Re: secrets and lies
On Wed, Nov 15, 2000 at 08:18:29PM +1300, Chris K. Young wrote: Quoted from Adam McKenna [15 Nov 2000]: On Wed, Nov 15, 2000 at 01:14:15PM +1300, Chris K. Young wrote: ``The [licence] must explicitly permit distribution of software built from modified source ^^ code.''. qmail conforms loosely to the OSD, there is a footnote to section 4 that (ambiguously) states that licenses that allow third party distribution of patches conform. Allowing patches is necessary, but it's not sufficient. Debian's Free Software Guidelines has a similar clause, and I see no other clause that DJB's licence conflicts with. If I go by your statement, why is qmail listed under the non-free section? That's why it conforms loosely. It only violates one part, and the rationale for that part explains why an author would want to make his license that way. I can't speak for the strictness of the Debian project because I am not a part of it, but it has been my experience that it doesn't take much of an infracton of the OSD (which was originally the DFSG) to get exiled to non-free. The main problem is that qmail doesn't really have a "license" that ships with it. All people have to go on is public remarks made by Dan, http://cr.yp.to/qmail/dist.html I say that dist.html should be considered authoritative. There are references in the qmail and djbdns documentation that contain the URL to their respective pages. That's what you say. But there isn't a definitive license (i.e. LICENSE or COPYING) in the qmail distribution that explains those rights -- some web page could be altered or taken down at any time, leaving users without any rights whatsoever. --Adam -- Adam McKenna [EMAIL PROTECTED] | "No matter how much it changes, http://flounder.net/publickey.html | technology's just a bunch of wires GPG: 17A4 11F7 5E7E C2E7 08AA| connected to a bunch of other wires." 38B0 05D0 8BF7 2C6D 110A| Joe Rogan, _NewsRadio_ 3:12am up 158 days, 1:28, 10 users, load average: 0.01, 0.01, 0.00
running daemontools on qmail with large locals and rcpthosts files
Dear all, I'd upgraded my daemontools on qmail from version 0.53 to 0.7. The file size for both /var/qmail/control/locals and rcpthosts exceeds 1M (this incl. around 65000 cobrands). However using the new daemontool with svscan somehow prevent qmail from running with big locals and rcpthosts, i hv try to reducing the file size to around 160K (around 1 cobrands) and it works. However when i add 5000 cobrand more into the locals and rcpthosts, it crashes again. The error shown when telneting port 25 as follows: bash-2.03# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 421 unable to read controls (#4.3.0) Connection closed by foreign host. Now I'd role back to previous daemontools version 0.53, it works for a day or two but now it comes up with the same error message again!! I'm using SunOS 5.8, did someone has such an experience? Is it because the locals and rcpthosts too large? I'd be highly appreciated if someone can give me any suggestion. (p.s. Please also cc to my email address.) thanks, Eric
Qmailanalog ...
Can you help me with use qmail analog ??? I have installed qmailanalog and have log file without time stamps... I think that i use incorrect syntaxes... Daniel POGA Tech. Support TatraSoft Group s.r.o Sibrska 4 83102 Bratislava tel: +421-7-55574033 fax: +421-7-55566385 [EMAIL PROTECTED]
qmail Digest 15 Nov 2000 11:00:00 -0000 Issue 1184
qmail Digest 15 Nov 2000 11:00:00 - Issue 1184 Topics (messages 52138 through 52229): Re: MX routing question 52138 by: Paul Farber HELP! 52139 by: Casey Allen Shobe Fresh Installation 52140 by: Mark Anderson 52141 by: James Raftery reg. qmail-qmqpd and qmail-qmtpd 52142 by: RamKumar 52150 by: Dave Sill Startup Script 52143 by: Travis Turner 52145 by: Charles Cazabon 52179 by: Roger Walker 52194 by: Greg Cope how best to log rblsmtpd? 52144 by: brandon.discontent.com hello 52146 by: Alexander Mardirossian 52149 by: Dave Sill Removing Delivered-To header 52147 by: Peter Cavender accessing $local in fastforward alias file 52148 by: Tristan Graham 52155 by: Charles Cazabon 52159 by: Tristan Graham Re: Antispam with authorization from POP3 server. 52151 by: Dave Sill Re: How do I route to another host? 52152 by: Dave Sill 52154 by: mark.sidell.org Re: Clear the queue of qmail 52153 by: Dave Sill secrets and lies 52156 by: Mate Wierdl 52158 by: Dave Sill 52160 by: Adam McKenna 52161 by: anon-dns.sitefoundry.com 52162 by: Charles Cazabon 52163 by: Ryan Russell 52164 by: markd.bushwire.net 52165 by: Bennett Todd 52166 by: Mate Wierdl 52167 by: Ian Lance Taylor 52168 by: markd.bushwire.net 52169 by: Mate Wierdl 52170 by: Paul Jarc 52171 by: Adam McKenna 52172 by: Matthias Andree 52173 by: Chris K. Young 52174 by: Mate Wierdl 52175 by: Gustavo Vieira Goncalves Coelho Rios 52176 by: Paul Jarc 52177 by: Mate Wierdl 52178 by: Bennett Todd 52180 by: Paul Jarc 52181 by: Lipscomb, Al 52182 by: Robin S. Socha 52183 by: Bennett Todd 52184 by: Bennett Todd 52185 by: Russ Allbery 52186 by: Russ Allbery 52187 by: Adam McKenna 52188 by: Travis Turner 52189 by: Travis Turner 52190 by: Adam McKenna 52191 by: Bennett Todd 52192 by: Lipscomb, Al 52193 by: Felix von Leitner 52195 by: Mate Wierdl 52196 by: Ryan Russell 52197 by: Felix von Leitner 52198 by: Adam McKenna 52199 by: markd.bushwire.net 52200 by: markd.bushwire.net 52201 by: Felix von Leitner 52202 by: dreamwvr 52203 by: David Dyer-Bennet 52204 by: Bennett Todd 52205 by: Andre Oppermann 52207 by: Adam McKenna 52208 by: Bennett Todd 52210 by: Chris K. Young 52211 by: Russ Allbery 52212 by: markd.bushwire.net 52213 by: Adam McKenna 52214 by: Ryan Russell 52217 by: Mate Wierdl 52218 by: Mate Wierdl 52219 by: Nathan J. Mehl 52220 by: David Dyer-Bennet 52221 by: Chris Olson 52224 by: Mate Wierdl 52225 by: Chris K. Young 52227 by: Adam McKenna Personalising emails to lists and prohibited subjects in ezmlm-idx/qmail 52157 by: Darren Honeyball 52209 by: Darren Honeyball Alias - .qmail-default 52206 by: Expert User mail delivery statistics 52215 by: Mikko Hänninen accepting and delivering locally for a different IP ... 52216 by: wolfgang zeikat Help Required . 5 by: RamKumar 52223 by: Charles Warwick DFSG and DJB (was Re: secrets and lies) 52226 by: Greg Hudson running daemontools on qmail with large locals and rcpthosts files 52228 by: Eric Yu Qmailanalog ... 52229 by: Daniel POGAC Administrivia: To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To subscribe to the digest, e-mail: [EMAIL PROTECTED] To bug my human owner, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] -- take the non-local domains out of the locals file. Paul Farber Farber Technology [EMAIL PROTECTED] Ph 570-628-5303 Fax 570-628-5545 On Mon, 13 Nov 2000, Oliver Menzel wrote: Hi, I'm trying to make all mail incoming for a bunch of hosts to be delivered to this one mail host. So i've setup an MX record for each one of those domains to be that mail host. Problem is, the mail is always delivered for that host, ie: if I send mail to [EMAIL PROTECTED], and the MX is mx.host.com, the mail will be delivered to host.com, regardless of the MX entry. Is this a DNS problem, or the way qmail delivers mail? Thanks in advance, Oliver __ Do You Yahoo!? Yahoo! Calendar - Get organized for the holidays! http://calendar.yahoo.com/ Hi, I cannot unsubscribe an old email address which I no longer use but forwards to this one. I'd like to
socket sending to qmail problem... pleaseeeee help...
Thank you first. I am writing a linux application trying to send email to a qmail server. I am able to send a very small sized data across successfully and receive in in a mailbox ok, but when the data size becomes larger, it seems that the email vanished in the air! Any idea? Below is the code... == sockfd = socket ( PF_INET, SOCK_STREAM, 0 ); ina.sin_family = AF_INET; ina.sin_addr.s_addr = inet_addr ( server ); ina.sin_port = htons ( portnum ); memset ( ina.sin_zero, 0, 8 ); connect ( sockfd, ( struct sockaddr * ) ina, sizeof ( struct sockaddr ) ); slen = strlen ( pstr ); ptmp = pstr; sentlen = 0; leftover = slen; do { sentlen = send ( sockfd, ptmp, slen-sentlen, 0 ); ptmp += sentlen; } while ( ptmp ( pstr + slen ) ); shutdown ( sockfd, 2 ); close ( sockfd ); ==
Re: Qmailanalog ...
Daniel POGAC wrote: Can you help me with use qmail analog ??? I have installed qmailanalog and have log file without time stamps... I think that i use incorrect syntaxes... I'm using the following very simple Script for general Mail Statistics: root@foxdev1:/usr/local/samba/lib cat /usr/bin/mailstat #! /bin/sh /usr/local/bin/tai64nfrac /var/log/qmail/qmail-send/current /var/log/maillog /usr/local/qmailanalog/bin/matchup /var/log/maillog /var/log/maillog.matchup /usr/local/qmailanalog/bin/zoverall /var/log/maillog.matchup rm -rf /var/log/maillog* -- --^..^-- michael maier - system development administrator flatfox ag, hanauer landstrasse 196a d-60314 frankfurt am main fon+49.(0)69.50 95 98-308 fax+49.(0)69.50 95 98-101 email [EMAIL PROTECTED] urlhttp://www.flatfox.com - m a k e m y d a y
Forwarding with same envelope address
My server mail.foo.com receives all email for the foo.com domain. Most messages are to be delivered locally on this server. But, messages sent to certain addresses, for example "[EMAIL PROTECTED]", need to be forwarded to another server, xxx.foo.com. In addition, the envelope address needs to be unchanged when the messages get forwarded. That is, the envelope needs to remain "[EMAIL PROTECTED]" when mail.foo.com forwards the message to xxx.foo.com. I can't figure out how to do this, since it appears that qmail's forwarding mechanism appears to be based on transformations of the envelope address. Thanks for your help. -- Mark Sidell Chief Programmer Forte Agent
Help - It's urgently - about .qmail-default
Hi, My .qmail-default have the line: | /var/qmail/bin/fastforward -d /etc/aliases.cdb. The /etc/aliases have the line: MAILER-DAEMON:admin . I'm receiving a lot of emails from someone trying to spam me but, the accounts that the spammer is trying to spam doesn't exists so, the qmail send a MAILER-DAEMON message to 'admin' saying that the account doesn't exists. I disabled this line from .qmail-default in order to prevent the qmail from send this message but, I looked at the logs and I saw that when a message to an unknown arrive this logs the message like DID. My question is : Where this messages to an unknown user is stored ? Is this message discarded ? Roberto Samarone Araujo
A doubt about Qmailadmin
I installed Qmailadmin and created a virtual domain and some users for this domain so, I have emails like : [EMAIL PROTECTED] and [EMAIL PROTECTED] , ok it's perfect but, I would like to know how can I get the emails sent to this users(xxx,yyy) if they aren't users from the system(they are only users for email) ? I tried to type this users and his password through a POP conection but, the qmail didn't accepted the pop connetion for get this users emails. Roberto Samarone Araujo
Re: A doubt about Qmailadmin
I have set up Qmail and (as a temp messure) allowed open relaying so my users can send through the server. You can send mail to a user on the machine but it seems to go into nothingness. Never being delivered, never being bouced. Nothing. I don't even know where to start. Mark Anderson
Re: A doubt about Qmailadmin
On Wed, Nov 15, 2000 at 12:18:46PM -, Mark Anderson wrote: I don't even know where to start. Start by looking to your logs. james
Help with qmail and ezmlm
Hello I'm using ezmlm. I have a list of people in a list. I use ezmlm-send to send the message in the following way # ezmlm-send ~/list "mail.file" I've checked the queue and the emails of the users that the message is suposed to go are ok. But after the email is sent by qmail the email that apears in the "To:" label isn't correct. It apears like this "pedro.pires?[EMAIL PROTECTED]" and it should apear "[EMAIL PROTECTED]" Anyone have experienced this? Thanks Pedro Pires
maildirmake query
Hello I am still new to qmail, I was wondering if it is possible to create maildir folder automatically as a mails are recieved ,probably by calling maildirmake during delivery ? thanx in advance Suresh Mithi.com Pvt. Ltd. -- Send and receive mail in Indian languages Register free at http://www.mailjol.com
Re: Forwarding with same envelope address
On Wed, 15 Nov 2000, [EMAIL PROTECTED] wrote: I can't figure out how to do this, since it appears that qmail's forwarding mechanism appears to be based on transformations of the envelope address. No, qmail does not transform the envelope address. Create a ~user/.qmail (or ~alias/.qmail-user) with: | forward "$LOCAL"@otherhost.foo.com As long as the other host received mail for otherhost.foo.com, all will be fine (I know, I'm doing it...) -- B r e t t R a n d a l l http://xbox.ipsware.com/ brett_ @ _ipsware.com
Re: secrets and lies
Adam McKenna [EMAIL PROTECTED] writes: On Tue, Nov 14, 2000 at 09:11:32PM +0100, Matthias Andree wrote: Mr. Schneier is respected for his expertise and cryptography, and just because he states that head money for bugs is no good, does not make him an M S type weenie. You're right, Bruce Scheiner is a god, and I'm really sorry for disagreeing with him. That is not what I meant, even subtracting sarcasm, irony and exaggeration. I'm saying that one particular opinion on a marginal topic that you disagree with does not make Mr. Schneier a bad person. Get a clue, in that you try to find out about that person as a whole before judging him. -- Matthias Andree
Re: secrets and lies
Adam McKenna [EMAIL PROTECTED] writes: For what its worth, I was only originally expression an opinion on the few paragraphs that Mate posted, from some book that I had never heard of, by a "B. Schneier" [sic] I didn't know who he was talking about at first, and I was reacting to getting attacked from all sides. Perhaps in the future when people post quotes from print, they should include a little bit more context, and perhaps an ISBN number to eliminate confusion. Searching the Index of the Dortmund University Library: Verfasser : Schneier, Bruce Titel/Stichwort: Applied cryptography HSTZusatz : protocols, algorithms and source code in C Verf.Vorlag: Bruce Schneier Ausgabebez.: 2. ed. Verlagsort : New York [u.a.] Verlag : Wiley Preis/Einband : kart. : £ 41.50 ISBN/ISSN : 0-471-12845-7 : 0-471-11709-9 Jahr : 1996 Umfangsangabe : XXIII, 758 S. : graph. Darst. [...] While the left column is in German, you should be able to extract the desired information. The German translation, "Angewandte Kryptographie", is published by Addison-Wesley, Bonn sinc 1996; bases on ISBN 0-471-11709-9, ISBN 3-89319-854-7. Translators have been Katja Karsunke and Thomas Merz, again, for what it's worth. I assume the £ (Pound Sterling) sign should really be a $ (Dollar) sign. Check with your favourite book store or library. -- Matthias Andree
how to set the rights for maildir to be secure
Hi, I'm just setting up mailuser for using qmail. The defaultdeliverymethod is Maildir. What is the best right for the maildirectories to be sure that mails can be written in the users Maildir and no other unixuser can make something else with mails that are not for him. Actualy I have given the maildirs 707 and my maildir I have set to 703. Regards, Ruprecht --- INTERNOLIX Standards for eBusiness INTERNOLIX AG Ruprecht Helms System-Engineer http://www.internolix.com mail:[EMAIL PROTECTED] Weiherstr. 20Tel: +49-[0]7533-9945-71 78465 Konstanz Fax: +49-[0]7533-9945-79
how to set the rights for maildir to be secure
Hi, I'm just setting up mailuser for using qmail. The defaultdeliverymethod is Maildir. What is the best right for the maildirectories to be sure that mails can be written in the users Maildir and no other unixuser can make something else with mails that are not for him. Actualy I have given the maildirs 707 and my maildir I have set to 703. Regards, Ruprecht --- INTERNOLIX Standards for eBusiness INTERNOLIX AG Ruprecht Helms System-Engineer http://www.internolix.com mail:[EMAIL PROTECTED] Weiherstr. 20Tel: +49-[0]7533-9945-71 78465 Konstanz Fax: +49-[0]7533-9945-79
tcpserver virtual domain
hi, 1. I am able to send receive mails, but i need to start qmail manually even though i have written the init scripts. This is the error i get in the nohup.out which is created when starting qmail file : nonup env - PATH="$PATH" svscan ./run: Can't reopen pipe to command substitution (fd 4): No child processes And on checking the files under /var/log/qmail directory I get the following message : @40003a12898c17eccf2c tcpserver: fatal: unable to bind: address already used. The IP that has been assigned to this linux box is not being used anywhere else. 2.One more thing was the machine was giving a 'host not found' error for the 2nd domain that i had given. I had assigned a 2nd domain and given the full entries in the locals and the rcpthosts file. When i try to send a mail to that domain, it gives me a "Host unknown (Name server: lists.example2.com.example2.com : host not found)" error.The dns entries for the MX and A records point to the correct machine but this error occurs. I tried telnet into that domain on port 25. It accepted the RCPT TO address and the data. But when i checked the logs i founs the error : Nov 15 18:54:33 lists qmail: 974294673.441538 delivery 37: deferral: Sorry,_I_couldn't_find_any_host_by_that_name._(#4.1.2)/. Now I am stuck here. Could u plz suggest a way out. Again Thanks in Advance Regards Kiran - Original Message - From: Mike Smith [EMAIL PROTECTED] To: Kiran [EMAIL PROTECTED] Sent: Sunday, November 12, 2000 2:21 AM Subject: Re: Fw: re-smtp port You still have previous qmail processes running. Assuming from your previous mails, you don't have init scripts, yet. Just ps for the qmail-send process and kill it. When it dies, the other three process running (qmail-lspawn, qmail-rspawn, and qmail-clean) will die, as well. Brutal, but effective. -Mike -Original Message- From: "Kiran" [EMAIL PROTECTED] To: [EMAIL PROTECTED], "Denis Petrov" [EMAIL PROTECTED] Date: Sat, 11 Nov 2000 23:02:12 +0530 Subject: Fw: re-smtp port Hi, I was just looking into the logs. It gives an error message : tcpserver: fatal: unable to bind: address already used. What could this mean? Kiran - Original Message - From: Kiran [EMAIL PROTECTED] To: [EMAIL PROTECTED]; Denis Petrov [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Saturday, November 11, 2000 8:39 PM Subject: Re: re-smtp port Hi, Thanks for that info. I was able to telnet to the particular port after adding the lines in inetd.conf. After this i was able to place the scripts etc for starting qmail automatically while booting. While installing the ucspi-tcp package i reliased that scripts for starting this were not avaliable . Could u giude as to where to get these? Thanks in Advance Regards Kiran - Original Message - From: vasudeva [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, November 11, 2000 1:27 PM Subject: re-smtp port Hi, could u inserted line related to smtp in /etc/inetd.conf.. ? if not include the following line # Smtp setup for qmail smtp stream tcp nowait qmaild /var/qmail/bin/tcp-env tcp-env /var/qmail/bin/qmail-smtpd and also check the file /etc/services the port 25 shoulb be enabled. Ok try this and get back to me Vasu Systems Administrator Eximsoft Technologies Pvt ltd. Bangalore email: [EMAIL PROTECTED] = __ Do You Yahoo!? Thousands of Stores. Millions of Products. All in one Place. http://shopping.yahoo.com/
maildrop-filter-query
Is it possible to write a filter for maildrop such that it automatically does a maildirmake and creates a maildir ,may it can read the message ,extract the user name and create a maildir for the same?I am sure this will make it more scalable Suresh Mithi.com Pvt. Ltd. -- Send and receive mail in Indian languages Register free at http://www.mailjol.com
AUTOMAILDIRMAKE
Hello any knows what is automaildirmake Suresh Mithi.com Pvt. Ltd. -- Send and receive mail in Indian languages Register free at http://www.mailjol.com
Re: how to set the rights for maildir to be secure
On Wed, 15 Nov 2000, [EMAIL PROTECTED] wrote: I'm just setting up mailuser for using qmail. The defaultdeliverymethod is Maildir. What is the best right for the maildirectories to be sure that mails can be written in the users Maildir and no other unixuser can make something else with mails that are not for him. Is the maildir in their home folder? Then that is all that matters. Set the numbers to whatever you like (777 if you really want to). Since the parent folder ($HOME) is readable only by the owner (if you haven't mangled the permissions), noone else will be able to read ~user/maildir/. -- B r e t t R a n d a l l http://xbox.ipsware.com/ brett_ @ _ipsware.com
adding an outgoing-only smtp server?
Hi, While thinking this over, I became confused so I was wondering if someone could shed some light on adding an outgoing-only qmail server to a network/domain. Any docs, references, etc, for pointers are very much appreciated. What I would like to do is this: host1 - primary MX for incoming and outgoing host2 - outgoing only host1 will be used for "regular" email traffic, with legit user accounts, while host2 will be mainly used for pumping out big loads of outgoing email (handling large lists). All bounces (and ofcourse all incoming email) will go to host1. Limited number of admins will be handling the lists on host2, so all email intended to go out to list members will be injected at host2 (e.g. not relayed from any other hosts). Thanks in advance, jamie #-#-#-#-#-#-#-# -- If somebody can help create a search engine for my room, I will call them a Saint... GUI == Graphical User Interference
Re: secrets and lies
Adam McKenna [EMAIL PROTECTED] writes: On Tue, Nov 14, 2000 at 03:11:43PM -0500, Paul Jarc wrote: Adam McKenna [EMAIL PROTECTED] writes: Not to mention that the whole point of freeware and open source software in general is to give everyone the ability to audit the software, not just a select few. Dan's software isn't open source. [...] I said, "freeware and open source software". Do you always selectively ignore part of what someone says to make your point? I ignored it because I wasn't sure what you meant, and it wouldn't matter much anyway. If by "freeware" you meant "Free Software" in the GNU sense, then Dan's software isn't that either, and I'd say Free Software isn't about auditability so much as customizability. If by "freeware" you meant "software that is available for zero price", then that doesn't imply the source is available, so there's obviously no inherent tie to easier auditability there. If by "freeware" you meant software that is distributed for free with source, then Dan's qualifies, but to say that auditability is the goal of *all* such software is a terribly strong statement, and as I said, I'm not aware of Dan ever stating that this was even *one* of *his* goals, let alone "the whole point". paul
Re: secrets and lies
Adam McKenna [EMAIL PROTECTED] writes: On Tue, Nov 14, 2000 at 03:35:35PM -0500, Paul Jarc wrote: [EMAIL PROTECTED] writes: Whilst an audit is a good idea, I don't see how a competition and time in the field can actual make matters worse. It can make people think a program is secure when no audit has been done, reducing the likelihood that anyone will call for an audit, leaving holes undiscovered. And a formal audit can miss security holes, reducing the likelihood that anyone will call for further audits, leaving holes undiscovered -- it's a double-edged sword. Auditing is an ongoing process, not something which takes place at one point in time and unilaterally declares something "secure". None of this conflicts with what I said above, though. An audit is more likely to find holes than is casual scrutiny in the field. An audit is likely to be better than no audit. paul
Re: Help with qmail and ezmlm
On Wed, Nov 15, 2000 at 12:51:43PM -, Pedro Pires wrote: Hello I'm using ezmlm. Good. Then try the list for ezmlm: [EMAIL PROTECTED] I have a list of people in a list. I use ezmlm-send to send the message in the following way # ezmlm-send ~/list "mail.file" I've checked the queue and the emails of the users that the message is suposed to go are ok. But after the email is sent by qmail the email that apears in the "To:" label isn't correct. It apears like this "pedro.pires?[EMAIL PROTECTED]" and it should apear "[EMAIL PROTECTED]" Anyone have experienced this? Thanks Pedro Pires -- +--- | Ricardo Cerqueira | PGP Key fingerprint - B7 05 13 CE 48 0A BF 1E 87 21 83 DB 28 DE 03 42 | Novis - Engenharia ISP / Rede Técnica | Pç. Duque Saldanha, 1, 7º E / 1050-094 Lisboa / Portugal | Tel: +351 2 1010 - Fax: +351 2 1010 4459 PGP signature
RE: secrets and lies
Just because it's ``often'' done doesn't mean it's correct. To me, and possibly others, open source is used to describe software that uses a licence conforming to the Open Source Definition. I like: "3 a: completely free from concealment : exposed to general view or knowledge b : exposed or vulnerable to attack or question" BSD folks may like: "14 a (1) : characterized by lack of effective regulation of various commercial enterprises (2) : not repressed by legal controls b : free from checking or hampering restraints c : relatively unguarded by opponents " (from www.yourdictionary.com) for the use of "Open". Now back to security and audits and the DJB world. For software I want to look at the overall design first. Then I want to see the "style" the coder used. This is not about what tab stops were used or the brace style but how comments, defines, subroutines, variable names and constants are used in the code. I did this with DJBDNS and DNSCache. I see the strengths and weaknesses of the code and feel that within the scope of the project it is acceptable. For a larger project I would have objections. It is possible that DJB has files of code documentation that he has not made public that would eliminate these objections. My next wish would be to conduct a formal code review with the author. To sit down and have them explain each routine. Tell me why they chose one method over another. "Audits" have merit but in my view they are not as productive as a formal review with the author. As for license, it appears that DJB has chosen to simply reserve his lawful rights as the author. I would assume that this is the safest path as the case law is very extensive for these rights. I am unaware of any case law involving the GLP (in its many forms).
Re: secrets and lies
Adam McKenna [EMAIL PROTECTED] writes: On Wed, Nov 15, 2000 at 08:18:29PM +1300, Chris K. Young wrote: I say that dist.html should be considered authoritative. There are references in the qmail and djbdns documentation that contain the URL to their respective pages. That's what you say. But there isn't a definitive license (i.e. LICENSE or COPYING) in the qmail distribution that explains those rights There's nothing magical about those names. The names "dist.html" and "softwarelaw.html" are just as good, and I don't see why they should have to be included in the distribution. some web page could be altered or taken down at any time, leaving users without any rights whatsoever. IANAL (are you?), but I doubt that a copyright holder can revoke permission already granted in this way. The *record* (or rather, *one* record) of permission could be removed, but how does that affect the permission itself? paul
Re: secrets and lies
Charles Cazabon wrote: However, as far as qmail goes: all the crackers in the world have had access to the qmail source code and design documentation for years, and none have yet found an exploitable security hole. You could consider that a fairly thorough audit-by-fire. There is no proof any were trying either. -- Michael T. Babcock, C.T.O. FibreSpeed http://www.fibrespeed.net/~mbabcock
Re: secrets and lies
Adam McKenna wrote: On Tue, Nov 14, 2000 at 09:11:32PM +0100, Matthias Andree wrote: Mr. Schneier is respected for his expertise and cryptography, and just because he states that head money for bugs is no good, does not make him an M S type weenie. You're right, Bruce Scheiner is a god, and I'm really sorry for disagreeing with him. No, no ... this is a djb list -- HE is god, and Bruce is just respected ;-). -- Michael T. Babcock, C.T.O. FibreSpeed http://www.fibrespeed.net/~mbabcock
Re: running daemontools on qmail with large locals and rcpthosts files
Eric Yu: The file size for both /var/qmail/control/locals and rcpthosts exceeds 1M (this incl. around 65000 cobrands). in this case you should allocate as much space in the ./run- files. the routines activated usually return some result or -1 to indicate failure. so you should establish the exact point of failure. then you might want to try the environment settings (how big is the resident set size of the different qmail programs?). 421 unable to read controls (#4.3.0) could this mean a malloc failure? clemens
Re: secrets and lies
Paul Jarc [EMAIL PROTECTED] writes on 15 November 2000 at 11:07:43 -0500 Adam McKenna [EMAIL PROTECTED] writes: On Wed, Nov 15, 2000 at 08:18:29PM +1300, Chris K. Young wrote: I say that dist.html should be considered authoritative. There are references in the qmail and djbdns documentation that contain the URL to their respective pages. That's what you say. But there isn't a definitive license (i.e. LICENSE or COPYING) in the qmail distribution that explains those rights There's nothing magical about those names. The names "dist.html" and "softwarelaw.html" are just as good, and I don't see why they should have to be included in the distribution. In terms of convincing a corporate lawyer that it's okay to install software on a corporate system, a specific license distributed with the software specifically granting various permissions would be extremely useful. Dan is probably right that no special permissions are needed to make normal uses of his code (which is what he says on his web pages), but if the corporate lawyer isn't in agreement with him, he's going to say "no". That's a corporate lawyer's job, after all. some web page could be altered or taken down at any time, leaving users without any rights whatsoever. IANAL (are you?), but I doubt that a copyright holder can revoke permission already granted in this way. The *record* (or rather, *one* record) of permission could be removed, but how does that affect the permission itself? Demonstrating that the permission was granted gets harder if the pages are taken down. -- David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED] SF: http://www.dd-b.net/dd-b/ Minicon: http://www.mnstf.org/minicon/ Photos: http://dd-b.lighthunters.net/
Re: secrets and lies
Mate Wierdl [EMAIL PROTECTED] writes on 15 November 2000 at 00:07:35 -0600 On Tue, Nov 14, 2000 at 04:13:19PM -0500, Bennett Todd wrote: efforts is on monitoring and risk management. With that as a given, I expect he runs sendmail and BIND; things like qmail and djbdns are for those of us who haven't given up on really completely securing our systems:-). First I thought B.S. runs qmail and ezmlm, but it seems his mailinglist is run by DD-B. counterpane.com servers run postfix and sendmail---as you indicated. Just for nit-picky precision, I don't run the list; it's run by one of Bruce's employees, using my system, and the software I have installed there. -- David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED] SF: http://www.dd-b.net/dd-b/ Minicon: http://www.mnstf.org/minicon/ Photos: http://dd-b.lighthunters.net/
Re: Alias - .qmail-default
"Expert" [EMAIL PROTECTED] wrote: My .qmail-default have the line: | /var/qmail/bin/fastforward -d /etc/aliases.cdb. The /etc/aliases have the line: MAILER-DAEMON: admin . I'm receiving a lot of emails from someone trying to spam me but, the accounts that the spamer is trying to spam doesn't exists so, the qmail send a MAILER-DAEMON message to admin saying that the account doesn't exists. By default, qmail sends double bounces to postmaster, not MAILER-DAEMON. Bounces and double bounces are sent *from* MAILER-DAEMON, but removing a MAILER-DAEMON alias won't stop them from being sent r delivered to postmaster. I disabled this line from .qmail-default in order to prevent the qmail from send this message but, I looked at the logs and I saw that when a message to an unknown arrive this logs the message DID. What does "the message DID" mean? My question is : Where this messages to an unknown user is stored ? They're not stored, they're returned to the sender (a bounce). If the sender is invalid, the bounce bounces (a double bounce), which is sent to postmaster on recipient's system. Is this message discarded ? qmail doesn't discard messages, bounces, or double bounces, but triple bounces (double bounces that can't be delivered to postmaster (or doublebounceto)) *are* discarded. -Dave
Re: accepting and delivering locally for a different IP ...
wolfgang zeikat [EMAIL PROTECTED] wrote: how can i make qmail accept mails for user@[123.123.123.123] when the machine 123.123.123.123 forwards all mails to our qmail server? Put 123.123.123.123 in control/locals and control/rcpthosts. -Dave
Re: running daemontools on qmail with large locals and rcpthosts files
[EMAIL PROTECTED] wrote: I'd upgraded my daemontools on qmail from version 0.53 to 0.7. The file size for both /var/qmail/control/locals and rcpthosts exceeds 1M (this incl. around 65000 cobrands). However using the new daemontool with svscan somehow prevent qmail from running with big locals and rcpthosts, i hv try to reducing the file size to around 160K (around 1 cobrands) and it works. However when i add 5000 cobrand more into the locals and rcpthosts, it crashes again. You should definitely be using control/morercphosts. See the qmail-smtpd man page. -Dave
Re: tcpserver virtual domain
"Kiran" [EMAIL PROTECTED] wrote: 1. I am able to send receive mails, but i need to start qmail manually even though i have written the init scripts. This is the error i get in the nohup.out which is created when starting qmail file : nonup env - PATH="$PATH" svscan ./run: Can't reopen pipe to command substitution (fd 4): No child processes Hmm, I wonder what's in your run script(s). And on checking the files under /var/log/qmail directory I get the following message : @40003a12898c17eccf2c tcpserver: fatal: unable to bind: address already used. tcpserver is trying to listen to some port (probably 25), but something else is already listening on that port (e.g., sendmail, inetd, xinetd, tcpserver). The IP that has been assigned to this linux box is not being used anywhere else. The "address" it's talking about is a port number, not an IP address. 2.One more thing was the machine was giving a 'host not found' error for the 2nd domain that i had given. I had assigned a 2nd domain and given the full entries in the locals and the rcpthosts file. When i try to send a mail to that domain, it gives me a "Host unknown (Name server: lists.example2.com.example2.com : host not found)" error.The dns entries for the MX and A records point to the correct machine but this error occurs. I tried telnet into that domain on port 25. It accepted the RCPT TO address and the data. But when i checked the logs i founs the error : Nov 15 18:54:33 lists qmail: 974294673.441538 delivery 37: deferral: Sorry,_I_couldn't_find_any_host_by_that_name._(#4.1.2)/. Now I am stuck here. Could u plz suggest a way out. Sure: provide some real information instead of a summary that says, basically, "I did everything right but it doesn't work." The output of qmail-showctl would be a good start. -Dave
Re: secrets and lies
On Wed, Nov 15, 2000 at 11:07:43AM -0500, Paul Jarc wrote: Adam McKenna [EMAIL PROTECTED] writes: On Wed, Nov 15, 2000 at 08:18:29PM +1300, Chris K. Young wrote: I say that dist.html should be considered authoritative. There are references in the qmail and djbdns documentation that contain the URL to their respective pages. That's what you say. But there isn't a definitive license (i.e. LICENSE or COPYING) in the qmail distribution that explains those rights There's nothing magical about those names. The names "dist.html" and "softwarelaw.html" are just as good, and I don't see why they should have to be included in the distribution. some web page could be altered or taken down at any time, leaving users without any rights whatsoever. IANAL (are you?), but I doubt that a copyright holder can revoke permission already granted in this way. The *record* (or rather, *one* record) of permission could be removed, but how does that affect the permission itself? No, I'm not a lawyer, but to defend a copyright infringement claim in court you would need some sort of proof that you had been given that permission, and if a web page that can be taken down or modified at any time is the only source, I can see how that would be unsettling to advocates of Free Software. If a license had been included in the source tarball, then everyone who had downloaded that tarball would also have a copy of the license, making it much easier to prove the terms under which the software was released. I'm not saying Dan would ever sue anyone for infringement, but then again I'm not the person deciding whether or not something should go in main or non-free (and if I was, I'd probably still put it in non-free, even though I believe it loosely conforms.) It's also worth mentioning that while softwarelaw.html describes Dan's feelings about software/copyright law, it may or may not describe actual software/copyright law (case law or otherwise). As far as I know, Dan is not a lawyer either. --Adam -- Adam McKenna [EMAIL PROTECTED] | "No matter how much it changes, http://flounder.net/publickey.html | technology's just a bunch of wires GPG: 17A4 11F7 5E7E C2E7 08AA| connected to a bunch of other wires." 38B0 05D0 8BF7 2C6D 110A| Joe Rogan, _NewsRadio_ 12:48pm up 158 days, 11:04, 11 users, load average: 0.05, 0.06, 0.01
Re: Forwarding with same envelope address
On 16 Nov 2000 00:16:19 +1100, Brett Randall wrote: No, qmail does not transform the envelope address. Create a ~user/.qmail (or ~alias/.qmail-user) with: | forward "$LOCAL"@otherhost.foo.com As long as the other host received mail for otherhost.foo.com, all will be fine (I know, I'm doing it...) I found that I needed to modify the alias line slightly, to remove the local user name that is prefixed to the address: | forward "${LOCAL#*-}"@otherhost.foo.com That way, [EMAIL PROTECTED] will get sent as [EMAIL PROTECTED] instead of [EMAIL PROTECTED] -- Mark Sidell Chief Programmer Forte Agent
Re: how to set the rights for maildir to be secure
Brett Randall [EMAIL PROTECTED] wrote: Is the maildir in their home folder? Then that is all that matters. Nope. The mode on the home directory matters, too. Set the numbers to whatever you like (777 if you really want to). Since the parent folder ($HOME) is readable only by the owner (if you haven't mangled the permissions), noone else will be able to read ~user/maildir/. All the world is not running whatever OS/distribution you happen to be using, so it's not safe to assume that home directories aren't publicly accessible. Even if every OS got this right, it'd still be prudent to protect subdirectories in case the home dir mode gets changed. Only the user needs access to the maildir, so "chmod 700 ~/Maildir" should do the trick. -Dave
Re: adding an outgoing-only smtp server?
"James T. Perry" [EMAIL PROTECTED] wrote: What I would like to do is this: host1 - primary MX for incoming and outgoing host2 - outgoing only host1 will be used for "regular" email traffic, with legit user accounts, while host2 will be mainly used for pumping out big loads of outgoing email (handling large lists). All bounces (and ofcourse all incoming email) will go to host1. Limited number of admins will be handling the lists on host2, so all email intended to go out to list members will be injected at host2 (e.g. not relayed from any other hosts). OK, so where are you stuck? Install qmail on host1 and host2, but skip qmail-smtpd on host2. Configure host2 to pretend to be either the MX or host1 (e.g., in control/me replace host2 with host1). -Dave
Re: AUTOMAILDIRMAKE
"suresh" [EMAIL PROTECTED] wrote: any knows what is automaildirmake No, but but I'm sure if you keep asking about it, someone will. -Dave
Re: secrets and lies
"David Dyer-Bennet" [EMAIL PROTECTED] wrote: Dan is probably right that no special permissions are needed to make normal uses of his code (which is what he says on his web pages), but if the corporate lawyer isn't in agreement with him, he's going to say "no". That's a corporate lawyer's job, after all. Anyone's lawyers disagree with Dan? If not, I don't see why Dan should concern himself with convincing hypothetical lawyers...real lawyers are enough of a challenge. -Dave
Tired of this virus
I am using qmail-scanner, and it has been effectively blocking this virus, although I'm tired of recieving the notifications about it (at least 2-5 daily), yet I don't want to disable the mail me feature just for this one virus. Aside from setting up a filter in my MUA to delete these, I would prefer to block it on the qmail side before it reaches the qmail-scanner program. Here is the header, it's all sorts of messed up and they all come from different IP's (I think it's being spoofed), and I've already attempted blocking it in the badmailfrom file as anything from sexyfun.net: Received: from ol53-251.openlink.com.br (HELO v5o0d0) (200.188.53.251) by ns1.mycomputer.com with SMTP; 15 Nov 2000 17:30:50 - From: Hahaha [EMAIL PROTECTED] Subject: Branca de Neve pornô! MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--VE5UJG9UBW9EJKLAV49Q7" Any ideas? Thanks for your time, -- Eric Garff MyComputer.com System Admin Our Tools. Your Site. Just remember, if the world didn't suck, we'd all fall off. --
Re: secrets and lies
Adam McKenna [EMAIL PROTECTED] wrote: I think "select few" as you have used it needs clarification -- even if only one half of one percent of all advanced C programmers are part of the "select few", that's still hundreds or thousands of people, and many of those people are part of the open source community. That estimate may well be high. I've never seen books or training covering the topic of security auditing C code. Where'd you get that 0.5%? A hell of a lot more, anyway, than are working at so-called "security firms", ready to stamp their approval on any product they get six or seven digit payments to "certify". ``So-called "security firms"'' that don't know what they're doing will eventually be discovered for the frauds that they are. In the security business, reputation is everything. An audit by some random "security firm" might not mean anything, but an audit by a recognized authority would. -Dave
Re: secrets and lies
Bennett Todd [EMAIL PROTECTED] wrote: And a case could be made that the charming and personable way qmail has been represented in various public fora makes this audit-by-fire even better: at this point, there are enough people around the world who hate djb's guts and would never touch anything that he even advocated much less wrote, just because of how much they like his way of carrying on discussions in public mailing lists, that I kinda expect more than one person has gone wading through qmail with blood in his eye, desperately hoping to wipe the smug grin off djb's face and get him to knock off the damned gloating already. Hasn't happened yet. _That's_ trial by fire. That's exactly what happened with Wietse Venema's "audit" of qmail that turned up the qmail-smtpd DOS (which is trivially prevented by proper installation (which INSTALL still doesn't cover, BTW)), which prompted Dan's "audit" of Postfix that turned up the problems with the world-writable maildrop. -Dave
Re: accepting and delivering locally for a different IP ...
Dave Sill wrote: Put 123.123.123.123 in control/locals and control/rcpthosts. -Dave ACK! i had mistyped the IP in both files, thanks for making me check once more :) wolfgang
Re: secrets and lies
On Wed, Nov 15, 2000 at 02:16:38PM +0100, Matthias Andree wrote: Adam McKenna [EMAIL PROTECTED] writes: On Tue, Nov 14, 2000 at 09:11:32PM +0100, Matthias Andree wrote: Mr. Schneier is respected for his expertise and cryptography, and just because he states that head money for bugs is no good, does not make him an M S type weenie. You're right, Bruce Scheiner is a god, and I'm really sorry for disagreeing with him. That is not what I meant, even subtracting sarcasm, irony and exaggeration. I'm saying that one particular opinion on a marginal topic that you disagree with does not make Mr. Schneier a bad person. Get a clue, in that you try to find out about that person as a whole before judging him. When, exactly, did I say he was a bad person? You are putting words in my mouth. Mate posted the following: "He also thinks that even having a software out and used for a few years without incidence does not imply that it is secure. He says, the best way to evaluate the security of a product is to have it audited by security experts." And I responded in context. Whether or not you or Mr. Scheiier like it, Microsoft has been using almost this exact argument to advocate their software over Free Software for quite a while now. I was informed (rather nastily) by Schneier disciples in subsequent postings that this opinion is not actually held by Mr. Schneier, and I (rather sarcastically) retracted my comments. Do we really need to dwell on this anymore? Or are we just arguing for the sake of arguing? I admit that I did not go look up "Secrets and Lies", buy it, read it, and then read other material by B. Schneier before posting a reply, but whether or not I am a self-proclaimed "security expert" (I'm not), I am relatively informed and knowledgable about computer security, and I am entitled to my opinion(s), whether or not they agree with Mr. Schneier's opinions, or the opinions of anyone else on this list. --Adam -- Adam McKenna [EMAIL PROTECTED] | "No matter how much it changes, http://flounder.net/publickey.html | technology's just a bunch of wires GPG: 17A4 11F7 5E7E C2E7 08AA| connected to a bunch of other wires." 38B0 05D0 8BF7 2C6D 110A| Joe Rogan, _NewsRadio_ 1:45pm up 158 days, 12:01, 10 users, load average: 0.00, 0.00, 0.00
Re: secrets and lies
Ryan Russell [EMAIL PROTECTED] writes: On Tue, 14 Nov 2000, Mate Wierdl wrote: Indeed, it would be interesting what kind of testing he is running on qmail, say (he says there are over 100 tests), and how he is trying to make sure his software is secure. If you want to see some of the tests he does, check out rts.tests that comes in the djbdns distribution. That sort of thing has its place, but it's not really related to auditing at all. Mostly, it's good for detecting compilation problems. paul
Re: AUTOMAILDIRMAKE
On Wed, Nov 15, 2000 at 01:05:26PM -0500, Dave Sill wrote: "suresh" [EMAIL PROTECTED] wrote: any knows what is automaildirmake No, but but I'm sure if you keep asking about it, someone will. It's a feature of qmail-ldap. I haven't seen it anywhere else. RC -- +--- | Ricardo Cerqueira | PGP Key fingerprint - B7 05 13 CE 48 0A BF 1E 87 21 83 DB 28 DE 03 42 | Novis - Engenharia ISP / Rede Técnica | Pç. Duque Saldanha, 1, 7º E / 1050-094 Lisboa / Portugal | Tel: +351 2 1010 - Fax: +351 2 1010 4459 PGP signature
Re: secrets and lies
Bennett Todd wrote: 2000-11-14-16:37:06 Lipscomb, Al: "Free Software" as promoted by the Free Software Foundation (FSF) is a different thing. I belive that the DJB software is Open Source, but not free. Unlike Open Source, the phrase "free software" strongly predates the Free Software Foundation and they've made no attempt at branding it; rather, they pursue branding the GNU General Public License (GPL), which is stricter than (but compatible with) the Open Source Definition. I must disagree with you here -- the FSF does indeed spend time and effort to make sure that the term "Free Software" brings the FSF to peoples' minds. Feel free to read the recent discussion between a 3D library programmer and RMS (last week's slashdot articles?) -- RMS spends much time pointing out that he will talk about "free software" but not "open source" because "open source" is one thing and "free software" is what the FSF is about.-- Michael T. Babcock, C.T.O. FibreSpeed http://www.fibrespeed.net/~mbabcock
Re: secrets and lies
* Felix von Leitner [EMAIL PROTECTED] writes: [...] The OpenBSD guys lost their credibility as software security authority when they decided to include sendmail as standard MTA. Well, we all know why they cannot include qmail. :-/ Theo is rumored to have said something like "There were no remote root exploits for two years, so it must be secure now, right?" I don't have any sort of sexual relationship with Theo, but that's not quite true. It's more like "we've had a look at the code and it looks secure now, right?". And I know that *my* copies of OpenBSD are not running sendmail. -- Robin S. Socha http://socha.net/
Re: secrets and lies
On Wed, Nov 15, 2000 at 01:21:40PM -0500, Dave Sill wrote: Adam McKenna [EMAIL PROTECTED] wrote: I think "select few" as you have used it needs clarification -- even if only one half of one percent of all advanced C programmers are part of the "select few", that's still hundreds or thousands of people, and many of those people are part of the open source community. That estimate may well be high. I've never seen books or training covering the topic of security auditing C code. Where'd you get that 0.5%? I pulled it out of somewhere. A hell of a lot more, anyway, than are working at so-called "security firms", ready to stamp their approval on any product they get six or seven digit payments to "certify". ``So-called "security firms"'' that don't know what they're doing will eventually be discovered for the frauds that they are. In the security business, reputation is everything. An audit by some random "security firm" might not mean anything, but an audit by a recognized authority would. It might. It also might not, because even the best auditors could miss something. --Adam -- Adam McKenna [EMAIL PROTECTED] | "No matter how much it changes, http://flounder.net/publickey.html | technology's just a bunch of wires GPG: 17A4 11F7 5E7E C2E7 08AA| connected to a bunch of other wires." 38B0 05D0 8BF7 2C6D 110A| Joe Rogan, _NewsRadio_ 2:18pm up 158 days, 12:35, 10 users, load average: 0.00, 0.00, 0.00
resend incoming mail to specific doamin
I need to resend all the incoming mail for an account to all the receipents in the header having a specific domain. For instance if I have the following in the header: To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED],[EMAIL PROTECTED] I want to resend mail to only addresses for dom.com, in this case a and c, b should be ignored while sending. Thanks all. Shakaib Sayyid
Re: adding an outgoing-only smtp server?
Hi Dave, Dave Sill wrote: OK, so where are you stuck? oops, sorry ;) I must have sent out the message in the middle of my racing thoughts. I was wondering whether to include host2 also as an MX in the dns records although host1 is the only MX handling incoming and part of outgoing (none from host2). Install qmail on host1 and host2, but skip qmail-smtpd on host2. Configure host2 to pretend to be either the MX or host1 (e.g., in control/me replace host2 with host1). Wow, that simple? Thank you for your input. (now I need to find myself another box :) OTOH, this is where I am confused still: If I'm correct, I don't need an MX entry for host2 in the dns records right? (since it shouldn't respond to incoming messages) But if host2 sends email out as host1 without host2 listed as an MX, wouldn't the IP address or "return-path" resolve back to an "unknown" host, or get denied from the remote smtp server? Where-as, if host2 was listed also as an MX, qmail-smtpd is not running on it so won't the messages get deferred/bounced if any incoming connections were attempted? (sorry for this confusion) Thanks again. cheers, jamie #-#-#-#-#-#-#-# -- If somebody can help create a search engine for my room, I will call them a Saint... GUI == Graphical User Interference
removing Delivered-To header...?
Hi- I have a qmail server hosting several virtual domains, and all mail delivered to recipients in the virtual domains have a Delivered-To header line indicating the "main" domain name of the server. I want to delete this line, and I understand that the -d option to preline is the way to do this, but *where* do do do this? TIA --Pete
Re: secrets and lies
On 15 Nov 2000, Paul Jarc wrote: If you want to see some of the tests he does, check out rts.tests that comes in the djbdns distribution. That sort of thing has its place, but it's not really related to auditing at all. Mostly, it's good for detecting compilation problems. Several of the things he checks for are related to too-long requests. In my mind, that's checking for buffer overflows. Perhaps that wasn't the intention. Ryan
Re: secrets and lies
Dave Sill [EMAIL PROTECTED] writes on 15 November 2000 at 13:09:25 -0500 "David Dyer-Bennet" [EMAIL PROTECTED] wrote: Dan is probably right that no special permissions are needed to make normal uses of his code (which is what he says on his web pages), but if the corporate lawyer isn't in agreement with him, he's going to say "no". That's a corporate lawyer's job, after all. Anyone's lawyers disagree with Dan? If not, I don't see why Dan should concern himself with convincing hypothetical lawyers...real lawyers are enough of a challenge. Given the prevalence of licenses distributed with free software, I believe LOTS of people's lawyers are of the opinion that it's of value. -- David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED] SF: http://www.dd-b.net/dd-b/ Minicon: http://www.mnstf.org/minicon/ Photos: http://dd-b.lighthunters.net/
cr.yp.to delays
Adam McKenna writes: By the way, why are the cr.yp.to lists so slow lately? UIC is paying its ISP for a measly 14Mbps. UIC has been hitting this limit more and more frequently since the beginning of September. The packet-loss rate averages over 2% now, even if you don't count the recent 30-hour outage, and hits 25% at busy times. UIC's computer center is an independently operated profit-making enterprise. It has no incentive to pay for adequate network service. Maybe the router is being flooded by some easily fixed source of traffic; the computer center won't even bother investigating. I am interested in hearing quotes from Chicago ISPs for independently wiring the math department and providing various levels of network service. We're at 851 S. Morgan. ---Dan
Re: secrets and lies
Adam McKenna [EMAIL PROTECTED] wrote: On Wed, Nov 15, 2000 at 01:21:40PM -0500, Dave Sill wrote: An audit by some random "security firm" might not mean anything, but an audit by a recognized authority would. It might. It also might not, because even the best auditors could miss something. No, it *would* mean something. The fact that audit won't be perfect and might miss something doesn't mean that audits are worthless, it just means that they can't guarantee security. -Dave
Re: resend incoming mail to specific doamin
Shakaib Sayyid [EMAIL PROTECTED] wrote: I need to resend all the incoming mail for an account to all the receipents in the header having a specific domain. For instance if I have the following in the header: To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED],[EMAIL PROTECTED] I want to resend mail to only addresses for dom.com, in this case a and c, b should be ignored while sending. Forward to a script that parses the headers, perhaps using mess822, and forwards accordingly. -Dave
Re: secrets and lies
Adam McKenna [EMAIL PROTECTED] writes: When, exactly, did I say he was a bad person? You are putting words in my mouth. I extracted that from the term "M$-weenie". And I responded in context. Whether or not you or Mr. Scheiier like it, Microsoft has been using almost this exact argument to advocate their software over Free Software for quite a while now. Yes, and we can see how long it takes Microsoft to fix these issues, particularly for localized software. You don't see the audit reports, you don't know who makes them, and so on. You know that. Security by obscurity cannot be alleviated by FUD. I admit that I did not go look up "Secrets and Lies", buy it, read it, and then read other material by B. Schneier before posting a reply, but whether or not I am a self-proclaimed "security expert" (I'm not), I am relatively informed and knowledgable about computer security, and I am entitled to my opinion(s), whether or not they agree with Mr. Schneier's opinions, or the opinions of anyone else on this list. Of course, the presentation of your opinion, calling somebody you don't know names, left room for desires. -- Matthias Andree
Re: how to set the rights for maildir to be secure
On Wed, 15 Nov 2000, [EMAIL PROTECTED] wrote: At 01:14 16.11.00 +1100, you wrote: Then that is all that matters. Set the numbers to whatever you like (777 if you really want to). with 777 you enable all, that's not I wont. I want the min, but mail must function. I'm not sure you actually understand how unix works. All the folders in /home shouldn't be accessible to other users anyhow. They should only be able to access their own home dir. Therefore the same goes for everything inside (including their maildir). I think you should go and read a small book on unix administration before you go any further... -- B r e t t R a n d a l l http://xbox.ipsware.com/ brett_ @ _ipsware.com
Re: adding an outgoing-only smtp server?
"James T. Perry" [EMAIL PROTECTED] wrote: I was wondering whether to include host2 also as an MX in the dns records although host1 is the only MX handling incoming and part of outgoing (none from host2). No, only SMTP servers should be listed in MX's. If I'm correct, I don't need an MX entry for host2 in the dns records right? (since it shouldn't respond to incoming messages) Right. But if host2 sends email out as host1 without host2 listed as an MX, wouldn't the IP address or "return-path" resolve back to an "unknown" host, or get denied from the remote smtp server? A clever remote server might reverse lookup host2's IP address, yes. I think it'd be sufficient to set control/helohost to host2's FQDN. I don't know of any MTA's that check the return path hostname against the HELO hostname. Where-as, if host2 was listed also as an MX, qmail-smtpd is not running on it so won't the messages get deferred/bounced if any incoming connections were attempted? Yes, they would. -Dave
qmail and pgsql
Hi, Can anyone explain to me why when I compile qmail-1.03 with pgsql-0.14 patch and run qmail-start I get a pid returned, but when I check the process list it is not there? In order to call qmail-start, I'm calling the rc script the comes supplied. This method worked well under mysql, but I just can't seem to get qmail started under postgres. TIA -- Dean Browett
Re: secrets and lies
On Wed, Nov 15, 2000 at 10:01:18PM +0100, Matthias Andree wrote: Of course, the presentation of your opinion, calling somebody you don't know names, left room for desires. I said "sounds like". And in the context in which his opinion was presented, it sounds a lot like MS's. --Adam -- Adam McKenna [EMAIL PROTECTED] | "No matter how much it changes, http://flounder.net/publickey.html | technology's just a bunch of wires GPG: 17A4 11F7 5E7E C2E7 08AA| connected to a bunch of other wires." 38B0 05D0 8BF7 2C6D 110A| Joe Rogan, _NewsRadio_ 5:17pm up 158 days, 15:33, 10 users, load average: 0.06, 0.02, 0.00
Re: accessing $local in fastforward alias file
On Tue, Nov 14, 2000 at 04:19:22PM +, Tristan Graham wrote: Hi, I need to implement forwarding of the form user@somedomain - user@someotherdomain. i.e. the original user at the original domain is propagated to the forwarded domain. Are there any mystical variables that can be used within the alias file ? If anyone can help I would be most grateful, See forward(1) NAME forward - forward new mail to one or more addresses SYNOPSIS in .qmail: |forward address ... And, as this is a command, see qmail-command(8): NAME qmail-command - user-specified mail delivery program SYNOPSIS in .qmailext: |command And see ENVIRONMENT VARIABLES in that manpage. So, something like |forward "${LOCAL}@someotherdomain" should do it... Tristan Graham, Inweb. -- Brian 'you Bastard' Reichert[EMAIL PROTECTED] 37 Crystal Ave. #303Daytime number: (603) 434-6842 Derry NH 03038-1713 USA Intel architecture: the left-hand path
Re: secrets and lies
Mate Wierdl wrote: [included qmail list again] On Wed, Nov 15, 2000 at 12:29:14AM +0100, Andre Oppermann wrote: I, as the author of the qmail-ldap patch, have looked deeply into the guts of qmail and found it to be secure. If one actually reads the source and see's the way Dan writes software he would find that qmail is secure. The only possible holes are OS bugs or issues. Now that sounds really good. Does this mean you ran several systematic tests? Do you have any observation on DoS attacks like the "distributed" qmail-smtpd attack of Russ or the "queue attack" of Vietse where a local user could fill up the queue in seconds with 0 length files? DoS attacks were not part of the evaluation. Since the focus of qmail-ldap is closed non-shell mail servers also local attacks have not been looked at in very deep detail. What can be said truely is that qmail is safe from any remote attacks in terms of exploiting bugs of buffer overflows via SMTP or POP3. There are two kinds of DoS attacks; attacks that last as long as they are mounted, as soon as it stop everything goes back to normal. And attacks that make a system require manual intervention to make it fulfill it's purpose again. Given enough resources it is very well possible indeed to DoS qmail by consuming all available SMTP sessions. While this attack qmail will not bog down the whole machine and as soon as the attack is over it will simply return to normal processing of messages. Sendmail on the other hand (at least used to) fork until the whole machine bogs down. Another possible qmail attack is it's late bouncing for non-existent users. Using a false envelope sender address you could fill up the queue with double bounces. I consider this a more serious problem. The decision to handle bouncing this way was appearently part of the security and modularity concept of qmail. Qmail-ldap contains many enhancements to check the envelope sender to make this more unlikely. Never the less it is still possible. Whereas I still rest well at night because this kind of attack requires significant remote resources and is not likely to happen. Anyway, this kind of attack can be mounted against other MTA's as well. It's simply a problem of finite resources. While not perfect in any given aspect qmail is surely one of the best, if not the best, MTA you can run and trust on. -- Andre
re-process delivered mail
I have a user that has requested his mail be forwarded to a new address. This is fine, but is there a way to reprocess his allrready delivered mail in $HOME/Maildir so that is sent on to the new forward address? -Colin
max number of virt. domains
What's the maximum number of virtual domains on one qmail-server and administrated with qmailadmin?? greetings Marco Leeflang Leeflang-IT Netherlands
qmailadmin add pop-account failure
I use qmailadmin-0.39 and vpopmail-4.9.6 If you push the add button in add pop account with empty fields i get 2 situations. First after push the add button vpasswd for that domain is cleared, 0 bytes cdb files still ok. Second a entry in vpasswd is add with no popaccount and username information in it vpasswd: :2sLuN/OVWa6pw:1:0::/home/vpopmail/domains/leeflang-it.nl/:NOQUOTA This entry can't deleted by qmailadmin, only just by hand. Any idea's ??? greetings, Marco Leeflang Leeflang-IT Netherlands
Re: removing Delivered-To header...?
Quoting Peter Cavender ([EMAIL PROTECTED]): Hi- I have a qmail server hosting several virtual domains, and all mail delivered to recipients in the virtual domains have a Delivered-To header line indicating the "main" domain name of the server. Fascinating. Is that a government secret, or something? Doesn't the Received header also mention what your domain name is? I want to delete this line, and I understand that the -d option to preline is the way to do this, but *where* do do do this? Hmmm, but what program will you use to actually do the delivery? You don't mention what mailbox format you're using. Anyway, Delivered-To is there to prevent mail loops. Not all that terrific an idea to cut them out. Aaron
Leave this lista
Can anyone explain me how I leave this list? Please, somebody tell me... Thanks
Re: Leave this lista
At 05:36 PM 11/15/2000, you wrote: Can anyone explain me how I leave this list? Please, somebody tell me... Thanks you can unsub anytime you like, but you can never leave it's just like subscribing, only backwards...
Delivering mail locally
hello, perhaps this is another silly question, but I'm trying to deliver mail locally. So if my server's domain is domain.com, and I try to send mail to [EMAIL PROTECTED] from my own local account (ie: [EMAIL PROTECTED] to [EMAIL PROTECTED]), qmail complaints that in the MX list for domain.com, the first MX record points back to the original server.. Which is currect, since the first MX record (with the highest priority) is the actual host, I'm working on now. Can anyone offer some insight? Thanks! Oliver __ Do You Yahoo!? Yahoo! Calendar - Get organized for the holidays! http://calendar.yahoo.com/
Re: Delivering mail locally
On Wed, Nov 15, 2000 at 05:42:31PM -0800, Oliver Menzel wrote: hello, perhaps this is another silly question, but I'm trying to deliver mail locally. So if my server's domain is domain.com, and I try to send mail to [EMAIL PROTECTED] from my own local account (ie: [EMAIL PROTECTED] to [EMAIL PROTECTED]), qmail complaints that in the MX list for domain.com, the first MX record points back to the original server.. A lot of people asking for qmail help seem to be working with "foo.com," "domain.com," etc. Why not help us by providing actual domain names? After that, post the output of qmail-showctl. PGP signature
rbl users beware: MSN blocked
Just got a call from an angry MSN user. http://www.internetnews.com/isp-news/article/0,,8_512791,00.html jon
Re: rbl users beware: MSN blocked
On Wed, 15 Nov 2000, Jon Rust wrote: Just got a call from an angry MSN user. http://www.internetnews.com/isp-news/article/0,,8_512791,00.html jon It's too bad that companies can't set up two systems... one for people who don't want to receive this spam crap and one for customers who lack clue. Amen for blocking MSN. Scott
Duplicate messages.
OK. I've searched through some of the archives for a solution to this. However I could not find an answer. We use qmail 1.03 with vpopmail 4.9.4 and MySQL 3.22.32. After adding a new domain we have started receiving some duplicate messages on only that domain. I've yet to see it happen on any of the others. Below are the logs which have the relevant delivery information. Domain2.net is not located on the server domain1 and domain3 both are. The message going to domain3 was in duplicate where as the message to domain1 was not. The header of the message is listed below as well, the duplicate is identical to it down to ever letter. Does anyone have any suggestions as to what we can do to resolve this? Thanks Andy Abshagen System Administrator Data-Vision, Inc. 219-243-8625, 888-925-8625 [EMAIL PROTECTED] Nov 15 21:24:27 mail qmail: 974341467.079616 new msg 182107 Nov 15 21:24:27 mail qmail: 974341467.079878 info msg 182107: bytes 601 from [EMAIL PROTECTED] qp 26530 uid 504 Nov 15 21:24:27 mail qmail: 974341467.088963 starting delivery 34992: msg 182107 to local [EMAIL PROTECTED] Nov 15 21:24:27 mail qmail: 974341467.089138 status: local 1/120 remote 0/120 Nov 15 21:24:27 mail qmail: 974341467.158027 delivery 34992: success: did_0+0+2/ Nov 15 21:24:27 mail qmail: 974341467.158235 status: local 0/120 remote 0/120 Nov 15 21:24:27 mail qmail: 974341467.158306 end msg 182107 Nov 15 21:24:28 mail qmail: 974341468.105875 new msg 182107 Nov 15 21:24:28 mail qmail: 974341468.106138 info msg 182107: bytes 601 from [EMAIL PROTECTED] qp 26544 uid 504 Nov 15 21:24:28 mail qmail: 974341468.111806 starting delivery 34993: msg 182107 to local [EMAIL PROTECTED] Nov 15 21:24:28 mail qmail: 974341468.111965 status: local 1/120 remote 0/120 Nov 15 21:24:28 mail qmail: 974341468.155358 delivery 34993: success: did_0+0+1/ Nov 15 21:24:28 mail qmail: 974341468.155568 status: local 0/120 remote 0/120 Nov 15 21:24:28 mail qmail: 974341468.155638 end msg 182107 Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: (qmail 26530 invoked from network); 16 Nov 2000 02:24:26 - Received: from omega.domain2.net (216.163.32.50) by mail.domain4.com with SMTP; 16 Nov 2000 02:24:26 - Received: from tc-34-124.domain2.net (omega.domain2.net [216.163.32.50]) by omega.qtm.net (8.9.3/8.9.3) with SMTP id VAA91363; Wed, 15 Nov 2000 21:20:56 -0500 (EST) (envelope-from [EMAIL PROTECTED]) Message-Id: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] From: [EMAIL PROTECTED] Subject: dup test Date: Thu, 16 Nov 2000 02:20:57 GMT X-Mailer: Endymion MailMan Standard Edition v3.0.20
Re: re-process delivered mail
On Thu, Nov 16, 2000 at 09:41:13AM +1100, Colin Humphreys wrote: I have a user that has requested his mail be forwarded to a new address. This is fine, but is there a way to reprocess his allrready delivered mail in $HOME/Maildir so that is sent on to the new forward address? We frequently do the following: 1) configure the forward on your mailserver 2) use maildirsmtp to reinject the emails to your mailserver Works for us \Maex -- SpaceNet GmbH | http://www.Space.Net/ | Stress is when you wake Research Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
Re: adding an outgoing-only smtp server?
Hi Dave, I just wanted to thank you for giving me clarity (which also set off a number of chain-reactions in my head :). Best regards, jamie #-#-#-#-#-#-#-# -- If somebody can help create a search engine for my room, I will call them a Saint... GUI == Graphical User Interference
Very strange timeout
I have strange taimouts -- If clients (or other servers) d't use my SMTP server during 10 (or more) minuts appear timaut about 1 min. After this timeout all working OK - without some timeout till next pause from work SMTP server... I use tcpserver with -R -H options and Slackware linux...
Re: rbl users beware: MSN blocked
On Wed, Nov 15, 2000 at 06:58:30PM -0700, Scott D. Yelich wrote: It's too bad that companies can't set up two systems... one for people who don't want to receive this spam crap and one for customers who lack clue. As well as us who actually want to collect spam (for research and investigation purposes): http://em.ca/~bruceg/spam/ -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature