Re: RAID Qmail.
Have you had any problems?... There were some problems, especially with RAID and ENBD software. First, I try to figure out how ENBD works, in fact when the NBD server is going down what are the possibilities for the NBD client to know that and "make an announcement" to RAID software and the last to unbind the partition from its configuration. Of course, after a carefully read of ENBD docs, I was able to deal with this problem. One other problem (for me) was with linux kernel RAID support, because you have to make a compromise between a small modularized kernel and a "huge" speedy and reliable one. I choose the last. ... What sort of throughput do you get? Have you had to actually do a rebuild? How much data are you storing? The throughput depends of the NIC's you are using and it is not dramatically limited to much by the software (RAID and ENBD). There are some compares between NFS and ENBD in the ENBD docs and you could see how fast is ENBD (it is fast, if you can trust me). What I can say is: - for reconstruction I am using 2 * 10BaseT NIC on each computer (3Com) - both computers are running 2.2.16 kernel optimized - one of those computers (the master) is PII-450MHz/64M RAM/IDE and the other (the slave) is Pentium 100MHz/48M RAM/SCSI - the partition for qmail is 1GByte large (small site) In the consideration above, a full reconstruction it takes ~20min or less, depending the load of the master which also running NS. I think a rate of 5Mbit/sec it could be OK. It can be raised in multi-processor configuration, more RAM on each nodes, SCSI on both, 100BaseT or 1GByte ethernet and same architecture. Thanks, Rick. It was my pleasure. Regards, -- Adrian Turcu System Administrator Computers Department Romanian Railway Company Constanta Region E-mail: [EMAIL PROTECTED], [EMAIL PROTECTED] Phone: +40 92 563791 (any time) +40 43 363977 (home)
mail loop problem
For the life of me, I can't figure out what I did. I'm running qmail 1.03 on a RH 7 (kernel 2.2.17) system. This is an internal server providing DNS (internal and forwarding for external resolution), mail and web services. I'm running vpopmail 4.9.4. Everything seems to be working fine except sending from the mail server to an address hosted on the mail server (local mail). Incoming mail from the rest of the Internet seems to work, mail from other servers internally seems to work, again, just mail initiated locally is broken. I'm also hosting other domains on this same system and they are behaving similarly ... mail from outside works, mail initiated from the mail server doesn't. all the domains are listed in rcpthosts and virtual domains properly. Here's what I see in my bounced message (it gets bounced to root@localhost and placed in an mbox) - Transcript of session follows - 553 5.3.5 mail.jahl.com. config error: mail loops back to me (MX problem?) 554 5.3.5 [EMAIL PROTECTED] Local configuration error mail.jahl.com is my MX record ... here's a partial of my DNS: kazon IN A 10.5.5.25 mailIN A 10.5.5.25 @ IN MX 5 mail.jahl.com. @ IN NS kazon.jahl.com. @ IN A 10.5.5.25 I can ping all address and names just fine. Any ideas? All I can find are references to this similar problem. Near as I can tell, the qmail equivalent solution would be to add the domain to rcpthosts file. It's already there. Thanks for any input. Charlie
Re: bandwidth monitoring/analysis
NDSoftware wrote: I search too but i need the bandwith used by domains and install a quota ! Nicolas DEFFAYET, NDSoftware http://www.ndsoftware.net - [EMAIL PROTECTED] France: Tel +33 671887502 - Fax N/A UK: Tel +44 8453348750 - Fax +44 8453348751 USA: Tel N/A - Fax N/A -Original Message- From: Barry Smoke [mailto:[EMAIL PROTECTED]] Sent: Friday, January 19, 2001 9:37 PM To: [EMAIL PROTECTED]; Vmailmgr@Lists. Em. Ca Subject: bandwidth monitoring/analysis I am in need of some bandidth monitoring/analysis, of qmail... I need to know what percentage of bandwidth of all running processes qmail is taking, and of that bandwidht, what percentage each virtual domain is taking... I am using the vmailmgr package for virtual domains... Any suggestions greatly appreciated. Barry Smoke I am currently figuring out myself how to do it and yesterday I found a nice Patch on qmail.org so qmail-remote can used fixed IP. So what I would do is patching qmail and giving it a dedicated IP. After doing that I would install snmp + mrtg for this IP. After doing that it should be really no Problem to see which Bandwidth qmail is using! -- --^..^-- michael maier - system development administrator flatfox ag, hanauer landstrasse 196a d-60314 frankfurt am main fon+49.(0)69.50 95 98-308 fax+49.(0)69.50 95 98-101 email [EMAIL PROTECTED] urlhttp://www.flatfox.com - m a k e m y d a y
Re: couldn't find any host
Henning Brauer wrote: On Sat, Jan 20, 2001 at 08:55:36PM -0500, Jeff Bolle wrote: Jan 20 12:54:30 mail qmail: 980024070.874084 delivery 14: failure: Sorry,_I_couldn't_find_any_host_named_bucknell.edu._(#5.1.2)/ DNS problem. This machine is currently using register.com's domain servers in resolv.conf. Any help Aie! You have a great misunderstanding of DNS. I'd recommend reading http://www.lifewithdjbdns.org, it explains a _lot_ about DNS in general and djbdns. Too bad that Web Site seems to be written from People who are just installing DJBdns and jump when it works but not for real Life Examples! I recommend http://www.acmebw.com/askmr.htm
Re: why so few qmail-remote processes ...
Hello, ok but why waiting for a failed email attemp while many of them are waiting in the queue Regards Frip' - Original Message - From: "Paul Jarc" [EMAIL PROTECTED] To: "Jacques Frip' WERNERT" [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, January 19, 2001 7:27 PM Subject: Re: why so few qmail-remote processes ... "Jacques Frip' WERNERT" [EMAIL PROTECTED] writes: in fact I trying to know why I can see sometimes 100 qmail-remote processes and sometimes only 10 with many messages in my queue (ie 200). So why qmail-send is not asking rspawn to fork much more ... After a delivery attempt fails, qmail waits a while before retrying it. If it failed once, it's likely it'll fail again if you retry immediately, so that would be wasted effort. paul
Pine/qmail/sqwebmail
Can I use Pine with qmail/sqwebmail? Apparently sqwebmail is dependent upon a maildir directory format and when I run Pine it sets up a regular mail directory (/var/mail/spool?)...Is there a config I'm missing somewhere?
qmail Digest 22 Jan 2001 11:00:00 -0000 Issue 1252
qmail Digest 22 Jan 2001 11:00:00 - Issue 1252 Topics (messages 55699 through 55719): Regarding Imap server and catchall 55699 by: kamesh 55711 by: qmailu Re: couldn't find any host 55700 by: Henning Brauer 55715 by: Michael Maier Re: POP Toaster 55701 by: Peder Angvall 55702 by: Johan Almqvist 55703 by: Mike Glover 55704 by: Henning Brauer 55705 by: Peder Angvall Re: [OT] pine and Maildir (was: Maildir versus malibox) 55706 by: Pavel Kankovsky Error Message Numbers 55707 by: Alex Le Fevre 55717 by: Markus Stumpf Re: CNAME errors, qmail-1.03+patches-18 55708 by: Christopher K Davis failure notice 55709 by: Ah Sang too many processes 55710 by: Rohit Gupta Re: RAID Qmail. 55712 by: Adrian Turcu mail loop problem 55713 by: Charles Boening Re: bandwidth monitoring/analysis 55714 by: Michael Maier Re: why so few qmail-remote processes ... 55716 by: Jacques Frip' WERNERT Problem 55718 by: M Natanasigamani Pine/qmail/sqwebmail 55719 by: mrorange Administrivia: To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To subscribe to the digest, e-mail: [EMAIL PROTECTED] To bug my human owner, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] -- Hi, I have installed Qmail on RH linux 6.2 In maildir format and also installed Vpopmail 4.8.5 and its working fine. While trying to install courier-imap 0.36 for imap support for vpopmail, iam getting error while running make install as root and the output is attached. there is no error while running confifure and make as non root user. Also in /usr/lib/courier-imap/etc/imapd.config, only authdaemon is selected in authmodules. while trying to run imap deamon its responding on port 143. but its not able to authenticate to the mailserver. can u please help me in fixing this. Also how to configure catchall in maildir format? (all mails sent to nonexistent user should go to catchallmailbox) Thank you for an early reply. Regards, kamesh - This mail sent through http://www.sify.com make AM_INSTALL_PROGRAM_FLAGS=-s install make[1]: Entering directory `/home/kamesh/download/courier-imap-0.36a' Making install in numlib make[2]: Entering directory `/home/kamesh/download/courier-imap-0.36a/numlib' make[3]: Entering directory `/home/kamesh/download/courier-imap-0.36a/numlib' make[3]: Nothing to be done for `install-exec-am'. make[3]: Nothing to be done for `install-data-am'. make[3]: Leaving directory `/home/kamesh/download/courier-imap-0.36a/numlib' make[2]: Leaving directory `/home/kamesh/download/courier-imap-0.36a/numlib' Making install in gdbmobj make[2]: Entering directory `/home/kamesh/download/courier-imap-0.36a/gdbmobj' make[3]: Entering directory `/home/kamesh/download/courier-imap-0.36a/gdbmobj' make[3]: Nothing to be done for `install-exec-am'. make[3]: Nothing to be done for `install-data-am'. make[3]: Leaving directory `/home/kamesh/download/courier-imap-0.36a/gdbmobj' make[2]: Leaving directory `/home/kamesh/download/courier-imap-0.36a/gdbmobj' Making install in soxwrap make[2]: Entering directory `/home/kamesh/download/courier-imap-0.36a/soxwrap' make[3]: Entering directory `/home/kamesh/download/courier-imap-0.36a/soxwrap' make[3]: Nothing to be done for `install-exec-am'. make[3]: Nothing to be done for `install-data-am'. make[3]: Leaving directory `/home/kamesh/download/courier-imap-0.36a/soxwrap' make[2]: Leaving directory `/home/kamesh/download/courier-imap-0.36a/soxwrap' Making install in rfc822 make[2]: Entering directory `/home/kamesh/download/courier-imap-0.36a/rfc822' make[3]: Entering directory `/home/kamesh/download/courier-imap-0.36a/rfc822' make[3]: Nothing to be done for `install-exec-am'. make[3]: Nothing to be done for `install-data-am'. make[3]: Leaving directory `/home/kamesh/download/courier-imap-0.36a/rfc822' make[2]: Leaving directory `/home/kamesh/download/courier-imap-0.36a/rfc822' Making install in rfc1035 make[2]: Entering directory `/home/kamesh/download/courier-imap-0.36a/rfc1035' make[3]: Entering directory `/home/kamesh/download/courier-imap-0.36a/rfc1035' make[3]: Nothing to be done for `install-exec-am'. make[3]: Nothing to be done for `install-data-am'. make[3]: Leaving directory `/home/kamesh/download/courier-imap-0.36a/rfc1035' make[2]: Leaving directory `/home/kamesh/download/courier-imap-0.36a/rfc1035' Making install in rfc2045 make[2]: Entering directory `/home/kamesh/download/courier-imap-0.36a/rfc2045' make[3]: Entering directory `/home/kamesh/download/courier-imap-0.36a/rfc2045' make[3]: Nothing to be done for `install-exec-am'. make[3]: Nothing to be done for `install-data-am'. make[3]: Leaving
Re: failure notice
qmail-start ./Maildir splogger qmail Isn't this supposed to be ./Maildir/ (a slash after Maildir)?
Re: failure notice
On Mon, Jan 22, 2001 at 10:13:16AM +0800, Ah Sang wrote: qmail-start ./Maildir splogger qmail ^ you missed the / here. -- Henning Brauer | BS Web Services Hostmaster BSWS| Roedingsmarkt 14 [EMAIL PROTECTED] | 20459 Hamburg http://www.bsws.de | Germany
Re: bandwidth monitoring/analysis
OK Thanks but i haven't two ip on my server ! Give it an internal IP, and let it map with your Firewall =) -- Ciao, Michael..
Re: mail loop problem
On Mon, Jan 22, 2001 at 12:33:15AM -0800, Charles Boening wrote: I'm running qmail 1.03 on a RH 7 (kernel 2.2.17) system. This is an internal server providing DNS (internal and forwarding for external resolution), mail and web services. I'm running vpopmail 4.9.4. Everything seems to be working fine except sending from the mail server to an address hosted on the mail server (local mail). Incoming mail from the rest of the Internet seems to work, mail from other servers internally seems to work, again, just mail initiated locally is broken. I'm also hosting other domains on this same system and they are behaving similarly ... mail from outside works, mail initiated from the mail server doesn't. all the domains are listed in rcpthosts and virtual domains properly. Here's what I see in my bounced message (it gets bounced to root@localhost and placed in an mbox) - Transcript of session follows - 553 5.3.5 mail.jahl.com. config error: mail loops back to me (MX problem?) 554 5.3.5 [EMAIL PROTECTED] Local configuration error That's sendmail talking, not qmail. How are you injecting this mail? Is /usr/sbin/sendmail (or wherever sendmail is on your system) a symlink to /var/qmail/bin/sendmail? Chris
Re: Problem
On Mon, Jan 22, 2001 at 04:10:01PM +0530, M Natanasigamani wrote: I want to ascertain whether my client as the capability to read HTML mail. Why don't you ask him? Chris
Re: QMail DOS
"Andy Abshagen" [EMAIL PROTECTED] wrote: We are in the midst of a security audit performed by Ernst Young. They are claiming something about a DOS situation. What I need to find out is whether there are any known DOS situations out there. If so what needs to be done to take care of the problem. If you're not running qmail-smtpd under some kind of memory limit (e.g., via ulimit or softlimit) it can be made to consume all available memory. The "Life with qmail" installation uses softlimit. See also: http://cr.yp.to/docs/resources.html For more background. -Dave
Re: QMail DOS
We are in the midst of a security audit performed by Ernst Young. They are claiming something about a DOS situation. What I need to find out is whether there are any known DOS situations out there. If so what needs to be done to take care of the problem. ThanksAndy Just use tcpserver or xinetd! CYA, Michael..
Re: qlogtools compile - error
On Sat, Jan 20, 2001 at 12:15:57PM +0100, Clemens Hermann wrote: sorry, I used the wrong make but now it does not work anyway: gmake: *** No rules to make target 'qlogselect', needed by 'all'. Stop. what is wrong? on my Debian it compiles perfect but not under FreeBSD Did you remove the "qlogselect" program while trying to build it? Please direct further messages on this topic to the bgware mailing list, as this is off-topic for this list. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: QMail DOS
"Andy Abshagen" [EMAIL PROTECTED] wrote: Yes. And no. I just read the preliminary report from them. The report actually states in it that it only affect qmail 1.02 and older. They dropped it on the report because they could not get our mail server to report a version number. Since we are running 1.03 they are removing the "problem" from the report. Regardless of what your auditors say, the fact that you're having and audit conducted--and running qmail--means that you're concerned about security. In that case, you should verify that you've configured qmail-smtpd to run with limited memory consumption. This is a real issue, and it wasn't resolved by 1.03. -Dave
502 unimplemented
Hi there We use qmail on one of our systems (How do I find out what version it is? Did not install it myself...). Sometimes, it throws back '502 unimplemented' errors with no apparent reason. I also tried to connect manually via telnet to port 25. Sometimes I can send a message without problems, and sometimes I get the 502 error, but not at the same point, i.e. arbitrarily after any of the helo, mail, rcpt or data commands. Any idea what this could be? Stef -- IT freelancer President SOS-ETH ETH Zurich [EMAIL PROTECTED]http://hoes.li
RE: mail loop problem
Thanks. I'll be damned if I didn't remove the sendmail RPM ... could have sworn I did that! Thanks again. Charlie -Original Message- From: Chris Johnson [mailto:[EMAIL PROTECTED]] Sent: Monday, January 22, 2001 6:46 AM To: Charles Boening Cc: '[EMAIL PROTECTED]' Subject: Re: mail loop problem On Mon, Jan 22, 2001 at 12:33:15AM -0800, Charles Boening wrote: I'm running qmail 1.03 on a RH 7 (kernel 2.2.17) system. This is an internal server providing DNS (internal and forwarding for external resolution), mail and web services. I'm running vpopmail 4.9.4. Everything seems to be working fine except sending from the mail server to an address hosted on the mail server (local mail). Incoming mail from the rest of the Internet seems to work, mail from other servers internally seems to work, again, just mail initiated locally is broken. I'm also hosting other domains on this same system and they are behaving similarly ... mail from outside works, mail initiated from the mail server doesn't. all the domains are listed in rcpthosts and virtual domains properly. Here's what I see in my bounced message (it gets bounced to root@localhost and placed in an mbox) - Transcript of session follows - 553 5.3.5 mail.jahl.com. config error: mail loops back to me (MX problem?) 554 5.3.5 [EMAIL PROTECTED] Local configuration error That's sendmail talking, not qmail. How are you injecting this mail? Is /usr/sbin/sendmail (or wherever sendmail is on your system) a symlink to /var/qmail/bin/sendmail? Chris
listening of defined IPs only
Hi. I'm running qmail with supervise, tcpserver, rblsmtpd etc. How can I make the POP/SMTP servers listen only on the IPs I want them to? Regards! J.M.Roth
Re: listening of defined IPs only
* Mailing List Address [EMAIL PROTECTED] [010122 17:58]: I'm running qmail with supervise, tcpserver, rblsmtpd etc. How can I make the POP/SMTP servers listen only on the IPs I want them to? man tcpserver? HINT: The zero in tcpserver's arguments means bind to all interfaces... -Johan -- Johan Almqvist http://www.almqvist.net/johan/qmail/ PGP signature
RFC822
Hello, i'm using qmail-1.03 and i have found a problem to read messages because second one looks like a body of the first one. I lokked to RFC 822 and qmail-inject man pages and the only information related with this situation is that UUCP with mbox format uses a from withou ":" like my header. I'm sending emails via telnet or with netscape and header is the same. Header looks like ok (only from without ":" was different from my old email server header). Is there some problem with my configuration or my client is the problem ? Thanks, Marcio This is my example : mail from:[EMAIL PROTECTED] 250 ok rcpt to:[EMAIL PROTECTED] 250 ok data 354 go ahead Subject: Test one teste one body . 250 ok 980183043 qp 18389 mail from:[EMAIL PROTECTED] 250 ok rcpt to:[EMAIL PROTECTED] 250 ok data 354 go ahead Subject: Test two test two body . Here is my Mailbox: # more /home/usuario/Maildir/new/Mailbox From [EMAIL PROTECTED] Mon Jan 22 17:04:03 2001 Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: (qmail 18398 invoked from network); 22 Jan 2001 17:04:02 - Return-Path: [EMAIL PROTECTED] Date: 22 Jan 2001 17:04:02 - Message-ID: [EMAIL PROTECTED] From: [EMAIL PROTECTED] Cc: recipient list not shown: ; Received: from localhost ([127.0.0.1]) (envelope-sender [EMAIL PROTECTED]) by localhost (qmail-ldap-1.03) with SMTP for [EMAIL PROTECTED]; 22 Jan 2001 17:03:51 - Subject: Test one teste one body From [EMAIL PROTECTED] Mon Jan 22 17:04:29 2001 Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: (qmail 18411 invoked from network); 22 Jan 2001 17:04:29 - Return-Path: [EMAIL PROTECTED] Date: 22 Jan 2001 17:04:29 - Message-ID: [EMAIL PROTECTED] From: [EMAIL PROTECTED] Cc: recipient list not shown: ; Received: from localhost ([127.0.0.1]) (envelope-sender [EMAIL PROTECTED]) by localhost (qmail-ldap-1.03) with SMTP for [EMAIL PROTECTED]; 22 Jan 2001 17:04:16 - Subject: Test two test two body
RE: RFC822
The mailbox file you attached seems to be OK to me. The 'from' line without the colon, but with the time and date and preceded by an empty line is used as a separator between emails in a mailbox file. OTOH, it is very unusual to store email in mailbox format inside Maildir/new. Care to post your startup script here? T. -Original Message- From: Marcio Sa [mailto:[EMAIL PROTECTED]] Sent: 22 January 2001 16:53 To: [EMAIL PROTECTED] Subject: RFC822 Hello, i'm using qmail-1.03 and i have found a problem to read messages because second one looks like a body of the first one. I lokked to RFC 822 and qmail-inject man pages and the only information related with this situation is that UUCP with mbox format uses a from withou ":" like my header. I'm sending emails via telnet or with netscape and header is the same. Header looks like ok (only from without ":" was different from my old email server header). Is there some problem with my configuration or my client is the problem ? Thanks, Marcio This is my example : mail from:[EMAIL PROTECTED] 250 ok rcpt to:[EMAIL PROTECTED] 250 ok data 354 go ahead Subject: Test one teste one body . 250 ok 980183043 qp 18389 mail from:[EMAIL PROTECTED] 250 ok rcpt to:[EMAIL PROTECTED] 250 ok data 354 go ahead Subject: Test two test two body . Here is my Mailbox: # more /home/usuario/Maildir/new/Mailbox From [EMAIL PROTECTED] Mon Jan 22 17:04:03 2001 Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: (qmail 18398 invoked from network); 22 Jan 2001 17:04:02 - Return-Path: [EMAIL PROTECTED] Date: 22 Jan 2001 17:04:02 - Message-ID: [EMAIL PROTECTED] From: [EMAIL PROTECTED] Cc: recipient list not shown: ; Received: from localhost ([127.0.0.1]) (envelope-sender [EMAIL PROTECTED]) by localhost (qmail-ldap-1.03) with SMTP for [EMAIL PROTECTED]; 22 Jan 2001 17:03:51 - Subject: Test one teste one body From [EMAIL PROTECTED] Mon Jan 22 17:04:29 2001 Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: (qmail 18411 invoked from network); 22 Jan 2001 17:04:29 - Return-Path: [EMAIL PROTECTED] Date: 22 Jan 2001 17:04:29 - Message-ID: [EMAIL PROTECTED] From: [EMAIL PROTECTED] Cc: recipient list not shown: ; Received: from localhost ([127.0.0.1]) (envelope-sender [EMAIL PROTECTED]) by localhost (qmail-ldap-1.03) with SMTP for [EMAIL PROTECTED]; 22 Jan 2001 17:04:16 - Subject: Test two test two body
Re: listening of defined IPs only
Sorry, should've looked more carefully g thanks anyway Johan Almqvist writes: * Mailing List Address [EMAIL PROTECTED] [010122 17:58]: I'm running qmail with supervise, tcpserver, rblsmtpd etc. How can I make the POP/SMTP servers listen only on the IPs I want them to? man tcpserver? HINT: The zero in tcpserver's arguments means bind to all interfaces... -Johan -- Johan Almqvist http://www.almqvist.net/johan/qmail/
Re: RFC822
Timo Geusch wrote: The mailbox file you attached seems to be OK to me. The 'from' line without the colon, but with the time and date and preceded by an empty line is used as a separator between emails in a mailbox file. OTOH, it is very unusual to store email in mailbox format inside Maildir/new. Care to post your startup script here? Hello, Thanks for you response. yes, this is my script: #!/bin/sh # Using splogger to send the log through syslog. # Using qmail-local to deliver messages to ~/Mailbox by default. exec env - DENYMAIL=DNSCHECK DEBUGLEVEL=16 PATH="/var/qmail/bin:$PATH" \ qmail-start ./Maildir/new/Mailbox splogger qmail Marcio Sa T. -Original Message- From: Marcio Sa [mailto:[EMAIL PROTECTED]] Sent: 22 January 2001 16:53 To: [EMAIL PROTECTED] Subject: RFC822 Hello, i'm using qmail-1.03 and i have found a problem to read messages because second one looks like a body of the first one. I lokked to RFC 822 and qmail-inject man pages and the only information related with this situation is that UUCP with mbox format uses a from withou ":" like my header. I'm sending emails via telnet or with netscape and header is the same. Header looks like ok (only from without ":" was different from my old email server header). Is there some problem with my configuration or my client is the problem ? Thanks, Marcio This is my example : mail from:[EMAIL PROTECTED] 250 ok rcpt to:[EMAIL PROTECTED] 250 ok data 354 go ahead Subject: Test one teste one body . 250 ok 980183043 qp 18389 mail from:[EMAIL PROTECTED] 250 ok rcpt to:[EMAIL PROTECTED] 250 ok data 354 go ahead Subject: Test two test two body . Here is my Mailbox: # more /home/usuario/Maildir/new/Mailbox From [EMAIL PROTECTED] Mon Jan 22 17:04:03 2001 Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: (qmail 18398 invoked from network); 22 Jan 2001 17:04:02 - Return-Path: [EMAIL PROTECTED] Date: 22 Jan 2001 17:04:02 - Message-ID: [EMAIL PROTECTED] From: [EMAIL PROTECTED] Cc: recipient list not shown: ; Received: from localhost ([127.0.0.1]) (envelope-sender [EMAIL PROTECTED]) by localhost (qmail-ldap-1.03) with SMTP for [EMAIL PROTECTED]; 22 Jan 2001 17:03:51 - Subject: Test one teste one body From [EMAIL PROTECTED] Mon Jan 22 17:04:29 2001 Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: (qmail 18411 invoked from network); 22 Jan 2001 17:04:29 - Return-Path: [EMAIL PROTECTED] Date: 22 Jan 2001 17:04:29 - Message-ID: [EMAIL PROTECTED] From: [EMAIL PROTECTED] Cc: recipient list not shown: ; Received: from localhost ([127.0.0.1]) (envelope-sender [EMAIL PROTECTED]) by localhost (qmail-ldap-1.03) with SMTP for [EMAIL PROTECTED]; 22 Jan 2001 17:04:16 - Subject: Test two test two body
RE: RFC822
Mario, as I pointed out the delivery into a Mailbox file inside a Maildir is a bit suspicious. How are you trying to access the email? Maybe this would shed some light on your problem. To be honest, I don't think it has anything to do with RFC compliance; my money is on a config problem. Regards, Timo -Original Message- From: Marcio Sa [mailto:[EMAIL PROTECTED]] Sent: 22 January 2001 17:10 To: Timo Geusch Cc: [EMAIL PROTECTED] Subject: Re: RFC822 Timo Geusch wrote: The mailbox file you attached seems to be OK to me. The 'from' line without the colon, but with the time and date and preceded by an empty line is used as a separator between emails in a mailbox file. OTOH, it is very unusual to store email in mailbox format inside Maildir/new. Care to post your startup script here? Hello, Thanks for you response. yes, this is my script: #!/bin/sh # Using splogger to send the log through syslog. # Using qmail-local to deliver messages to ~/Mailbox by default. exec env - DENYMAIL=DNSCHECK DEBUGLEVEL=16 PATH="/var/qmail/bin:$PATH" \ qmail-start ./Maildir/new/Mailbox splogger qmail Marcio Sa T. -Original Message- From: Marcio Sa [mailto:[EMAIL PROTECTED]] Sent: 22 January 2001 16:53 To: [EMAIL PROTECTED] Subject: RFC822 Hello, i'm using qmail-1.03 and i have found a problem to read messages because second one looks like a body of the first one. I lokked to RFC 822 and qmail-inject man pages and the only information related with this situation is that UUCP with mbox format uses a from withou ":" like my header. I'm sending emails via telnet or with netscape and header is the same. Header looks like ok (only from without ":" was different from my old email server header). Is there some problem with my configuration or my client is the problem ? Thanks, Marcio This is my example : mail from:[EMAIL PROTECTED] 250 ok rcpt to:[EMAIL PROTECTED] 250 ok data 354 go ahead Subject: Test one teste one body . 250 ok 980183043 qp 18389 mail from:[EMAIL PROTECTED] 250 ok rcpt to:[EMAIL PROTECTED] 250 ok data 354 go ahead Subject: Test two test two body . Here is my Mailbox: # more /home/usuario/Maildir/new/Mailbox From [EMAIL PROTECTED] Mon Jan 22 17:04:03 2001 Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: (qmail 18398 invoked from network); 22 Jan 2001 17:04:02 - Return-Path: [EMAIL PROTECTED] Date: 22 Jan 2001 17:04:02 - Message-ID: [EMAIL PROTECTED] From: [EMAIL PROTECTED] Cc: recipient list not shown: ; Received: from localhost ([127.0.0.1]) (envelope-sender [EMAIL PROTECTED]) by localhost (qmail-ldap-1.03) with SMTP for [EMAIL PROTECTED]; 22 Jan 2001 17:03:51 - Subject: Test one teste one body From [EMAIL PROTECTED] Mon Jan 22 17:04:29 2001 Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: (qmail 18411 invoked from network); 22 Jan 2001 17:04:29 - Return-Path: [EMAIL PROTECTED] Date: 22 Jan 2001 17:04:29 - Message-ID: [EMAIL PROTECTED] From: [EMAIL PROTECTED] Cc: recipient list not shown: ; Received: from localhost ([127.0.0.1]) (envelope-sender [EMAIL PROTECTED]) by localhost (qmail-ldap-1.03) with SMTP for [EMAIL PROTECTED]; 22 Jan 2001 17:04:16 - Subject: Test two test two body
slow connection init
I am running a Red Hat v6.2 (w/ patches) server on a AMD Athlon 800MHz with 256M RAM -- and have been fairly pleased with its performance. The problem is I want to migrate my existing RH 6.2 qmail mail server (a slower Pentium II). The problem is, when first started the server flys (very fast). After aprox one day, any connection into this server (sshd, telnet , pop, smtp, etc) takes a while to initiate. Sometimes more than 60 seconds -- which of course times out most POP connections. Once connected, everything seems to act normal (connections initiated quickly). I have looked into the logs and looked at netsat -pa to get some insight into this slowdown, but have not had very good luck. I know this is probably not directly related to qmail, but I am a little woried about the svscan process and how quickly it can wake up a process. P.S I can see the correct processes running when I get in this process initiation hang so I don't think they've died. Could it be some reverse name resolution problem? HELP!?!?!?! -- Steve Woolley [EMAIL PROTECTED]
Re: RFC822
On Mon, Jan 22, 2001 at 02:52:15PM -0200, Marcio Sa wrote: Hello, i'm using qmail-1.03 and i have found a problem to read messages because second one looks like a body of the first one. I lokked to RFC 822 and qmail-inject man pages and the only information related with this situation is that UUCP with mbox format uses a from withou ":" like my header. [...] Here is my Mailbox: # more /home/usuario/Maildir/new/Mailbox From [EMAIL PROTECTED] Mon Jan 22 17:04:03 2001 Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: (qmail 18398 invoked from network); 22 Jan 2001 17:04:02 - Return-Path: [EMAIL PROTECTED] Date: 22 Jan 2001 17:04:02 - Message-ID: [EMAIL PROTECTED] From: [EMAIL PROTECTED] Cc: recipient list not shown: ; Received: from localhost ([127.0.0.1]) (envelope-sender [EMAIL PROTECTED]) by localhost (qmail-ldap-1.03) with SMTP for [EMAIL PROTECTED]; 22 Jan 2001 17:03:51 - Subject: Test one teste one body From [EMAIL PROTECTED] Mon Jan 22 17:04:29 2001 Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: (qmail 18411 invoked from network); 22 Jan 2001 17:04:29 - Return-Path: [EMAIL PROTECTED] Date: 22 Jan 2001 17:04:29 - Message-ID: [EMAIL PROTECTED] From: [EMAIL PROTECTED] Cc: recipient list not shown: ; Received: from localhost ([127.0.0.1]) (envelope-sender [EMAIL PROTECTED]) by localhost (qmail-ldap-1.03) with SMTP for [EMAIL PROTECTED]; 22 Jan 2001 17:04:16 - Subject: Test two test two body All that's kosher, the message separator in mbox files is a line beginning with "From ".
Re: RFC822
Timo Geusch wrote: Mario, as I pointed out the delivery into a Mailbox file inside a Maildir is a bit suspicious. How are you trying to access the email? Hi Timo, i'm trying with netscape pop3 client or netscape imap client. Then , i saw only one message. I'm using qmail-ldap patch to authenticate and create local Mailbox instantly too. Maybe this would shed some light on your problem. To be honest, I don't think it has anything to do with RFC compliance; my money is on a config problem. Ok, i'll try some changes. But header message is a qmail-inject problem isn't it ? I have looked to it and i didn't find any kind of configuration. I can change a start script but the procedure to generate a header is the same , isn't it ? Thanks, Marcio Regards, Timo -Original Message- From: Marcio Sa [mailto:[EMAIL PROTECTED]] Sent: 22 January 2001 17:10 To: Timo Geusch Cc: [EMAIL PROTECTED] Subject: Re: RFC822 Timo Geusch wrote: The mailbox file you attached seems to be OK to me. The 'from' line without the colon, but with the time and date and preceded by an empty line is used as a separator between emails in a mailbox file. OTOH, it is very unusual to store email in mailbox format inside Maildir/new. Care to post your startup script here? Hello, Thanks for you response. yes, this is my script: #!/bin/sh # Using splogger to send the log through syslog. # Using qmail-local to deliver messages to ~/Mailbox by default. exec env - DENYMAIL=DNSCHECK DEBUGLEVEL=16 PATH="/var/qmail/bin:$PATH" \ qmail-start ./Maildir/new/Mailbox splogger qmail Marcio Sa T. -Original Message- From: Marcio Sa [mailto:[EMAIL PROTECTED]] Sent: 22 January 2001 16:53 To: [EMAIL PROTECTED] Subject: RFC822 Hello, i'm using qmail-1.03 and i have found a problem to read messages because second one looks like a body of the first one. I lokked to RFC 822 and qmail-inject man pages and the only information related with this situation is that UUCP with mbox format uses a from withou ":" like my header. I'm sending emails via telnet or with netscape and header is the same. Header looks like ok (only from without ":" was different from my old email server header). Is there some problem with my configuration or my client is the problem ? Thanks, Marcio This is my example : mail from:[EMAIL PROTECTED] 250 ok rcpt to:[EMAIL PROTECTED] 250 ok data 354 go ahead Subject: Test one teste one body . 250 ok 980183043 qp 18389 mail from:[EMAIL PROTECTED] 250 ok rcpt to:[EMAIL PROTECTED] 250 ok data 354 go ahead Subject: Test two test two body . Here is my Mailbox: # more /home/usuario/Maildir/new/Mailbox From [EMAIL PROTECTED] Mon Jan 22 17:04:03 2001 Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: (qmail 18398 invoked from network); 22 Jan 2001 17:04:02 - Return-Path: [EMAIL PROTECTED] Date: 22 Jan 2001 17:04:02 - Message-ID: [EMAIL PROTECTED] From: [EMAIL PROTECTED] Cc: recipient list not shown: ; Received: from localhost ([127.0.0.1]) (envelope-sender [EMAIL PROTECTED]) by localhost (qmail-ldap-1.03) with SMTP for [EMAIL PROTECTED]; 22 Jan 2001 17:03:51 - Subject: Test one teste one body From [EMAIL PROTECTED] Mon Jan 22 17:04:29 2001 Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: (qmail 18411 invoked from network); 22 Jan 2001 17:04:29 - Return-Path: [EMAIL PROTECTED] Date: 22 Jan 2001 17:04:29 - Message-ID: [EMAIL PROTECTED] From: [EMAIL PROTECTED] Cc: recipient list not shown: ; Received: from localhost ([127.0.0.1]) (envelope-sender [EMAIL PROTECTED]) by localhost (qmail-ldap-1.03) with SMTP for [EMAIL PROTECTED]; 22 Jan 2001 17:04:16 - Subject: Test two test two body
tcp.smtp
I am having trouble sending mail from an application running on the same server as the mail server. If the domain/IP of the RECIPIENT is not in the tcp.smtp list, I get the "553 sorry, that domain isn't in my list of allowed rcpthosts" error. I've read the section on relaying in "Life with Qmail" and from what I read, the tcp.smtp file should allow the connecting host (listed with :allow,RELAYCLIENT="") to SEND a message. Am I missing something? Thanks, Joanne __ Do You Yahoo!? Yahoo! Auctions - Buy the things you want at great prices. http://auctions.yahoo.com/
Load Balancing
Actually, I have a server called MLM and 4 servers called MLM1,2,3,4 .. MLM is a central server with Qmail and EZMLM, and the other servers are the RELAY with qmail. MLM - (smtproutes) - MLMRELAY (dns roundrobin ) - MLM1 - MLM2 - MLM3 - MLM4 Can I change the ROUNDROBIN DNS for a Load Balancing system? Exist any software for this implementation? Thanks
Re: tcp.smtp
On Mon, Jan 22, 2001 at 10:05:13AM -0800, Joanne Pons wrote: I am having trouble sending mail from an application running on the same server as the mail server. If the domain/IP of the RECIPIENT is not in the tcp.smtp list, I get the "553 sorry, that domain isn't in my list of allowed rcpthosts" error. I've read the section on relaying in "Life with Qmail" and from what I read, the tcp.smtp file should allow the connecting host (listed with :allow,RELAYCLIENT="") to SEND a message. Don't do that! That'll make your server an open relay. What you probably want is: 127.0.0.1:allow,RELAYCLIENT="" This assumes that your application delivers mail by making an SMTP connection to localhost. If it connects to your public interface instead, then make sure that IP is allowed to relay. Chris
Re: RFC822
* Marcio Sa [EMAIL PROTECTED] [010122 18:09]: Timo Geusch wrote: The mailbox file you attached seems to be OK to me. The 'from' line without the colon, but with the time and date and preceded by an empty line is used as a separator between emails in a mailbox file. OTOH, it is very unusual to store email in mailbox format inside Maildir/new. Care to post your startup script here? Hello, Thanks for you response. yes, this is my script: #!/bin/sh # Using splogger to send the log through syslog. # Using qmail-local to deliver messages to ~/Mailbox by default. exec env - DENYMAIL=DNSCHECK DEBUGLEVEL=16 PATH="/var/qmail/bin:$PATH" \ qmail-start ./Maildir/new/Mailbox splogger qmail ^^^ what is this? Why did you put this here? -Johan -- Johan Almqvist http://www.almqvist.net/johan/qmail/ PGP signature
Re: RFC822
On Mon, Jan 22, 2001 at 03:34:56PM -0200, Marcio Sa wrote: i'm trying with netscape pop3 client or netscape imap client. Then , i saw only one message. I'm using qmail-ldap patch to authenticate and create local Mailbox instantly too. qmail-start ./Maildir/new/Mailbox splogger qmail I see your problem, its relatively easy. It has nothing to do with RFCs. You told qmail to place new Mails in an mbox ~/Maildir/new/Mailbox, and you are using qpop3d. qpop3d supports only Maildirs, no mboxes, and therfore treats your Mailbox-file as a single Mail. There is no way I'm aware of to use qmail-ldap with Maildirs, unless you find another pop3-daemon which can use the ldap directory to authentificate the users. In any way I'd _really_ recommend using Maildirs instead of Mailboxes, there is lots of other stuff in qmail-ldap only working with Maildirs (quotas for example). It was written with Maildirs in mind, not Mailboxes. To use Maildirs, just change you /var/qmail/rc: qmail-start ./Maildir/ Every new mail will then be a file in Maildir/new with a timestamp as name. You should also retire from splogger and user multilog, but thats another story. I'd recommend reading http://www.lifewithqmail.org/ldap/. -- Henning Brauer | BS Web Services Hostmaster BSWS| Roedingsmarkt 14 [EMAIL PROTECTED] | 20459 Hamburg http://www.bsws.de | Germany
Re: listening of defined IPs only
On Mon, Jan 22, 2001 at 04:58:56PM +, Mailing List Address wrote: Hi. I'm running qmail with supervise, tcpserver, rblsmtpd etc. How can I make the POP/SMTP servers listen only on the IPs I want them to? man tcpserver Regards! J.M.Roth -- Henning Brauer | BS Web Services Hostmaster BSWS| Roedingsmarkt 14 [EMAIL PROTECTED] | 20459 Hamburg http://www.bsws.de | Germany
Re: tcp.smtp
Joanne Pons wrote: I am having trouble sending mail from an application running on the same server as the mail server. If the domain/IP of the RECIPIENT is not in the tcp.smtp list, I get the "553 sorry, that domain isn't in my list of allowed rcpthosts" error. I've read thetcprules section on relaying in "Life with Qmail" and from what I read, the tcp.smtp file should allow the connecting host (listed with :allow,RELAYCLIENT="") to SEND a message. Am I missing something? you need a line like: 127.:allow,RELAYCLIENT="" In your tcp.smtpd file (which you then build into your tcp.smtpd.cdb) I've put these files in /etc so to rebuild on my box requires: /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp /etc/tcp.smtp Which means that tcpserver will set the RELAYCLIENT ENV variable - this is then allows qmail to relay the mail. Does this help ? Greg Thanks, Joanne __ Do You Yahoo!? Yahoo! Auctions - Buy the things you want at great prices. http://auctions.yahoo.com/
Re: tcp.smtp
On Mon, Jan 22, 2001 at 10:05:13AM -0800, Joanne Pons wrote: I am having trouble sending mail from an application running on the same server as the mail server. If the domain/IP of the RECIPIENT is not in the tcp.smtp list, I get the "553 sorry, that domain isn't in my list of allowed rcpthosts" error. I've read the section on relaying in "Life with Qmail" and from what I read, the tcp.smtp file should allow the connecting host (listed with :allow,RELAYCLIENT="") to SEND a message. Am I missing something? yes, 127.0.0.1:allow,RELAYCLIENT="" ;-)) -- Henning Brauer | BS Web Services Hostmaster BSWS| Roedingsmarkt 14 [EMAIL PROTECTED] | 20459 Hamburg http://www.bsws.de | Germany
Re: Load Balancing
On Mon, Jan 22, 2001 at 03:07:27PM -0300, Federico Edelman Anaya wrote: Can I change the ROUNDROBIN DNS for a Load Balancing system? Round Robin is Round Robin, no load balancing possible. Exist any software for this implementation? halinux.org (or was it linuxha.org?) comes to my mind, . Unfortunately I havent found anything running on *BSD yet - if anybody knows something... -- Henning Brauer | BS Web Services Hostmaster BSWS| Roedingsmarkt 14 [EMAIL PROTECTED] | 20459 Hamburg http://www.bsws.de | Germany
RE: slow connection init
My experienced guess would this would be DNS related, perhaps you should look into running djbdns locally or close to the Mail server. -Original Message- From: Steve Woolley [mailto:[EMAIL PROTECTED]] Sent: Monday, January 22, 2001 12:38 PM To: [EMAIL PROTECTED] Subject: slow connection init I am running a Red Hat v6.2 (w/ patches) server on a AMD Athlon 800MHz with 256M RAM -- and have been fairly pleased with its performance. The problem is I want to migrate my existing RH 6.2 qmail mail server (a slower Pentium II). The problem is, when first started the server flys (very fast). After aprox one day, any connection into this server (sshd, telnet , pop, smtp, etc) takes a while to initiate. Sometimes more than 60 seconds -- which of course times out most POP connections. Once connected, everything seems to act normal (connections initiated quickly). I have looked into the logs and looked at netsat -pa to get some insight into this slowdown, but have not had very good luck. I know this is probably not directly related to qmail, but I am a little woried about the svscan process and how quickly it can wake up a process. P.S I can see the correct processes running when I get in this process initiation hang so I don't think they've died. Could it be some reverse name resolution problem? HELP!?!?!?! -- Steve Woolley [EMAIL PROTECTED]
Re: slow connection init
I had this problem with my mail server as well... qmail logs extensively, and if you have it using the generic logging stuffs, the files get HUGE and the entire system drags like a dog. Thanks for the input Teep. Since this is a new box (and I also verified) the size of the log files are (so far) very small. Thx
RE: QMail DOS
We are in the midst of a security audit performed by Ernst Young. They are claiming something about a DOS situation. What I need to find out is whether there are any known DOS situations out there. If so what needs to be done to take care of the problem. Andy, The standard DoS is to open lots of SMTP connections to an SMTP server, which could be qmail, or any other MTA - and leave them open. Since [vanilla] SMTP is not authenticated, this attack could be initiated from anywhere. It's unlikely that you'd be able to knock out a whole machine like this (tcpserver gives the -c option to limit the no. of connections, and even inetd has a crappy way of limiting connections), but you would be able to DoS SMTP on a machine (the attacker continues to setup lots of SMTP connections to force the MTA to its SMTP connection limit, so that anyone else trying to establish an SMTP connection is likely to fail). The normal way to reduce the effect of this potential attack is to think carefully about your setup - maybe you can separate SMTP into "Ingoing" and "Outgoing" - the latter for, say, the office network only. Then setup separate tcpserver processes (different IPs) for both, filtered accordingly. Additionally, you can use other tools like POP3-before-SMTP. cheers, Andrew.
RE: slow connection init
flys (very fast). After aprox one day, any connection into this server (sshd, telnet , pop, smtp, etc) takes a while to initiate. Sometimes more than 60 seconds -- which of course times out most POP connections. Once connected, everything seems to act normal (connections initiated quickly). Steve, Also take a look at the -R, -H and -l options to tcpserver - these relate to DNS and identd lookups - try using all three (see the man page) and see if the behaviour of the box changes. If so, investigate why - then either leave these options in, or address the issues these options work around. cheers, Andrew.
Re: POP Toaster
On Mon, Jan 22, 2001 at 10:00:02AM -0500, Dave Sill wrote: So, you're forwarding mail for "[EMAIL PROTECTED]" to "webscripting-net-user" *AT WHAT DOMAIN*? virtualdomains entries can't redirect to remote domains. Hmm, seems that envnoathost isn't used for delivery of virtual domains. While that's probably what you want, it's not what I expect. Not after being biten by msglog trying to be delivered to msglog@envnoathost Sean -- Jackie Trehorn treats objects like women, man... -- _The_Big_Lebowski_ Sean Reifschneider, Inimitably Superfluous [EMAIL PROTECTED] tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: RFC822
Henning Brauer wrote: On Mon, Jan 22, 2001 at 03:34:56PM -0200, Marcio Sa wrote: i'm trying with netscape pop3 client or netscape imap client. Then , i saw only one message. I'm using qmail-ldap patch to authenticate and create local Mailbox instantly too. qmail-start ./Maildir/new/Mailbox splogger qmail I see your problem, its relatively easy. It has nothing to do with RFCs. You told qmail to place new Mails in an mbox ~/Maildir/new/Mailbox, and you are using qpop3d. qpop3d supports only Maildirs, no mboxes, and therfore treats your Mailbox-file as a single Mail. There is no way I'm aware of to use qmail-ldap with Maildirs, unless you find another pop3-daemon which can use the ldap directory to authentificate the users. In any way I'd _really_ recommend using Maildirs instead of Mailboxes, there is lots of other stuff in qmail-ldap only working with Maildirs (quotas for example). It was written with Maildirs in mind, not Mailboxes. To use Maildirs, just change you /var/qmail/rc: qmail-start ./Maildir/ Hi Henning, thank you. I didnt put a slash after Maildir and in my wrong solution, i think that .../new/Mailbox work. Ok, now is working, thank you Marcio Every new mail will then be a file in Maildir/new with a timestamp as name. You should also retire from splogger and user multilog, but thats another story. I'd recommend reading http://www.lifewithqmail.org/ldap/. -- Henning Brauer | BS Web Services Hostmaster BSWS| Roedingsmarkt 14 [EMAIL PROTECTED] | 20459 Hamburg http://www.bsws.de | Germany
Rewriting Headers
How qmail can rewrite _any_ header of outgoing mail? Is there some rules system to do this? thanks David Gmez "The question of whether computers can think is just like the question of whether submarines can swim." -- Edsger W. Dijkstra
Re: QMail DOS
On Mon, Jan 22, 2001 at 09:40:13AM -0500, Andy Abshagen wrote: We are in the midst of a security audit performed by Ernst Young. They are claiming something about a DOS situation. What I need to find out is whether there are any known DOS situations out there. If so what needs to be done to take care of the problem. There are two "problems" with a vanilla qmail installation I can think of: 1) if an agressor sends zillions of emails to a non-existing local address qmail-smtpd will - unlike a lot of other smtpds - accept the messages, pass it through it's delivery mechanism and bounce them back creating bounce messages itself. qmail-smtpd cannot decide at SMTP level wether a user exists or not. It is IMHO a question of definition whether you will call this a DoS vulnerability. 2) is only applicable if the qmail server is acting as a relay to the final MTA. If again an agressor sends zillions of emails to (non-existing) local addresses (even with multiple RCPT TO commands in one SMTP session) qmail-remote will send one mail per recipient to the final MTA. If this final MTA is also qmail you again have situation 1) and if the user does not exist, qmail will return a bounce message for each message received, regardless what type of SMTP receiver the final MTA is. This could cause the receiver of the bounces problems and some ppl claimed that - because of that - qmail could be used to DoS other systems (e.g. by faking the sender address). I'd personally not call any of the two situations DoS vulnerabilities, other might want to. Your mileage may vary. \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
Re: Pine/qmail/sqwebmail
* mrorange [EMAIL PROTECTED] writes: Can I use Pine with qmail/sqwebmail? Yes/no. Apparently sqwebmail is dependent upon a maildir directory format and when I run Pine it sets up a regular mail directory (/var/mail/spool?)... Do you have the slightest clue what you're talking about? Is there a config I'm missing somewhere? Somewhere between your ears, yes. Read before you write. -- Robin S. Socha http://socha.net/
Re: 502 unimplemented
On Mon, Jan 22, 2001 at 05:20:56PM +0100, Stef Hoesli Wiederwald wrote: manually via telnet to port 25. Sometimes I can send a message without problems, and sometimes I get the 502 error, but not at the same point, i.e. arbitrarily after any of the helo, mail, rcpt or data commands. How about you show examples of the situation where the 502 is returned. \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
RE: QMail DOS
Tap, tap, tap. Hello? Is thing on? Andrew Richards [EMAIL PROTECTED] wrote: The standard DoS is to open lots of SMTP connections to an SMTP server, which could be qmail, or any other MTA - and leave them open. No, the "standard" qmail DOS is to make a single connection to qmail-smtpd and send it either lots of RCPT's or a single unlimited-length command. Eventually, the qmail-smtpd process will consume all available memory, preventing other processes from getting the memory they need. See: http://www.ornl.gov/its/archives/mailing-lists/qmail/1997/06/msg00317.html http://www.ornl.gov/its/archives/mailing-lists/qmail/1997/06/msg00322.html Since [vanilla] SMTP is not authenticated, this attack could be initiated from anywhere. Authentication won't help. Since SMTP is (usually) a public service, it needs to be open to everyone. It's unlikely that you'd be able to knock out a whole machine like this (tcpserver gives the -c option to limit the no. of connections, and even inetd has a crappy way of limiting connections), but you would be able to DoS SMTP on a machine (the attacker continues to setup lots of SMTP connections to force the MTA to its SMTP connection limit, so that anyone else trying to establish an SMTP connection is likely to fail). That's a different and less severe problem that is shared by any public network service. -Dave
Re: QMail DOS
You should take a look at the following thread: http://www.ornl.gov/its/archives/mailing-lists/qmail/2001/01/msg00832.html Regards. On Mon, Jan 22, 2001 at 09:40:13AM -0500, Andy Abshagen wrote: We are in the midst of a security audit performed by Ernst Young. They are claiming something about a DOS situation. What I need to find out is whether there are any known DOS situations out there. If so what needs to be done to take care of the problem. Thanks Andy -- Jose AP Celestino [EMAIL PROTECTED] || SAPO / PTM.COM Administrao de Sistemas / Operaes || http://www.sapo.pt --- Knowledge is power -- knowledge shared is power lost. -- Aleister Crowley
Re: QMail DOS
On Mon, Jan 22, 2001 at 08:32:58PM +, Jose AP Celestino wrote: You should take a look at the following thread: http://www.ornl.gov/its/archives/mailing-lists/qmail/2001/01/msg00832.html Regards. On Mon, Jan 22, 2001 at 09:40:13AM -0500, Andy Abshagen wrote: We are in the midst of a security audit performed by Ernst Young. They are claiming something about a DOS situation. What I need to find out is whether there are any known DOS situations out there. If so what needs to be done to take care of the problem. Of course let us not forget that it is impossible to stop DOS attacks on publicly connected servers. I hope your consultant are telling you that all systems connected to the Internet are vulnerable to some form of DOS? You can mitigate against the obvious attacks, but that's about it. Even big players with lots of resources, such as Yahoo and Ebay cannot stop a determined DDOS. Regards.
Re: QMail DOS
On Mon, Jan 22, 2001 at 07:25:20PM -, Andrew Richards wrote: The standard DoS is to open lots of SMTP connections to an SMTP server, which could be qmail, or any other MTA - and leave them open. Which can easily be dealt with by setting Q/control/timeoutsmtpd to a lower value (default is 1200 seconds). \Maex
Subtle qmail bug? (was Re: Handling an MX record of 0.0.0.0 or 127.0.0.1)
Scott Gifford [EMAIL PROTECTED] writes: We received an influx of mail today addressed to (probably bogus) users at the domain 'groupprojects.net'. This domain has the following MX record: groupprojects.net preference = 0, mail exchanger = 0.0.0.0 When we received the message, qmail connected to 0.0.0.0 to deliver the mail. 0.0.0.0 connects to 127.0.0.1, so qmail ended up connected to itself. It continued to deliver the message to itself, and because 127. is allowed to relay on my system, the message was accepted. Then qmail would immediately begin delivering the message to itself again. Wash, rinse, repeat. [ ... ] Further investigation of this problem has led me to what seems to be a subtle bug in qmail. in ipme.c, qmail tries to decide what IP addresses will connect back to itself. It does this by finding the IP addresses of all network interfaces on the system, and putting them into an ipalloc structure called ipme. Then, in qmail-remote.c, it deals with the situation where the best-preference MX for a domain is itself, but this domain doesn't appear in control/locals, by issuing a permanent failure for the message, via perm_ambigmx(), which displays the familiar error message: Sorry. Although I'm listed as a best-preference MX or A for that host, it isn't in my control/locals file, so I don't treat it as local. (#5.4.6) This is necessary to prevent a tight internal mail loop, like the one I encountered below. Otherwise, qmail will see that the message isn't local, qmail-remote will connect to its own IP address, and the message will be re-injected. The problem is that 0.0.0.0 is a special IP address which refers to "This host on this network" (RFC 1122, 3.2.1.3a), although it isn't the address of any of the interfaces on a host. According to Paul Vixie in the comp.protocols.tcp-ip.domains FAQ (Q5.15): 0.0.0.0 is just an alias for the first interface address assigned after a system boot [ ... ] The IP stacks I've checked (Solaris and Linux) behave consistently with this. Because qmail doesn't recognize 0.0.0.0 as an IP address which refers to the local host, when it sees an MX record with that address, it doesn't recognize it as being an address that will connect back to itself. This causes the looping scenario that ipme is designed to prevent. The simple solution to this problem is to add 0.0.0.0 to ipme, by adding something like: ip_scan("0.0.0.0",ix.ip); if (!ipalloc_append(ipme,ix)) { close(moreipme_fd); return 0; } into ipme.c, around line 96. The solution we actually used took advantage of an internal patch which allows us to list additional addresses to be added to ipme in "control/moreipme", which works around some other problems qmail has when addresses that refer to it go through any kind of address translation or proxying, and it can't recognize them as local. We just added 0.0.0.0 to the beginning of this file, and all was well. I'd be happy to hear any comments on this problem. -ScottG.
Re: Subtle qmail bug? (was Re: Handling an MX record of 0.0.0.0or 127.0.0.1)
This would definitely be a bug of concern--even sendmail (yoiks!) knows how to handle 0.0.0.0. But shouldn't qmail bounce the message as a possible MX loop? -K "Do not meddle in the affairs of dragons, because you are crunchy and taste good with ketchup." From: Scott Gifford [EMAIL PROTECTED] Date: 22 Jan 2001 17:20:49 -0500 To: [EMAIL PROTECTED] Subject: Subtle qmail bug? (was Re: Handling an MX record of 0.0.0.0 or 127.0.0.1) Scott Gifford [EMAIL PROTECTED] writes: We received an influx of mail today addressed to (probably bogus) users at the domain 'groupprojects.net'. This domain has the following MX record: groupprojects.net preference = 0, mail exchanger = 0.0.0.0 When we received the message, qmail connected to 0.0.0.0 to deliver the mail. 0.0.0.0 connects to 127.0.0.1, so qmail ended up connected to itself. It continued to deliver the message to itself, and because 127. is allowed to relay on my system, the message was accepted. Then qmail would immediately begin delivering the message to itself again. Wash, rinse, repeat. [ ... ] Further investigation of this problem has led me to what seems to be a subtle bug in qmail. in ipme.c, qmail tries to decide what IP addresses will connect back to itself. It does this by finding the IP addresses of all network interfaces on the system, and putting them into an ipalloc structure called ipme. Then, in qmail-remote.c, it deals with the situation where the best-preference MX for a domain is itself, but this domain doesn't appear in control/locals, by issuing a permanent failure for the message, via perm_ambigmx(), which displays the familiar error message: Sorry. Although I'm listed as a best-preference MX or A for that host, it isn't in my control/locals file, so I don't treat it as local. (#5.4.6) This is necessary to prevent a tight internal mail loop, like the one I encountered below. Otherwise, qmail will see that the message isn't local, qmail-remote will connect to its own IP address, and the message will be re-injected. The problem is that 0.0.0.0 is a special IP address which refers to "This host on this network" (RFC 1122, 3.2.1.3a), although it isn't the address of any of the interfaces on a host. According to Paul Vixie in the comp.protocols.tcp-ip.domains FAQ (Q5.15): 0.0.0.0 is just an alias for the first interface address assigned after a system boot [ ... ] The IP stacks I've checked (Solaris and Linux) behave consistently with this. Because qmail doesn't recognize 0.0.0.0 as an IP address which refers to the local host, when it sees an MX record with that address, it doesn't recognize it as being an address that will connect back to itself. This causes the looping scenario that ipme is designed to prevent. The simple solution to this problem is to add 0.0.0.0 to ipme, by adding something like: ip_scan("0.0.0.0",ix.ip); if (!ipalloc_append(ipme,ix)) { close(moreipme_fd); return 0; } into ipme.c, around line 96. The solution we actually used took advantage of an internal patch which allows us to list additional addresses to be added to ipme in "control/moreipme", which works around some other problems qmail has when addresses that refer to it go through any kind of address translation or proxying, and it can't recognize them as local. We just added 0.0.0.0 to the beginning of this file, and all was well. I'd be happy to hear any comments on this problem. -ScottG.
Re: QMail DOS
Which can easily be dealt with by setting Q/control/timeoutsmtpd to a lower value (default is 1200 seconds). \Maex I am afraid it's not that straightforward. For instance, for a guy who is on a slow dial up connection (say 28.8kbps or less), and who is attempting to send large message (say a message with a 10MB attachment) to your site, he is capable of tieing up for quite a while a qmail-smtpd instance of your installation regardless his intention. Now, assuming on a day your site is unlucky enough to have quite a few this kind of people banging on your mail server(s), your life can become somewhat difficult. I have experienced the above situation once. Chin Fang [EMAIL PROTECTED]
Delivering to Courier imap userdb maildirs
What's the best way to tell qmail to deliver mail to virtual maildirs ? I have Courier imap setup for userdb authentication, with mailboxes under /home/vmail/maildir-user TIA, - Chris [EMAIL PROTECTED]
Re: QMail DOS
QMail doesn't run under DOS. -- -russ nelson [EMAIL PROTECTED] http://russnelson.com Crynwr sells support for free software | PGPok | "This is Unix... 521 Pleasant Valley Rd. | +1 315 268 1925 voice | Stop acting so helpless." Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | --Daniel J. Bernstein
Re: QMail DOS
Russell Nelson [EMAIL PROTECTED] wrote: QMail doesn't run under DOS. If we get 20 people together... -- Dan Peterson [EMAIL PROTECTED] http://danp.net