Re: RBLSMTPD
Hello Hi, Can anyone please advise me if there is anyway of telling an attacker if you like that they have been blocked via an email or something similiar. I am having the problem that people are getting blocked however it appears the mail goes through but is then not returned. Please Help. The rblsmtpd based for instance on ORBS - this is not good idea. I think - each admin should generate its own "black" list of spam hosts rather than take it from ORBS. This server from I'm writing now (administrated by me) does not support open relay now, since time, when I have begun administrate it, I have installed the newest software - qmail and configure it with tcpserver. The relayclients are carefuly established. Nothing more are not able to relay post by server of mine but I'm existing further time till today on ORBS list as insecure. Why? How about ask Alan Brown? I suppose, that in like my case are more peoples! If any host might support open relay if not, would bee seen without complicated tests. Each can see that my host does not support open relay but my host sitll exists on ORBS list! ORBS and like ORBS lists there are stupid idea, which makes more evil than good. First of all from such as ORBS 'insecure hosts' list" are using all presented on Net hacers, who have directly listing of host, which potentialy can be used to attack. I'm of opinion, that giving such list public is illegal and harmful. I have met such case, that after each test made from ORBS was reported hackers proof to destroy my host, therefore the access for ORBS on my host has been by my on tcpserver blocked: =nl:deny =nz:deny Best Wishes Piotr --- Piotr Kasztelowicz [EMAIL PROTECTED] [http://www.am.torun.pl/~pekasz]
qmail Digest 28 Dec 2000 11:00:01 -0000 Issue 1227
qmail Digest 28 Dec 2000 11:00:01 - Issue 1227 Topics (messages 54420 through 54447): Re: Limited SMTP Relay 54420 by: Chris Johnson 54439 by: asantos qmail news RDF 54421 by: Russell Nelson "warning: unable to unlink local/9/3601004; will try again later" mystery solved 54422 by: Bradley C. Kuszmaul Re: Logging Messages - qmail newbie 54423 by: Markus Stumpf Re: concurrency always 0 54424 by: Markus Stumpf Re: help me 54425 by: Markus Stumpf Re: qmail-pop3d and users groups 54426 by: Markus Stumpf Re: checkpassword question 54427 by: Markus Stumpf 54440 by: Rick Lu Looking for a detailed qmail log analyzer .. preferably something pretty for the CEO. 54428 by: Steve Fulton Xinetd Qmail New Problem! 54429 by: Jeff Lacy Re: Other Outlook features and qmail 54430 by: Boz Crowther 54431 by: Luca Pescatore RBLSMTPD 54432 by: drew.ricshaw.com.au 54447 by: Piotr Kasztelowicz "Backup" Qmail Server 54433 by: Michael Hornby 54434 by: Mike Jackson 54435 by: Henning Brauer 54436 by: Dennis 54437 by: Henning Brauer 54442 by: richard.illuin.org rblsmtpd - notification 54438 by: drew.ricshaw.com.au Re: Attachment-based relaying 54441 by: David L. Nicol not sure what the subject should be 54443 by: Timothy Falardeau 54445 by: Andrew Hill alias system 5 by: drew.ricshaw.com.au 54446 by: Mark Delany Administrivia: To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To subscribe to the digest, e-mail: [EMAIL PROTECTED] To bug my human owner, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] -- On Tue, Dec 26, 2000 at 10:10:31PM -0500, Aaron Carr wrote: This file contains 192.168.1.0:allow,RELAYCLIENT=" " That should be RELAYCLIENT="", not RELAYCLIENT=" " (you shouldn't have a space between the quotation marks). Also, as someone else pointed out, the IP address should be a pattern, not a netmask (i.e. 192.168.1. instead of 192.168.1.0). Chris From: Chris Johnson [EMAIL PROTECTED] That should be RELAYCLIENT="", not RELAYCLIENT=" " (you shouldn't have a space between the quotation marks). Also, as someone else pointed out, the IP address should be a pattern, not a netmask (i.e. 192.168.1. instead of 192.168.1.0). I think that the contents of RELAYCLIENT will simply be appended to the incoming recipient address. Possibly harmless, therefore. Armando If you have the ability to do so, please test my qmail news RDF Site Summary (RSS) file. The URL is http://qmail.org/news.rdf . I haven't announced it anywhere except this message right now, so for example it's not available at Slashdot as a news box. Once I get some feedback I'll start submitting it (that should be taken as a broad hint. Very broad.) More information on RSS is at http://my.netscape.com/publish/help/quickstart.html More information on RDF is at http://www.w3.org/TR/REC-rdf-syntax/ -- -russ nelson [EMAIL PROTECTED] http://russnelson.com | A steak, bacon Crynwr sells support for free software | PGPok | and cheese sandwich is 521 Pleasant Valley Rd. | +1 315 268 1925 voice | offensive to every major Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | religion. There is a lot of email in the archives of this list complaining about things such as warning: unable to unlink local/9/3601004; will try again later I saw this too, (running with the rpms made by Bruce Guenter E[EMAIL PROTECTED]) I investigated what was going on. The key is to look at errno when the unlink fails. (By the way, I suggest that the when printing the warning about the unlink failing, the error code ought to be printed out too.) The unlink returned error code 5 (I/O error) sometimes, but not always. By taking out the syncdir patch, the problem goes away. I mounted the ext2fs filesystem "sync" (it turns out the only thing on that disk is my qmail queue and my alias maildirs, so it is an excellent candidate for being mounted "sync".) Now the system works much better, with none of those "unable to unlink" messages in the logs. A related problem: The "try again later" is 123 seconds later: pe.dt = now() + SLEEP_SYSFAIL; This can cause problem if more than a few hundred messages get into this state (especially when using syslogd). The problem is that qmail spends all its time looking at these messages. Much better would be if the retry were scheduled with a quadratic backoff strategy to avoid swamping qmail with these bad messages. -Bradley On Sat, Dec 23, 2000 at 09:27:52PM +, Anonymous user wrote: Has anybody got a more elegant way of doing this? What would you consider "elegant" ? Thinking this I tried to construct a Maildir for my messages by putting
Re: rblsmtpd - notification
On Thu, Dec 28, 2000 at 11:10:37AM +1100, [EMAIL PROTECTED] wrote: question is: Is there anyway of notifying the person who sent the mail to you through the open relay, with a generic message that they were blocked. Say "Your message could not be processed by our server." If anyone could help with this it would be much appreciated. rblsmtpd either rejects the message permanently (5xx code) or temporarily (4xx code). Depending on the option you start rblsmtpd with and assuming a correctly working smtpd on the sending side, the user will either get a immediate failure notice on a 5xx code or a delayed one as soon as the retry interval (typically around a week) of the sending smtpd has expired. See URL:http://cr.yp.to/ucspi-tcp/rblsmtpd.html and especially the section on "Temporary errors" and the "-b -B" switches for more information. Note: a 4xx code is more "social" but may trigger bugs in some smtpds (e.g. Microsoft SMTP) causing them to hammer on your smtpd with retries. See: URL:http://support.microsoft.com/support/kb/articles/Q224/9/83.ASP \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
Re: What does return address is refused mean?
On Wed, Dec 27, 2000 at 05:04:32PM -0800, Dai Yuwen wrote:
Sometimes my mail will be bounced with the subject "return address is
refused". What does that mean? I'm using qmail-1.03.
This is not a qmail error message.
If these messages are bounces this may be caused by badly configured
mail servers incorrectly rejecting messages with an empty sender ("").
\Maex
--
SpaceNet AG | http://www.Space.Net/ | Stress is when you wake
Research Development| mailto:[EMAIL PROTECTED] | up screaming and you
Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't
D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
Re: Re: checkpassword question
On Thu, Dec 28, 2000 at 10:13:56AM +0800, Rick Lu wrote: as we all know, there are two super-user functions in checkpassword package: setuid setgid. because qmaild is only a normal user in nofiles group, so he has no privilege to call these codes. it will show "-ERR authorization failed". Typically qmail-pop3d is started from tcpserver like: /usr/local/bin/tcpserver -R -v -c 150 0 pop3 \ /var/qmail/bin/qmail-popup host.domain \ /var/qmail/bin/checkpassword \ /var/qmail/bin/qmail-pop3d Maildir 21 \ | /var/qmail/bin/splogger qmail-pop3d 17 That is qmail-popup (and checkpassword) is started as root and not as user qmaild and so everything will just work fine and checkpassword is able to use the setuid/setgid calls to set the user to the authenticated one. \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
Re: alias system
On Thu, Dec 28, 2000 at 04:28:52PM +1100, [EMAIL PROTECTED] wrote: I have a .qmail file in my home directory that is .qmail-user and it contains the line: /usr/home/drew/Maildir2/ where Maildir2 is a seperate Mail directory setup than the one we use on the system. Is there anyway I can pop mail from this directory or is that an impossibility. Anyones input would be much appreciated. If the user "drew" should authenticate/pop that Maildir2 and /usr/home/drew is drew's $HOME you could set up another pop3 server on another port and instead of "Maildir" use "Maildir2" as argument to qmail-pop3d. However your client must support a non default pop3 port for that setup. \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
How sending messages from web site
Hello, I'm insttalling Qmail Relay server on Raq3i . I putting my web site, my http server on this machine. (only SMTP, no POP! is allowed here, since this machine lies in DMZ and used only to relaying mails to the qmail LAN server liying behind a fierwall). My question is: how I can use qmail to allow users sending messages from the web site using mail soft like IMP/HORD or another (any suggestions in this sense is welcome!)? How users connecting to the my site web from anywhere can get their messages on the qmail LAN server ? PS: only my LAN machine IP's are listed in the tcp.smtp file now? Thanks
Re: RBLSMTPD
On Thu, Dec 28, 2000 at 10:12:48AM +0100, Piotr Kasztelowicz wrote: ORBS and like ORBS lists there are stupid idea, which makes more evil than good. First of all from such as ORBS 'insecure hosts' list" are using all presented on Net hacers, who have directly listing of host, which potentialy can be used to attack. I'm of opinion, that giving such list public is illegal and harmful. I have met such case, that after each test made from ORBS was reported hackers proof to destroy my host, therefore the access for ORBS on my host has been by my on tcpserver blocked: This lists are irrelevant for attacks and security through obscurity is no security at all. Hackers will find your server regardless whether you are listed in a RBL list or not. On a freshly setup system with an IP address never assigned before I had - within a week - 4 complete port scans + 6 additional scans for relay open mailservers. Trying to "hide" is useless. Fix your systems. I personally have no mercy for ppl doing lousy system administration and whining when they get hacked. If you can't handle all the hosts in your responsibility use at least some port filters or a firewall or disconnect them by pulling the network plug. \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
Re: RBLSMTPD
On Thu, 28 Dec 2000, Markus Stumpf wrote: This lists are irrelevant for attacks and security through obscurity is no security at all. The peoples, who manages with RBL could inform admin of tested host prior to begin such tests. If test had presented insecurity or open relay possibilities, ORBS admins could have informed me about them first prior to inform all peoples about them to write it on data base. I'd like to pay your attention to this fact, that all cases to connect to my smtp to use it other than for sending or receiving e-mail (for instance to the test without to inform me about them) can be taken as hackers proof itself. Additionaly each case such tests due to more acitivity of hackers. Should I report this without reaction? I were in such case a bad administrator. Hackers will find your server regardless whether you are listed in a RBL list or not. But you can this not excluded, that this listing would have been a good direction for hackers, because it is public on WWW. Trying to "hide" is useless. Fix your systems. I personally have no mercy .. This was already made by me in September, when I have begun manage with this server (I have under my care more servers), but I will not idle to look to logs, where are observed logs from ORBS tests' proofs common with proofs of achieve my server on ftp or telnet. I suppose, that I'm permited to request from ORBS to use my smtp only for provided for it use - email sending or receiving. This same I wish me to stop all tests. I think, I have a rhight to its... Best Wishes Piotr Kasztelowicz --- Piotr Kasztelowicz [EMAIL PROTECTED] [http://www.am.torun.pl/~pekasz]
Re: Xinetd Qmail New Problem!
Thank you very much Andrew! You helped me solve my problem! It couldn't
have been simpler. I am a bozo. I was looking at a all the programs in
/var/qmail/bin, and I learned that qmail didn't really lose my messages. I
guessed that I hadn't started all of qmail correctly, so I ran
'/var/qmail/rc '. The number of messages in the queue started dropping.
Now I will add rc to my init scripts. Thanks Andrew.
SORRY EVERYONE!
Bozo Jeff
- Original Message -
From: "Andrew Richards" [EMAIL PROTECTED]
To: "'Jeff Lacy'" [EMAIL PROTECTED]
Sent: Thursday, December 28, 2000 12:37 PM
Subject: RE: Xinetd Qmail New Problem!
Jeff,
I think you'll need to post your logs and startup files for the list
members
to be able to help you.
cheers,
Andrew.
--
From: Jeff Lacy[SMTP:[EMAIL PROTECTED]]
Sent: 27 December 2000 21:47
To: [EMAIL PROTECTED]
Subject: Xinetd Qmail New Problem!
Okay. Thanks everyone who helped me. Qmail accepts mail and things seem
to
be mostly better. Now I only have problem and I would very very grateful
if
anyone could help me with it.
After qmail accepts a message from me, I assume it does it thing. Then I
go
to my mail program (outlook express) and say for check new mail. It asks
for new mail, via pop3, and it comes back with nothing at all. I don't
know
how to find the all the messages I send. Qmail is hiding/destroying my
mail! Could someone please tell me where to look and/or how to fix the
problem?
.qmail-root and .qmail-postmaster both are:
jeff
[EMAIL PROTECTED]
~jeff/.qmail is:
./Maildir/
~jeff/Maildir/ is owned by jeff and is a mail dir so it should work.
Doing an 'echo to:jeff | /var/qmail/bin/qmail-inject' doesn't show up
anywhere. Email to root get lost too.
Could someone please help me? Thanks everyone :-D
Jeff
- Original Message -
From: "Paco Gracia" [EMAIL PROTECTED]
To: "Jeff Lacy" [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Wednesday, December 27, 2000 2:31 AM
Subject: RE: Xinetd Qmail
Hello,
This set up used to work with qmail and RH7.0. It uses vpopmail so
if
you have a standard qmail instalation you'll have to change vchkpw to
use
checkpassword.
Each service is in one file inside /etc/xinet.d. Read xinet man
pages
to
allow and deny connections, set a maximun number of concurrent
connections,
bind and external ip to an internal ip, configure your logs, etc...
tcpserver was the only solution before xinet and it is still the
best
solution for advanced qmail instalations. For nothing too complicated
xinet
can do the job perfectly... and it is most straightforward than
tcpserver.
So the choice depends on your needs.
Bye.
/etc/xinet.d/smtp
# default: on
service smtp
{
disable = no
socket_type = stream
protocol= tcp
wait= no
user= qmaild
server = /var/qmail/bin/tcp-env
server_args = /var/qmail/bin/qmail-smtpd
log_on_success += USERID
log_on_failure += USERID
}
/etc/xinet.d/pop
# default: on
service pop3
{
disable = no
socket_type = stream
wait= no
user= root
server = /var/qmail/bin/qmail-popup
server_args = your.mail.server
/home/vpopmail/bin/vchkpw
/var/qmail/bin/qmail-pop3d Maildir
log_on_success += USERID
log_on_failure += USERID
}
- Original Message -
From: Jeff Lacy [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, December 27, 2000 2:56 AM
Subject: Xinetd Qmail
Hello Everyone,
I'm new to this list, so please forgive me if this has been asked
before
or is really dumb.
I'm running RH7.0 and I would like to run qmail. I thought I had
it
working once, but I was just calling tcpd from xinetd and that seemed
a
little foolish. I have been messing around with xinetd all day and my
progress has been -42. Qmail accepts messages, but then they just
sort
of
disappear. I think it all stems from a problem with my xinetd
configuration. I have searched the internet and everything I find is
different from everything else. I am looking for the 'definitive'
thing
to
use with xinetd. Hopefully, it should have logging and not use
anything
t complex (and allow relaying from my lan).
I would also really appreciate it if someone would tell me why so
many
people use tcpserver instead of xinetd. I understand that tcpserver
can
be
run continually, but xinetd only starts smtpd (or whatever) when
someone
connects to port 25. I am going to be running a very very (did I
mention
very) low-volume mail server.
config help needed
I just recently installed qmail and followed the how-to on life w/ qmail. I am at the part where i start it for the first time, and i am getting the following error messages: supervise: fatal: unable to acquire qmail-send/supervise/lock: temporary failuresupervise: fatal: unable to acquire log/supervise/lock: temporary failuresupervise: fatal: unable to acquire qmail-smtpd/supervise/lock: temporary failure What can I do to fix this?
RE: config help needed
all the permittions are correct, now it's giving me another error... supervise: fatal: unable to start log/run: file does not exist supervise: warning: unable to rename log/supervise/status.new to status: file does not existsupervise: fatal: unable to acquire qmail-smtpd/supervise/lock: temporary failuresupervise: fatal: unable to acquire log/supervise/lock: temporary failure when i check to see if all my qmail-send and qmail-smtpd have the /log/run in them...they both do, allrun files are executable Any ideas? Izzie
