The joy of Qmail
As a personal note, I apologize for my last posting chewing out someone for sending an unsubscribe request to the list. It was a personal email which I inadvertently posted to the list. For anyone wondering how to get off this list, just send a friendly email to [EMAIL PROTECTED] Or send a rude note about how terrible Qmail is. Doesn't matter what you say, as long as you say it to [EMAIL PROTECTED] >>Well my answer to this is "don't use qmail"<< This note from Patrick intrigued me. It intrigued me because I remember myself being so frustrated with Qmail, I cursed and said "The only reason I am using Qmail is because it is too hard to switch over to something else." There were times when I wanted to scream in frustration. One exmaple: What happens to qmail-smtpd if qmail-queue does not have the correct suid permissions? The helpful error message 'unable to open qq' comes up. I finally resolved this by reading the source code of qmail, which, to address another of Patrick's concerns, was fairly easy to read. After using Qmail for four years, I have gotten to the point that I know the big gotchas. (The other big gotcha is that qmail binaries have the uids of the qmail users hard coded in them.) I hope Patrick finds what he is looking for. He mentioned Postfix--maybe this will meet his needs better. I know that Qmail, whicle being very powerful, is not the easiest MTA to get used to. My main qualm with Postfix is that it is not flexible enough to work with the program I wrote and have up at http://kiwispam.sourceforge.net. Postfix only has a single "umbrella" or "default" address per virtualdomain, and does not have "plus addressing". - Sam
Qmail and GFS
Hi folks, I'm was playing around with the possibility of using some kind of NFS based system to do server clustering for load balancing and high availability. I came across an alternate solution called global file system (GFS). It's a file system that can be put onto a network block device and exported to clients as a local device (like NFS). To quote their web site (http://www.sistina.com): "The Global File System (GFS) is a shared storage device, cluster file system for Linux. GFS supports multi-client journaling and rapid recovery from client failures. Nodes within a GFS cluster physically share the same storage by means of Fibre Channel (FC), shared SCSI devices, or network block devices. The file system appears to be local on each node and GFS synchronizes file access across the cluster. GFS is fully symmetric. In other words, all nodes are equal and there is no server which could be either a bottleneck or a single point of failure. GFS uses read and write caching while maintaining full UNIX file system semantics." I'd like to get a bit of advice on this one. I know that NFS is a big no-no when using qmail due to the way it handles the queue. I also know that qmail may have trouble with certain journaling filesystems (for example, reiserfs) because qmail assumes that link() and unlink() are syncronous operations (according to the reiserfs FAQ). So my question boils down to, has anyone ever tried using qmail and GFS? I've been following the mailing list for a while now, without any mention of it. In the short term, my plan would be to setup one machine to act as a fileserver using the gndb facilities of GFS, and eventually switch to fiberchannel shared storage. Regards Mark Steele VP research and development Inet Technologies Inc. [EMAIL PROTECTED]
can't connect to smtp
Hi, I'm trying to diagnose the reason why I can't connect to port 25 on the localhost. I've tried with #telnet localhost 25 and #mconnect and I get: tcpclient: unable to connect to 127.0.0.1 port 25: connection refused with both. I've just installed qmail following the howto found at http://www.flounder.net/qmail/qmail-howto.html. $ ps ax | grep qmail 22825 ?? S 8:39.46 supervise qmail-smtpd 25256 p0 R+ 0:00.00 grep qmail (sh) 20531 C0- S 10:04.16 supervise qmail-send Shows that qmail-smtpd is running, but I can't connect. tcpserver rules are: 127.0.0.1:allow,RELAYCLIENT="" :allow So I should be able to connect, as far as I know. Anything else I can look at? I'm so stumped. Thanks for any help. Curtis. __ Do You Yahoo!? Yahoo! Auctions - Buy the things you want at great prices. http://auctions.yahoo.com/
Re: Things I have noted
"Rod... Whitworth" <[EMAIL PROTECTED]> writes: > On Thu, 25 Jan 2001 14:12:25 +0100, Markus Stumpf wrote: > >However there is a addon module available at http://www.qmail.org/ that > >IMHO does what you want. Search for delayed-mail notifier on qmails > >website. > > Thanks for that pointer. I didn't go looking because I it > wasn't a qmail thing to do! but do be careful with that code - it will attempt to send notifications to many mails that you might not want to send notifications to (mailing lists, bounces, etc.) On the subject of notifications, it's becoming more of a problem because of "similar" domains - you should have typed "[EMAIL PROTECTED]" and instead type "[EMAIL PROTECTED]". The latter doesn't even accept mail deliveries, so it hangs around in the queue for too long. In the case of typing "[EMAIL PROTECTED]" instead of "[EMAIL PROTECTED]", qmail as the sender *will* bounce the mail quickly, if is told there is no such remote mailbox "jo". Similarly as the receiver, qmail *will* send a bounce message telling the sender that there is no such mailbox "jo." Your original email implied that it didn't (not sure which of those two cases you were specifically referring to), and that puzzles me. James.
Re: conf-split
Peter van Dijk <[EMAIL PROTECTED]> writes: > On Thu, Jan 25, 2001 at 02:12:32AM +, James R Grinter wrote: > [snip] > > Indeed, qmail already uses a split queue/mess/ directory structure and > > it was a bit of an omission to assume that there would never be a > > surge of mail in one go (VERP list expansion is definitely good for > > creating this situation) and thus many messages in todo/ at once. > > VERP expansion happens on delivery, not on queue injection, unless you > are doing something very wrong. It's always good to question and investigate what is happening - thanks to Peter for the prompting - the answer seems to be that the "majordomo-inject" script we've been using since 1998 was indeed expanding upon queue injection (it was doing the VERP itself.) Anyone out there using this - *do* switch to mjinject instead - Giles Lean and Russ Allbery's replacement script. James. (Only 2 and a half years to spot and nail the problem. Not bad...)
Re: Problem with qmail and SMTP port w/ Debian Linux.
On Thu, Jan 25, 2001 at 08:59:05PM -0600, Charles Cazabon wrote: > But I haven't used Debian since 1.3, and don't know how qmail is packaged > for Debian. He said he followed LWQ, which would lead me to believe he's not using the Debian package. --Adam -- Adam McKenna <[EMAIL PROTECTED]> | "No matter how much it changes, http://flounder.net/publickey.html | technology's just a bunch of wires GPG: 17A4 11F7 5E7E C2E7 08AA| connected to a bunch of other wires." 38B0 05D0 8BF7 2C6D 110A| Joe Rogan, _NewsRadio_ 10:14pm up 229 days, 20:32, 9 users, load average: 0.00, 0.00, 0.00
Install went fine, but won't work
Sorry if this is a repeat to the list but I just subscribed The install went just find but I have a problem 1.) I can't seem to to set the enviroment variable to allow me to have certain hosts relay. Below is the contents of my tcp.smtp 127.0.0.1:allow,RELAYCLIENT="" 192.168.1.:allow,RELAYCLIENT="" 192.:allow,RELAYCLIENT="" 65.193.90.:allow,RELAYCLIENT="" :allow Then I ran the tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp And here is my tcpserver startup line which is in /var/qmail/supervise/qmail-smtp/run exec /usr/local/bin/softlimit -m 200 /usr/local/bin/tcpserver -v -p -x /etc/tcp.smtp.cdb -u 1003 -g 102 0 smtp rblsmtpd /var/qmail/bin/qmail-smtpd 2>&1 I have restarted smtpd just to make sure the changes took, I don't know if this is nessary or if they are on the fly. Miles Scruggs
Re: Problem with qmail and SMTP port w/ Debian Linux.
John Bowen <[EMAIL PROTECTED]> wrote: > > Now, I can send mail from my machine to other local accounts and external > domains just fine. I can check POP3 remotely just fine. However my big > problem is that I'm not receiving outside mail sent to my domain. I > verified DNS is setup correctly and goes to the correct IP address. The > bounce message I'm getting is: > > > <[EMAIL PROTECTED]>... Deferred: Connection refused by > > mail.birthmachine.com. > > ...on top of this, I can't telnet into my own port 25 [telnet on 127.0.0.1 > 25 AND outside by IP both fail with "could not open a connection"], which > makes me think I'm missing some SMTP daemon/port listener that should have > been installed with exim that qmail expects to use. A portscan on my > machine verifies that port 25 isn't open. Starting qmail does not start the SMTP daemon. YOu have to start that separately. If it was RedHat, with Bruce Guenter's startup scripts, you do: /etc/rc.d/init.d/smtpd start But I haven't used Debian since 1.3, and don't know how qmail is packaged for Debian. Charles -- --- Charles Cazabon<[EMAIL PROTECTED]> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: [OT] pine and Maildir (was: Maildir versus malibox)
Adam McKenna <[EMAIL PROTECTED]> writes: > On Thu, Jan 25, 2001 at 01:32:29AM +, James R Grinter wrote: > > But, it doesn't matter - Pine does IMAP right? (Isn't that it's real > > reason for existence?) So hook your Maildirs up with IMAP, and point > > Pine at that. > > > > Seems pretty simple to me. > > How about this: Use a non-crappy, open source e-mail client instead? no need to tell me - (for the record I've never ever used Pine, though I think I did compile it for someone else once.) but for people to complain that they want to use it, but that it doesn't natively support Maildir which they also want to use, is just madness. James.
Re: Subtle qmail bug? (was Re: Handling an MX record of 0.0.0.0 or127.0.0.1)
On Thu, 25 Jan 2001, Dan Peterson wrote: > http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/tcp_usrreq.c > Revision 1.20; dated Feb 28 1998. Hmm...hmm...right. Ok, I missed it. It did not occur to me 0.0.0.0 is a broadcast address in Canada. :) Anyway, qmail 1.00 was released on February 20, 1997. Was there any handling for 0.0.0.0 in qmail 1.00? --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
Re: Subtle qmail bug? (was Re: Handling an MX record of 0.0.0.0 or 127.0.0.1)
Pavel Kankovsky <[EMAIL PROTECTED]> wrote: > Now, how old qmail 1.03 is? CHANGES in qmail-1.03.tar.gz say it was > released on June 15 1998. Hmm...this predates the change in question > (January 11 1999), doesn't it? http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/tcp_usrreq.c Revision 1.20; dated Feb 28 1998. Please, stop now. -- Dan Peterson <[EMAIL PROTECTED]> http://danp.net
Re: Subtle qmail bug? (was Re: Handling an MX record of 0.0.0.0 or127.0.0.1)
On 25 Jan 2001, D. J. Bernstein wrote: > In fact, it's not a bug; it's a portability problem. If you were using > OpenBSD, you'd see outgoing connections to 0.0.0.0 rejected with EINVAL. This OpenBSD idiosyncracy is almost exactly two years old [1], i.e. OpenBSD 2.4 and earlier are affected (well, sane people have probably upgraded in the meantime). It isn't even documented properly, their connect(2) [2] says: [EINVAL] A TCP connection with a local broadcast, the all-ones or a multicast address as the peer was attempted. In fact, they did not even bother to mention the change in their Daily Changelog [3] and CVS log entry say "netinet merge of NRL stuff. some indent and shrinkage needed; NRL/cmetz". And the funny thing is that everyone appears to call the equivalence of 0.0.0.0 and 127.0.0.1 for TCP connects a *BSDism* (undocumented, as usual), ergo the change does probably qualify as "a frivolous incompatibility." Now, how old qmail 1.03 is? CHANGES in qmail-1.03.tar.gz say it was released on June 15 1998. Hmm...this predates the change in question (January 11 1999), doesn't it? Did you code qmail with a crystal ball in your hand? With all due respect, aren't you just looking for lame excuses (like playing with words and renaming bugs to portability problems) in order not to have to admit there is even the slightest imperfection in your creation? [1] http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/tcp_usrreq.c?r1=1.31&r2=1.32 [2] http://www.openbsd.org/cgi-bin/man.cgi?query=connect&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html [3] http://www.openbsd.org/plus25.html --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
Re: Problem with qmail and SMTP port w/ Debian Linux.
Did you configure qmail-smtpd? It either needs to be always running or invoked via tcpserver or inetd. It sounds like this is not the case. -K "Do not meddle in the affairs of dragons, because you are crunchy and taste good with ketchup." > From: John Bowen <[EMAIL PROTECTED]> > Date: Thu, 25 Jan 2001 15:26:39 -0800 > To: [EMAIL PROTECTED] > Subject: Problem with qmail and SMTP port w/ Debian Linux. > > > Hi, > > Having a problem, here's my story: I did a clean install of Debian Potato > Linux on a P100 machine, I did NOT install exim [selected option 5/do not > configure mail] when doing the install. I followed the Life With Qmail > document to the letter, installing qmail 1.03, the daemontools, and > ucspi-tcp. I also installed the POP3 module that came with qmail. The 4 > qmail- processes are running and locally everything seems to work okay > [verified with a ps and a qmail-inject to myself from an echo on the command > line]. > > Now, I can send mail from my machine to other local accounts and external > domains just fine. I can check POP3 remotely just fine. However my big > problem is that I'm not receiving outside mail sent to my domain. I > verified DNS is setup correctly and goes to the correct IP address. The > bounce message I'm getting is: > >> <[EMAIL PROTECTED]>... Deferred: Connection refused by >> mail.birthmachine.com. > > ...on top of this, I can't telnet into my own port 25 [telnet on 127.0.0.1 > 25 AND outside by IP both fail with "could not open a connection"], which > makes me think I'm missing some SMTP daemon/port listener that should have > been installed with exim that qmail expects to use. A portscan on my > machine verifies that port 25 isn't open. > > I did absolutely nothing fancy on the qmail/Linux install, haven't > installed ANYTHING but what I mentioned above. I'm pretty much a Linux > ignoramus and have no idea where to go from here. > > Thanks in advance for any pointers or help... > - John >
Re: Subtle qmail bug? (was Re: Handling an MX record of 0.0.0.0 or 127.0.0.1)
On Thu, Jan 25, 2001 at 06:32:47PM -0500, Scott Gifford wrote: > Markus Stumpf <[EMAIL PROTECTED]> writes: > > If AOL or hotmail would decide to change their MX records to your mailserver > > this will for sure also cause you problems. > > No it won't. qmail will give an error that the MX records points back > to itself, and bounce the message. I don't think that any mailserver out there will be able to handle the load if AOL or Hotmail will change the MX record to point at that system (without prior notice). This would be a DOS just like the 0.0.0.0 is. > qmail knows that MX records that point back to you are a problem, it > just doesn't know that 0.0.0.0 points back to itself. > That's why it's a bug. I never said it's not a bug, it's IMHO just not a security bug. It's triggered by a DNS misconfiguration (done on purpose). And, btw., thanks for finding it and supplying a fix. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research & Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
RE: Subtle qmail bug? (was Re: Handling an MX record of 0.0.0.0 or 127.0.0.1)
Hi Mark, > Patrick. If you're that bitter about people accurately explaining to > you that a bug is not necessarily the same as a security exploit, [...] Well I guess I disagree on the meaning of a security problem. If you can use this trick to create a DOS attack on a system, to me that would qualify as a security problem. Of course this trick will not provide the attacker with root access to the machine, so in a stricter sense it is not a security exploit, but I find that definition a bit too narrow. I am not bitter about it, I am just a bit hot tempered at times :). However I find it a bit extreme to be called an idiot because I state some of my views. I certainly did not intend to call people names, and I don't think I did. I find it a bit disturbing that people are always ready to call you names as soon as you state even the slightest negative comment about qmail. I guess I will never understand that kind of passion (zealotery ?), but it is always amusing to witness. Patrick.
Re: Subtle qmail bug? (was Re: Handling an MX record of 0.0.0.0 or 127.0.0.1)
Markus Stumpf <[EMAIL PROTECTED]> writes: > On Thu, Jan 25, 2001 at 01:56:45PM -0500, Patrick Bihan-Faou wrote: > > Well failure to recognize that 0.0.0.0 is yourself is not quite DNS related > > exploit. It is a bug. > > If AOL or hotmail would decide to change their MX records to your mailserver > this will for sure also cause you problems. No it won't. qmail will give an error that the MX records points back to itself, and bounce the message. qmail knows that MX records that point back to you are a problem, it just doesn't know that 0.0.0.0 points back to itself. That's why it's a bug. --ScottG.
Problem with qmail and SMTP port w/ Debian Linux.
Hi, Having a problem, here's my story: I did a clean install of Debian Potato Linux on a P100 machine, I did NOT install exim [selected option 5/do not configure mail] when doing the install. I followed the Life With Qmail document to the letter, installing qmail 1.03, the daemontools, and ucspi-tcp. I also installed the POP3 module that came with qmail. The 4 qmail- processes are running and locally everything seems to work okay [verified with a ps and a qmail-inject to myself from an echo on the command line]. Now, I can send mail from my machine to other local accounts and external domains just fine. I can check POP3 remotely just fine. However my big problem is that I'm not receiving outside mail sent to my domain. I verified DNS is setup correctly and goes to the correct IP address. The bounce message I'm getting is: > <[EMAIL PROTECTED]>... Deferred: Connection refused by > mail.birthmachine.com. ...on top of this, I can't telnet into my own port 25 [telnet on 127.0.0.1 25 AND outside by IP both fail with "could not open a connection"], which makes me think I'm missing some SMTP daemon/port listener that should have been installed with exim that qmail expects to use. A portscan on my machine verifies that port 25 isn't open. I did absolutely nothing fancy on the qmail/Linux install, haven't installed ANYTHING but what I mentioned above. I'm pretty much a Linux ignoramus and have no idea where to go from here. Thanks in advance for any pointers or help... - John
supervise fatal errors
I've gotten qmail to compile, and my init scripts set up, but when I run "qmail start", I get the following: Starting qmail: svscan . supervise: fatal: unable to acquire qmail-send/supervise/lock: temporary failure supervise: fatal: unable to acquire log/supervise/lock: temporary failure supervise: fatal: unable to acquire qmail-smtpd/supervise/lock: temporary failure supervise: fatal: unable to acquire log/supervise/lock: temporary failure The supervise fatal errors repeat every couple of seconds. This is a SunOS 5.7 box, running qmail-1.03. Any thoughts? Fish.
Re: queue is empty, but qmail still complains
Try: /var/qmail/queue -type f If there are *any* references in the numbered subdirectories in *any* of the queues, you may get the message in question. Be sure to delete them all. -K "Do not meddle in the affairs of wizards, for they are subtle and quick to anger." > From: Charles Cazabon <[EMAIL PROTECTED]> > Date: Wed, 24 Jan 2001 19:27:14 -0600 > To: Qmail <[EMAIL PROTECTED]> > Subject: Re: queue is empty, but qmail still complains > > Keary Suska <[EMAIL PROTECTED]> wrote: >> Qmail stores references to messages in multiple locations in the queue. What >> this error likely means is that there are references to messages in the todo >> directory that don't exist in the mess directory. Find the messages via >> something like find /var/qmail/queue -name '*MESSAGEID*' where MESSAGEID is >> the id number of the message. Delete every instance of the troublesome >> message ID's. > > Actually, I'm quite aware of this -- that's why in my original message, > I posted (among other things) the result of `find /var/qmail/queue -type f` > showing that there are _no_ files in the queue directory other than > lock/tcpto and lock/sendmutex. queue-fix (with the big-todo patch) says > the queue is fine. > > To sum up: this is not simple queue corruption, caused by manually > removing files in the queue hierarchy. Something distinctly odd is going > on. I can stop qmail, verify no qmail processes are running, verify there > are no files in the queue structure other than the two mentioned above, > start qmail, and _still_ get error output about these particular files > in mess/*/ being missing. Where is qmail getting the necessary state > information to determine that these files should exist? > > I've also just noticed something else odd about the error messages -- aren't > the files in the split directories normally named by inode number? In this > case, the "missing" files all share the names of the split directories that > qmail thinks they should be in -- i.e. mess/13/13, mess/14/14, etc. > > Here's a listing of /var/qmail/queue/mess: > > [root@charon mess]# pwd > /var/qmail/queue/mess > [root@charon mess]# ll > total 92 > drwxr-x--- 2 qmailq qmail4096 Jan 24 15:04 0/ > drwxr-x--- 2 qmailq qmail4096 Apr 9 1999 1/ > drwxr-x--- 2 qmailq qmail4096 Jan 24 15:04 10/ > drwxr-x--- 2 qmailq qmail4096 Jan 24 15:04 11/ > drwxr-x--- 2 qmailq qmail4096 Jan 24 15:04 12/ > drwxr-x--- 2 qmailq qmail4096 Jun 27 2000 13/ > drwxr-x--- 2 qmailq qmail4096 Jun 27 2000 14/ > drwxr-x--- 2 qmailq qmail4096 Jun 27 2000 15/ > drwxr-x--- 2 qmailq qmail4096 Jun 27 2000 16/ > drwxr-x--- 2 qmailq qmail4096 Jun 27 2000 17/ > drwxr-x--- 2 qmailq qmail4096 Feb 14 2000 18/ > drwxr-x--- 2 qmailq qmail4096 May 11 2000 19/ > drwxr-x--- 2 qmailq qmail4096 Apr 9 1999 2/ > drwxr-x--- 2 qmailq qmail4096 Jun 27 2000 20/ > drwxr-x--- 2 qmailq qmail4096 Jan 24 15:04 21/ > drwxr-x--- 2 qmailq qmail4096 Jan 24 15:04 22/ > drwxr-x--- 2 qmailq qmail4096 Jan 24 15:04 3/ > drwxr-x--- 2 qmailq qmail4096 Jan 24 15:04 4/ > drwxr-x--- 2 qmailq qmail4096 Jan 24 15:04 5/ > drwxr-x--- 2 qmailq qmail4096 Jan 24 15:04 6/ > drwxr-x--- 2 qmailq qmail4096 Jan 24 15:04 7/ > drwxr-x--- 2 qmailq qmail4096 Jan 24 15:04 8/ > drwxr-x--- 2 qmailq qmail4096 Jan 24 15:04 9/ > > I just don't get it. I've searched the archives of the list, and can't find > any occurrences of this. I'd appreciate any thoughts on what might be > causing this. > > Charles > >>> [root@charon queue]# ps auxw | grep qmail >>> [root@charon queue]# pwd >>> /var/qmail/queue >>> [root@charon queue]# find . -type f >>> ./lock/sendmutex >>> ./lock/tcpto >>> [root@charon queue]# /etc/rc.d/init.d/qmail start >>> Starting qmail: done. >>> [root@charon queue]# tail /var/log/maillog >>> Jan 24 16:02:49 charon qmail: 980373769.839878 warning: unable to stat >>> mess/13/13 >>> Jan 24 16:02:49 charon qmail: 980373769.841153 warning: unable to stat >>> mess/14/14 >>> Jan 24 16:02:49 charon qmail: 980373769.841305 warning: unable to stat >>> mess/15/15 >>> Jan 24 16:02:49 charon qmail: 980373769.841445 warning: unable to stat >>> mess/16/16 >>> Jan 24 16:02:49 charon qmail: 980373769.841572 warning: unable to stat >>> mess/17/17 >>> Jan 24 16:02:49 charon qmail: 980373769.845169 warning: unable to stat >>> mess/18/18 >>> Jan 24 16:02:49 charon qmail: 980373769.845323 warning: unable to stat >>> mess/19/19 >>> Jan 24 16:02:49 charon qmail: 980373769.845463 warning: unable to stat >>> mess/20/20 >>> Jan 24 16:02:49 charon qmail: 980373769.848179 warning: unable to stat >>> mess/21/21 >>> Jan 24 16:02:49 charon qmail: 980373769.851135 warning: unable to stat >>> mess/22/22 > > -- > ---
RE: Subtle qmail bug? (was Re: Handling an MX record of 0.0.0.0 or 127.0.0.1)
> >>Read Bruce Schneier's comment on these type of contests in his latest > book...<< > > Name of book, please. "Secrets and Lies" if my memory serves me right. > >>Well my answer to this is "don't use qmail"<< > > So, what do you recommend? > I am not recommending anything, choose a solution based on your needs. I looked at many MTA. Qmail is really nice for a large number of things and is usually reliable. But as I started to want things that do not fit with its design assumptions it became really difficult to play with it. As far as overall code quality and design quality goes, postfix is the best MTA I have seen so far (IMO). But as with a lot of things this is a matter of personal preferences and even religion for some. I currently use both qmail and postfix. Any new system I build uses postfix. I don't want to start a holy war on these issues as they are not worth the effort. My main motivations to move to postfix were: - qmail obscure licensing terms (for my needs) - postfix is generally more flexible and easier to configure for fancy things - postfix performance is on par with qmail - and a few other reasons that are not worth mentioning Why I used qmail in the past: - easier to configure than sendmail - more reliable than sendmail - only true alternative to sendmail (at the time) - good performance - easy to use for "simple" cases (where "simple" does not mean simplistic/useless, but means "typical") Patrick.
Re: [OT] pine and Maildir (was: Maildir versus malibox)
Just to stick in another random opinion: I've been pretty pine die hard for almost 3 years now. I tried out mutt about a month ago, and just couldn't make the switch. Went back to pine and Mailbox, despite personally preferring Maildir. Tried it again about 3 days ago due to peer pressure and disgust with Mailbox format - and something clicked. I'd now recommend it to anyone that wants MUA Maildir support, regardless whether or not they are a pine fan. It only took about an hour to make it do everything I was used to in pine - and the stuff I couldn't reprogram my fingers to do (x is for expunge, dammit!) I just re-binded. Very slick. And the pgp support... delicious. :D (Now if I could only figure out how to color code tagged messages...) > OK, on your advice I will look into mutt and give it a whirl, but god > knows I have better things to do with my time than evaluate MUA's. Give it a serious hour of your time. You won't be disappointed. -- Mahlon Smith InternetCDS http://www.internetcds.com
RE: Subtle qmail bug? (was Re: Handling an MX record of 0.0.0.0 or 127.0.0.1)
Among other thins, Patrick Bihan-Faou said: >>Read Bruce Schneier's comment on these type of contests in his latest book...<< Name of book, please. >>Well my answer to this is "don't use qmail"<< So, what do you recommend? Patrick.
Re: Subtle qmail bug? (was Re: Handling an MX record of 0.0.0.0 or 127.0.0.1)
Patrick Bihan-Faou writes: > If you don't count that as a bug in qmail, then I don't know what is a > bug... In fact, it's not a bug; it's a portability problem. If you were using OpenBSD, you'd see outgoing connections to 0.0.0.0 rejected with EINVAL. ---Dan
Re: SMTP Time issues
On Thu, Jan 25, 2001 at 03:06:57PM -0500, Corey Jarvis wrote: > To all and anyone willing to listen, > I have qmail installed and running on Slackware 7.1, I have a wierd > problem with outbound > mail saying that it was sent the day after and not the current time. > I am running 2.4.0 and the BIOS clock > shows proper, my date shows proper in the system and my timezone is set > correctly. Is there anywhere in particular > where the SMTP for qmail gets it time from. Oh and I am running it > under tcpserver. qmail ignores timezone and prints all timestamps in UTC. This makes reading mailheaders easier because you don't have to compensate for the timezone of any mailserver involved. Greetz, Peter.
Re: Subtle qmail bug? (was Re: Handling an MX record of 0.0.0.0 o r 127.0.0.1)
Greg Owen <[EMAIL PROTECTED]> writes: > > Well I guess that this one is definitely elligible for the > > "qmail security challenge". > > > > http://web.infoave.net/~dsill/qmail-challenge.html > > I don't think so. The challenge says: Obviously, the purpose of reporting this bug wasn't to win the expired qmail challenge. It's not a security bug, but a correctness bug, and a DoS bug (it seriously horked our mail servers). [ ... ] > This attack merely causes messages to loop a bit before bouncing. > This barely even qualifies as a DOS attack. > A message sent into the system, sent to a user at a 0.0.0.0 MX host, from a user at a 0.0.0.0 MX host, passes through qmail-smtpd, qmail-queue, qmail-send, and qmail-remote 60 times before it's gone from your system (30 before it bounces, and another 30 trying to deliver the bounce). That means that if you have 2% of your messages addressed this way, deliberately or accidentally, you need 120% more power (over twice as much) to process the bounces. It means that a user sending a steady stream of 10 (small) messages/sec over a dialup connection makes your system deal with 600 messages/sec, which would normally take a T1. A user on a T1 or fast DSL sending 600 messages/sec makes your system deal with 36,000 messages/sec, which would normally take 2 T3s. It makes it possible for a home user with relatively few resources to take down a medium-sized qmail installation with no real effort. And they can even do it accidentally, if they're spamming or dealing with a mailing list. Our mail system at OneMain.COM processes over 23 million messages a day with no problem, and this bug brought it to its knees. It's a serious bug. But it's relatively easy to fix (in ipme.c), or to work around (don't allow connections from 127.0.0.1 to qmail-smtpd). ---ScottG.
Re: Cc: in qmail
> Anyone done this? Daily. > Can qmail handle this? Easily :) > If so, how-to would be greatly > appreciated! Read the dot-qmail man page. Short recipe: Put this into ~user1/.qmail : &[EMAIL PROTECTED] ./Maildir/ This will send a copy to the given address and save the message in user1's Maildir. You can make this more intelligent so that centralspy never generates any bounces but this does the job. Regards, Frank
Re: qmail+virtualdomain
> Well, if i try to delete the virtualdomain from "locals" file,leaving it only in > the "virtualdomains" file, i obtain: > > : > Sorry, no mailbox here by that name. (#5.1.1) Of course you have to provide a .qmail file that catches your address. In the case of this address it would be ~newuser/.qmail-newuser or ~newuser/.qmail-default. Try to understand how the extension mechanism in qmail works - after that you will understand how virtual domains may be implemented. Two packages that handle virtual domains for you are mentioned on www.qmail.org. Regards, Frank
Re: Cc: in qmail
Jeff Krintila <[EMAIL PROTECTED]> wrote: > I've had a request to see if our qmail system can accommodate the following: > > The customer wants to have his individual accounts receive mails addressed > to them, but in addition, he would like to have a copy of mail for specific > accounts cc'd to a "central repository" mail account. Create .qmail files for those users which he wants a copy of the mail stored for. Put in the normal delivery instruction (i.e. "./Maildir/"), plus an additional one "&mailstore@localhost"). Then have a file ~alias/.qmail-mailstore which has a delivery instruction to store all this mail. Charles -- --- Charles Cazabon<[EMAIL PROTECTED]> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: Subtle qmail bug? (was Re: Handling an MX record of 0.0.0.0 or 127.0.0.1)
Patrick Bihan-Faou <[EMAIL PROTECTED]> wrote: > > Well failure to recognize that 0.0.0.0 is yourself is not quite DNS related > exploit. It is a bug. > > > > I like these rules that say "yeah we are setting up a challenge, but there > is no way that you could ever win it"... The only reason it couldn't be won was that there were no security bugs in qmail. The exact same conditions, attached to sendmail of the time, would have resulted in many, many winners. > If you ask me, qmail is far from bug free... The first security issue with > this product is itself: the code is completely obfuscated (I know I know, > style is a matter of taste), there is 0 line of comments in the code (hey > isn't the fact that qmail code is "small" one of its selling points ? remove > comments and you reduced the code size...) Don't like it? Don't use it. There's plenty of other MTAs out there. If you want djb to eat crow _and_ give you money, he's offering a USD$500 guarantee on the security of djbdns. Go wild; find a security bug. I fully expect that money to remain unclaimed. Charles -- --- Charles Cazabon<[EMAIL PROTECTED]> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: rblsmtpd
Martin Randall <[EMAIL PROTECTED]> writes: > Whilst I'm hereI noticed that most mail servers connecting have > cutomised greetings and endings during the 220, 250 and 221 responses. I > searched the docs plus Dave Sills archives but couldn't find anything on > this. Naturally qmail provides this essential customization. See the smtpgreeting control file. Ian
Re: rblsmtpd
On Thu, Jan 25, 2001 at 02:06:58PM -0500, Martin Randall wrote: [snip] > Whilst I'm hereI noticed that most mail servers connecting have > cutomised greetings and endings during the 220, 250 and 221 responses. I > searched the docs plus Dave Sills archives but couldn't find anything on > this. man qmail-smtpd, look for smtpgreeting. Greetz, Peter.
Re: qmail+virtualdomain
On Thu, Jan 25, 2001 at 07:56:04PM +0100, Massimiliano Santarelli wrote: > Well, if i try to delete the virtualdomain from "locals" file,leaving it only in > the "virtualdomains" file, i obtain: > > : > Sorry, no mailbox here by that name. (#5.1.1) Your virtualdomain is not called 'virtualdomain' so stop lying about that. Show us the contents of your configfiles, especially locals and virtualdomains, please. Greetz, Peter.
RE: Subtle qmail bug? (was Re: Handling an MX record of 0.0.0.0 or 127.0.0.1)
> Well failure to recognize that 0.0.0.0 is yourself is not > quite DNS related exploit. It is a bug. I'll buy that, but it isn't a security hole. You did note the word "security" between "qmail" and "challenge," yes? Its in the titlebar, the large words at the top of the page, and the first paragraph. > I like these rules that say "yeah we are setting up a > challenge, but there is no way that you could ever win it"... It wasn't a bug hunt, it was a security challenge. The rules listed are reasonable, if you keep that in mind. > If you ask me, qmail is far from bug free... Okay, but how many of those bugs can be exploited to breach security? (NOTE: a DOS is not a security breach.) Please, go find one, there is still a $500 prize available. > - this sort of "attack" is in use and causing problems with site that > selected qmail as their MTA This sort of "attack" causes little more trouble than double-bounces. Frankly, we've discussed DOS scenarios with qmail that make this look like a piece of wet popcorn. Note that qmail's integral mail loop detection stops this attack quickly. > So saying "it does not fit our challenge because you need to > use DNS to perform the attack" is like saying "well qmail is > perfectly safe if you don't use it in the real world"... Good > PR move guys, and a cheap one too! Nobody said that. We said it wasn't a security breach, it was a DOS, and an extremely limited DOS at that. If you don't understand the difference, go read some more. Let's read that line again: "bugs are specifically disqualified: Exploits that involve corrupting DNS data, breaking TCP/IP, breaking NFS, or denying service (except for the case above). " You apparently stopped at the first comma. Try going all the way to the period. > Well my answer to this is "don't use qmail" Given your logic, you should stop using computers. I've noticed bugs at all levels, from the BIOS and CPU on up. But then you wouldn't get to go trolling, now would you? -- gowen -- Greg Owen -- [EMAIL PROTECTED] SoftLock.com is now DigitalGoods!
Re: Subtle qmail bug? (was Re: Handling an MX record of 0.0.0.0 or 127.0.0.1)
On Thu, Jan 25, 2001 at 01:56:45PM -0500, Patrick Bihan-Faou wrote: > So saying "it does not fit our challenge because you need to use DNS to > perform the attack" is like saying "well qmail is perfectly safe if you > don't use it in the real world"... Good PR move guys, and a cheap one too! > > Well my answer to this is "don't use qmail" Patrick. If you're that bitter about people accurately explaining to you that a bug is not necessarily the same as a security exploit, then it's probably best if you take your own advice. You're not forced to use qmail. You're not forced to particiate here and listen to answers you don't want to hear. If qmail doesn't suit you, or the qmail community doesn't suit you then it's in your and our best interest to pick an MTA that suits your ideals. You'll feel better and we won't notice your absence. Regards.
Re: Subtle qmail bug? (was Re: Handling an MX record of 0.0.0.0 or 127.0.0.1)
begone, troll. Patrick Bihan-Faou writes: >> On Thu, Jan 25, 2001 at 12:40:47PM -0500, Patrick Bihan-Faou wrote: >> > Well I guess that this one is definitely elligible for the >> "qmail security >> > challenge". >> > http://web.infoave.net/~dsill/qmail-challenge.html >> > If you don't count that as a bug in qmail, then I don't know what is a >> > bug... >> >> You quote it, but have you also read the document? >> Especially the "Rules" section, part 1. (and also 8.1) >> > > > Well failure to recognize that 0.0.0.0 is yourself is not quite DNS related > exploit. It is a bug. > > > > > I like these rules that say "yeah we are setting up a challenge, but there > is no way that you could ever win it"... > > If you ask me, qmail is far from bug free... The first security issue with > this product is itself: the code is completely obfuscated (I know I know, > style is a matter of taste), there is 0 line of comments in the code (hey > isn't the fact that qmail code is "small" one of its selling points ? remove > comments and you reduced the code size...) > > Read Bruce Schneier's comment on these type of contests in his latest > book... > > > > > This 0.0.0.0 problem can easily be deflected by saying "some stupid people > mis-configure DNS to cause you problem (clause 8)", but the facts are: > - other MTA handle this properly (not qmail) > - this sort of "attack" is in use and causing problems with site that > selected qmail as their MTA > > So saying "it does not fit our challenge because you need to use DNS to > perform the attack" is like saying "well qmail is perfectly safe if you > don't use it in the real world"... Good PR move guys, and a cheap one too! > > Well my answer to this is "don't use qmail" > > > > Patrick. > - Paul Theodoropoulos [EMAIL PROTECTED] Senior Unix Systems Administrator Syntactically Subversive Services, Inc. http://www.anastrophe.net Downtime Is Not An Option
Re: Things I have noted
On Thu, 25 Jan 2001 14:12:25 +0100, Markus Stumpf wrote: >I personally *hate* those delay messages. Once I got one every hour for >a whole week from a remote system telling me that it cannot contact the >final delivery system. Really annoying and pretty useless, as there's >nothing I could have done against the problems. The time I liked it was when I was sending a quote and had misunderstood the destination address (or mistyped it, I forget which) and so two things happened: First I had a chance to resend so that my customer did not have to wait 5 days and maybe I would have lost him. Secondly I had a number of re-inforcement messages reminding me to get it right first time! > >However there is a addon module available at http://www.qmail.org/ that >IMHO does what you want. Search for delayed-mail notifier on qmails >website. Thanks for that pointer. I didn't go looking because I it wasn't a qmail thing to do! Back to being a lurking sponge.. Rod In the beginning was The Word and The Word was Content-type: text/plain The Word of Rod.
Re: Cc: in qmail
On Thu, Jan 25, 2001 at 11:43:26AM -0700, Jeff Krintila wrote: > I've had a request to see if our qmail system can accommodate the following: > > The customer wants to have his individual accounts receive mails addressed > to them, but in addition, he would like to have a copy of mail for specific > accounts cc'd to a "central repository" mail account. > > Anyone done this? Can qmail handle this? If so, how-to would be greatly > appreciated! Put 2 lines in his .qmail file, or on the qmail-start line. ./Maildir/ ¢ralaccount Where ./Maildir/ is your normal delivery instruction (might be different for your system) and 'centralaccount' is an account able to receive mail. Greetz, Peter.
RE: in qmail
Easiest way is to add a .qmail-user file with an additional delivery instruction Remotely in .qmail-user: &[EMAIL PROTECTED] ./Maildir/ Locally in .qmail-user /home/otheruser/Maildir/ ./Maildir/ -Original Message- From: Jeff Krintila [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 25, 2001 1:43 PM To: '[EMAIL PROTECTED]' Subject: Cc: in qmail I've had a request to see if our qmail system can accommodate the following: The customer wants to have his individual accounts receive mails addressed to them, but in addition, he would like to have a copy of mail for specific accounts cc'd to a "central repository" mail account. Anyone done this? Can qmail handle this? If so, how-to would be greatly appreciated! Thanks in advance, J
Re: Cc: in qmail
On Thu, 25 Jan 2001, Jeff Krintila wrote: >I've had a request to see if our qmail system can accommodate the following: > >The customer wants to have his individual accounts receive mails addressed >to them, but in addition, he would like to have a copy of mail for specific >accounts cc'd to a "central repository" mail account. > >Anyone done this? Can qmail handle this? If so, how-to would be greatly >appreciated! > >Thanks in advance, > >J in the .qmail files for those accounts, add a line with the central address on it -- *** Matthew H Patterson Unix Systems Administrator National Support Center, LLC Naperville, Illinois, USA ***
Re: relay controls
see also 'morercpthosts'. 'Chris Johnson' writes: > On Thu, Jan 25, 2001 at 11:26:09AM -0700, Dan Egli wrote: >> rcpthosts is no good. We want to accept mail for ALL domains. This is a >> primary mail server for many virtual domains. I need to be able to send to >> any domain in existance. such a rcpt hosts file would be HUGE! > > You should try reading the FAQ and other documentation (like the link I sent in > my previous message). You must use rcpthosts; the situation you're describing > is common and is well covered by the documentation. > > Chris - Paul Theodoropoulos [EMAIL PROTECTED] Senior Unix Systems Administrator Syntactically Subversive Services, Inc. http://www.anastrophe.net Downtime Is Not An Option
SMTP Time issues
To all and anyone willing to listen, I have qmail installed and running on Slackware 7.1, I have a wierd problem with outbound mail saying that it was sent the day after and not the current time. I am running 2.4.0 and the BIOS clock shows proper, my date shows proper in the system and my timezone is set correctly. Is there anywhere in particular where the SMTP for qmail gets it time from. Oh and I am running it under tcpserver. Thanks, Corey
Re: relay controls
Dan Egli <[EMAIL PROTECTED]> wrote: > rcpthosts is no good. We want to accept mail for ALL domains. This is a > primary mail server for many virtual domains. I need to be able to send to > any domain in existance. such a rcpt hosts file would be HUGE! You're suffering from a common misunderstanding. rcpthosts doesn't really list all the domains you want to be able to send mail to; it lists the domains which you are willing to relay mail to from anyone in the world. Short answer: read Life with Qmail, djb's FAQ, www.qmail.org. Hint: only your domains should be in rcpthosts in most situations. Then to allow your company machines to use it as a smart relay, you use tcpserver to set the RELAYCLIENT for those (and only those) IPs. Charles -- --- Charles Cazabon<[EMAIL PROTECTED]> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: relay controls
On Thu, Jan 25, 2001 at 11:26:09AM -0700, Dan Egli wrote: > rcpthosts is no good. We want to accept mail for ALL domains. This is a > primary mail server for many virtual domains. I need to be able to send to > any domain in existance. such a rcpt hosts file would be HUGE! So what? qmail has no problems with huge files. Mine has some 60,000 records. What you describe is a relay open mailserver, and that's what you have now. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research & Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: relay controls
On Thu, Jan 25, 2001 at 11:26:09AM -0700, Dan Egli wrote: > rcpthosts is no good. We want to accept mail for ALL domains. This is a > primary mail server for many virtual domains. I need to be able to send to > any domain in existance. such a rcpt hosts file would be HUGE! You are not understanding, it seems. You are mixing up two concepts. Concept one is rcpthosts. rcpthosts specifies which domains *your server* handles. rcpthosts should contain all domains for which you want to receive mail *from* the Internet. Do not care about outside domains your users want to mail to, right now. Concept two is tcprules. tcprures specifies which IP-blocks are allowed to use your server to send to anywhere on the Internet. I hope this clears it up a bit. Greetz, Peter.
Re: relay controls
On Thu, Jan 25, 2001 at 11:26:09AM -0700, Dan Egli wrote: > rcpthosts is no good. We want to accept mail for ALL domains. This is a No you don't. You want to accept mail for a small subset of the known domains in the universe. > primary mail server for many virtual domains. I need to be able to send to > any domain in existance. You said receive above and send here. Which are you talking about? The direction *is* important as they are handled by separate mechanisms within qmail. rcpthosts is for inbound mail that your server delivers. RELAYCLIENT stuff in tcpserver is used to identify which IP addresss can use your server as a sending relay for any domain. > such a rcpt hosts file would be HUGE! So? Having a huge file is not a problem for qmail. Is it hard for you to create it? Check out the man page for qmail-newmrh. qmail especially knows how to handle a large list of domains efficiently. Regards. > > -Original Message- > From: Chris Johnson [mailto:[EMAIL PROTECTED]] > Sent: Thursday, January 25, 2001 11:17 AM > To: Dan Egli > Cc: '[EMAIL PROTECTED]' > Subject: Re: relay controls > > > On Thu, Jan 25, 2001 at 10:39:26AM -0700, Dan Egli wrote: > > We have a QMAIL server that our previous sysadmin left in open relay > > mode. I am trying to close the security holes, but I don't understand > Qmail > > worth a damb (having used sendmail and being groomed on sendmail my entire > > unix life). > > > > I have a tcprules file the directory it appears my predecessor left the > > setup files in, and acording to the runline in PS (I still cannot find > where > > he is actually launching tcpserver for smtp but it is running) the file > > should be /var/service/qmail-smtpd/tcprules.cdb > > > > This file does exist, and it is readable, containing the following rule: > > > > 127.0.0.1:allow,RELAYCLIENT="" > > 209.254.33.:allow,RELAYCLIENT="" > > > > yet if I jump onto a machine that is not in these rules, and I telnet into > > port 25, I can setup a mail from outside the realm to outside the realm. > > Does /var/qmail/control/rcpthosts exist? If not, you should create it, and > you > should put in it a list of domains for which you're willing to receive mail, > one per line. > > See http://web.infoave.net/~dsill/lwq.html for lots of good qmail > information. > > Chris
Re: bcc sucks
On Thu, Jan 25, 2001 at 06:27:34AM -0600, Matthew Patterson wrote: > >Sure it is. The recipient address for that local delivery is stored in > >the environment variable RECIPIENT. Additionally if instructions for > >the delivery are in a .qmail-...-default file the part of the address > >covered by the -default wildcard is in the environment variable > >DEFAULT. See man qmail-command. > > Sounds like just what I needed. The man page doesn't specify it the enviornment > variables are set locally to the program or are globally set, I assume local to > the program, but I want to make absolutely sure The manpage for qmail-command(8) describes the environment variables that qmail-local sets when it executes a program. Since those variables change from message to message, there's no 'global' setting; what your program recieves in the enviroment pertains only to that message delivery... > > -- > *** > Matthew H Patterson > Unix Systems Administrator > National Support Center, LLC > Naperville, Illinois, USA > *** > -- Brian 'you Bastard' Reichert<[EMAIL PROTECTED]> 37 Crystal Ave. #303Daytime number: (603) 434-6842 Derry NH 03038-1713 USA Intel architecture: the left-hand path
Re: Subtle qmail bug? (was Re: Handling an MX record of 0.0.0.0 or 127.0.0.1)
On Thu, Jan 25, 2001 at 01:56:45PM -0500, Patrick Bihan-Faou wrote: > Well failure to recognize that 0.0.0.0 is yourself is not quite DNS related > exploit. It is a bug. If AOL or hotmail would decide to change their MX records to your mailserver this will for sure also cause you problems. But neither is a *security* bug. > the code is completely obfuscated (I know I know, > style is a matter of taste), there is 0 line of comments in the code The ability to read the code depends on your C language skills. The ability to work with the code depends on the tools you have and use (ever given ctags a try?). Limited capabilities don't mean the code is obfuscated. A book written in Kishuaheli will look obfuscated to most people on this planet and it doesn't have comments, too. However this is not a criteria for the quality of the book. > Well my answer to this is "don't use qmail" Nobody says you have to. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research & Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: how to stop smtp .... there's no sendmail
[EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > I trying to stop smtp and pop-3... > So I want to stop both of them in order to use qmail, but I don't know how, I > did a ps ax and there is no sendmail process, it means that if I do a killall > -9 sendmail nothing happen (I did) and the smtp and pop will be there. > What should I do? what are the commands in order to do this? Edit inetd.conf, comment out (or remove) the sendmail line and whatever POP3 daemon line you have, and HUP inetd. Charles -- --- Charles Cazabon<[EMAIL PROTECTED]> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
RE: Subtle qmail bug? (was Re: Handling an MX record of 0.0.0.0 or 127.0.0.1)
Oh and for the fact that the challenge is closed. I mean cool more money to FSF. But still my comment is more on "what constitute a problem with qmail". I don't really care for the challenge itself, but more on the attitude of saying "this is not a qmail issue, but something else's fault". Patrick.
Re: rblsmtpd
Hello Chris On 25-Jan-01, you wrote: > > I think this last entry requires a patched rbslmptd. You could instead > use: > > -r relays.msci.memphis.edu > > relays.msci.memphis.edu is a mirror of relays.mail-abuse.org, but it runs > Dan's rbldns and gives out the TXT record that rblsmtpd needs. > > Chris > Funny, I was just about to look at rblsmtpd later today or this evening. Apparently the records changed from txt to ?? last August. I was hoping that as ucspi-tcp had been overhauled and rblsmtpd is now within it, at 0.88 this inter-operability problem had been fixed. What is the status of this problem ? Further, what's the -a option all about ? Whilst I'm hereI noticed that most mail servers connecting have cutomised greetings and endings during the 220, 250 and 221 responses. I searched the docs plus Dave Sills archives but couldn't find anything on this. Just curious... Regards...Martin -- 1) If you have to ask, you're not entitled to know. 2) If you don't like the answer, you shouldn't have asked. == Abbott's Law
Re: relay controls
Dan Egli <[EMAIL PROTECTED]> wrote: > > We have a QMAIL server that our previous sysadmin left in open relay > mode. I am trying to close the security holes, but I don't understand Qmail > worth a damb (having used sendmail and being groomed on sendmail my entire > unix life). Post the output of `qmail-showctl`. Your tcpserver invocation didn't seem to set the RELAYCLIENT variable for inappropriate IP addresses, altough the text you posted isn't what tcpserver uses -- it uses a compiled version of that. It's probably a matter of rcpthosts. The command above will tell us. Charles -- --- Charles Cazabon<[EMAIL PROTECTED]> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: how to stop smtp .... there's no sendmail
On Thu, Jan 25, 2001 at 10:55:01AM -0700, [EMAIL PROTECTED] wrote: > Hi! > I trying to stop smtp and pop-3... > when I did netstat -l I got this: > LISTEN tcp 0 0 *:pop-3 *: > * LISTEN tcp 0 0 *:smtp > So I want to stop both of them in order to use qmail, but I don't know how, I > did a ps ax and there is no sendmail process, it means that if I do a killall > -9 sendmail nothing happen (I did) and the smtp and pop will be there. > What should I do? what are the commands in order to do this? > Check Your inetd configuration in inetd.conf . Regards, Gerrit. -- [EMAIL PROTECTED] innominate AG the linux architects tel: +49.30.308806-0 fax: -77 http://www.innominate.com
Re: qmail+virtualdomain
Well, if i try to delete the virtualdomain from "locals" file,leaving it only in the "virtualdomains" file, i obtain: : Sorry, no mailbox here by that name. (#5.1.1) thans Massimiliano On Thu, 25 Jan 2001, you wrote: > On Thu, Jan 25, 2001 at 06:05:48PM +0100, Massimiliano Santarelli wrote: > > HI! i've compiled qmail on mi server and it works well! > > Now, i'm still trying to add a virtualdomain, > > modifying the locals/rcpthost files , > > and in virtualdomain file (newvirtualdomain:newuser). > > But if i try to send mail to newuser@hostname, the delivery happen! so the > > account newuser@newvirtualdomain and newuser@hostname seems to be the same > > thing for the user called "newuser" > > How can i solve this problem and split different users with different > > virtualdomain?? > > Make sure that any domain you want to handle virtually is *not* > mentioned in locals. > > If you mention a domain in locals *and* in virtualdomains, locals > takes precedence. > > Greetz, Peter.
Sqwebmail Documentation
I know this is the wrong place to ask, but the sqwebmail mailing list is incredibly slow/unpopulated. Do any of you know where I could find documentation for that package? I'm trying to do things like set up multiple virtual domains, change my timeout time, etc. Thanks, Alex Le Fevre __ Do You Yahoo!? Yahoo! Auctions - Buy the things you want at great prices. http://auctions.yahoo.com/
Re: how to stop smtp .... there's no sendmail
On Thu, Jan 25, 2001 at 10:55:01AM -0700, [EMAIL PROTECTED] wrote: > when I did netstat -l I got this: > LISTEN tcp 0 0 *:pop-3 *: > * LISTEN tcp 0 0 *:smtp This is probably inetd listening on that ports. Edit /etc/inetd.conf and comment the lines for "smtp" and "pop"/"pop3" (i.e. put a '#' as the first char on that line). After that do a kill -HUP `pidof inetd` \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research & Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
RE: Subtle qmail bug? (was Re: Handling an MX record of 0.0.0.0 or 127.0.0.1)
> On Thu, Jan 25, 2001 at 12:40:47PM -0500, Patrick Bihan-Faou wrote: > > Well I guess that this one is definitely elligible for the > "qmail security > > challenge". > > http://web.infoave.net/~dsill/qmail-challenge.html > > If you don't count that as a bug in qmail, then I don't know what is a > > bug... > > You quote it, but have you also read the document? > Especially the "Rules" section, part 1. (and also 8.1) > Well failure to recognize that 0.0.0.0 is yourself is not quite DNS related exploit. It is a bug. I like these rules that say "yeah we are setting up a challenge, but there is no way that you could ever win it"... If you ask me, qmail is far from bug free... The first security issue with this product is itself: the code is completely obfuscated (I know I know, style is a matter of taste), there is 0 line of comments in the code (hey isn't the fact that qmail code is "small" one of its selling points ? remove comments and you reduced the code size...) Read Bruce Schneier's comment on these type of contests in his latest book... This 0.0.0.0 problem can easily be deflected by saying "some stupid people mis-configure DNS to cause you problem (clause 8)", but the facts are: - other MTA handle this properly (not qmail) - this sort of "attack" is in use and causing problems with site that selected qmail as their MTA So saying "it does not fit our challenge because you need to use DNS to perform the attack" is like saying "well qmail is perfectly safe if you don't use it in the real world"... Good PR move guys, and a cheap one too! Well my answer to this is "don't use qmail" Patrick.
Re: how to stop smtp .... there's no sendmail
On Thu, Jan 25, 2001 at 10:55:01AM -0700, [EMAIL PROTECTED] wrote: > Hi! > I trying to stop smtp and pop-3... > when I did netstat -l I got this: > LISTEN tcp 0 0 *:pop-3 *: > * LISTEN tcp 0 0 *:smtp > So I want to stop both of them in order to use qmail, but I don't know how, I > did a ps ax and there is no sendmail process, it means that if I do a killall > -9 sendmail nothing happen (I did) and the smtp and pop will be there. > What should I do? what are the commands in order to do this? qmail-smtpd and qmail-popup is either running from tcpserver or inetd. Look for 'tcpserver' processes, and check /etc/inetd.conf. Greetz, Peter.
Cc: in qmail
I've had a request to see if our qmail system can accommodate the following: The customer wants to have his individual accounts receive mails addressed to them, but in addition, he would like to have a copy of mail for specific accounts cc'd to a "central repository" mail account. Anyone done this? Can qmail handle this? If so, how-to would be greatly appreciated! Thanks in advance, J
Re: ORBS
On Thu, Jan 25, 2001 at 12:52:35PM -0500, Chris Johnson wrote: > On Thu, Jan 25, 2001 at 03:18:53PM -0200, Marcilio Jorgensen Cassella wrote: > > My SMTP server is in the ORBS list because: > > > > > > X-Token: qlyzkfjxdlcfhlrh > > X-Envelope-Sender: MAIL FROM:<[EMAIL PROTECTED]> > > X-Envelope-Recipient: RCPT > > TO: > > You might be listed in ORBS, but I doubt this is why. If you're running qmail > and haven't enabled percenthack, then this won't get you into ORBS. It does in his case, because he relays to misconfigured sendmailboxes. Greetz, Peter.
Re: Subtle qmail bug? (was Re: Handling an MX record of 0.0.0.0 or 127.0.0.1)
On Thu, Jan 25, 2001 at 12:40:47PM -0500, Patrick Bihan-Faou wrote: > > > Well I guess that this one is definitely elligible for the "qmail security > challenge". > > http://web.infoave.net/~dsill/qmail-challenge.html > > If you don't count that as a bug in qmail, then I don't know what is a > bug... > It's a bug. However, it would not qualify: 8. The following types of bugs are specifically disqualified: + Exploits that involve corrupting DNS data, breaking TCP/IP, breaking NFS, or denying service (except for the case above). Also, http://cr.yp.to/qmail/guarantee.html specifically mentions that DoS is not part of the deal. Greetz, Peter.
Re: Subtle qmail bug? (was Re: Handling an MX record of 0.0.0.0 or 127.0.0.1)
?? definitely not eligible. where's the exploit? Patrick Bihan-Faou writes: > > > Well I guess that this one is definitely elligible for the "qmail security > challenge". > > > > > If you don't count that as a bug in qmail, then I don't know what is a > bug... > > > > Patrick. > > > > > "Scott Gifford" <[EMAIL PROTECTED]> wrote in message > news:<[EMAIL PROTECTED]>... >> Matt Brown <[EMAIL PROTECTED]> writes: >> >> > This has been a feature of recent spam, which is probably why it's now >> > an issue. Several spam senders are now having sender addresses of >> > @, where resolves via DNS to >> > '0.0.0.0'. >> > >> > Eventually qmail rejects the message because it recognises that it's >> > looped around too much, of course. >> >> Right, but it's a very effective (perhaps inadvertant) DOS tool. If >> you can generate a stream of 10 messages/sec of these, it's the >> equivalent of generating about 300 messages/sec --- a great way of >> turning a puny dial-up connection into a mail server crushing machine. >> >> We had a spammer sending a huge number of messages to users at this >> address ( their fake bounce addresses are now getting on each >> others' list...), which was causing our not-processed queues to hover >> around 100, which was causing regular messages to be processed very >> slowly. >> >> Since qmail works around this simple mail loop for other address >> referring to the local machine, it should do so for 0.0.0.0 as well. >> >> --ScottG. >> > - Paul Theodoropoulos [EMAIL PROTECTED] Senior Unix Systems Administrator Syntactically Subversive Services, Inc. http://www.anastrophe.net Downtime Is Not An Option
Re: relay controls
On Thu, Jan 25, 2001 at 10:39:26AM -0700, Dan Egli wrote: > This file does exist, and it is readable, containing the following rule: > 127.0.0.1:allow,RELAYCLIENT="" > 209.254.33.:allow,RELAYCLIENT="" > yet if I jump onto a machine that is not in these rules, and I telnet into > port 25, I can setup a mail from outside the realm to outside the realm. > > I do not understand Qmail at all so I need some major help here. Do you have a file called /var/qmail/control/rcpthosts if that file does not exist your mailserver is relay open. $ man qmail-smtpd (located in /var/qmail/man) [ ... ] rcpthosts Allowed RCPT domains. If rcpthosts is supplied, qmail-smtpd will reject any envelope recipient address with a domain not listed in rcpthosts. Exception: If the environment variable RELAYCLIENT is set, qmail-smtpd will ignore rcpthosts, and will append the value of RELAYCLIENT to each incoming recipient address. rcpthosts may include wildcards: heaven.af.mil .heaven.af.mil Envelope recipient addresses without @ signs are always allowed through. [ ... ] \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research & Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: relay controls
On Thu, Jan 25, 2001 at 11:26:09AM -0700, Dan Egli wrote: > rcpthosts is no good. We want to accept mail for ALL domains. This is a > primary mail server for many virtual domains. I need to be able to send to > any domain in existance. such a rcpt hosts file would be HUGE! You should try reading the FAQ and other documentation (like the link I sent in my previous message). You must use rcpthosts; the situation you're describing is common and is well covered by the documentation. Chris
Re: Subtle qmail bug? (was Re: Handling an MX record of 0.0.0.0 or 127.0.0.1)
"Patrick Bihan-Faou" <[EMAIL PROTECTED]> wrote: >Well I guess that this one is definitely elligible for the "qmail security >challenge". > >http://web.infoave.net/~dsill/qmail-challenge.html > > >If you don't count that as a bug in qmail, then I don't know what is a >bug... Sure, it's a bug. Dan didn't anticipate that spammers would set up MX's pointing to 0.0.0.0. But it's not a security bug, and it wouldn't have won the Security Challenge if it was still in effect. -Dave
RE: Subtle qmail bug? (was Re: Handling an MX record of 0.0.0.0 or 127.0.0.1)
> Well I guess that this one is definitely elligible for the > "qmail security challenge". > > http://web.infoave.net/~dsill/qmail-challenge.html I don't think so. The challenge says: "Bugs that qualify for the prize, subject to the other conditions outlined in these rules, must be one of the following: - Remote exploits that give login access. - Local or remote exploits that grant root privileges. - Local or remote exploits that grant read or write access to a file the user can't normally access because of UNIX access controls (owner/group/mode). - Local or remote exploits that cause any of the long-lived qmail processes (currently: qmail-send, qmail-rspawn, qmail-lspawn, or qmail-clean) to terminate." This attack merely causes messages to loop a bit before bouncing. This barely even qualifies as a DOS attack. Note also that at http://cr.yp.to/qmail/guarantee.html: "I also specifically disallowed denial-of-service attacks: they are present in every MTA, widely documented, and very hard to fix without a massive overhaul of several major protocols" -- gowen -- Greg Owen -- [EMAIL PROTECTED] SoftLock.com is now DigitalGoods!
Re: Subtle qmail bug? (was Re: Handling an MX record of 0.0.0.0 or 127.0.0.1)
On Thu, Jan 25, 2001 at 12:40:47PM -0500, Patrick Bihan-Faou wrote: > Well I guess that this one is definitely elligible for the "qmail security > challenge". > http://web.infoave.net/~dsill/qmail-challenge.html > If you don't count that as a bug in qmail, then I don't know what is a > bug... You quote it, but have you also read the document? Especially the "Rules" section, part 1. (and also 8.1) \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research & Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: relay controls
On Thu, Jan 25, 2001 at 10:39:26AM -0700, Dan Egli wrote: [snip] > I have a tcprules file the directory it appears my predecessor left the > setup files in, and acording to the runline in PS (I still cannot find where > he is actually launching tcpserver for smtp but it is running) the file > should be /var/service/qmail-smtpd/tcprules.cdb tcpserver is running from /var/service/qmail-smtpd/run. /var/service is your service directory, as used by svscan (which is also running, probably). Read up on it at http://cr.yp.to/daemontools.html > This file does exist, and it is readable, containing the following rule: > > 127.0.0.1:allow,RELAYCLIENT="" > 209.254.33.:allow,RELAYCLIENT="" ok. Here's the fix. - rename the file to 'tcprules' instead of 'tcprules.cdb' - add a line at the bottom that just says ':allow' - type 'tcprules tcprules.cdb tcprules.cdb.tmp < tcprules' - Done. Hopefully. Some recommended reading for you: http://www.lifewithqmail.org/ http://www.qmail.org/ (with links to all kinds of documentation) http://cr.yp.to/ (with the author's documentation for qmail, including a FAQ). Greetz, Peter.
RE: relay controls
rcpthosts is no good. We want to accept mail for ALL domains. This is a primary mail server for many virtual domains. I need to be able to send to any domain in existance. such a rcpt hosts file would be HUGE! -Original Message- From: Chris Johnson [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 25, 2001 11:17 AM To: Dan Egli Cc: '[EMAIL PROTECTED]' Subject: Re: relay controls On Thu, Jan 25, 2001 at 10:39:26AM -0700, Dan Egli wrote: > We have a QMAIL server that our previous sysadmin left in open relay > mode. I am trying to close the security holes, but I don't understand Qmail > worth a damb (having used sendmail and being groomed on sendmail my entire > unix life). > > I have a tcprules file the directory it appears my predecessor left the > setup files in, and acording to the runline in PS (I still cannot find where > he is actually launching tcpserver for smtp but it is running) the file > should be /var/service/qmail-smtpd/tcprules.cdb > > This file does exist, and it is readable, containing the following rule: > > 127.0.0.1:allow,RELAYCLIENT="" > 209.254.33.:allow,RELAYCLIENT="" > > yet if I jump onto a machine that is not in these rules, and I telnet into > port 25, I can setup a mail from outside the realm to outside the realm. Does /var/qmail/control/rcpthosts exist? If not, you should create it, and you should put in it a list of domains for which you're willing to receive mail, one per line. See http://web.infoave.net/~dsill/lwq.html for lots of good qmail information. Chris
Re: relay controls
On Thu, Jan 25, 2001 at 10:39:26AM -0700, Dan Egli wrote: > We have a QMAIL server that our previous sysadmin left in open relay > mode. I am trying to close the security holes, but I don't understand Qmail > worth a damb (having used sendmail and being groomed on sendmail my entire > unix life). > > I have a tcprules file the directory it appears my predecessor left the > setup files in, and acording to the runline in PS (I still cannot find where > he is actually launching tcpserver for smtp but it is running) the file > should be /var/service/qmail-smtpd/tcprules.cdb > > This file does exist, and it is readable, containing the following rule: > > 127.0.0.1:allow,RELAYCLIENT="" > 209.254.33.:allow,RELAYCLIENT="" > > yet if I jump onto a machine that is not in these rules, and I telnet into > port 25, I can setup a mail from outside the realm to outside the realm. Does /var/qmail/control/rcpthosts exist? If not, you should create it, and you should put in it a list of domains for which you're willing to receive mail, one per line. See http://web.infoave.net/~dsill/lwq.html for lots of good qmail information. Chris
Re: ORBS
On Thu, Jan 25, 2001 at 03:18:53PM -0200, Marcilio Jorgensen Cassella wrote: > Hi, > > My SMTP server is in the ORBS list because: > > > X-Token: qlyzkfjxdlcfhlrh > X-Envelope-Sender: MAIL FROM:<[EMAIL PROTECTED]> > X-Envelope-Recipient: RCPT > TO: Headers for a relayed message look like: --->--- CUT HERE Return-Path: <[EMAIL PROTECTED]> Delivered-To: [EMAIL PROTECTED] Received: (qmail 81844 invoked from network); 25 Jan 2001 18:01:41 - Received: from unknown (HELO cronopio.ibase.org.br) (200.18.178.15) by massive.dataloss.net with SMTP; 25 Jan 2001 18:01:41 - Received: from alternex.com.br (ax.alternex.com.br [200.18.178.1]) by cronopio.ibase.org.br (8.8.7/8.8.7) with ESMTP id PAA24946 for <[EMAIL PROTECTED]>; Thu, 25 Jan 2001 15:59:23 -0200 (EDT) From: [EMAIL PROTECTED] Received: from shadow.alternex.com.br (shadow.alternex.com.br [200.18.178.4]) by alternex.com.br (8.8.7/8.8.7) with SMTP id PAA27300 for <[EMAIL PROTECTED]>; Thu, 25 Jan 2001 15:59:15 -0200 (EDT) Date: Thu, 25 Jan 2001 15:59:15 -0200 (EDT) Message-Id: <[EMAIL PROTECTED]> Received: (qmail 19929 invoked by alias); 25 Jan 2001 17:58:01 - Delivered-To: [EMAIL PROTECTED] Received: (qmail 19915 invoked from network); 25 Jan 2001 17:57:52 - Received: from router-office.vuurwerk.net (HELO moi) (62.250.3.59) by shadow.alternex.com.br with SMTP; 25 Jan 2001 17:57:52 - To: "undisclosed-recipients:;"@alternex.com.br test ---<--- CUT HERE Message comes into your qmailbox (shadow), is delivered to ax.alternex.com.br (a sendmail box) through something you do with the alias user. This box then sends it to cronopio.ibase.org.br, which delivers the message to it's final recipient. Both of these sendmail boxes are misconfigured - they treat the address 'peter%dataloss.net@[someIP]' as '[EMAIL PROTECTED]'. Ask your sendmail admin to disable that ugly percenthack. Greetz, Peter.
Re: qmail+virtualdomain
On Thu, Jan 25, 2001 at 06:05:48PM +0100, Massimiliano Santarelli wrote: > HI! i've compiled qmail on mi server and it works well! > Now, i'm still trying to add a virtualdomain, > modifying the locals/rcpthost files , > and in virtualdomain file (newvirtualdomain:newuser). > But if i try to send mail to newuser@hostname, the delivery happen! so the > account newuser@newvirtualdomain and newuser@hostname seems to be the same > thing for the user called "newuser" > How can i solve this problem and split different users with different > virtualdomain?? Make sure that any domain you want to handle virtually is *not* mentioned in locals. If you mention a domain in locals *and* in virtualdomains, locals takes precedence. Greetz, Peter.
RE: No transport provider was available for delivery to this recipient
We've experienced this error a few times here, generally when sending large files (>2Mb). I thought it was a timeout problem with Outlook so I set the server timeout to a higher figure in the internet email service and it doesn't happen now. -Original Message- From: john roberts [SMTP:[EMAIL PROTECTED]] Sent: Thursday, January 25, 2001 4:40 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject:Re: No transport provider was available for delivery to this recipient There is nothing in /var/log/maillog when this happens. Its like it never gets to the mailserver to process. Typically the message sits in the outlook outbox for a few seconds before I get the message back "no delivery". How do I look to see what the tcpservers max connection limit is? John >From: Markus Stumpf <[EMAIL PROTECTED]> >To: john roberts <[EMAIL PROTECTED]> >CC: [EMAIL PROTECTED] >Subject: Re: No transport provider was available for delivery to this >recipient >Date: Thu, 25 Jan 2001 17:11:03 +0100 > >On Thu, Jan 25, 2001 at 07:53:48AM -0800, john roberts wrote: > > I sometimes get this message when I am trying to send mail from Outlook >2000 > > or 97 to qmail 1.03 server: > > > > No transport provider was available for delivery to this recipient. > >Dies this message pop up immediately or after some kinda timout? > >What do the qmail logs say? >Maybe tcpservers max connection limit was hit at that time? > > \Maex > >-- >SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 >Research & Development | D-80807 Muenchen| Fax: +49 (89) >32356-299 >Stress is when you wake up screaming and you realize you haven't fallen >asleep yet. _ Get your FREE download of MSN Explorer at http://explorer.msn.com
Re: ORBS
On Thu, Jan 25, 2001 at 03:18:53PM -0200, Marcilio Jorgensen Cassella wrote: > TO: > How to fix it, please ? You probably have a control/percenthack file. Remove it. \Maex
how to stop smtp .... there's no sendmail
Hi! I trying to stop smtp and pop-3... when I did netstat -l I got this: LISTEN tcp 0 0 *:pop-3 *: * LISTEN tcp 0 0 *:smtp So I want to stop both of them in order to use qmail, but I don't know how, I did a ps ax and there is no sendmail process, it means that if I do a killall -9 sendmail nothing happen (I did) and the smtp and pop will be there. What should I do? what are the commands in order to do this? I'm using RedHat6.2. Thank you for your help, Rocael. Get free email and a permanent address at http://www.netaddress.com/?N=1
Re: qmail+virtualdomain
On Thu, Jan 25, 2001 at 06:05:48PM +0100, Massimiliano Santarelli wrote: > modifying the locals/rcpthost files , > and in virtualdomain file (newvirtualdomain:newuser). A domain has to be either in locals OR virtualdomains, not in both (if you have it in both, locals overrides virtualdomains). Don;t forget to kill -HUP `pidof qmail-send` after making changes to locals and/or virtualdomains file. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research & Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: qmail-pop3d and fetchmail
On Thu, Jan 25, 2001 at 06:13:06PM +0100, Markus Stumpf wrote: > On Thu, Jan 25, 2001 at 05:42:56PM +0100, Peter van Dijk wrote: > > qmail-pop3d sorts messages based on > > size, so supporting LAST would yield wrong results anyway. > > Hmmm ... are you sure? > From looking at the code I'd say it's sorted by modification time. You are right. I am confused now. I am quite sure there is some Maildir application that sorts by size. Must be lack of sleep. Greetz, Peter.
Re: ORBS
On Thu, Jan 25, 2001 at 03:18:53PM -0200, Marcilio Jorgensen Cassella wrote: > My SMTP server is in the ORBS list because: > > > X-Token: qlyzkfjxdlcfhlrh > X-Envelope-Sender: MAIL FROM:<[EMAIL PROTECTED]> > X-Envelope-Recipient: RCPT > TO: You might be listed in ORBS, but I doubt this is why. If you're running qmail and haven't enabled percenthack, then this won't get you into ORBS. Chris
Re: qmail+virtualdomain
> thing for the user called "newuser" > How can i solve this problem and split different users with different > virtualdomain?? Is virtualdomain still in "locals"?
Re: Subtle qmail bug? (was Re: Handling an MX record of 0.0.0.0 or 127.0.0.1)
Well I guess that this one is definitely elligible for the "qmail security challenge". http://web.infoave.net/~dsill/qmail-challenge.html If you don't count that as a bug in qmail, then I don't know what is a bug... Patrick. "Scott Gifford" <[EMAIL PROTECTED]> wrote in message news:<[EMAIL PROTECTED]>... > Matt Brown <[EMAIL PROTECTED]> writes: > > > This has been a feature of recent spam, which is probably why it's now > > an issue. Several spam senders are now having sender addresses of > > @, where resolves via DNS to > > '0.0.0.0'. > > > > Eventually qmail rejects the message because it recognises that it's > > looped around too much, of course. > > Right, but it's a very effective (perhaps inadvertant) DOS tool. If > you can generate a stream of 10 messages/sec of these, it's the > equivalent of generating about 300 messages/sec --- a great way of > turning a puny dial-up connection into a mail server crushing machine. > > We had a spammer sending a huge number of messages to users at this > address ( their fake bounce addresses are now getting on each > others' list...), which was causing our not-processed queues to hover > around 100, which was causing regular messages to be processed very > slowly. > > Since qmail works around this simple mail loop for other address > referring to the local machine, it should do so for 0.0.0.0 as well. > > --ScottG. >
relay controls
I am quite a new Qmail user, and so I'm looking for some help here. We have a QMAIL server that our previous sysadmin left in open relay mode. I am trying to close the security holes, but I don't understand Qmail worth a damb (having used sendmail and being groomed on sendmail my entire unix life). I have a tcprules file the directory it appears my predecessor left the setup files in, and acording to the runline in PS (I still cannot find where he is actually launching tcpserver for smtp but it is running) the file should be /var/service/qmail-smtpd/tcprules.cdb This file does exist, and it is readable, containing the following rule: 127.0.0.1:allow,RELAYCLIENT="" 209.254.33.:allow,RELAYCLIENT="" yet if I jump onto a machine that is not in these rules, and I telnet into port 25, I can setup a mail from outside the realm to outside the realm. I do not understand Qmail at all so I need some major help here. Thanks!
Re: qmail compile error
On Thu, Jan 25, 2001 at 11:06:49AM -0600, Fish Flowers wrote:
[snip]
> typdef struct __ns_msg {
Are you sure it says 'typdef' there? It should be 'typedef'. Looks
like someone messed with your includefiles.
Greetz, Peter.
quotas
Hello, I have add a 'vmailmgrquotas' file in /var/qmail/control/ What have I to do to made qmail read this file ? whitch daemon must be restarted ? This is my ps : 176 ?S 0:00 supervise qmail 186 ?S 0:00 qmail-send 187 ?S 0:00 splogger qmail 188 ?S 0:00 unixserver -U -q /tmp/.qmail-qstat /usr/bin/qmail-qst 189 ?S 0:00 unixserver -U -q /tmp/.qmail-qread /usr/bin/qmail-qre 191 ?S 0:00 supervise vmailmgrd 198 ?S 0:00 unixserver -v -- /var/service/vmailmgrd/socket vmailm 201 ?S 0:00 multilog t /var/log/vmailmgrd 226 ?S 0:00 qmail-lspawn ./Maildir/ 227 ?S 0:00 qmail-rspawn 228 ?S 0:00 qmail-clean 182 ?S 0:00 supervise pop3d 190 ?S 0:00 tcpserver -dHRvX -c 20 -x /etc/tcpcontrol/pop-3.cdb 0 197 ?S 0:00 splogger pop3d
ORBS
Hi, My SMTP server is in the ORBS list because: X-Token: qlyzkfjxdlcfhlrh X-Envelope-Sender: MAIL FROM:<[EMAIL PROTECTED]> X-Envelope-Recipient: RCPT TO: How to fix it, please ? Thanks, Marcilio
qmail+virtualdomain
HI! i've compiled qmail on mi server and it works well! Now, i'm still trying to add a virtualdomain, modifying the locals/rcpthost files , and in virtualdomain file (newvirtualdomain:newuser). But if i try to send mail to newuser@hostname, the delivery happen! so the account newuser@newvirtualdomain and newuser@hostname seems to be the same thing for the user called "newuser" How can i solve this problem and split different users with different virtualdomain?? Massimiliano
Re: qmail-pop3d and fetchmail
On Thu, Jan 25, 2001 at 05:42:56PM +0100, Peter van Dijk wrote: > qmail-pop3d sorts messages based on > size, so supporting LAST would yield wrong results anyway. Hmmm ... are you sure? >From looking at the code I'd say it's sorted by modification time. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research & Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
quotas
Hello, I have add a 'vmailmgrquotas' file in /var/qmail/control/ What have I to do to made qmail read this file ? whitch daemon must be restarted ? This is my ps : 176 ?S 0:00 supervise qmail 186 ?S 0:00 qmail-send 187 ?S 0:00 splogger qmail 188 ?S 0:00 unixserver -U -q /tmp/.qmail-qstat /usr/bin/qmail-qst 189 ?S 0:00 unixserver -U -q /tmp/.qmail-qread /usr/bin/qmail-qre 191 ?S 0:00 supervise vmailmgrd 198 ?S 0:00 unixserver -v -- /var/service/vmailmgrd/socket vmailm 201 ?S 0:00 multilog t /var/log/vmailmgrd 226 ?S 0:00 qmail-lspawn ./Maildir/ 227 ?S 0:00 qmail-rspawn 228 ?S 0:00 qmail-clean 182 ?S 0:00 supervise pop3d 190 ?S 0:00 tcpserver -dHRvX -c 20 -x /etc/tcpcontrol/pop-3.cdb 0 197 ?S 0:00 splogger pop3d
qmail compile error
Hi --
I'm trying to install qmail on a Solaris box, and when running "make setup
check" I'm getting the following string:
... [happy compile messages] ...
./compile dns.c
"/usr/include/arpa/nameser.h", line 127: warning: const is a keyword in
ANSI C
"/usr/include/arpa/nameser.h", line 127: syntax error before or at: const
"/usr/include/arpa/nameser.h", line 127: cannot recover from previous
errors
make: *** [dns.o] Error 10
#
The relevant lines of /usr/include/arpa/nameser.h are:
typdef struct __ns_msg {
const uchar_t *_msg, *_eom;
uint16_t_id, _flags, _counts[ns_s_max];
const uchar_t *_sections[ns_s_max];
ns_sect _sect;
int _rrnum;
const uchar_t *_ptr;
} ns_msg;
Does anyone have any pointers on how to resolve this?
Thanks,
Fish Flowers.
Re: No transport provider was available for delivery to this rec
> How do I look to see what the tcpservers max connection limit If the -c switch is not used it's tcpservers standard setting of 40. See http://cr.yp.to/ucspi-tcp/tcpserver.html Frank
Re: No transport provider was available for delivery to this recipient
On Thu, Jan 25, 2001 at 08:40:12AM -0800, john roberts wrote: > delivery". How do I look to see what the tcpservers max connection limit > is? tcpservers option "-c" defines the number of simultaneous connections. Default is 40. See http://cr.yp.to/ucspi-tcp/tcpserver.html You have to check your qmail-smtpd startup script to see what value you are using. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research & Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: No transport provider was available for delivery to this recipient
On Thu, Jan 25, 2001 at 10:17:07AM -0600, Charles Cazabon wrote: > john roberts <[EMAIL PROTECTED]> wrote: > > > > No transport provider was available for delivery to this recipient. > http://support.microsoft.com/support/kb/articles/Q197/4/17.ASP?LN=EN-US&SD=gn&FR=0 > > Basically, they're violating the SMTP spec by not enclosing addresses in > <>. Dan "fixed" this (i.e. added the workaround for non RFC compliant clients) in at least qmail-1.03 (just verified, works). The problem only happens with pre qmail-1.03 versions (our old qmail-1.01 server does not accept addresses withou the <>). \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research & Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: Re: No transport provider was available for delivery to this recipient
>john roberts <[EMAIL PROTECTED]> wrote:>> >> No transport provider was available for delivery to this recipient.>This comes up a lot -- if you search the qmail mailing list archives,>one of the pointers is to this MS kb article: From my experience, it's not the brackets - I have and exchange server relaying all messages to qmail server - never got this problem, except when had a problem with the Internet mail connector definitions in exchange __IncrediMail - Email has finally evolved - Click Here
Re: qmail-pop3d and fetchmail
On Thu, Jan 25, 2001 at 10:26:33AM -0600, Kris Kelley wrote: [snip] > Probably because that other pop3 server allows for the "LAST" POP3 command. > "LAST" returns the number of the last message downloaded. Ideally this > should be enough to determine which messages are new, but only after some > assumptions that aren't always correct. The most recent POP3 RFC deprecated > the "LAST" command, and not all POP3 servers support it. LAST can only be reliable on a mailserver where message-order is preserved from session to session. qmail-pop3d sorts messages based on size, so supporting LAST would yield wrong results anyway. Greetz, Peter.
Re: No transport provider was available for delivery to this recipient
There is nothing in /var/log/maillog when this happens. Its like it never gets to the mailserver to process. Typically the message sits in the outlook outbox for a few seconds before I get the message back "no delivery". How do I look to see what the tcpservers max connection limit is? John >From: Markus Stumpf <[EMAIL PROTECTED]> >To: john roberts <[EMAIL PROTECTED]> >CC: [EMAIL PROTECTED] >Subject: Re: No transport provider was available for delivery to this >recipient >Date: Thu, 25 Jan 2001 17:11:03 +0100 > >On Thu, Jan 25, 2001 at 07:53:48AM -0800, john roberts wrote: > > I sometimes get this message when I am trying to send mail from Outlook >2000 > > or 97 to qmail 1.03 server: > > > > No transport provider was available for delivery to this recipient. > >Dies this message pop up immediately or after some kinda timout? > >What do the qmail logs say? >Maybe tcpservers max connection limit was hit at that time? > > \Maex > >-- >SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 >Research & Development | D-80807 Muenchen| Fax: +49 (89) >32356-299 >Stress is when you wake up screaming and you realize you haven't fallen >asleep yet. _ Get your FREE download of MSN Explorer at http://explorer.msn.com
Re: qmail-pop3d and fetchmail
This question probably belongs in a fetchmail forum. Unfortunately, my recent attempts to subscribe to the fetchmail mailing list have ended in failure, so you may not have any luck finding a fetchmail forum. > I was trying to use fetchmail to retrieve messages from a pop3 account > on a server running qmail-pop3d using tcpserver and vchkpw. It retrieved > all the messages although I did not specify "--all" flag to fetchmail. I > tried several time and every time fetchmail retrieves all the messages > again and again. Try forcing fetchmail to use message UIDLs, that is, use the "--uidl" flag. This will enable fetchmail to keep track of what messages it has and hasn't downloaded using a local list of message IDs. > I tried fetchmail with another pop3 account on a server running > sendmail/qpoper and it worked fine, only new messages was retrieved. > Anybody knows why that happens ? Probably because that other pop3 server allows for the "LAST" POP3 command. "LAST" returns the number of the last message downloaded. Ideally this should be enough to determine which messages are new, but only after some assumptions that aren't always correct. The most recent POP3 RFC deprecated the "LAST" command, and not all POP3 servers support it. ---Kris Kelley
Re: No transport provider was available for delivery to this recipient
john roberts <[EMAIL PROTECTED]> wrote: > > No transport provider was available for delivery to this recipient. This comes up a lot -- if you search the qmail mailing list archives, one of the pointers is to this MS kb article: http://support.microsoft.com/support/kb/articles/Q197/4/17.ASP?LN=EN-US&SD=gn&FR=0 Basically, they're violating the SMTP spec by not enclosing addresses in <>. Charles -- --- Charles Cazabon<[EMAIL PROTECTED]> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: No transport provider was available for delivery to this rec
Sounds more like an internal Outlook-problem. > thought maybe qmail-smtpd was not running when I sent them mailnot sure Possibly your concurrency setting for tcpserver (SMTP) is too low. Check the logs and correct the -c switch of tcpserver. Regards, Frank
Re: No transport provider was available for delivery to this recipient
On Thu, Jan 25, 2001 at 07:53:48AM -0800, john roberts wrote: > I sometimes get this message when I am trying to send mail from Outlook 2000 > or 97 to qmail 1.03 server: > > No transport provider was available for delivery to this recipient. Dies this message pop up immediately or after some kinda timout? What do the qmail logs say? Maybe tcpservers max connection limit was hit at that time? \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research & Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
No transport provider was available for delivery to this recipient
I sometimes get this message when I am trying to send mail from Outlook 2000 or 97 to qmail 1.03 server: No transport provider was available for delivery to this recipient. The crazy part of it is that sometimes I will get that message several times on a message then I can go a day or two w/o getting it again. Most of my users in my company experience the same problem. I have looked at microsofts explanation on why this happens but that didn't help. Then I thought maybe qmail-smtpd was not running when I sent them mailnot sure what to do from here. Any help would be appreciated! _ Get your FREE download of MSN Explorer at http://explorer.msn.com
Re: How to set routing in qmail?
On Thu, Jan 25, 2001 at 06:21:31PM +0300, Michail A.Baikov wrote: > Hello. > > I'm setup two mail servers (powered by qmail). > > #1 server maintained only local users pop3 and smtp (i.e. all mail for local > users do not send to server #2 and placing direct into users mailbox) and > working only for local network. > #2 server maintained only smtp service and look to internet. All mail for > local users must be route to server #1. Assuming that you mean that #1 is not directly attached to the internet, simply point your MX to #2 and set an smtproutes entry for your domain to #1. man qmail-remote will explain that nicely. Also don't forget to put the domain into rcpthosts. Greetz, Peter.
Re: qmail-pop3d broken LAST command
Eng. Ramy M. Hassan <[EMAIL PROTECTED]> wrote: > I noticed that qmail-pop3d always responds with: < +OK 0 to the pop3 > command LAST. LAST is a broken design; it requires the server to maintain state information which really should be stored on the client. > This behavior makes pop3 clients like fetchmail unable to know which > messages are new and thus download all the messages. No. Your POP3 retriever should just use the UIDL command to get a unique signature for the message, and keep a list of signatures which it has already seen. My own POP3 retriever, getmail, does this. It works quite happily with qmail-pop3d and every other POP3 daemon I've tried. There are a few ancient POP3 servers out there which don't support UIDL, though. Charles -- --- Charles Cazabon<[EMAIL PROTECTED]> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
