Re: Anti Virus

[Robin S. Socha]

* Brett Randall <[EMAIL PROTECTED]> writes:
> From: Noel Mistula [mailto:[EMAIL PROTECTED]]
>> From: Brett Randall <[EMAIL PROTECTED]>
>>> From: Brett Randall [mailto:[EMAIL PROTECTED]]

Dear Brett and Randall,

your way of quoting *may* be convenient for you. It is, however, annoying
for probably everyone else (particularly people not reading your "threads"
in a row. It also adds a *massive* amount of unnecessary overhead. May I
suggest your grabbing a copy - really, just about any - of the netiquette
and fixing your mail toys?

 Our organisation has an NT (sorry :> ) box which acts as the
 primary MX server for our domain. All mail goes to it and gets
 scanned via the (brilliant, automatic, no-maintenance) Norton
 Antivirus Enterprise software 

So you are basically advocating running a piece of exremely expensive
software with a mixed track record of functionality, running on an
unstable, expensive and insecure operating system for production
services?

 (worth a little money but what is your company's data worth to
 you?).

My company is worth enough to me not to trust closed-source, proprietary
software from a foreign country. Particularly since I've seen NT send
encrypted emails to a firewall in the MS network after installation. Thank
you very much.

 It then just relays it on to the internal mail machine (via an MX
 lookup in the internal DNS for the same domain as the e-mail was
 sent to). We route several domains through the one server, and it
 works like a dream!

Can you - in simple terms so a mere user like me can understand -
explain to me what the advantage of this setup is over, say, RedHat
Linux with Trend Micro's VirusWall (if you think you absolutely must
rely on software you bought instead of the vast array of free software
offering the same functionality but having the advantage of being open
sourced)?

>>> But then again, scripts kiddies are "Always" one step ahead compared
>>> to the dat files of your beautiful Norton Enterprise Antivirus.

>> Sorry, forgot to add that we use Norton Antivirus as a 'plug-in' for the
>> Lotus Notes e-mail server on our internet-viewable SMTP machine. 

So, you're not only running an unstable OS but also an extremely
flaky, bug-ridden MTA, and you actually have this setup connected to
the internet. May I ask what your company is worth *to you*?

>> This of course adds the possibility of much more functionality, which
>> we use as if it was sand on the beach in summer, but that's up to
>> your organisation's needs :>

It's more up to one's TCO calculations, isn't it? So, you're not only
running an unstable OS but also an extremely flaky, bug-ridden MTA, have
this setup connected to the internet, but also throw in more money to
buy unneeded functionality that is likely to introduce more bugs. Can
you explain your rationale, please?

> True, and I shouldn't have recommended Norton Enterprise without the
> use of some other filtering software to hold back the yucky vbs, sh,
> ... files, 

Wow, we're finally back on topic... *sigh* I'd like to thank Noel
G. Mistula again for his little script. Works. What was the advantage of
running an expensive peace of feature-ridden software from a dubious
source again?

> but even then our organisation (and how many others?)  deals with
> corporations from all over the world who do various bits of work for
> us - art, programming, web site design... 

You seem not to have grasped the concept of "service" yet. It goes like
this: "you want my money? Here's a list of files we don't accept for
security reasons. Basically everything that says Microsoft is, like,
no-no. Got it? No? Here's our public security policy describing the
conversion of your files to safe formats. Use it or learn to fear me."

> I guess corporate policy and training is the best solution 

It can be. If you add a little spice. Like "in violating our securiy
policy, you're jeopardizing your colleagues' work and the reputation of
the entire company and therefore make yourself subject to immediate
sacking". I've seen this policy at work (first in an Ohio non-profit
organization of all places) and it, well, works. /Telling/ people that
everything Windows is Hiroshima waiting to happen to their company is
not enough - you need to create a personal interest in these matters.

It took a blatant display of arrogance and a lot of security "hype" but
that's how I prevented NT/MS-Exchange to happen on our mailserver. I'm now
running OpenBSD http://www.openbsd.org/ and qmail - everyone's *extremely*
pleased with the result. qmail and DJB's other software as well as the
software submitted by various people are simply excellent. I'd like to
take the opportunity to express my heartfelt gratefulness for providing a
stable, secure and [...] mail environment.

> but a combo of good anti-virus software and good filtering software

I've said it once and I'll say it again: anti-virus software is snake
oil. Under certain circumstances

Re: Anti Virus

[Adam McKenna]

On Fri, Aug 04, 2000 at 10:17:41AM +0200, Robin S. Socha wrote:
> your way of quoting *may* be convenient for you. It is, however, annoying
> for probably everyone else (particularly people not reading your "threads"
> in a row. It also adds a *massive* amount of unnecessary overhead. May I
> suggest your grabbing a copy - really, just about any - of the netiquette
> and fixing your mail toys?

For christ sake, leave the guy alone.  IMHO your incessant personal attacks 
are way more annoying than his quoting style.

--Adam

Mail archive

[Iain Smith]

Hi there,
I need a way of archiving a copy of all mail that is delivered by
qmail - something I used to do with postfix using 'always bcc' Whats the
best way of doing this?
BTW, I'm using 1.03 & vpopmail 4.8.7.

Cheers

   Iain Smith

Re: Mail archive

[Petr Novotny]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 4 Aug 00, at 9:33, Iain Smith wrote:

> I need a way of archiving a copy of all mail that is delivered by
> qmail - something I used to do with postfix using 'always bcc' Whats
> the best way of doing this?

FAQ #8.2 (less /var/qmail/doc/FAQ)

-BEGIN PGP SIGNATURE-
Version: PGP 6.0.2 -- QDPGP 2.60 
Comment: http://community.wow.net/grt/qdpgp.html

iQA/AwUBOYp5KVMwP8g7qbw/EQLWHwCgjj3g5TAyZ66upaS4i44skQNpi7MAn0PN
GLbNY2EpbhcypDnVSpm1SRZK
=b/za
-END PGP SIGNATURE-
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
 [Tom Waits]

How I can turn off delivery for user ?

[Kornyakov Yevgeny]

Hello
How I can turn off delivery for user ?
I use procmail, and if "| preline procmail" line is exist in the .qmail
file, I get two identical letters.
First letter from qmail delivery
Second letter from procmail delivery
I need use only procmail delivery.
Thanks.

qmail Digest 4 Aug 2000 10:00:00 -0000 Issue 1083

[qmail-digest-help]

qmail Digest 4 Aug 2000 10:00:00 - Issue 1083

Topics (messages 46072 through 46127):

Creation of /Maildir/user/ instead of ~/Maildir
46072 by: Thomas Fahle
46076 by: Brett Randall

Re: trouble injecting bounce message
46073 by: Joel Gautschi

Re: Mailing list performance
46074 by: P.Y. Adi Prasaja
46077 by: Dave Sill
46078 by: Dave Sill
46113 by: P.Y. Adi Prasaja

Anti Virus
46075 by: Slider
46079 by: Robin S. Socha
46080 by: Slider
46088 by: Alexander Pennace
46089 by: Robin S. Socha
46090 by: Robin S. Socha
46100 by: Noel Mistula
46101 by: Jason Haar
46102 by: Noel Mistula
46115 by: Eric Cox
46119 by: Brett Randall
46120 by: Brett Randall
46121 by: Noel Mistula
46122 by: Brett Randall
46123 by: Robin S. Socha
46124 by: Adam McKenna

qmail - cyrus
46081 by: Wolfgang Wagner
46082 by: Greg Owen

Re: qmail+mrtg+multilog mods
46083 by: Cedric Fontaine
46085 by: Magnus Bodin
46096 by: Peter Green

Re: source rpm
46084 by: Charles Cazabon

backup of server is timing out
46086 by: Albert Hopkins
46087 by: Albert Hopkins

Re: updated load balancing qmail-qmqpc.c mods
46091 by: Frank D. Cringle

Problems with qmail startup on OpenBSD 2.7/Intel
46092 by: Charles Roten
46093 by: Greg Owen

Re: maildirmake
46094 by: Eddie Greer

Now redhat's mailling lists have been removed to mailman and postfix
46095 by: Irwan Hadi
46099 by: Robin S. Socha
46112 by: Irwan Hadi

Configuring a "Store-and-Forward" backup qmail server
46097 by: Charles Roten
46098 by: James Raftery
46103 by: James R Grinter
46104 by: James R Grinter
46105 by: David Dyer-Bennet

sslwrap problems
46106 by: Adam McKenna
46107 by: Ian Lance Taylor
46108 by: Adam McKenna

Maildir archiving
46109 by: Michael T. Babcock
46110 by: Ben Beuchler
46111 by: Ben Beuchler

Re: duplicating sendmail's virtusertable
46114 by: Sam Carleton
46116 by: David Dyer-Bennet

using fetchmail on qmail machine
46117 by: Vincent Danen
46118 by: Peter Green

Mail archive
46125 by: Iain Smith
46126 by: Petr Novotny

How I can turn off delivery for user ?
46127 by: Kornyakov Yevgeny

Administrivia:

To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]

To subscribe to the digest, e-mail:
[EMAIL PROTECTED]

To bug my human owner, e-mail:
[EMAIL PROTECTED]

To post to the list, e-mail:
[EMAIL PROTECTED]


--



Hello all,


I've come to a point where I'm stuck, and need some help.

I have a separate partion called /Maildir on my LinuxBox.

I want qmail to make the maildirs for each user below /Maildir
eg. /Maildir/joedoe/Maildir instead of /home/joedoe/Maildir




tia


Thomas













Ummm...why? Do the users store other information in their home folders? Why
not just put all the home folders in the seperate partition? But, forsaking
that, just make the .qmail file in each user's home directory point to
/Maildir/user (or did you really want /Maildir/user/Maildir? If so, I ask
the same question as above?). Will need a slight modification of the adduser
script (I totally rewrite mine for each new situation) so that it writes the
.qmail file relevantly instead of the generic one found in /etc/skel.

BTW If you put all the home folders in the seperate partition (advised for
simplicity), remember to change the folder names in /etc/passwd
(obviously...) A simple perl script could do this pretty easily. eg:

#!/usr/bin/perl -w
while (<>) {
s!/home/(\W+)\:!/Maildir/\1\:!g;
print;
}

Then a 'cat /etc/passwd | script > /etc/passwd~'

Check passwd~ and make sure it looks ok, then overwrite the old one. Easier
is just to literally move the /home folder to the new partition and mount it
as /home though.

Manager
InterPlanetary Solutions
http://ipsware.com/



> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
> Behalf Of Thomas Fahle
> Sent: Thursday, August 03, 2000 8:14 PM
> To: [EMAIL PROTECTED]
> Subject: Creation of /Maildir/user/ instead of ~/Maildir
>
>
> Hello all,
>
>
> I've come to a point where I'm stuck, and need some help.
>
> I have a separate partion called /Maildir on my LinuxBox.
>
> I want qmail to make the maildirs for each user below /Maildir
> eg. /Maildir/joedoe/Maildir instead of /home/joedoe/Maildir
>
>
>
>
> tia
>
>
> Thomas
>
>
>
>
>
>
>
>
>





thanks for your help. I've just found out another way to fix this problem. I
used the queue-fix (http://www.netmeridian.com/e-huss/queue-fix.tar.gz)
program by Eric Huss.
It repairs or generates a qmail queue structure. You can use this to hel

Re: using fetchmail on qmail machine

[Chris, the Young One]

On Fri, Aug 04, 2000 at 12:34:27AM -0400, Peter Green wrote:
! I don't know if it's the ``normal'' behavior, but I have localhost in my
! control/locals with the identical setup to you.

$ grep localhost /var/qmail/control/locals
localhost

Yep, it's there. From a casual perusal of config.sh in the qmail package
it can be seen that it calls a program to get the IP addresses of all
interfaces, then puts their PTR lookups into control/locals.

Unless you lack a loopback interface :-) I believe that localhost should
be in control/locals, at least by default.

---Chris K.
-- 
 Chris, the Young One |_ If you can't afford a backup system, you can't 
  Auckland, New Zealand |_ afford to have important data on your computer. 
http://cloud9.hedgee.com/ |_ ---Tracy R. Reed  
 PGP: 0xCCC6114E/0x706A6AAD |_ 

Newbie help: qmail as a relay gateway

[Leonard Tulipan]

First of: I'm a newbie both to sendmail & qmail. (Read: don't flame me for
my stupidity)

The only thing I really achieved was compiling the packages (both sendmail &
qmail seem to "work" fine in a sense that all the test complete successful)

If you can point me to the correct URLS or Steps I have to do, I'd be more
than grateful, for I have been assigned this project without really knowing
anything.

We currently have this setup:


internal MS Exchange Server
  I
firewall (Linux-box with sendmail)
 I
access router
 I 
Internet

So our sendmail (apparently) does: relay all email to
@bsbanksysteme.com/de/at/ch or @bs-ag.com/de/at to our Exchange Server and
that server relays all outgoing mail to the firewall which sends it.

Since I don't know how that configuration is called (authorized-relay? I
realy don't know) I don't know which questions of the faq realy apply to me.

Please help me out of my misery because I sincerely do hate sendmail.

Ciao
Leo

Re: Anti Virus

[Paul Schinder]

At 4:20 AM -0400 8/4/00, Adam McKenna wrote:
>On Fri, Aug 04, 2000 at 10:17:41AM +0200, Robin S. Socha wrote:
>>  your way of quoting *may* be convenient for you. It is, however, annoying
>>  for probably everyone else (particularly people not reading your "threads"
>>  in a row. It also adds a *massive* amount of unnecessary overhead. May I
>>  suggest your grabbing a copy - really, just about any - of the netiquette
>>  and fixing your mail toys?
>
>For christ sake, leave the guy alone.  IMHO your incessant personal attacks
>are way more annoying than his quoting style.

Does anyone else see what he's complaining about?  I've read this 
thread using MacOS Eudora, and just looked at one of the messages 
with mutt, and I see nothing out of the ordinary.  (Reminds me of the 
time some idiot flamed me on Usenet for using "}" instead of ">" as 
the quoting character.)

>
>--Adam

-- 
--
Paul J. Schinder
NASA Goddard Space Flight Center
Code 693
[EMAIL PROTECTED]

RE: Newbie help: qmail as a relay gateway

[Leonard Tulipan]

Yes, thank you, I have been looking thru that but since I don't know what my
config is called, I don't know what to look at.
I'm totally at loss, because I have never before configured a mail server.

Just a short:

do FAQ X.Y
then install Package/Software Z
then do FAQ A.B
check everything is working
enjoy

That's what I have been hoping for.

Thank you for your time
Ciao
Leo

> -Original Message-
> From: Robin S. Socha [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, August 04, 2000 1:26 PM
> To:   Leonard Tulipan
> Subject:  Re: Newbie help: qmail as a relay gateway
> 
> * Leonard Tulipan <[EMAIL PROTECTED]> writes:
> > If you can point me to the correct URLS or Steps I have to do, I'd be
> more
> > than grateful, for I have been assigned this project without really
> knowing
> > anything.
> 
> Have you checked /var/qmail/doc ? Read the FAQ and check the PICs. And:
> you cannot have both qmail and sendmail run at the same time.
> -- 
> Robin S. Socha 

Re: Mailing list performance

[Dave Sill]

"P.Y. Adi Prasaja" <[EMAIL PROTECTED]> wrote:

>On Thu, Aug 03, 2000 at 08:14:32AM -0400, Dave Sill wrote:
>> 
>> He apparently confused incoming concurrency with outgoing
>> concurrency. Luckily, Postfix defaults to 50, so the results are still 
>> valid.
>
>Then you wrong either :-)

No, I'm not wrong. If you're going to "correct" someone, please check
your facts first.

>From http://postfix.cloud9.net/rate.html:

  The default_process_limit parameter (default: 50) gives direct
  control over inbound and outbound delivery rates. This parameter
  controls the number of concurrent processes that implement a Postfix 
  service (smtp client, smtp server, local delivery, etc.)

It says 50, not 10.

>Default _maximum_ concurrency is 10,

Perhaps you're thinking of  default_destination_concurrency_limit?
That's the *per destination* limit, not the overall concurrency limit.

>Even though the author increase the number at master.cf, say 1000 (as
>I said that it has nothing todo with concurrency, neither incoming nor
>outgoing, beside the fact that there are no _incoming/outgoing_
>concurrency in postfix, the number is for differrent purpose).
>then the concurrency still be limited to 10 and will started at 5,
>etc... etc...

Either you're wrong or the documentation on the web is wrong. I don't
care enough to determine which is the case. Here is what the web docs
say:

>From http://postfix.cloud9.net/rate.html:

  You can override [default_process_limit] for specific Postfix
  daemons by editing the master.cf file. For example, if you do not
  wish to receive 50 SMTP messages at the same time, you could
  specify:

 
  # ==
  # service type  private unpriv  chroot  wakeup  maxproc command + args
  #   (yes)   (yes)   (yes)   (never) (50)
  # ==
  . . .
  smtp  inet  n   -   -   -   5   smtpd
  . . .

-Dave

RE: Newbie help: qmail as a relay gateway

[Greg Owen]

Install qmail as described in INSTALL.

For each domain you want to receive mail for:

1) Put that domain name in /var/qmail/control/rctphosts

2) Put domain.com:[w.x.y.z] in /var/qmail/control/smtproutes, where w.x.y.z
is the IP address of your internal exchange server.

3) Make sure that none of these domains are listed in
/var/qmail/control/locals, or the mail will not make it to Exchange.

4) If you will also send mail from the bastion host directly, modify
defaultdomain and defaulthost to your taste (man qmail-control will tell you
where to find more info on them).

These steps will set up inbound relay for your domains; the internet
sends mail to qmail, and qmail forwards it all to Exchange.

To allow Exchange to relay out through the machine,  follow the
selective relaying instructions at
http://www.palomine.net/qmail/selectiverelay.html.

-- 
gowen -- Greg Owen -- [EMAIL PROTECTED] 

Re: How I can turn off delivery for user ?

[Dave Sill]

Kornyakov Yevgeny  <[EMAIL PROTECTED]> wrote:

>I use procmail, and if "| preline procmail" line is exist in the .qmail
>file, I get two identical letters.
>First letter from qmail delivery
>Second letter from procmail delivery
>I need use only procmail delivery.

If the only line in the .qmail file is "|preline procmail", you'll
only get one copy.

-Dave

RE: maildirmake

[Dave Sill]

"Eddie Greer" <[EMAIL PROTECTED]> wrote:

>thanks for responding.  The answer that I am trying to find is whether the
>maildirmake command creates a file of any sort that keeps track of the
>mailboxes.

No, maildirmake makes a maildir. That's all; nothing else.

>We changed someone's mailbox,

What do you mean by that? Exactly what did you change?

>and copied the new current and tmp
>directories into their mailboxes but qmail did not redirect their mail (even
>after we did the maildirmake and specified their new home directory).

qmail won't redirect their mail until you tell it to via a .qmail file 
or defauldelivery specification on the qmail-start command line.

>I am
>hoping that their is a way to modified a user home directory and Maildir
>folder without recreating the user from scratch.

There's *never* a need to recreate a user from scratch under UNIX.

-Dave

Re: update Re: help - qmail rejecting mail. "no mailbox here by that name"

[Dave Sill]

J <[EMAIL PROTECTED]> wrote:

>I changed the alias to:
>.qmail-joe:bob  
>
>with the contents:  bobj
>
>I restarted all qmail daemons.. and unfortunatly I
>still get the "no mailbox here by that name".
>
>Any other sugguestions?

No, that ought to work--assuming bobj is a valid mail user. For
example:

root@sws5# cd ~alias
root@sws5# echo ./joebob >.qmail-joe:bob
root@sws5# echo To: joe.bob |qmail-inject
root@sws5# cat joebob 
>From [EMAIL PROTECTED] Fri Aug 04 12:29:17 2000
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 525673 invoked by uid 0); 4 Aug 2000 12:29:17 -
Date: 4 Aug 2000 12:29:17 -
Message-ID: <[EMAIL PROTECTED]>
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]

-Dave

domain splitting

[Sheer El-Showk]

Hi I'm posting this on several mail-related newsgroups to try to get as
much information as I can I hope no one regards this as a spam:

I would like to host mail for a single domain (ie all users should be
[EMAIL PROTECTED]) on several (geographically distributed) machines,
with users in each area receiving their mail at the local mail sever.  The
hard part is, as bandwidth is a limiting issue, I don't want all the mail
to be forwarded through a single host (eg if user1 at location A is
sending a 5 MB attachement to user2 at location B, I don't want that to
have to bounce off some central mail sever at location C).  This means
that all the mail servers serve the same domain name but have to be
distinguishable (via DNS or sonmething sendmail does) by users served.

It seems to me that this must be do-able since AOL and other large
multinationals can't have all their mail go through some central
hub.  However since DNS won't resolve different hosts according to user
name (since it knows nothing about the user sending/receiving the
mail) the SMTP protocol must have some way of routing beyond DNS (ie so we
can have one mail server which tells outside mail servers which
internal mail server to send a particular message to accorind to user name
-- without actually receiveing the message proper itself).  This would
require some kind of pre-sending negotiation between mail servers.  Is
such a thing possible?

Does any of what I've said make sense to anybody, and if so can you clue
me in on how to do this (or where to look to find out more).  

I've found some stuff about using qmail + PH that looks like it might be
what I'm looking for (its a user address table thing that works with mail
daemons) -- does anyone know more about this.

Thank a lot in advance,
Sheer

Re: Anti Virus

[Robin S. Socha]

* Paul Schinder <[EMAIL PROTECTED]> writes:

This is all grossly off topic. I suggest taking this thread off the
list ASAP and apologize for the inconvenience caused by my unnecessary
rudeness.

[my complaint about overhead through uncropped quotes]
> Does anyone else see what he's complaining about?  I've read this
> thread using MacOS Eudora, and just looked at one of the messages with
> mutt, and I see nothing out of the ordinary.

Because I reformatted his mail according to age-old standards. In short,
it boils down to the following:

· your text goes below the quoted text;

· trim and if necessary reformat malformed quotes to the absolute
  minimum, using "[...]" where necessary;

· a line ends at 80 charactes max.;

· no HTML, format-fla^Hwed, or similar "enhancements" on mailing lists -
  ASCII only;

· an attribution line is 1 (one) line;

· sigdashes are "-- " (aka dash, dash, blank RET - you, Paul, are missing
  the blank, rendering the whole thing useless for both my address book
  (which is aimed at snarfing information from signatures) and my email
  setup that automatically nukes signatures in replies);

> (Reminds me of the time some idiot flamed me on Usenet for using "}"
> instead of ">" as the quoting character.)

Might as well have been me. ">" is for quoted text in a reply, "|" is
for quotes from external sources. Using non-standard conformant quote
strings breaks many editors in the way that text cannot be automatically
reformatted to fit the "80 char per line" limit. It's nice and dandy
that you can do loads of things you might think funny with your MUA -
but it does not really mean you *have* to do them, right? I mean, I
could do quoted-printable, text-enriched text with nested citations and
a 10 line "attribution line". It's all here and I could even encode it
according to some arcane standards. But it would annoy you just as much
as mindless use of toys like Outlook annoys me (and AFAICS the majority
of technically-minded users all over the Net). Rationale: some people
actually pay for download. Full quotes with HTML make an email
significantly bigger than necessary (like, 5 times per average) without
buying the reader anything. All it takes is a little thoughtfulness on
behalf of the users of inferior (or badly set up) software (cf. my sig
for a good tool). Is that asked too much, Paul?
-- 
Robin S. Socha 

trouble

[Sumith Ail]

Hi All

I've installed qmail+patches from source rpms on my RH
6.2 1386 linux box from Bruce Guenter source
distribution

1. daemontools 70-1
2. ucpspi-tcp-0.88-1
3. supervise-scripts-2.4
4. qmail-1.03+patches-14

Everythings fine but the smtp server takes a long time
to initialize..like when I telnet to port 25 on my
localhost...the 220 host.domain.com ESMTP appears but
after a long time.

Has anybody experienced such a problem and was able to
solve this...

Thanx in advance

- Sumith

__
Do You Yahoo!?
Kick off your party with Yahoo! Invites.
http://invites.yahoo.com/

RE: trouble

[Greg Owen]

> Everythings fine but the smtp server takes a long time
> to initialize..like when I telnet to port 25 on my
> localhost...the 220 host.domain.com ESMTP appears but
> after a long time.
> 
> Has anybody experienced such a problem and was able to
> solve this...

Your tcpserver invocation is probably trying to get IDENT info,
which is the default.  This times out after 26 seconds or so.  Put '-R' into
your tcpserver command line and the lag goes away, or open up port 113 on
the firewall to allow IDENT traffic to freely flow.

>From http://cr.yp.to/ucspi-tcp/tcpserver.html:

-r: (Default.) Attempt to obtain $TCPREMOTEINFO from the remote host. 
-R: Do not attempt to obtain $TCPREMOTEINFO from the remote host. To avoid
loops, you must use this option for servers on TCP ports 53 and 113. 

-- 
gowen -- Greg Owen -- [EMAIL PROTECTED] 

RE: Anti Virus

[Brett Randall]

> Because I reformatted his mail according to age-old standards. In short,
> it boils down to the following:

Some ideas for the list and it turns to this? Any voters to return to the
topic of how to stop our users getting virii attacks?

Thanks for opinions, defences, and updates on the latest netiquette.

Brett.

Manager
InterPlanetary Solutions
http://ipsware.com/

Re: Mailing list performance

[Dave Sill]

"David Dyer-Bennet" <[EMAIL PROTECTED]> wrote:

>Dave Sill <[EMAIL PROTECTED]> writes on 2 August 2000 at 10:14:56 -0400
> > 
> >   http://www.kyoto.wide.ad.jp/mta/eval1/eindex.html
>
>His methodology looks reasonably sound, now that I can read the
>description of it.  And he seems entirely aware of the shortcomings,
>which leads me to trust his judgement on other matters as well.
>
>Looks like qmail took 20 seconds and sendmail took 1750 seconds to
>deliver his test load.  Not surprising!  (uncached case)

I don't see where you got 20 seconds. Here's the results in tabular
form--numbers are all APPROXIMATE since I'm reading them from the
graphs (the individual results by implementation):

 Eval 1  Eval 2  Eval 3
MTA   timedns timedns timedns
qmail  155   1250  127   1230  127   1235
Postfix184   1375  168   1290  161   1330
exim   645475  161450  157451
SMTPfeed   215610  160442  157461
zmailer   1530   1675  357   1260  360   1300

>Also note that in the cached case postfix appears to beat qmail at
>delivering all the mail, at least on one graph.

I don't see that.

>However, did people notice that sendmail actually did *fewer* DNS
>queries?  I had understood that for total bandwidth use, qmail won
>over sendmail partly for doing less DNS traffic, but this doesn't seem
>to be the case in this study.

Yeah, that suprised me, too. Exim wins the prize for DNS frugality,
though.

>(postfix took 30 seconds, exim 500, zmailer I can't tell.  Am I
>reading the graphs wrong?

Where are you seeing these numbers?

>Zmailer shows increasing count of DNS
>queries off to the end of the map, but no increase in SMTP syn or
>fin.  Now I'm confused.)

Me too, because I just don't see that. Which graph(s) are you looking
at?

-Dave

Qmail-Spawn

[Slider]

Can anyone reflect a little light as to why I might be getting this error??

965396867.707127 delivery 8637: deferral:
qmail-spawn_unable_to_create_pipe._(#4.3.0)/
965396867.707147 status: local 41/120 remote 0/20
965396867.707234 delivery 8638: deferral:
qmail-spawn_unable_to_create_pipe._(#4.3.0)/
965396867.707255 status: local 40/120 remote 0/20
965396867.707636 delivery 8639: deferral:
qmail-spawn_unable_to_create_pipe._(#4.3.0)/
965396867.707656 status: local 39/120 remote 0/20
965396867.707671 delivery 8640: deferral:
qmail-spawn_unable_to_create_pipe._(#4.3.0)/
965396867.707690 status: local 38/120 remote 0/20
965396867.707803 delivery 8641: deferral:
qmail-spawn_unable_to_create_pipe._(#4.3.0)

Thanks

Slider

Re: Anti Virus

[Michael T. Babcock]

I beg you to cite the place where this list abides by these "Age-old
standards".
I've cited some standards about mailing lists to people before -- but
usually along the lines of "don't quote 100 lines and give only 1 of your
own" or "don't use 10 line signatures".  I don't complain about whether my
mail reader is only intelligent enough to recognise "-- " as a leader to a
signature instead of "--" or "- Michael" ...  That, and I much prefer to put
my statements above the quoted text if my statement deals with the entirety
of the comment (not just segments, as yours was), so that anyone following
the list can quickly read what I have to say without scrolling.

- Original Message -
From: "Robin S. Socha" <[EMAIL PROTECTED]>


Because I reformatted his mail according to age-old standards. In short,
it boils down to the following:

[ MTB: available in archives: http://www-archive.ornl.gov:8000/ ]

Rationale: some people
actually pay for download. Full quotes with HTML make an email
significantly bigger than necessary (like, 5 times per average) without
buying the reader anything. All it takes is a little thoughtfulness on
behalf of the users of inferior (or badly set up) software (cf. my sig
for a good tool). Is that asked too much, Paul?

[ MTB: cf. http://cr.yp.to/sarcasm/modest-proposal.txt ]

qmail-pop3d problem

[kapil sharma]

Hi,
I have installed qmail-pop3d, checkpassword with qmail on redhat linux
6.2. I have entered the following lines in my "/etc/inetd.conf" file:

pop-3 stream tcp nowait root /var/qmail/bin/qmail-popup qmail-popup \
 foo.com /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir

I am able to connect to 110 port but unable to authenticate. Following
is the session:

telnet foo.com 110
Trying 202.54.67.72...
Connected to foo.com.
Escape character is '^]'.
+OK <15634.965386256@\>
user naminfo
+OK
pass g
-ERR authorization failed
Connection closed by foreign host.

Please help

Re: Qmail-Spawn

[Russell Nelson]

Slider writes:
 > Can anyone reflect a little light as to why I might be getting this error??

Bad karma??  Too many years spent in pubs downing a warm one??

 > 965396867.707127 delivery 8637: deferral:
 > qmail-spawn_unable_to_create_pipe._(#4.3.0)/

This is almost always due to some kind of operating system limit.
Strace (truss in your case) is usually helpful.

-- 
-russ nelson <[EMAIL PROTECTED]>  http://russnelson.com  | If you think 
Crynwr sells support for free software  | PGPok | health care is expensive now
521 Pleasant Valley Rd. | +1 315 268 1925 voice | now, wait until you see
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   | what it costs when it's free. 

RE: qmail-pop3d problem

[Brett Randall]

OK. First make sure that the Maildir is readable by the group and user that
will be using it, then make sure that the folder actually exists and that
the folders leading up to it (eg /home) are readableby all users. This was a
problem for me once. No guarantees but take a look...

Brett.


Manager
InterPlanetary Solutions
http://ipsware.com/


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, August 05, 2000 12:17 AM
> To: [EMAIL PROTECTED]
> Subject: qmail-pop3d problem
>
>
> Hi,
> I have installed qmail-pop3d, checkpassword with qmail on redhat linux
> 6.2. I have entered the following lines in my "/etc/inetd.conf" file:
>
> pop-3 stream tcp nowait root /var/qmail/bin/qmail-popup qmail-popup \
>  foo.com /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir
>
> I am able to connect to 110 port but unable to authenticate. Following
> is the session:
>
> telnet foo.com 110
> Trying 202.54.67.72...
> Connected to foo.com.
> Escape character is '^]'.
> +OK <15634.965386256@\>
> user naminfo
> +OK
> pass g
> -ERR authorization failed
> Connection closed by foreign host.
>
> Please help
>

Re: domain splitting

[Russell Nelson]

Sheer El-Showk writes:
 > I would like to host mail for a single domain (ie all users should be
 > [EMAIL PROTECTED]) on several (geographically distributed) machines,
 > with users in each area receiving their mail at the local mail sever.  The
 > hard part is, as bandwidth is a limiting issue, I don't want all the mail
 > to be forwarded through a single host (eg if user1 at location A is
 > sending a 5 MB attachement to user2 at location B, I don't want that to
 > have to bounce off some central mail sever at location C).  This means
 > that all the mail servers serve the same domain name but have to be
 > distinguishable (via DNS or sonmething sendmail does) by users served.

Qmail lets you implement this using virtualdomains.  You can
virtualize a domain on a per-use basis.  So tell the qmail running at
location A that [EMAIL PROTECTED] is actually [EMAIL PROTECTED]

Unfortunately, both sites A and B have to be running qmail and must be 
configured with the user table.  There's no global way to do what you
want.  I suggest that you colocate the central mail server somewhere
where there's plenty of bandwidth, and configure it with the user table.

-- 
-russ nelson <[EMAIL PROTECTED]>  http://russnelson.com  | If you think 
Crynwr sells support for free software  | PGPok | health care is expensive now
521 Pleasant Valley Rd. | +1 315 268 1925 voice | now, wait until you see
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   | what it costs when it's free. 

Re: Qmail-Spawn

[Fernando Almeida]

I would like to known WHAT is qmail-spawn too... :-)


Slider wrote:

> Can anyone reflect a little light as to why I might be getting this error??
>
> 965396867.707127 delivery 8637: deferral:
> qmail-spawn_unable_to_create_pipe._(#4.3.0)/
> 965396867.707147 status: local 41/120 remote 0/20
> 965396867.707234 delivery 8638: deferral:
> qmail-spawn_unable_to_create_pipe._(#4.3.0)/
> 965396867.707255 status: local 40/120 remote 0/20
> 965396867.707636 delivery 8639: deferral:
> qmail-spawn_unable_to_create_pipe._(#4.3.0)/
> 965396867.707656 status: local 39/120 remote 0/20
> 965396867.707671 delivery 8640: deferral:
> qmail-spawn_unable_to_create_pipe._(#4.3.0)/
> 965396867.707690 status: local 38/120 remote 0/20
> 965396867.707803 delivery 8641: deferral:
> qmail-spawn_unable_to_create_pipe._(#4.3.0)
>
> Thanks
>
> Slider

--
_
Fernando Costa de Almeida
ICQ - 72293951

Re: Qmail-Spawn

[Magnus Bodin]

On Fri, Aug 04, 2000 at 02:56:10PM +0100, Slider wrote:
> 
> 
> Can anyone reflect a little light as to why I might be getting this error??
> 
> 965396867.707127 delivery 8637: deferral:
> qmail-spawn_unable_to_create_pipe._(#4.3.0)/

One of the few errors I've covered in my brief error guide ;-)

http://x42.com/qmail/error/#spawnpipe

/magnus

--
http://x42.com/

Re: Anti Virus

[Michael T. Babcock]

- Original Message -
From: "Robin S. Socha" <[EMAIL PROTECTED]>


> So you are basically advocating running a piece of exremely expensive
> software with a mixed track record of functionality, running on an
> unstable, expensive and insecure operating system for production
> services?
> [ ... ]
> So, you're not only running an unstable OS but also an extremely
> flaky, bug-ridden MTA, and you actually have this setup connected to
> the internet. May I ask what your company is worth *to you*?

Sometimes its not their choice, you do realise.  It might be that any tech
that decides to change operating systems gets fired.  That happens.  Deal
with the question at hand, please.

> It's more up to one's TCO calculations, isn't it? So, you're not only
> running an unstable OS but also an extremely flaky, bug-ridden MTA, have
> this setup connected to the internet, but also throw in more money to
> buy unneeded functionality that is likely to introduce more bugs. Can
> you explain your rationale, please?

They have no need to justify their rationale to you.  You don't matter to
their corporation in all likelihood.  In that light, maybe you could have
stuck to answering what was asked?

> Wow, we're finally back on topic... *sigh*

The previous part of the message was to satisfy those folks who always say
'give us more detail about your setup' (like me).

Incidentally, I dislike NT, Microsoft Outlook and Exchange as much as you
probably do.

> I've said it once and I'll say it again: anti-virus software is snake
> oil. Under certain circumstances, it will buy you exactly nothing. Had I
> sent you ILOVEYOU the moment I got it, you would have been fucked. Real
> bad. Maybe your filter would have caught it, but who knows?

No, its not snake-oil.  Its just not perfect.  The anti-virus software
companies, by necessity, need to analyse a virus before they can add the
signature to their software.  That usually requires that the virus be "in
the wild" for some period of time first.  However, I've had client machines
come in with dozens of viruses -- usually some combination of Stoned or
Monkey with a few other oldies.  These are all caught by modern anti virus
software and thus it _should_ be installed on machines.  McAfee VirusScan
for workstations is only $15 (cost).

I don't classify that as snake-oil
--
Michael T. Babcock
CTO, FibreSpeed

RE: Anti Virus

[Slider]

Well,

I think we should keep the topic!

There are alot of inexperienced users out there like myself who are rather
interested in this topic!

Slider


> Because I reformatted his mail according to age-old standards. In short,
> it boils down to the following:

Some ideas for the list and it turns to this? Any voters to return to the
topic of how to stop our users getting virii attacks?

Thanks for opinions, defences, and updates on the latest netiquette.

Brett.

Manager
InterPlanetary Solutions
http://ipsware.com/

Re: qmail-spawn

[Magnus Bodin]

On Fri, Aug 04, 2000 at 11:20:38AM -0300, Fernando Almeida wrote:
> I would like to known WHAT is qmail-spawn too... :-)

qmail-spawn is either qmail-lspawn or qmail-rspawn, as they both share the
code in spawn.c where this error message lives and prospers. 

/magnus

--
http://x42.com/

concurrencyremote up to 500

[Ricardo Albano]

Hello,I'm trying to get qmail running in a 
Solaris 7 box and get up to 500 qmail-remote proccesses at the same time, I do 
the following steps :
 
1. Before compiling qmail-1.03 I applyed the 
"big concurrency patch"
2. Set conf-spawn to 500 in the qmail source 
tree
3. make setup check
4. echo "500" > 
/var/qmail/control/concurrencyremote
5. Get it running!.
 
But I noticed that the maximun number of 
"qmail-remote procs" is 30 !
My box is a high traffic outbound smtp server 
and 30 qmail-remote procs. is very poor. the same steps I do in a Linux box 
and get 500 qmail-remote without any problem
 
Any Idea ???
 
This is possible relationed with a per user/max 
procs in Solaris or any like this ?
 
Thank you.
RDA.-

RE: Anti Virus

[Brett Randall]

OK I wasn't planning on continuing my argument but since others are for me!
...

> Incidentally, I dislike NT, Microsoft Outlook and Exchange as much as you
> probably do.

I dislike them as well. All our servers are transitioning to linux/openbsd
EXCEPT for this one virus-scanning machine. Virtually a day after the "I
Love you" virus was realised, Norton had a fix for it and liveupdate
automatically updated it on our server. This change was propogated to every
client in the building, as well as used in scanning of e-mails. Luckily this
prestigous event happened largely on a weekend and so the few e-mails which
got through the server were then killed on Monday when the user went to read
their e-mail...We have stopped countless hundreds of this virus, and tens of
thousands of other virii with this firewall-style approach.

> come in with dozens of viruses -- usually some combination of Stoned or
> Monkey with a few other oldies.  These are all caught by modern anti virus
> software and thus it _should_ be installed on machines.  McAfee VirusScan
> for workstations is only $15 (cost).

Totally agreed with. You can't always catch the latest and greatest virii
with virus scanning software and yes killing every binary attachment is an
approach to removing the possibility altogether, but in many cases that is
just not an option. Killing script files, ok...can understand that. Less
impact on working habits, 95% agree with it. I trust stuff I pay for more
than free, open source scripting efforts. Just a peace-of-mind. Norton are
not overly bloated. Lotus' Notes is, to some extent, bloated, but we have
been using it for the last couple of years with thousands of e-mails coming
through and being scanned daily and have had no obvious problems thus far...

Brett.

Manager
InterPlanetary Solutions
http://ipsware.com/


> -Original Message-
> From: Michael T. Babcock [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, August 05, 2000 12:36 AM
> To: qmail list; Robin S. Socha
> Subject: Re: Anti Virus
>
>
> - Original Message -
> From: "Robin S. Socha" <[EMAIL PROTECTED]>

Re: using fetchmail on qmail machine

[Vincent Danen]

On Fri, Aug 04, 2000 at 12:34:27AM -0400, Peter Green wrote:

> > Can someone let me know if the adding localhost to control/locals is
> > the "normal" behaviour?  I think a lot of people would like to use
> > qmail as their own MTA instead of sendmail or postfix, so knowing
> > this would be of great help to me.
> 
> I don't know if it's the ``normal'' behavior, but I have localhost in my
> control/locals with the identical setup to you.

That's the only way I could get qmail to deliver the mail that
fetchmail was sending it.  FYI, I'm now looking at maildrop as
opposed to procmail...  should be interesting... =)

-- 
[EMAIL PROTECTED], OpenPGP key available on www.keyserver.net
// Danen Consulting Serviceswww.danen.net, www.freezer-burn.org
// MandrakeSoft, Inc.   www.linux-mandrake.com
1024D/FE6F2AFD   88D8 0D23 8D4B 3407 5BD7  66F9 2043 D0E5 FE6F 2AFD

Current Linux uptime: 20 hours 33 minutes.

Re: using fetchmail on qmail machine

[Vincent Danen]

On Fri, Aug 04, 2000 at 10:37:03PM +1200, Chris, the Young One wrote:

> ! I don't know if it's the ``normal'' behavior, but I have localhost in my
> ! control/locals with the identical setup to you.
> 
> $ grep localhost /var/qmail/control/locals
> localhost
> 
> Yep, it's there. From a casual perusal of config.sh in the qmail package
> it can be seen that it calls a program to get the IP addresses of all
> interfaces, then puts their PTR lookups into control/locals.
> 
> Unless you lack a loopback interface :-) I believe that localhost should
> be in control/locals, at least by default.

Hmmm...  it never put it in mine...  wierd.  Oh well, now I know that
this is "normal".  Thanks!

-- 
[EMAIL PROTECTED], OpenPGP key available on www.keyserver.net
// Danen Consulting Serviceswww.danen.net, www.freezer-burn.org
// MandrakeSoft, Inc.   www.linux-mandrake.com
1024D/FE6F2AFD   88D8 0D23 8D4B 3407 5BD7  66F9 2043 D0E5 FE6F 2AFD

Current Linux uptime: 20 hours 34 minutes.

Re: Unable to create pipe

[Brett Randall]

This was posted here just a few hours ago...look at it

Brett


Manager
InterPlanetary Solutions
http://ipsware.com/


-Original Message-
From: Magnus Bodin [mailto:[EMAIL PROTECTED]]
Sent: Saturday, August 05, 2000 12:25 AM
To: qmail list
Subject: Re: Qmail-Spawn


On Fri, Aug 04, 2000 at 02:56:10PM +0100, Slider wrote:
>
>
> Can anyone reflect a little light as to why I might be getting this
error??
>
> 965396867.707127 delivery 8637: deferral:
> qmail-spawn_unable_to_create_pipe._(#4.3.0)/

One of the few errors I've covered in my brief error guide ;-)

http://x42.com/qmail/error/#spawnpipe

/magnus

--
http://x42.com/

Editing error messages

[Erich Zigler]

I was wondering if its possible to edit the error messages in qmail. And
what is the simplest way to do it?

For example, I want to change "This address is not in my rcpthosts" message
to something different.

-- 
Erich Zigler   Sr. System Administrator

Interesting how the need for substance in an unexamined life
often times leads to gulibility. -- Cornfed

Re: qmail-pop3d problem

[Chris, the Young One]

On Fri, Aug 04, 2000 at 07:47:27PM +0530, kapil sharma wrote:
! pop-3 stream tcp nowait root /var/qmail/bin/qmail-popup qmail-popup \
!  foo.com /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir
[...]
! +OK <15634.965386256@\>

Are you sure that ``\'' is an acceptible line continuation character?
qmail-popup seems to think that ``\'' is the host name, so maybe you
should just put everything on one line without using ``\''.

---Chris K.
-- 
 Chris, the Young One |_ but what's a dropped message between friends? 
  Auckland, New Zealand |_ this is UDP, not TCP after all ;) ---John H. 
http://cloud9.hedgee.com/ |_ Robinson, IV  
 PGP: 0xCCC6114E/0x706A6AAD |_ 

RE: qmail-pop3d problem

[Brett Randall]

> On Fri, Aug 04, 2000 at 07:47:27PM +0530, kapil sharma wrote:
> ! pop-3 stream tcp nowait root /var/qmail/bin/qmail-popup qmail-popup \
> !  foo.com /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir
> [...]
> ! +OK <15634.965386256@\>
>
> Are you sure that ``\'' is an acceptible line continuation character?
> qmail-popup seems to think that ``\'' is the host name, so maybe you
> should just put everything on one line without using ``\''.

The command line is interpreted by bash (I take it you are using bash)
before the program that is being called (try typing some nonexistant command
followed by a '\' and there will be no error) so qmail-popup won't even know
it existed.

Brett.


Manager
InterPlanetary Solutions
http://ipsware.com/

Re: Anti Virus

[Robin S. Socha]

* Michael T Babcock <[EMAIL PROTECTED]> writes:
> From: "Robin S. Socha" <[EMAIL PROTECTED]>

Michael,

I thought you were making sense when you suggested ending this thread in
PM. Unfortunately, I was wrong. So here goes...

> Deal with the question at hand, please.

,
| A+14  [Slider  ]:=Anti Virus
|  +20 [Robin S. Socha  ]:= <- anomy for procmail
| A+41[Slider  ]:=
|  +20   [Robin S. Socha  ]:<- 
|http://www.qmail.org/top.html#microsoft
|[...]
|  +59 :=
| A+86[Brett Randall   ]:=
|  +128  [Robin S. Socha  ]:=
| A+14  [Adam McKenna]:=
| A+29 [Paul Schinder   ]:=
|  +55[Robin S. Socha  ]:=
|  +32   [Michael T. Babcock  ]:  <- you are here
`

I presume you can see where you missed the point, Michael?

>> I've said it once and I'll say it again: anti-virus software is
>> snake oil. Under certain circumstances, it will buy you exactly
>> nothing. Had I sent you ILOVEYOU the moment I got it, you would have
>> been fucked. Real bad. Maybe your filter would have caught it, but
>> who knows?

> No, its not snake-oil.  Its just not perfect.  

It is inherently snake-oilish. I would call my colleague in London an
experienced NT admin with a lot of common sense. He went "we've now got
4 virus scanners running, so we're safe". So I went "On your backup
mailserver, too? Cause some nasty buddy just DOS'ed your primary one."
So he went "AAARRR!!!1".

The problem is not the quality of the scanners, the frequency of your
updates, the speed with which updates are released or whatever. The
problem is the quality of MS Software. Windows is a disaster waiting
to happen. Brett advocated using an insecure OS with closed source
protection mechanisms to secure a production environment running an
operating system that is as secure as a bullet proof vest made of
NT-CDs.

Since the system cannot be secured, the threat must be eliminated. Either
by changing the OS or by nuking all attachments that are potentially
dangerous.

> The anti-virus software companies, by necessity, need to analyse a
> virus before they can add the signature to their software.  That
> usually requires that the virus be "in the wild" for some period of
> time first.  

Right. And you do remember how fast ILOVEYOU spread, don't you?

> However, I've had client machines come in with dozens of viruses --
> usually some combination of Stoned or Monkey with a few other oldies.
> These are all caught by modern anti virus software and thus it _should_
> be installed on machines.  McAfee VirusScan for workstations is only
> $15 (cost).

You're working around the problem. Ever wondered how come there are
no[1] viruses for Un*x?

> I don't classify that as snake-oil

You're as entitled to your personal opinion as everybody else. Too
bad it's beside the point since the OP wasn't interested in fixing
an infected system but preventing from viruses (or other dangerous
content) from entering his system. reply-to set accordingly.

Footnotes: 
[1]  Yes, there are three. But they don't exist.
-- 
Robin S. Socha 

Re: trouble

[Sean C Truman]

Your also might want to look into installing dnscache
http://cr.yp.to/djbdns/dnscache-1.00.tar.gz and have a local caching only
server running on the qmail machine.

Sean Truman

- Original Message -
From: Greg Owen <[EMAIL PROTECTED]>
To: Qmail List (E-mail) <[EMAIL PROTECTED]>
Sent: Friday, August 04, 2000 9:13 AM
Subject: RE: trouble


> > Everythings fine but the smtp server takes a long time
> > to initialize..like when I telnet to port 25 on my
> > localhost...the 220 host.domain.com ESMTP appears but
> > after a long time.
> >
> > Has anybody experienced such a problem and was able to
> > solve this...
>
> Your tcpserver invocation is probably trying to get IDENT info,
> which is the default.  This times out after 26 seconds or so.  Put '-R'
into
> your tcpserver command line and the lag goes away, or open up port 113 on
> the firewall to allow IDENT traffic to freely flow.
>
> >From http://cr.yp.to/ucspi-tcp/tcpserver.html:
>
> -r: (Default.) Attempt to obtain $TCPREMOTEINFO from the remote host.
> -R: Do not attempt to obtain $TCPREMOTEINFO from the remote host. To avoid
> loops, you must use this option for servers on TCP ports 53 and 113.
>
> --
> gowen -- Greg Owen -- [EMAIL PROTECTED]

Re: concurrencyremote up to 500

[Charles Cazabon]

Ricardo Albano <[EMAIL PROTECTED]> wrote:
> Hello,I'm trying to get qmail running in a Solaris 7 box and get up to 500
> qmail-remote proccesses at the same time, I do the following steps :
[...] 
> But I noticed that the maximun number of "qmail-remote procs" is 30 !  My
> box is a high traffic outbound smtp server and 30 qmail-remote procs. is very
> poor. the same steps I do in a Linux box and get 500 qmail-remote without
> any problem
[...] 
> This is possible relationed with a per user/max procs in Solaris or any like
> this ?

It is almost certainly a resource limit the system is imposing.  It may be
fds, or it could be something else.  What are you limits currently set to?
Have you tried changing them?  You seem to have diagnosed your own problem
here.

Charles
-- 
---
Charles Cazabon<[EMAIL PROTECTED]>
GPL'ed software available at:  http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
---

RE: qmail-pop3d problem

[Petr Novotny]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 5 Aug 00, at 1:49, Brett Randall wrote:

> The command line is interpreted by bash (I take it you are using bash)
> before the program that is being called (try typing some nonexistant
> command followed by a '\' and there will be no error) so qmail-popup
> won't even know it existed.

I beg to differ.

1. inetd doesn't support wrapped lines in /etc/inetd.conf. At least 
mine doesn't. It doesn't know about the second line at all.

2. inetd doesn't run the command through bash. Where did you 
hear that?

-BEGIN PGP SIGNATURE-
Version: PGP 6.0.2 -- QDPGP 2.60 
Comment: http://community.wow.net/grt/qdpgp.html

iQA/AwUBOYraKVMwP8g7qbw/EQL2xgCfeWq+XgG/ESanEVRtMK5Yl8oHvEQAnRiK
hHXnlYyRwU1ygxyqrZ43yOMx
=HKTS
-END PGP SIGNATURE-
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
 [Tom Waits]

Re: concurrencyremote up to 500

[Ricardo Albano]

I can't imagine where to start the diagnostic, I think the problem is in the
OS Limit but I need some specific pointers to the problem to ask Sun
peoples.


>Ricardo Albano <[EMAIL PROTECTED]> wrote:
>> Hello,I'm trying to get qmail running in a Solaris 7 box and get up to
500
>> qmail-remote proccesses at the same time, I do the following steps :
>[...]
>> But I noticed that the maximun number of "qmail-remote procs" is 30 !
My
>> box is a high traffic outbound smtp server and 30 qmail-remote procs. is
very
>> poor. the same steps I do in a Linux box and get 500 qmail-remote
without
>> any problem
>[...]
>> This is possible relationed with a per user/max procs in Solaris or any
like
>> this ?
>
>It is almost certainly a resource limit the system is imposing.  It may be
>fds, or it could be something else.  What are you limits currently set to?
>Have you tried changing them?  You seem to have diagnosed your own problem
>here.

>Charles
>--
>---
>Charles Cazabon<[EMAIL PROTECTED]>
>GPL'ed software available at:  http://www.qcc.sk.ca/~charlesc/software/
>Any opinions expressed are just that -- my opinions.
>---

Re: using fetchmail on qmail machine

[markd]

On Fri, Aug 04, 2000 at 09:27:00AM -0600, Vincent Danen wrote:
> On Fri, Aug 04, 2000 at 10:37:03PM +1200, Chris, the Young One wrote:
> 
> > ! I don't know if it's the ``normal'' behavior, but I have localhost in my
> > ! control/locals with the identical setup to you.
> > 
> > $ grep localhost /var/qmail/control/locals
> > localhost
> > 
> > Yep, it's there. From a casual perusal of config.sh in the qmail package
> > it can be seen that it calls a program to get the IP addresses of all
> > interfaces, then puts their PTR lookups into control/locals.
> > 
> > Unless you lack a loopback interface :-) I believe that localhost should
> > be in control/locals, at least by default.
> 
> Hmmm...  it never put it in mine...  wierd.  Oh well, now I know that
> this is "normal".  Thanks!

Hmmm. I use fetchmail in one (admittedly simple) scenario and it doesn't
require localhost in control/locals


Regards.

RE: qmail-pop3d problem

[Brett Randall]

> I beg to differ.
>
> 1. inetd doesn't support wrapped lines in /etc/inetd.conf. At least
> mine doesn't. It doesn't know about the second line at all.
>
> 2. inetd doesn't run the command through bash. Where did you
> hear that?

My apologies :> It is 2am over here and I forgot this is an inetd call, not
a tcpserver call!

Brett.


Manager
InterPlanetary Solutions
http://ipsware.com/

Re: concurrencyremote up to 500

[Charles Cazabon]

Ricardo Albano <[EMAIL PROTECTED]> wrote:
> >It is almost certainly a resource limit the system is imposing.  It may be
> >fds, or it could be something else.  What are you limits currently set to?
> >Have you tried changing them?  You seem to have diagnosed your own problem
> >here.

> I can't imagine where to start the diagnostic, I think the problem is in the
> OS Limit but I need some specific pointers to the problem to ask Sun
> peoples.

Try adding some ulimit calls to your qmail startup script.  `man ulimit`
for details.

Charles
-- 
---
Charles Cazabon<[EMAIL PROTECTED]>
GPL'ed software available at:  http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
---

Re: duplicating sendmail's virtusertable

[Ben Beuchler]

On Thu, Aug 03, 2000 at 11:05:47PM -0400, Sam Carleton wrote:

> > > I also need to change the from header from [EMAIL PROTECTED] to
> > > [EMAIL PROTECTED]  I am trying to stealth my user account because
> > > it is the only account able to su in as root.  I would prefer if folks
> > > do not know the user name on the account:)  (No, it isn't sam, that is
> > > simply my example )
> > 
> > Both of these can be accomplished using fastforward, available from
> > http://www.qmail.org.
> 
> I have installed fastforward and I am aliasing incoming mail from
> sam.carleton@domain to sam@domain, but I do not have a clue as to how to
> use fastforward to change the From: header on out going mail from
> sam@domain to sam.carleton@domain.  Can someone enlighten me?

My error.  I did not read your request carefully enough.  The "From: "
header is entirely under the control of your MUA (mutt, pine, mailx,
etc).  The envelope "from " header is controlled via your MTA (qmail, in
this case) and can be controlled either by using the sendmail wrapper
with a "[EMAIL PROTECTED]" or setting some environment variables
before calling qmail-inject.

Ben

-- 
Ben Beuchler [EMAIL PROTECTED]
MAILER-DAEMON (612) 321-9290 x101
Bitstream Underground   www.bitstream.net

Re-injecting complete messages

[Brett Randall]

Hi...I've been asked by a fellow sysadmin to reinject a number of complete
e-mails (containing every original header field and the body with the
standard one-line gap) into the mail system for delivery to their relevant
locations, both locally and remotely. What is the best way of doing this?
Thanks!

Brett.

Manager
InterPlanetary Solutions
http://ipsware.com/

Re: Editing error messages

[Ben Beuchler]

On Fri, Aug 04, 2000 at 10:28:27AM -0500, Erich Zigler wrote:

> I was wondering if its possible to edit the error messages in qmail.
> And what is the simplest way to do it?
> 
> For example, I want to change "This address is not in my rcpthosts"
> message to something different.

They are hard-coded.  Edit the code at your own risk.

Ben

-- 
Ben Beuchler [EMAIL PROTECTED]
MAILER-DAEMON (612) 321-9290 x101
Bitstream Underground   www.bitstream.net

Re: Editing error messages

[Robin S. Socha]

* Erich Zigler <[EMAIL PROTECTED]> writes:

> I was wondering if its possible to edit the error messages in qmail. And
> what is the simplest way to do it?

Grab an editor and UTSL.

> For example, I want to change "This address is not in my rcpthosts"
> message to something different.

That'd be qmail-(s|q)mtpd.c - but why would you want to do that?
-- 
Robin S. Socha 

Re: Anti Virus

[Robin S. Socha]

* Brett Randall <[EMAIL PROTECTED]> writes:
> OK I wasn't planning on continuing my argument but since others are for me!

I'm still against you, Brett, so let's see how far we'll get... ]:->

>> Incidentally, I dislike NT, Microsoft Outlook and Exchange as much as
>> you probably do.

> I dislike them as well. All our servers are transitioning to
> linux/openbsd EXCEPT for this one virus-scanning machine. 

Interestingly, this will leave this one machine open to attacks against the
OS itself. Strange notion of security. You could be running TrendMicro's
viruswall or [insert AV-vendor] stuff on various flavours of Un*x or Linux
as well.

> Virtually a day after the "I Love you" virus was realised, Norton had
> a fix for it and liveupdate automatically updated it on our server.

Literally one minute after I was informed about the problem via my
email2sms gateway (one of those things you'd call a "scripting effort"
monitoring various security MLs), I had remotely logged into our
mailserver and added a rule nuking all respective emails. Arguably, the
approach is different, but with the gaping holes in MS's security
"policy", chances are yet another script kiddy will find yet another
exploit soonish and it will not qualify as a virus again. Technically
speaking, BTW, ILOVEYOU was not a virus, anyway. Needless to say that
there are i18n versions of MS Office viruses that aren't caught by
American scanners...

> Luckily this prestigous event happened largely on a weekend and so the
> few e-mails which got through the server were then killed on Monday
> when the user went to read their e-mail... 

"Luckily"... how do you sleep at night, Brett, when an integral part of
your security policy relies on luck?

> We have stopped countless hundreds of this virus, and tens of thousands
> of other virii with this firewall-style approach.

Brett, I just talked to my firewall. She's a nice firewall, y'know, and
she's got a great sense of humour. But that carpet was quite expensive,
and I stronly advise you not to make such rude jokes again unless you
want to face punitive damages. Besides, a 19" rack biting a rug is just
plainly ridiculous.

>> come in with dozens of viruses -- usually some combination of Stoned
>> or Monkey with a few other oldies.  These are all caught by modern
>> anti virus software and thus it _should_ be installed on machines.
>> McAfee VirusScan for workstations is only $15 (cost).

> Totally agreed with. You can't always catch the latest and greatest
> virii with virus scanning software and yes killing every binary
> attachment is an approach to removing the possibility altogether, but
> in many cases that is just not an option. 

True. That's why you set up sandboxes in each department, running
Linux and StarOffice. For the unaware, StarOffice is a free, GPL'ed
(?)  Office Suite running on Windows and various Un*xoid OSes. Yes,
it's a little inconvenient to hop to another office to take a look at
an attachment. But it also makes you very angry at the people sending
them. Which is good.

> I trust stuff I pay for more than free, open source scripting efforts.

Ok, so on top of luck, you rely on trust. Then again, it's all that's
left to you, isn't it? While you can have an expert audit Open Source
Software, (closed source) commercial software has to be trusted. I
don't trust closed source software, and even less so if it comes from a
foreign country. Can you guarantee (100%) where Notes or Exchange or
whatever send your company's trade secrets? Does the word OPSEC ring a
bell? IT security isn't everything.

And, quite honestly, I don't like your condescending tone when you talk
about OSS. Calling OpenBSD or qmail "scripting efforts" is, well.. you
know, if MS ever released the Exchange code, and one were to compare it
to qmail's... oh, well...

> Just a peace-of-mind.

Then why are you running qmail? You /are/ running qmail, aren't you?

> Norton are not overly bloated. Lotus' Notes is, to some extent,
> bloated, but we have been using it for the last couple of years with
> thousands of e-mails coming through and being scanned daily and have
> had no obvious problems thus far...

Notes Server has had some bugs that qualify as lethal. And they weren't
fixed nearly as quickly as those in, say, sendmail. What makes you
recommend software with a bad track record in security on a ML for the
most secure mailserver there is?
-- 
Robin S. Socha 

Bah!

[Holborn BongMiester]

Hi all,

I've finally got my arse around to using tcpserver.
 
Well I say using, more like installing and then ripping my hair out.
 
Is there any _useful_ documentation, with some examples out there
on how to use it? I saw one snippet that mentioned it goes in inetd.conf
If so what the bleeding point?? I'd rather be using FreeBSD's improved
tcp_wrappers than using them and having to use tcpserver within it.
 
I'm mainly going to it becuase of the god awful RELAYCLIENT hack to 
allow a few hosts to use me as a smarthost (instead of a more sane
/var/qmail/control file that allows named ip's to connect).
 
Yours close to another MTA,
 
D.

Re: Editing error messages

[Bryan Ischo]

"Robin S. Socha" <[EMAIL PROTECTED]> writes:

> * Erich Zigler <[EMAIL PROTECTED]> writes:
> 
> > I was wondering if its possible to edit the error messages in qmail. And
> > what is the simplest way to do it?
> 
> Grab an editor and UTSL.
> 
> > For example, I want to change "This address is not in my rcpthosts"
> > message to something different.
>
> That'd be qmail-(s|q)mtpd.c - but why would you want to do that?

I am sure Erich can answer for himself, but may I posit one possible
reason:

The people who read bounce mails are typically those who sent it, which,
99% of the time, is a person who is completely unfamiliar with mail
systems.

To them, something like, "You cannot sent mail to that site using this
mail server", or somesuch, would be less confusing and more personable.

Just a thought.

On the flip side, as soon as the word "rcpthosts" leaves a user's
mouth, I am pretty sure I know exactly what the problem is.

Bryan

-- 


p l u m b d e s i g n 
 
Bryan Ischo | Software Developer 
157 chambers st ny ny 10007
p.212-285-8600 x233 f.212-285-8999

terminology (was Re: duplicating sendmail's virtusertable)

[Chris, the Young One]

``The "From: " header'' and ``The envelope "from " header''---I knew I
was confused the first time I read the message...

On Fri, Aug 04, 2000 at 11:22:12AM -0500, Ben Beuchler wrote:
! My error.  I did not read your request carefully enough.  The "From: "
! header is entirely under the control of your MUA (mutt, pine, mailx,
! etc).

The address listed in the From field is what I call the header sender.
There could be a different official name for it though.

!The envelope "from " header is controlled via your MTA (qmail, in
! this case) and can be controlled either by using the sendmail wrapper
! with a "[EMAIL PROTECTED]" or setting some environment variables
! before calling qmail-inject.

That's what I (and most people I know of) call the envelope sender, and
it does not appear in the header (unless your mailer puts it into the
Return-Path field, but it's not an obligatory behaviour).

The other thing that should be clarified is that there is _one_ header
in a message, consisting of one or more fields. For more definitions,
see http://cr.yp.to/immhf/header.html.

---Chris K.
-- 
 Chris, the Young One |_ Never brag about how your machines haven't been 
  Auckland, New Zealand |_ hacked, or your code hasn't been broken. It's 
http://cloud9.hedgee.com/ |_ guaranteed to bring the wrong kind of 
 PGP: 0xCCC6114E/0x706A6AAD |_ attention. ---Neil Schneider 

Re: Anti Virus

[Steve Wolfe]

> > I dislike them as well. All our servers are transitioning to
> > linux/openbsd EXCEPT for this one virus-scanning machine.
>
> Interestingly, this will leave this one machine open to attacks against
the
> OS itself. Strange notion of security.

  Well, in a world devoid of any other security mechanisms, perhaps.  But
it's perfectly easy to simply deny all traffic to the machine not related to
SMTP, at the router, firewall, and on the machine itself.  It's hard to
exploit something on the machine if your packets never get there.

> > I trust stuff I pay for more than free, open source scripting efforts.

  Well, it's sixes.  Some commercial software is well-written, a lot isn't.
Some open-source software is well-written, I've found a lot that's not.  It
all comes down to the individual package.

steve

Re: Bah!

[Ben Beuchler]

On Fri, Aug 04, 2000 at 05:45:06PM +0100, Holborn BongMiester wrote:

> I've finally got my arse around to using tcpserver.
>  
> Well I say using, more like installing and then ripping my hair out.
>  
> Is there any _useful_ documentation, with some examples out there
> on how to use it? I saw one snippet that mentioned it goes in inetd.conf
> If so what the bleeding point?? I'd rather be using FreeBSD's improved
> tcp_wrappers than using them and having to use tcpserver within it.
>  
> I'm mainly going to it becuase of the god awful RELAYCLIENT hack to 
> allow a few hosts to use me as a smarthost (instead of a more sane
> /var/qmail/control file that allows named ip's to connect).

You have a very charming way of asking for help.  Also of not reading
readily and freely available documentation.

Start with the home page for ucspi-tcp.  Documents every option of every
program in the package.

http://cr.yp.to/ucspi-tcp.html

If that is too obtuse for you, try David Sill's excellent "Life With
qmail", linked to from the qmail.org page.

http://web.infoave.net/~dsill/lwq.html

If you find that too difficult, follow some of the other links
concerning "anti-relaying" from the qmail.org page.  There are several.
All of which offer complete descriptions for setting up tcpserver.

If you still can't figure it out, hire a 12 year old.

Ben

-- 
Ben Beuchler [EMAIL PROTECTED]
MAILER-DAEMON (612) 321-9290 x101
Bitstream Underground   www.bitstream.net

Re: Anti Virus

[Chris, the Young One]

On Sat, Aug 05, 2000 at 01:13:05AM +1000, Brett Randall wrote:
!  I trust stuff I pay for more
! than free, open source scripting efforts. Just a peace-of-mind.

This reminds me of http://www.ultraviolet.org/treed/lam.txt. :-)

---Chris K.
-- 
 Chris, the Young One |_ Never brag about how your machines haven't been 
  Auckland, New Zealand |_ hacked, or your code hasn't been broken. It's 
http://cloud9.hedgee.com/ |_ guaranteed to bring the wrong kind of 
 PGP: 0xCCC6114E/0x706A6AAD |_ attention. ---Neil Schneider 

Re: Editing error messages

[Erich Zigler]

On Fri, Aug 04, 2000 at 12:40:14PM -0400, Bryan Ischo wrote:

> The people who read bounce mails are typically those who sent it, which,
> 99% of the time, is a person who is completely unfamiliar with mail
> systems.

Your actually quite right.

> To them, something like, "You cannot sent mail to that site using this
> mail server", or somesuch, would be less confusing and more personable.

Actually we use vpopmail's roaming users. So if they dont check their email
beforehand they cannot use us as a relay. We get many calls from angry
customers and employees because all they see in the current error message is 
"You cant send mail."

> On the flip side, as soon as the word "rcpthosts" leaves a user's
> mouth, I am pretty sure I know exactly what the problem is.

Yeah, but in my opinion I dont want to hear of those calls in the first
place. =)

-- 
Erich Zigler   Sr. System Administrator

Re: using fetchmail on qmail machine

[Vincent Danen]

On Fri, Aug 04, 2000 at 09:03:07AM -0700, [EMAIL PROTECTED] wrote:

> > > Unless you lack a loopback interface :-) I believe that localhost should
> > > be in control/locals, at least by default.
> > 
> > Hmmm...  it never put it in mine...  wierd.  Oh well, now I know that
> > this is "normal".  Thanks!
> 
> Hmmm. I use fetchmail in one (admittedly simple) scenario and it doesn't
> require localhost in control/locals

Do you have fetchmail sending to procmail or something?  I have
fetchmail sending it to port 25 on the local machine (ie. qmail) so
qmail still has to do the delivering to my maildirs.  Are you maybe
sending it to something other than port 25?

-- 
[EMAIL PROTECTED], OpenPGP key available on www.keyserver.net
// Danen Consulting Serviceswww.danen.net, www.freezer-burn.org
// MandrakeSoft, Inc.   www.linux-mandrake.com
1024D/FE6F2AFD   88D8 0D23 8D4B 3407 5BD7  66F9 2043 D0E5 FE6F 2AFD

Current Linux uptime: 22 hours 10 minutes.

Re: Bah!

[Holborn BongMiester]

Ben Beuchler wrote:
> You have a very charming way of asking for help.  Also of not reading
> readily and freely available documentation.

Maybee I should of took a break and then asked. Dan's links on his main
page are hidden everywhere. I followed the 'installing tcpserver' and
also the other ucspi-tcp link and the info I got out of that was
untar and make. His INSTALL could do with a, for some examples and
further documnetaion go here...

> http://cr.yp.to/ucspi-tcp.html

Great! I'll go take a ganders.

> If that is too obtuse for you, try David Sill's excellent "Life With
> qmail", linked to from the qmail.org page.
> 
> http://web.infoave.net/~dsill/lwq.html

I'm not too bad with qmail, it's just to get things to function b4 I
didnt need this tcpserver.

> If you find that too difficult, follow some of the other links
> concerning "anti-relaying" from the qmail.org page.  There are several.
> All of which offer complete descriptions for setting up tcpserver.

Sensible place to put it (as oppsed to 'installing tcpserver' :) But
thnks for the pointer.

> If you still can't figure it out, hire a 12 year old.

I guess I asked for that :) Been a bad day at work and I've been having
helll with tcpserver and pop3d and qmail-smtpd.

D.

RE: Bah!

[Hubbard, David]

I'd hire that 12 year old if he/she could tell me what the
damn status codes for tcpserver meant.  :-)  Seriously
though, those pages need some updates, I spent an hour or two
searching the archives of this list the other day to find
out the reason my post card cgi perl script needed to have
\r\n on the end of each of it's lines when constructing
the mail headers...  The only thing I had to search on
was the fact that my tcpserver was logging the undocumented
status=256 which seems to be spit out for multiple problems.

Dave

-Original Message-
From: Ben Beuchler
To: [EMAIL PROTECTED]
Sent: 8/4/00 12:53 PM
Subject: Re: Bah!


You have a very charming way of asking for help.  Also of not reading
readily and freely available documentation.

Start with the home page for ucspi-tcp.  Documents every option of every
program in the package.

http://cr.yp.to/ucspi-tcp.html

If that is too obtuse for you, try David Sill's excellent "Life With
qmail", linked to from the qmail.org page.

http://web.infoave.net/~dsill/lwq.html

If you find that too difficult, follow some of the other links
concerning "anti-relaying" from the qmail.org page.  There are several.
All of which offer complete descriptions for setting up tcpserver.

If you still can't figure it out, hire a 12 year old.

Ben

-- 
Ben Beuchler
[EMAIL PROTECTED]
MAILER-DAEMON (612) 321-9290
x101
Bitstream Underground
www.bitstream.net

Re: Bah!

[Ben Beuchler]

On Fri, Aug 04, 2000 at 06:14:39PM +0100, Holborn BongMiester wrote:

> I guess I asked for that :) Been a bad day at work and I've been having
> helll with tcpserver and pop3d and qmail-smtpd.

My apologies.  I'm a tad short-tempered myself.

Anyway, tcpserver is quite easy.  I found it preferable to inetd by a
long shot.  And having the tcp program do the IP based stuff makes
perfect sense as the stuff qmail sees is too easily forged.  It only has
envelope information to work from, after all.

As a peace offering, here's my tcpserver setup:

/usr/local/bin/tcpserver -R -c 80 -q -p -x /etc/smtprules/tcp.smtp.cdb \
 -u79 -g1003 0 smtp /var/qmail/bin/qmail-smtpd  2>&1 &

There are several other options, all well documented on the ucspi-tcp
page.  Of course, the -u and -g options need to be changed to match the
correct UID/GID on your box.  And the -x option needs to point to your
tcprules file, the format of which is documented on the tcprules page at
the ucspi-tcp site.

A typical line looks like this:

123.45.67.89:allow,RELAYCLIENT=""

Ben
-- 
Ben Beuchler [EMAIL PROTECTED]
MAILER-DAEMON (612) 321-9290 x101
Bitstream Underground   www.bitstream.net

Re: Bah!

[Chris, the Young One]

On Fri, Aug 04, 2000 at 01:08:05PM -0400, Hubbard, David wrote:
!  The only thing I had to search on
! was the fact that my tcpserver was logging the undocumented
! status=256 which seems to be spit out for multiple problems.

It's not really undocumented. The status code in the log is what's
returned by wait(2) (or an equivalent). Divide that number by 256,
and get the return code (1, in your case). The status modulo 256 has
information on how the program exited: normal termination, killed by
a signal, &c.

---Chris K.
-- 
 Chris, the Young One |_ If you can't afford a backup system, you can't 
  Auckland, New Zealand |_ afford to have important data on your computer. 
http://cloud9.hedgee.com/ |_ ---Tracy R. Reed  
 PGP: 0xCCC6114E/0x706A6AAD |_ 

Re: Re-injecting complete messages

[Scott Gifford]

"Brett Randall" <[EMAIL PROTECTED]> writes:

> Hi...I've been asked by a fellow sysadmin to reinject a number of complete
> e-mails (containing every original header field and the body with the
> standard one-line gap) into the mail system for delivery to their relevant
> locations, both locally and remotely. What is the best way of doing this?

/var/qmail/bin/qmail-inject 

should do what you need.  Make sure you give it a

-f envelope-sender

where the envelope sender is where bounces from this message should
go, and then give it a list of who the message should go to after
that; qmail-inject won't look at the To header.

  For example:

/var/qmail/bin/qmail-inject -f [EMAIL PROTECTED] [EMAIL PROTECTED] 
[EMAIL PROTECTED]

is how I would re-inject this message.

Hope this helps,

ScottG.

patch to require helo before mail from

[Darrell Wright]

I have written a patch to force clients to say helo first.

 ahelocheck.diff

Problems w/ pop3

[Adam McKenna]

Some people where I work use pop3 at home and at work.  When they check their
mail from home, they are leaving the messages on the server.  The problem
happens when they get to work the next day.  Apparently, when using the old
pop3 server, messages they had already downloaded from home were marked
"read".  But now, with qmail-pop3d, they show up as "unread" when the people
come into work.

Anyone know why this problem happens?  I assume it is some POP3
feature/extension that qmail-pop3d doesn't support.  By the way, the people 
complaining are using Eudora.

--Adam

Re: Anti Virus

[Robin S. Socha]

* Steve Wolfe <[EMAIL PROTECTED]> writes:

[scanning for MS viruses under MS OSes]
> Well, in a world devoid of any other security mechanisms, perhaps.
> But it's perfectly easy to simply deny all traffic to the machine not
> related to SMTP, at the router, firewall, and on the machine itself.
> It's hard to exploit something on the machine if your packets never
> get there.

man gauntlet

>> > I trust stuff I pay for more than free, open source scripting efforts.

> Well, it's sixes.  Some commercial software is well-written, a lot
> isn't.  

I beg to differ. You simply cannot know if closed source commercial
software is well written. I may seem to work well, but you don't know
what's under the hood. Back in university, we had the NT 4.0 CD that we
installed on a spare computer for laughs. We had blocked it inside a
firewall. It sent two crypted emails. We let them free. They disappeared
behind a MSN firewall. We did not laugh.

> Some open-source software is well-written, I've found a lot that's
> not.  It all comes down to the individual package.

That's so true it's meaningless, I'd say. There is a lot of really bad
software available especially for Linux, true. But if you take a well
audited distribution (Jurix would be one) or stick to a core *BSD, you'll
find that the code base is excellent. It still remains to be shown how
you break into a bare-bones OpenBSD. I could not say that for a couple
commercial OSes. Bottom line: every system can be made insecure. But some
"packages" are secure by default. qmail springs to mind ;-) Stick to
those and you're fine.
-- 
Robin S. Socha 

Re: Bah!

[Robin S. Socha]

* Holborn BongMiester <[EMAIL PROTECTED]> writes:

> Is there any _useful_ documentation [for tcpserver], with some examples
> out there on how to use it? 

You've already been pointed to DJB's site. There also exists a tarball
with man pages at http://innominate.de/, compiled by G. Pape.

> I saw one snippet that mentioned it goes in inetd.conf If so what the
> bleeding point?? I'd rather be using FreeBSD's improved tcp_wrappers
> than using them and having to use tcpserver within it.

I don't think so. But go see for yourself. If you don't see the value of
this excellent software package, you probably don't need it.
-- 
Robin S. Socha 

Re: patch to require helo before mail from

[Scott Gifford]

"Darrell Wright" <[EMAIL PROTECTED]> writes:

> I have written a patch to force clients to say helo first.

Out of curiosity and not unpleasantness, why would one want such a
patch?  I've seen that sendmail has options to do the same thing, and
have never understood exactly what it accomplishes.

Thanks for any insight,

--ScottG.

sqwebmail & qmail-pop3d ?

[Jens Georg]

hi,

i am running a small internet-server with several virtual domains and
i would like to install sqwebmail for my customers. the question is:
does qmail work together with /Maildir format and a running qmail-pop3d
or do i need the install vpopmail ? user should be able not open new
pop3 accounts; they should only read and write emails using the web.

-- 
regards,
jens
---
department computer science, university of dortmund
linux ... life's too short for reboots!

begin:vcard 
n:Georg;Jens
x-mozilla-html:FALSE
org:University of Dortmund, Germany;computer science
adr:;;
version:2.1
email;internet:[EMAIL PROTECTED]
x-mozilla-cpt:;0
fn:Jens Georg
end:vcard

What a mess...

[Goran Blazic]

Hi...

I have a problem for wich I haven't got a clue on where to start looking for
a possible sollution...
There is this company that wanted to have mails coming to their domain...
(slofit.si). Ok, no problem, a virtual mail domain... But no, they had to go
ask their internet provider first, and what they did is forward all mail for
this domain (slofit.si) into a single mailbox!?!.
So the company has been using this setup for some time (haven't got the
faintest idea for how long) and now they are asking me to fix this, but they
still want to use this single mailbox at their internet providers server.
They are using a dialup link, so I was thinking of setting up a qmail server
on a local machine and allowing mail from the local network to be relayed
outwards... This is all well, but what about the incoming mail?

My idea is: Get the mails from the mailbox and inject them into qmail... Is
this possible? I dont really have the time to test this and try it out, so I
hope someone will have some info for me...

Thanks, Goran

The documentation said to install Windows NT 4.0 or better - so I installed
Linux 2.2.13!

Re: What a mess...

[markd]

Sounds like a job for fetchmail unless the ISP offers ETURN services.

fetchmail connects to a remote POP server (so that it can slurp all
the mail for a single mailbox) and reinjects it into your local
mail system. It's not necessarily perfect depending on the ISPs
mail system (especially wrt retrieving envelope info) but it's
better than nothing if you have no choice.


Mark.

On Fri, Aug 04, 2000 at 08:22:13PM +0200, Goran Blazic wrote:
> Hi...
> 
> I have a problem for wich I haven't got a clue on where to start looking for
> a possible sollution...
> There is this company that wanted to have mails coming to their domain...
> (slofit.si). Ok, no problem, a virtual mail domain... But no, they had to go
> ask their internet provider first, and what they did is forward all mail for
> this domain (slofit.si) into a single mailbox!?!.
> So the company has been using this setup for some time (haven't got the
> faintest idea for how long) and now they are asking me to fix this, but they
> still want to use this single mailbox at their internet providers server.
> They are using a dialup link, so I was thinking of setting up a qmail server
> on a local machine and allowing mail from the local network to be relayed
> outwards... This is all well, but what about the incoming mail?
> 
> My idea is: Get the mails from the mailbox and inject them into qmail... Is
> this possible? I dont really have the time to test this and try it out, so I
> hope someone will have some info for me...
> 
> Thanks, Goran
> 
> The documentation said to install Windows NT 4.0 or better - so I installed
> Linux 2.2.13!
> 

Re: What a mess...

[Darrell Wright]

I believe procmail does this.  I do not use it, but I remember reading it in
a document somewhere.  I would try there.

Darrell Wright
- Original Message -
From: "Goran Blazic" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, August 04, 2000 2:22 PM
Subject: What a mess...


: Hi...
:
: I have a problem for wich I haven't got a clue on where to start looking
for
: a possible sollution...
: There is this company that wanted to have mails coming to their domain...
: (slofit.si). Ok, no problem, a virtual mail domain... But no, they had to
go
: ask their internet provider first, and what they did is forward all mail
for
: this domain (slofit.si) into a single mailbox!?!.
: So the company has been using this setup for some time (haven't got the
: faintest idea for how long) and now they are asking me to fix this, but
they
: still want to use this single mailbox at their internet providers server.
: They are using a dialup link, so I was thinking of setting up a qmail
server
: on a local machine and allowing mail from the local network to be relayed
: outwards... This is all well, but what about the incoming mail?
:
: My idea is: Get the mails from the mailbox and inject them into qmail...
Is
: this possible? I dont really have the time to test this and try it out, so
I
: hope someone will have some info for me...
:
: Thanks, Goran
:
: The documentation said to install Windows NT 4.0 or better - so I
installed
: Linux 2.2.13!
:

Re: Problems w/ pop3

[Ben Beuchler]

On Fri, Aug 04, 2000 at 02:00:24PM -0400, Adam McKenna wrote:

> Some people where I work use pop3 at home and at work.  When they check their
> mail from home, they are leaving the messages on the server.  The problem
> happens when they get to work the next day.  Apparently, when using the old
> pop3 server, messages they had already downloaded from home were marked
> "read".  But now, with qmail-pop3d, they show up as "unread" when the people
> come into work.
> 
> Anyone know why this problem happens?  I assume it is some POP3
> feature/extension that qmail-pop3d doesn't support.  By the way, the people 
> complaining are using Eudora.

I encountered the same problem.

qmail-pop3d does not support the (deprecated) LAST command.  Instead, it
generates a unique ID for each message which it sends in response to the
UIDL command.  This is supposed to be cached by the client and used to
figure out which messages it has already read.  The idea was to remove
the 'state' onus from the server and give it to the client.

No solution, realy.  Tell 'em if they want to leave mail on the server,
use a protocol designed for that, like IMAP.  Or find a client that
correctly implements the POP3 protocol.

Ben

-- 
Ben Beuchler [EMAIL PROTECTED]
MAILER-DAEMON (612) 321-9290 x101
Bitstream Underground   www.bitstream.net

Re: What a mess...

[Charles Cazabon]

Goran Blazic <[EMAIL PROTECTED]> wrote:
> 
> I have a problem for wich I haven't got a clue on where to start looking for
> a possible sollution...
[...]
> My idea is: Get the mails from the mailbox and inject them into qmail... Is
> this possible? I dont really have the time to test this and try it out, so I
> hope someone will have some info for me...

Other people have mentioned fetchmail; that can work.  You might also try
my own 'fetchmail' -- it has support for domain mailboxes, and delivers
into Maildirs or mboxes.

Charles
-- 
---
Charles Cazabon<[EMAIL PROTECTED]>
GPL'ed software available at:  http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
---

Re: What a mess...

[Charles Cazabon]

Following up on my own reply, I wrote:
> 
> You might also try my own 'fetchmail'...

Of course, I meant "my own 'getmail'".  My bad.

Charles
-- 
---
Charles Cazabon<[EMAIL PROTECTED]>
GPL'ed software available at:  http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
---

filter by subject and deliver elsewhere

[M.B.]

http://www.ornl.gov/its/archives/mailing-lists/qmail/2000/06/msg00284.html

The above link sends one to a script that filters based on subject.

It bounces the mail.  I, however, wish to instead forward this
email to an alternative Maildir.  How might I do that?

mike.


___
Why pay for something you could get for free?
NetZero provides FREE Internet Access and Email
http://www.netzero.net/download/index.html

Re: domain splitting

[Sheer El-Showk]

Thanks, but my real concern is that all the mail NOT go through a SINGLE
mail server (in terms of bandwithd).  If I do what you suggested
[EMAIL PROTECTED] still has to go through location A (the full message,
including attachements has to be received at that location) which means
that it becomes a bandwidth bottle-kneck (and since there will be many
locations all with very little bandwidth supporting a large organization
this can be a problem).  At least that's how I understand it -- if you
know some way that location A could tell the outside server just to route
directly to location B, that's what I'm really looking for (sort of a SMTP
user-based server resolution).  Please correct me if I misunderstood what
you said or if it doens't require full mail routing through location A.

By the way, an entirely qmail solution shouldn't be a problem since the my
clients seem to like the idea of linux and I am a big fan of qmail ;->

Thanks anyway,
Sheer

On Fri, 4 Aug 2000, Russell Nelson wrote:

> Sheer El-Showk writes:
>  > I would like to host mail for a single domain (ie all users should be
>  > [EMAIL PROTECTED]) on several (geographically distributed) machines,
>  > with users in each area receiving their mail at the local mail sever.  The
>  > hard part is, as bandwidth is a limiting issue, I don't want all the mail
>  > to be forwarded through a single host (eg if user1 at location A is
>  > sending a 5 MB attachement to user2 at location B, I don't want that to
>  > have to bounce off some central mail sever at location C).  This means
>  > that all the mail servers serve the same domain name but have to be
>  > distinguishable (via DNS or sonmething sendmail does) by users served.
> 
> Qmail lets you implement this using virtualdomains.  You can
> virtualize a domain on a per-use basis.  So tell the qmail running at
> location A that [EMAIL PROTECTED] is actually [EMAIL PROTECTED]
> 
> Unfortunately, both sites A and B have to be running qmail and must be 
> configured with the user table.  There's no global way to do what you
> want.  I suggest that you colocate the central mail server somewhere
> where there's plenty of bandwidth, and configure it with the user table.
> 
> -- 
> -russ nelson <[EMAIL PROTECTED]>  http://russnelson.com  | If you think 
> Crynwr sells support for free software  | PGPok | health care is expensive now
> 521 Pleasant Valley Rd. | +1 315 268 1925 voice | now, wait until you see
> Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   | what it costs when it's free. 
> 

Re: Mailing list performance

[David Dyer-Bennet]

Dave Sill <[EMAIL PROTECTED]> writes on 4 August 2000 at 09:37:29 -0400
 > "David Dyer-Bennet" <[EMAIL PROTECTED]> wrote:
 > 
 > >Dave Sill <[EMAIL PROTECTED]> writes on 2 August 2000 at 10:14:56 -0400
 > > > 
 > > >   http://www.kyoto.wide.ad.jp/mta/eval1/eindex.html
 > >
 > >His methodology looks reasonably sound, now that I can read the
 > >description of it.  And he seems entirely aware of the shortcomings,
 > >which leads me to trust his judgement on other matters as well.
 > >
 > >Looks like qmail took 20 seconds and sendmail took 1750 seconds to
 > >deliver his test load.  Not surprising!  (uncached case)
 > 
 > I don't see where you got 20 seconds. Here's the results in tabular
 > form--numbers are all APPROXIMATE since I'm reading them from the
 > graphs (the individual results by implementation):
 > 
 >  Eval 1  Eval 2  Eval 3
 > MTA   timedns timedns timedns
 > qmail  155   1250  127   1230  127   1235
 > Postfix184   1375  168   1290  161   1330
 > exim   645475  161450  157451
 > SMTPfeed   215610  160442  157461
 > zmailer   1530   1675  357   1260  360   1300

I read the time on eval 1 for qmail as 20 seconds.  Well, maybe 22.
There's a very sharp bend in both DNS and SMTP curves at that point,
and only completely trivial activity after that.  I do see that the
DNS answer curve is measurable separated from the DNS request curve;
but the SMTP lines don't appear to change after that, so whatever DNS
is doing, delivery has completed.

 > >Also note that in the cached case postfix appears to beat qmail at
 > >delivering all the mail, at least on one graph.
 > 
 > I don't see that.

Well, maybe not, the SMTP fin line is separated a bit from the syn
line which the computed line is based on.

 > >However, did people notice that sendmail actually did *fewer* DNS
 > >queries?  I had understood that for total bandwidth use, qmail won
 > >over sendmail partly for doing less DNS traffic, but this doesn't seem
 > >to be the case in this study.
 > 
 > Yeah, that suprised me, too. Exim wins the prize for DNS frugality,
 > though.
 > 
 > >(postfix took 30 seconds, exim 500, zmailer I can't tell.  Am I
 > >reading the graphs wrong?
 > 
 > Where are you seeing these numbers?

Eval 1, the individual graphs mostly.  I'm using the point where the
SMTP fin count maxes as the terminal point, even though some DNS
activity occurs after that with some mailers.

But I don't see why I was confused about zmailer now (other than the
trailing DNS activity), seems to finish at about 190.

 > >Zmailer shows increasing count of DNS
 > >queries off to the end of the map, but no increase in SMTP syn or
 > >fin.  Now I'm confused.)
 > 
 > Me too, because I just don't see that. Which graph(s) are you looking
 > at?

http://www.kyoto.wide.ad.jp/mta/eval1/perf1-zmailer.gif  (evaluation
1, zmailer).  The SMTP syn count has peaked a bit under 200 seconds,
the SMTP fin count shortly thereafter.  The DNS query and response
count are at about 1275 then.  By 1400 seconds, the DNS query and
response count are up to about 1550.
-- 
Photos: http://dd-b.lighthunters.net/ Minicon: http://www.mnstf.org/minicon
Bookworms: http://ouroboros.demesne.com/ SF: http://www.dd-b.net/dd-b 
David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED]

Re: domain splitting

[Chris Garrigues]

> From:  Sheer El-Showk <[EMAIL PROTECTED]>
> Date:  Fri, 4 Aug 2000 21:13:32 + (WET)
>
> 
> Thanks, but my real concern is that all the mail NOT go through a SINGLE
> mail server (in terms of bandwithd).  If I do what you suggested
> [EMAIL PROTECTED] still has to go through location A (the full message,
> including attachements has to be received at that location) which means
> that it becomes a bandwidth bottle-kneck (and since there will be many
> locations all with very little bandwidth supporting a large organization
> this can be a problem).  At least that's how I understand it -- if you
> know some way that location A could tell the outside server just to route
> directly to location B, that's what I'm really looking for (sort of a SMTP
> user-based server resolution).  Please correct me if I misunderstood what
> you said or if it doens't require full mail routing through location A.
> 
> By the way, an entirely qmail solution shouldn't be a problem since the my
> clients seem to like the idea of linux and I am a big fan of qmail ;->

This is doable as long as you find some reasonably automated way to maintain 
the .qmail files that forward the users identically everywhere.

Make domain.com a virtual domain at all locations.  Tell qmail at all 
locations that [EMAIL PROTECTED] is really [EMAIL PROTECTED] and 
[EMAIL PROTECTED] is really [EMAIL PROTECTED] and so on.

Point MX records equally at all your locations.  The outside world will send 
the mail to one of your hosts which will then forward it to where you really 
want it.

I'd probably maintain the .qmail-domain-* files for the virtual domain
in one central location and then rsync or rdist them to all the servers at the 
same time.

Also, I think qmail-ldap has a facility for doing this more magically out of 
LDAP.

Chris


> On Fri, 4 Aug 2000, Russell Nelson wrote:
> 
> > Sheer El-Showk writes:
> >  > I would like to host mail for a single domain (ie all users should be
> >  > [EMAIL PROTECTED]) on several (geographically distributed) machines,
> >  > with users in each area receiving their mail at the local mail sever. 
>  The
> >  > hard part is, as bandwidth is a limiting issue, I don't want all the m
> ail
> >  > to be forwarded through a single host (eg if user1 at location A is
> >  > sending a 5 MB attachement to user2 at location B, I don't want that t
> o
> >  > have to bounce off some central mail sever at location C).  This means
> >  > that all the mail servers serve the same domain name but have to be
> >  > distinguishable (via DNS or sonmething sendmail does) by users served.
> > 
> > Qmail lets you implement this using virtualdomains.  You can
> > virtualize a domain on a per-use basis.  So tell the qmail running at
> > location A that [EMAIL PROTECTED] is actually [EMAIL PROTECTED]
> >
> > Unfortunately, both sites A and B have to be running qmail and must be 
> > configured with the user table.  There's no global way to do what you
> > want.  I suggest that you colocate the central mail server somewhere
> > where there's plenty of bandwidth, and configure it with the user table.
> > 
> > -- 
> > -russ nelson <[EMAIL PROTECTED]>  http://russnelson.com  | If you think 
> > Crynwr sells support for free software  | PGPok | health care is expensiv
> e now
> > 521 Pleasant Valley Rd. | +1 315 268 1925 voice | now, wait until you see
> > Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   | what it costs when it's
>  free. 
> > 
> 

-- 
Chris Garrigues http://www.DeepEddy.Com/~cwg/
virCIO  http://www.virCIO.Com
4314 Avenue C   
Austin, TX  78751-3709  +1 512 374 0500

  My email address is an experiment in SPAM elimination.  For an
  explanation of what we're doing, see http://www.DeepEddy.Com/tms.html 

Nobody ever got fired for buying Microsoft,
  but they could get fired for relying on Microsoft.



 PGP signature

Re: Anti Virus

[David Dyer-Bennet]

Michael T. Babcock <[EMAIL PROTECTED]> writes on 4 August 2000 at 10:02:54 -0400
 > I beg you to cite the place where this list abides by these "Age-old
 > standards".
 > I've cited some standards about mailing lists to people before -- but
 > usually along the lines of "don't quote 100 lines and give only 1 of your
 > own" or "don't use 10 line signatures".  I don't complain about whether my
 > mail reader is only intelligent enough to recognise "-- " as a leader to a
 > signature instead of "--" or "- Michael" ...  

Signature is pretty well-defined, and "-- " is the delimiter.  Stuff
that uses other delimiters breaks all sorts of archiving and reply
software. 

 > That, and I much prefer to put
 > my statements above the quoted text if my statement deals with the entirety
 > of the comment (not just segments, as yours was), so that anyone following
 > the list can quickly read what I have to say without scrolling.

I wish you wouldn't.  When I then respond to various paragraphs of
your text, the resulting sequence is very confusing -- or would be if
I didn't take the trouble to reorder your message first.
-- 
Photos: http://dd-b.lighthunters.net/ Minicon: http://www.mnstf.org/minicon
Bookworms: http://ouroboros.demesne.com/ SF: http://www.dd-b.net/dd-b 
David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED]

tcpserver hanging

[Adam McKenna]

Does anyone know why tcpserver would do this?

It seems to be randomly hanging on incoming connections, about 1 in every 10:

Connection closed by foreign host.
adam@orbicus:~$ telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK <25910.965424763@orbicus>
quit
+OK
Connection closed by foreign host.
adam@orbicus:~$ telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK <25912.965424764@orbicus>
quit
+OK
Connection closed by foreign host.

[a bunch more times]

then... randomly, this will happen:

adam@orbicus:~$ telnet localhost 110
Trying 127.0.0.1...
[hangs]

Logs show nothing out of the ordinary:

@4000398b36852712097c tcpserver: status: 1/40
@4000398b368527154d6c tcpserver: pid 25910 from 127.0.0.1
@4000398b3685271c9c84 tcpserver: ok 25910 localhost:127.0.0.1:110
:127.0.0.1::3755
@4000398b368605ccc39c tcpserver: end 25910 status 256
@4000398b368605cd486c tcpserver: status: 0/40
@4000398b36861a2ae01c tcpserver: status: 1/40
@4000398b36861a324a8c tcpserver: pid 25912 from 127.0.0.1
@4000398b36861a39dc0c tcpserver: ok 25912 localhost:127.0.0.1:110
:127.0.0.1::3757
@4000398b368633f6a29c tcpserver: end 25912 status 256
@4000398b368633f7276c tcpserver: status: 0/40

Here is the command I'm using to run tcpserver:

adam@orbicus:~$ cat /var/qmail/supervise/qmail-popup/run 
#!/bin/sh

PATH=$PATH:/var/qmail/bin:/usr/local/bin

exec /usr/local/bin/softlimit -m 200 \
tcpserver -R -H -v -x/etc/tcp.pop3.cdb -u0 0 110 qmail-popup
orbicus /bin/checkpassword qmail-pop3d Maildir 2>&1

Any ideas?  I've already recompiled both qmail and ucspi-tcp.  We had some
disk problems recently so I wanted to make sure they weren't damaged somehow.

--Adam

/var/qmail/rc

[James]

I've installed qmail from the FreeBSD ports collection, and I'm
trying to get it going... so when reading the help documents, I
see references to /var/qmail/rc. I don't see this file. I even
checked in the distribution tarball, and I don't see this file. Is
there something I'm missing?

Re: /var/qmail/rc

[Ben Beuchler]

On Fri, Aug 04, 2000 at 03:13:26PM -0700, James wrote:

> I've installed qmail from the FreeBSD ports collection, and I'm
> trying to get it going... so when reading the help documents, I
> see references to /var/qmail/rc. I don't see this file. I even
> checked in the distribution tarball, and I don't see this file. Is
> there something I'm missing?

Yup.

In the file named "INSTALL" on line 24 it says:

8. Copy /var/qmail/boot/home (or proc) to /var/qmail/rc.

That should take care of it.

Ben

-- 
Ben Beuchler [EMAIL PROTECTED]
MAILER-DAEMON (612) 321-9290 x101
Bitstream Underground   www.bitstream.net

Re: domain splitting

[Ben Beuchler]

On Fri, Aug 04, 2000 at 09:13:32PM +, Sheer El-Showk wrote:

> Thanks, but my real concern is that all the mail NOT go through a SINGLE
> mail server (in terms of bandwithd).  If I do what you suggested

I don't think it's possible to avoid that.  Which server mail is sent to
is a function of DNS, not mail server configuration.  The only way an
MTA has of knowing where to send a piece of mail is by looking up an MX
record for it.  It can only look up based on domain.  DNS does not know
anything about users and should not.

So.  Your only real option is to have a single mail server accepting
mail and then distribute it to other servers.  This does not fix your
bandwidth problem.  But, with a little research you can find one of
several ways to use the primary mail server only as a way to accept
inbound mail and then redistribute it to any one of several other mail
servers based on multiple criteria.

Ben

-- 
Ben Beuchler [EMAIL PROTECTED]
MAILER-DAEMON (612) 321-9290 x101
Bitstream Underground   www.bitstream.net

Re: domain splitting

[Adam McKenna]

On Fri, Aug 04, 2000 at 05:25:46PM -0500, Ben Beuchler wrote:
> On Fri, Aug 04, 2000 at 09:13:32PM +, Sheer El-Showk wrote:
> 
> > Thanks, but my real concern is that all the mail NOT go through a SINGLE
> > mail server (in terms of bandwithd).  If I do what you suggested
> 
> I don't think it's possible to avoid that.  Which server mail is sent to
> is a function of DNS, not mail server configuration.  The only way an
> MTA has of knowing where to send a piece of mail is by looking up an MX
> record for it.  It can only look up based on domain.  DNS does not know
> anything about users and should not.
> 
> So.  Your only real option is to have a single mail server accepting
> mail and then distribute it to other servers.  This does not fix your
> bandwidth problem.  But, with a little research you can find one of
> several ways to use the primary mail server only as a way to accept
> inbound mail and then redistribute it to any one of several other mail
> servers based on multiple criteria.

What about having two servers with the same MX priority?  That should work.

adam@spotted:~$ dig earthlink.net mx

; <<>> DiG 8.2 <<>> earthlink.net mx 
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;  earthlink.net, type = MX, class = IN

;; ANSWER SECTION:
earthlink.net.  0S IN MX5 mx09.earthlink.net.
earthlink.net.  0S IN MX5 mx00.earthlink.net.
earthlink.net.  0S IN MX5 mx01.earthlink.net.
earthlink.net.  0S IN MX5 mx02.earthlink.net.
earthlink.net.  0S IN MX5 mx03.earthlink.net.
earthlink.net.  0S IN MX5 mx04.earthlink.net.
earthlink.net.  0S IN MX5 mx05.earthlink.net.
earthlink.net.  0S IN MX5 mx06.earthlink.net.
earthlink.net.  0S IN MX5 mx07.earthlink.net.
earthlink.net.  0S IN MX5 mx08.earthlink.net.

--Adam

RE: domain splitting

[Ihnen, David]

If you wish to load balance mail through several servers, then just use a
load balancing scheme like through red hats new product, though I forget its
name, or use a cisco loaddirector or an F5 BigIP or any number of farm
solutions.

Each server can have a copy of the user table and route to the appropriate
mail servers as needed.

Bottleneck Eliminated.

(two server addresses on the same MX priority is not as configurable or
reliable as the load balancing hardware)

"Nothing eliminates stress like having auto-redundant systems" - me as a
network administrator

David


> -Original Message-
> From: Sheer El-Showk [mailto:[EMAIL PROTECTED]]
> Sent: Friday, August 04, 2000 2:14 PM
> To: Russell Nelson
> Cc: [EMAIL PROTECTED]
> Subject: Re: domain splitting
> 
> 
> 
> Thanks, but my real concern is that all the mail NOT go 
> through a SINGLE
> mail server (in terms of bandwithd).  If I do what you suggested
> [EMAIL PROTECTED] still has to go through location A (the full message,
> including attachements has to be received at that location) 
> which means
> that it becomes a bandwidth bottle-kneck (and since there will be many
> locations all with very little bandwidth supporting a large 
> organization
> this can be a problem).  At least that's how I understand it -- if you
> know some way that location A could tell the outside server 
> just to route
> directly to location B, that's what I'm really looking for 
> (sort of a SMTP
> user-based server resolution).  Please correct me if I 
> misunderstood what
> you said or if it doens't require full mail routing through 
> location A.
> 
> By the way, an entirely qmail solution shouldn't be a problem 
> since the my
> clients seem to like the idea of linux and I am a big fan of qmail ;->
> 
> Thanks anyway,
> Sheer
> 
> On Fri, 4 Aug 2000, Russell Nelson wrote:
> 
> > Sheer El-Showk writes:
> >  > I would like to host mail for a single domain (ie all 
> users should be
> >  > [EMAIL PROTECTED]) on several (geographically distributed) 
> machines,
> >  > with users in each area receiving their mail at the 
> local mail sever.  The
> >  > hard part is, as bandwidth is a limiting issue, I don't 
> want all the mail
> >  > to be forwarded through a single host (eg if user1 at 
> location A is
> >  > sending a 5 MB attachement to user2 at location B, I 
> don't want that to
> >  > have to bounce off some central mail sever at location 
> C).  This means
> >  > that all the mail servers serve the same domain name but 
> have to be
> >  > distinguishable (via DNS or sonmething sendmail does) by 
> users served.
> > 
> > Qmail lets you implement this using virtualdomains.  You can
> > virtualize a domain on a per-use basis.  So tell the qmail 
> running at
> > location A that [EMAIL PROTECTED] is actually [EMAIL PROTECTED]
> > 
> > Unfortunately, both sites A and B have to be running qmail 
> and must be 
> > configured with the user table.  There's no global way to 
> do what you
> > want.  I suggest that you colocate the central mail server somewhere
> > where there's plenty of bandwidth, and configure it with 
> the user table.
> > 
> > -- 
> > -russ nelson <[EMAIL PROTECTED]>  http://russnelson.com  | 
> If you think 
> > Crynwr sells support for free software  | PGPok | health 
> care is expensive now
> > 521 Pleasant Valley Rd. | +1 315 268 1925 voice | now, wait 
> until you see
> > Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   | what it 
> costs when it's free. 
> > 
> 

Softgoods payload app using PayPal and qmail?

[Thomas David Kehoe]

Should I use qmail for this application?  I was going to write it in PHP.
Qmail looks interesting, but I have zero experience with it.

I want customers to e-mail money to my website, and my website automatically
e-mails them a file (text, photo, MP3, etc.).  I want to use PayPal to
handle the credit card transaction.

There are e-commerce applications that can do "softgoods payload delivery,"
e.g. Hazel.  But these applications are much bigger than I need.  If I use
PayPal, I don't need credit card processing.  Security concerns are simpler.
I don't need hardgoods processing, shopping carts, etc.

Plus, PayPal has zero transaction fees.  Wells Fargo charges me up to 12%
for small credit card transactions.

My plan is to write a PHP script to parse the e-mail that PayPal sends to
the seller.  PayPal sends an e-mail to the seller saying, "[EMAIL PROTECTED]
has paid you $3 and attached this note: 'I want gilliananderson.jpg.'"  I
was going to parse that e-mail into "[EMAIL PROTECTED], $1,
gilliananderson.jpg" and then send out the photo to that address.

Comments, suggestions?  Would this be easier to do in qmail or in PHP?  Can
I hire a qmail consultant to write this for me?
-- 
Thomas David KehoeCasa Futura Technologies
http://www.FriendshipCenter.com   Stuttering Science & Therapy Website
The free penpals database forhttp://www.fluencydevices.com
individuals with disabilities.  (888) FLU-ENCY

Re: Softgoods payload app using PayPal and qmail?

[Chris Garrigues]

> From:  Thomas David Kehoe <[EMAIL PROTECTED]>
> Date:  Fri, 04 Aug 2000 16:40:38 -0700
>
> Comments, suggestions?  Would this be easier to do in qmail or in PHP?

umm, qmail isn't a programming language.  qmail could call a php script (or a 
perl script or a c program) which would do this.  qmail is a replacement for 
sendmail.

Chris

-- 
Chris Garrigues http://www.DeepEddy.Com/~cwg/
virCIO  http://www.virCIO.Com
4314 Avenue C   
Austin, TX  78751-3709  +1 512 374 0500

  My email address is an experiment in SPAM elimination.  For an
  explanation of what we're doing, see http://www.DeepEddy.Com/tms.html 

Nobody ever got fired for buying Microsoft,
  but they could get fired for relying on Microsoft.



 PGP signature

Re: domain splitting

[Russell Nelson]

Sheer El-Showk writes:
 > Thanks, but my real concern is that all the mail NOT go through a SINGLE
 > mail server (in terms of bandwithd).  If I do what you suggested
 > [EMAIL PROTECTED] still has to go through location A (the full message,
 > including attachements has to be received at that location) which means
 > that it becomes a bandwidth bottle-kneck (and since there will be many
 > locations all with very little bandwidth supporting a large organization
 > this can be a problem).  At least that's how I understand it -- if you
 > know some way that location A could tell the outside server just to route
 > directly to location B, that's what I'm really looking for (sort of a SMTP
 > user-based server resolution).  Please correct me if I misunderstood what
 > you said or if it doens't require full mail routing through location A.

You can't get the rest of the world to send mail to a single domain
except by going to the host that accepts mail for that domain.  But
within your domain, you can split it any way you want.  You could use
LDAP, you could use the DNS, you could use fastforward, you could use
a bunch of .qmail files.  Personally, I'd use the DNS.  It's an
efficient, scalable, secure (well, okay, it's secure if you use
djbdns), cross-host, cross-platform database.  Just do this:

echo 'example.com:alias-example' >/var/qmail/control/virtualdomains

echo '|forward $EXT2@$EXT2.example.com'

Then set up a bunch of DNS records that point to the host with that
user's mailbox.

-- 
-russ nelson <[EMAIL PROTECTED]>  http://russnelson.com  | If you think 
Crynwr sells support for free software  | PGPok | health care is expensive now
521 Pleasant Valley Rd. | +1 315 268 1925 voice | now, wait until you see
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   | what it costs when it's free. 

Re: Softgoods payload app using PayPal and qmail?

[David Dyer-Bennet]

Thomas David Kehoe <[EMAIL PROTECTED]> writes on 4 August 2000 at 16:40:38 -0700

 > Comments, suggestions?  Would this be easier to do in qmail or in PHP?  Can
 > I hire a qmail consultant to write this for me?

I find the "qmail or PHP" question confusing.  For a moderate volume
(and you say you don't need some of the more heavy-duty commercial
softgoods payload delivery systems), I'd write a CGI in something like
Perl, or use PHP, or use ColdFusion if I already had it on my server,
or something like that.  And then I'd use whatever MTA was installed
on the server to accept and deliver the incoming, and to dispatch the
outgoing. 

Qmail is a fine choice for MTA; it's fast, reliable, secure, and
easy to interface to from a CGI application.  If there's no MTA
currently installed, or if it's time for a change, qmail would be a
good choice.

I'm sure you can hire a consultant to write this for you.  I'd look
for web expertise more than qmail expertise, since the interface to
whatever MTA you use isn't particularly the hard part.  If you're
setting up the server yourself you might want a qmail consultant to
get the whole mail handling thing set up for you, and finding somebody
who can do both parts might be more convenient for you.
-- 
Photos: http://dd-b.lighthunters.net/ Minicon: http://www.mnstf.org/minicon
Bookworms: http://ouroboros.demesne.com/ SF: http://www.dd-b.net/dd-b 
David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED]

Re: tai64n -- why?

[Russ Allbery]

David Dyer-Bennet <[EMAIL PROTECTED]> writes:

> Yes, when I first looked at it.  As is often the case with Dan, I just
> disagree.  It's not straight text in the sense I mean; it's not human
> readable.  Of all the strange choices Dan's made that I've encountered
> in working with qmail, this is the first one that I fail completely to
> understand.  All the others, I see the tradeoffs and I see why he chose
> as he did, even if I might have chosen otherwise.  This one makes zero
> sense.  It's non-functional.  It doesn't connect to the way I work.

syslog timestamps are amazingly annoying to try to parse.  TAI64 is
trivial to parse.  This is a significant improvement.

ISO date/time format would also have been easy to parse, and I would have
been slightly happier with that, but TAI64 is definitely a *huge*
improvement over syslog if you want to do anything at all automated with
the logs.

-- 
Russ Allbery ([EMAIL PROTECTED]) 

Re: Now redhat's mailling lists have been removed to mailman and postfix

[Russ Allbery]

Irwan Hadi <[EMAIL PROTECTED]> writes:

> , PayPal/Confinity, Red Hat's mailing lists, Hypermart.net, Casema,
> ^^
> Rediffmail.co.in, Topica, MyNet.com.tr, FSmail.net, and vuurwerk.nl.

> at www.qmail.org/top.html should be removed right ?

It can be replaced with all of the Perl development mailing lists, all of
which are using ezmlm-idx.

-- 
Russ Allbery ([EMAIL PROTECTED]) 

Re: Editing error messages

[Eric Cox]

Bryan Ischo wrote:
> 
> The people who read bounce mails are typically those who sent it, which,
> 99% of the time, is a person who is completely unfamiliar with mail
> systems.
> 
> To them, something like, "You cannot sent mail to that site using this
> mail server", or somesuch, would be less confusing and more personable.


Another possibility is putting personal, domain-specific info into the 
bounce messages, like who to contact for help, etc...

Eric

Re: Mailing list performance

[P.Y. Adi Prasaja]

On Fri, Aug 04, 2000 at 07:58:20AM -0400, Dave Sill wrote:
> No, I'm not wrong. If you're going to "correct" someone, please check
> your facts first.

oh .. well ...
Here is your previous post:

> He apparently confused incoming concurrency with outgoing
> concurrency.

What are you trying to say in this regard?

> Perhaps you're thinking of  default_destination_concurrency_limit?
> That's the *per destination* limit, not the overall concurrency limit.

Yes. And seems to me that you pretend to that this would not give any
impact to the measurements...

> Either you're wrong or the documentation on the web is wrong. I don't
> care enough to determine which is the case. Here is what the web docs
> say:

No. The docs is minimum, but it isn't wrong.
If there is no such a limitation in qmail, why should one pretend
to that there is no such a limitation in other MTA (postfix) too?

Once again, if you would like to see the comparisson numbers that
author gives to us, just see at the linear equation from each graph.
You would see that postfix beat qmail just for about 1 msg/second
rate in 2nd and 3th evaluation (this fact is unsignificant, for me at
least). Anyway, if the number of process_limit is increased, say 120,
with the same condition (environment, machine, etc.), should qmail a
lot faster than postfix because of its great efficiency in resources
using by qmail compares to postfix (yes, I didn't talk about the
whole results, it's about 'internal processing').

Salam,

P.Y. Adi Prasaja

Problems whith scan4virus

[Kornyakov Yevgeny]

Hi all !!!

I have installed perl based programm Scan4virus from Jason Haar
but I have problems whith execute this program.
When I try execute I get next message
==
www:/var/qmail/bin# ./antivirus-qmail-queue.pl -t
YOU HAVEN'T DISABLED SET-ID SCRIPTS IN THE KERNEL YET!
FIX YOUR KERNEL, PUT A C WRAPPER AROUND THIS SCRIPT, OR USE -u AND UNDUMP!
==
What can I do ?
  

-- 
Best regards,
 Kornyakov  mailto:[EMAIL PROTECTED]

Unable to create pipe

[Ricardo Albano]

I get a lot of errors like this in the qmail 
logs :
 
delivery 4770: deferral: 
qmail-spawn_unable_to_create_pipe._(#4.3.0)/
 
How can I solve this ?, I readed the FAQ and 
mailling list archives but I can't find this.
 
Thanks
RDA.-