Re: pop3 and ip adres logging
On Thu, Jan 13, 2000 at 04:21:51PM +0200, Mikko Hänninen wrote: Van Liedekerke Franky [EMAIL PROTECTED] wrote on Thu, 13 Jan 2000: This probably works, but I'm using tcpserver and multilog, so how can I achieve this kind of logging using those tools? I'm curious about this as well. I'm still using inetd for POP, but I'm planning to migrate over to tcpserver sometime. Mostly, I'd like to know how to log all of the POP connections, not just the successfully authenticated ones. In case someone tries to crack the passwords or something like that. Hi, You can use the following for /var/qmail/supervise/qmail-popup/log/run, similar to qmail-send and qmail-smtpd: #!/bin/sh exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t s1048576 /var/log/qmail/pop Chris
Re: compile error
On Tue, Jan 04, 2000 at 10:38:21AM +0900, Kristina wrote: When I compile qmail-1.03 on Solaris 7 the following error is produced throu ghout the compile for all *.c files. In the end, qmail compiles okay so I am wond ering if the following is something I should be worried about? qmail-local.c:448: warning: return type of `main' is not `int' Hi, Technically it's a bug. main() should always return int, never void or anything else, according standard C. I always just assumed Dan was trying to make a statement of some kind as he certainly wouldn't have done this by mistake. :) Anyway, it shouldn't actually affect anything, you can just ignore it. Chris
Re: qmail patch list?
On Sun, Jan 02, 2000 at 11:26:45PM -0500, Russell Nelson wrote: Peter Cavender writes: Does anyone have a complete list of the available qmail patches and what they do? I expect http://www.qmail.org/top.html#addons to be canonical, and I hope everyone else does too. If I've missed anything, please remind me of it (except the Amavis stuff, that's still pending). Hi, AMaViS doesn't require qmail patches! An early version I was hacking on did, but I never made it publicly available. Both my modified version and the version from http://amavis.org/ do not require any patches to qmail. Chris
Re: Problem with Amavis
On Sat, Dec 25, 1999 at 05:51:30PM +0100, Carsten Witt wrote: Merry Christmas Chris, I've a debian 2.0.36 and tried it with 2.2.1 ( the same ). Only a small installation ( the smallest ~28 MB) with procmail and libc5 (for mcaffee) libc6 Kernel-source 2.0.36 2.2.1 And a running qmail 1.03 without patches! checkpassword0.81, rblssmtpd 0.70, daemontools 0.53 and ucspi-tcp-0.84 Okay, I must admit I'm stumped. I've installed Debian 2.1 with a similar setup to you and everything is working fine. The differences are that I am using daemontools-0.61 and fastforward-0.51, and I didn't install checkpassword or the RBL stuff. I also upgraded the kernel to 2.0.38 using dselect. I used the qmail ids and groups included with debian rather than those in the INSTALL.ids file. Also, this system is running under vmware, but that shouldn't make a difference. If it makes any difference I am running qmail using svscan as described in "Life with qmail". Btw, in the next version I'll have configure bail out if it can't find metamail. There's really no point installing it without metamail. Here's the output in the log file I got after doing a test: - xxSat Dec 25 14:20:27 EST 1999xxx qmail-remote called unixzone.com [EMAIL PROTECTED] [EMAIL PROTECTED] FROM: [EMAIL PROTECTED] TO: [EMAIL PROTECTED] maxlevel: 0 UnZOOing test.zoo maxlevel: 1 UnLHArcing test.lha maxlevel: 2 UnARJing test.arj maxlevel: 3 UnRARing test.rar maxlevel: 4 Unpacking uuencoded file test.uue maxlevel: 5 Uncompressing uudecode.4: move to compr.5.Z first maxlevel: 6 Untaring compr.5 maxlevel: 7 Unziping t1.a136693669 maxlevel: 8 Un-gzip-ing y13775.0.gz: move to gzip.8.gz first maxlevel: 9 Untaring gzip.8 maxlevel: 10 Un-bzip-ping t1.a13997.bz2: move to bzip.10.bz2 first maxlevel: 11 Contents of /var/tmp/qmail-remote12805/unpacked total 4 drwx-- 2 qmailr qmail1024 Dec 25 14:20 . drwx-- 3 qmailr qmail1024 Dec 25 14:20 .. -rw--- 1 qmailr qmail 9 Dec 25 14:20 1-mm.a12821 -rw--- 1 qmailr qmail 69 Dec 10 16:24 bzip.10 -rw--- 1 qmailr qmail 0 Dec 25 14:20 mm.a12821 This program is more than 3 months old. New viruses come out all the time - we would suggest that you upgrade your copy. Scanning /var/tmp/qmail-remote12805/unpacked/* Scanning file /var/tmp/qmail-remote12805/unpacked/mm.a12821 /var/tmp/qmail-remote12805/unpacked/mm.a12821 File too small to have a known virus. Scanning file /var/tmp/qmail-remote12805/unpacked/1-mm.a12821 Scanning file /var/tmp/qmail-remote12805/unpacked/bzip.10 /var/tmp/qmail-remote12805/unpacked/bzip.10 Found: EICAR test file NOT a virus. Summary report on /var/tmp/qmail-remote12805/unpacked/* File(s) Total files: ... 3 Clean: . 2 Possibly Infected: . 1 H+BEDV AntiVir scanstatus0 is: 0 Mcafee scanstatus1 is: 0 Dr. Solomon (old) scanstatus2 is: 0 Dr. Solomon (new) scanstatus3 is: 0 Sophos Sweep scanstatus4 is: 0 NAI Virus Scan 4.x scanstatus5 is: 13 KasperskyLab AVP scanstatus6 is: 0 KasperskyLab AVPDaemonClient scantatus7 is: 0 DataFellows F-Secure Antivirus scanstatus8 is: 0 Trend Micro FileScanner scanstatus9 is: 0 Virus FOUND Sent notification to [EMAIL PROTECTED] - Anyone else have any ideas? Chris
Re: Problem with Amavis
On Thu, Dec 23, 1999 at 12:47:24PM +0100, Carsten Witt wrote: Hello Rainer, I did it but, but it is the same! Hi Carsten, I've posted a new version on my site (www.unixzone.com/virus). There were a number of issues with qmail-local in the previous version. Please give this a try. Chris
Re: Corel Linux ships with qmail installed, but not running
On Fri, Dec 24, 1999 at 04:39:34PM -0500, Russell Nelson wrote: Well, the Corel Linux CD that one can download does indeed have qmail installed, however it is not configured nor does it start running by default. Perhaps they are planning to use it in future versions and it just wasn't ready for 1.0? I've been waiting awhile for a Linux distribution to come out that uses qmail as the default MTA (or at least offers the choice of using it over sendmail in the installation.) Chris
Re: qmail scanner
On Tue, Dec 21, 1999 at 05:45:43PM -0500, [EMAIL PROTECTED] wrote: has anyone come to a final howto on getting any of the virus scanning programs to integrate in qmail? I did see one about amavis(?) working but there were no details as to ftp sites for binaries. Hi, Take a look at my website: http://www.unixzone.com/virus/ Chris
AMaViS update
Hi all, Following my earlier post to this list about AMaViS, I was contacted by Rainer Link, one of the AMaViS developers. I put together an extensive patch for the 0.2.0-pre6 version and Rainer merged in his fixes for some of the virus scanners. qmail support should now be relatively complete, including x_header support if you have procmail/formail installed. I am hoping that these changes will be included in the next release of AMaViS. More information, and a tarball, is available at my website: http://www.unixzone.com/virus/ Please send me any feedback or bug reports. Chris
Re: AMaViS working ... almost
Hmm -- in a .qmail file, an exit code of 99 is supposed to tell it that the delivery was OK, but not to process further delivery instructions. Would that be useful in this circumstance? I haven't looked into how AMaViS hooks into the qmail system, so I don't know myself. Hi, Nope it doesn't, but that gave me an idea. I just modified qmail-rspawn to return "KMessage containing virus dropped" if qmail-remote exits with 99, and it works great this way. Btw, I am implementing this under Solaris and I found that many of the command-line options had to be modified for the AMaViS script to work. Also, I found a bunch of the archiver sections had the wrong command-line options, and the "rm $E" part was often missing (the binhex stuff also had some problems.) I also modified the email warnings to include the header of the original email so that the sender can better track down the offending piece of mail. Also, I found that the little-endian/big-endian check in zipsecure was mixed up. I simply swapped the values in each check and this fixed it. Another big pain was that the /etc/magic file on Solaris is missing a whole bunch of stuff which caused most archive formats to be unrecognized, so I had to add a bunch to that (and swap bytes for shorts!). I've made enough changes now that I'm considering re-implementing it in perl with a bunch of optimizations and better error-detection. If anyone's interested in my current hacked-up scanmails script, let me know. Chris
AMaViS working ... almost
I've been attempting to setup qmail with AMaViS, and I just wanted to say thanks to Dustin Miller and Christopher Seawood for their extremely useful posts. Basically everything is working perfectly, except I don't want mail with virus attachments to be bounced back to the user. I've tried this both with and without the mime patch, and there is a problem in either case: - Without the mime patch, the message bounces okay, but if it passes through another virus scanner, it can trigger an alert - With the patch, the bounce is also scanned and a virus found, resulting in multiple virus alerts and the bounce bouncing. Here's some background on how I'm using qmail. I am setting up a mail gateway on a DMZ that will do no local mail delivery. The system just accepts mail from internal systems for external delivery and visa versa. The goal is to have this system scan all incoming and outgoing mail for viruses. Based on this, I've renamed qmail-remote to qmail-remote-real and setup a symbolic link from qmail-remote to scanmails. To get things working, I would like scanmails (masquerading as qmail-remote) to just drop the mail in case a virus is found, after sending an alert to the adminstrator and the user. Unfortunately I can't figure out how to do this. If I don't call qmail-remote-real and just "exit 0", the mail is bounced. I've tried echoing results codes such as: rK0.0.0.0 Message containing virus dropped but this doesn't seem to work. I guess what I'm really looking for is the correct way to tell qmail-lspawn that the message should be considered to have been delivered successfully (which should cause it to be removed from the queue.) Any help on how to do this, or alternatives on how to address this in a better way, would be greatly appreciated. Thanks, Chris
Re: AMaViS working ... almost
On Tue, Dec 14, 1999 at 03:42:29PM -0600, Dustin Miller wrote: Well, the scanmails script is responsible for calling qmail-remote-real and qmail-local-real and sending a number of messages. If you want to change or remove a particular mail (sender, recipient, or virusalert), simply edit that portion of the scanmails script. I'm glad the patch has proved somewhat useful for you. There were minor tweaks to be made, but they seem to be working well for me on this end. Hi Dustin, I've already made some changes to the email that is sent regarding the virus alerts, and that works fine. The problem is the actual queued message being processed. In the case of a non-virus email, the real qmail-remote program is run, and if it delivers the message okay, it somehow signals this to qmail-lspawn (I believe), which results in the message being cleared from the queue. Because of the qmail-lspawn and qmail-remote interaction, having the scanmails script just exit results in the original email being bounced. This is what I'm trying to avoid. I'd like to just tell qmail-lspawn that everything was delivered okay (basically lie to it), so that there is no bounce generated. Any ideas? Chris
