Re: QMAILQUEUE patch for qmail-1.03
On Mon, Jun 11, 2001 at 08:21:13AM +0200, Frank Tegtmeyer wrote: Bruce Guenter [EMAIL PROTECTED] writes: than the obvious overhead of adding /bin/sh to the execution path? Is this overhead significant enough to make such a modification a bad idea? Are there quoting problems to expect? What kind of problems? The value of $QMAILQUEUE would be passed in to /bin/sh -c as-is, and /bin/sh would expand quotes, variables, etc. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ http://untroubled.org/ OpenPGP key: 699980E8 / D0B7 C8DD 365D A395 29DA 2E2A E96F B2DC 6999 80E8 PGP signature
Re: Multiple recipients to remote domain
On Mon, Jun 11, 2001 at 12:09:40PM -0600, Roger Walker wrote: Thanks, Peter and Charles. Looks like I'll have to script a solution that telnets to port 25 on the remote host and issues 10,000+ (650,000+ actually) rcpt to: lines. You can also use qmail-remote manually to do this. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ http://untroubled.org/ OpenPGP key: 699980E8 / D0B7 C8DD 365D A395 29DA 2E2A E96F B2DC 6999 80E8 PGP signature
Re: QMAILQUEUE patch for qmail-1.03
On Mon, Jan 25, 1999 at 03:37:21PM -0600, Bruce Guenter wrote: Appended is a patch to qmail-1.03 that causes any program that would run qmail-queue to look for an environment variable QMAILQUEUE. If it is present, it is used in place of the string bin/qmail-queue when running qmail-queue. I've been contemplating rewriting the patch to do an exec of { /bin/sh, -c, $QMAILQUEUE } instead of exec'ing $QMAILQUEUE as-is. This would allow for putting the contents of the script named by $QMAILQUEUE (which is frequently a one-line shell script anyways) into the variable itself. Are there any downsides to this approach other than the obvious overhead of adding /bin/sh to the execution path? Is this overhead significant enough to make such a modification a bad idea? -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ http://untroubled.org/ OpenPGP key: 699980E8 / D0B7 C8DD 365D A395 29DA 2E2A E96F B2DC 6999 80E8 PGP signature
Re: how to use qmail-queue
On Sat, Jun 09, 2001 at 11:18:54AM -0600, Charles Cazabon wrote: However, QMTP, as a protocol, is harder to speak than SMTP Arguable, at best. For sending a single message, the only difficult part of QMTP is calculating the total sizes before sending the package. After that point, you just send all the data and wait for the response. The server is forbidden from sending a response until the last byte of the package is received. Much simpler than the back-and-forth of SMTP. However, this does nothing to answer his original problem, which is likely solveable without dealing with any external protocols. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ http://untroubled.org/ OpenPGP key: 699980E8 / D0B7 C8DD 365D A395 29DA 2E2A E96F B2DC 6999 80E8 PGP signature
Re: qmail-qfilter logging?
On Fri, Jun 01, 2001 at 02:11:50PM -0700, Jon Rust wrote: I've just installed a small filter using Bruce Guenter's qmail-qfilter package. I have a print statement or 2 when i reject a message: # from header filter(s) (sexyfun easy to spot here) } elsif (/^From:/) { if (/haha\@sexyfun/io) { print mail refused, suspected Hybris (aka, Snow White) virus:; print http://vil.nai.com/vil/virusSummary.asp?virus_k=98873\n;; exit(31); } } However, the line above doesn't show in the qmail logs anywhere, nor does it get echoed to the sending server. Did I miss something? Any way to log it short of using syslog calls? Filters executed by qmail-qfilter have their standard output (where print goes by default) connected up to either the next filter or to qmail-queue to go into the mail spool. If you want to print an error, print to STDERR. BTW, the deny-filetypes catches virtually all current and future incidences of Snow White and similar viruses. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ http://untroubled.org/ OpenPGP key: 699980E8 / D0B7 C8DD 365D A395 29DA 2E2A E96F B2DC 6999 80E8 PGP signature
Re: qmail troubleshooting
On Tue, Jun 05, 2001 at 12:05:57PM -0500, Virginia Chism wrote: When I tried this one, `find /var/qmail/queue/remote -type f` ? the returned message was: /var/qmail/queue/remote/0/277955: Permission denied. You need to remove the backquotes (`). In most UNIX shells, the backquotes work by executing the command within the backquotes, and then substituting the output from the command into the command-line arguments. So, running find listed /var/qmail/queue/remote/0/277955 as the first file found, which the shell promptly tried to execute. It is of course not executable, so permission denied. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ http://untroubled.org/ OpenPGP key: 699980E8 / D0B7 C8DD 365D A395 29DA 2E2A E96F B2DC 6999 80E8 PGP signature
Re: reason for problem found: connection reset after 1 minute
On Fri, May 11, 2001 at 08:17:47AM -0600, Charles Cazabon wrote: I don't understand this. I thought that in a normal setup, tcpserver forked qmail-popup, which exec's checkpassword Not quite. qmail-popup forks and exec's checkpassword, in order that if checkpassword fails qmail-popup can report an -ERR message instead of just disconnecting silently. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ http://untroubled.org/ OpenPGP key: 699980E8 / D0B7 C8DD 365D A395 29DA 2E2A E96F B2DC 6999 80E8 PGP signature
Re: reason for problem found: connection reset after 1 minute
On Fri, May 11, 2001 at 01:02:47PM -0600, Charles Cazabon wrote: Bruce Guenter [EMAIL PROTECTED] wrote: On Fri, May 11, 2001 at 08:17:47AM -0600, Charles Cazabon wrote: I don't understand this. I thought that in a normal setup, tcpserver forked qmail-popup, which exec's checkpassword Not quite. qmail-popup forks and exec's checkpassword, in order that if checkpassword fails qmail-popup can report an -ERR message instead of just disconnecting silently. Thanks for the correction, Bruce -- makes much more sense. However, it still doesn't explain why the other fellows' ntcheckpassword hangs around indefinitely even after authentication success, and then causes the POP3 connection to reset after 60 seconds. The ps report that I recall seeing showed only qmail-popup and qmail-pop3d running. The qmail-popup command-line of course includes ntcheckpassword. Now, if ntcheckpassword itself is hanging around, it's badly broken, as the checkpassword interface requires that the subprogram be exec'd and not forked. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ http://untroubled.org/ OpenPGP key: 699980E8 / D0B7 C8DD 365D A395 29DA 2E2A E96F B2DC 6999 80E8 PGP signature
Re: bounce messages
On Thu, Apr 26, 2001 at 08:20:24AM -0600, Charles Cazabon wrote: Chris Hellberg [EMAIL PROTECTED] wrote: As in the life with qmail document, I'm told that qmail doesn't give deffered delievery messages like Sendmail does, but I've heard from the archives that there's a patch to turn it on. Well, I think it's actually an add-on (a Perl script run from cron). The one we use is called qmail_bounce (IIRC) You could also use qmail-notify at http://em.ca/~bruceg/qmail-notify/ which has the advantage of being compiled C code instead of Perl, and is rather easier to configure (don't have to edit source code). The current development version can also include the original message as an attachment, if anybody's interested. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: qmail-qread and qmail-qstat as suid root...
On Wed, Apr 11, 2001 at 01:26:11AM +0200, Peter van Dijk wrote: On Tue, Apr 10, 2001 at 02:40:24PM -0700, Sean Chittenden wrote: Anyone know of any reasion why I shouldn't set the qmail-qread and qmail-qstat as setuid root? I've looked through the source, but am looking for a last confirmation or "don't do that." -sc # envuidgid qmails tcpserver -U localhost 82 /var/qmail/bin/qmail-qread An alternative, that I use, is to use a UNIX local domain socket, using either my ucspi-unix or ucspi-local. Then it doesn't even have to use up a TCP port. $ nc localhost 82 or "tcpcat localhost 82", since tcpcat comes with ucspi-tcp. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: [OT] supervise sshd?
On Wed, Mar 28, 2001 at 12:20:50AM -0800, David Benfell wrote: On Mon, Mar 19, 2001 at 10:22:20AM -0500, Peter Cavender wrote: I want to run the openssh daemon under supervise...should my "run" script be: #!/bin/sh exec /usr/local/sbin/sshd -D #!/bin/sh exec fghack /usr/local/sbin/sshd - I don't know what -D does. -D causes sshd to not background itself, without outputting debug information. If anybody (else) is interested, I have RPMs of OpenSSH running under svscan and tcpserver at: http://em.ca/~bruceg/rpms/openssh/ -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Maildir file naming convention
On Wed, Mar 28, 2001 at 02:04:13PM -0600, Charles Cazabon wrote: By the time we have to worry about wrapping 16-bit PIDs in one second, we'll be using 32-bit PIDs. No worries. Um, too late. I believe Dave Miller's group was wrapping the PID counter in under a second on a Sparc a couple of years ago already. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Relay-ctrl and qmail
On Wed, Feb 28, 2001 at 06:46:49AM -, Bill Isaacs wrote: Hi Bruce and Charles, No luck yet. I tried Bruce's suggestion with the same outcome as before: --- tcpserver -v -R -x /etc/smtp.cdb 0 pop-3 /var/qmail/bin/qmail-popup I'm sorry, that was a red herring. You don't need a control file on the POP server. Hmmm... Do you have both /etc/smtp.{rules,cdb} and /etc/tcpcontrol? Which one is being updated? Okay, lets see some information on the file itself. How about `ls -ld / /etc /etc/tcpcontrol /etc/tcpcontrol/*` -- -rw-r--r-- 1 root root 2072 Feb 27 21:27 /etc/tcpcontrol/smtp.cdb -rw-r--r-- 1 root qmail 7 Feb 26 12:48 /etc/tcpcontrol/smtp.rules Then, use tcprulescheck on the cdb file to see if that IP address is in there: `TCPREMOTEIP=1.2.3.4 tcprulescheck /etc/tcpcontrol/smtp.cdb` Even more useful would be "cdbdump /etc/tcpcontrol/smtp.cdb", but you'll need the CDB programs for that. What is your run script for qmail-smtpd? -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
qmail-send progress with large queue/todo
On Tue, Feb 27, 2001 at 02:06:52PM -0500, Dave Sill wrote: qmail-send won't dispatch messages to qmail-local or qmail-remote while there are messages in queue/todo. I've been thinking about this issue, and was wondering if it would be possible to fix this in some simple way. Would it be possible to modify qmail-send to always handle known messages before scanning todo? Or to make it defer scanning todo after it hits a certain number of messages so it can process other events and then come back to scanning? I tried instrumenting qmail-send to see where things were hanging up, but was having difficulty following the flow of control. It was certainly easy to reproduce the problem -- stop qmail-send, put 100 messages in the todo, start qmail-send, and watch as only a few deliveries get started before qmail-send stop scanning todo. Is the problem as simple as this, or is it an artifact of the I/O generated by qmail-send causing the other tasks to block? -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: qmail-qfilter question
On Mon, Feb 26, 2001 at 09:26:59AM -0500, Andy Meuse wrote: So, I have qmail-qfilter running using the deny-filetypes script included in the package. I set it up as per the README, in the smtp rules files. A.B.C.D:allow,RELAYCLIENT="",QMAILQUEUE="/usr/local/bin/(script that calls deny-filetypes" The problem is that it denies files from being sent BY my users, but it doesn't deny incoming files from the world TO my users. The relaying rules aren't being invoked I suppose. Any ideas on how I can use qmail-qfilter to screen incoming attachments another way, or how to change my relaying setup to grab them? Add a final rule to your SMTP rules file with: :allow,QMAILQUEUE="/usr/local/bin/" This will force all non-relayclient users to be filtered as well. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Text-mode web browser
On Thu, Feb 15, 2001 at 03:13:42PM -0500, Schiffbauer, Anthony wrote: hey guys, this is another subject, but could any of you suggest a different text web browser other than Lynx? Links. http://artax.karlin.mff.cuni.cz/~mikulas/links/ It even handles tables properly. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: qmail compilation and optimization
On Wed, Feb 14, 2001 at 12:45:58PM +0100, Peter van Dijk wrote: On Wed, Feb 14, 2001 at 09:46:30AM -0300, wrote: I've seen the standard qmail compilation flags are just "-O2". Does anybody tried any other level of optimization like "-O6... -fomit-frame-pointer... -DCPU=686..." ? What would be the benefits of compiling with these flags ? Is this safe ? I doubt if it is safe. This should all be safe on stable compilers. I'm using egcs version egcs-1.1.2-30 in a Linux box. Ah, egcs. No, it is not safe. egcs is a crack-product. Actually, egcs 1.1.2 is quite stable and safe. I've never had it break working C or C++ code. ( I know this is more of a compiler issue, but I think it is worth to exchange experiences... ) qmail is hardly CPU-intensive, it spends very little time in loops without any I/O. I think the benefits would be small. This, however, is very true. It is very rare that any part of qmail will take significant amounts of CPU time. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: multi-thread
On Wed, Feb 07, 2001 at 05:45:43PM +0100, Jacques Frip' WERNERT wrote: ok, on my Solaris, the qmail distribution is "forking" almost 10 to 20 processes per second. This cost a lot in system ressources and system calls Are you kidding? What kind of hardware are you using? On my Celeron PC, I can fork and exec 200 shared processes per second, and almost 300 staticly-linked processes per second. So I'm trying to work on a threaded qmail-rspawn to avoid so many forks I'd be willing to bet it doesn't buy you enough to make it worth the effort on most modern UNIX-type OSs. It's also a rather large task, as the existing code likely relies heavily on globals. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Security issue: SMTP and qmail
On Thu, Feb 01, 2001 at 11:04:03AM -0600, Graphic Rezidew wrote: If security is a concern then you might not want to be running RedHat At least, not an unmodified RedHat. My typical post-install procedure is to either remove or disable anything that doesn't need to be running (in terms of network services) down to the minimum necessary. Then I replace the borken bits (sendmail, BIND, telnet) with more appropriate solutions. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Security issue: SMTP and qmail
On Thu, Feb 01, 2001 at 09:03:30PM +0100, Robin S. Socha wrote: OK, so after the next GNOMEified update, you start from scratch. Who puts GNOME on a server? Who puts server software on a GNOME desktop? To my mind they're seperate. Besides, I generally ignore updates to critical systems until they prove their stability to the level required on the system that I would install them, as I would if I ran anything else. Happy, happy, joy, joy... Unless $LINUX_DISTRO adopts $BSD package-, port- and CVSup-systems, $LINUX_DISTRO can safely be considered $KIDDY_TOY. So, I take it you don't believe in anything other than top-down software control? -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Re: Qmail and GFS
On Fri, Jan 26, 2001 at 08:52:01AM -0600, Charles Cazabon wrote: So for safety, you either have to mount the filesystem with synchonous metadata (as I said above), or have your program sync the directory of a file after syncing the file. Bruce Guenter's SRPM of qmail includes a patch which does the directory sync, so you don't have to mount the filesystem with synchronous metadata for safety. That's actually not a patch. It's a small object file that replaces the libc open, link, rename, and unlink routines. The replacement routines call the syscall as usual, but after making the call do a fsync on the directory leading up to the given filename. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: qlogtools compile - error
On Sat, Jan 20, 2001 at 12:15:57PM +0100, Clemens Hermann wrote: sorry, I used the wrong make but now it does not work anyway: gmake: *** No rules to make target 'qlogselect', needed by 'all'. Stop. what is wrong? on my Debian it compiles perfect but not under FreeBSD Did you remove the "qlogselect" program while trying to build it? Please direct further messages on this topic to the bgware mailing list, as this is off-topic for this list. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: [vmailmgr] Re: Help the qmail vmailmgr novice, receive free good karma --
On Thu, Jan 18, 2001 at 12:41:19PM -0600, Matthew Patterson wrote: This question is probably intended mostly for the people on the vmailmgr list, but anyone can help us out: is vmailmgr (specifically checkvpw) able to to /etc/passwd auth., Yes. It does either /etc/passwd authentication, if the domain is local, or virtual authentication if the domain is virtual. can it be shut off so that only virtual auth is done? Only by patching the source currently. On line 150 of authenticate/checkvpw.cc, add an extra "true" paramenter to the call to "authenticate". -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Relaying on qmtpd
On Wed, Jan 03, 2001 at 04:13:09PM -0600, Charles Cazabon wrote: This may be jumping the gun, but I imagine Bruce Guenter might just right a qmtp module for nullmailer to go alongside the existing qmqp and smtp modules. He's mentioned on this list once that it would not be an enormous effort. Unless I'm misreading the QMTP spec, you can use the qmqp protocol module with it. Just put "qmqp --port=209 remote" in the remotes config file. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: reg. qmail-qmqpd and qmail-qmtpd
On Wed, Dec 06, 2000 at 08:14:24AM -0600, Charles Cazabon wrote: As a side note, I believe Bruce Guenter's nullmailer MTA also support qmtp. I could be wrong. Nullmailer supports QMQP, but if desired, it should be fairly trivial to add QMTP support, given that QMQP is basically a subset of QMTP. In fact, the QMQP module should work with QMTP servers (if I'm reading the protocol spec right), just on a different port number. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Open Relay questionnaire
On Mon, Dec 04, 2000 at 05:12:07PM -0600, Eric Walters wrote: Is there a compelling reason to use one form of smtp auth vs. another? If you're referring to the various SMTP-after-POP/IMAP packages, not really. I believe relay-ctrl is the only one that supports Courier IMAP, but other than that all the ones I'm aware of do the same thing. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: AntiVirus!
On Mon, Dec 04, 2000 at 08:25:05PM +, Uwe Ohse wrote: On Mon, Dec 04, 2000 at 12:22:43PM -0600, John W. Lemons III wrote: Then ignore that minority group and don't prolong their agony by giving them access to non-solutions like virus scanners. I disagree with the assertion that virus scanners are non-solutions. me too. I do too, but only to a point. Automated virus scanners reduce but do not eliminate the risk of infection from viruses. However, virus scanners are NOT a solution. They are a band-aid to aleviate the symptoms of the problem. The problem is a lack of protection in the software (OS and application) itself. Proper protection models would be a solution. User education is also a problem. Everybody believes that you can simply use software with no training, even though every other significant endeavour they might do (driving, operating equipment, making sales calls for a company, etc.) requires a significant level of instruction. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: qmail enhancements
On Tue, Nov 21, 2000 at 11:25:36PM +0100, Johan Van Gompel wrote: Qmail will be the first preverbial victim. The now a year and a half old 'ye standard qmail build' will have to replaced by something more enhanced. Why? Is it broken? (1) check if a FQDN exists for the sender's IP (if not: no go); Are you talking about doing a lookup on the sender domain name? Not much point to doing that since the vast majority of spam uses legitimate but faked sender addresses. (2) allow POP3 access via SSL only; Use a SSL wrapper. (3) extract any mail attachment and check it for various things; (viruses, unallowed extensions, etc.) We use a fairly simple scanner that rejects anything with an attachment that would be executable by Windoze -- exe, VBScript, etc. It's worked great for us. There are some tools for doing this at http://em.ca/~bruceg/qmail-qfilter/ (4) support delivery to same users at different domains; plug http://www.vmailmgr.org/ /plug (5) allow only a more rigid form of authentication; (e.g. POP-before-SMTP) plug http://em.ca/~bruceg/relay-ctrl/ /plug Are there any patches that I should really consider? Depends what your target environment is. If you aren't handling hundreds of thousands of messages a day, most if not all of the "big" patches are irrelevant (big-todo, big-concurrency). If you're running on Linux, you'll want to link against a library that provides synchronous directory operations (like http://em.ca/~bruceg/syncdir/) or else you lose reliability. Everything else should wait until you know you need it. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: rbl users beware: MSN blocked
On Wed, Nov 15, 2000 at 06:58:30PM -0700, Scott D. Yelich wrote: It's too bad that companies can't set up two systems... one for people who don't want to receive this spam crap and one for customers who lack clue. As well as us who actually want to collect spam (for research and investigation purposes): http://em.ca/~bruceg/spam/ -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: [vmailmgr] New Mail Notification (with VMailMgr, advanced, not qbiff etc)
On Wed, Nov 08, 2000 at 02:24:11PM -, Michael Vorburger wrote: I need to implement a New Mail Notification; not for login like qbiff etc, but more like notifiying users on another external email, SMS etc in the future. So a simple forward won't do, I need to call some external script each time new mail comes in. Put it into vdeliver-postdeliver. See configuration.html for more details. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
multi-rcpt for qmail
Greetings. A while back, somebody sent a patch to the qmail mailing list that implemented multiple RCPT support in qmail-send and qmail-rspawn. This patch worked by sorting the domain names and transating the NUL bytes between recipients with the same domain name into another byte, and then treating the entire group of recipients as one unit. Does anybody know where I can locate that patch? I've looked but I can't find it. I'm looking at doing something similar, but still treating the recipients seperately (one recip could bounce independant of the rest), which is a good deal more complex, as well as not altering the data structure of the remotes lists. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: multi-rcpt for qmail
I'm looking at doing something similar, but still treating the recipients seperately (one recip could bounce independant of the rest), This brings me to a question: should the grouping of recipients by domain name be done in qmail-send or qmail-queue? The sending algorithm used by qmail-send (after sorting, when processing the list to send) would still be the same: if the domain name of the next undelivered recipient is the same as the current domain name, add it to the list of recipients to send to qmail-rspawn. Another question: is it legal in SMTP to temporarily defer one recipient and not another? -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: multi-rcpt for qmail
On Wed, Nov 01, 2000 at 02:04:54PM -0600, Charles Cazabon wrote: This brings me to a question: should the grouping of recipients by domain name be done in qmail-send or qmail-queue? My gut reaction would be in qmail-queue. However, that might make it a little more difficult to do this optimization when mail comes in via qmail-smtpd. Why? The interface between qmail-queue and qmail-smtpd is the same as beetween qmail-queue and anything else. Another question: is it legal in SMTP to temporarily defer one recipient and not another? Doesn't this currently happen with qmail anyways, because each recipient is handled as a separate message and can be deferred, while others go through? My question was in the course of a single SMTP conversation. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: multi-rcpt for qmail
On Wed, Nov 01, 2000 at 12:11:11PM -0800, [EMAIL PROTECTED] wrote: I think he means by way of a non-"250 ok" response during the SMTP conversation. I was specifically referring to 4xx codes in response to a RCPT command. The answer is that the protocol allows it, but many programs that talk smtp don't handle it - especially MUAs. But how is that relevant to qmail-queue sorting the recipients? It has nothing to do with the sorting question, but everything to do with the range of communication necessary between qmail-send and qmail-rspawn. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: QMAILQUEUE patch - how to apply?
On Tue, Oct 24, 2000 at 08:26:16AM -0600, Charles Cazabon wrote: I assume you're talking about Bruce Guenter's QMAILQUEUE patch, which can be found at http://www.em.ca/~bruceg/qmail-qfilter/current/ . Actually, the QMAILQUEUE patch is at: http://em.ca/~bruceg/qmail+patches/sources/qmail-1.03-queuevar.patch The above is a program that can be used to take advantage of the patch. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Where did this BOGUS file come from.
On Tue, Oct 24, 2000 at 01:01:20PM -0700, Duane L. wrote: Running qmail 1.03 on SunOS 5.6 Had a user complaining that an important email never arrived. Poking around in their home directory I found this file ... -rw--- 1 root users 12618 Oct 24 08:34 BOGUS.LtFK looking at its contents... there are 3 emails in it. 2 addressed to the user implicitly and another to a list he subscribed to. Questions: Why weren't these messages piped to the users .mail file ? Is the BOGUS.* file a normal qmail operation ? and if so, what might help to prevent this problem in the future. The BOGUS files almost certainly came from procmail, when it discovered that something was odd (in its opinion) with directory permissions or some such. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: SMTP Authorization
On Mon, Oct 23, 2000 at 10:11:24AM +1100, Colin Humphreys wrote: Is there a package for doing imap before smtp with courier-imap and qmail? The same relay-ctrl package works for both POP3 with qmail-popup/pop3d and for IMAP with Courier IMAP. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: [vmailmgr] Some question
On Sun, Oct 15, 2000 at 09:46:24PM +0200, Olivier M. wrote: On Sun, Oct 15, 2000 at 06:50:59PM +0700, Joomy wrote: 1. Can I use more then 8 chars password with both system ? like md5 in shadow password ? or I have to user ldap authentication ? AFAIK, vmailmgr supports MD5 passwords, so probably passwords which are longer than 8 chars. Yes. vmailmgr can authenticate against both standard crypt and MD5 passwords, and writes out MD5 passwords by default. With MD5 passwords, there is no limit on pass phrase length. 3. Which file/dir will be count when I use quota support in each user dir ? the entire maildir ? or just ./new and ./cur ? good question :) the answer would also interest me. Right now, it only counts new and cur. Support for the entire maildir is on the TODO. and the last one, about file system. What is the differrent if 1. I store 50,000 user mail directory in the same directory. (can I do this ? are there any limitation about file sytem ?) should be ok. Storing 50K users in one directory is possible but inadvisable. Managing a CDB with 50K users could be time consuming (each modification requires rewriting the CDB). vmailmgr has support for GDBM (and soon *DBM) password tables, which reduces this problem. 2. I store 50,000 user mail directory by using the vpopmail (create sub-dir when dir reach 100 dirs or something like that) well, that's the vpopmail or vmailmgr which will do that : you don't have to create the directory by yourself... vmailmgr has a directory hashing feature that can evenly distribute the directories into multiple other directories, if enabled before the accounts are created. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Logging with checkvpw and qmail-pop3d problems?
On Thu, Oct 12, 2000 at 09:33:57AM -0600, John Gonzalez/netMDC admin wrote: Does anybody know what variable i would need to get checkvpw to log properly with qmail-pop3d? This was discussed recently in the vmailmgr mailing list. Put a script containing the following into /etc/vmailmgr/checkvpw-postsetuid, and make it executable: #!/bin/sh echo "Login OK: $VUSER $MAILDIR $USER $HOME" -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: benchmark programs
On Sat, Oct 07, 2000 at 11:00:37PM +0200, Frans Haarman wrote: I was wondering if there are any good benchmark programs for qmail (and qmail-pop3). I need to prove to a `we only sell microsoft' kinda guy that opensource IS the way to go in some situations. If you want to run the benchmarks yourself, check out the "postal" package. It comes with two programs, "postal", which sends a stream of SMTP messages, and "rabid", which consumes them through either POP3 or IMAP. However, if you want to prove anything to management, speed numbers aren't going to buy you much (as many people will tell you). You would likely be better off to point to other major success stories, which the front page of http://www.qmail.org/ has, as well as http://em.ca/~bruceg/qmail-sites.html, and/or to do a cost-benefit analysis showing them them how the OSS solution will benefit them. That's how I was able to shoehorn Linux into our NT-crowded WAN. I've heard that most analysts are forecasting 2x to 10x licensing cost increases on most MS products as soon as next year, once the anti-trust trial goes into infinite appeal mode. Does anybody else have more authoritative forecasts on that front other than just hearsay? -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: relay control -is this possible problem
On Fri, Sep 29, 2000 at 10:35:55AM +0300, [EMAIL PROTECTED] wrote: i have configured relay on the basis of ip addresses with tcpserver and tcp.smtp . now , actually want i want is to allow relays from my server on the basis of ip address that i allowed in my "tcp.smtp" as well as their from address (which they configure in this mail clients like outlook, metscape messanger etc ) must have " @mydomain.com" , You can do this with a fixup address as specified in the qmail FAQ, but it would produce some odd side effects for bounced messages. Your best bet is to use a qmail-queue shim that checks the sender address before accepting the message. Using my qmail-qfilter package would probably simplify that task, especially if you want to scan the headers of the message. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Unable to read controls
On Wed, Sep 27, 2000 at 10:49:52AM -0600, Charles Cazabon wrote: Mea culpa. Thanks for the correction. I suppose I should have realized that, as qmail shouldn't need to list files -- the filenames are hardcoded, correct? Yes. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Unable to read controls
On Wed, Sep 27, 2000 at 12:25:06PM -0500, Ben Beuchler wrote: On Wed, Sep 27, 2000 at 10:41:03AM -0600, Bruce Guenter wrote: Just to be pedantic, The 'r' bit is for listing the directory, but the 'x' bit controls access to the files in the directory. So, qmail would have been able to list the files but not open them. petra:~$ ls -ld testing/ dr--r--r-- 2 insyte users4096 Sep 27 12:18 testing/ petra:~$ ls testing/ /bin/ls: testing/MegabitServiceCenter: Permission denied I think your "ls" is trying to stat the files when it lists the files, so that it can put a '/', '*', or '@' after them. Is "ls" aliased to "ls -F"? petra:~$ chmod 555 testing/ petra:~$ ls -ld testing/ dr-xr-xr-x 2 insyte users4096 Sep 27 12:18 testing/ petra:~$ ls -l testing/ total 4 -rw-r--r-- 1 insyte users 32 Sep 27 12:18 StupidTestFile $ mkdir testing $ echo hello testing/foo $ chmod 555 testing $ \ls -ld testing dr-xr-xr-x2 bguenter users4096 Sep 28 09:50 testing $ \ls testing foo $ chmod 111 testing $ \ls -ld testing d--x--x--x2 bguenter users4096 Sep 28 09:50 testing $ \ls testing ls: testing: Permission denied $ cat testing/foo hello $ chmod 444 testing $ \ls -ld testing dr--r--r--2 bguenter users4096 Sep 28 09:50 testing $ \ls testing foo $ cat testing/foo cat: testing/foo: Permission denied -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: comparison vmailmgr - inter7
On Sun, Sep 24, 2000 at 04:11:53PM -0600, Sean Reifschneider wrote: vmailmgr DOES work with RPMs. However, the CGI web interface that comes with it is incomplete to the point of not functioning. Add undocumented... I don't suppose you read the "vmailmgr-cgi.html" file, located both in the doc directory of the package and on the web site? I ended up having to dig through the code, and then modify the CGIs so I could even use them... I don't recall you ever posting any of the problems you've had to the mailing list. Or asking me, for that matter. Virtual domains are set up under a user account. Domain administration is done by providing that user's system password to the CGI. Naughty... As opposed to what? The user's account can be set up to have /bin/false as its login, so that the only thing that an attacker could do is play around with that one account's mailboxes. If it's the idea of sending passwords around on the Internet, vpopmail does the same thing, AFAIK. Use HTTPS if you're worried. No system access is required for virtual domains or their maintenance. This is misleading. Aside from creating and deleting virtual domains, vmailmgr can be managed completely through the web, either through the (admitedly limited) CGIs, or through oMail (using PHP), or through a custom PHP or Python (or C++) CGI interface if desired. Also, vpopmail has a nifty option where you can set up virtual IPs for each domain and vpopmail will resolve "user myname" correctly instead of requiring "user [EMAIL PROTECTED]"... Both vpopmail and vmailmgr have this feature, and have had it from the start. virtual users vmailmgr: virtual domains are hosted under a particular user id. Uses system password for CGI-access to virtual domain. In addition, each virtual user has a password, and that virtual user can manage their own account (change forwards, modify autoresponse, etc.) without going through the administrator. vpopmail: all virtuals stored under a single user ID/directory. Which to some has the implication that breaking that one user ID breaks all virtual user email on the system. quota support I believe both support quotas but I haven't used them. Yes. With vmailmgr, per-domain support is done through filesystem quotas, since each domain is a seperate user, and per-account is through an optional (included) add-on program. html-mail-administration vmailmgr: Non-functional demo CGIs provided, which require some time to install and get working. vpopmail: QMailAdmin is full-featured and works well. A separate package from the main vpopmail distribution. See above, this is misleading and rapidly changing. I tried looking at getting sqwebmail to use the vmailmgr authentication scheme, but didn't have any luck in the limited time I had to muck around with it. When I first looked at it, sqwebmail used compiled-in authentication modules, and included the code for vpopmail and not vmailmgr. I've heard, but haven't had time to investigate, that sqwebmail now uses the same auth modules as courier-imap does, in which case it should work fine with the vmailmgr auth module. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Unable to read controls
On Wed, Sep 27, 2000 at 09:49:02AM -0600, Charles Cazabon wrote: Jonathan Fanti [EMAIL PROTECTED] wrote: Here is the output: [...] drwxr-xr-x 18 root root 4096 Sep 26 10:42 / drwxr-xr-x 22 root root 4096 Sep 26 10:36 /var drwxr-xr-x 13 root qmail4096 Sep 26 17:55 /var/qmail drw-r--r--2 qmaill qmail4096 Sep 25 17:03 /var/qmail/control There's your problem. Nobody can list the contents of /var/qmail/control, because the execute bits aren't set. Do a `chmod 755 /var/qmail/control` and everything should work. Just to be pedantic, The 'r' bit is for listing the directory, but the 'x' bit controls access to the files in the directory. So, qmail would have been able to list the files but not open them. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: comparison vmailmgr - inter7
On Fri, Sep 15, 2000 at 11:20:51AM +0200, Clemens Hermann wrote: there are two packages on the net fulfilling my needs - vmailmgr and the inter7 suite. Could one say that one of the two is "better"? So fare I use the "Bruce Guenther way" for virtual mailusers but not his package (only "natural" qmail) and I am really satisfied. Now I need to choose one of the two tools but I am not sure which would be the better choice for my purpose. It would be great if someone could give me a hint, I need the following things: virtual users Of course. databases for users and aliases Ours uses either CDB or GDBM tables for users. Patching it to use *SQL tables would not be difficult, but it hasn't been done yet. pop access imap access Of course. quota support Both per-domain and per-virtual-user is supported -- each domain is a seperate UID, so just put a filesystem quota on that user for per-domain quotas. html-mail-administration Several ways. The package comes with some simple CGIs, oMail is a PHP web administration package, and I just finished another one. webmail I did not see webmail in the vmailmgr package, does sqwebmail run with the vmailmgr without problems? You can do webmail through IMP or anything else that accesses IMAP. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: relay-ctrl
On Sat, Aug 19, 2000 at 08:35:23PM +0200, Clemens Hermann wrote: after having successfully set up qmail I really start loving it ;-). The only way to get it secure for my purpose seemed to be a smtp after Pop implementation. So I downloaded the relay-ctrl-2.0.tar.gz package and installed it as described. I changed the following lines in defines.h: RULESDIR "/etc" TCPRULES "/usr/local/bin/tcprules" SMTPRULES "tcp.smtp" SMTPCDB "tcp.smtp.cdb" I use POP3D via tcpserver and tcpserver with qmail-smtp. Everything works fine locally. What is the command line used to start up tcpserver for qmail-smtpd? Does it use the tcp.smtp CDB file? -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: qmail-qfilter-problem
On Fri, Aug 18, 2000 at 04:38:40PM +0200, Lars Pfuhl wrote: qmail-queue -rws--x--x qmailq qmail -- this is now my shell-script qmail-queue-old -rws--x--x qmailq qmail -- the original qmail-queue Shell scripts must be readable by the userid that is trying to execute them. The wrapper script also does not need to be (and should not be for security reasons) setuid. Make qmail-queue mode 755 instead of 4711. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Changing uid numbers with BruceG's autouidgid patch
On Tue, Aug 15, 2000 at 04:25:55PM -0500, Chris Garrigues wrote: If I'm running with BruceG's autouidgid patch and want to change the uids and gids that qmail uses, am I correct in assuming this will work: /etc/rc.d/init.d/qmail stop /etc/rc.d/init.d/smtp stop /etc/rc.d/init.d/pop3d stop /etc/rc.d/init.d/imapd stop vi /etc/passwd# Do my dirty business vi /etc/shadow # Do more dirty business cd /var/qmail find . -follow -user oldnum -exec chown alias {} \; find . -follow -user oldnum -exec chown qmaild {} \; find . -follow -user oldnum -exec chown qmaill {} \; find . -follow -user oldnum -exec chown qmailp {} \; find . -follow -user oldnum -exec chown qmailq {} \; find . -follow -user oldnum -exec chown qmailr {} \; find . -follow -user oldnum -exec chown qmails {} \; find . -follow -group oldnum -exec chgrp qmail {} \; find . -follow -group oldnum -exec nofiles qmail {} \; /etc/rc.d/init.d/qmail start /etc/rc.d/init.d/smtp start /etc/rc.d/init.d/pop3d start /etc/rc.d/init.d/imapd start I wanted to ask before I try it. Replace "find ." with "find /var/qmail /etc/qmail/owners", and yes, it should work. /etc/qmail/owners (a symlink from /var/qmail/owners) contains a set of files that are stat'ted to determine the desired user or group ID. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Announcing qmail-autoresponder version 0.93
On Sat, Aug 05, 2000 at 04:46:12PM +0200, wolfgang zeikat wrote: i use qmail-autoresponder in .qmail-default to send a message back to senders who send to invalid users on our server. now i would like to know a few things: - is it possible to include only like the first 50 KB of the original message? so that for example bigger attachments would simply get truncated to that size? I'll add that feature. - is it possible to exclude local users from the message limit of 1 per hour? Exclude them meaning they wouldn't get any responses, or they would not be rate limited? What would this accomplish? -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Announcing qmail-autoresponder version 0.93
On Mon, Aug 07, 2000 at 09:45:47PM +0200, wolfgang zeikat wrote: a new co-worker mistyped 5 local email addresses in an hour ... with a limit of 1 per hour he wouldnt have gotten a message back. So limit it to 5 per hour. Or educate your employees. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: bug in qmail-autoresponder version 0.92 ?
On Sun, Jul 30, 2000 at 11:16:35AM +0200, Olivier M. wrote: PS: the thing with "-s" is ok, but I like the "original" vacation feature with $SUBJECT in _BODY_ much better : do you plan to add it to qmail-autorespond ? Reluctantly, yes. Would something like "%S" work for you? That would greatly simplify the parsing logic. Then '%SUBJECT' ? Yes. With two characters, the scanning logic for if the tag crosses a page is fairly simple. With 8, it's nasty. I don't care if it's "%S", "$S", "**", or whatever. One character is trivial. Two is simple. Larger than two gets nasty. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Announcing qmail-autoresponder version 0.93
Version 0.93 of qmail-autoresponder is now available at: http://em.ca/~bruceg/qmail-autoresponder/ See the documentation there for more details, or join the mailing list by sending an email to: [EMAIL PROTECTED] Development versions of qmail-autoresponder are available via anonymous CVS. Set your CVSROOT to ":pserver:[EMAIL PROTECTED]:/CVS", login with an empty password, and check out the qmail-autoresponder module. --- Changes in version 0.93 - Fixed an off-by-one bug in the rate limiting logic (again). - Fixed an off-by-one bug in the Delivered-To checking code. - The output writing routine will now substitute "%S" in the autoresponse message with the original message's subject. --- qmail-autoresponder Rate-limited autoresponder for qmail Bruce Guenter [EMAIL PROTECTED] Version 0.93 2000-07-30 This is a simple program to automatically respond to emails. It is based on some ideas (but little or no code) from a similar autoresponder by Eric Huss [EMAIL PROTECTED], and ideas presented in the qmail mailing list. Features: - Limits rate of automatic responses (defaults to a maximum of one message every hour). - Will not respond to nearly every type of mailing list or bulk email. - Will not respond to bounce messages or MAILER-DAEMON. - Bounces looping messages. - Can insert the original subject into the response. - Can copy original message into response. - Can use links in the rate-limiting data directory to limit inode usage to a single inode. Usage: Put "|qmail-autoresponder MESSAGE_FILE DIRECTORY" into your ".qmail" file before other delivery instructions. MESSAGE_FILE is a pre-formatted response, including headers, and DIRECTORY is the directory into which rate-limiting information will be stored. Any instance of "%S" in MESSAGE_FILE will be replaced with the original subject. This program is Copyright(C) 2000 Bruce Guenter, and may be copied according to the GNU GENERAL PUBLIC LICENSE (GPL) Version 2 or a later version. A copy of this license is included with this package. This package comes with no warranty of any kind. PGP signature
Re: Want to know your potential multiple recipient savings?
On Sat, Jul 29, 2000 at 02:17:19PM +, Greg Cope wrote: My question is thus - When does a host become well connected ? When the bandwidth required to send its mail is significantly smaller than the bandwidth available. That is, if you have to send 100,000 5K messages over a 1 hour period, you would need a T1, and you would fill it to over 75% capacity. In general, the concept of "well connected" is dependant on your mail volume. If you only have to send a few non-time-sensitive emails a day, your 9.6Kb modem is well connected. If you have to pay by the kilo/mega/giga-byte of traffic, you're probably not well connected. If opening up concurrencyremote connections and sending mail kills your link for other applications using the network, you're not well (enough) connected. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Want to know your potential multiple recipient savings?
On Sat, Jul 29, 2000 at 03:30:08PM +, Greg Cope wrote: Well because of performance issue (Management wanted to send all the messages out in quite a short time - for reasons as yet unexplained!) we were considereding bining the customised part. If you *need* customized email per recipient, over a short time, the general consensus is that you need a two-stage solution. The first stage is to attempt to send each message directly, possibly re-using qmail-remote to do the sending. Run as many qmail-remotes as you can, possibly using qmail-rspawn to help with handling everything. If sending a message fails temporarily (which will be the uncommon case), inject it into the qmail queue. That way, deliveries that succeed never get queued, and don't hit the queue I/O penalty. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: bug in qmail-autoresponder version 0.92 ?
On Sat, Jul 29, 2000 at 02:35:56PM +0200, Olivier M. wrote: Currently trying qmail-autoresponder (http://em.ca/~bruceg/qmail-autoresponder/) : Great! Docs says: - Limits rate of automatic responses (defaults to a maximum of one message every hour). well, I always get _two_ messages, shouldn't it be : /* If the user's count is already over the max, * don't record any more. */ if(++count = max) return 0; You are right. The logic worked before the rewrite for 0.92, and I guess I missed that one. The tests also failed to catch this. I'll make sure they work this time. PS: the thing with "-s" is ok, but I like the "original" vacation feature with $SUBJECT in _BODY_ much better : do you plan to add it to qmail-autorespond ? Reluctantly, yes. Would something like "%S" work for you? That would greatly simplify the parsing logic. PPS: if there is a From: or a Reply-To: field, should the autoresponder respond to this address ? I think not. Responding to the envelope sender is pretty much the only safe thing to do, and it neatly avoids all the trouble one would get into to properly parse an address field. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Want to know your potential multiple recipient savings?
On Tue, Jul 25, 2000 at 01:23:18PM -0600, Bruce Guenter wrote: I have written a benchmark that iterates over message sizes from 1000 to 64000 bytes, and from 1 to 16 recipients, and times how long it takes to send the same message to all the recipients using qmail-remote. It calls qmail-remote once with all the recipients (multi-RCPT), and once for each recipient (multi-connection). I only have preliminary results so far, and I plan to run a more complete set of tests tonight after I leave work. I'll post my full results and scripts once I've completed the tests. As promised, I've posted the results of the benchmark testing at http://em.ca/~bruceg/bench-qmail-remote/ The receiving server is my PC, which has a DSL connection running at about 1.5Mb downlink bandwidth (the part that was actually used) running qmail, of course. The "-cable-" results were sent from a cable modem which has approximately 384Kb uplink bandwidth. the "-2Mb-" results were sent from a partial DS3 with 2Mb of bandwidth. The receiver had its concurrency set to 128. 20 runs were done of each test, 10 with one connection with multiple recipients, and 10 with multiple connections with one recipient. The min and max columns give the fastest and shortest run times respectively; mean is (T1*T2*T3...*T10)**(1/10); avg is (T1+T2+T3+...+T10)/10. The mean is less biased by unrepresentative results, and so is a better measure of the common case. Conclusions are somewhat tricky. Using mutiple RCPTs tends to be more predictable (less of a spread between min and max), but using multiple connections has the best optimistic behaviour (min is lower than multi-RCPT's min). With small messages (4KB and less), multi-connection is always a win. On our mail proxy, the median message size is 3KB, just for comparison. On the well-connected sender, using multi-RCPTs was never a significant win, which proves DJB's hypothesis about its use for well-connected hosts. Once bandwidth limits become an issue (poorly connected server, large messages), multi-RCPTs win because the latency involved in sending one more RCPT becomes less than the additional time required to send another concurrent copy. This says nothing about bandwidth efficiency, only time efficiency. Obviously, using multi-RCPTs is always a bandwidth win (unless your recipient is larger than your message, highly unlikely). Feedback would be appreciated. Oh, and please don't consider the test addresses I used in the scripts as wide open for mailbombing. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Want to know your potential multiple recipient savings?
On Sun, Jul 23, 2000 at 09:08:07AM -0700, [EMAIL PROTECTED] wrote: As I've just posted, to my mind that just makes the results conservatively trend against qmail. I think that's probably the right direction for now in the absence of actual measurements, which if course would be best. I have written a benchmark that iterates over message sizes from 1000 to 64000 bytes, and from 1 to 16 recipients, and times how long it takes to send the same message to all the recipients using qmail-remote. It calls qmail-remote once with all the recipients (multi-RCPT), and once for each recipient (multi-connection). I only have preliminary results so far, and I plan to run a more complete set of tests tonight after I leave work. I'll post my full results and scripts once I've completed the tests. I'd be willing to do this, I'm somewhat curious myself. Sure, I'd love to see your numbers. OK, for my complete logs, which at the moment span roughly 5 days, this shows a potential 23% bandwidth savings. zoverall indicates a maximum overhead of 35%. From the last full day's logs, though, the savings is only 6%, with zoverall showing a maximum overhead of 17%. I discovered on Friday that with a recent expansion, our previous limit of 10MB was being blown by in just 2-3 days, so I just expanded that limit to 100MB. I also stopped a monitoring process that was producing 3 small (281 byte) emails a minute that were skewing the numbers significantly. Once that fills up, I should have more representative statistics to report. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Want to know your potential multiple recipient savings?
On Tue, Jul 25, 2000 at 04:04:00PM -0400, Dave Sill wrote: Bruce Guenter [EMAIL PROTECTED] wrote: I have written a benchmark that iterates over message sizes from 1000 to 64000 bytes, and from 1 to 16 recipients, and times how long it takes to send the same message to all the recipients using qmail-remote. It calls qmail-remote once with all the recipients (multi-RCPT), and once for each recipient (multi-connection). I only have preliminary results so far, and I plan to run a more complete set of tests tonight after I leave work. I'll post my full results and scripts once I've completed the tests. Great. How about soliciting bit-bucket addresses from various places around the 'net? I could donate a few. Or is it not important for your tests that the recipients be distributed? The benchmark case I am considering is to compare sending multiple copies of the same message to the same host by using either multiple RCPTs or using multiple connections. The test case assumes it has a -default address to test againas, as it uses numbered addresses. If you have such an address, I can certainly test against it, especially if it is bandwidth limited. The results of this benchmark are not dependant on distributing the deliveries across the internet. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Want to know your potential multiple recipient savings?
On Sat, Jul 22, 2000 at 12:45:57PM -0700, [EMAIL PROTECTED] wrote: I've written a little perl script to analyze a qmail log. Have you looked at qmailanalog? Could it help you if it does not already do what you want? This scripts gives a hint as to what you might save in bandwidth if qmail supported multiple recipients. The zoverall script in qmailanalog will give you a maximum bound to this number. On my SMTP proxy (450MB over 9.5 days, not that big yet), a maximum of 20% could have been saved. This results is indicative at best - here are some caveats: o failed deliveries are not counted Reasonable, since nearly all failed deliveries will fail before the "DATA" command. o Aggregation is by FQDN, not MX target Which is the only reasonable way to do it. If you aggregate based on MX target, you need to do (and wait for!) DNS lookups on all recipients of each message. This is a good way of slowing things down for no real gain. o The incremental costs of subsequent deliveries via multiple recipients is assumed to be zero. Which is one of the contentious points in the whole discussion. This one *REALLY* needs some real-world measurements, which would be quite difficult to do. There will likely be a point (in terms of message size) where the time cost of opening up more connections (in parallel, remember) will be less than the cost of issuing another RCPT. You could simulate this by producing a test message, and (1) forking off N copies of qmail-remote with a single recipient, and (2) forking off 1 copy of qmail-remote with N recipients, and time how long it takes for the qmail-remotes to exit. Repeat with a series of message sizes. On my proxy again, the median size is around 3000 bytes (including headers), just as a guide for how to distribute the sizes. Make sure the system you benchmark with is far enough remote to cause significant latencies (100ms or worse), or try various systems with various latencies. Since the script is only lightly tested, I'm soliciting a few volunteers who are willing to run this script on their log files and send the results back to me (and/or the list if you so desire). I'd be willing to do this, I'm somewhat curious myself. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Filters have been made for Sendmail and Postfix to deal with this issue : and qmail ???
On Sat, Jul 22, 2000 at 05:49:51PM +0200, Olivier M. wrote: Again a security problem with outlook : look at the announce on securityfocus: http://www.securityfocus.com/vdb/bottom.html?section=solutionvid=1481 Well, these filters are quite simple : but how could I setup such a workaround on my old qmail server ? What about a /var/qmail/regexpreject ? What do you think ? Could be a feature for a qmail 1.04... :) Check out qmail-qfilter, and write a filter that looks for date lines longer than 80 characters while copying the message. Reject any message that contains them. In Perl (untested): perl -p 'exit 31 if /^Date: .{80,}/oi' And I didn't even need to patch qmail :-) (although qmail-qfilter works best used with the rather trivial QMAILQUEUE patch). -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Filters have been made for Sendmail and Postfix to deal with this issue : and qmail ???
On Sun, Jul 23, 2000 at 12:27:36AM -0600, Bruce Guenter wrote: On Sat, Jul 22, 2000 at 05:49:51PM +0200, Olivier M. wrote: http://www.securityfocus.com/vdb/bottom.html?section=solutionvid=1481 Check out qmail-qfilter, and write a filter that looks for date lines longer than 80 characters while copying the message. Reject any message that contains them. In Perl (untested): perl -p 'exit 31 if /^Date: .{80,}/oi' Just to correct myself, the following Perl is more correct: while() { print; last if /^\n$/o; exit 31 if /^Date: .{80,}/oi; } while() { print; } -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: qmailanalog compatible with multilog?
On Sun, Jul 23, 2000 at 07:20:31PM -, John Conover wrote: Is qmailanalog compatible with multilog when qmail is run under tcpserver? Yes and no. Multilog produces tai64n timestamps, while qmailanalog only understands the older tai timestamps. A couple of conversion programs exist. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: numbers
On Fri, Jul 21, 2000 at 07:10:08PM +0200, Frank Tegtmeyer wrote: Does anyone have a pointer to a comparison of qmail/sendmail/postfix/... that is done at a real world server over a longer period of time? In the real world, you will not find two sites with identical input load so that you can compare their output load. That is what benchmarks are for. It should include bandwith use (including DNS) and performance data. What kind of numbers do you want to see here? Packet-level bandwidth numbers, or the kind of numbers qmailanalog can produce? I run qmail on our corporate firewall as a transparent proxy for ALL SMTP mail going in or out of our network. That firewall also hosts our DNS cache. Right now we only have about 40-50 client sites behind the firewall, but it generates 10MB of qmail logs in under 10 days, and the same amount of dnscache logs in under 2 days for client lookups and 4 days for local (ie qmail) lookups. This (at this moment) represents 11204 messages to 13470 recipients, totalling 428,035,016 message bytes and 517,887,116 delivered bytes. You want stats? I've got 'em, at least for qmail. This site will never run sendmail. By year's end, we are looking to massively scale up the number of client sites, possibly by an order of magnitude. I think I might have to make my multilog limits a bit larger... The only thing I remember were some graphs about mailer timings (DNS lookup, start of delivery and so on). That doesn't give the real world picture everyone is talking about. I believe the graphs you are referring to are the ones at http://www.kyoto.wide.ad.jp/mta/eval1/eindex.html This person has gone to a fair amount of work to characterize how various MTAs deliver messages to mailing lists. However, this is not exactly what you are asking, and the graphs presented there are confusing sometimes due to differences in the scales between graphs. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: How to grab the envelope contents while filtering?
On Thu, Jul 20, 2000 at 09:24:33AM -0400, [EMAIL PROTECTED] wrote: As for the empty messages, I found that if my filter has no output a blank message is sent to the envelope recipients. I circumvented by this modification to qmail-qfilter.c v1.0: What are you trying to do? Why are you not sending any output to qmail-queue? qmail-qfilter allows you to filter the headers and body of a messages before it reaches qmail-queue. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Announcing qmail-autoresponder version 0.91
On Thu, Jul 20, 2000 at 09:55:23AM +0200, wolfgang zeikat wrote: i installed version 0.92. it sends the reply and ignores the message when repeated immediately, but it does not quote the original message. can it do that? Yes. Run "qmail-autoresponder -h" for a complete option listing. and if so, can it shorten the original message to lets say 100 K or something? Not yet, but I suppose this would be a good idea. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: How to grab the envelope contents while filtering?
On Thu, Jul 20, 2000 at 12:42:27PM -0400, [EMAIL PROTECTED] wrote: I have a filter the looks at file attachments in the message. If certain file types are attached, the message delivery is stopped (ie. no output from the filter). If you want to block a message, exit with a permanent error code (ie 31). -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: How to grab the envelope contents while filtering?
On Thu, Jul 20, 2000 at 01:18:02PM -0400, [EMAIL PROTECTED] wrote: I saw that in your example, but it causes a delivery failure, which is not what I want to happen. I need the message to be accepted and silently dropped if it meets certain criteria. I do the appropriate notification on the back end. I suppose qmail-qfilter can be patched so that qmail-queue is not run on a specific filter exit code, no? Yes, that would be the best bet. I'll pick a new exit code and modify qmail-qfilter to immediately exit with success without running qmail-queue. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: How to grab the envelope contents while filtering?
On Thu, Jul 20, 2000 at 12:34:21PM -0600, Bruce Guenter wrote: Yes, that would be the best bet. I'll pick a new exit code and modify qmail-qfilter to immediately exit with success without running qmail-queue. Just to follow up to myself, would 99 be appropriate? In a .qmail file, code 99 means that the delivery was successful, but don't continue with any other deliveries. This would be equivalent. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Announcing qmail-autoresponder version 0.91
On Wed, Jul 19, 2000 at 12:39:49PM -0700, Mitul Limbani wrote: I installed qmail-autoresponder but i m like in a fix, dont know wat to do.. according to the insturction i put this in my .qmail-default file.. == "username | qmail-autoresponder /path/to/auto.txt" == The README says: Put "|qmail-autoresponder MESSAGE_FILE DIRECTORY" into your ".qmail" file before other delivery instructions. Your .qmail-default file will not work. and the auto.txt file is containing.. == Thanks for contacting me, your mail has been noted and would be responded ASAP. -Mitul Limbani == The README says: MESSAGE_FILE is a pre-formatted response, including headers Your message file does not contain headers. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: How to grab the envelope contents while filtering?
On Wed, Jul 19, 2000 at 05:01:48PM -0400, [EMAIL PROTECTED] wrote: Yup, I use the mess822 stuff too, but I need envelope addresses, not header addresses. I see now that qmail-qfilter 1.3 sets QMAILRCPTS to the message recipients. I assume this is envelope recipients. If so, I'm halfway there. I just need to doctor up 1.3 a little bit to also pass a variable for envelope sender (and to drop empty messages). Can anyone confirm? The same man page tells you that qmail-qfilter sets QMAILUSER and QMAILHOST to the username and hostname portions of the envelope sender. Dropping empty messages is something you can do in your filter. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: How to grab the envelope contents while filtering?
On Wed, Jul 19, 2000 at 05:35:50PM -0400, [EMAIL PROTECTED] wrote: This is fine. I think the qmail-inject might be overkill, but does no harm. With the -n, it merely prints the message (with some headers tidied up if need be), which is then pumped into qmail-queue. The recipients are coming from the envelope (the fd 1 magic that I'm trying to figure out), not from the header. Therefore, no extra or double recipients. Which is exactly how qmail-qfilter is designed to be used. Your concern is my reality :(. When an administrator needs to resubmit a message that was stopped by the filter, we need to reconstruct the envelope as it was at the time that the message was stopped. Now, if I just inject the message, it's gonna go out to everybody in the header all over again. If you need to "stop" a message rather than modifying it or bouncing it, you will need to explicitly save the envelope. It will not be part of the RFC822 header. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Announcing qmail-autoresponder version 0.90
On Tue, Jul 18, 2000 at 10:42:35AM -0400, Thomas Erskine wrote: On Fri, 14 Jul 2000, Bruce Guenter wrote: Sounds reasonable. I had been thinking of some way of putting the original subject into the response. The other way I was thinking of doing it would be a command-line option to add the original subject to the reply with a given prefix. It's be nice to have not just the subject, but the date, sender and possibly the message-id and recipient. The original sender gets added as a "To:" line, the date is auto-generated as is the message-id, and the original recipient can be emulated by putting a "From:" line and "Return-Path:" into the message file. Why in the world would you want to copy the original date and message-id into the new message header? -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: questions about performance and setup
On Tue, Jul 18, 2000 at 01:25:36PM -0400, Michael T. Babcock wrote: Is UTIME necessary in a mail queue? If a logging filesystem were mounted on a separate disk (or network array, etc.) specifically for the mail queue, shouldn't it be mounted without UTIME? You cannot mount without mtime (I misspelt it -- utime is the syscall) AFAIK. You can mount without atime (access time). mtime is changed every time the file is modified. ctime is changed every time the inode is modified (file size change, permissions, etc.) atime is changed every time the file is accessed. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Announcing qmail-autoresponder version 0.90
On Tue, Jul 18, 2000 at 01:14:06PM -0400, Thomas Erskine wrote: The original sender gets added as a "To:" line, the date is auto-generated as is the message-id, and the original recipient can be emulated by putting a "From:" line and "Return-Path:" into the message file. Why in the world would you want to copy the original date and message-id into the new message header? Not into the header, but into the body of the reply. You can already copy the original message into the reply, optionally limiting its size. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Announcing qmail-autoresponder version 0.91
Version 0.91 of qmail-autoresponder is now available at: http://em.ca/~bruceg/qmail-autoresponder/ See the documentation there for more details, or join the mailing list by sending an email to: [EMAIL PROTECTED] Development versions of qmail-autoresponder are available via anonymous CVS. Set your CVSROOT to ":pserver:[EMAIL PROTECTED]:/CVS", login with an empty password, and check out the qmail-autoresponder module. --- Changes in version 0.91 - Added an option to insert the original subject into the reply. - Simplified the header scanning logic. --- qmail-autoresponder Rate-limited autoresponder for qmail Bruce Guenter [EMAIL PROTECTED] Version 0.91 2000-07-18 This is a simple program to automatically respond to emails. It is based on some ideas (but little or no code) from a similar autoresponder by Eric Huss [EMAIL PROTECTED], and ideas presented in the qmail mailing list. Features: - Limits rate of automatic responses (defaults to a maximum of one message every hour). - Will not respond to nearly every type of mailing list or bulk email. - Will not respond to bounce messages or MAILER-DAEMON. - Bounces looping messages. - Can copy original message into response. - Uses links in the rate-limiting data directory to preserve inodes. Usage: Put "|qmail-autoresponder MESSAGE_FILE DIRECTORY" into your ".qmail" file before other delivery instructions. MESSAGE_FILE is a pre-formatted response, including headers, and DIRECTORY is the directory into which rate-limiting information will be stored. This program is Copyright(C) 2000 Bruce Guenter, and may be copied according to the GNU GENERAL PUBLIC LICENSE (GPL) Version 2 or a later version. A copy of this license is included with this package. This package comes with no warranty of any kind. PGP signature
Re: Qmail is *NOT* reliable with ReiserFS
On Sun, Jul 16, 2000 at 06:55:21PM +0200, Jedi/Sector One wrote: ReiserFS does not commit link() synchronously (mounting with "sync" doesn't change anything). Therefore, if there is a power outage during the Maildir delivery or if qmail-smtpd answered the final "queued" message without actually commiting the link in queue/todo, the message will not be processed by qmail-send. Actually, qmail is not "reliable" on any Linux FS. This was discussed to death a while back. It is DJB's view that all directory operations (creating, removing, linking, etc.) sould be synchronous, just like BSD does. It is Linus' view that this is a significant performance penalty with little gain, since applications that require synchronous directory operations also tend to require synchronous file operations and other special file handling. I agree. There is also the discussion of ordered meta-data updates (OMDU) vs unordered (UMDU). Linux (with the exception of newer journalled file systems) does UMDU. With OMDU, the file meta-data (inode, indirect blocks, etc) is written in an ordered fashion, typically before the data. This means FWIR that you can have good meta-data pointing to bad data in the case of a crash. With UMDU, you can have bad meta-data but good data, which is something that a fsck will detect. Since crashes are so rare, and journalling file systems becoming more populous, this is rapidly becoming a non-issue. I wrote a source file that replaces libc's open, link, rename, and unlink routines with my own that sync the appropriate directory after executing the syscall but before completing. Simply linking with it causes all directory operations executed by the program to become synchronous. It is available at http://em.ca/~bruceg/syncdir/ I include it in my patched qmail RPMs. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Qmail is *NOT* reliable with ReiserFS
On Mon, Jul 17, 2000 at 03:59:00PM -0400, Greg Hudson wrote: It is DJB's view that all directory operations (creating, removing, linking, etc.) sould be synchronous, just like BSD does. For the record, FFS with soft-updates does not guarantee synchronous directory operations; you have to open and fsync() the file you just moved to be sure the operation has been committed to disk. See http://mail-index.netbsd.org/current-users/2000/06/19/0011.html for a little more information. Then I was confused. I assumed FFS was like UFS on Solaris, where you can "feel" the synchronous directory operations by doing a "rm -rf" of anything larger than a few files. Based on the patch, it sounds like ReiserFS agrees with FFS+softupdates in semantics; that is, if you want to ensure that a directory operation has completed, you open and fsync the directory entry you care about. But qmail already does this. In fact, it is very careful to do this in all the places it is necessary. If ReiserFS behaved identically to FFS+softupdates, it would not need any qmail patches. (I have deleted the original message which we are discussing, and I don't remember what exactly it patched) This behavior is different from ext2fs, where you have to open and fsync the directory containing the entry you care about. Which to me seems to be a more logical mode of operations: if you want the file data sync'd to disk, call fsync on the file; if you want the directory, fsync the directory. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Qmail is *NOT* reliable with ReiserFS
On Mon, Jul 17, 2000 at 04:39:01PM -0400, Greg Hudson wrote: Which to me seems to be a more logical mode of operations: if you want the file data sync'd to disk, call fsync on the file; if you want the directory, fsync the directory. Perhaps. There are arguments for either model being simplest, I didn't say simplest. It's a little more complicated to have to remember to sync the directory as well as the file. and history should not be ignored when picking between the two. Exactly the point that Linus has made about this (and many other issues) before. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: questions about performance and setup
On Mon, Jul 17, 2000 at 10:24:53PM -0600, Steve Wolfe wrote: With all of the emails I recieved, I get the impression that I'm going to I/O bound instead of processor or memory bound. How much disk will be sufficient for the queue? 1GB? More? It's not so much a matter of disk size (I don't think you'll have a 1 gig queue!), but of throughput. For example, a single IDE drive will get you a couple of megabytes of throughput per second, at a very high CPU cost. SCSI will yield more, with a lower CPU utilization, and with RAID arrays, you can move up to hundreds of megabytes per second if you want to. Not entirely true. With UDMA mode, modern IDE drives get high throughput with low CPU utilization. On my Celeron PC, I could get well over 10MB/sec at well under 20% CPU, and it's hardly performance hardware (5400RPM spindle). With a 10K RPM spindle and a faster chipset (mine's a VIA) this will rival or beat fast SCSI disks in raw streaming bandwidth. However, the majority of mail queues are not even bandwidth bound -- they're seek bound, which is where SCSI disks still beat IDE. The faster seek time, the better (which is the motivation behind DJB's ingenious zeroseek proposal). Also, RAID5 arrays (the most common one for large capacities) suffer a significant write penalty due to recalculation and rewiting of the parity, and the mail queue is mostly written (and subsequently cached). A RAID1+0 array works better, but uses more disks. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Announcing qmail-autoresponder version 0.90
On Fri, Jul 14, 2000 at 06:28:44PM -0700, Russ Allbery wrote: I consider it to be an absolute requirement for any autoresponder to not reply to a message that isn't addressed to the recipient it is acting on behalf of. Anything else is just begging for the sort of exponential autoresponder meltdown that's happened on some mailing lists in the past (most notably faq-maintainers). And that's part of why it's rate limited. By default, it will only reply to a particular sender address once an hour, no matter how many are sent. H. Ezmlm uses a different recipient address each time (but ezmlm will also add both a "Precedence: bulk" and a "Delivered-To: mailing list ..." header). I understand the argument you're making, and it's valid to a degree. If you want to contribute a simple GPL-able RFC822 parser, I'll make it a feature of my autoresponder. I did build a parser for nullmailer, but it is inappropriate for this task -- to much overhead, and it also reformats the lines as it goes. All this task needs is to be able to extract the address from the header. OTOH, I don't think it's as big a deal as you are making it out to be with rate limiting. I consider rate limiting mandatory for autoresponders, precisely due to this problem, as well as other issues of abuse and annoyance. Otherwise, you'll end up sending autoreplies to mailing list traffic, which is an absolute no-no even if the mailing list isn't "properly" tagging messages with a Precedence header. Or list-id, or mailing-list, or x-mailing-list, or x-ml-name. I should actually add a test for ezmlm to check if a "Delivered-To:" line starts with "mailing list ". If it's a program-based mailing list, it'll have some kind of magic line. If it isn't, the rate limiting will stop runaway loops (after an initial brief flury if there are large numbers of members with autoresponders, which incidentally would be responding to other kinds of list traffic anyways). -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Announcing qmail-autoresponder version 0.90
Version 0.90 of qmail-autoresponder is now available at: http://em.ca/~bruceg/qmail-autoresponder/ Development versions of qmail-autoresponder are available via anonymous CVS. Set your CVSROOT to ":pserver:[EMAIL PROTECTED]:/CVS", login with an empty password, and check out the qmail-autoresponder module. --- PGP signature
Re: Announcing qmail-autoresponder version 0.90
On Fri, Jul 14, 2000 at 09:08:45AM -0500, Bruno Wolff III wrote: I took a look at it any it seems pretty nice. However around here we still use reflectors on the main mailservers and having a check for the recipient's address in the recipient headers is needed. I don't know if enough other people need that check to make it worthwhile doing. I don't understand. What do you mean by a reflector? Why are checks on the recipient's address in the headers necessary? -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Announcing qmail-autoresponder version 0.90
On Fri, Jul 14, 2000 at 05:23:12PM +0200, Olivier M. wrote: On Fri, Jul 14, 2000 at 06:10:45AM -, Bruce Guenter wrote: Version 0.90 of qmail-autoresponder is now available at: http://em.ca/~bruceg/qmail-autoresponder/ one question, and one suggestion : - is it possible / planned to use this autoresponder with vmailmgr accounts ? (so with a v[add|del]autoresponder, or vchattr) Yes. The CGI support is already done (version 0.96.7), and qmail-autoresponder comes with a script, vautoresponder, that can be used to do this. - suggestion : I really miss this feature from vacation in your autoresponder: If the string $SUBJECT appears in the .vacation.msg file, it is replaced with the subject of the original message when the reply is sent. Maybe you want to take it on your todolist ? :) Sounds reasonable. I had been thinking of some way of putting the original subject into the response. The other way I was thinking of doing it would be a command-line option to add the original subject to the reply with a given prefix. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: Announcing qmail-autoresponder version 0.90
On Fri, Jul 14, 2000 at 11:00:00AM -0500, Bruno Wolff III wrote: Reflectors are something sendmail has. You can have system wide aliases that just deliver the message to more addresses. The alias can actually point to file. For these kinds of messages, the tests you are using won't see the mail as list mail. So, in other words, a hard-coded mailing list, akin to having a .qmail file containing: address1 address2 address3 ... If you don't mind not responding to bcc'd messages, checking for the recipient's address(es) in the headers is a very good way to detect mass mailings. But doing that requires doing a full RFC822 compatible parse of all of the dozen headers that might contain an address. I've written such a parser, and I'm not including it for this. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: QMAILQUEUE Patch qmail-qfilter 451 qq internal bug (#4.3.0)
On Fri, Jul 14, 2000 at 07:51:34AM -0700, Eric Peters wrote: I have made the qmail-filterq script (the one that immediately calls the qmail-qfilter) so it doesn't actually pass onto anything (there isn't a log_sent) and it still gives that error as of yet I havn't found where there is a softlimit installed either as mentioned in a previous couple replies Softlimit is part of the daemontools package. Any other suggestions? You still haven't told us what your permissions are on the system on which it is failing. Or does it only fail for certain clients? What are the exact contents of your tcpcontrol rules file? -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: QMAILQUEUE Patch qmail-qfilter 451 qq internal bug (#4.3.0)
On Thu, Jul 13, 2000 at 07:13:29PM -0700, Eric Peters wrote: First off it probably doesn't have anything at all to do with QMAILQUEUE just laying the foundation down for the implementation the qmail-smtpd.cdb is populated based upon 168.100.206.150:allow,RELAYCLIENT="",QMAILQUEUE="/usr/local/bin/qmail-filterq" and /usr/local/bin/qmail-filterq: #!/bin/sh exec /usr/local/bin/qmail-qfilter /usr/local/bin/log_sent What are the permissions on these files? Make sure they are both readable and executable by whatever user qmail-smtpd is running as. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Announcing qmail-notify version 0.91
Version 0.91 of qmail-notify is now available at: http://em.ca/~bruceg/qmail-notify/ Development versions of qmail-notify are available via anonymous CVS. Set your CVSROOT to ":pserver:[EMAIL PROTECTED]:/CVS", login with an empty password, and check out the qmail-notify module. --- PGP signature
Re: A better Single-UID POP3 Howto?
On Wed, Jul 12, 2000 at 05:25:12PM -0600, Irwan Hadi wrote: try this http://em.ca/~bruceg/ You're looking for http://www.vmailmgr.org/ -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: New delayed mail notification setup
On Tue, Jul 11, 2000 at 09:43:58PM +0200, Peter van Dijk wrote: On Mon, Jul 10, 2000 at 11:03:26AM -0600, Bruce Guenter wrote: On Sat, Jul 08, 2000 at 04:15:45PM +0200, Peter van Dijk wrote: I admit I have not looked at qmail_bounce, but I have one question: where will you send the delayed notification? Envelope sender. Is there another place it should go? I don't know. Is there *any* standard for delayed notification? Only that which exists: sendmail, qmail_bounce, etc. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Re: New delayed mail notification setup
On Sat, Jul 08, 2000 at 04:15:45PM +0200, Peter van Dijk wrote: I admit I have not looked at qmail_bounce, but I have one question: where will you send the delayed notification? Envelope sender. Is there another place it should go? Sending it to the envelope sender will falsily trigger automatic bounce handlers, won't it? That was a reason behind the option to send only to addresses in rcpthosts. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
New delayed mail notification setup
Greetings. I have looked at the qmail_bounce package, and am somewhat dissatisfied with it. The logic is excessively convoluted (I want a single response after a set time, etc.), several easily determined constants are hard-coded into the program (the queue lifetime, control/me, others), and it can't tell why the message was delayed. It's also written in Perl and requires several supporting Perl files whose path must also be hard-coded into the program. Once simplified somewhat, this program could just as easily be written in C. So, I want to write a new one. Ideally, I would like seomthing that will respond to the sender once, after the message has been in the queue for at least a configurable time interval. The notification message should detail all the recipients that have not received the message, and preferably a message indicating why delivery has been deferred. It may also limit notifications to senders in rcpthosts, for servers that function as gateways. The notification should contain at least part of the original message to help the sender remember what was sent. I am looking at three possible approaches for data gathering: 1. Use the same approach that qmail_bounce uses -- scan the qmail queue files for "old" files. Pros: simple, and gives me the sender and recipient and message times. Cons: still gives no indication about why the message bounced, and must be run in a cron job. 2. Run as a front-end for qmail-local and (especially) qmail-remote. Pros: reading the response from the preceding programs tells exactly why the bounce happened and when, and the message content is available on standard input. Cons: this requires renaming the preceding two programs to new names and hard-coding their new paths (a nuisance for package management systems like RPM, and makes aggregation of notifications difficult. 3. Run as a reader of the qmail log file, potentially using a multi-file reader to keep tracking when multilog's "current" file changes. Pros: the complete state of each message is known at all points, and once this state is built, timing and aggregation are simple. Cons: parsing the logs could be expensive; starting the process in mid-stream results in missing information; reading the original message requires either knowledge of queue-split and the hash algorithm or a linear scan of the queue directories. Do I have any other options? Are there any other issues that I haven't considered? -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Announcing qmail-qfilter version 1.3
Version 1.3 of qmail-qfilter is now available at: http://em.ca/~bruceg/qmail-qfilter/ See the documentation there for more details, or join the mailing list by sending an email to: [EMAIL PROTECTED] Development versions of qmail-qfilter are available via anonymous CVS. Set your CVSROOT to ":pserver:[EMAIL PROTECTED]:/CVS", login with an empty password, and check out the qmail-qfilter module. --- Changes in version 1.3 - A new environment variable, "QMAILRCPTS" is set to a newline-seperated list of the recipients. Note that if a large number of recipients are encountered (ex more than 64KB worth under Linux), this will cause execution of the filters to fail and the message will be rejected. I consider this acceptable, since 64KB worth of recipients is likely more than 1000 anyways. - Removed some GNU-specific constructs from the source and Makefile. - Included a sample MIME filename extension scanning filter. ------- -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/
Re: Modifying qmail-remote
On Wed, May 31, 2000 at 08:24:08AM +0200, Jean-Baptiste Jacquemard wrote: I have moved qmail-remote to qmail-remote.real I made a shell script named qmail-remote, with the same permissions which contains: #!/bin/sh exec /var/qmail/bin/qmail-remote.real "$*" But when I try to send a message, I got this from Mailer Daemon: [EMAIL PROTECTED]: Unable to run qmail-remote. Any idea? For information: dns:/var/qmail/bin# ls -l qmail-remote qmail-remote.real -rwx--x--x 1 root root 112 May 31 08:11 qmail-remote* -rwx--x--x 1 root root21796 May 30 14:34 qmail-remote.real* IIRC, qmail-remote is executed as user "qmailr", which doesn't have read permission on your new shell script. Shell scripts require read permission to execute. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/
Re: is content level blocking possible
On Mon, May 15, 2000 at 11:04:48AM +0530, Madhav wrote: From the qmail server(on Linux machine) adminstrator point of view I have a question. All my end users are M$ windoze users. Let's say a mail with some virus prone attachment(which act on windoze) arrives through SMTP. Is there any package which scans the mail for all possible known virii(which act on M$ windoze) before the qmail-queue is invoked. Can anyone give me a good pointer or some info as to where I can get that kind of packages. I hope something like this is already existing. Sure take a look at qmail-qfilter: http://em.ca/~bruceg/qmail-qfilter/ You can use it to run all mail through one or more content filters of your chosing. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/
Re: qfilelog...
On Fri, May 12, 2000 at 09:12:58PM -0700, Jason Ingham wrote: I'm using the scripts that come with the memphis RPM's for qmail v1.03. They come setup by default for cyclog. Here's the pertinent part of the script: # Grab the daemontools init functions . $INITDIR/daemontools.functions It looks like this file defines a function stop() that causes cyclog to stop. You'll need to modify it to make qfilelog to stop. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/
Re: qmail-qfilter stangeness
On Wed, May 10, 2000 at 07:18:46PM -0400, Russell P. Sutherland wrote: I am running with B. Guenter's QMAILQUEUE patch with his qmail-qfilter package and have difficulty when using perl scripts in the filter train/pipeline. E.g. with the QMAILQUEUE file containing: exec /usr/bin/qmail-qfilter /usr/bin/perl -n -e '{print}' Whereas if I put the equivalent constructs: exec /usr/bin/qmail-qfilter /bin/awk '{print}' or exec /usr/bin/qmail-qfilter /bin/cat There is no problem. Any ideas why perl causes this error? Nope. I use perl myself as a filter, so it's not just perl being wierd. The SMTP error code ("temporary problem (#4.3.0)") indicates that qmail queue (qmail-qfilter in this case) returned an unrecognized error code number. qmail-qfilter returns whatever the last item in the pipe returns, which should be 0 if your perl is working. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/
Re: hack for filtering i love you worm
On Thu, May 04, 2000 at 04:08:40PM -0600, John Gonzalez/netMDC admin wrote: For anyone using this filter, i'd like to hear feedback before i modify a production server. Also, should this interfere with vmailmgr? If you are using qmail patched with the QMAILQUEUE patch, you can use qmail-qfilter and the following two scripts to achieve the same effect. I am using this on two production servers (firewalls, actually), and it should have no impact on vmailmgr or vpopmail. Save the following as /path/love-filter: #!/usr/bin/perl # Header scan while() { exit(31) if /^Subject:\s*ILOVEYOU\s*$/o; print; last if /^\s*$/o; } # Body scan while() { exit(31) if /name="LOVE-LETTER-FOR-YOU.TXT.vbs"/o; print; } Save the following as /path/smtpd-queue: #!/bin/sh exec /usr/bin/qmail-qfilter /path/love-filter Then add the following to the end of every line in smtpd.rules and rebuild the smtpd.cdb file: ,QMAILQUEUE="/path/smtpd-queue" (Replace "/path" with some appropriate path to where you want the scripts to go). -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/
Re: hack for filtering i love you worm
On Thu, May 04, 2000 at 05:31:04PM -0600, Neil Schemenauer wrote: On Thu, May 04, 2000 at 04:21:45PM -0600, Bruce Guenter wrote: If you are using qmail patched with the QMAILQUEUE patch, you can use qmail-qfilter and the following two scripts to achieve the same effect. QMAILQUEUE is nicer but I think a lot of admins are not using this patch and want a quick fix. Do you have any ideas on filtering this with standard qmail? When you compile qmail-qfilter, define the C symbol QMAIL_QUEUE to some other path. Move the real qmail-queue to that path, and install a script that calls qmail-qfilter as qmail-queue, and use the previously posted love-filter script. That's the only other way I can think of. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/
Re: hack for filtering i love you worm
On Thu, May 04, 2000 at 07:28:32PM -0400, Searcher wrote: exit(31) if /name="LOVE-LETTER-FOR-YOU.TXT.vbs"/o; Am I missing something here? Anyone can rename that .vbs to what ever they want and send it around again so wouldn't it be more efficient to filter all .vbs attachments? Nope, you're exactly right. However, the question was, how do I filter the "ILOVEYOU" worm, and the above is a quick (and somewhat dirty) answer. If you know how to identify VBS source, with the absence of a MIME type, please tell us. I intend to do this for my employers, so I'm not just being facetious. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/