECTED] Unfortunately, both sites A and B have to be running qmail and must be configured with the user table. There's no global way to do what you want. I suggest that you colocate the central mail server somewhere where there's plenty of bandwidth, and configure it with the user table. -- -russ nelson [EMAIL PROTECTED] http://russnelson.com | If you think Crynwr sells support for free software | PGPok | health care is expensive now 521 Pleasant Valley Rd. | +1 315 268 1925 voice | now, wait until you see Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | what it costs when it's free.
Re: Qmail-Spawn
I would like to known WHAT is qmail-spawn too... :-) Slider wrote: Can anyone reflect a little light as to why I might be getting this error?? 965396867.707127 delivery 8637: deferral: qmail-spawn_unable_to_create_pipe._(#4.3.0)/ 965396867.707147 status: local 41/120 remote 0/20 965396867.707234 delivery 8638: deferral: qmail-spawn_unable_to_create_pipe._(#4.3.0)/ 965396867.707255 status: local 40/120 remote 0/20 965396867.707636 delivery 8639: deferral: qmail-spawn_unable_to_create_pipe._(#4.3.0)/ 965396867.707656 status: local 39/120 remote 0/20 965396867.707671 delivery 8640: deferral: qmail-spawn_unable_to_create_pipe._(#4.3.0)/ 965396867.707690 status: local 38/120 remote 0/20 965396867.707803 delivery 8641: deferral: qmail-spawn_unable_to_create_pipe._(#4.3.0) Thanks Slider -- _ Fernando Costa de Almeida ICQ - 72293951
Re: Qmail-Spawn
On Fri, Aug 04, 2000 at 02:56:10PM +0100, Slider wrote: Can anyone reflect a little light as to why I might be getting this error?? 965396867.707127 delivery 8637: deferral: qmail-spawn_unable_to_create_pipe._(#4.3.0)/ One of the few errors I've covered in my brief error guide ;-) http://x42.com/qmail/error/#spawnpipe /magnus -- http://x42.com/
Re: Anti Virus
- Original Message - From: "Robin S. Socha" [EMAIL PROTECTED] So you are basically advocating running a piece of exremely expensive software with a mixed track record of functionality, running on an unstable, expensive and insecure operating system for production services? [ ... ] So, you're not only running an unstable OS but also an extremely flaky, bug-ridden MTA, and you actually have this setup connected to the internet. May I ask what your company is worth *to you*? Sometimes its not their choice, you do realise. It might be that any tech that decides to change operating systems gets fired. That happens. Deal with the question at hand, please. It's more up to one's TCO calculations, isn't it? So, you're not only running an unstable OS but also an extremely flaky, bug-ridden MTA, have this setup connected to the internet, but also throw in more money to buy unneeded functionality that is likely to introduce more bugs. Can you explain your rationale, please? They have no need to justify their rationale to you. You don't matter to their corporation in all likelihood. In that light, maybe you could have stuck to answering what was asked? Wow, we're finally back on topic... *sigh* The previous part of the message was to satisfy those folks who always say 'give us more detail about your setup' (like me). Incidentally, I dislike NT, Microsoft Outlook and Exchange as much as you probably do. I've said it once and I'll say it again: anti-virus software is snake oil. Under certain circumstances, it will buy you exactly nothing. Had I sent you ILOVEYOU the moment I got it, you would have been fucked. Real bad. Maybe your filter would have caught it, but who knows? No, its not snake-oil. Its just not perfect. The anti-virus software companies, by necessity, need to analyse a virus before they can add the signature to their software. That usually requires that the virus be "in the wild" for some period of time first. However, I've had client machines come in with dozens of viruses -- usually some combination of Stoned or Monkey with a few other oldies. These are all caught by modern anti virus software and thus it _should_ be installed on machines. McAfee VirusScan for workstations is only $15 (cost). I don't classify that as snake-oil -- Michael T. Babcock CTO, FibreSpeed
RE: Anti Virus
Well, I think we should keep the topic! There are alot of inexperienced users out there like myself who are rather interested in this topic! Slider Because I reformatted his mail according to age-old standards. In short, it boils down to the following: Some ideas for the list and it turns to this? Any voters to return to the topic of how to stop our users getting virii attacks? Thanks for opinions, defences, and updates on the latest netiquette. Brett. Manager InterPlanetary Solutions http://ipsware.com/
Re: qmail-spawn
On Fri, Aug 04, 2000 at 11:20:38AM -0300, Fernando Almeida wrote: I would like to known WHAT is qmail-spawn too... :-) qmail-spawn is either qmail-lspawn or qmail-rspawn, as they both share the code in spawn.c where this error message lives and prospers. /magnus -- http://x42.com/
concurrencyremote up to 500
Hello,I'm trying to get qmail running in a Solaris 7 box and get up to 500 qmail-remote proccesses at the same time, I do the following steps : 1. Before compiling qmail-1.03 I applyed the big concurrency patch 2. Set conf-spawn to 500 in the qmail source tree 3. make setup check 4. echo 500 /var/qmail/control/concurrencyremote 5. Get it running!. But I noticed that the maximun number of qmail-remote procs is 30 ! My box is a high traffic outbound smtp server and 30 qmail-remote procs. is very poor. the same steps I do in a Linux box and get 500 qmail-remote without any problem Any Idea ??? This is possible relationed with a per user/max procs in Solaris or any like this ? Thank you. RDA.-
RE: Anti Virus
OK I wasn't planning on continuing my argument but since others are for me! ... Incidentally, I dislike NT, Microsoft Outlook and Exchange as much as you probably do. I dislike them as well. All our servers are transitioning to linux/openbsd EXCEPT for this one virus-scanning machine. Virtually a day after the "I Love you" virus was realised, Norton had a fix for it and liveupdate automatically updated it on our server. This change was propogated to every client in the building, as well as used in scanning of e-mails. Luckily this prestigous event happened largely on a weekend and so the few e-mails which got through the server were then killed on Monday when the user went to read their e-mail...We have stopped countless hundreds of this virus, and tens of thousands of other virii with this firewall-style approach. come in with dozens of viruses -- usually some combination of Stoned or Monkey with a few other oldies. These are all caught by modern anti virus software and thus it _should_ be installed on machines. McAfee VirusScan for workstations is only $15 (cost). Totally agreed with. You can't always catch the latest and greatest virii with virus scanning software and yes killing every binary attachment is an approach to removing the possibility altogether, but in many cases that is just not an option. Killing script files, ok...can understand that. Less impact on working habits, 95% agree with it. I trust stuff I pay for more than free, open source scripting efforts. Just a peace-of-mind. Norton are not overly bloated. Lotus' Notes is, to some extent, bloated, but we have been using it for the last couple of years with thousands of e-mails coming through and being scanned daily and have had no obvious problems thus far... Brett. Manager InterPlanetary Solutions http://ipsware.com/ -Original Message- From: Michael T. Babcock [mailto:[EMAIL PROTECTED]] Sent: Saturday, August 05, 2000 12:36 AM To: qmail list; Robin S. Socha Subject: Re: Anti Virus - Original Message - From: "Robin S. Socha" [EMAIL PROTECTED]
Re: using fetchmail on qmail machine
On Fri, Aug 04, 2000 at 12:34:27AM -0400, Peter Green wrote: Can someone let me know if the adding localhost to control/locals is the "normal" behaviour? I think a lot of people would like to use qmail as their own MTA instead of sendmail or postfix, so knowing this would be of great help to me. I don't know if it's the ``normal'' behavior, but I have localhost in my control/locals with the identical setup to you. That's the only way I could get qmail to deliver the mail that fetchmail was sending it. FYI, I'm now looking at maildrop as opposed to procmail... should be interesting... =) -- [EMAIL PROTECTED], OpenPGP key available on www.keyserver.net // Danen Consulting Serviceswww.danen.net, www.freezer-burn.org // MandrakeSoft, Inc. www.linux-mandrake.com 1024D/FE6F2AFD 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD Current Linux uptime: 20 hours 33 minutes.
Re: using fetchmail on qmail machine
On Fri, Aug 04, 2000 at 10:37:03PM +1200, Chris, the Young One wrote: ! I don't know if it's the ``normal'' behavior, but I have localhost in my ! control/locals with the identical setup to you. $ grep localhost /var/qmail/control/locals localhost Yep, it's there. From a casual perusal of config.sh in the qmail package it can be seen that it calls a program to get the IP addresses of all interfaces, then puts their PTR lookups into control/locals. Unless you lack a loopback interface :-) I believe that localhost should be in control/locals, at least by default. Hmmm... it never put it in mine... wierd. Oh well, now I know that this is "normal". Thanks! -- [EMAIL PROTECTED], OpenPGP key available on www.keyserver.net // Danen Consulting Serviceswww.danen.net, www.freezer-burn.org // MandrakeSoft, Inc. www.linux-mandrake.com 1024D/FE6F2AFD 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD Current Linux uptime: 20 hours 34 minutes.
Re: Unable to create pipe
This was posted here just a few hours ago...look at it Brett Manager InterPlanetary Solutions http://ipsware.com/ -Original Message- From: Magnus Bodin [mailto:[EMAIL PROTECTED]] Sent: Saturday, August 05, 2000 12:25 AM To: qmail list Subject: Re: Qmail-Spawn On Fri, Aug 04, 2000 at 02:56:10PM +0100, Slider wrote: Can anyone reflect a little light as to why I might be getting this error?? 965396867.707127 delivery 8637: deferral: qmail-spawn_unable_to_create_pipe._(#4.3.0)/ One of the few errors I've covered in my brief error guide ;-) http://x42.com/qmail/error/#spawnpipe /magnus -- http://x42.com/
Editing error messages
I was wondering if its possible to edit the error messages in qmail. And what is the simplest way to do it? For example, I want to change "This address is not in my rcpthosts" message to something different. -- Erich Zigler Sr. System Administrator Interesting how the need for substance in an unexamined life often times leads to gulibility. -- Cornfed
Re: qmail-pop3d problem
On Fri, Aug 04, 2000 at 07:47:27PM +0530, kapil sharma wrote: ! pop-3 stream tcp nowait root /var/qmail/bin/qmail-popup qmail-popup \ ! foo.com /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir [...] ! +OK 15634.965386256@\ Are you sure that ``\'' is an acceptible line continuation character? qmail-popup seems to think that ``\'' is the host name, so maybe you should just put everything on one line without using ``\''. ---Chris K. -- Chris, the Young One |_ but what's a dropped message between friends? Auckland, New Zealand |_ this is UDP, not TCP after all ;) ---John H. http://cloud9.hedgee.com/ |_ Robinson, IV PGP: 0xCCC6114E/0x706A6AAD |_
RE: qmail-pop3d problem
On Fri, Aug 04, 2000 at 07:47:27PM +0530, kapil sharma wrote: ! pop-3 stream tcp nowait root /var/qmail/bin/qmail-popup qmail-popup \ ! foo.com /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir [...] ! +OK 15634.965386256@\ Are you sure that ``\'' is an acceptible line continuation character? qmail-popup seems to think that ``\'' is the host name, so maybe you should just put everything on one line without using ``\''. The command line is interpreted by bash (I take it you are using bash) before the program that is being called (try typing some nonexistant command followed by a '\' and there will be no error) so qmail-popup won't even know it existed. Brett. Manager InterPlanetary Solutions http://ipsware.com/
Re: Anti Virus
* Michael T Babcock [EMAIL PROTECTED] writes: From: "Robin S. Socha" [EMAIL PROTECTED] Michael, I thought you were making sense when you suggested ending this thread in PM. Unfortunately, I was wrong. So here goes... Deal with the question at hand, please. , | A+14 [Slider ]:=Anti Virus | +20 [Robin S. Socha ]:= - anomy for procmail | A+41[Slider ]:= | +20 [Robin S. Socha ]:- |http://www.qmail.org/top.html#microsoft |[...] | +59 Noel Mistula:= | A+86[Brett Randall ]:= | +128 [Robin S. Socha ]:= | A+14 [Adam McKenna]:= | A+29 [Paul Schinder ]:= | +55[Robin S. Socha ]:= | +32 [Michael T. Babcock ]: - you are here ` I presume you can see where you missed the point, Michael? I've said it once and I'll say it again: anti-virus software is snake oil. Under certain circumstances, it will buy you exactly nothing. Had I sent you ILOVEYOU the moment I got it, you would have been fucked. Real bad. Maybe your filter would have caught it, but who knows? No, its not snake-oil. Its just not perfect. It is inherently snake-oilish. I would call my colleague in London an experienced NT admin with a lot of common sense. He went "we've now got 4 virus scanners running, so we're safe". So I went "On your backup mailserver, too? Cause some nasty buddy just DOS'ed your primary one." So he went "AAARRR!!!1". The problem is not the quality of the scanners, the frequency of your updates, the speed with which updates are released or whatever. The problem is the quality of MS Software. Windows is a disaster waiting to happen. Brett advocated using an insecure OS with closed source protection mechanisms to secure a production environment running an operating system that is as secure as a bullet proof vest made of NT-CDs. Since the system cannot be secured, the threat must be eliminated. Either by changing the OS or by nuking all attachments that are potentially dangerous. The anti-virus software companies, by necessity, need to analyse a virus before they can add the signature to their software. That usually requires that the virus be "in the wild" for some period of time first. Right. And you do remember how fast ILOVEYOU spread, don't you? However, I've had client machines come in with dozens of viruses -- usually some combination of Stoned or Monkey with a few other oldies. These are all caught by modern anti virus software and thus it _should_ be installed on machines. McAfee VirusScan for workstations is only $15 (cost). You're working around the problem. Ever wondered how come there are no[1] viruses for Un*x? I don't classify that as snake-oil You're as entitled to your personal opinion as everybody else. Too bad it's beside the point since the OP wasn't interested in fixing an infected system but preventing from viruses (or other dangerous content) from entering his system. reply-to set accordingly. Footnotes: [1] Yes, there are three. But they don't exist. -- Robin S. Socha http://socha.net/
Re: trouble
Your also might want to look into installing dnscache http://cr.yp.to/djbdns/dnscache-1.00.tar.gz and have a local caching only server running on the qmail machine. Sean Truman - Original Message - From: Greg Owen [EMAIL PROTECTED] To: Qmail List (E-mail) [EMAIL PROTECTED] Sent: Friday, August 04, 2000 9:13 AM Subject: RE: trouble Everythings fine but the smtp server takes a long time to initialize..like when I telnet to port 25 on my localhost...the 220 host.domain.com ESMTP appears but after a long time. Has anybody experienced such a problem and was able to solve this... Your tcpserver invocation is probably trying to get IDENT info, which is the default. This times out after 26 seconds or so. Put '-R' into your tcpserver command line and the lag goes away, or open up port 113 on the firewall to allow IDENT traffic to freely flow. From http://cr.yp.to/ucspi-tcp/tcpserver.html: -r: (Default.) Attempt to obtain $TCPREMOTEINFO from the remote host. -R: Do not attempt to obtain $TCPREMOTEINFO from the remote host. To avoid loops, you must use this option for servers on TCP ports 53 and 113. -- gowen -- Greg Owen -- [EMAIL PROTECTED]
Re: concurrencyremote up to 500
Ricardo Albano [EMAIL PROTECTED] wrote: Hello,I'm trying to get qmail running in a Solaris 7 box and get up to 500 qmail-remote proccesses at the same time, I do the following steps : [...] But I noticed that the maximun number of "qmail-remote procs" is 30 ! My box is a high traffic outbound smtp server and 30 qmail-remote procs. is very poor. the same steps I do in a Linux box and get 500 qmail-remote without any problem [...] This is possible relationed with a per user/max procs in Solaris or any like this ? It is almost certainly a resource limit the system is imposing. It may be fds, or it could be something else. What are you limits currently set to? Have you tried changing them? You seem to have diagnosed your own problem here. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
RE: qmail-pop3d problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 5 Aug 00, at 1:49, Brett Randall wrote: The command line is interpreted by bash (I take it you are using bash) before the program that is being called (try typing some nonexistant command followed by a '\' and there will be no error) so qmail-popup won't even know it existed. I beg to differ. 1. inetd doesn't support wrapped lines in /etc/inetd.conf. At least mine doesn't. It doesn't know about the second line at all. 2. inetd doesn't run the command through bash. Where did you hear that? -BEGIN PGP SIGNATURE- Version: PGP 6.0.2 -- QDPGP 2.60 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBOYraKVMwP8g7qbw/EQL2xgCfeWq+XgG/ESanEVRtMK5Yl8oHvEQAnRiK hHXnlYyRwU1ygxyqrZ43yOMx =HKTS -END PGP SIGNATURE- -- Petr Novotny, ANTEK CS [EMAIL PROTECTED] http://www.antek.cz PGP key ID: 0x3BA9BC3F -- Don't you know there ain't no devil there's just God when he's drunk. [Tom Waits]
Re: concurrencyremote up to 500
I can't imagine where to start the diagnostic, I think the problem is in the OS Limit but I need some specific pointers to the problem to ask Sun peoples. Ricardo Albano [EMAIL PROTECTED] wrote: Hello,I'm trying to get qmail running in a Solaris 7 box and get up to 500 qmail-remote proccesses at the same time, I do the following steps : [...] But I noticed that the maximun number of "qmail-remote procs" is 30 ! My box is a high traffic outbound smtp server and 30 qmail-remote procs. is very poor. the same steps I do in a Linux box and get 500 qmail-remote without any problem [...] This is possible relationed with a per user/max procs in Solaris or any like this ? It is almost certainly a resource limit the system is imposing. It may be fds, or it could be something else. What are you limits currently set to? Have you tried changing them? You seem to have diagnosed your own problem here. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: using fetchmail on qmail machine
On Fri, Aug 04, 2000 at 09:27:00AM -0600, Vincent Danen wrote: On Fri, Aug 04, 2000 at 10:37:03PM +1200, Chris, the Young One wrote: ! I don't know if it's the ``normal'' behavior, but I have localhost in my ! control/locals with the identical setup to you. $ grep localhost /var/qmail/control/locals localhost Yep, it's there. From a casual perusal of config.sh in the qmail package it can be seen that it calls a program to get the IP addresses of all interfaces, then puts their PTR lookups into control/locals. Unless you lack a loopback interface :-) I believe that localhost should be in control/locals, at least by default. Hmmm... it never put it in mine... wierd. Oh well, now I know that this is "normal". Thanks! Hmmm. I use fetchmail in one (admittedly simple) scenario and it doesn't require localhost in control/locals Regards.
RE: qmail-pop3d problem
I beg to differ. 1. inetd doesn't support wrapped lines in /etc/inetd.conf. At least mine doesn't. It doesn't know about the second line at all. 2. inetd doesn't run the command through bash. Where did you hear that? My apologies : It is 2am over here and I forgot this is an inetd call, not a tcpserver call! Brett. Manager InterPlanetary Solutions http://ipsware.com/
Re: concurrencyremote up to 500
Ricardo Albano [EMAIL PROTECTED] wrote: It is almost certainly a resource limit the system is imposing. It may be fds, or it could be something else. What are you limits currently set to? Have you tried changing them? You seem to have diagnosed your own problem here. I can't imagine where to start the diagnostic, I think the problem is in the OS Limit but I need some specific pointers to the problem to ask Sun peoples. Try adding some ulimit calls to your qmail startup script. `man ulimit` for details. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: duplicating sendmail's virtusertable
On Thu, Aug 03, 2000 at 11:05:47PM -0400, Sam Carleton wrote: I also need to change the from header from [EMAIL PROTECTED] to [EMAIL PROTECTED] I am trying to stealth my user account because it is the only account able to su in as root. I would prefer if folks do not know the user name on the account:) (No, it isn't sam, that is simply my example g) Both of these can be accomplished using fastforward, available from http://www.qmail.org. I have installed fastforward and I am aliasing incoming mail from sam.carleton@domain to sam@domain, but I do not have a clue as to how to use fastforward to change the From: header on out going mail from sam@domain to sam.carleton@domain. Can someone enlighten me? My error. I did not read your request carefully enough. The "From: " header is entirely under the control of your MUA (mutt, pine, mailx, etc). The envelope "from " header is controlled via your MTA (qmail, in this case) and can be controlled either by using the sendmail wrapper with a "[EMAIL PROTECTED]" or setting some environment variables before calling qmail-inject. Ben -- Ben Beuchler [EMAIL PROTECTED] MAILER-DAEMON (612) 321-9290 x101 Bitstream Underground www.bitstream.net
Re-injecting complete messages
Hi...I've been asked by a fellow sysadmin to reinject a number of complete e-mails (containing every original header field and the body with the standard one-line gap) into the mail system for delivery to their relevant locations, both locally and remotely. What is the best way of doing this? Thanks! Brett. Manager InterPlanetary Solutions http://ipsware.com/
Re: Editing error messages
On Fri, Aug 04, 2000 at 10:28:27AM -0500, Erich Zigler wrote: I was wondering if its possible to edit the error messages in qmail. And what is the simplest way to do it? For example, I want to change "This address is not in my rcpthosts" message to something different. They are hard-coded. Edit the code at your own risk. Ben -- Ben Beuchler [EMAIL PROTECTED] MAILER-DAEMON (612) 321-9290 x101 Bitstream Underground www.bitstream.net
Re: Editing error messages
* Erich Zigler [EMAIL PROTECTED] writes: I was wondering if its possible to edit the error messages in qmail. And what is the simplest way to do it? Grab an editor and UTSL. For example, I want to change "This address is not in my rcpthosts" message to something different. That'd be qmail-(s|q)mtpd.c - but why would you want to do that? -- Robin S. Socha http://socha.net/
Re: Anti Virus
* Brett Randall [EMAIL PROTECTED] writes: OK I wasn't planning on continuing my argument but since others are for me! I'm still against you, Brett, so let's see how far we'll get... ]:- Incidentally, I dislike NT, Microsoft Outlook and Exchange as much as you probably do. I dislike them as well. All our servers are transitioning to linux/openbsd EXCEPT for this one virus-scanning machine. Interestingly, this will leave this one machine open to attacks against the OS itself. Strange notion of security. You could be running TrendMicro's viruswall or [insert AV-vendor] stuff on various flavours of Un*x or Linux as well. Virtually a day after the "I Love you" virus was realised, Norton had a fix for it and liveupdate automatically updated it on our server. Literally one minute after I was informed about the problem via my email2sms gateway (one of those things you'd call a "scripting effort" monitoring various security MLs), I had remotely logged into our mailserver and added a rule nuking all respective emails. Arguably, the approach is different, but with the gaping holes in MS's security "policy", chances are yet another script kiddy will find yet another exploit soonish and it will not qualify as a virus again. Technically speaking, BTW, ILOVEYOU was not a virus, anyway. Needless to say that there are i18n versions of MS Office viruses that aren't caught by American scanners... Luckily this prestigous event happened largely on a weekend and so the few e-mails which got through the server were then killed on Monday when the user went to read their e-mail... "Luckily"... how do you sleep at night, Brett, when an integral part of your security policy relies on luck? We have stopped countless hundreds of this virus, and tens of thousands of other virii with this firewall-style approach. Brett, I just talked to my firewall. She's a nice firewall, y'know, and she's got a great sense of humour. But that carpet was quite expensive, and I stronly advise you not to make such rude jokes again unless you want to face punitive damages. Besides, a 19" rack biting a rug is just plainly ridiculous. come in with dozens of viruses -- usually some combination of Stoned or Monkey with a few other oldies. These are all caught by modern anti virus software and thus it _should_ be installed on machines. McAfee VirusScan for workstations is only $15 (cost). Totally agreed with. You can't always catch the latest and greatest virii with virus scanning software and yes killing every binary attachment is an approach to removing the possibility altogether, but in many cases that is just not an option. True. That's why you set up sandboxes in each department, running Linux and StarOffice. For the unaware, StarOffice is a free, GPL'ed (?) Office Suite running on Windows and various Un*xoid OSes. Yes, it's a little inconvenient to hop to another office to take a look at an attachment. But it also makes you very angry at the people sending them. Which is good. I trust stuff I pay for more than free, open source scripting efforts. Ok, so on top of luck, you rely on trust. Then again, it's all that's left to you, isn't it? While you can have an expert audit Open Source Software, (closed source) commercial software has to be trusted. I don't trust closed source software, and even less so if it comes from a foreign country. Can you guarantee (100%) where Notes or Exchange or whatever send your company's trade secrets? Does the word OPSEC ring a bell? IT security isn't everything. And, quite honestly, I don't like your condescending tone when you talk about OSS. Calling OpenBSD or qmail "scripting efforts" is, well.. you know, if MS ever released the Exchange code, and one were to compare it to qmail's... oh, well... Just a peace-of-mind. Then why are you running qmail? You /are/ running qmail, aren't you? Norton are not overly bloated. Lotus' Notes is, to some extent, bloated, but we have been using it for the last couple of years with thousands of e-mails coming through and being scanned daily and have had no obvious problems thus far... Notes Server has had some bugs that qualify as lethal. And they weren't fixed nearly as quickly as those in, say, sendmail. What makes you recommend software with a bad track record in security on a ML for the most secure mailserver there is? -- Robin S. Socha http://socha.net/
Bah!
Hi all, I've finally got my arse around to using tcpserver. Well I say using, more like installing and then ripping my hair out. Is there any _useful_ documentation, with some examples out there on how to use it? I saw one snippet that mentioned it goes in inetd.conf If so what the bleeding point?? I'd rather be using FreeBSD's improved tcp_wrappers than using them and having to use tcpserver within it. I'm mainly going to it becuase of the god awful RELAYCLIENT hack to allow a few hosts to use me as a smarthost (instead of a more sane /var/qmail/control file that allows named ip's to connect). Yours close to another MTA, D.
Re: Editing error messages
"Robin S. Socha" [EMAIL PROTECTED] writes: * Erich Zigler [EMAIL PROTECTED] writes: I was wondering if its possible to edit the error messages in qmail. And what is the simplest way to do it? Grab an editor and UTSL. For example, I want to change "This address is not in my rcpthosts" message to something different. That'd be qmail-(s|q)mtpd.c - but why would you want to do that? I am sure Erich can answer for himself, but may I posit one possible reason: The people who read bounce mails are typically those who sent it, which, 99% of the time, is a person who is completely unfamiliar with mail systems. To them, something like, "You cannot sent mail to that site using this mail server", or somesuch, would be less confusing and more personable. Just a thought. On the flip side, as soon as the word "rcpthosts" leaves a user's mouth, I am pretty sure I know exactly what the problem is. Bryan -- p l u m b d e s i g n Bryan Ischo | Software Developer 157 chambers st ny ny 10007 p.212-285-8600 x233 f.212-285-8999
terminology (was Re: duplicating sendmail's virtusertable)
``The "From: " header'' and ``The envelope "from " header''---I knew I was confused the first time I read the message... On Fri, Aug 04, 2000 at 11:22:12AM -0500, Ben Beuchler wrote: ! My error. I did not read your request carefully enough. The "From: " ! header is entirely under the control of your MUA (mutt, pine, mailx, ! etc). The address listed in the From field is what I call the header sender. There could be a different official name for it though. !The envelope "from " header is controlled via your MTA (qmail, in ! this case) and can be controlled either by using the sendmail wrapper ! with a "[EMAIL PROTECTED]" or setting some environment variables ! before calling qmail-inject. That's what I (and most people I know of) call the envelope sender, and it does not appear in the header (unless your mailer puts it into the Return-Path field, but it's not an obligatory behaviour). The other thing that should be clarified is that there is _one_ header in a message, consisting of one or more fields. For more definitions, see http://cr.yp.to/immhf/header.html. ---Chris K. -- Chris, the Young One |_ Never brag about how your machines haven't been Auckland, New Zealand |_ hacked, or your code hasn't been broken. It's http://cloud9.hedgee.com/ |_ guaranteed to bring the wrong kind of PGP: 0xCCC6114E/0x706A6AAD |_ attention. ---Neil Schneider
Re: Anti Virus
I dislike them as well. All our servers are transitioning to linux/openbsd EXCEPT for this one virus-scanning machine. Interestingly, this will leave this one machine open to attacks against the OS itself. Strange notion of security. Well, in a world devoid of any other security mechanisms, perhaps. But it's perfectly easy to simply deny all traffic to the machine not related to SMTP, at the router, firewall, and on the machine itself. It's hard to exploit something on the machine if your packets never get there. I trust stuff I pay for more than free, open source scripting efforts. Well, it's sixes. Some commercial software is well-written, a lot isn't. Some open-source software is well-written, I've found a lot that's not. It all comes down to the individual package. steve
Re: Bah!
On Fri, Aug 04, 2000 at 05:45:06PM +0100, Holborn BongMiester wrote: I've finally got my arse around to using tcpserver. Well I say using, more like installing and then ripping my hair out. Is there any _useful_ documentation, with some examples out there on how to use it? I saw one snippet that mentioned it goes in inetd.conf If so what the bleeding point?? I'd rather be using FreeBSD's improved tcp_wrappers than using them and having to use tcpserver within it. I'm mainly going to it becuase of the god awful RELAYCLIENT hack to allow a few hosts to use me as a smarthost (instead of a more sane /var/qmail/control file that allows named ip's to connect). You have a very charming way of asking for help. Also of not reading readily and freely available documentation. Start with the home page for ucspi-tcp. Documents every option of every program in the package. http://cr.yp.to/ucspi-tcp.html If that is too obtuse for you, try David Sill's excellent "Life With qmail", linked to from the qmail.org page. http://web.infoave.net/~dsill/lwq.html If you find that too difficult, follow some of the other links concerning "anti-relaying" from the qmail.org page. There are several. All of which offer complete descriptions for setting up tcpserver. If you still can't figure it out, hire a 12 year old. Ben -- Ben Beuchler [EMAIL PROTECTED] MAILER-DAEMON (612) 321-9290 x101 Bitstream Underground www.bitstream.net
Re: Anti Virus
On Sat, Aug 05, 2000 at 01:13:05AM +1000, Brett Randall wrote: ! I trust stuff I pay for more ! than free, open source scripting efforts. Just a peace-of-mind. This reminds me of http://www.ultraviolet.org/treed/lam.txt. :-) ---Chris K. -- Chris, the Young One |_ Never brag about how your machines haven't been Auckland, New Zealand |_ hacked, or your code hasn't been broken. It's http://cloud9.hedgee.com/ |_ guaranteed to bring the wrong kind of PGP: 0xCCC6114E/0x706A6AAD |_ attention. ---Neil Schneider
Re: Editing error messages
On Fri, Aug 04, 2000 at 12:40:14PM -0400, Bryan Ischo wrote: The people who read bounce mails are typically those who sent it, which, 99% of the time, is a person who is completely unfamiliar with mail systems. Your actually quite right. To them, something like, "You cannot sent mail to that site using this mail server", or somesuch, would be less confusing and more personable. Actually we use vpopmail's roaming users. So if they dont check their email beforehand they cannot use us as a relay. We get many calls from angry customers and employees because all they see in the current error message is "You cant send mail." On the flip side, as soon as the word "rcpthosts" leaves a user's mouth, I am pretty sure I know exactly what the problem is. Yeah, but in my opinion I dont want to hear of those calls in the first place. =) -- Erich Zigler Sr. System Administrator
Re: using fetchmail on qmail machine
On Fri, Aug 04, 2000 at 09:03:07AM -0700, [EMAIL PROTECTED] wrote: Unless you lack a loopback interface :-) I believe that localhost should be in control/locals, at least by default. Hmmm... it never put it in mine... wierd. Oh well, now I know that this is "normal". Thanks! Hmmm. I use fetchmail in one (admittedly simple) scenario and it doesn't require localhost in control/locals Do you have fetchmail sending to procmail or something? I have fetchmail sending it to port 25 on the local machine (ie. qmail) so qmail still has to do the delivering to my maildirs. Are you maybe sending it to something other than port 25? -- [EMAIL PROTECTED], OpenPGP key available on www.keyserver.net // Danen Consulting Serviceswww.danen.net, www.freezer-burn.org // MandrakeSoft, Inc. www.linux-mandrake.com 1024D/FE6F2AFD 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD Current Linux uptime: 22 hours 10 minutes.
Re: Bah!
Ben Beuchler wrote: You have a very charming way of asking for help. Also of not reading readily and freely available documentation. Maybee I should of took a break and then asked. Dan's links on his main page are hidden everywhere. I followed the 'installing tcpserver' and also the other ucspi-tcp link and the info I got out of that was untar and make. His INSTALL could do with a, for some examples and further documnetaion go here... http://cr.yp.to/ucspi-tcp.html Great! I'll go take a ganders. If that is too obtuse for you, try David Sill's excellent "Life With qmail", linked to from the qmail.org page. http://web.infoave.net/~dsill/lwq.html I'm not too bad with qmail, it's just to get things to function b4 I didnt need this tcpserver. If you find that too difficult, follow some of the other links concerning "anti-relaying" from the qmail.org page. There are several. All of which offer complete descriptions for setting up tcpserver. Sensible place to put it (as oppsed to 'installing tcpserver' :) But thnks for the pointer. If you still can't figure it out, hire a 12 year old. I guess I asked for that :) Been a bad day at work and I've been having helll with tcpserver and pop3d and qmail-smtpd. D.
RE: Bah!
I'd hire that 12 year old if he/she could tell me what the damn status codes for tcpserver meant. :-) Seriously though, those pages need some updates, I spent an hour or two searching the archives of this list the other day to find out the reason my post card cgi perl script needed to have \r\n on the end of each of it's lines when constructing the mail headers... The only thing I had to search on was the fact that my tcpserver was logging the undocumented status=256 which seems to be spit out for multiple problems. Dave -Original Message- From: Ben Beuchler To: [EMAIL PROTECTED] Sent: 8/4/00 12:53 PM Subject: Re: Bah! You have a very charming way of asking for help. Also of not reading readily and freely available documentation. Start with the home page for ucspi-tcp. Documents every option of every program in the package. http://cr.yp.to/ucspi-tcp.html If that is too obtuse for you, try David Sill's excellent "Life With qmail", linked to from the qmail.org page. http://web.infoave.net/~dsill/lwq.html If you find that too difficult, follow some of the other links concerning "anti-relaying" from the qmail.org page. There are several. All of which offer complete descriptions for setting up tcpserver. If you still can't figure it out, hire a 12 year old. Ben -- Ben Beuchler [EMAIL PROTECTED] MAILER-DAEMON (612) 321-9290 x101 Bitstream Underground www.bitstream.net
Re: Bah!
On Fri, Aug 04, 2000 at 06:14:39PM +0100, Holborn BongMiester wrote: I guess I asked for that :) Been a bad day at work and I've been having helll with tcpserver and pop3d and qmail-smtpd. My apologies. I'm a tad short-tempered myself. Anyway, tcpserver is quite easy. I found it preferable to inetd by a long shot. And having the tcp program do the IP based stuff makes perfect sense as the stuff qmail sees is too easily forged. It only has envelope information to work from, after all. As a peace offering, here's my tcpserver setup: /usr/local/bin/tcpserver -R -c 80 -q -p -x /etc/smtprules/tcp.smtp.cdb \ -u79 -g1003 0 smtp /var/qmail/bin/qmail-smtpd 21 There are several other options, all well documented on the ucspi-tcp page. Of course, the -u and -g options need to be changed to match the correct UID/GID on your box. And the -x option needs to point to your tcprules file, the format of which is documented on the tcprules page at the ucspi-tcp site. A typical line looks like this: 123.45.67.89:allow,RELAYCLIENT="" Ben -- Ben Beuchler [EMAIL PROTECTED] MAILER-DAEMON (612) 321-9290 x101 Bitstream Underground www.bitstream.net
patch to require helo before mail from
I have written a patch to force clients to say helo first. ahelocheck.diff
Problems w/ pop3
Some people where I work use pop3 at home and at work. When they check their mail from home, they are leaving the messages on the server. The problem happens when they get to work the next day. Apparently, when using the old pop3 server, messages they had already downloaded from home were marked "read". But now, with qmail-pop3d, they show up as "unread" when the people come into work. Anyone know why this problem happens? I assume it is some POP3 feature/extension that qmail-pop3d doesn't support. By the way, the people complaining are using Eudora. --Adam
Re: Anti Virus
* Steve Wolfe [EMAIL PROTECTED] writes: [scanning for MS viruses under MS OSes] Well, in a world devoid of any other security mechanisms, perhaps. But it's perfectly easy to simply deny all traffic to the machine not related to SMTP, at the router, firewall, and on the machine itself. It's hard to exploit something on the machine if your packets never get there. man gauntlet I trust stuff I pay for more than free, open source scripting efforts. Well, it's sixes. Some commercial software is well-written, a lot isn't. I beg to differ. You simply cannot know if closed source commercial software is well written. I may seem to work well, but you don't know what's under the hood. Back in university, we had the NT 4.0 CD that we installed on a spare computer for laughs. We had blocked it inside a firewall. It sent two crypted emails. We let them free. They disappeared behind a MSN firewall. We did not laugh. Some open-source software is well-written, I've found a lot that's not. It all comes down to the individual package. That's so true it's meaningless, I'd say. There is a lot of really bad software available especially for Linux, true. But if you take a well audited distribution (Jurix would be one) or stick to a core *BSD, you'll find that the code base is excellent. It still remains to be shown how you break into a bare-bones OpenBSD. I could not say that for a couple commercial OSes. Bottom line: every system can be made insecure. But some "packages" are secure by default. qmail springs to mind ;-) Stick to those and you're fine. -- Robin S. Socha http://socha.net/
Re: Bah!
* Holborn BongMiester [EMAIL PROTECTED] writes: Is there any _useful_ documentation [for tcpserver], with some examples out there on how to use it? You've already been pointed to DJB's site. There also exists a tarball with man pages at http://innominate.de/, compiled by G. Pape. I saw one snippet that mentioned it goes in inetd.conf If so what the bleeding point?? I'd rather be using FreeBSD's improved tcp_wrappers than using them and having to use tcpserver within it. I don't think so. But go see for yourself. If you don't see the value of this excellent software package, you probably don't need it. -- Robin S. Socha http://socha.net/
Re: patch to require helo before mail from
"Darrell Wright" [EMAIL PROTECTED] writes: I have written a patch to force clients to say helo first. Out of curiosity and not unpleasantness, why would one want such a patch? I've seen that sendmail has options to do the same thing, and have never understood exactly what it accomplishes. Thanks for any insight, --ScottG.
sqwebmail qmail-pop3d ?
hi, i am running a small internet-server with several virtual domains and i would like to install sqwebmail for my customers. the question is: does qmail work together with /Maildir format and a running qmail-pop3d or do i need the install vpopmail ? user should be able not open new pop3 accounts; they should only read and write emails using the web. -- regards, jens --- department computer science, university of dortmund linux ... life's too short for reboots! begin:vcard n:Georg;Jens x-mozilla-html:FALSE org:University of Dortmund, Germany;computer science adr:;; version:2.1 email;internet:[EMAIL PROTECTED] x-mozilla-cpt:;0 fn:Jens Georg end:vcard
What a mess...
Hi... I have a problem for wich I haven't got a clue on where to start looking for a possible sollution... There is this company that wanted to have mails coming to their domain... (slofit.si). Ok, no problem, a virtual mail domain... But no, they had to go ask their internet provider first, and what they did is forward all mail for this domain (slofit.si) into a single mailbox!?!. So the company has been using this setup for some time (haven't got the faintest idea for how long) and now they are asking me to fix this, but they still want to use this single mailbox at their internet providers server. They are using a dialup link, so I was thinking of setting up a qmail server on a local machine and allowing mail from the local network to be relayed outwards... This is all well, but what about the incoming mail? My idea is: Get the mails from the mailbox and inject them into qmail... Is this possible? I dont really have the time to test this and try it out, so I hope someone will have some info for me... Thanks, Goran The documentation said to install Windows NT 4.0 or better - so I installed Linux 2.2.13!
Re: What a mess...
Sounds like a job for fetchmail unless the ISP offers ETURN services. fetchmail connects to a remote POP server (so that it can slurp all the mail for a single mailbox) and reinjects it into your local mail system. It's not necessarily perfect depending on the ISPs mail system (especially wrt retrieving envelope info) but it's better than nothing if you have no choice. Mark. On Fri, Aug 04, 2000 at 08:22:13PM +0200, Goran Blazic wrote: Hi... I have a problem for wich I haven't got a clue on where to start looking for a possible sollution... There is this company that wanted to have mails coming to their domain... (slofit.si). Ok, no problem, a virtual mail domain... But no, they had to go ask their internet provider first, and what they did is forward all mail for this domain (slofit.si) into a single mailbox!?!. So the company has been using this setup for some time (haven't got the faintest idea for how long) and now they are asking me to fix this, but they still want to use this single mailbox at their internet providers server. They are using a dialup link, so I was thinking of setting up a qmail server on a local machine and allowing mail from the local network to be relayed outwards... This is all well, but what about the incoming mail? My idea is: Get the mails from the mailbox and inject them into qmail... Is this possible? I dont really have the time to test this and try it out, so I hope someone will have some info for me... Thanks, Goran The documentation said to install Windows NT 4.0 or better - so I installed Linux 2.2.13!
Re: What a mess...
I believe procmail does this. I do not use it, but I remember reading it in a document somewhere. I would try there. Darrell Wright - Original Message - From: "Goran Blazic" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, August 04, 2000 2:22 PM Subject: What a mess... : Hi... : : I have a problem for wich I haven't got a clue on where to start looking for : a possible sollution... : There is this company that wanted to have mails coming to their domain... : (slofit.si). Ok, no problem, a virtual mail domain... But no, they had to go : ask their internet provider first, and what they did is forward all mail for : this domain (slofit.si) into a single mailbox!?!. : So the company has been using this setup for some time (haven't got the : faintest idea for how long) and now they are asking me to fix this, but they : still want to use this single mailbox at their internet providers server. : They are using a dialup link, so I was thinking of setting up a qmail server : on a local machine and allowing mail from the local network to be relayed : outwards... This is all well, but what about the incoming mail? : : My idea is: Get the mails from the mailbox and inject them into qmail... Is : this possible? I dont really have the time to test this and try it out, so I : hope someone will have some info for me... : : Thanks, Goran : : The documentation said to install Windows NT 4.0 or better - so I installed : Linux 2.2.13! :
Re: Problems w/ pop3
On Fri, Aug 04, 2000 at 02:00:24PM -0400, Adam McKenna wrote: Some people where I work use pop3 at home and at work. When they check their mail from home, they are leaving the messages on the server. The problem happens when they get to work the next day. Apparently, when using the old pop3 server, messages they had already downloaded from home were marked "read". But now, with qmail-pop3d, they show up as "unread" when the people come into work. Anyone know why this problem happens? I assume it is some POP3 feature/extension that qmail-pop3d doesn't support. By the way, the people complaining are using Eudora. I encountered the same problem. qmail-pop3d does not support the (deprecated) LAST command. Instead, it generates a unique ID for each message which it sends in response to the UIDL command. This is supposed to be cached by the client and used to figure out which messages it has already read. The idea was to remove the 'state' onus from the server and give it to the client. No solution, realy. Tell 'em if they want to leave mail on the server, use a protocol designed for that, like IMAP. Or find a client that correctly implements the POP3 protocol. Ben -- Ben Beuchler [EMAIL PROTECTED] MAILER-DAEMON (612) 321-9290 x101 Bitstream Underground www.bitstream.net
Re: What a mess...
Goran Blazic [EMAIL PROTECTED] wrote: I have a problem for wich I haven't got a clue on where to start looking for a possible sollution... [...] My idea is: Get the mails from the mailbox and inject them into qmail... Is this possible? I dont really have the time to test this and try it out, so I hope someone will have some info for me... Other people have mentioned fetchmail; that can work. You might also try my own 'fetchmail' -- it has support for domain mailboxes, and delivers into Maildirs or mboxes. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: What a mess...
Following up on my own reply, I wrote: You might also try my own 'fetchmail'... Of course, I meant "my own 'getmail'". My bad. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
filter by subject and deliver elsewhere
http://www.ornl.gov/its/archives/mailing-lists/qmail/2000/06/msg00284.html The above link sends one to a script that filters based on subject. It bounces the mail. I, however, wish to instead forward this email to an alternative Maildir. How might I do that? mike. ___ Why pay for something you could get for free? NetZero provides FREE Internet Access and Email http://www.netzero.net/download/index.html
Re: domain splitting
Thanks, but my real concern is that all the mail NOT go through a SINGLE mail server (in terms of bandwithd). If I do what you suggested [EMAIL PROTECTED] still has to go through location A (the full message, including attachements has to be received at that location) which means that it becomes a bandwidth bottle-kneck (and since there will be many locations all with very little bandwidth supporting a large organization this can be a problem). At least that's how I understand it -- if you know some way that location A could tell the outside server just to route directly to location B, that's what I'm really looking for (sort of a SMTP user-based server resolution). Please correct me if I misunderstood what you said or if it doens't require full mail routing through location A. By the way, an entirely qmail solution shouldn't be a problem since the my clients seem to like the idea of linux and I am a big fan of qmail ;- Thanks anyway, Sheer On Fri, 4 Aug 2000, Russell Nelson wrote: Sheer El-Showk writes: I would like to host mail for a single domain (ie all users should be [EMAIL PROTECTED]) on several (geographically distributed) machines, with users in each area receiving their mail at the local mail sever. The hard part is, as bandwidth is a limiting issue, I don't want all the mail to be forwarded through a single host (eg if user1 at location A is sending a 5 MB attachement to user2 at location B, I don't want that to have to bounce off some central mail sever at location C). This means that all the mail servers serve the same domain name but have to be distinguishable (via DNS or sonmething sendmail does) by users served. Qmail lets you implement this using virtualdomains. You can virtualize a domain on a per-use basis. So tell the qmail running at location A that [EMAIL PROTECTED] is actually [EMAIL PROTECTED] Unfortunately, both sites A and B have to be running qmail and must be configured with the user table. There's no global way to do what you want. I suggest that you colocate the central mail server somewhere where there's plenty of bandwidth, and configure it with the user table. -- -russ nelson [EMAIL PROTECTED] http://russnelson.com | If you think Crynwr sells support for free software | PGPok | health care is expensive now 521 Pleasant Valley Rd. | +1 315 268 1925 voice | now, wait until you see Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | what it costs when it's free.
Re: domain splitting
From: Sheer El-Showk [EMAIL PROTECTED] Date: Fri, 4 Aug 2000 21:13:32 + (WET) Thanks, but my real concern is that all the mail NOT go through a SINGLE mail server (in terms of bandwithd). If I do what you suggested [EMAIL PROTECTED] still has to go through location A (the full message, including attachements has to be received at that location) which means that it becomes a bandwidth bottle-kneck (and since there will be many locations all with very little bandwidth supporting a large organization this can be a problem). At least that's how I understand it -- if you know some way that location A could tell the outside server just to route directly to location B, that's what I'm really looking for (sort of a SMTP user-based server resolution). Please correct me if I misunderstood what you said or if it doens't require full mail routing through location A. By the way, an entirely qmail solution shouldn't be a problem since the my clients seem to like the idea of linux and I am a big fan of qmail ;- This is doable as long as you find some reasonably automated way to maintain the .qmail files that forward the users identically everywhere. Make domain.com a virtual domain at all locations. Tell qmail at all locations that [EMAIL PROTECTED] is really [EMAIL PROTECTED] and [EMAIL PROTECTED] is really [EMAIL PROTECTED] and so on. Point MX records equally at all your locations. The outside world will send the mail to one of your hosts which will then forward it to where you really want it. I'd probably maintain the .qmail-domain-* files for the virtual domain in one central location and then rsync or rdist them to all the servers at the same time. Also, I think qmail-ldap has a facility for doing this more magically out of LDAP. Chris On Fri, 4 Aug 2000, Russell Nelson wrote: Sheer El-Showk writes: I would like to host mail for a single domain (ie all users should be [EMAIL PROTECTED]) on several (geographically distributed) machines, with users in each area receiving their mail at the local mail sever. The hard part is, as bandwidth is a limiting issue, I don't want all the m ail to be forwarded through a single host (eg if user1 at location A is sending a 5 MB attachement to user2 at location B, I don't want that t o have to bounce off some central mail sever at location C). This means that all the mail servers serve the same domain name but have to be distinguishable (via DNS or sonmething sendmail does) by users served. Qmail lets you implement this using virtualdomains. You can virtualize a domain on a per-use basis. So tell the qmail running at location A that [EMAIL PROTECTED] is actually [EMAIL PROTECTED] Unfortunately, both sites A and B have to be running qmail and must be configured with the user table. There's no global way to do what you want. I suggest that you colocate the central mail server somewhere where there's plenty of bandwidth, and configure it with the user table. -- -russ nelson [EMAIL PROTECTED] http://russnelson.com | If you think Crynwr sells support for free software | PGPok | health care is expensiv e now 521 Pleasant Valley Rd. | +1 315 268 1925 voice | now, wait until you see Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | what it costs when it's free. -- Chris Garrigues http://www.DeepEddy.Com/~cwg/ virCIO http://www.virCIO.Com 4314 Avenue C Austin, TX 78751-3709 +1 512 374 0500 My email address is an experiment in SPAM elimination. For an explanation of what we're doing, see http://www.DeepEddy.Com/tms.html Nobody ever got fired for buying Microsoft, but they could get fired for relying on Microsoft. PGP signature
Re: Anti Virus
Michael T. Babcock [EMAIL PROTECTED] writes on 4 August 2000 at 10:02:54 -0400 I beg you to cite the place where this list abides by these "Age-old standards". I've cited some standards about mailing lists to people before -- but usually along the lines of "don't quote 100 lines and give only 1 of your own" or "don't use 10 line signatures". I don't complain about whether my mail reader is only intelligent enough to recognise "-- " as a leader to a signature instead of "--" or "- Michael" ... Signature is pretty well-defined, and "-- " is the delimiter. Stuff that uses other delimiters breaks all sorts of archiving and reply software. That, and I much prefer to put my statements above the quoted text if my statement deals with the entirety of the comment (not just segments, as yours was), so that anyone following the list can quickly read what I have to say without scrolling. I wish you wouldn't. When I then respond to various paragraphs of your text, the resulting sequence is very confusing -- or would be if I didn't take the trouble to reorder your message first. -- Photos: http://dd-b.lighthunters.net/ Minicon: http://www.mnstf.org/minicon Bookworms: http://ouroboros.demesne.com/ SF: http://www.dd-b.net/dd-b David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED]
tcpserver hanging
Does anyone know why tcpserver would do this? It seems to be randomly hanging on incoming connections, about 1 in every 10: Connection closed by foreign host. adam@orbicus:~$ telnet localhost 110 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK 25910.965424763@orbicus quit +OK Connection closed by foreign host. adam@orbicus:~$ telnet localhost 110 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK 25912.965424764@orbicus quit +OK Connection closed by foreign host. [a bunch more times] then... randomly, this will happen: adam@orbicus:~$ telnet localhost 110 Trying 127.0.0.1... [hangs] Logs show nothing out of the ordinary: @4000398b36852712097c tcpserver: status: 1/40 @4000398b368527154d6c tcpserver: pid 25910 from 127.0.0.1 @4000398b3685271c9c84 tcpserver: ok 25910 localhost:127.0.0.1:110 :127.0.0.1::3755 @4000398b368605ccc39c tcpserver: end 25910 status 256 @4000398b368605cd486c tcpserver: status: 0/40 @4000398b36861a2ae01c tcpserver: status: 1/40 @4000398b36861a324a8c tcpserver: pid 25912 from 127.0.0.1 @4000398b36861a39dc0c tcpserver: ok 25912 localhost:127.0.0.1:110 :127.0.0.1::3757 @4000398b368633f6a29c tcpserver: end 25912 status 256 @4000398b368633f7276c tcpserver: status: 0/40 Here is the command I'm using to run tcpserver: adam@orbicus:~$ cat /var/qmail/supervise/qmail-popup/run #!/bin/sh PATH=$PATH:/var/qmail/bin:/usr/local/bin exec /usr/local/bin/softlimit -m 200 \ tcpserver -R -H -v -x/etc/tcp.pop3.cdb -u0 0 110 qmail-popup orbicus /bin/checkpassword qmail-pop3d Maildir 21 Any ideas? I've already recompiled both qmail and ucspi-tcp. We had some disk problems recently so I wanted to make sure they weren't damaged somehow. --Adam
/var/qmail/rc
I've installed qmail from the FreeBSD ports collection, and I'm trying to get it going... so when reading the help documents, I see references to /var/qmail/rc. I don't see this file. I even checked in the distribution tarball, and I don't see this file. Is there something I'm missing?
Re: /var/qmail/rc
On Fri, Aug 04, 2000 at 03:13:26PM -0700, James wrote: I've installed qmail from the FreeBSD ports collection, and I'm trying to get it going... so when reading the help documents, I see references to /var/qmail/rc. I don't see this file. I even checked in the distribution tarball, and I don't see this file. Is there something I'm missing? Yup. In the file named "INSTALL" on line 24 it says: 8. Copy /var/qmail/boot/home (or proc) to /var/qmail/rc. That should take care of it. Ben -- Ben Beuchler [EMAIL PROTECTED] MAILER-DAEMON (612) 321-9290 x101 Bitstream Underground www.bitstream.net
Re: domain splitting
On Fri, Aug 04, 2000 at 09:13:32PM +, Sheer El-Showk wrote: Thanks, but my real concern is that all the mail NOT go through a SINGLE mail server (in terms of bandwithd). If I do what you suggested I don't think it's possible to avoid that. Which server mail is sent to is a function of DNS, not mail server configuration. The only way an MTA has of knowing where to send a piece of mail is by looking up an MX record for it. It can only look up based on domain. DNS does not know anything about users and should not. So. Your only real option is to have a single mail server accepting mail and then distribute it to other servers. This does not fix your bandwidth problem. But, with a little research you can find one of several ways to use the primary mail server only as a way to accept inbound mail and then redistribute it to any one of several other mail servers based on multiple criteria. Ben -- Ben Beuchler [EMAIL PROTECTED] MAILER-DAEMON (612) 321-9290 x101 Bitstream Underground www.bitstream.net
Re: domain splitting
On Fri, Aug 04, 2000 at 05:25:46PM -0500, Ben Beuchler wrote: On Fri, Aug 04, 2000 at 09:13:32PM +, Sheer El-Showk wrote: Thanks, but my real concern is that all the mail NOT go through a SINGLE mail server (in terms of bandwithd). If I do what you suggested I don't think it's possible to avoid that. Which server mail is sent to is a function of DNS, not mail server configuration. The only way an MTA has of knowing where to send a piece of mail is by looking up an MX record for it. It can only look up based on domain. DNS does not know anything about users and should not. So. Your only real option is to have a single mail server accepting mail and then distribute it to other servers. This does not fix your bandwidth problem. But, with a little research you can find one of several ways to use the primary mail server only as a way to accept inbound mail and then redistribute it to any one of several other mail servers based on multiple criteria. What about having two servers with the same MX priority? That should work. adam@spotted:~$ dig earthlink.net mx ; DiG 8.2 earthlink.net mx ;; res options: init recurs defnam dnsrch ;; got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 4 ;; flags: qr rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 0 ;; QUERY SECTION: ;; earthlink.net, type = MX, class = IN ;; ANSWER SECTION: earthlink.net. 0S IN MX5 mx09.earthlink.net. earthlink.net. 0S IN MX5 mx00.earthlink.net. earthlink.net. 0S IN MX5 mx01.earthlink.net. earthlink.net. 0S IN MX5 mx02.earthlink.net. earthlink.net. 0S IN MX5 mx03.earthlink.net. earthlink.net. 0S IN MX5 mx04.earthlink.net. earthlink.net. 0S IN MX5 mx05.earthlink.net. earthlink.net. 0S IN MX5 mx06.earthlink.net. earthlink.net. 0S IN MX5 mx07.earthlink.net. earthlink.net. 0S IN MX5 mx08.earthlink.net. --Adam
RE: domain splitting
If you wish to load balance mail through several servers, then just use a load balancing scheme like through red hats new product, though I forget its name, or use a cisco loaddirector or an F5 BigIP or any number of farm solutions. Each server can have a copy of the user table and route to the appropriate mail servers as needed. Bottleneck Eliminated. (two server addresses on the same MX priority is not as configurable or reliable as the load balancing hardware) "Nothing eliminates stress like having auto-redundant systems" - me as a network administrator David -Original Message- From: Sheer El-Showk [mailto:[EMAIL PROTECTED]] Sent: Friday, August 04, 2000 2:14 PM To: Russell Nelson Cc: [EMAIL PROTECTED] Subject: Re: domain splitting Thanks, but my real concern is that all the mail NOT go through a SINGLE mail server (in terms of bandwithd). If I do what you suggested [EMAIL PROTECTED] still has to go through location A (the full message, including attachements has to be received at that location) which means that it becomes a bandwidth bottle-kneck (and since there will be many locations all with very little bandwidth supporting a large organization this can be a problem). At least that's how I understand it -- if you know some way that location A could tell the outside server just to route directly to location B, that's what I'm really looking for (sort of a SMTP user-based server resolution). Please correct me if I misunderstood what you said or if it doens't require full mail routing through location A. By the way, an entirely qmail solution shouldn't be a problem since the my clients seem to like the idea of linux and I am a big fan of qmail ;- Thanks anyway, Sheer On Fri, 4 Aug 2000, Russell Nelson wrote: Sheer El-Showk writes: I would like to host mail for a single domain (ie all users should be [EMAIL PROTECTED]) on several (geographically distributed) machines, with users in each area receiving their mail at the local mail sever. The hard part is, as bandwidth is a limiting issue, I don't want all the mail to be forwarded through a single host (eg if user1 at location A is sending a 5 MB attachement to user2 at location B, I don't want that to have to bounce off some central mail sever at location C). This means that all the mail servers serve the same domain name but have to be distinguishable (via DNS or sonmething sendmail does) by users served. Qmail lets you implement this using virtualdomains. You can virtualize a domain on a per-use basis. So tell the qmail running at location A that [EMAIL PROTECTED] is actually [EMAIL PROTECTED] Unfortunately, both sites A and B have to be running qmail and must be configured with the user table. There's no global way to do what you want. I suggest that you colocate the central mail server somewhere where there's plenty of bandwidth, and configure it with the user table. -- -russ nelson [EMAIL PROTECTED] http://russnelson.com | If you think Crynwr sells support for free software | PGPok | health care is expensive now 521 Pleasant Valley Rd. | +1 315 268 1925 voice | now, wait until you see Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | what it costs when it's free.
Softgoods payload app using PayPal and qmail?
Should I use qmail for this application? I was going to write it in PHP. Qmail looks interesting, but I have zero experience with it. I want customers to e-mail money to my website, and my website automatically e-mails them a file (text, photo, MP3, etc.). I want to use PayPal to handle the credit card transaction. There are e-commerce applications that can do "softgoods payload delivery," e.g. Hazel. But these applications are much bigger than I need. If I use PayPal, I don't need credit card processing. Security concerns are simpler. I don't need hardgoods processing, shopping carts, etc. Plus, PayPal has zero transaction fees. Wells Fargo charges me up to 12% for small credit card transactions. My plan is to write a PHP script to parse the e-mail that PayPal sends to the seller. PayPal sends an e-mail to the seller saying, "[EMAIL PROTECTED] has paid you $3 and attached this note: 'I want gilliananderson.jpg.'" I was going to parse that e-mail into "[EMAIL PROTECTED], $1, gilliananderson.jpg" and then send out the photo to that address. Comments, suggestions? Would this be easier to do in qmail or in PHP? Can I hire a qmail consultant to write this for me? -- Thomas David KehoeCasa Futura Technologies http://www.FriendshipCenter.com Stuttering Science Therapy Website The free penpals database forhttp://www.fluencydevices.com individuals with disabilities. (888) FLU-ENCY
Re: Softgoods payload app using PayPal and qmail?
From: Thomas David Kehoe [EMAIL PROTECTED] Date: Fri, 04 Aug 2000 16:40:38 -0700 Comments, suggestions? Would this be easier to do in qmail or in PHP? umm, qmail isn't a programming language. qmail could call a php script (or a perl script or a c program) which would do this. qmail is a replacement for sendmail. Chris -- Chris Garrigues http://www.DeepEddy.Com/~cwg/ virCIO http://www.virCIO.Com 4314 Avenue C Austin, TX 78751-3709 +1 512 374 0500 My email address is an experiment in SPAM elimination. For an explanation of what we're doing, see http://www.DeepEddy.Com/tms.html Nobody ever got fired for buying Microsoft, but they could get fired for relying on Microsoft. PGP signature
Re: domain splitting
Sheer El-Showk writes: Thanks, but my real concern is that all the mail NOT go through a SINGLE mail server (in terms of bandwithd). If I do what you suggested [EMAIL PROTECTED] still has to go through location A (the full message, including attachements has to be received at that location) which means that it becomes a bandwidth bottle-kneck (and since there will be many locations all with very little bandwidth supporting a large organization this can be a problem). At least that's how I understand it -- if you know some way that location A could tell the outside server just to route directly to location B, that's what I'm really looking for (sort of a SMTP user-based server resolution). Please correct me if I misunderstood what you said or if it doens't require full mail routing through location A. You can't get the rest of the world to send mail to a single domain except by going to the host that accepts mail for that domain. But within your domain, you can split it any way you want. You could use LDAP, you could use the DNS, you could use fastforward, you could use a bunch of .qmail files. Personally, I'd use the DNS. It's an efficient, scalable, secure (well, okay, it's secure if you use djbdns), cross-host, cross-platform database. Just do this: echo 'example.com:alias-example' /var/qmail/control/virtualdomains echo '|forward $EXT2@$EXT2.example.com' Then set up a bunch of DNS records that point to the host with that user's mailbox. -- -russ nelson [EMAIL PROTECTED] http://russnelson.com | If you think Crynwr sells support for free software | PGPok | health care is expensive now 521 Pleasant Valley Rd. | +1 315 268 1925 voice | now, wait until you see Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | what it costs when it's free.
Re: Softgoods payload app using PayPal and qmail?
Thomas David Kehoe [EMAIL PROTECTED] writes on 4 August 2000 at 16:40:38 -0700 Comments, suggestions? Would this be easier to do in qmail or in PHP? Can I hire a qmail consultant to write this for me? I find the "qmail or PHP" question confusing. For a moderate volume (and you say you don't need some of the more heavy-duty commercial softgoods payload delivery systems), I'd write a CGI in something like Perl, or use PHP, or use ColdFusion if I already had it on my server, or something like that. And then I'd use whatever MTA was installed on the server to accept and deliver the incoming, and to dispatch the outgoing. Qmail is a fine choice for MTA; it's fast, reliable, secure, and easy to interface to from a CGI application. If there's no MTA currently installed, or if it's time for a change, qmail would be a good choice. I'm sure you can hire a consultant to write this for you. I'd look for web expertise more than qmail expertise, since the interface to whatever MTA you use isn't particularly the hard part. If you're setting up the server yourself you might want a qmail consultant to get the whole mail handling thing set up for you, and finding somebody who can do both parts might be more convenient for you. -- Photos: http://dd-b.lighthunters.net/ Minicon: http://www.mnstf.org/minicon Bookworms: http://ouroboros.demesne.com/ SF: http://www.dd-b.net/dd-b David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED]
Re: tai64n -- why?
David Dyer-Bennet [EMAIL PROTECTED] writes: Yes, when I first looked at it. As is often the case with Dan, I just disagree. It's not straight text in the sense I mean; it's not human readable. Of all the strange choices Dan's made that I've encountered in working with qmail, this is the first one that I fail completely to understand. All the others, I see the tradeoffs and I see why he chose as he did, even if I might have chosen otherwise. This one makes zero sense. It's non-functional. It doesn't connect to the way I work. syslog timestamps are amazingly annoying to try to parse. TAI64 is trivial to parse. This is a significant improvement. ISO date/time format would also have been easy to parse, and I would have been slightly happier with that, but TAI64 is definitely a *huge* improvement over syslog if you want to do anything at all automated with the logs. -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/
Re: Now redhat's mailling lists have been removed to mailman and postfix
Irwan Hadi [EMAIL PROTECTED] writes: , PayPal/Confinity, Red Hat's mailing lists, Hypermart.net, Casema, ^^ Rediffmail.co.in, Topica, MyNet.com.tr, FSmail.net, and vuurwerk.nl. at www.qmail.org/top.html should be removed right ? It can be replaced with all of the Perl development mailing lists, all of which are using ezmlm-idx. -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/
Re: Editing error messages
Bryan Ischo wrote: The people who read bounce mails are typically those who sent it, which, 99% of the time, is a person who is completely unfamiliar with mail systems. To them, something like, "You cannot sent mail to that site using this mail server", or somesuch, would be less confusing and more personable. Another possibility is putting personal, domain-specific info into the bounce messages, like who to contact for help, etc... Eric
Problems whith scan4virus
Hi all !!! I have installed perl based programm Scan4virus from Jason Haar but I have problems whith execute this program. When I try execute I get next message == www:/var/qmail/bin# ./antivirus-qmail-queue.pl -t YOU HAVEN'T DISABLED SET-ID SCRIPTS IN THE KERNEL YET! FIX YOUR KERNEL, PUT A C WRAPPER AROUND THIS SCRIPT, OR USE -u AND UNDUMP! == What can I do ? -- Best regards, Kornyakov mailto:[EMAIL PROTECTED]
Unable to create pipe
I get a lot of errors like this in the qmail logs : delivery 4770: deferral: qmail-spawn_unable_to_create_pipe._(#4.3.0)/ How can I solve this ?, I readed the FAQ and mailling list archives but I can't find this. Thanks RDA.-