Re: ucspi-tcp docs
On Mon, Dec 04, 2000 at 02:45:59AM -0500, Jeremy Anthony wrote: is there any *real* documentation for ucspi-tcp? i'm sorry, but dan's is really not very descriptive What questions do you have that aren't answered by the man pages? PGP signature
qmail Digest 4 Dec 2000 11:00:00 -0000 Issue 1203
qmail Digest 4 Dec 2000 11:00:00 - Issue 1203 Topics (messages 53375 through 53398): Re: please help me 53375 by: Alexander Jernejcic 53377 by: Jenny Holmberg 53392 by: tatsuya kansaki Re: New release 20001201 is out] 53376 by: Andre Oppermann Eee; uspi-tcp upgrade back in March (version 0.88) 53378 by: David Dyer-Bennet 53379 by: Mark Delany More on MAPS RSS 53380 by: Kris Kelley 53395 by: Russ Allbery Re: Bye 53381 by: kevin.oceania.net long timeout after connecting 53382 by: megadesign 53383 by: Henning Brauer 53384 by: asantos 53391 by: Timothy Legant unsuscribe 53385 by: lawyer ReiserFS 53386 by: ari.doctordata.com.br 53387 by: Henning Brauer 53388 by: Alex Pennace 53389 by: Greg Owen 53390 by: Henning Brauer Re: AntiVirus! 53393 by: harold.nb.com.sg () 421 out of memory (#4.3.0) 53394 by: Huseyin YUCE - MARMARA Internet Merkezi ucspi-tcp docs 53396 by: Jeremy Anthony 53397 by: Alex Pennace dot qmail aliases files 53398 by: Sébastien ROZIER Administrivia: To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To subscribe to the digest, e-mail: [EMAIL PROTECTED] To bug my human owner, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] -- hi andi, tatsuya kansaki wrote: i put all of my machine name in rcpthost in /var/qmail/control/ when someone send e-mail for example [EMAIL PROTECTED] to [EMAIL PROTECTED] is going be normal.. but when hari@flamboyan send e-mail to [EMAIL PROTECTED] ..the message or e-mail can't be send.. [EMAIL PROTECTED] is the same address with [EMAIL PROTECTED] error message is at k3.umm.ac.id. please be so kind and post the output of qmail-showctl and the relevant lines of your logs showing the defferal of the mail. it would be much easier to help you. regards alexander tatsuya kansaki [EMAIL PROTECTED] writes: all of my machine name like flamboyan.umm.ac.id , unix.umm.ac.id and mail.umm.ac.id I put in to /var/qmail/control/rcpthost on k3.umm.ac.id when i send message from [EMAIL PROTECTED] to [EMAIL PROTECTED] qmail run normally. and my problem is when I send e-mail from [EMAIL PROTECTED] to [EMAIL PROTECTED] qmail cannot send this e-mail I try to put umm.ac.id in to /var/qmail/doc/rcpthost but it not solve my ^^^ This would seem to be the problem: It should be /var/qmail/control/rcpthosts, not /var/wmail/doc/rcpthost. problem. [EMAIL PROTECTED] is the same address with [EMAIL PROTECTED] what should i do..in order to qmail can send this message If you mean that [EMAIL PROTECTED] should be treated as a local delivery on k3.umm.ac.id, you also need to put umm.ac.id in /var/qmail/control/locals. Hope I've understood you correctly and been of some help. -- "I live in the heart of the machine. We are one." i try to make my problem be simple 1. i want to make my machine k3.umm.ac.id be domain for umm.ac.id 2. i put all of my machine name to /var/qmail/control/rcphost on k3.umm.ac.id like : mail.umm.ac.id ; unix.umm.ac.id ; k3.umm.ac.id 3. when i send e-mail from [EMAIL PROTECTED] to [EMAIL PROTECTED] qmail run normal..message from hari@mail deliver to [EMAIL PROTECTED] 4. [EMAIL PROTECTED] is the same address with [EMAIL PROTECTED] 5. when i put umm.ac.id in to /var/qmail/control/locals on k3.umm.ac.id, mail for [EMAIL PROTECTED] will be send to [EMAIL PROTECTED] not to [EMAIL PROTECTED] .. BTW [EMAIL PROTECTED] is different address with [EMAIL PROTECTED] 6. i want ..when i send e-mail from [EMAIL PROTECTED] to [EMAIL PROTECTED] the mail deliver to [EMAIL PROTECTED] . i want just type [EMAIL PROTECTED] without the word unix i try put umm.ac.id in to /var/qmail/control/rcpthost on k3.umm.ac.id but it didn't solve my problem. email from [EMAIL PROTECTED] cannot send to [EMAIL PROTECTED] i hope you didn't feel boring with my question below file from /var/log/maillog on k3.umm.ac.id Dec 4 08:50:04 k3-router qmail: 975919804.767619 new msg 141707 Dec 4 08:50:04 k3-router qmail: 975919804.770707 info msg 141707: bytes 488 from [EMAIL PROTECTED] qp 4805 uid 1022 Dec 4 08:50:04 k3-router qmail: 975919804.778059 starting delivery 12: msg 141707 to remote [EMAIL PROTECTED] Dec 4 08:50:04 k3-router qmail: 975919804.779315 status: local 0/10 remote 1/20 Dec 4 08:50:04 k3-router qmail: 975919804.804336 delivery 12: failure: Sorry._Although_I'm_listed_as_a_best-preference_MX_or_A_for_that_host,/it_isn't_ in_my_control/locals_file,_so_I_don't_treat_it_as_local._(#5.4.6)/ Dec 4 08:50:04 k3-router qmail: 975919804.809048 status: local 0/10 remote 0/20 Dec 4 08:50:04 k3-router qmail: 975919804.928109 bounce msg 141707 qp 4807
dot qmail aliases files
Hello, I'd like to create an alias, like [EMAIL PROTECTED] I tried to create a file ".qmail-firstname.lastname" in /var/qmail/aliases This doesn't work, my qmail configuration is working properly and other aliases without any dots are also working . Is the dot forbidden in a dot-mail alias file ? How could I create this alias then ? Thanx S. ROZIER
Re: dot qmail aliases files
On Mon, Dec 04, 2000 at 11:45:45AM +0100, Sébastien ROZIER wrote: Hello, I'd like to create an alias, like [EMAIL PROTECTED] I tried to create a file ".qmail-firstname.lastname" in /var/qmail/aliases This doesn't work, my qmail configuration is working properly and other aliases without any dots are also working . Is the dot forbidden in a dot-mail alias file ? How could I create this alias then ? http://cr.yp.to/qmail/faq/incominguser.html#alias-dots How did you find the address of this list yet you didn't find the FAQ? PGP signature
Re: dot qmail aliases files
On Mon, Dec 04, 2000 at 12:11:54PM +0100, Sébastien ROZIER wrote: For your information, when you post a message in a ML, use plain text. thanx. This is plain text, using PGP/MIME signatures. Many mailers handle it properly; it is even somewhat presentable in a non-MIME MUA. PGP signature
Qmail and rblsmtpd
Hi, When I set up Qmail without 'rblsmtpd' module and try to telnet to port 25, it repospond fastly but, after install 'rblsmtpd' module it suffered a big delay. I would like to know what can I do to qmail respond more fastly when 'rblsmtpd' is working. I put int my qmail.rc file the line : /usr/local/bin/tcpserver -b 64 -c 64 -x/etc/tcp.smtp.cdb -g 82 -u 82 -t 600 0 smtp /usr/local/bin/rblsmtpd /var/qmail/bin/qmail-smtpd 21 | /var/qmail/bin/splogger smtpd Roberto Samarone Araujo
Re: AntiVirus!
* [EMAIL PROTECTED] writes: I've been thinking of a scheme in which attachments of certain "dangerous" types get mangled, such that the filenames or types are intentionally misdeclared. So the user ends up with a plain base64 text file, which is meaningless, but which he can trivially decode to the original. Check your favourite seach engine for "Email security through procmail" aka Anomy, it does just that. This places the burden of vigilance back on the user where it belongs, rather than breeding a generation of click-happy users. And if he does decode and run it, and it is a virus, you can point a very accusing finger instead of a palms-up shrug. That won't work because a) even the worst luser soon finds out how to save and rename the files, and b) you won't be able to take the heat from your bosses. -- Robin S. Socha http://socha.net/
Re: AntiVirus!
Thus spake [EMAIL PROTECTED] ([EMAIL PROTECTED]): I've been thinking of a scheme in which attachments of certain "dangerous" types get mangled, such that the filenames or types are intentionally misdeclared. So the user ends up with a plain base64 text file, which is meaningless, but which he can trivially decode to the original. This places the burden of vigilance back on the user where it belongs, rather than breeding a generation of click-happy users. And if he does decode and run it, and it is a virus, you can point a very accusing finger instead of a palms-up shrug. While this sounds good, it does not solve the problem. This is about shifting the blame, not solving the problem, which is that users run insecure operating systems. As long as people run Windows, there will be a virus and trojan problem. I find it astonishing that people don't sue Microsoft for this. A whole industry thrives on Microsoft's bad code quality. And because most governments use Windows, this is even paid for by tax payer's money. Felix
Re: please help me
Am Montag, 4. Dezember 2000 05:35 schrieb tatsuya kansaki: Dec 4 08:50:04 k3-router qmail: 975919804.770707 info msg 141707: bytes 488 from [EMAIL PROTECTED] qp 4805 uid 1022 Dec 4 08:50:04 k3-router qmail: 975919804.804336 delivery 12: failure: Sorry._Although_I'm_listed_as_a_best-preference_MX_or_A_for_that_host,/it_i sn't_in_my_control/locals_file,_so_I_don't_treat_it_as_local._(#5.4.6)/ The error is more than clear if you read the error message. the error is explicitely named. spent some more time with the docs - they are your friends. -- Henning Brauer | BS Web Services Hostmaster BSWS| Roedingsmarkt 14 [EMAIL PROTECTED] | 20459 Hamburg www.bsws.de| Germany
Doubts
Hi all, I have some doubts about qmail-popup. I read the man of qmail-popup and I saw that exist some descriptors used by qmail-popup. My doubts are about it. Let me see if I figured out what man page says. Qmail-popup expects descriptor 0 from the network, sent by a client like a Outlook or Messenger. This descriptor 0 has the information about username and password. After this qmail-popup writes to the network with descriptor 1 and calls a subprogram (checkpassword) with the same descriptor 0 and 1. The second part of explanation I can't understand. Who uses the the descriptors 2 and 3? If qmail-popup uses descriptor 0 and 1 to read and write to network why are there descriptors 2 and 3? What are these descriptors in POP's USER-PASS style? Where I can find more information about this descriptors? I need to know this due to I'd like to make my perl program catching this descriptors. I need to access this descriptor, but I don´t know how I can catch them. Thanks in advance. Cleiton
Doubts
Hi all, I have some doubts about qmail-popup. I read the man of qmail-popup and I saw that exist some descriptors used by qmail-popup. My doubts are about it. Let me see if I figured out what man page says. Qmail-popup expects descriptor 0 from the network, sent by a client like a Outlook or Messenger. This descriptor 0 has the information about username and password. After this qmail-popup writes to the network with descriptor 1 and calls a subprogram (checkpassword) with the same descriptor 0 and 1. The second part of explanation I can't understand. Who uses the the descriptors 2 and 3? If qmail-popup uses descriptor 0 and 1 to read and write to network why are there descriptors 2 and 3? What are these descriptors in POP's USER-PASS style? Where I can find more information about this descriptors? I need to know this due to I'd like to make my perl program catching this descriptors. I need to access this descriptor, but I don´t know how I can catch them. Thanks in advance. Cleiton
Re: AntiVirus!
Thus spake [EMAIL PROTECTED] ([EMAIL PROTECTED]): I've been thinking of a scheme in which attachments of certain "dangerous" types get mangled, such that the filenames or types are intentionally misdeclared. So the user ends up with a plain base64 text file, which is meaningless, but which he can trivially decode to the original. This places the burden of vigilance back on the user where it belongs, rather than breeding a generation of click-happy users. And if he does decode and run it, and it is a virus, you can point a very accusing finger instead of a palms-up shrug. While this sounds good, it does not solve the problem. This is about shifting the blame, not solving the problem, which is that users run insecure operating systems. As long as people run Windows, there will be a virus and trojan problem. I find it astonishing that people don't sue Microsoft for this. A whole industry thrives on Microsoft's bad code quality. People will allways use Windows, no matter what the sysadmins say. The "lusers" want buttons, F1 and plug'n'play. The problem is not the OS security - most of the times there is no choise. The man askes for an antivirus softwere, not for compare between OSes.
Re: Doubts
On Mon, Dec 04, 2000 at 12:05:17PM -0200, Cleiton L. Siqueira wrote: I need to access this descriptor, but I don´t know how I can catch them. This is a perl programming problem, not a qmail one. Check out the section "checkpassword" at http://www.qmail.org/ there are examples of perl versions of checkpassword that can be used as coding examples. \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
Re: Doubts
Dear Markus, I know that, but did you read all the e-mail? I'd like to know how I can access the descriptors sent by the qmail-popup! What are these descriptors in POP's USER-PASS style? And the rest of my doubts are in the first email. Regards Cleiton Markus Stumpf gravada: On Mon, Dec 04, 2000 at 12:05:17PM -0200, Cleiton L. Siqueira wrote: I need to access this descriptor, but I don´t know how I can catch them. This is a perl programming problem, not a qmail one. Check out the section "checkpassword" at http://www.qmail.org/ there are examples of perl versions of checkpassword that can be used as coding examples. \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
smtproutes?
Where is the format for entries in smtproutes defined? While I have a default route set I want to add routes for certain domains to test them. Ed Weinberg, Q5 Comm, LLC. [EMAIL PROTECTED] tel 914-713-7222 fax 914-713-7227 Connecting you to the internet...
qmail-conf 0.53 available
qmail-conf 0.53 is now available through http://pobox.com/~tu/qmail-conf/install.html qmail-conf is a collection of tools for setting up various qmail services. They are like *-conf programs in djbdns. With qmail-conf, for example, setting up a minimal SMTP service takes the following four steps: qmail-smtpd-conf qmaild qmaill /var/qmail/service/smtpd cd /var/qmail/service/smtpd make ln -s /var/qmail/service/smtpd /service qmail-conf assumes that (recent versions of) daemontools and ucspi-tcp have already been installed. It also assumes that svscan is already running. qmail-conf tries to provide reasonable defaults: it avoids DNS reverse lookups; it avoids IDENT lookups; it lets TCP connection attempts be logged with multilog; and for POP3 and QMQP, connection attempts are denied unless you explicitly authorize your clients. qmail-conf reduces the need for editing ./run scripts by using envdir. For example, to raise the concurrency limit for the SMTP connection to 100, all you have to do is: echo 100 /service/smtpd/env/CONCURRENCY svc -t /service/smtpd qmail-conf does _not_ help you set up /var/qmail/alias, /var/qmail/control, /var/qmail/rc, and /var/qmail/users. -- Tetsu Ushijima
Daemon hang up using qmail-queue
Hi, I have an app running like a daemon, that read a database and insert mails in the qmail-queue. This daemon stop working after insert an variable number of emails in the qmail-queue. I have two specifics questions: 1) Is there something wrong in using this code inside an app running like daemon? If you think so, please give me clues about the fix. 2) Is there another (better) way of put multiples (differents) emails on the qmail queue; something like put the flat file of the message in an special directory? The chunk of code that insert the message is: Begin of code static char *binqqargs[2] = { "bin/qmail-queue", 0 }; static char *montab[12] = { "Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec " }; int send_message(char * msg, char * from, char ** recipients, int num_recipients) { /* ...Adds Date: ...Adds Message-Id:*/ int r; int wstat; int i; //struct tm * dt; unsigned long msgwhen; FILE * fdm; FILE * fde; pid_t pid; int pim[2]; /*message pipe*/ int pie[2]; /*envelope pipe*/ char *sender; /*open a pipe to qmail-queue*/ if(pipe(pim)==-1 || pipe(pie)==-1) { return -1; } pid = vfork(); if(pid == -1) { /*failure*/ return -1; } if(pid == 0) { /*I am the child*/ close(pim[1]); close(pie[1]); /*switch the pipes to fd 0 and 1 pim[0] goes to 0 (stdin)...the message*/ if(fcntl(pim[0],F_GETFL,0) == -1) { _exit(120); } close(0); if(fcntl(pim[0],F_DUPFD,0)==-1) { _exit(120); } close(pim[0]); /*pie[0] goes to 1 (stdout)*/ if(fcntl(pie[0],F_GETFL,0) == -1) { _exit(120); } close(1); if(fcntl(pie[0],F_DUPFD,1)==-1) { _exit(120); } close(pie[0]); if(chdir(QMAIL_LOCATION) == -1) { _exit(120); } execv(*binqqargs,binqqargs); _exit(120); } /*I am the parent*/ fdm = fdopen(pim[1],"wb"); /*updating*/ fde = fdopen(pie[1],"wb"); if(fdm==NULL || fde==NULL) { return -1; } close(pim[0]); close(pie[0]); /*start outputting to qmail-queue*/ fprintf(fdm,"%s\n",msg); fclose(fdm); /*send the envelopes*/ fprintf(fde,"F%s",from); fwrite("",1,1,fde); /*write a null char*/ for(i=0;inum_recipients;i++) { fprintf(fde,"T%s",recipients[i]); fwrite("",1,1,fde); /*write a null char*/ } fwrite("",1,1,fde); /*write a null char*/ fclose(fde); /*wait for qmail-queue to close*/ do { r = wait(wstat); } while ((r != pid) ((r != -1) || (errno == EINTR))); if(r != pid) { /*failed while waiting for qmail-queue*/ return -1; } if(wstat 127) { /*failed while waiting for qmail-queue*/ return -1; } /*the exit code*/ if((wstat 8)!=0) { /*non-zero exit status failed while waiting for qmail-queue*/ return -1; } return 0; } End of code NOTE: I took this code from the autorespond.c Thanks in advance, Roberto Matute
Re: smtproutes?
* Ed Weinberg [EMAIL PROTECTED] [001204 10:47]: Where is the format for entries in smtproutes defined? man qmail-remote /pg -- Peter Green : Gospel Communications Network, SysAdmin : [EMAIL PROTECTED] --- If you lived in the Dark Ages and you were a catapult operator, I bet the most common question people would ask is: Can't you make it shoot farther? 'No, I'm sorry. That's as far as it shoots.' (Jack Handey)
Re: More on MAPS RSS
I wrote: ...I have something that proves that the MAPS RSS *is* listing servers that it suspects are open relays, even when they aren't. Russ Allbery wrote: Have you reported this to RSS? Just did, and I cc'ed the message to my ISP. Here's hoping they act on it quickly. ---Kris Kelley
How to remove headers via .qmail-default file?
Hi, I am writing a Perl script that will remove the Disposition-Notification-To header from incoming email messages so the annoying return receipt alerts will be removed from email clients here. I have a ~alias/.qmail-default set up like this: |/var/qmail/bin/strip_return_receipt |/var/qmail/bin/fastforward -d /etc/aliases.cdb I would like the strip_return_receipt script to remove the one header and then pass the modified message on to the second command in the chain to perform virtual host forwarding. However, I can't figure out how to do this. It looks like I have to remove the header from the STDIN stream to the first script, then call the second script directly from the first script. Is there any way to make the first script modify the STDIN stream that the second script receives? I think that would be cleaner and would eliminate the need for one script to know about the next. Thanks for any hints, Greg Larkin
Daemon hang up using qmail-queue
Hi, I have an app running like a daemon, that read a database and insert mails in the qmail-queue. This daemon stop working after insert an variable number of emails in the qmail-queue. I have two specifics questions: 1) Is there something wrong in using this code inside an app running like daemon? If you think so, please give me clues about the fix. 2) Is there another (better) way of put multiples (differents) emails on the qmail queue; something like put the flat file of the message in an special directory? The chunk of code that insert the message is: Begin of code static char *binqqargs[2] = { "bin/qmail-queue", 0 }; static char *montab[12] = { "Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec " }; int send_message(char * msg, char * from, char ** recipients, int num_recipients) { /* ...Adds Date: ...Adds Message-Id:*/ int r; int wstat; int i; //struct tm * dt; unsigned long msgwhen; FILE * fdm; FILE * fde; pid_t pid; int pim[2]; /*message pipe*/ int pie[2]; /*envelope pipe*/ char *sender; /*open a pipe to qmail-queue*/ if(pipe(pim)==-1 || pipe(pie)==-1) { return -1; } pid = vfork(); if(pid == -1) { /*failure*/ return -1; } if(pid == 0) { /*I am the child*/ close(pim[1]); close(pie[1]); /*switch the pipes to fd 0 and 1 pim[0] goes to 0 (stdin)...the message*/ if(fcntl(pim[0],F_GETFL,0) == -1) { _exit(120); } close(0); if(fcntl(pim[0],F_DUPFD,0)==-1) { _exit(120); } close(pim[0]); /*pie[0] goes to 1 (stdout)*/ if(fcntl(pie[0],F_GETFL,0) == -1) { _exit(120); } close(1); if(fcntl(pie[0],F_DUPFD,1)==-1) { _exit(120); } close(pie[0]); if(chdir(QMAIL_LOCATION) == -1) { _exit(120); } execv(*binqqargs,binqqargs); _exit(120); } /*I am the parent*/ fdm = fdopen(pim[1],"wb"); /*updating*/ fde = fdopen(pie[1],"wb"); if(fdm==NULL || fde==NULL) { return -1; } close(pim[0]); close(pie[0]); /*start outputting to qmail-queue*/ fprintf(fdm,"%s\n",msg); fclose(fdm); /*send the envelopes*/ fprintf(fde,"F%s",from); fwrite("",1,1,fde); /*write a null char*/ for(i=0;inum_recipients;i++) { fprintf(fde,"T%s",recipients[i]); fwrite("",1,1,fde); /*write a null char*/ } fwrite("",1,1,fde); /*write a null char*/ fclose(fde); /*wait for qmail-queue to close*/ do { r = wait(wstat); } while ((r != pid) ((r != -1) || (errno == EINTR))); if(r != pid) { /*failed while waiting for qmail-queue*/ return -1; } if(wstat 127) { /*failed while waiting for qmail-queue*/ return -1; } /*the exit code*/ if((wstat 8)!=0) { /*non-zero exit status failed while waiting for qmail-queue*/ return -1; } return 0; } End of code NOTE: I took this code from the autorespond.c Thanks in advance, Roberto Matute
Re: How to remove headers via .qmail-default file?
on 12/4/00 12:09 PM, Greg Larkin at [EMAIL PROTECTED] wrote: I would like the strip_return_receipt script to remove the one header and then pass the modified message on to the second command in the chain to perform virtual host forwarding. They're shell commands. Use a shell pipeline. - Amitai
SPAM.CONTROL PATCH
Hi managers: I have some questions for you I installed the patch antispam of here: http://www.fehcom.de/qmail/spam.html I want than only users with my domain can send mail example: From: [EMAIL PROTECTED]( he could ) From: [EMAIL PROTECTED] ( he could not) I did think use badmailfrom and badmailpatterns I place into of badmailpatterns: *@* !*@mydomain.com And it was ok. but the problem was that I can't receive e-mails of any domain What is the way correct of solution my problem? Very Thanks Juan - This message was sent using Endymion MailMan. http://www.endymion.com/products/mailman/
Re: How to remove headers via .qmail-default file?
On Mon, 4 Dec 2000, Greg Larkin wrote: Hi, I am writing a Perl script that will remove the Disposition-Notification-To header from incoming email messages so the annoying return receipt alerts will be removed from email clients here. I have a ~alias/.qmail-default set up like this: |/var/qmail/bin/strip_return_receipt |/var/qmail/bin/fastforward -d /etc/aliases.cdb qmail handles each line in a .qmail file as a complete delivery instruction. EG if you .qmail file looks like this | cmd1 | cmd2 addr1 ./mbox1 qmail will process it as follows pipe the original message through cmd1 pipe the original message through cmd2 forward the original message to user addr1 save the original message in mbox format in the file ./mbox1 Note the use of the word original. IE every delivery instruction gets a copy of the ORIGINAL message to play with. if you want to massage the message and then do something based on the modified message, you'll need to do the following | massge_command | delivery_instruction So, your .qmail file would need to look like this: | /var/qmail/bin/strip_return_receipt | /var/qmail/bin/fastforward -d /etc/aliases.cdb You'll need to make sure that strip_return_receipt provides the modified message on STDOUT so that fastforward can see the modified message as its input. -- Regards Peter -- Peter Samuel[EMAIL PROTECTED] http://www.e-smith.org (development)http://www.e-smith.com (corporate) Phone: +1 613 368 4398 Fax: +1 613 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada "If you kill all your unhappy customers, you'll only have happy ones left"
Re: AntiVirus!
Thus spake Milen Petrinski ([EMAIL PROTECTED]): People will allways use Windows, no matter what the sysadmins say. Then ignore that minority group and don't prolong their agony by giving them access to non-solutions like virus scanners. The "lusers" want buttons, F1 and plug'n'play. Buttons and F1 they can have on all platforms, plug and play has never been farther away from reality as on Windows. The problem is not the OS security - most of the times there is no choise. The man askes for an antivirus softwere, not for compare between OSes. This is the biggest lie of computing: that there is no choice. Everyone has hundreds of options, but the American culture apparently revolves around taking the wrong choice, blaming it on circumstances and whining about the consequences. To be honest: I don't care at all what OS he is using. I just can't stand his whining. Felix
Re: SPAM.CONTROL PATCH
[EMAIL PROTECTED] escribió: I installed the patch antispam of here: http://www.fehcom.de/qmail/spam.html I place into of badmailpatterns: *@* Umm, that seem to prohibit the sign ""@"" from any address and so, nobody can send you messages. Try to put in "badmailpatterns" *%* (so pass the relay test) and use the other files.
Re: AntiVirus!
* Milen Petrinski [EMAIL PROTECTED] writes: Thus spake [EMAIL PROTECTED] ([EMAIL PROTECTED]): I've been thinking of a scheme in which attachments of certain "dangerous" types get mangled, such that the filenames or types are intentionally misdeclared. So the user ends up with a plain base64 text file, which is meaningless, but which he can trivially decode to the original. While this sounds good, it does not solve the problem. This is about shifting the blame, not solving the problem, which is that users run insecure operating systems. People will allways use Windows, no matter what the sysadmins say. The "lusers" want buttons, F1 and plug'n'play. They don't want F1. That's one of the problems. The problem is not the OS security - most of the times there is no choise. Look, when I was in larval stage, nobody got fired for buying IBM and WP hat 90% of the market. There was "no choice". Or was there? Now it's basically the same. Linux is here to stay and Unix is gaining an ever stronger foothold in the server market. The next big thing will be "thin clients" or WebTV or whatever - client/server in any case. There *will* be choice. The man askes for an antivirus softwere, not for compare between OSes. The man is perpetuating a problem, not trying to solve it. Dealing with company email is not a software thing, it's a matter of your Acceptable Use Policy". Ours clearly states that opening mails from an unknown source is a reason for being dismissed. It's as easy as that. Granted, spoofing an address is not that difficult, but such an AUP makes people /think/ - that's worth more than 500 virus scanners. Remeber ILOVEYOU? No virus scanner on earth would have prevented that. And as long as there is closes commercial software (read: Windows), there will be security exploits by the dozen. Anyway - it's not a mailserver thing, so reply-to set. -- Robin S. Socha http://socha.net/
RE: AntiVirus!
Remeber ILOVEYOU? No virus scanner on earth would have prevented that. from my logs Sanitizing MIME attachment headers in "I love you" from [EMAIL PROTECTED] to xx msgid=snip Trapped poisoned executable "LOVE-LETTER-FOR-YOU.TXT.vbs". We didn't get a single infected machine. The mail server stopped all of them. there is closes commercial software (read: Windows), there will be security exploits by the dozen. There are plenty of security exploits for open source software as well. That's a non-argument. The one major advantage open source software seems to have is that the fix is available usually within hours of the exploit being revealed (if admins keep up with them). Meanwhile MS or whoever is still denying there is a problem.
RE: AntiVirus!
As long as people run Windows, there will be a virus and trojan problem. And Unix is immune to Trojans and worms? With attacks getting more sophisticated I can see a day when an email would arrive and the MUA would be attacked via a buffer overflow in the header, use a local host exploit to root the box and then spread from there. With the high band pass available to more and more locations I can see such an attack pulling along multiple megabytes of payload to even allow cross platform attack code to be included. A good attack agent could spread itself using SMTP, RPC, FTP and IRC all at the same time. I find it astonishing that people don't sue Microsoft for this. A whole industry thrives on Microsoft's bad code quality. Be careful what you wish for. Once the lawsuits start the Open Source world is getting deeper pockets and therefore becoming a target.
Re: AntiVirus!
On Mon, Dec 04, 2000 at 12:59:54PM +0100, Felix von Leitner wrote: I find it astonishing that people don't sue Microsoft for this. A whole industry thrives on Microsoft's bad code quality. They can't sue microsoft. They "accepted" a license that says Microsoft isn't responsible blah blah blah. --Adam -- Adam McKenna [EMAIL PROTECTED] | "No matter how much it changes, http://flounder.net/publickey.html | technology's just a bunch of wires GPG: 17A4 11F7 5E7E C2E7 08AA| connected to a bunch of other wires." 38B0 05D0 8BF7 2C6D 110A| Joe Rogan, _NewsRadio_ 2:21pm up 177 days, 12:37, 9 users, load average: 0.00, 0.00, 0.00
Where is Dave Sill??
I'm asking if anyone using "Live with qmail" find the following error: "supervise:fatal:unable to start qmail-smptd/run: exec format error". __ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/
RE: Where is Dave Sill??
I'm asking if anyone using "Live with qmail" find the following error: "supervise:fatal:unable to start qmail-smptd/run: exec format error". Make sure that the qmail-smtpd/run file doesn't have DOS-style CR/LF pairs. The 'file' command should tell you if it does. If it does, fix it - see http://kb.indiana.edu/data/acux.html for various ways to convert. -- gowen -- Greg Owen -- [EMAIL PROTECTED] SoftLock.com is now DigitalGoods!
Re: Where is Dave Sill??
On Mon, Dec 04, 2000 at 11:27:26AM -0800, Ould wrote: I'm asking if anyone using "Live with qmail" find the following error: "supervise:fatal:unable to start qmail-smptd/run: exec format error". Did you check the contents of qmail-smtpd/run? What did you see? Show us? In the absence of that information, my guess is that you have a typo in the first #! line of that file. Regards. PS. Dave is alive and well and working on a less ambitious project (with apologies to one of the best known graffiti lines in Sydney).
Re: Doubts
On Mon, Dec 04, 2000 at 01:32:16PM -0200, Cleiton L. Siqueira wrote: I know that, but did you read all the e-mail? I'd like to know how I can access the descriptors sent by the qmail-popup! What are these descriptors in POP's USER-PASS style? And the rest of my doubts are in the first email. If you get a connection from inetd/tcpserver you have one FD to read net input and one FD to write output to the net. These are connected to 0 and 1 (usually stdin and stdout). qmail-popup reads from "stdin" (i.e. net-in) a sequence of commands: USER username PASS password or APOP apop-token as defined in rfc1939. It then exec's "checkpassword" and provides two additional FDs: 2 and 3. It has to do so, to keep 0 and 1 "unchanged" for read/write to the network. FD2 ist identical to FD 1 (ie. write to the network). On FD 3 it passes USER/PASS/APOP info to checkpassword in the form user\0passwd\0apop_token\0 \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
Re: AntiVirus!
On Mon, Dec 04, 2000 at 12:22:43PM -0600, John W. Lemons III wrote: Then ignore that minority group and don't prolong their agony by giving them access to non-solutions like virus scanners. I disagree with the assertion that virus scanners are non-solutions. me too. On the mail servers I run, I have installed some simple virus scanning software, and it has, up to now, filtered out lots of incoming virii and trojans, as well as a few outgoing virii (which alerted me as to who was infected, and allowed me to advise the IT folks so they could go clean it up). Its not a perfect solution, but its far better than nothing, and results in our location not becoming a source for that kind of garbage. wrong. You pretend to provide security, but in reality you still allow your clients to behave stupid and catch a virus. btw: what's your IT department good for? Reinstalling windows after it got infected by a virus? If that happened on an important machine - with valuable data - they shouldn't be allowed to do so, instead they should be fired, possibly together with the user. A virus might happen on a sandbox. Nowhere else. I recognize that people seem to see virus as got-sent, but they aren't. A virus infection is a sign that someone - and possibly also the ones who should have teached that someone - made an error. Regards, Uwe
Re: Where is Dave Sill??
Hi, in the first line I put " #! /bin/sh " that is all. --- Mark Delany [EMAIL PROTECTED] a écrit : On Mon, Dec 04, 2000 at 11:27:26AM -0800, Ould wrote: I'm asking if anyone using "Live with qmail" find the following error: "supervise:fatal:unable to start qmail-smptd/run: exec format error". Did you check the contents of qmail-smtpd/run? What did you see? Show us? In the absence of that information, my guess is that you have a typo in the first #! line of that file. Regards. PS. Dave is alive and well and working on a less ambitious project (with apologies to one of the best known graffiti lines in Sydney). __ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/
Re: AntiVirus!
* John W Lemons [EMAIL PROTECTED] writes: Remeber ILOVEYOU? No virus scanner on earth would have prevented that. from my logs Sanitizing MIME attachment headers in "I love you" from [EMAIL PROTECTED] to xx msgid=snip Trapped poisoned executable "LOVE-LETTER-FOR-YOU.TXT.vbs". We didn't get a single infected machine. The mail server stopped all of them. True. But you owe the awestruck audience an explanation of what happened to that attachment. Anomy is cool, but ... ;-) there is closes commercial software (read: Windows), there will be security exploits by the dozen. There are plenty of security exploits for open source software as well. That's a non-argument. You're pavloving. I didn't say OSS was secure. I only said that CSS is and will always be a) insecure b) fixed too late. The one major advantage open source software seems to have is that the fix is available usually within hours of the exploit being revealed (if admins keep up with them). Meanwhile MS or whoever is still denying there is a problem. That's what I was trying to say. Oh well... }:- -- Robin S. Socha http://socha.net/
RE: AntiVirus!
wrong. You pretend to provide security, but in reality you still allow your clients to behave stupid and catch a virus. If that happened on an important machine - with valuable data - they shouldn't be allowed to do so, instead they should be fired, possibly together with the user. A virus might happen on a sandbox. Nowhere else. What a silly assertion. In a perfect world, this makes good sense, but the reality is that the work force that we serve is more interested in scientific/academic/business endeavors than in being perfectly trained on how to use their desktop PC, and then summarily fired when they make a mistake. If a level of protection can be provided to make their experience safer, why shouldn't it be. (comments about the incompetence of our IT staff summarily ignored... sorry you feel the need to insult people you don't even know or deal with) A virus infection is a sign that someone - and possibly also the ones who should have teached that someone - made an error. That is true enough, but if the virus can be stopped some of the time before it even reaches the end user, why not?
Re: AntiVirus!
* Lipscomb, Al [EMAIL PROTECTED] writes: I find it astonishing that people don't sue Microsoft for this. A whole industry thrives on Microsoft's bad code quality. Be careful what you wish for. Once the lawsuits start the Open Source world is getting deeper pockets and therefore becoming a target. I /don't/ think so: ,[ GPL http://www.gnu.org/copyleft/gpl.html ] | NO WARRANTY | | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, | REPAIR OR CORRECTION. | | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE | POSSIBILITY OF SUCH DAMAGES. ` Cf. http://www.gnu.org/philosophy/license-list.html -- Robin S. Socha http://socha.net/
Outbound Hostname
I am having some difficulty getting qmail to send outbound email with the CNAME of the system rather than the actual hostname. I have modified me and defaulthost files in /var/qmail/control to include the CNAME of the system. The hostname is only referenced in the rcpthosts file. Any hints where I might proceed to get this fixed? I have even tried the FAQ example to send outbound email with just the domain, and that does not work either.
RE: AntiVirus!
from my logs Sanitizing MIME attachment headers in "I love you" from [EMAIL PROTECTED] to xx msgid=snip Trapped poisoned executable "LOVE-LETTER-FOR-YOU.TXT.vbs". We didn't get a single infected machine. The mail server stopped all of them. True. But you owe the awestruck audience an explanation of what happened to that attachment. Anomy is cool, but ... ;-) It was sent to a holding directory and a messages was sent to the admin account alerting him of the incident. In this case it was so well known it and the others received by that time were simply deleted rather than analyzed, and the senders were notified. Then we modified the scripts to simply delete them rather than have to spend more time deleting them manually. :) You're pavloving. I didn't say OSS was secure. I only said that CSS is and will always be a) insecure b) fixed too late. Agreed, and sorry to misinterpret your post.
Re: Open Relay questionnaire
Eric Walters [EMAIL PROTECTED] wrote: I am looking for some input on this as it relates to virtual hosting. My users are all remote and I am trying to find a happy medium between security and user-friendliness. Is there a way to ensure that unless the rcpt to: or mail from: contain a local domain qmail will not deliver the message? Yes, it's theoretically possible. Someone may have already implemented it, but I don't know of one offhand. But this is not a happy medium. Many spammers are now forging the MAIL FROM: address as being from the host it is connecting to. The above would provide no security, and essentially act as an open relay. So far I have implemented relayclient but that is a real pain to administer and an inconvenience to my users. Not sure what you're referring to above; do you mean setting the RELAYCLIENT variable based on static IP addresses? That's completely transparent to non-roaming users. Or you could be referring to SMTP-after-POP, such as implemented by Bruce Guenter's relay-ctrl package. That's very convenient for users -- all they have to do is check their mail before sending mail. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: Where is Dave Sill??
On Mon, Dec 04, 2000 at 03:41:49PM -0500, Greg Owen wrote: in the first line I put " #! /bin/sh " that is all. If you really have spaces there, remove them, so it looks like this: #!/bin/sh Maybe that's OS specific, but that's not the cause of problems on at least Solaris and FreeBSD. In any event, he failed to supply the other information we asked for so I suggest we wait until he does so. Regards.
Re: Where is Dave Sill??
On Mon, Dec 04, 2000 at 03:41:27PM -0500, Greg Owen wrote: in the first line I put " #! /bin/sh " that is all. If you really have spaces there, remove them, so it looks like this: #!/bin/sh I believe some Unixes use the string "#! /" as a magic string for interpreted executeables and ignore "#!/". Your mileage may vary. PGP signature
RE: Where is Dave Sill??
I believe some Unixes use the string "#! /" as a magic string for interpreted executeables and ignore "#!/". Your mileage may vary. I suspect you're right but can't remember which *ix is picky that way. Anyone, anyone? For all *ixes I've used, however, " #!" will not work because those magic characters must be the first two bytes in the file. That's the part that's important to get right. -- gowen -- Greg Owen -- [EMAIL PROTECTED] SoftLock.com is now DigitalGoods!
This is my limit???
Since a week I'm trying to configurating two mail server based on qmail. One as Relay (in my DMZ) and the second in my LAN. A scheme is better: RouteurSwitch-DMZ --(Relay is here) | | Firewall | | LAN (local mail server) I created an smtproutes on each server. for the relay i putting the line in smtproutes myrelaymachine.mydomain1.com:mylocalmachine.mydomaine2.com on local machine I putting: mylocalmachine.mydomaine2.com:myrelaymachine.mydomaine1.com. Is this is true? Where I can find an example of configuration files in a simular cases. PS: I read the main doc, Faq but never find somethigs explaining these ideas. Thanks __ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/
Re: Outbound Hostname
Peter Woods [EMAIL PROTECTED] wrote: I am having some difficulty getting qmail to send outbound email with the CNAME of the system rather than the actual hostname. I have modified me and defaulthost files in /var/qmail/control to include the CNAME of the system. The hostname is only referenced in the rcpthosts file. Any hints where I might proceed to get this fixed? I have even tried the FAQ example to send outbound email with just the domain, and that does not work either. qmail won't rewrite the headers your MUA provides it with. Are you sure its not an MUA configuration issue? For example, if you use mutt to send mail to "user", it will inject it with "mutt@hostname" by default. What MUA are you testing with? Is mail being injected into the queue directly, or through qmail-smtpd, or what? Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: Outbound Hostname
On Mon, Dec 04, 2000 at 08:03:47PM +, Peter Woods wrote: I am having some difficulty getting qmail to send outbound email with the CNAME of the system rather than the actual hostname. I have modified me and defaulthost files in /var/qmail/control to include the CNAME of the system. The hostname is only referenced in the rcpthosts file. Any hints where I might proceed to get this fixed? I recommend that MTAs identify themselves with their canonical hostnames instead of aliases. That said, man qmail-control, look at helohost. PGP signature
RE: AntiVirus!
* Lipscomb, Al [EMAIL PROTECTED] writes: I find it astonishing that people don't sue Microsoft for this. A whole industry thrives on Microsoft's bad code quality. Be careful what you wish for. Once the lawsuits start the Open Source world is getting deeper pockets and therefore becoming a target. I /don't/ think so: ,[ GPL http://www.gnu.org/copyleft/gpl.html ] | NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY OR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. See the words "TO THE EXTENT PERMITTED BY APPLICABLE LAW". There are lots of places in this world where the law says the person who wrote it or the person who gave it to you can be held liable no matter what they want to disclaim. It depends on _how_ I was harmed by the product in many cases.
badmailfrom
Hi, I'm receiving a virus from [EMAIL PROTECTED], I've already inserted this email in badmailfrom, the qmail was restarted and I'm still receiving this virus. In the header below you can see that the user doesn't exist, there is a 3D caracter in the beginning of the email address, so the address is unknowm, but even inserted in badmailfrom I've receive order mails from this guy. Here goes the header: Return-Path: Received: (qmail 14547 invoked by uid 0); 4 Dec 2000 21:26:48 - Received: from unknown (HELO mail01.osite.com.br) (200.189.209.130) by mail.doctordata.com.br with SMTP; 4 Dec 2000 21:26:48 - Received: from clipping (a09029.dial-pn.impsat.com.br [200.189.200.29]) by mail01.osite.com.br (8.9.1b+Sun/8.9.3) with SMTP id SAA14499 for [EMAIL PROTECTED]; Mon, 4 Dec 2000 18:49:02 -0200 (EDT) Date: Mon, 4 Dec 2000 18:49:02 -0200 (EDT) Message-Id: [EMAIL PROTECTED] From: Hahaha [EMAIL PROTECTED] Subject: Branca de Neve pornô! MIME-Version: 1.0
Re: AntiVirus!
Quoting John W. Lemons III ([EMAIL PROTECTED]): True. But you owe the awestruck audience an explanation of what happened to that attachment. Anomy is cool, but ... ;-) It was sent to a holding directory and a messages was sent to the admin account alerting him of the incident. In this case it was so well known it and the others received by that time were simply deleted rather than analyzed, and the senders were notified. Then we modified the scripts to simply delete them rather than have to spend more time deleting them manually. :) You should also tell the audience that this happens to /every/ attachment of this kind. Now, since most infections come from MS Word documents, what is your proposed solution? }:-
Re: AntiVirus!
On Mon, Dec 04, 2000 at 02:42:25PM -0600, "John W. Lemons III" [EMAIL PROTECTED] wrote: That is true enough, but if the virus can be stopped some of the time before it even reaches the end user, why not? Because there are costs in doing so. Generally if a person needs antivirus protection for a machine, they really need it for more than email that isn't encrypted. The right place to run it is on their machine, not on the central mail server. The issue with this is making sure they get handsoff updates of dat files. I also think that by using encryption and varient code to do bootstrap decryptionin viruses, it will make writing patterns that catch a virus without generating a lot of false positives much harder.
Re: Open Relay questionnaire
Am Montag, 4. Dezember 2000 21:52 schrieb Amitai Schlair: Eric Walters wrote: I am looking for some input on this as it relates to virtual hosting. My users are all remote and I am trying to find a happy medium between security and user-friendliness. Is there a way to ensure that unless the rcpt to: or mail from: contain a local domain qmail will not deliver the message? If by "local domain" you mean "locally hosted virtual domain", then I think qmail already does this by default. Perhaps I misunderstand. At any rate, you may find the following patch helpful: URL:http://www.palomine.net/qmail/relaymailfrom.patch This is _really_ insecure. Spend a few more seconds on qmail.org and look for smtp-after-pop. There's one called open-smtp, works great. - Amitai -- Henning Brauer | BS Web Services Hostmaster BSWS| Roedingsmarkt 14 [EMAIL PROTECTED] | 20459 Hamburg www.bsws.de| Germany
RE: Open Relay questionnaire
That makes sense. I am getting the impression that most people support some form of SMTP auth like Vpopmail? Any recommendations here? Eric -Original Message- From: Alex Pennace [mailto:[EMAIL PROTECTED]] Sent: Monday, December 04, 2000 3:25 PM To: Eric Walters Cc: [EMAIL PROTECTED] Subject:Re: Open Relay questionnaire File: ATT00013.dat On Mon, Dec 04, 2000 at 02:24:39PM -0600, Eric Walters wrote: I am looking for some input on this as it relates to virtual hosting. My users are all remote and I am trying to find a happy medium between security and user-friendliness. Is there a way to ensure that unless the rcpt to: or mail from: contain a local domain qmail will not deliver the message? Relaying based on the envelope sender address causes your server to be an open relay by my standards, a spammer only needs to know the secret (using certain envelope senders) to use your MTA as a relay.
RE: AntiVirus!
That is true enough, but if the virus can be stopped some of the time before it even reaches the end user, why not? Because there are costs in doing so. True enough, but shouldn't the cost/benefit be calculated on a case by case basis? I can see how in some cases it would be worth it, and in others it would not be worth it. Generally if a person needs antivirus protection for a machine, they really need it for more than email that isn't encrypted. The right place to run it is on their machine, not on the central mail server. The issue with this is making sure they get handsoff updates of dat files. I agree with this as well, but certainly you can see that there is some level of benefit from a two (or three) tier approach to virus detection/prevention. Once again, the cost benefit ratio would come to bear when deciding how many levels of protection would be maintained. I also think that by using encryption and varient code to do bootstrap decryptionin viruses, it will make writing patterns that catch a virus without generating a lot of false positives much harder. Agreed. That's why we pay the anti-virus folks so much money. :) It seems to me that one of the major solutions to this problem would be real OS level security on more machines (ie not windows). The big problem there is cost, training, availability of software, politics, user acceptance, etc etc ad nauseum. If I were king... :)
RE: Open Relay questionnaire
Based on Alex's comments this is still "security by obscurity" so I am less vulnerable, but still vulnerable. -Original Message- From: schmonz [mailto:schmonz] On Behalf Of Amitai Schlair Sent: Monday, December 04, 2000 2:52 PM To: [EMAIL PROTECTED] Subject:Re: Open Relay questionnaire Eric Walters wrote: I am looking for some input on this as it relates to virtual hosting. My users are all remote and I am trying to find a happy medium between security and user-friendliness. Is there a way to ensure that unless the rcpt to: or mail from: contain a local domain qmail will not deliver the message? If by "local domain" you mean "locally hosted virtual domain", then I think qmail already does this by default. Perhaps I misunderstand. At any rate, you may find the following patch helpful: URL:http://www.palomine.net/qmail/relaymailfrom.patch - Amitai
RE: Open Relay questionnaire
I have also heard that some email clients like M$'s Outlook Express are hard-coded to send first. Is there a work around to this other than tell them to use another client or just ignore the message the first time they connect? Eric -Original Message- From: Eric Walters [mailto:[EMAIL PROTECTED]] Sent: Monday, December 04, 2000 4:16 PM To: 'Alex Pennace'; 'Eric Walters' Cc: [EMAIL PROTECTED] Subject:RE: Open Relay questionnaire That makes sense. I am getting the impression that most people support some form of SMTP auth like Vpopmail? Any recommendations here? Eric -Original Message- From: Alex Pennace [mailto:[EMAIL PROTECTED]] Sent: Monday, December 04, 2000 3:25 PM To: Eric Walters Cc: [EMAIL PROTECTED] Subject:Re: Open Relay questionnaire File: ATT00013.dat On Mon, Dec 04, 2000 at 02:24:39PM -0600, Eric Walters wrote: I am looking for some input on this as it relates to virtual hosting. My users are all remote and I am trying to find a happy medium between security and user-friendliness. Is there a way to ensure that unless the rcpt to: or mail from: contain a local domain qmail will not deliver the message? Relaying based on the envelope sender address causes your server to be an open relay by my standards, a spammer only needs to know the secret (using certain envelope senders) to use your MTA as a relay.
RE: Open Relay questionnaire
I am using the RELAYCLIENT as a work around for now. It is a temporary fix only because I have to know the IP subnet they are coming from or a specific static address. I know it's not really intended to be used this way though. -Original Message- From: Charles Cazabon [mailto:[EMAIL PROTECTED]] Sent: Monday, December 04, 2000 3:18 PM To: [EMAIL PROTECTED] Subject:Re: Open Relay questionnaire Eric Walters [EMAIL PROTECTED] wrote: I am looking for some input on this as it relates to virtual hosting. My users are all remote and I am trying to find a happy medium between security and user-friendliness. Is there a way to ensure that unless the rcpt to: or mail from: contain a local domain qmail will not deliver the message? Yes, it's theoretically possible. Someone may have already implemented it, but I don't know of one offhand. But this is not a happy medium. Many spammers are now forging the MAIL FROM: address as being from the host it is connecting to. The above would provide no security, and essentially act as an open relay. So far I have implemented relayclient but that is a real pain to administer and an inconvenience to my users. Not sure what you're referring to above; do you mean setting the RELAYCLIENT variable based on static IP addresses? That's completely transparent to non-roaming users. Or you could be referring to SMTP-after-POP, such as implemented by Bruce Guenter's relay-ctrl package. That's very convenient for users -- all they have to do is check their mail before sending mail. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
RE: This is my limit???
Since a week I'm trying to configurating two mail server based on qmail. One as Relay (in my DMZ) and the second in my LAN. A scheme is better: RouteurSwitch-DMZ --(Relay is here) | | Firewall | | LAN (local mail server) Let's assume we have relay.example.com in the DMZ and mail.example.com on the LAN. External DNS records should have an MX record listing relay.example.com as the mail exchanger for example.com. relay.example.com should allow relay by mail.example.com, but not from anyone else (see http://www.palomine.net/qmail/relaying.html and http://www.palomine.net/qmail/selectiverelay.html). relay.example.com should have the following files set as follows: rcpthosts: example.com "I accept mail for example.com" smtproutes: example.com:mail.example.com "I forward all mail for example.com to mail.example.com" mail.example.com should have the following: rcpthosts: example.com "I accept mail for example.com" locals: example.com "Mail for example.com is delivered locally" smtproutes: :relay.example.com "Everything not delivered locally is forwarded to relay.example.com for relay" -- gowen -- Greg Owen -- [EMAIL PROTECTED] SoftLock.com is now DigitalGoods!
Re: Open Relay questionnaire
smtp is outdated, it needs to be replaced my 2c - jeremy At 04:25 PM 12/4/2000 -0500, you wrote: On Mon, Dec 04, 2000 at 02:24:39PM -0600, Eric Walters wrote: I am looking for some input on this as it relates to virtual hosting. My users are all remote and I am trying to find a happy medium between security and user-friendliness. Is there a way to ensure that unless the rcpt to: or mail from: contain a local domain qmail will not deliver the message? Relaying based on the envelope sender address causes your server to be an open relay by my standards, a spammer only needs to know the secret (using certain envelope senders) to use your MTA as a relay.
RE: Outbound Hostname
On Mon, Dec 04, 2000 at 08:03:47PM +, Peter Woods wrote: I am having some difficulty getting qmail to send outbound email with the CNAME of the system rather than the actual hostname. I have modified me and defaulthost files in /var/qmail/control to include the CNAME of the system. The hostname is only referenced in the rcpthosts file. Any hints where I might proceed to get this fixed? I recommend that MTAs identify themselves with their canonical hostnames instead of aliases. That said, man qmail-control, look at helohost. 'helohost' defaults to 'me', so I don't think that's the problem. I'm not sure how to parse the original email, but I think the problem is in the mail headers, not the envelope, in which case the MTA is probably at fault. -- gowen -- Greg Owen -- [EMAIL PROTECTED] SoftLock.com is now DigitalGoods!
Re: badmailfrom
On Mon, 4 Dec 2000, Ari Arantes Filho wrote: Hi, I'm receiving a virus from [EMAIL PROTECTED], No you're not! You're receiving mail from a null address. Examine the Return-Path: Return-Path: There is no address here. qmail-smtpd only looks at the envelope sender address (as supplied by the "mail from:" part of the transaction). It compares the address provided here with badmailfrom. You can't use badmailfrom to stop null addresses (and in general you shouldn't stop them anyway because a legitimate bounce is sent with a null sender). Instead, you might want to prohibit mail from 200.189.209.130 instead. Of course this will stop all mail from that IP address and you might want that other mail. I've already inserted this email in badmailfrom, the qmail was restarted and I'm still receiving this virus. In the header below you can see that the user doesn't exist, there is a 3D caracter in the beginning of the email address, so the address is unknowm, but even inserted in badmailfrom I've receive order mails from this guy. Here goes the header: Return-Path: Received: (qmail 14547 invoked by uid 0); 4 Dec 2000 21:26:48 - Received: from unknown (HELO mail01.osite.com.br) (200.189.209.130) by mail.doctordata.com.br with SMTP; 4 Dec 2000 21:26:48 - Received: from clipping (a09029.dial-pn.impsat.com.br [200.189.200.29]) by mail01.osite.com.br (8.9.1b+Sun/8.9.3) with SMTP id SAA14499 for [EMAIL PROTECTED]; Mon, 4 Dec 2000 18:49:02 -0200 (EDT) Date: Mon, 4 Dec 2000 18:49:02 -0200 (EDT) Message-Id: [EMAIL PROTECTED] From: Hahaha [EMAIL PROTECTED] Subject: Branca de Neve pornô! MIME-Version: 1.0 -- Regards Peter -- Peter Samuel[EMAIL PROTECTED] http://www.e-smith.org (development)http://www.e-smith.com (corporate) Phone: +1 613 368 4398 Fax: +1 613 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada "If you kill all your unhappy customers, you'll only have happy ones left"
Re: badmailfrom
I've seen a few of these... its a new virus I guess. It's not 'from' them at all... Paul Farber Farber Technology [EMAIL PROTECTED] Ph 570-628-5303 Fax 570-628-5545 On Mon, 4 Dec 2000, Ari Arantes Filho wrote: Hi, I'm receiving a virus from [EMAIL PROTECTED], I've already inserted this email in badmailfrom, the qmail was restarted and I'm still receiving this virus. In the header below you can see that the user doesn't exist, there is a 3D caracter in the beginning of the email address, so the address is unknowm, but even inserted in badmailfrom I've receive order mails from this guy. Here goes the header: Return-Path: Received: (qmail 14547 invoked by uid 0); 4 Dec 2000 21:26:48 - Received: from unknown (HELO mail01.osite.com.br) (200.189.209.130) by mail.doctordata.com.br with SMTP; 4 Dec 2000 21:26:48 - Received: from clipping (a09029.dial-pn.impsat.com.br [200.189.200.29]) by mail01.osite.com.br (8.9.1b+Sun/8.9.3) with SMTP id SAA14499 for [EMAIL PROTECTED]; Mon, 4 Dec 2000 18:49:02 -0200 (EDT) Date: Mon, 4 Dec 2000 18:49:02 -0200 (EDT) Message-Id: [EMAIL PROTECTED] From: Hahaha [EMAIL PROTECTED] Subject: Branca de Neve pornô! MIME-Version: 1.0
RE: Open Relay questionnaire
Is there a compelling reason to use one form of smtp auth vs. another? -Original Message- From: Charles Cazabon [mailto:[EMAIL PROTECTED]] Sent: Monday, December 04, 2000 3:18 PM To: [EMAIL PROTECTED] Subject:Re: Open Relay questionnaire Eric Walters [EMAIL PROTECTED] wrote: I am looking for some input on this as it relates to virtual hosting. My users are all remote and I am trying to find a happy medium between security and user-friendliness. Is there a way to ensure that unless the rcpt to: or mail from: contain a local domain qmail will not deliver the message? Yes, it's theoretically possible. Someone may have already implemented it, but I don't know of one offhand. But this is not a happy medium. Many spammers are now forging the MAIL FROM: address as being from the host it is connecting to. The above would provide no security, and essentially act as an open relay. So far I have implemented relayclient but that is a real pain to administer and an inconvenience to my users. Not sure what you're referring to above; do you mean setting the RELAYCLIENT variable based on static IP addresses? That's completely transparent to non-roaming users. Or you could be referring to SMTP-after-POP, such as implemented by Bruce Guenter's relay-ctrl package. That's very convenient for users -- all they have to do is check their mail before sending mail. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: badmailfrom
On Mon, Dec 04, 2000 at 07:41:36PM -0300, Ari Arantes Filho wrote: Hi, I'm receiving a virus from [EMAIL PROTECTED], I've already inserted this email in badmailfrom, the qmail was restarted and I'm still receiving this virus. In the header below you can see that the user doesn't exist, there is a 3D caracter in the beginning of the email address, so the address is unknowm, but even inserted in badmailfrom I've receive order mails from this guy. Here goes the header: Return-Path: [snip] From: Hahaha [EMAIL PROTECTED] qmail-smtpd rejects messages with an envelope sender (return-path) listed in badmailfrom, and does not act on the message From: header. To block mail from this guy, you would need to block mail with the null envelope sender (), which is certainly not what you want. PGP signature
Re: badmailfrom
The name of the file "badmailfrom" can be a bit deceptive as many people think it applies to the "From: " header. In fact it applies to the return path address supplied by the "MAIL FROM: " command in SMTP. To use badmailfrom you have to use the address that shows up on that SMTP command, which in the case of qmail is stored in the "Return-Path: " header. If you look at your headers you'll see the bad news that the "Return-Path: " header is empty which means it's not blockable with badmailfrom. Bad luck. As you've probably gathered spam is a pain to minimize. Regards. On Mon, Dec 04, 2000 at 07:41:58PM -0300, Ari Arantes Filho wrote: Hi, I'm receiving a virus from [EMAIL PROTECTED], I've already inserted this email in badmailfrom, the qmail was restarted and I'm still receiving this virus. In the header below you can see that the user doesn't exist, there is a 3D caracter in the beginning of the email address, so the address is unknowm, but even inserted in badmailfrom I've receive order mails from this guy. Here goes the header: Return-Path: Received: (qmail 14547 invoked by uid 0); 4 Dec 2000 21:26:48 - Received: from unknown (HELO mail01.osite.com.br) (200.189.209.130) by mail.doctordata.com.br with SMTP; 4 Dec 2000 21:26:48 - Received: from clipping (a09029.dial-pn.impsat.com.br [200.189.200.29]) by mail01.osite.com.br (8.9.1b+Sun/8.9.3) with SMTP id SAA14499 for [EMAIL PROTECTED]; Mon, 4 Dec 2000 18:49:02 -0200 (EDT) Date: Mon, 4 Dec 2000 18:49:02 -0200 (EDT) Message-Id: [EMAIL PROTECTED] From: Hahaha [EMAIL PROTECTED] Subject: Branca de Neve pornô! MIME-Version: 1.0
Re: This is my limit???
On Mon, Dec 04, 2000 at 01:32:24PM -0800, Ould wrote: Since a week I'm trying to configurating two mail server based on qmail. One as Relay (in my DMZ) and the second in my LAN. A scheme is better: RouteurSwitch-DMZ --(Relay is here) | | Firewall | | LAN (local mail server) I created an smtproutes on each server. for the relay i putting the line in smtproutes myrelaymachine.mydomain1.com:mylocalmachine.mydomaine2.com Please don't obfuscate. How about you show us the real output from qmail-showctl on both systems. By using example domains we have no way of knowing whether it's correct. Show us the real data and we'll have a better idea. Regards.
Re: This is my limit???
On Mon, Dec 04, 2000 at 05:35:11PM -0500, Greg Owen wrote: Since a week I'm trying to configurating two mail server based on qmail. One as Relay (in my DMZ) and the second in my LAN. A scheme is better: RouteurSwitch-DMZ --(Relay is here) | | Firewall | | LAN (local mail server) Let's assume we have relay.example.com in the DMZ and mail.example.com on the LAN. But isn't it mydomaine2.com here? External DNS records should have an MX record listing relay.example.com as the mail exchanger for example.com. relay.example.com should allow relay by mail.example.com, but not from anyone else (see http://www.palomine.net/qmail/relaying.html and http://www.palomine.net/qmail/selectiverelay.html). relay.example.com should have the following files set as follows: Shouldn't that be relaymachine.mydomaine1.com? Regards.
Re: AntiVirus!
Thus spake John W. Lemons III ([EMAIL PROTECTED]): I disagree with the assertion that virus scanners are non-solutions. On the mail servers I run, I have installed some simple virus scanning software, and it has, up to now, filtered out lots of incoming virii and trojans, as well as a few outgoing virii (which alerted me as to who was infected, and allowed me to advise the IT folks so they could go clean it up). Its not a perfect solution, but its far better than nothing, and results in our location not becoming a source for that kind of garbage. Let me get this straight. Based on the fact that your virus scanner detected a few outgoing virii, you assert not only that it has detected all of them. And the role of your IT department is to walk around and clean up virus infections. What kind of institution are you working in? "Mom and Pop's Computer Shop South Bryan's Largest Selection of Colored Floppy Disks!"? In Europe, Elementary Schools have more professional IT departments than that. I understand that you don't use windows, so you are probably not aware that this is not a correct statement. I have installed 5 different new pieces of hardware on my windows 2000 machine in the last few months, and in every case they were recognized and drivers installed and configured with no intervention from me other than to hit the ok buttons when it asked it if I wanted to install them. Please ask your maths teacher for the difference between 5 and all It is not so difficult, really. Everyone has hundreds of options, but the American culture apparently revolves around taking the wrong choice, You can't make that kind of universal statement and have any credibility left. We use windows 2000 on many many machines and it serves us well. One of my favourite sayings is: "Everyone has the computing platform he deserves." And for your statements here, you deserve all the Windows 2000 that you can carry. Felix
Re: AntiVirus!
Thus spake John W. Lemons III ([EMAIL PROTECTED]): Trapped poisoned executable "LOVE-LETTER-FOR-YOU.TXT.vbs". We didn't get a single infected machine. The mail server stopped all of them. True. But you owe the awestruck audience an explanation of what happened to that attachment. Anomy is cool, but ... ;-) It was sent to a holding directory and a messages was sent to the admin account alerting him of the incident. In this case it was so well known it and the others received by that time were simply deleted rather than analyzed, and the senders were notified. Now that is impressive. You knew and could detect iloveyou before all the other people in the world? What kind of psychic are you employing? Or do you have some great artificial intelligence mail server that will treat all attachments that are named ".vbs" like poisoned executables and break your users' mail that way? Felix
Why qmail needs to restart when deleting messages from the queue.
Why does qmail need to restart everytime you delete a message from the queue? If you were restarting qmail and several other servers at the same time were trying to send an email it would not get through would it? Thankyou.
Re: AntiVirus!
Thus spake Adam McKenna ([EMAIL PROTECTED]): I find it astonishing that people don't sue Microsoft for this. A whole industry thrives on Microsoft's bad code quality. They can't sue microsoft. They "accepted" a license that says Microsoft isn't responsible blah blah blah. The old lady who microwaved her poodle could sue the oven maker? The woman who burnt herself with coffee at MacDonald's could sue them? And you are telling me Microsoft can not be sued for that weapon of mass destruction they call Windows? Well, obviously everyone has the government they deserve. In Europe, you can't disclaim damages that result from negligence on your part. There is currently a discussion whether Microsoft Germany should be held liable for the damages they did in Germany. That cost alone should drive all Microsofts in Europe into bankruptcy. Felix
Re: AntiVirus!
Thus spake Lipscomb, Al ([EMAIL PROTECTED]): As long as people run Windows, there will be a virus and trojan problem. And Unix is immune to Trojans and worms? Unix is so heterogenous that it is next to impossible to write a portable exploit. It will of course always be possible to exploit people's dim wits, though. Under Unix, people do not work as root. A good attack agent could spread itself using SMTP, RPC, FTP and IRC all at the same time. Yeah, and pigs can fly. The only people who would have a reason to spend the massive amounts of time and money on this purely destructive work are the military. As long as organisations like NATO are using Exchange as email server, I have no fear that they might one day acquire the knowledge to pull something like that off. After all, it's all a bunch of fat bureaucrats. I find it astonishing that people don't sue Microsoft for this. A whole industry thrives on Microsoft's bad code quality. Be careful what you wish for. Once the lawsuits start the Open Source world is getting deeper pockets and therefore becoming a target. Oh yes, please, go ahead and sue the Open Source world. I dare you. Hint: it's not an organisation that produces anything you could sue them for. Except maybe slander ;-) Felix
Re: AntiVirus!
Thus spake Lipscomb, Al ([EMAIL PROTECTED]): See the words "TO THE EXTENT PERMITTED BY APPLICABLE LAW". There are lots of places in this world where the law says the person who wrote it or the person who gave it to you can be held liable no matter what they want to disclaim. It depends on _how_ I was harmed by the product in many cases. Al, please don't talk about stuff you don't understand. It's not a "product", it's free software. And if there was any precedent for taking a software maker to a court for his bad software quality, California would have to declare bankruptcy. Then you have more problems that a few free software hackers. Felix
RE: AntiVirus!
Based on the fact that your virus scanner detected a few outgoing virii, you assert not only that it has detected all of them. Please quote where I indicated perfection. And the role of your IT department is to walk around and clean up virus infections. One of the many roles of the IT staff is maintenance of hardware and software. Whats wrong with that? snip a bunch of childish crap, further verifying your lack of ability to carry on a civilized discussion Never mind answering the above. I see that your answer will be useless.
Re: Why qmail needs to restart when deleting messages from the queue.
On Tue, Dec 05, 2000 at 09:58:37AM +1000, Rawlinsons Group (Brisbane) wrote: Why does qmail need to restart everytime you delete a message from the queue? Because it tries to keep track of what the queue looks like, and if you mess with it, it'll get confused. If you were restarting qmail and several other servers at the same time were trying to send an email it would not get through would it? Those servers will just try to send the message again later. Nothing should get lost. Greetz, Peter -- dataloss networks '/ignore-ance is bliss' - me 'Het leven is een stuiterbal, maar de mijne plakt aan t plafond!' - me
RE: AntiVirus!
It was sent to a holding directory and a messages was sent to the admin account alerting him of the incident. In this case it was so well known it and the others received by that time were simply deleted rather than analyzed, and the senders were notified. Now that is impressive. You knew and could detect iloveyou before all the other people in the world? I was awake that night as the reports started coming accross the wire. It was trivial to modify my filters and scan the mail boxes before people came in to work the next morning. What kind of psychic are you employing? Do you ever have anything useful to say?
Re: badmailfrom
Alex Pennace [EMAIL PROTECTED] writes: qmail-smtpd rejects messages with an envelope sender (return-path) listed in badmailfrom, and does not act on the message From: header. To block mail from this guy, you would need to block mail with the null envelope sender (), which is certainly not what you want. I could block a particular domain by putting the appropriate line into the tcp.smtp database source and recompile the CDB. But that is at least a 2 step process and not as simple as echo "spam.more.com" /var/qmail/control/badmailfrom Is there a simpler way of filtering on the information that qmail puts into the ``Received:'' header? Received: from spam.more.com (123.213.132.231) by my.server.com with SMTP; 5 Dec 2000 00:07:01 - -- Manfred
Re: AntiVirus!
On Mon, 4 Dec 2000, [EMAIL PROTECTED] wrote: Now that is impressive. You knew and could detect iloveyou before all the other people in the world? I was awake that night as the reports started coming accross the wire. It was trivial to modify my filters and scan the mail boxes before people came in to work the next morning. It's been awhile since I've posted to this list, but I must point out that this "watch and wait" vigil-style virii detection isn't really all that useful when you're asleep and wake up the next morning to your staff executing a script that is wiping the hard drives of every machine on your network. Hec, wiping out even just one of my bosses computers is a nightmare... -- B r e t t R a n d a l l http://xbox.ipsware.com/ brett_ @ _ipsware.com
Re: AntiVirus!
Quoting John W. Lemons III ([EMAIL PROTECTED]): Now that is impressive. You knew and could detect iloveyou before all the other people in the world? I was awake that night as the reports started coming accross the wire. It was trivial to modify my filters and scan the mail boxes before people came in to work the next morning. And there I was, having developed a little faith in NT-luserdom. But no, John W. Lemons III had /not/ taken precautions. He did the same ad-hackery all NT-Sysops did that night. And he didn't even have a Securityfocus2sms gateway to help him in his relentless struggle against Redmon-induced IT-BSD. John, you just shot yourself in both feet with an elephant gun. Your little sob story /proved/ that virus scanners are snakeoil. What kind of psychic are you employing? Do you ever have anything useful to say? At least his systems are virus free, John... reply-to set.
Re: AntiVirus!
Thus spake John W. Lemons III ([EMAIL PROTECTED]): Based on the fact that your virus scanner detected a few outgoing virii, you assert not only that it has detected all of them. Please quote where I indicated perfection. You said that you are happy that you have not become one of the places that spread virii. By the way, about the discussion about the net worth of virus scanners, please have a look a the email I just got (no, I am not making this up): From [EMAIL PROTECTED] Tue Dec 5 01:32:07 2000 Return-Path: Delivered-To: [EMAIL PROTECTED] Received: (qmail 28608 invoked from network); 5 Dec 2000 00:32:07 - Received: from scream.wlv.netzero.net (HELO mailfw.nzdom) (209.247.163.9) by fefe.de with SMTP; 5 Dec 2000 00:32:07 - Received: from ([255.255.255.255]) by mailfw.nzdom with MailMarshal (3,3,0,0) id D220d; Mon, 04 Dec 2000 16:37:26 -800 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Date: Mon, 04 Dec 2000 16:37:26 -800 Subject: Your e-mail message was blocked MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--=_NextPart_5e5c99df-bbb5-11d4-b9fe-009027858a3a" Content-Length: 723 =_NextPart_5e5c99df-bbb5-11d4-b9fe-009027858a3a Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit NetZero Mail server has stopped the following e-mail for one of the following reasons: * It contains a disallowed subject line, text message, a chain or hoax letter. Message: B000ef930.0001.mml From:[EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: AntiVirus! If you believe the above e-mail to be business related please contact [EMAIL PROTECTED] to arrange for the message to be released to its intended recipients. The blocked e-mail will be automatically deleted after 7 days. =_NextPart_5e5c99df-bbb5-11d4-b9fe-009027858a3a-- What will happen when someone writes a Virus called "the"? Felix
RE: AntiVirus!
John, you just shot yourself in both feet with an elephant gun. Your little sob story /proved/ that virus scanners are snakeoil. I fail to see how that "shot me in the foot". One of the features of our virus scanning procedure is the ability to filter out suspect files. I think you are a bit over zealous.
RE: AntiVirus!
It's been awhile since I've posted to this list, but I must point out that this "watch and wait" vigil-style virii detection isn't really all that useful when you're asleep and wake up the next morning to your staff executing a script that is wiping the hard drives of every machine on your network. Hec, wiping out even just one of my bosses computers is a nightmare... Agreed, but I would have been remiss had I not augmented our filtering when news hit. Its certainly not the best filtering methodology on the market, but it did stop us from having any problems. Certainly better than doing nothing considering how many copies of that thing we filtered.
RE: AntiVirus!
yeah. my apologies to those of you on this thread that get that returned to you. that's another department's fun to decide (correctly and otherwise) what is spam and virus and whatnot and protect the uninformed amongst those of us who know what not to click on. sorry. -- Michael Boyiazis [EMAIL PROTECTED] Mail Architect, NetZero, Inc. -Original Message- From: Felix von Leitner [mailto:[EMAIL PROTECTED]] Sent: Monday, December 04, 2000 5:19 PM To: [EMAIL PROTECTED] Subject: Re: AntiVirus! Thus spake John W. Lemons III ([EMAIL PROTECTED]): Based on the fact that your virus scanner detected a few outgoing virii, you assert not only that it has detected all of them. Please quote where I indicated perfection. You said that you are happy that you have not become one of the places that spread virii. By the way, about the discussion about the net worth of virus scanners, please have a look a the email I just got (no, I am not making this up): From [EMAIL PROTECTED] Tue Dec 5 01:32:07 2000 Return-Path: Delivered-To: [EMAIL PROTECTED] Received: (qmail 28608 invoked from network); 5 Dec 2000 00:32:07 - Received: from scream.wlv.netzero.net (HELO mailfw.nzdom) (209.247.163.9) by fefe.de with SMTP; 5 Dec 2000 00:32:07 - Received: from ([255.255.255.255]) by mailfw.nzdom with MailMarshal (3,3,0,0) id D220d; Mon, 04 Dec 2000 16:37:26 -800 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Date: Mon, 04 Dec 2000 16:37:26 -800 Subject: Your e-mail message was blocked MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--=_NextPart_5e5c99df-bbb5-11d4-b9fe-009027858a3a" Content-Length: 723 =_NextPart_5e5c99df-bbb5-11d4-b9fe-009027858a3a Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit NetZero Mail server has stopped the following e-mail for one of the following reasons: * It contains a disallowed subject line, text message, a chain or hoax letter. Message: B000ef930.0001.mml From:[EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: AntiVirus! If you believe the above e-mail to be business related please contact [EMAIL PROTECTED] to arrange for the message to be released to its intended recipients. The blocked e-mail will be automatically deleted after 7 days. =_NextPart_5e5c99df-bbb5-11d4-b9fe-009027858a3a-- What will happen when someone writes a Virus called "the"? Felix
Re: AntiVirus!
At 12:46 AM 5/12/00 +0100, Felix von Leitner wrote: Thus spake John W. Lemons III ([EMAIL PROTECTED]): I disagree with the assertion that virus scanners are non-solutions. On the mail servers I run, I have installed some simple virus scanning software, and it has, up to now, filtered out lots of incoming virii and trojans, as well as a few outgoing virii (which alerted me as to who was infected, and allowed me to advise the IT folks so they could go clean it up). Its not a perfect solution, but its far better than nothing, and results in our location not becoming a source for that kind of garbage. Let me get this straight. Based on the fact that your virus scanner detected a few outgoing virii, you assert not only that it has detected all of them. I don't see how you got "All" out of "filtered out lots of incoming virii and trojans", which clearly does not say it covers everything. Please stop generalizing. And the role of your IT department is to walk around and clean up virus infections. What kind of institution are you working in? snip! In Europe, Elementary Schools have more professional IT departments than that. IT Departments are there to solve user problems, and to solve company/institution problems. A virus can quite happily be both. I have seen a number of 'network/computer issues' (outside of the office I am in) that have been related to virii causing unpredictable behavior. Ignoring the problem only allows it to fester, and will only make the final cleanup (which will most definitely be the IT Departments problem) much longer, problematic, and far more costly. How much does your company/institution price it's data, and it's down-time? And what operating system your network clients run is not always your decision to make. Add to that the fact that the more complex the application and operating system, the more likely bugs are introduced, with the consequence that there will always be some sort of exploit for a hell of a lot of software, even on Unix/Posix based platforms. A good (fairly secure) operating system (which really means the kernel and a few select tools) doesn't mean that the applications will necessarily follow suit. One of my favourite sayings is: "Everyone has the computing platform he deserves." And for your statements here, you deserve all the Windows 2000 that you can carry. Unfortunately you don't always have the choice that you may want, simply due to the nature of your business, or due to lack of applications. Many people I know wish they had the luxury of having everyone using a non-windows platform for clients. I'm quite lucky that we are heading in that direction, but we will not be windowless for a while yet. A virus scanner isn't the whole solution. But it's a part of a solution that is definitely worth investigating. It may not necessarily be part of your solution, but your solution isn't necessarily good for anyone else either. Stuart Young - [EMAIL PROTECTED] (aka Cefiar) - [EMAIL PROTECTED] [All opinions expressed in the above message are my] [own and not necessarily the views of my employer..]
RE: AntiVirus!
I was speaking of the kinds of files we filter in and out. Sorry we are having such a hard time communicating. -Original Message- From: Felix von Leitner [mailto:[EMAIL PROTECTED]] Sent: Monday, December 04, 2000 7:19 PM To: [EMAIL PROTECTED] Subject: Re: AntiVirus! Thus spake John W. Lemons III ([EMAIL PROTECTED]): Based on the fact that your virus scanner detected a few outgoing virii, you assert not only that it has detected all of them. Please quote where I indicated perfection. You said that you are happy that you have not become one of the places that spread virii. By the way, about the discussion about the net worth of virus scanners, please have a look a the email I just got (no, I am not making this up): From [EMAIL PROTECTED] Tue Dec 5 01:32:07 2000 Return-Path: Delivered-To: [EMAIL PROTECTED] Received: (qmail 28608 invoked from network); 5 Dec 2000 00:32:07 - Received: from scream.wlv.netzero.net (HELO mailfw.nzdom) (209.247.163.9) by fefe.de with SMTP; 5 Dec 2000 00:32:07 - Received: from ([255.255.255.255]) by mailfw.nzdom with MailMarshal (3,3,0,0) id D220d; Mon, 04 Dec 2000 16:37:26 -800 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Date: Mon, 04 Dec 2000 16:37:26 -800 Subject: Your e-mail message was blocked MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--=_NextPart_5e5c99df-bbb5-11d4-b9fe-009027858a3a" Content-Length: 723 =_NextPart_5e5c99df-bbb5-11d4-b9fe-009027858a3a Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit NetZero Mail server has stopped the following e-mail for one of the following reasons: * It contains a disallowed subject line, text message, a chain or hoax letter. Message: B000ef930.0001.mml From:[EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: AntiVirus! If you believe the above e-mail to be business related please contact [EMAIL PROTECTED] to arrange for the message to be released to its intended recipients. The blocked e-mail will be automatically deleted after 7 days. =_NextPart_5e5c99df-bbb5-11d4-b9fe-009027858a3a-- What will happen when someone writes a Virus called "the"? Felix
Re: Open Relay questionnaire
On Mon, Dec 04, 2000 at 05:12:07PM -0600, Eric Walters wrote: Is there a compelling reason to use one form of smtp auth vs. another? If you're referring to the various SMTP-after-POP/IMAP packages, not really. I believe relay-ctrl is the only one that supports Courier IMAP, but other than that all the ones I'm aware of do the same thing. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: AntiVirus!
On Mon, Dec 04, 2000 at 08:25:05PM +, Uwe Ohse wrote: On Mon, Dec 04, 2000 at 12:22:43PM -0600, John W. Lemons III wrote: Then ignore that minority group and don't prolong their agony by giving them access to non-solutions like virus scanners. I disagree with the assertion that virus scanners are non-solutions. me too. I do too, but only to a point. Automated virus scanners reduce but do not eliminate the risk of infection from viruses. However, virus scanners are NOT a solution. They are a band-aid to aleviate the symptoms of the problem. The problem is a lack of protection in the software (OS and application) itself. Proper protection models would be a solution. User education is also a problem. Everybody believes that you can simply use software with no training, even though every other significant endeavour they might do (driving, operating equipment, making sales calls for a company, etc.) requires a significant level of instruction. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
authorised outgoing users
Hi, A quick question. I am about to use qmail as our MTA. Is it possible to set it up so that I can control outgoing emails in that only authorised users can send emails to the external world while other users can only use it to send emails inside our local domain? Many thanks Calvin
RE: AntiVirus!
I do too, but only to a point. Automated virus scanners reduce but do not eliminate the risk of infection from viruses. However, virus scanners are NOT a solution. They are a band-aid to aleviate the symptoms of the problem. The problem is a lack of protection in the software (OS and application) itself. Proper protection models would be a solution. I agree, as I state in one of my previous posts, real OS security would resolve a large portion of this, and Windows just doesn't have it, nor do I expect it will in the foreseeable future. Until then, we have to apply whatever band aids keep us up and running. User education is also a problem. Everybody believes that you can simply use software with no training, even though every other significant endeavour they might do (driving, operating equipment, making sales calls for a company, etc.) requires a significant level of instruction. I understand that sentiment, and even agree to an extent, but the kind of time and money necessary for "proper" training is hard to come by (at least where I've worked). When you add to it an ignorant user base and new software being rolled out almost monthly, it becomes almost impossible to fully train some people. I've had some users that, in training sessions, picked up the concepts and information as fast as we could feed it to them, and others whose hands you had to hold though the whole process, and they still didn't really "get it". You can't just get rid of these people, as many of them were essential to the various departments for which the work, and most were exceptionally talented in their particular field. They just were not raised with computers. This will probably only get better though as the workforce transitions to the children and young adults who have grown up with them and technology progresses. So, we do the best with the people and resources we have. Virus scanners are just another tool to facilitate this.
OT: SNR on this list (was: RE: AntiVirus!)
[Sorry, John, for that immediate send -- I *wish* Eudora didn't map CTRL-E to that - Unix's "end of line" keystroke habit bites me in the backside again...] On or about 09:58 PM 12/4/00 -0600, John W. Lemons III was caught in a dark alley speaking these words: I do too, but only to a point. Automated virus scanners [snip] virus scanners are NOT a solution. [snip] real OS security [snip] Windows just doesn't have it [snip] time and money necessary for "proper" training new software being rolled out almost monthly I've tried to keep my fingers in check here, but even I have to say: What part of this thread has anything at all to do with qmail? Isn't there an alt.windows.sucks.WRT.virus.scanners.advocacy newsgroup you can take this to, if not at least private mail? Or, at the *very* least, can you for the sake of whatever deity you pray to at nite, put an "OT: " in front of the subject? One [very dedicated, intelligent] person has already been chased away by the poor behavior exhibited recently on this list... Must it continue? Regards. = Roger "Merch" Merchberger -- [EMAIL PROTECTED] SysAdmin - Iceberg Computers = Merch's Wild Wisdom of the Moment: = Sometimes you know, you just don't know sometimes, you know?