strip all but plain/text?
Any filters to strip all except plain/text MIME content types? Thanks, John -- John ConoverTel. 408.370.2688 [EMAIL PROTECTED] 631 Lamont Ct. Fax. 408.379.9602 http://www.johncon.com/ Campbell, CA 95008 Cel. 408.772.7733
Re: ESTORNO BONUS TAQUARAL
Adam McKenna writes: Learn how to write a procmail recipe, or how to use your client's filtering rules. # # Encrypted attachements can not be searched: # :0 * ^content-type:.*multipart/((signed)|(encrypted)); ! [EMAIL PROTECTED] # # All other mime mail can contain embedded, uuencode, or html # malicious code: # # Folding whitespace, (the characters between the block braces are # a tab character, hex 09, followed by a space character, hex 20,) # which allows the filename of an attachment in the body of a # message's MIME construct to be on the line following the header # field. # ws = '[ ]*($[ ]+)*' # # Double quote, (to avoid problems caused by how the procmail # shell expands conditions). # dq = '' # # Extension list (sorted and optimized). # ext = '(a(d[ep]|s[dx])|ba[st]|c(hm|il|md|om)|d(at|ll|o[ct])|e(ml|xe)|h(lp|t(a|ml?))|ini|jse?|lnk|m(d[abew]|s[ip])|ocx|p([lm]|[po]t|if|ps)|r(eg|tf)|s(c[rt]|h[bs])|vb[se]?|w(m[szd]|pd|s[cfh])|xl[swt])' # :0 B * -3^0 * 4^0 $ name${ws}=${ws}${dq}.*\.${ext}(\..*)?${dq}${ws}$ * 4^0 $ begin${ws}[0-9]+${ws}.*\.${ext}(\..*)?${ws}$ * 4^0 $ ^content-transfer-encoding:${ws}base64 * 2^0 \(!doctype|html|head|title|body|style|img|bgsound|div) * 2^0 \(meta|app|script|object|embed|i?frame|layer) * 2^0 =3d ! [EMAIL PROTECTED] # in your ~/.procmailrc seems to catch most things like hubris and sircam. John -- John ConoverTel. 408.370.2688 [EMAIL PROTECTED] 631 Lamont Ct. Fax. 408.379.9602 http://www.johncon.com/ Campbell, CA 95008 Cel. 408.772.7733
Resent-Cc: header
Some mailing list agents insert a 'Resent-Cc: recipient list not shown: ;' header in e-mail that they distribute. If such a message is re-distributed by qmail, (say, after reception and filtering by procmail, and forwarded using qmail as the MTA,) qmail reads the 'Reset-Cc: ' header, and tries to distribute the e-mail to ;@mydomain.com. It doesn't do it with 'Cc: ' headers, nor if the 'Resent-Cc: ' record is removed or renamed. If the 'Resent-Cc: ' header is changed to 'Resent-Cc: [EMAIL PROTECTED]', then [EMAIL PROTECTED] will receive a copy of e-mail send to [EMAIL PROTECTED] It seems as though the 'Resent-Cc: ' header has special meaning to qmail when it reads the header. FWIW, John -- John ConoverTel. 408.370.2688 [EMAIL PROTECTED] 631 Lamont Ct. Fax. 408.379.9602 http://www.johncon.com/ Campbell, CA 95008 Cel. 408.772.7733
Re: Resent-Cc: header
Sorry, its a VM and RMAIL issue. When using the resend() function, if a 'Resent-Cc: ' field is in the message, the MUA will copy all listed in the field. Apologies. John John Conover writes: Some mailing list agents insert a 'Resent-Cc: recipient list not shown: ;' header in e-mail that they distribute. If such a message is re-distributed by qmail, (say, after reception and filtering by procmail, and forwarded using qmail as the MTA,) qmail reads the 'Reset-Cc: ' header, and tries to distribute the e-mail to ;@mydomain.com. It doesn't do it with 'Cc: ' headers, nor if the 'Resent-Cc: ' record is removed or renamed. If the 'Resent-Cc: ' header is changed to 'Resent-Cc: [EMAIL PROTECTED]', then [EMAIL PROTECTED] will receive a copy of e-mail send to [EMAIL PROTECTED] It seems as though the 'Resent-Cc: ' header has special meaning to qmail when it reads the header. -- John ConoverTel. 408.370.2688 [EMAIL PROTECTED] 631 Lamont Ct. Fax. 408.379.9602 http://www.johncon.com/ Campbell, CA 95008 Cel. 408.772.7733
receivedIP
There are sources for a database that is compatible with procmail(1) scripts, qmail, etc., and audits the IP addresses in Received: headers at: http://www.johncon.com/john/receivedIP/ in case anyone wants to construct a personal BL for offline/uucp systems. John BTW, would whoever is in charge of such things include this in the www.qmail.org page? Thanks. -- John ConoverTel. 408.370.2688 [EMAIL PROTECTED] 631 Lamont Ct. Cel. 408.772.7733 http://www.johncon.com/ Campbell, CA 95008 Fax. 408.379.9602
Re: reverse DNS?
So, in my request for opinions, pls., some/most/many admins would like to refuse messages from non-local machines that do not have a valid RDNS for the HELO FQDN, but feel such a policy is inappropriate from the user's POV. I have a lot of users that have a common ~/.procmailrc, (mostly spam, MS/Outlook frailties, stuff-its an ln -s from my ~/.procmailrc,) and many of them agreed to participate in letting me put a header record "Sending-Machine: unknown" in such messages-as opposed to refusing to process the message. We'll see how it goes for a month, or so, and see how many messages would have been refused by such a policy, vs. how many should have been refused. Thanks to all for the opinions, John Erwin Hoffmann writes: Hi, At 09:49 7.3.2001 +, James R Grinter wrote: Erwin Hoffmann [EMAIL PROTECTED] writes: However, it makes sense to do DNS lookup f=FCr the MAIL FROM: address.=20 If you have reliable DNS services - I've been on the other end of that, a site permanently rejecting each mail (a 5xx code) because they were having problems resolving the sending domain. Delegation and the nameservers were fine, as it was the second address I tried (which also failed with a 5xx code) Very messy, and not very good for their customers. James. In particular to cope with this, my implementation lets you define for which Domains you dont want DNS Reverse Lookup: /var/qmail/control/nodnscheck. SPAMCONTROL does a logging on that, thus you easily can figure out, which Domains cause the problem. cheers. eh. +---+ | fffhh http://www.fehcom.deDr. Erwin Hoffmann | | ff hh| | ffeee ccc ooomm mm mm Wiener Weg 8 | | fff ee ee hh hh cc oo oo mmm mm mm 50858 Koeln| | ff ee eee hh hh cc oo oo mm mm mm| | ff eee hh hh cc oo oo mm mm mm Tel 0221 484 4923 | | ff hh hhccc ooomm mm mm Fax 0221 484 4924 | +---+ -- John ConoverTel. 408.370.2688 [EMAIL PROTECTED] 631 Lamont Ct. Cel. 408.772.7733 http://www.johncon.com/ Campbell, CA 95008 Fax. 408.379.9602
reverse DNS?
As a matter of policy, is it reasonable to reject messages that fail a reverse DNS lookup on HELO's FQDN/authentication? Good idea? Fascist idea? Opinions pls. John -- John ConoverTel. 408.370.2688 [EMAIL PROTECTED] 631 Lamont Ct. Cel. 408.772.7733 http://www.johncon.com/ Campbell, CA 95008 Fax. 408.379.9602
World's largest mailing list?
Its not exactly a qmail question, but does anyone know how many email addresses are on the world's largest mailing list, and the OS/HW/MTA it runs on? Average messages per day? Thanks, John -- John ConoverTel. 408.370.2688 [EMAIL PROTECTED] 631 Lamont Ct. Cel. 408.772.7733 http://www.johncon.com/ Campbell, CA 95008 Fax. 408.379.9602
identd/auth
Do mail servers use/require identd/auth? Is it permissible to turn it off? Thanks, John -- John ConoverTel. 408.370.2688 [EMAIL PROTECTED] 631 Lamont Ct. Cel. 408.772.7733 http://www.johncon.com/ Campbell, CA 95008 Fax. 408.379.9602
uucp From_ headers?
I get mail via uucp. The "From " header looks like: From somplace.com!someone ... and qmail adds the domain: From [EMAIL PROTECTED] and then adds a: Return-Path: [EMAIL PROTECTED] header. But qmail can not bounce mail to that address. Is there a work around for this? Thanks, John -- John ConoverTel. 408.370.2688 [EMAIL PROTECTED] 631 Lamont Ct. Cel. 408.772.7733 http://www.johncon.com/ Campbell, CA 95008 Fax. 408.379.9602
UUCP addressing?
I receive email for a domain via uucp, and send out mail via smtp to a commercial relay host, (why, is a rather complicated issue,) which is the default in smtproutes for non-local domain delivery. Incoming mail from the uucp provider has a "From " header of the form "From somedomain.com!user ...", and qmail changes this to "From [EMAIL PROTECTED] ...", (as it probably should.) Although delivery works, bounced messages bounce, (not surprisingly, since qmail favors the "From " header, as it probably should, for bounced addresses.) Is there a way to handle this, (sending bounced messages back though uucp would suffice.) Thanks, John -- John ConoverTel. 408.370.2688 [EMAIL PROTECTED] 631 Lamont Ct. Cel. 408.772.7733 Campbell, CA 95008 Fax. 408.379.9602 http://www.johncon.com
tcpserver as an alternative to firewall?
Is anyone using tcpserver on a few daemon sockets as an alternative to a firewall? Thanks, John -- John ConoverTel. 408.370.2688 [EMAIL PROTECTED] 631 Lamont Ct. Cel. 408.772.7733 Campbell, CA 95008 Fax. 408.379.9602 http://www.johncon.com
* in /var/qmail/info/9
What does the '*' mean in ls -alR /var/qmail/info/9: -rw-rw-r-- 1 root root0 Aug 9 17:26 * drwx-- 2 qmails qmail1024 Sep 5 00:42 ./ drwx-- 25 qmails qmail1024 Mar 20 21:21 ../ I was just browsing, and found it. What's it do? Thanks, John -- John ConoverTel. 408.370.2688 [EMAIL PROTECTED] 631 Lamont Ct. Cel. 408.772.7733 Campbell, CA 95008 Fax. 408.379.9602 http://www.johncon.com
smtproutes syntax
Is it legal to use the ip address in smtproutes, somthing like: :123:234:123:234 Thanks, John -- John ConoverTel. 408.370.2688 [EMAIL PROTECTED] 631 Lamont Ct. Cel. 408.772.7733 Campbell, CA 95008 Fax. 408.379.9602 http://www.johncon.com
auth/identd?
Is it wise to run auth/identd on an email gateway? Thanks, John -- John ConoverTel. 408.370.2688 [EMAIL PROTECTED] 631 Lamont Ct. Cel. 408.772.7733 Campbell, CA 95008 Fax. 408.379.9602 http://www.johncon.com
svscan/supervise run script
When launching a program under svscan/supervise that has no port connections, (I just want to keep it running,) what is the correct line in the "run" script if I want to use syslog? Would something like: exec env - PATH="$PATH:/usr/local/bin" my_prog | \ splogger my_prog_id 3 or: exec env - PATH="$PATH:/usr/local/bin" my_prog 21 | \ splogger my_prog_id 3 work OK? Both seem to work OK, but are they correct? Thanks, John -- John ConoverTel. 408.370.2688 [EMAIL PROTECTED] 631 Lamont Ct. Cel. 408.772.7733 Campbell, CA 95008 Fax. 408.379.9602 http://www.johncon.com
RFC 2645 server and client that is compatible with qmail?
Is there a RFC 2645 server and client that is compatible with qmail? Thanks, John -- John ConoverTel. 408.370.2688 [EMAIL PROTECTED] 631 Lamont Ct. Cel. 408.772.7733 Campbell, CA 95008 Fax. 408.379.9602 http://www.johncon.com
qmailanalog compatible with multilog?
Is qmailanalog compatible with multilog when qmail is run under tcpserver? Thanks, John -- John ConoverTel. 408.370.2688 [EMAIL PROTECTED] 631 Lamont Ct. Cel. 408.772.7733 Campbell, CA 95008 Fax. 408.379.9602 http://www.johncon.com
HylaFax's hfaxd under tcpserver?
Has anyone tried to get HylaFax's hfaxd running under tcpserver? Thanks, John -- John ConoverTel. 408.370.2688 [EMAIL PROTECTED] 631 Lamont Ct. Cel. 408.772.7733 Campbell, CA 95008 Fax. 408.379.9602 http://www.johncon.com
Re: spam and well known smtp servers
Hi Markus. Or, your users can put the following in their individual ~/.procmailrc: :0 * ? test -f "${HOME}/.procmail.reject" * ? formail -c -x received: | fgrep -i -s -f "${HOME}/.procmail.reject" /dev/null where ${HOME}/.procmail.reject is a record list of the form: [123.321.123.321] to reject stuff from a specific machine, or: [123.321. to reject messages from an entire class B domain, which is placed in the "Received:" header. Its less efficient, and won't work for a major mail gateway, but it is adaquate to allow users to prohibit reception of mail from certain specific machines/domains. John BTW, you might want to replace "/dev/null" with something like: { EXITCODE=100 :0 /dev/null } which will cause qmail to refuse to deliver the email-since many spammers keep email addresses in a database, which will be removed under an exception. Eric Cox writes: Markus Stumpf wrote: On Tue, Jul 04, 2000 at 01:17:46PM -0600, Charles Cazabon wrote: This would block a lot of valid mail as well. I frequently send mail from a given machine using a different (but valid) envelope sender -- and I will sometimes use my Hotmail address if I am afraid that I might end up on the recipient's mailing list(s). I know. But my alternative in the moment (we do receive at most one legitimite email from hotmail.com a month) - as we have now - is to put hotmail.com in badmailfrom. I use ORBS (orbs.org) here and at work, although some people have said it has too many false positives and other problems (but let's not rehash that issue, okay folks?) But I also use my own RBL-style spammer domain, myrbl.com, and feed it to rblsmtpd its command line. Then just put the rIP of the offending machine in the domain, and presto! It's gone. This allows me to add any spammer/open relay to the list in a matter of seconds. (I wrote some simple python scripts to make it easier - email me if interested). Also, with BIND 8, you can have the domain appear only on your mail machine's nameserver too - so if someone else runs the main nameserver, he/she won't have to deal with it. Eric -- John Conover[EMAIL PROTECTED] http://www.johncon.com/ 631 Lamont Ct. Tel. 408.370.2688 http://www.johncon.com/ntropix/ Campbell, CA 95008 Fax. 408.379.9602 http://www.johncon.com/nformatix/
chopped messages
I'm trying to run down a problem with MS software, (particularly Outlook,) where large email attachments are being chopped into many small messages. I was told that an MTA, like qmail, can ask the MUA to do such things. Is this true? Thanks, John -- John Conover[EMAIL PROTECTED] http://www.johncon.com/ 631 Lamont Ct. Tel. 408.370.2688 http://www.johncon.com/ntropix/ Campbell, CA 95008 Fax. 408.379.9602 http://www.johncon.com/nformatix/
tcpserver accept netmasks?
Will tcpserver's -x something.cdb accept a netmask, like: :deny 127.:allow,RELAYCLIENT="" 172.16.0.0/12:allow,RELAYCLIENT="" Thanks, John -- John Conover[EMAIL PROTECTED] http://www.johncon.com/ 631 Lamont Ct. Tel. 408.370.2688 http://www.johncon.com/ntropix/ Campbell, CA 95008 Fax. 408.379.9602 http://www.johncon.com/nformatix/
adding aliases
What is the easiest way to add alias like john: [EMAIL PROTECTED]? Maybe declare john as a user in user/assign and then something in alias/.qmail-john? Thanks, John -- John Conover, Open Source Group, 50 Airport Parkway, San Jose, CA 95110 Tel: 408.437.7726, Fax: 408.437.4978, [EMAIL PROTECTED] http://www.opensourcegroup.com, http://www.johncon.com
qmail not delivering to ./Maildir/
A couple of weeks ago, someone mentioned in the list that qmail stopped delivering to ./Maildir/ Now, I have the same problem on a new machine-Debian 2.1, qmail 1.03. qmail-inject DOES deliver to ./Maildir/, but normal mail does not. Any suggestions on how to track down the problem, (I'm at my wits end on it)? Thanks, John -- John Conover[EMAIL PROTECTED] http://www.johncon.com/ 631 Lamont Ct. Tel. 408.370.2688 http://www.johncon.com/ntropix/ Campbell, CA 95008 Fax. 408.379.9602 http://www.johncon.com/nformatix/
/var/qmail/rc under supervise?
Is there a way to run /var/qmail/rc (or qmail-start,) under supervise to insure they are always running? Thanks, John -- John Conover[EMAIL PROTECTED] http://www.johncon.com/ 631 Lamont Ct. Tel. 408.370.2688 http://www.johncon.com/ntropix/ Campbell, CA 95008 Fax. 408.379.9602 http://www.johncon.com/nformatix/
D. Bernstein's Bind replacement mailing list?
Is there a mailing list for Dan's bind replacement? Thanks, John -- John Conover[EMAIL PROTECTED] http://www.inow.com/ 631 Lamont Ct. Tel. 408.370.2688 http://www.inow.com/ntropix/ Campbell, CA 95008 Fax. 408.379.9602 http://www.inow.com/nformatix/
Re: Relay Problem
David Dyer-Bennet writes: John Conover [EMAIL PROTECTED] writes on 6 February 2000 at 01:21:38 - I haven't tried it against orbs, but, for the mail server's IP being 123.321.123.321 and a client's 123.321.123.322: :deny 127.:allow,RELAYCLIENT="" 123.321.123.321:allow 123.321.123.322:allow,RELAYCLIENT="" which came from someone on this list. Could this be verified as correct? You don't want the :deny; that will prevent anybody else from connecting to deliver mail *at all*, even mail directed to your users. And you want to set relayclient for the server itself by IP, as well as the server itself by localhost IP. Thanks, David. Can this be verified? The reason I ask is that it has been working for about a year like that. John -- John Conover[EMAIL PROTECTED] http://www.inow.com/ 631 Lamont Ct. Tel. 408.370.2688 http://www.inow.com/ntropix/ Campbell, CA 95008 Fax. 408.379.9602 http://www.inow.com/nformatix/
Re: Relay Problem
Roberto Samarone Araujo writes: Hi , I'm a new qmail user having a problem with relays. I'm using tcpserver with 1 domain in rcpthosts and the following in etc/tcp.smtp 200.242.253.0:allow,RELAYCLIENT="" :allow According to what I've read, this should allow only users with 200.242.253.* to use my server as a relay. But when I test remotely using mail-abuse.org , the test messages are allowed through. What do I need to do to solve this problem ? I haven't tried it against orbs, but, for the mail server's IP being 123.321.123.321 and a client's 123.321.123.322: :deny 127.:allow,RELAYCLIENT="" 123.321.123.321:allow 123.321.123.322:allow,RELAYCLIENT="" which came from someone on this list. Could this be verified as correct? Thanks, John -- John Conover[EMAIL PROTECTED] http://www.inow.com/ 631 Lamont Ct. Tel. 408.370.2688 http://www.inow.com/ntropix/ Campbell, CA 95008 Fax. 408.379.9602 http://www.inow.com/nformatix/
Red Hat sysV init rc.d script for qmail?
Does anyone have a URL for a Red Hat SysV init rc.d script for qmail? Thanks, John -- John Conover[EMAIL PROTECTED] http://www.inow.com/ 631 Lamont Ct. Tel. 408.370.2688 http://www.inow.com/ntropix/ Campbell, CA 95008 Fax. 408.379.9602 http://www.inow.com/nformatix/
ORBS database under tcpserver's cdb?
Is there any way of running the ORGS IP database as a cdb under tcpserver on port 25? Anyone tried it? Thanks, John -- John Conover[EMAIL PROTECTED] http://www.inow.com/ 631 Lamont Ct. Tel. 408.370.2688 http://www.inow.com/ntropix/ Campbell, CA 95008 Fax. 408.379.9602 http://www.inow.com/nformatix/
Re: Qmail is relaying external mail (Spam).
Keith Warno writes: - Original Message - From: "Strange" [EMAIL PROTECTED] On Wed, 22 Dec 1999, Dustin Miller wrote: Although that does bring up an interesting security question. A spammer could, potentially, launch a denial of service attack against a qmail server by sending spams, couldn't they? They can do that anyhow by sending to mailer-daemon, root, or another system account. Well they could do that sending to ANYONE pretty much, eh? Mail delivery for system accounts should be eliminated via the qmail-users(5) mechanism. Ideally it would be nice for there to be a control file -- perhaps ``badrcptto'' -- to reject mail for such users at the door. Heh.. maybe there's already something like that and I haven't seen it. ;-) Hi Keith; tcpserver, from the author of qmail, works quite nicely-it will throttle DoS, and has a very speedy database that can contain blacklisted IPs. John -- John Conover[EMAIL PROTECTED] http://www.inow.com/ 631 Lamont Ct. Tel. 408.370.2688 http://www.inow.com/ntropix/ Campbell, CA 95008 Fax. 408.379.9602 http://www.inow.com/nformatix/
Re: auth/identd?
Peter Samuel writes: If you run qmail-smtpd from either inetd/tcp-env or tcpserver then the default operation is to do identd lookups. However, you can turn these off by using the -R option to either tcpenv or tcpserver. See the man pages for both. This one is from tcp-env(1): -r(Default.) Attempt to obtain TCPREMOTEINFO from the remote host. -RDo not attempt to obtain TCPREMOTEINFO from the remote host. Thanks, Peter. Is it common to use identd for qmail-smtp? Thanks, John -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602, whois '!JC154' [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
auth/identd?
Qmail does not use auth/identd, right? Thanks, John -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602, whois '!JC154' [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
ownership of programs that execute in /var/qmail/alias?
As per the "standard" qmail installation for uucp, I have a /var/qmail/alias/.qmail-uucp-default of: '|preline -d /usr/bin/uux - -gC -a"${SENDER:-MAILER-DAEMON}" uucphost!rmail "($DEFAULT@$HOST)"' when there is outgoing email to uucphost, what program executes the uux command, and what is its UID and GID when it does it? Thanks, John BTW, it works fine, (but I'll fix that, 8^).) The reason for the question is to wrap an ssh tunnel around uux. The tunnel works fine, too-just not together. -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602, whois '!JC154' [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
Re: Host masquerading
[EMAIL PROTECTED] writes: So I am about to modify my "ip-up" script to do the following: do an nslookup on the IP # I get sent, in order to get the name of the "machine" that I've been given, and then insert this machine name into /var/qmail/control/defaulthost. I have tested this "by hand" e.g. getting the machine-name and doing a "telnet freebsd.org smtp" with EHLO etc, and it works. Hi Alan. Sure. As a fragment: In /etc/ppp/ip-up: #!/bin/sh # # Arguments: # $1) interface name # $2) tty device # $3) speed # $4) local ip # $5) remote ip # # Dispatch to the service being provided-use the local ip and remote ip # to determine the connectivity: # case "$4" in # # From some local ppp to some other local ppp if needed: # "172.17.4.15") blah-blah ;; # # Connectivity not understood, so far, possibly an ISP machine. # *) # # Look at the first three octets of the dotted quad notation # address of the remote, ie., look at the class C address of the # remote, which is the network address: # case `echo "$5" | /usr/bin/sed 's/\.[0-9]*$//'` in # # From mymachine to ISP running ppp? # "123.45.67") do stuff to bring the line up like route commands, etc., and get things running and remember the IP. . . . if echo ':amachine.myisp.com' "/var/qmail/control/smtproutes" then if echo 'whatever you want' "/var/qmail/control/defaulthost" then if echo 'amachine.myisp.com' "/var/qmail/control/helohost" then if killall -HUP qmail-send fi fi fi . . . whatever other stuff ;; # # Connectivity not understood, fall through to the exit. # *) ;; esac ;; esac You will need to reverse the process in /etc/ppp/ip-down. John BTW, another alternative is to use slirp in a shell account on the ISP instead of pppd. Then your local LAN can be assigned the private network IPs, (IP_MASQUERADING also does much the same thing, and there is a HOW-TO for it.) Then you don't have to worry what IP your ISP assigns you, and it is always the same from your side. (But you would have to provide your own DNS, and there is a HOW-TO for that, too.) I have had my ports scanned over pppd from an ISP, and tend to, personally, prefer slirp, which runs through IP redirection-so it is difficult for the Internet vandals to find what IP to use. Note that if your From:/Reply-To: headers are correct with your ISP address, all will work fine, since that address is the one that slirp uses to send the email through. Slirp has some very nice security features, but has fallen into unsupport the last few years. Its at http://blitzen.canberra.edu.au/slirp/, but the author has went on to other things. -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602, whois '!JC154' [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
US Senate outsources email management
http://www.currents.net/newstoday/99/06/07/news12.html is kind of interesting-it mentions server issues. Isn't qmail running on a *BSD PC capable of doing 100K-300K emails a day? Does anyone know what kind of system the Senate currently uses? Thanks, John -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602, whois '!JC154' [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
Re: Mass migration off of qmail because of lack of DSNs?
Andre Oppermann writes: See http://www.mckusick.com/~mckusick/index.html Thanks for taking the bandwidth to share that. What's it got to do with qmail? John -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602, whois '!JC154' [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
qmail throughput?
There was some discussion on the throughput per day of qmail on a FreeBSD Pentium. Is it on a web page? Thanks, John -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602, whois '!JC154' [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
return-path:
Just as a clarification, Return-Path: contains the envelope address? This would be taken from the "MAIL FROM:" in the sendmail dialog, right? Thanks, John -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602, whois '!JC154' [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
Next version of qmail?
Is there a planned target date for the next release of qmail? Thanks, John -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602, whois '!JC154' [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
procmail-~/Maildir
Is there a way of executing procmail do ~/.procmailrc, and if email is not rejected for a user, it is delivered into a ~/Maildir? Thanks, John BTW, eg., use my standard spam filter for users that want it, but want to fetch mail via POP3 in a Maildir. -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602, whois '!JC154' [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
RFC To: comment syntax?
I'm running down a problem I think is an MUA problem, (Netscape,) and an interaction with qmail. Is it true that To: header syntax like: John Conover [EMAIL PROTECTED] is depreciated, and: [EMAIL PROTECTED] (John Conover) is correct? Thanks, I couldn't find it in 832. Is it in one of the extensions? -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602, whois '!JC154' [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
/var/qmail/queue?
How do you reconstruct /var/qmail/queue from a head crash? Will qmail automagically recreate the directory tree? John BTW, just worried. -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602, whois '!JC154' [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
Re: MICROSOFT'S HOTMAIL USES QMAIL!!!!
Peter van Dijk writes: On Fri, Apr 16, 1999 at 11:30:57AM -0300, Juan Carlos Castro y Castro wrote: I already knew (as everybody) that MS couldn't put NT to work properly and uses Solaris to run HotMail. But this is new. Or not. Forgive me if this is old news. We'll forgive you. Does anyone know if they are using it to host virtual domains, and leave the "Delivered-To: ..." header in? Thanks, John -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602 [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
Domain names in header records
Qmail inserts the domain name in "Return-Path:" and "Message-ID:" header records. Is there something in /var/qmail/control that can be changed to alter the domain name in ONLY these two records? Thanks, John -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602 [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
Re: OT: Melissa Virus
Mark Delany writes: Not too bad. Are there others that cannot be stopped with the standard qmail? One could argue that there should be a ~alias/.qmail-default installed as a default. Just out of curiosity, what should be in ~/.qmail-default? Thanks, John -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602 [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
Re: OT: Melissa Virus
Mark Delany writes: At 04:33 PM Tuesday 3/30/99, John Conover wrote: Mark Delany writes: Not too bad. Are there others that cannot be stopped with the standard qmail? One could argue that there should be a ~alias/.qmail-default installed as a default. Just out of curiosity, what should be in ~/.qmail-default? Something that stops a bounce that informs people about addresses that are invalid (and thus by inference) addresses which may be valid. It's a pretty paranoid point I confess. Actually, Mark, I am not so sure it is paranoid. They may be after your account names, anyhow. What should be in ~alias/.qmail-default to do that? John -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602 [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
Re: Melissa Virus
Russ Allbery writes: Paul Farber [EMAIL PROTECTED] writes: Again, this is a security issue, not a single/multi user issue. It should be difficult to delete or modify a .dll/exe program file. You SHOULD have to type into a special "admin" account to install/remove a program. Single user or not. While this may very well be a good idea, I'm not aware of any Unix which requires this, provided that the program doesn't want to talk on priveleged ports or have access to raw hardware. Hi Russ. Actually, we used to do just that. That was what /usr/local/* was all about. The executables (and the /usr/local directory structure,) were owned by other than UID GID root or bin. There was a special UID and GID for everything in /usr/local. (Its been too long, I can't remember the UID GID.) If a program required HW access, or a socket, it had to be chown/chgrp'ed to root/bin by the sysadmin. So, a group of non-admin, high level users could manage the /usr/local stuff, install/upgrade new programs, blah, blah. You could, also, upgrade the system without risk of overwriting the users programs and config files. I have no idea why we dropped the concept. Probably a casualty in the name of user friendly. John -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602 [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
Re: Melissa Virus
[EMAIL PROTECTED] writes: Russ Allbery writes: I'd like to back this up, and point out here that too much Microsoft bashing on this one is misplaced. Sorry, Russ, this *is* a Microsoft problem. When many people make the same mistake, it is a failure of technology, not a failure of people. Software that fails to adapt to people's usual and expected behavior is wrong. Well, yes and no. FWIW, what I did, since I use procmail as a local delivery agent with qmail, is scan the top 50 lines of all incoming, (when its delivered to the user's Mailbox out of ~/.qmail,) and if an attachment is found, mime encapsulate around the attachment with a text warning the user can't miss that attachments can contain evil stuff, click at your own risk. It at least stops automatic execution of the MS Office suite. (Unfortunately, it requires an RFC 932 compliant MUA on the PCs to get a valid attachment, which are kind of hard to come buy-but Netscape seems to work OK.) At least there is no excuse for someone clicking on Melissa or Papa. They can't say they didn't know. Scanning the top 50 lines does not seem to hammer box resources too bad, and is done on the rcpt's machine, which is not the mail server in my case, (cheap Linux boxes work.) John BTW, I put the address of the sender of the attachment in the warning, since procmail's formail will extract such stuff, and a statement that if you don't know this person, don't click. Also, a link to an IntrAnet page explaining the situation concerning the problems with attachments, that link into the web media stuff, blah, blah, blah. -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602 [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
Re: Melissa Virus
Russ Allbery writes: Of course, such a virus, in the absence of other security holes, cannot infect more than one user's files. I again contend that this is precisely the difference between a single-user and multiuser system, and regardless of what people think of the stupidity of creating a single-user system, this IS NOT MICROSOFT'S SOLE FAULT because IT WASN'T THEIR IDEA IN THE FIRST PLACE and THE MACINTOSH, AND NEARLY EVERY OTHER "HOME" COMPUTER EVER MADE, WORKS EXACTLY THE SAME WAY. Sorry. Oh, Russ, I think we all agree with you, or we wouldn't be running Unix boxes-at least most of us are. The Unix permission structure is what PC users hate about Unix. But tying a single user box on the Internet is asking for trouble, like you say, because it immediately becomes a multi-user box. When you come right down to it, the age of the PC has gone. A multi-user personal computer is an oxymoron. It is just probably difficult for a company like MS to change its internal mentality and culture away from its foundations, which was the PC. Not to mention a lot of folks that think the PC is what computing is. There is a lot of secretary software out there. John -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602 [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
Re: Melissa Virus
Kai MacTane writes: Text written by John Conover at 05:48 PM 3/30/99 -: BTW, I put the address of the sender of the attachment in the warning, since procmail's formail will extract such stuff, and a statement that if you don't know this person, don't click. But part of the point (and the evil) of Melissa is that you *do* know the person. It sends itself to folks that it finds at the top of someone's Outlook address book -- presumably, folks they correspond with on some basis or another. - Kai MacTane System Administrator Online Partners.com, Inc. - From the Jargon File: (v4.0.0, 25 Jul 1996) house wizard /n./ A hacker occupying a technical-specialist, RD, or systems position at a commercial shop. A really effective house wizard can have influ- ence out of all proportion to his/her ostensible rank and still not have to wear a suit. -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602 [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
Re: Melissa Virus
Kai MacTane writes: Text written by John Conover at 05:48 PM 3/30/99 -: BTW, I put the address of the sender of the attachment in the warning, since procmail's formail will extract such stuff, and a statement that if you don't know this person, don't click. But part of the point (and the evil) of Melissa is that you *do* know the person. It sends itself to folks that it finds at the top of someone's Outlook address book -- presumably, folks they correspond with on some basis or another. Some of them don't, and it does mean, that no matter what, or how the PC is configured, it won't extract the attachment automatically. It requires intervention, after reading a message. John -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602 [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
Re: Melissa Virus
Rick McMillin writes: Other than educating your users and that silly "filter the message by the subject line" fix, has anyone come up with a feasible way to protect your network and servers from the load this "virus" could potentially cause? A lot of folks run smtp under tcpserver to do that. John -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602 [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
Re: Virus-check for incoming mails with qmail
Alex Shipp writes: Does anyone have experience with MTA virus checking? All I heard of was slowing down mail for a company up to two days. That may be simply an inappropriate machine but it triggers all kinds of alarm in my head. We pass all our mail through 3 scanners. For an average sized mail, this takes about 5 seconds elapsed time. FYI, there is a thread going on in the procmail mailing list concerning using procmail to ship any and all attachments to /dev/null. The message is delivered minus any attachments. So the discussion goes, it is selective on a per user basis, (ie., Unix user, pass attachments, MS, don't.) and only if the message is NOT from the local domain. I'm not so sure this is a good idea, but with the frailty of PC secretary software, it might be justified. So the discussion goes, it is done at the MUA delivery, so the MTA can pass it off to other machines on the network that do the scan, cut, and delivery. John -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602 [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
splogger replacement?
The syslog on my machine takes more resources than qmail in: exec env - PATH="/var/qmail/bin:$PATH" qmail-start ./Mailbox splogger qmail Is there a replacement for splogger that will log qmail's activity into its own log so that I won't have to use syslog? I also use tcpserver instead of inetd, and would like to log activity on those ports, too. Thanks, John -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602 [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
Denial of service process table attacks
On http://lwn.net/daily/ptable.html is a description of denial of service process table attacks. Am I correct that tcpserver limits fork() calls to a specified number, and therefore alleviates the situation? Thanks, John -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602 [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
tcpserver and logging
There was a message earlier today concerning the machine resources required for log files when using tcpserver//var/qmail/bin/splogger. Shouldn't it be possible for tcpserver to use individual logs per service, through another logging mechanism. Something like: tcpserver -R -v -x tcp.cdb -u 123 -g 456 0 \ myservice /wherever/myprogram 21 | mylogger mylogfile where mylogger is like cat(1), but with a better permissions/ownership structure? (Or, maybe, ... 21 mylogfile would work, too. Anyone tried it?) Thanks, John -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602 [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
Re: SOLVED AGAIN HELP: NOT SOLVED ! ! looks like a SYN attack
On Mon, Feb 22, 1999 at 01:59:30PM -0300, Eric Dahnke wrote: That solved it. We're running Linux kernel 3.0.26, and I'm sure it is protected from SYN attacks. While were on the subject, does tcpserver have capabilities of dealing effectively with SYN attacks? Thanks, John -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602 [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
Maildir/cur
I have qmail delivering to a user's ~/Maildir. The user uses netscape as the MUA with copy to self set. The copy ends up in ~/Maildir/cur, and all other mail ends up in ~/Maildir/new. Is this normal? Why does qmail think copy to self has been read? Thanks, John -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602 [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
Re: fetchmail and missing delivery-information
[EMAIL PROTECTED] writes: Mirko Zeibig writes: Hello, my provider does collect all mail for [EMAIL PROTECTED] in one single POP-account. I retrieve mail by the help of fetchmail in multidrop-mode, which does work when mail is sent to different [EMAIL PROTECTED] Mail from this list is not delivered to [EMAIL PROTECTED] (aehm, well not directly as postmaster-mailer-daemon-root-mirko-root qmail will send it to me at the end). I think this is due to the to:-header containing [EMAIL PROTECTED] Any hints? Thanks! Yes. POP3 is not a replacement for SMTP. Multidrop mode is broken. What you need to do is to either have your provider add an extra header which indicates the real envelope recipient, or receive mail via SMTP. When mail goes into your mailbox, it loses the envelope recipient information. Fetchmail can try to guess what the envelope recipient is, in multidrop mode, but, as you found out, that would only be a guess, and it some situations it would be wrong. However, if his provider uses Qmail, then, when Qmail delivers the mail to /usr/spool/mail/whoever, each individual mail has a "Delivered-To:" record that does specify the envelope recipient, (So, if a message has a To:, Bcc:, Cc:, or has a To:/From: that does not specify the envelope recipient, the "Delivered-To:" record does so correctly-even if the email has multiple recipients, which could be a Bcc:, also.) See man fetchmail, for the "qvirtual" option on how to get fetchmail to exploit this. John -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602 [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
torquing pop3 permissions?
For qmail's pop3, I am currently using: tcpserver -R -v -x /some/path/tcp.pop3.cdb -u 0 -g 123 0 pop3 \ /var/qmail/bin/qmail-popup my.machine.com /var/qmail/bin/checkpassword \ /var/qmail/bin/qmail-pop3d Maildir 21 | /var/qmail/bin/splogger pop3 3 in /etc/rc.d where the GID for users is 123, and am uncomfortable with letting pop3 run under root UID. What are the other options for the -u and -g in the above tcpserver command, where the pop3 mail is stored in ~/Maildir in each user's shell account? (For flexibility reasons, I don't want to put it in /var/qmail/aliases/auser.) Thanks, John BTW, the way I configured qmail, any shell user's ~/.qmail can contain "|preline /usr/local/bin/procmail", "./Maildir/", "/the/mbox/mail/spool/directory/auser", etc., which gives a lot of extensibility and flexibility. I would just like to limit the damage that could be done if a bandit actually does get through tcpserver and qmail-pop3d, ie., -u and -g to the tcpserver not being system accounts. (I had to use the -R because some antique Eudora programs can't/don't info/authenticate.) The FAQ does not use the -u or -g. -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602 [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html