Re: add a recipient
JSOBCZ wrote: I would like to add a recipient to all outgoing mail based on the sender address e.q. all mail sent by [EMAIL PROTECTED] should be also sent to [EMAIL PROTECTED] I am not familiar with procmail or other tools so please be verbose. Charles Cazabon wrote: This is a job for your MUA (mutt, kmail, Outlook, whatever), not for qmail... That depends. One could be wanting to monitor the outgoing email of certain addresses behind the scenes. If you want to do this at the MTA level, you'll need to use the QUEUE_EXTRA trick... ...documented in the qmail FAQ, #8.2, by the way... ...feeding messages to a program which extracts the sender address and decides what to do from there -- but you'll need another qmail instance without QUEUE_EXTRA to do these extra deliveries, or you'll have endless mail loops. Maybe not. If the address to send copies to is local, one could instead use another MDA to delivery it to that address's mailbox. Relevant documentation to read: qmail FAQ, man dot-qmail, and the documentation of your favorite Mail Delivery Agent (I use deliverquota, part of the Courier/Courier IMAP packages). Ross Cooney wrote: One other way to do this is to have a script to answer on port 25 wich analyses the email depending on cetain per domain or per user requirements. This could add the new headder before sending it to the real qmail-queue. This could be built around the same idea that the qmail-scanner package works. One problem with this scenario is the original recipient of the message might see the extra header and mention it to the sender. If you're trying to keep this sort of activity under wraps, that could be a bad thing. ---Kris Kelley PS: My apologies to one particular person who will see this message twice. I botched the reply.
Re: Prejudice and control
David U. wrote: Do we know how DJB filtered this client MUA? I think it'd be interesting to see how he choose to do it since I think there is more then one way. Here's one quick and dirty way, usable in default delivery instructions or in a .qmail file: |bouncesaying Outlook Express not welcome here. grep X-Mailer: Microsoft Outlook Express Of course, this will also reject messages that happen to have X-Mailier: Microsoft Outlook Express in the message body (like this one). A better method would use the 822field program in DJB's mess822 package. ---Kris Kelley
Qmail DSN patch?
The message archives have periodically mentioned going to qmail.org to find support for Delivery Status Notifications (various 189x RFCs), but I haven't actually found anything there. Does such a patch (or patches) exist, and if so, where can I find them? It's quite possible I'm overlooking it at qmail.org, but a search of the web page turned up nothing except for a patch to the sendmail wrapper. I'm well aware of the debate between DSNs and qmail's VERPs, however, the idea here is not to better manage mailing lists, but simply to give individual users more toys to play with. Debate that however you will, but the bottom line is, this is not solely my decision to make. ---Kris Kelley
Re: Robin Socha, this is a plea.
I normally don't participate in such discussions, but... Jeff Palmer wrote: Granted, a lot of the emails to this list could be handled if the person would just read the FAQ. But the simple truth is... [h]uman nature is not digging through tons of documentation to find a 'simple' answer. FAQ != tons of documentation Plus, this is what search engines are for. Face reality. You are looking for an idealistic world. You need to see that we live in THIS world, and not many people are going to conform to your ideals... Follow your mothers advice. You mean when she said Stand up for what you believe in? ---Kris Kelley
LWQ/svscan question
I looked at the new version of Life with qmail for the first time today, so forgive me if this is a little late. I didn't see anything in the archive to suggest it had already been talked aobut. Since the new LWQ sets up svscan to run independently of the qmail control script, would it not be a wise idea to include a down file in each supervise directory, so that qmail and any other services would not start up when svscan is run? That way you would have greater control over when and in what order the supervised services began during boot-up. ---Kris Kelley
Re: LWQ/svscan question
I wrote: Since the new LWQ sets up svscan to run independently of the qmail control script, would it not be a wise idea to include a down file in each supervise directory, so that qmail and any other services would not start up when svscan is run? Dave Sill replied: That was my original goal, but I soon discovered that the qmail init script was being run before svscan was started, so qmail wasn't starting when the system was rebooted. I opted to remove the down files and let svscan start them ASAP, which is safe since the init scripts have alread been run by that point. I think I'd prefer to have svscan running before any of the relevant init scripts were executed, because I plan on supervise-ing other programs besides qmail. I like the idea of having them all in one place, overseen by one svscan process (my current set-up calls svscan three times), but would like more control over what order the services are started. So what I'll probably do is call svscan from its own start-up script that runs before the scripts of qmail and the other programs, and sprinkle down files where appropriate. It doesn't look like it, but would I be at the risk of breaking anything else in the LWQ scheme of things if I do it this way? Charles Cazabon wrote: Mea culpa; I claim brain fade. Been there, done that, can't remember what happened. ---Kris Kelley
Re: Logging POP3
David Gartner wrote: Just switched to qmail and have a slight problem. We used to log pop3 traffic (logins/logouts) so that we could help people who claim they couldn't get their mail... Charles Cazabon wrote: The login line can be done fairly easily with a shell script shim called right after your checkpassword (or alternative) invocation in the qmail-pop3d run script... For logging the logout; well, you'll probably have to patch qmail-pop3d to do this. If you're not too discrimating about what gets logged, you can use recordio to log *everything*. If you do use recordio, be extremely careful about who gets to see the logs, since passwords will probably be sprinkled liberally throughout (unless your users use MD5 or similar authentication scheme). ---Kris Kelley
Re: html based email
Andy Meuse wrote: Is there a way anyone knows of to send one email in both html and plain text format? This is up to your email client. If I remember correctly, Outlook and Outlook Express send messages in both formats, and I'm sure other clients do as well. Check the documentation of your favorite client. By the way, sending HTML and other rich text messages is heavily frowned upon in technical communities, such as the qmail mailing list. So, it would be to your advantage to also use a client that can send plain text only, and to make sure your intended recipient won't mind getting HTML, before you send it. ---Kris Kelley
QUEUE_EXTRA: can I use a complete email address?
I'm trying to set up message archiving via the QUEUE_EXTRA variable documented in the qmail FAQ. However, the procedure described in the FAQ is incompatible with my installation of qmail, because I have made a special case of recipient addresses that do not include a domain; simply put, any such messages are rejected. So, the message copies that are supposed to go to log instead get bounced back to the sender. I tried setting QUEUE_EXTRA to [EMAIL PROTECTED]\0, but that only resulted in all deliveries failing because the recipient address was being mangled. I guess I'm not getting the syntax right for QUEUE_EXTRA, but there doesn't seem to be any documentation about it other than what's in the FAQ. So, does anybody know if it's possible to put a complete address or otherwise specify a domain name in QUEUE_EXTRA, and, if so, how? Thanks for reading. ---Kris Kelley
Re: QUEUE_EXTRA: can I use a complete email address?
I wrote: I'm trying to set up message archiving via the QUEUE_EXTRA variable documented in the qmail FAQ. However, the procedure described in the FAQ is incompatible with my installation of qmail, because I have made a special case of recipient addresses that do not include a domain; simply put, any such messages are rejected. So, the message copies that are supposed to go to log instead get bounced back to the sender. Charles Cazabon replied: Hmmm. You did this by patching qmail-send? I presume this is to avoid spam? No, I did it with a combination of qmail's available tools. /var/control/envnoathost no_domain_given /var/control/virtualdomains no_domain_given:no /var/qmail/alias/.qmail-no-default |bouncesaying You must enter a complete address (username@domainname). The bosses wanted to make sure people always used complete addresses. Charles Cazabon continued (and Peter van Dijk chorused): Perhaps when you set QUEUE_EXTRA, you mis-set QUEUE_EXTRALEN? It has to be the length of the string you supply (including the leading T and the trailing NUL). Er, oops. So that's what LEN means. Seems obvious in retrospect. :) Thanks for the help. ---Kris Kelley
Re: Re: Maildirmake...
Ruprecht Helms wrote: By my last qmail-installation I've given the maildirs the right 703. I think that is also a good setting for that. Uh, sure, if you don't mind any fool process or user writing stuff in your mail directories. Remember, qmail assumes the rights and permissions of the user in question before writing to his/her mail directories, so there is no reason to have any world or even group permissions on those directories. 700 is highly recommended. ---Kris Kelley
/var/qmail/control and queue question
When a new domain is added to /var/qmail/control/locals and /var/qmail/control/rcpthosts, is it possible to flush the queue in such a way that any mail bound for that domain (before it became a local domain) will be delivered locally? After updating the control files and then HUPping and ALARMing qmail, the system is still trying to deliver the messages remotely. Playing with /var/qmail/control/smtproutes didn't help either. ---Kris Kelley
Re: /var/qmail/control and queue question
I wrote: Playing with /var/qmail/control/smtproutes didn't help either. Charles Cazabon wrote Hmmm. Even with something like domain:127.0.0.1? That's pretty much what I did, only I used a name (localhost) instead of a number (127.0.0.1). qmail still tried to deliver the messages to the old IP address. Peter Farmer wrote: And if the server was the best preference MX, then qmail would delivery the mail remotely to itself, at which point the message would be delivered locally. /var/qmail/control/smtproutes is supposed to override the looking up of MX records, correct? In any case, I have no control over the DNS records of this domain (don't worry, my reasons for wanting to capture these messages are kosher). These messages finally bounced the last time I tried to flush the queue, so they're gone now. Thanks for the help just the same. ---Kris Kelley
Re: Re: Forwarding user mail.
Rakhesh Sasidharan wrote: TO do that, I created a file .qmail-player in the aliases directory, and put the name "rakhesh@fqdn" in that (that's how I had got qmail to deliver mail for non-existant addresses like postmaster etc); but qmail still delivers mail to "player" and not "rakhesh". Robin S. Socha wrote: You mean "rakhesh@fqdn"? And "fqdn" won't work, anyway. The ampersand is optional if the address begins with a letter or number, as it does in this case. "man dot-qmail" Also, I doubt he meant "fqdn" literally, but since this list prefers to be literal (nothing wrong with that)... "fqdn" would work if he has it set up as a local domain. I have a local domain called "no_domain_given" that is used to catch addresses that don't have domains, since the bosses didn't want people using them. ---Kris Kelley
Re: QMAILANALOG
qmailu wrote: I am trying to use qmailanalog for my analysis... But when I pipe it through any of the z* commands, I get nothing except the column headers from the z* command itself. What am I doing wrong? I tried the same with tai64n2tai and tai64nlocal but I get nothing but the column headers from the z* command itself. Can some pls throw some light on this. You need to run the logs through tai64nfrac before qmailanalog will analyze them properly. This script is (presumably) available at http://www.qmail.org/top.html. ---Kris Kelley
Re: disappearing messages
Gopi Sundaram wrote: Right now, I can send messages out using the machine running qmail as an smtp server. I can receive local messages correctly. However, messages from outside to my qmail server are irretrievable lost. They aren't bounced, and I never receive them. I have no idea where to start troubleshooting. What Do The Logs Say? (tm) ---Kris Kelley
Re: disappearing messages
Schoon wrote: Hmm, another acronym?? WDTLS?? :) Clever, but the majority of people you'd throw it at would never get it. :) ---Kris Kelley
Re: help - tcprules flaking out
Dan Kelley (no relation) wrote: here's my tcp.smtp file: 209.3.117.:allow,RELAYCLIENT="" 127.:allow,RELAYCLIENT="" 64.209.222.:allow,RELAYCLIENT="" 63.113.119.:allow,RELAYCLIENT="" :allow tcpruleschceck /etc/tcp.smtp.cdb 209.3.117.1 yields: [dkelley@mx1 /etc]# tcprulescheck /etc/tcp.smtp.cdb 209.3.117.1 rule : allow connection [dkelley@mx1 /etc]# it doesn't appear to be setting RELAYCLIENT. http://cr.yp.to/ucspi-tcp/tcprulescheck.html You're calling tcprulescheck wrong. Try: env TCPREMOTEIP=209.3.117.1 tcprulescheck /etc/tcp.smtp.cdb ---Kris Kelley
Re: Control files
Is there a better description of what each file does in the /var/qmail/control directory? Better than what? Try "man qmail-control". That will give you an overview of what each file does, what it's default is, and what other man pages to read for more detail. ---Kris Kelley
Re: Forwarding to AOL issue
How funny is it that an AOL user has written an unofficial FAQ on why his ISP loses mail? In fact, he continues to give them money? "Know thine enemy." ---Kris Kelley
Re: traffic
Qmaillist apparently wrote: I guess that it just logs the traffic of emails that are sent out by the server and of emails that are received by the server. ...which is all that qmail has jurisdiction over. But is it also possible to let qmail log when a user collects his email? This is up to your POP3, IMAP, or other similar server. qmail ships with a POP3 server, qmail-pop3d, but even if you are using it, its logs will be kept separately. ---Kris Kelley
Re: qmail-pop3d bug
John R. Levine wrote: Pop3d just reports the file sizes, while it's clear from the RFC that it's supposed to report the wire size of each message, i.e., the size using cr/lf as a line terminator, so the sizes it reports are too small. Peter van Dijk replied: Yes. This behaviour is known. Fixing it, however, involves a *huge* performance downgrade of qmail-pop3d. Scott Gifford pondered: A solution I have considered is storing the messages in wire format. Especially for POP/IMAP-only clients, seems like it could be a medium-sized performance win, since the line-conversion is done only once, regardless of how many times the message is downloaded. If the message were kept in wire-format from SMTP through delivery, no line conversion would be required at either end, and a larger performance gain would be possible. Has anybody tried this, or anything like it? Something like that, yes. My last job involved building custom SMTP and POP3 servers from scratch. I stored messages in a quasi-maildir-ish folder scheme, and left the CRLF linebreaks intact. Since there were no local users on this box, there was no need to worry about local MUA's, and everything ran smoothly. I would think that it probably wouldn't be too much trouble to rig an MUA to look for CRLFs, so that it could coexist in this environment if need be. ---Kris Kelley
Re: apop and authenticated smtp
Todd A. Jacobs wrote: I've seen a couple of patches on qmail.org relating to this, but they either don't list the version they relate to, or are described as experimental/unstable. I'd appreciate some recommendations from anyone who's tried some of these patches, including some pointers on which ones work with qmail 1.03, and which ones I should stay away from. Krzysztof Dabrowski's patch and related checkpassword substitute work just fine with qmail 1.03. That's the one I use. Mrs. Brisby's patch works, but it doesn't offer encryption (CRAM-MD5) support, and it has a small problem in that if your checkpassword program dies, it will allow everybody who attempts authentication to relay. This patch was actually the foundation for Dabrowski's work. ---Kris Kelley
Re: supervised pop3d
Does anyone have an example of calling pop3d from the supervise startup script (/etc/init.d/qmail) from LWQ? I'd really like to run it supervised, if possible. There are some older messages in the mailing list archive that would help, as this subject popped up (no pun intended) less than a month ago. Basically what I did was create a new directory under /var/qmail/supervise, called qmail-pop3d. I set up the run and log/run scripts using the qmail-smtpd scripts as a guide. Once those were set up, I was able to use the LWQ start-up script with no modification, and the tcpserver in charge of the POP3 port is supervised along with the rest of the qmail system. ---Kris Kelley
Re: Sendmail
Kirti S. Bajwa wrote: For the last several months, I am itching to ask this question. I have a freshly installed RH 6.2 on a server. I am planning to install qmail. Are there any files in "sendmail" which are used by "qmail"? Can I just go ahead and remove "sendmail" from the server before starting installation of "qmail"? I have read both "Life with Qmail" and "qmail-HOWTO" and both remove "sendmail" after installing "qmail". A lot of the documentation assumes that you are installing qmail on a mail server that's currently in use. Since you would obviously want to keep downtime to a minimum, the recommendation is to install qmail and make sure it's working properly before you begin trashing sendmail. Since you have a fresh system that nobody is using yet, it won't matter when you yank out sendmail, so go ahead and tear it out before hand if that is your preference. ---Kris Kelley
Re: Disable Single User
Andy $ wrote: I would like to stop the delivery of email to a single user. Is there a way to do this? I'll take a polite RTFM if you can show me explictly where. man dot-qmail man bouncesaying Perhaps a .qmail file for this user that reads: | bouncesaying 'This address does not accept email.' ---Kris Kelley
Re: running qmail from /supervise
Gerrit Pape wrote: if You really want to use such silly initscripts, better use svc directly. Dave Sill asked: What makes this a "silly initscript"? What's the right way to do this stuff in your OS religion? Gerrit Pape replied: I have svscan /service started from inittab... If I want a service to be down temporary, I use svc -d /service/service. Thats what I mean with 'use svc directly'. Newsflash: some people *like* using scripts that allow for more human-readable (and easier to type) commands like 'qmail stop' and 'qmail pause'. As long as one understands what the script is doing and why, there is no right, wrong, or "silly" way to do it. TEHO. ---Kris Kelley PS: That's the closest I've come to a flame on this list. I feel so dirty...
Re: LWQ OpenBSD
Rick Updegrove wrote: Since I do not have a init.d directory in OpenBSD and it seems everything is started from rc.conf and rc.local in OpenBSD how am I to follow LWQ? I may be way off base here, having never used OpenBSD, but couldn't you create the LWQ qmail start-up script as a file somewhere, then tell whichever rc.* script is appropriate to do a "/path/to/script/qmail start"? ---Kris Kelley
Re: SMTP-AUTH problems
John P. wrote: I have patched qmail-smtpd with Krzysztof Dabrowski's SMTP-AUTH patch and have changed the line in /var/qmail/supervise/qmail-smtpd/run to end ".. /var/qmail/bin/qmail-smtpd /bin/checkpassword /bin/true 21" and have been trying to send e-mail from an IP address that is not permitted in the tcp.cdb for relaying purposes. Dabrowski's version of the authenticated SMTP patch supports two authentication schemes, simple passwords and CRAM-MD5 challenges and responses. Therefore, qmail-smtpd modified with the patch will require two "checkpassword" type arguments, one to handle simple passwords, the other to handle CRAM-MD5. Dabrowski also wrote his own replacement for checkpassword, cmd5checkpw, specifically to handle the CRAM-MD5 scheme. However, the latest version of cmd5checkpw also handles simple passwords, so it can be used for both purposes. My qmail-smtpd start-up script looks like this: ... /var/qmail/bin/qmail-smtpd \ /bin/cmd5checkpw /bin/true /bin/cmd5checkpw /bin/true ... Note that if you do use cmd5checkpw, you will have to create a new password file that stores passwords unencrypted; the default is /etc/poppasswd. The source package for cmd5checkpw provides an example to help you set up this new password file. Details and downloads at: http://members.elysium.pl/brush/cmd5checkpw/ ---Kris Kelley
Re: SMTP-AUTH problems
John P. wrote: I wanted to avoid using the cmd5checkpw program as I didn't want to have two sets of password files to update. Also I'm using Outlook Express so that means plaintext passwords only (?) - so I only put one argument on the qmail-smtpd line. Regardless of your set-up, the patched version of qmail-smtpd will need two checkpassword arguments. Since you won't be using CRAM-MD5 at all, you can probably forego installing cmd5checkpw and simply give a dummy argument for the second checkpassword requirement. So your script might look like this: ... /var/qmail/bin/qmail-smtpd \ /bin/checkpassword /bin/true dummy /bin/true ... I would recommend that "dummy" be replaced with a program that always returns failure, in case some smart-alec in your domain tries to use a CRAM-MD5 enabled client. I was going to install the predecessor, that only has plaintext auth - but that was a qmail-smtpd.c program only, and I wanted to keep my patch for Qmail-Scanner - or can I install the new qmail-smtpd.c program and then install the qmail-scanner patch ? I am not using qmail-scanner, so I'm afraid I have no experience with it. At any rate, using the original version of "Mrs. Brisby"'s qmail-smtpd is not recommended, due to a bug that would allow anybody to relay if the checkpassword program crashed. The latest version of Dabrowski's patch fixes that bug. ---Kris Kelley
Re: Newbies tcpserver question [slightly offtopic]
John Peterson Im trying to get tcpserver to work with my simple program written in C. However, Im getting unexpected results... ... printf("Welcome! Enter your name\n"); scanf("%s",name); printf("Hello %s",name); ... -- bash-2.04$ telnet 127.0.0.1 555 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. Bob Welcome! Enter your name: Hello Bob -- It does the input first, and then all the output in one shot! Try flushing the output after the welcome message. Worked for me. ---Kris
Re: Is there another procedure to enable Selective SMTP relaying which is not SMTP-after-POP?
Charrua escribi: Is there another procedure to enable Selective SMTP relaying which is not SMTP-after-POP?. Enrique Vadillo wrote: The best solution for roamers' smtp is SMTP-after-POP, trust me I believe authenticated SMTP works best. The majority of email clients support it now, and there are good implementations of it for qmail. Check out www.qmail.org for details, specifically, Krzysztof Dabrowski's work. ---Kris Kelley
Re: Slow connection on send Server connection closed
JK wrote: 1. From the time Send is clicked in Netscape 4.75 on NT, and the completion takes 15-20 seconds... 2. Some of the Netscape users complain that they frequently get error message indicating that there may be network problem or server may have closed the connection. Can someone tell me where to begin to look to troubleshoot this? How was qmail installed by the consultant? Do you know if it's using inetd or tcpserver (or something more exotic) to listen to the SMTP port? My guess is your server is trying to do ident queries (port 113) which are disappearing into never-never land. tcpserver has an option to disable this, not sure about inetd. ---Kris Kelley
Re: Cannot receive mail from other mail server
MY /etc/tcp.smtp SETTING (after it I convert to /etc/tcp.smtp.cdb using tcprules) is as follows: 127.0.0.:allow,REALYCLIENT="" 192.168.0.:allow,RELAYCLIENT="" 192.168.1.:allow,RELAYCLIENT="" :allow,RELAYCLIENT="" I suspect this is your problem, and if it isn't, it will be. That last line is bad, really bad; it's telling your qmail server to accept messages from anywhere, destined for anywhere, making you an open relay. Change the last line to read :allow and you'll be better off. Don't forget to recompile the cdb. ---Kris Kelley
Re: unable to recieve remote mail
...now we are unable to receive any messages from remote hosts. You mentioned local mail works fine. Does that mean email sent from one local user logged in directly to the machine to another local user works fine? If so, then the problem may be that something's not listening for remote SMTP connections. Try a telnet connection to port 25 and see what you see. If you're certain that something is listening (be it tcpserver or inetd or the like), and that it's properly calling qmail-smtpd, then What Do the Logs Say? ---Kris Kelley
Re: unable to recieve remote mail
Well that's part of my problem, I'm not sure how to interpret the logs fully. They're fairly intuitive once you've stared at them for a bit. Much easier to read than sendmail's. Feb 12 03:33:49 pbgnw qmail: 981966829.691748 new msg 30135 Feb 12 03:33:49 pbgnw qmail: 981966829.691874 info msg 30135: bytes 1688 from [EMAIL PROTECTED] qp 28956 uid 504 Feb 12 03:33:49 pbgnw qmail: 981966829.695257 starting delivery 19: msg 30135 to local [EMAIL PROTECTED] Feb 12 03:33:49 pbgnw qmail: 981966829.695360 status: local 1/10 remote 0/20 Feb 12 03:33:49 pbgnw qmail: 981966829.702067 delivery 19: failure: Sorry,_no_mailbox_here_by_that_name._(#5.1.1)/ Feb 12 03:33:49 pbgnw qmail: 981966829.702180 status: local 0/10 remote 0/20 Feb 12 03:33:49 pbgnw qmail: 981966829.707803 bounce msg 30135 qp 29012 Feb 12 03:33:49 pbgnw qmail: 981966829.708357 end msg 30135 so is it telling me that there is no mail box named scottb? Yes. This snippet of the logs is telling you that message #30135 came from [EMAIL PROTECTED] Qmail then tried to deliver this message as delivery #19 to local user [EMAIL PROTECTED] Delivery #19 failed with the reason given, therefore, message #30135 was bounced back to the sender. the strange thing if that is the case is that I sent the msg to [EMAIL PROTECTED] from [EMAIL PROTECTED], not to [EMAIL PROTECTED] Have you been playing with aliases at all? That's the only reason I can think of why webmaster would morph into scottb on an otherwise sane qmail system. By the way, it's beneficial to you and others to keep these discussions on the qmail list. Somebody with more experience is bound to have better answers than me, plus future qmail users with these problems can then search the archives and (hopefully) not have to ask the same questions again. ---Kris Kelley
Re: qpop3 keeps alive!
Ari Arantes Filho wrote: env - PATH="$PATH" svscan echo $! /var/run/svscan.pid Martin Akesson wrote: You are getting the pid of the env program. You must start svscan without a wrapper like env in order to get echo $! to work. His script is based on Dave Sill's LWQ start-up script. Assuming I'm understanding it correctly, recording the PID of the env program is not a problem, since it morphs into svscan. In other words, killing env will in turn kill svscan. Ari Arantes Filho also wrote: # begin -- /var/qmail/supervise/pop3d/run -- #!/bin/sh /usr/local/bin/tcpserver -v -R 0 pop-3 /var/qmail/bin/qmail-popup myserver.domain.com \ /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir 21 Here's the real problem. Coincidentally, I ran into this same pitfall myself just yesterday. Put "exec" in front of the tcpserver command in this script. My understanding is that supervise is actually only supervising the run script. The "exec" command tells the script to turn itself into a tcpserver process. Without the "exec", the script creates a separate tcpserver process, which supervise cannot control. ---Kris Kelley
Re: qmail-pop3d and daemontools
Marcus Korte wrote: Has anybody included the startup of the pop3d in the qmail startup-skript (the one with start, stop, stat...) of LWQ? I created a new directory under /var/qmail/supervise, called qmail-pop3d. This directory, and the scripts within, are very similar to /var/qmail/supervise/qmail-smtpd. The qmail-pop3d/run script invokes tcpserver using Dave Sill's pop3d script in LWQ. The qmail-pop3d/log/run script invokes multilog which stores its log files in /var/log/qmail/pop3d. Don't forget to set the sticky bit on /var/qmail/supervise/qmail-pop3d, and also don't forget to "exec" commands in your scripts (see my last message). Once I set up these directories, I was finished. The standard LWQ start-up script will start and stop qmail-pop3d at the same time as qmail-smtpd and qmail proper, thanks to the wonder that is svscan. ---Kris Kelley
Re: a question
Yavuz Maslak wrote: yes I can telnet ports 25 and 110 on the machine but I can't see some daemons which qmail-smtpd,qmail-pop3d, etc, when I type as "ps aux | grep qmail" Looks like you're running two instances of tcpserver, so this is normal. Keep in mind that it's actually tcpserver that is the resident daemon process; tcpserver will create instances of qmail-smtpd and qmail-pop3d as needed, when requests come in. For kicks, try making a connection to port 25 or port 110 and then do a process list. You should see an instance of qmail-smtpd or qmail-pop3d running then. ---Kris Kelley
Re: lwq freebsd
Disclaimer: I don't use FreeBSD. t_oo wrote: i've tryed to installed qmail 1.03 according "Life with qmail" http://www.lifewithqmail.org/lwq.html instructions on FreeBSD4.0, but script /var/qmail/supervise/qmail-smtpd/run reporting errors: bash-2.03# /var/qmail/supervise/qmail-smtpd/run softlimit: usage: softlimit [-a allbytes] [-c corebytes] [-d databytes] [-f filebytes] [-l lockbytes] [-m membytes] [-o openfiles] [-p processes] [-r residentbytes] [-s stackbytes] [-t cpusecs] child script /var/qmail/supervise/qmail-send/run reoprts: bash-2.03# /var/qmail/supervise/qmail-send/run env: illegal option -- P usage: env [-] [-i] [name=value ...] [command] scripts: -- /var/qmail/supervise/qmail-smtpd/run script -- #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` exec /usr/local/bin/softlimit -m 200 \ /usr/local/bin/tcpserver -v -p -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /var/qmail/bin/qmail-smtpd 21 Do you really have an extra line break between each line of this script? If so, there's your problem. Remove the extra line breaks, or at least just the ones after "exec", and you should be alright. /var/qmail/supervise/qmail-send/run script --- #!/bin/sh exec /var/qmail/rc This merely calls another script, /var/qmail/rc. You'll have to check the contents of that script to find where the error is. Incidentally, it looks like you have an extra line-break here too, though in this case it's not hurting anything. ---Kris Kelley
Re: mail backup
Takayuki Murai wrote: I am referring to ~user/Maildir. Some of the user use POP, and the other use IMAP. And, I assume that incoming mails store into ~/Maildir/new. My question is: if there are new coming mail storing into ~/Maildir/new while backup job is working, what problem is going to happen. Incoming messages are first stored in ~/Maildir/tmp. They are only moved to ~/Maildir/new once the file write is complete. Therefore, as long as you are only backing up ~/Maildir/cur and ~/Maildir/new, you shouldn't have any risk of incomplete file back-ups. Does Amanda works fine? Not familiar with this program, but any file copier should do, even plain old "cp -r". ---Kris Kelley
Re: tcpserver unable to figure out port number for smtp
Fish Flowers wrote: @40003a71e0a43872189c tcpserver: fatal: unable to figure out port number for smtp OK, fair enough... how do I open the port? Or point tcpserver to it? Ack! Lack of unix training coming back to bite me in the butt! Looks like you're calling tcpserver with a port argument of "smtp". You have two options: either use a port argument of "25" instead (a number instead of a name), or define a port number for smtp in /etc/services or similar file. ---Kris Kelley
Re: tcpserver unable to figure out port number for smtp
Fish Flowers wrote: Hmm -- but smtp is assigned a port number (25) in /etc/services... When and where is tcpserver called? I'll try passing it an explicit port argument... That depends. If you followed the "Life with qmail" way of doing things, tcpserver is called from /var/qmail/supervise/qmail-smtpd/run. At any rate, qmail should be fired up during the machine's boot sequence, so the call to tcpserver, or at least the script it's hiding in, should be somewhere in your start-up scripts. ---Kris Kelley
Re: local delivery problem
Charles Cazabon wrote: Which part didn't you understand? You're injecting mail with bare linefeeds. That's a no-no. Don't do it. i'm using, fetchmail to retrieve my mail. Then fetchmail is broken. Use something else. I wouldn't say fetchmail is broken. The bare LFs weren't inserted by fetchmail, they're being passed on unchanged from the original source. Alternatively, fetchmail provides an option, forcecr, that will make sure every line ends with a CRLF. http://cr.yp.to/docs/smtplf.html covers this. I wrote getmail because of issues like this. You can find it from the link below, and best of all, it doesn't even do delivery by SMTP re-injection. I like that feature. At any rate, fetchmail also offers delivery straight to an MDA. ---Kris Kelley
Re: qmail-pop3d and fetchmail
This question probably belongs in a fetchmail forum. Unfortunately, my recent attempts to subscribe to the fetchmail mailing list have ended in failure, so you may not have any luck finding a fetchmail forum. I was trying to use fetchmail to retrieve messages from a pop3 account on a server running qmail-pop3d using tcpserver and vchkpw. It retrieved all the messages although I did not specify "--all" flag to fetchmail. I tried several time and every time fetchmail retrieves all the messages again and again. Try forcing fetchmail to use message UIDLs, that is, use the "--uidl" flag. This will enable fetchmail to keep track of what messages it has and hasn't downloaded using a local list of message IDs. I tried fetchmail with another pop3 account on a server running sendmail/qpoper and it worked fine, only new messages was retrieved. Anybody knows why that happens ? Probably because that other pop3 server allows for the "LAST" POP3 command. "LAST" returns the number of the last message downloaded. Ideally this should be enough to determine which messages are new, but only after some assumptions that aren't always correct. The most recent POP3 RFC deprecated the "LAST" command, and not all POP3 servers support it. ---Kris Kelley
Re: Maildir in /etc/skel ?
Pupeno wrote: Is it posible to create Maildir in /etc/skel/ (maildirmake /etc/skel/Maildir) Jurjen Oskam wrote: I have and it works great. Just a maildirmake in /etc/skel, doublecheck the permissions and you're off. Make a .qmail file there that points to the Maildir, too. :-) The .qmail file would be unnecessary, provided you set up proper default delivery instructions in your /var/qmail/rc script (or wherever you execute qmail-start). ---Kris Kelley
Re: A firestorm of protest?
Russell Nelson wrote: Also, some things are much better implemented as a change to the existing programs, rather than as an additional layer of programs. Try applying two patches to the same program. That's not necessarily a problem, particularly when the patches affect different areas of the code. On the other hand, imagine there is a program that two people have written additions for, and you want to include both of those additions. If each person releases the complete source to their version of the program, instead of a patch to the original source, you'd have to wade through the program source, twice, to figure out where the modifications are and how to combine them. This problem can be circumvented by storing the complete source for every possible combination of additions, but that's going to quickly max out your storage space, not to mention the logistical nightmare of figuring out who needs to give permission and who gets credit, etc. ---Kris
Re: A firestorm of protest?
Felix von Leitner wrote: If you want to use bloated, unreliable, immensely fat software with a nice author who will include every patch anyone sends him, switch to Exim. I mean it! Please go away and use Exim. It has all the features anyone could ever want from an MTA, and around 20 million more features. Does Exim also come with a nice mailing list that doesn't demand the exile of people with dissenting opinions? ---Kris Kelley
Re: tcpserver
Martin Randall wrote: maildirmake /etc/skel/Maildir (even from within /cvar/qmail/bin) failed and in the end I had to cd /etc/skel and do /var/qmail/bin/maildirmake Maildir Have yet to look into that. I take it a .qmail file is also required in /etc/skel. Not really. If all of your users require the same delivery instructions, then those instructions should be part of qmail-start's "defaultdelivery" argument, presumably in the /var/qmail/rc script. A user needs a ".qmail" file when that user desires a delivery method that is not the default. What perms are these files in /etc/skel supposed to be ? 700 permissions for all relevant directories (Maildir, Maildir/cur, Maildir/new, Maildir/tmp) is ideal. qmail will allow for a wide variety of permissions on the Maildir, but nobody else should be reading a user's email anyway. 3PO! You tell that worm ridden piece of filth he'll get no such pleasure from us! .. Right...? -- Skywalker (Star Wars) Han Solo said that, actually. ---Kris Kelley
Re: qmail-smtpd-auth
Bjorn Nilsen wrote: I'm considering patching qmail with the qmail-smtpd-auth patch... I am rather nervous about patching rock solid qmail with a 3rd party patch... You're not going to find any ESMTP AUTH solutions for qmail that don't involve patching qmail's source. I use Krzysztof Dabrowski's patch, and it works like a charm. There was no problem applying the patch, no problem compiling the patched source, and it has worked as advertised. Also another question with qmail-smtp-auth if a host is already set up as a relay client do they need to still provide a login password to get relay access? No. If the remote server doesn't try to authenticate itself, the RELAYCLIENT environment variable is not changed. That means that if the variable was already set by tcpserver, it will remain set. ---Kris
Re: qmail-smtpd-auth
Vince Vielhaber wrote: You're not going to find any ESMTP AUTH solutions for qmail that don't involve patching qmail's source. This is completely false. smtp-poplock doesn't require patching the qmail source. You can find a link to it on www.qmail.org. If I'm wrong, my apologies. I'm not familiar with smtp-poplock, and I was basing what I said on Bjorn Nilsen's last reply, which said, "smtp-poplock is just another implementation of 'pop before smtp.'" ---Kris Kelley
Re: qmail-smtpd-auth
Vince Vielhaber wrote: You're not going to find any ESMTP AUTH solutions for qmail that don't involve patching qmail's source. This is completely false. smtp-poplock doesn't require patching the qmail source. You can find a link to it on www.qmail.org. If I'm wrong, my apologies. I'm not familiar with smtp-poplock, and I was basing what I said on Bjorn Nilsen's last reply, which said, "smtp-poplock is just another implementation of 'pop before smtp.'" ---Kris Kelley
Re: qmail-smtpd-auth
Vince Vielhaber wrote: If I'm wrong, my apologies. I'm not familiar with smtp-poplock, and I was basing what I said on Bjorn Nilsen's last reply, which said, "smtp-poplock is just another implementation of 'pop before smtp.'" It does the same thing - allow any client to send mail provided they successfully authenticated with the POP3 server first - but that's the only way they're the same. No, ESMTP AUTH is different from pop-before-smtp. With ESMTP AUTH, clients authenticate themselves via the SMTP server for each SMTP session. The POP server is not involved at all. The way the qmai-smtpd-auth patch works, if a client connects to the SMTP server and successfully authenticates itself, the patched qmail-smtpd process sets RELAYCLIENT for that session, thereby allowing relaying. When the SMTP session is closed, the relaying permissions, along with the rest of that process, disappear. ---Kris Kelley
Re: problem in pop3d
my computer crashes when prince tries to go through the secret door of the library. Tell him to use a name that the computer can actually recognize. ---Kris Kelley
Re: relaying by domain
Have you considered authenticated SMTP? That way clients would have to verify themselves each time they sent out a message, similar to the POP login procedure. There is a very good patch for qmail that enables the ESMTP AUTH command, written by Krzysztof Dabrowski, available at www.qmail.org/top.html. Personally I think that ESMTP AUTH is a much cleaner way of doing things than SMTP-after-POP, and most major mail clients support it, including Outlook and Outlook Express. ---Kris
Re: SMTP Authentication
Huseyin YUCE wrote: We have Installed Qmail and configured . It is Working fine. Now we need to Authenticate SMTP connections. How to go about? Is there any way to authenticate using unix password /etc/passwd Piotr Kasztelowicz wrote: Lack of identification system built-in to SMTP is "royal pain" of smtp security Authenticated SMTP is a reality, it just takes a patch to qmail and an appropriate checkpassword-compatable program to do it. Look at www.qmail.org/top.html and do a search for Krzysztof Dabrowski, the author of the best patch for ESMTP AUTH. ---Kris Kelley
Re: E-mail through firewall
Brett Randall wrote: I have a problem. Optus@Home in Australia (one of two cable internet providers) have decided to firewall port 25 traffic (incoming) to their entire network except for their own mail servers. This means my mail server is virtually useless... Maybe ask the administration nicely to open up port 25 for certain IPs if the machine passes an open relay test? ---Kris Kelley
Re: Local users can clog qmail local queue
Greg Owen wrote: Consider instead a user who puts a stupid filter in his .qmail that will execute commands listed in an email with COMMAND as the subject line. NOW you have a real security hole. ...which is why .qmail commands are executed as the user, instead of as root or as one of the qmail users. Assuming you don't have any other local holes, the worst that user can do is machine gun himself in the foot, and he doesn't need qmail to do that! ---Kris
Re: Disable envnoathost?
Charles Cazabon wrote: If I'm not mistaken, qmail-smtpd calls qmail-inject, which calls qmail-queue. According to DJB's schematics, qmail-smtpd calls qmail-queue directly. From the INTERNALS file (also noted by Peter Samuel): qmail-smtpd --- qmail-queue --- qmail-send --- qmail-rspawn --- qmail-remote / | \ qmail-inject _/ qmail-clean \_ qmail-lspawn --- qmail-local I belive Bruce's patch changes _all_ qmail programs which call qmail-queue... Therefore it would work in this case. You're right, it would. I was just being a tad anal. :) Also, to be completely fair, you provided a solution that's exactly what I asked for. Mark Delany's solution will still result in the message being accepted and then bounced, but in this case the bounce will have a more accurate explanation about why it was bounced. That's good enough for me. Again, thanks for the help! ---Kris Kelley
Re: Potentially stupid question about bounces...
- Original Message - From: "Charles Cazabon" [EMAIL PROTECTED] To: "QMail Mailing List" [EMAIL PROTECTED] Sent: Monday, December 18, 2000 7:44 PM Subject: Re: Potentially stupid question about bounces... Kris Kelley [EMAIL PROTECTED] wrote: I'm trying to get an idea of exactly how qmail does bounce messages, since I will probably have to write various delivery programs to deal with special quotas and such in the near future. You're not clear on what you're trying to accomplish here. You're right, I'm not. Right now all sorts of exotic quota ideas are being bandied about the office: x number of messages sent/received in y time, different numbers for different senders and recipients, and on and on. Any of these ideas that gets turned into a requirement will need a custom delivery instruction to go with it, if it's not already covered by programs like Sam Varshavshik's deliverquota. qmail-local signals delivery status to qmail-lspawn with its exit codes. You can do things in a .qmail file and exit with the appropriate codes to get the behaviour you want; man qmail-command and man dot-qmail for more details. I think that answers my question. I'll study those man pages a little more closely. Thanks. ---Kris Kelley
Disable envnoathost?
Is there a way to disable qmail-send's use of the envnoathost control file, so that any message bound for an address without an @ sign is simply refused? I know I could put something like nonexistenttrashdomain.com in envnoathost so that all such messages would get bounced back to the sender, but I'm hoping for a cleaner solution, and hopefully one that doesn't involve code hacking. Thanks! ---Kris Kelley
Potentially stupid question about bounces...
I'm trying to get an idea of exactly how qmail does bounce messages, since I will probably have to write various delivery programs to deal with special quotas and such in the near future. Simply put, are all bounce messages generated by qmail-send? If so, that means a delivery program only has to exit with the right error code for a bounce to be generated, correct? Sorry if I seem to be overlooking the obvious, but the qmail docs don't give a clear picture about this, and I can tell from the list archives that there has been plenty of confusion about bouncing! ---Kris Kelley
Re: Disable envnoathost?
Charles Cazabon wrote: Write a wrapper script around qmail-queue, perhaps, which checks that a domain was specified for addresses... To save some work, you could use Bruce Guenter's QMAILQUEUE patch, and insert your filter inbetween qmail-inject and qmail-queue instead... Actually, there are no local users on these boxes, per se, so the filter would have to be between qmail-smtpd and qmail-queue. Otherwise, this makes sense. I'll keep it in mind. Mark Delaney wrote: Put nonexistenttrashdomain.com in envnoathost *and* virtualdomains with a catch-all .qmail-default that has something like: | bouncesaying "No recipient domain = No delivery" Think I'll try this one first. :) Thanks for the help! ---Kris Kelley
Re: Smtp AUTH
Hi I just want to know if there is a solution for Smtp AUTH. I tried qmail-smtpd-auth-0.26.tar.gz but it doesn't work :-( ... The only other option is qmail-smtpd-auth's immediate predecessor, a patch written by "Mrs. Brisby". If you can't get qmail-smtpd-auth to work, odds are you won't get this patch to work either. What exactly is happening? Give us an idea of how you applied the patch, how you tested it, how you've determined it's not working, what any relevant log files say, and so forth. I use qmail-smtpd-auth without any trouble, and the author of that patch also subscribes to this list (or did, at least), so I'm sure you can get help here. ---Kris Kelley
Re: Changing double bounce sender from #@[] to anything else
Charles Cazabon wrote: You'll have to edit the qmail source to do this. However, you probably shouldn't -- double bounces have to have a null envelope sender, so that if they are going to bounce, they get thrown away -- if you change it to Jonathan McDowell wrote: FWIW if you turn on the "sender_verify" option for Exim it thinks it can't route mail to #@[], so won't accept mail from that sender envelope. Or at least it does in 3.12, I don't know if later versions treat it differently. Sendmail has a similar option that creates this problem. Currenty my company's corporate email server (sendmail) won't accept anything with an unrecognized domain name, and thus flushes any bounces it receives from our public email servers (qmail). I know, I know, ditch sendmail and install qmail on the corporate email server. I haven't been able to talk them into letting me do that yet. :) ---Kris Kelley
Re: RE : Smtp AUTH
- Original Message - From: "Charles Trtanj" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 14, 2000 1:04 PM Subject: RE : RE : Smtp AUTH Well i started the smtpd server with this command "tcpserver -c20 -x /var/qmail/control/smtp.cdb -g18 -u81 -R -v 0 smtp /var/qmail/bin/qmail-smtpd /bin/checkpasswd /bin/true /bin/cmd5checkpw /bin/true". Virtually the same as mine, with one major exception. The latest version of cmd5checkpw handles both clear-text passwords and the CRAM-MD5 scheme, so I'm not using checkpasswd at all. While that's something to check, I doubt it's the cause of the problem you are having. the server started and accepted connection via telnet. But at the moment a windows-user tried with outlook to login on the smtpd-server the server says "bad password or username". I looked at the messagelog and find " checkpasswd : domain.de:ipnumber:port user "" no $HOME, access denied". But on my first configuration (smtp after pop) all was ok. The user had first to login with pop3 and after that he can send emails. Yes, SMTP-after-POP schemes do not require the client to have any special knowledge about what's going on. ESMTP AUTH of course requires the client send the proper authentication information. I just sent a message through my AUTH-enabled server using Outlook, and it went without a hitch. Same with Outlook Express, which I use daily. Since the error message mentioned something about no $HOME, you may want to look at whatever checkpasswd is using to look up user information (/etc/passwd, presumably) and make sure this person actually has a home directory set. Then, if checkpasswd is as paranoid as qmail, make sure that the person actually owns his home directory, and that the directory is not world-writable. If none of this fixes the problem, you might want to post a question to the password mailing list. See http://cr.yp.to/lists.html#password for details. Good luck! ---Kris Kelley
Re: How to get Mail delivery in form cgi´s work
If you want to have fun with Outlook Express users, put this in your signature: "[EMAIL PROTECTED] Doe"@example.com I don't know if that's a legal address, but its mere presence in an e-mail message will cause Outlook Express to freeze and eventually consume all of your memory... "Thanks for the warning," says the person who read this message with Outlook Express. Incidentally, nothing happened, aside from the address being incorrectly parsed by OE's mailto linker. I use version 5. By the way, playing strictly by RFC 821's rules, that is a valid email address. ---Kris kelley
Question about default message delivery.
How can I feed qmail-start, qmail-lspawn, and qmail-local more than one default delivery instruction. My hope is to use a program, "blackbox" for example, that will extract information from each incoming message before it is saved. A similar .qmail file would look like this: |blackbox ./Maildir/ After looking at the sample start-up scripts in /var/qmail/boot, I'm thinking my start-up line would look similar to this, assuming blackbox takes no arguments: qmail-start '|blackbox ./Maildir/' Is this correct? If not, how can I string together multiple default delivery instructions? Thanks for the help. ---Kris Kelley
Re: More on MAPS RSS
I wrote: ...I have something that proves that the MAPS RSS *is* listing servers that it suspects are open relays, even when they aren't. Russ Allbery wrote: Have you reported this to RSS? Just did, and I cc'ed the message to my ISP. Here's hoping they act on it quickly. ---Kris Kelley
More on MAPS RSS
Forgive me for opening this can of worms again, but I have something that proves that the MAPS RSS *is* listing servers that it suspects are open relays, even when they aren't. My home ISP's outbound server was listed on Friday: texas.kingwoodcable.com, or 208.223.8.79. According to the web page that shows the relay test (http://www.mail-abuse.org/cgi-bin/nph-rsstest?208.223.8.79), "This host accepted our relay test message, but does not appear to have returned it." The page goes on to say, "It may never return the relay test message, which means it is probably not open to relay." Despite these statements, the server made the RSS list. Those more familiar with qmail can examine the bottom of that page and determine if the test that "failed" would affect qmail. Interestingly, the RSS site states that they tried to warn Kingwood Cable about being listed, but that the warning was rejected. This is because they tried [EMAIL PROTECTED], which doesn't exist. I know that 'postmaster' is supposed to exist for every domain, but still, how hard is it to set up something that also sends the message to [EMAIL PROTECTED], since that's the domain this server is in charge of? Oh well, now back to your regularly scheduled flamefest. ---Kris Kelley
Re: HELL, STOP IT (was: Re: List Courtesy (was Newbie question))
Barley wrote: And that they all talk sweepingly of "genetic superiority"? I thought I was the only one who noticed... Let's see, if USENET history is any indication, flame wars usually die down the moment people start calling each other Nazis. Glad to see this one's almost over. By the way, for what it's worth, my installation of Outlook Express seems to do replies the way its supposed to: "Re: " in the subject line, and a "References: " field in the header to keep the archive happy. I'm not saying this on behalf of Microsoft, but merely on behalf of me when I beg you not to set up filters based on what email client somebody is using. I'm good! Really I am! ---Kris Kelley
Re: List Courtesy (was Newbie question)
How exactly is my MUA broken? It isn't, the user is broken. The user incorrectly decided that everyone would just love to see the full text of the original message (perhaps in case they inexplicably missed it the first time!), and that it needed no marking to make it clear to readers that it isn't new material. Heh-heh, well, there's that, but there's also at least one technical gaffe in the MUA he uses. The same gaffe is in your MUA also, Mr. Owen. While the RFCs don't say specifically one way or the other, the general rule is that the subject in a reply should be prepended with "Re: " (case sensitive), not "RE: ". The latest IETF draft for message formats (http://www.imc.org/draft-ietf-drums-msg-fmt) defines the rule a bit more explicitly, saying that the subject MAY start with "Re: ". Some versions of Outlook and Outlook Express prepend "RE: ". While I don't worry so much about aesthetics, I believe that past discussion in this list indicated that many MUA's that use "RE: " also don't supply the message history information necessary to properly organize discussion threads in the qmail mailing list archives. As you have noticed, that makes some list subscribers quite livid. Corrections welcome. ---Kris Kelley
Re: The whole mail puts into the local queue?
Does anyone experienced that part or whole of the mail has been put piece by piece in the qmail queue's local directory (/var/qmail/queue/local/23/57890) rather than just the receiver's mail address?? This is how qmail normally operates. All messages are first placed in the queue before being sent out, in case the machine crashes before the SMTP transaction is complete. People have suggested ways around this when speed is an issue; check the list archives. ---Kris Kelley
Re: The whole mail puts into the local queue?
Peter Samual wrote: This is how qmail normally operates. All messages are first placed in the queue before being sent out, in case the machine crashes before the SMTP transaction is complete. No it isn't. qmail-queue puts only the local recipient addresses in /var/qmail/queue/local/*/*. The message itself is placed in /var/qmail/queue/mess/*/*. Whoops, read too quickly. Apologies. I think his qmail install is severely corrupted. Sounds like it. Makes me wonder what kind of corruption can cause that. ---Kris Kelley
Re: Qmail domain...
I'm using Qmail, In my mail client I have to put all the e-mail address, some like [EMAIL PROTECTED], but I just have one domain, how can I tell Qmail use just one domain???, I mean it ever use the "mail.com" domainand at the login screen I jus supply the name of the account.. Your domain is "mail.com", and you want a message addressed to "user" to go to "[EMAIL PROTECTED]", correct? If so, you need to create a "defaultdomain" and/or a "defaulthost" file in your control directory (or at the very least make sure you have the "me" file set correctly). See the qmail-control and qmail-inject man pages for more info. ---Kris Kelley
Re: IMAP and Maildir
[EMAIL PROTECTED] wrote: On Tue, Nov 21, 2000 at 01:01:55PM -0800, Nicholas Leonovich wrote: Courier-IMAP is working well with Maildir for me... http://www.inter7.com Does it play nice with Microsoft Outlook or Outlook Express? I'm running Courier IMAP 1.2.3 and accessing it with Outlook Express 5 on a Win2K system. So far, no complaints whatsoever. It's been a while since I looked closely at the documentation concerning client compatability, but the only real issue I remember reading about Outlook is its annoying tendency to sometimes flood the server with IMAP connections. Courier IMAP has a way to limit the number of connections per IP address, so this can be dealt with. ---Kris Kelley
Re: tcpserver: fatal: unable to bind: address already used
Jon wrote: When I started up qmail today (it has worked before) I got this error in my /var/log/qmail/smtpd/current - @40003a19660f0523d96c tcpserver: fatal: unable to bind: address already used Something else is hogging the port. Is sendmail running on your system? ---Kris Kelley
Re: SMTP login?
Look for patches at qmail.org, particularly those by Mrs. Brisby and Krzysztof Dabrowski. Dabrowski's patch supports the CRAM-MD5 encrypted challenge/response method of authentication, in addition to clear-text passwords. ---Kris Kelley
Re: QMail and Win NT user auth
Is there any way that I can use the same NT Domain Logon based system (the file) to auth my further QMail users when checking their mail. The trick is to use NIS. This enables a centralized server to control all your user authentication information, instead of having each computer have /etc/passwd and /etc/shadow files, or the NT equivalent. There are NIS clients and servers for NT, all bundled with other stuff in a package called Services for UNIX. My company subscribes to MSDN, and we installed Services for Unix from somewhere within that monster load of CDs. I'm afraid I'm not aware of how to get this package elsewhere, nor do I have any experience in how to set it up for NIS; we're using the package to provide NFS shares from an NT box. Scrounge around on Ms***'s web pages and see where you can get this package (assuming you don't have an MSDN subscription). A word of warning: the documentation for Services for UNIX is spaghetti. ---Kris Kelley
Re: unsubscribe qmail
Actually, someone brought this up recently, and I didn't have an explanation for them -- why does ezmlm subscribe the envelope sender instead of the address in From: ? Probably to help curb, if only slightly, the possibility of somebody subscribing somebody else without the latter person's knowledge. Depending on your ISP, faking the envelope sender could be more difficult than faking the "From:" header. ---Kris Kelley
Re: Bug in qmail´s SMTP AUTH implementation?
Actually, my mailer does not like the "AUTH=LOGIN" tag. I (and Phil Hazel from Univ. of Cambridge, author) think that it should be "AUTH LOGIN" instead. The "="-character is IMHO not allowed here (see RFC 2554 and RFC 1869).This might be some kind of philosophical question, I suppose. But it actually causes problems. Unpatched qmail does not support the SMTP AUTH command. You must be a patch. Technically, "AUTH=LOGIN" is incorrect. However, Netscape's MUA, and later Outlook and Outlook Express, were coded to expect that, so it's become the norm. The first SMTP AUTH patch for qmail, written by Mrs. Brisby, uses "AUTH=LOGIN". The second and more robust SMTP AUTH patch, written by Krzysztof Dabrowski, supports the ability to display "AUTH LOGIN" and/or "AUTH=LOGIN" for maximum compatability, and also supports PLAIN and CRAM-MD5 authentication procedures as well. For more info on Mrs. Brisby's patch, check out: http://www.nimh.org/code.shtml For more info on Krzysztof Dabrowski's patch, check out: http://members.elysium.pl/brush/qmail-smtpd-auth/ ---Kris Kelley
Re: Qmail / MySQL
From the instructions on how to set up a MySQL table for use with this patch: http://www.softagency.co.jp/mysql/qmail2.en.html#3 crypt : Crypted password of a user If you want use plain password, modify checkpassword.c , qmail-getpw.c and mysql.c checkpassword.c, qmail-getpw.c, and presumably mysql.c expect the password to be stored encrypted. Consequently, when given an attempted password to verify, they first encrypt the attempted password before comparing it with the stored password. If you are storing passwords as clear text, you will have to disable the code that encrypts the attempted password before comparison. I do not use this patch myself, so I am unaware of where exactly to modify the code. The "crypt()" function is used to encrypt text; you will need to search for where that function is used on the attempted password, and modify that code to not use crypt. ---Kris Kelley
Re: How to send to all for a webmaster
szq79 wrote: I have linux and qmail installed. You know, as a webmaster, sometime send a letter to everyone is needed for a webmaster.I don't know how to do this. Please tell me. Andy Bradford wrote: There are a number of ways to approach this of which here are two: [snip] This only applies if I have interpreted your email correctly. ;-) If this doesn't work then I probably misunderstood... I think what he's asking for is a way to send a message to every user at once. I imagine a mailing list manager like ezmlm is the way to go, along with something that keeps the list of users fresh and updated. I haven't delved into mailing lists yet, so I'm afraid my expertise stops here. Anyone? ---Kris Kelley
Re: Can't parse MIME message correctly.
I am a manage of an email server( Sorry, English is't my mother tongue and my English is poor ). In my server, the messages from most site can be parsed correctly.But the messages(with attachment)from www.sina.com.cn( a famous chinese site ) can't be parsed correctly. I found it is because the headers of messages from sina have no "MIME-Version: 1.0", but all the other site can parse the message(with attachment) from sina correctly. It is probobly the question of IMAP, I don't know how to solve this problem.Please help me. The software in my system is: Linux 6.2.14-5.0 qmail 1.03 courie-imap 0.32 This is indeed an issue with your IMAP server, as qmail, being only a transport agent, doesn't (normally) do anything to the message except receive it and store it. Therefore, this is not really a question to ask the qmail list. However, I can tell you that the guy who wrote Courier IMAP is very unforgiving about messages that don't conform to standards, so your options are to either switch to another IMAP server, or try and persuade the people at sina.com.cn to fix their broken email system. ---Kris Kelley
Re: concurrencyremote
Doug Schmidt wrote: I would like to increase qmail's concurrencyremote from the default 20 to 40. When I create: /var/qmail/control/concurrencyremote and put a value of 40 in the file, I restart qmail and get the error: Oct 10 16:53:14 server qmail: 971211194.211356 alert: cannot start: unable to read controls Could be a matter of permissions. What are the permissions of your control directory and the control files now? On my machine, the control directory is owned by root:qmail with 755 permissions, and all the files within are owned by root:root with 644 permissions. ---Kris Kelley
Re: Assistance in authenticatoin for SMTP
Brian Pinkney wrote: I beleive I patched and compiled qmail-smtp correctly with qmail-smtp-auth and replaced the original file with it. The way I start qmail is with tcpserver with the following script: [snip] Also I checked the FAQ for qmail-smtp-auth and the only explanatin it provided was that I might want to run checkpassword as suid 'root'. I don't beleive this is it because checkpassword runs well for authenticating my pop3 server. Your pop3 server is probably already running with root permissions, so by the time checkpassword is fired up, it has approval to look at your /etc/shadow file. qmail-smtpd runs as qmaild, not root, so checkpassword will not initially have permission to look at /etc/shadow, hence, the need to make the program suid root. ---Kris Kelley
Re: Where are my Mails ? Please !
Don't send mail to root. Use another user. (qmail will not deliver any mail to the user root as that would require root permissions, which would make the process prone to security issues...). Then, show us the log files of the transaction in question. We may or may not need the contents of users/assign and the output of qmail-showctl. Actually, qmail will accept mail bound for root, it just won't deliver it to root's home directory. Odds are it's in the mbox for the alias user. Check there. ---Kris Kelley
Re: SMTP authentication
Brian Pinkney wrote: I want to know the easiest and way to setup username/password authenication with my smtp server. Are there any suggestions? Preferably something compatible with outlook express' protocol. Erwin Hoffman wrote: SMTP is a host-to-host protocol, not a user-to-user application. Outlook express is a Remote User Agent using POP3 or IMAP4. What you are looking for is probably "POP-before-SMTP". Look for that buzzword. That's not entirely accurate. First, POP and IMAP are protocols for retrieving email. Outlook Express, and indeed any mail user agent, still has to use SMTP for sending email. Second, SMTP can be made to require user authentication before this sending is possible, thanks to a protocol extention known as the AUTH command. There are a couple of patches to qmail that offer SMTP AUTH; check www.qmail.org and the list archives for details. ---Kris Kelley
Re: qmail list reply-to
Chris Garrigues wrote: Considering that the majority of Internet users these days are so young that the have never seen carbon paper, that term seems to be as obsolete as "dialing" a telephone. Uh, I see carbon paper almost everyday. A lot of post offices still use it for keeping copies of money orders, and I know that can't be the only usage still around. And if we're not dialing telephones, what are we doing to them? I've always heard it called dialing, regardless of what kind of phone it was: rotary, touch-tone, gee-whiz-bang-voice-activated, or whatever. ---Kris Kelley
Re: Mrs. Brisby's patch for qmail-smtpd.c for username/password auth
Martin Jespersen wrote: Does anyone know of any reason not to install this patch if the functionallity is kind-of-needed? the reason i ask is that it is listed so far down on the site that i thought it might not be seen as a 'good' patch... Assuming by "the site" you mean qmail.org, I doubt its position on the page reflects any opinion about its quality. I use the mouse's patch, and so far it has delivered what it promised, with no side effects. Note however that there are a couple of caveats. DJB's checkpassword program is necessary for this patch to work, and the checkpassword executable may require a bit of tweaking for everything to execute correctly. This modification, as Mrs. Brisby has been quick to point out, may leave your system password file vulnerable to attack if you're not careful; see http://www.nimh.org/code.shtml for details. Also, the authentication scheme used, "AUTH=LOGIN", is not really secure, barely a step above sending passwords in the clear. If you're the paranoid type who worries about sniffers on your network, this won't be very ideal for you. Krzysztof Dabrowski has written a more robust SMTP AUTH patch based on Mrs. Brisby's work. In addition to LOGIN, it offers PLAIN and CRAM-MD5 authentication techniques, the latter being more suited to those worried about protecting their passwords. Check out http://members.elysium.pl/brush/qmail-smtpd-auth/ for more information. *feels a little stupid for asking this* *feels high and mighty for being able to answer this* I'm kidding. :) ---Kris Kelley
OT Country differences (was: Volunteers for a multilog patch?)
mm/dd/yy is silly. dd/mm/yy is better, but I use -mm-dd, which is ISO-compatible and sorts nicely. mm/dd/yy is the natural derivative of how we usually say dates out loud, e.g., today is October 5th, 2000. Silly in a mathematical sense, perhaps, but it wasn't just yanked out of a hat. We do some metric. E.g., nutritional information labels are metric. UK is half and half, too. U.S. nutritional information labels aren't just metric. They commonly have one "layman's terms" measurement, followed by the metric equivalent in parentheses. For example, my orange juice bottle has "Serving Size: 8 fl oz (240mL)", and the cupcake package reads "Serving Size: 1 cake (50g)". [Light switches] toggle, for Peter's sake! If it's dark, flip the danged switch and see if it gets brighter. Sheesh. :-) Of course, when you have lights serviced by two or more switches, both sides of this argument fly right out the window. - Australian power points (or power outlets if you don't know what I'm talking about) all have switches on the outlet itself, not at the wall. Oh, that's *handy*...walk into a room and fumble behind the furniture looking for the light switch. Gee, I can't imagine why we put them on the wall... A bit of clarification is needed here. Typically, power outlets in the U.S. won't have switches at all; that is, they're "always on." However, housing and apartment contractors have gotten really cheap lately. Instead of putting in overhead lighting, they'll wire the wall switch to a power outlet and expect the tenant to provide his/her own light source. On the other hand, power outlets in many modern U.S. home bathrooms *do* have a switch on the outlet itself, due to safety codes. Of course we have a North Amercian centric view of the world: we're the most powerful and important country in the world. If we were a backwater like Canada or Australia, we'd be paying a lot more attention to other countries like the US, too. And guess which countries will be important when the U.S., China, and Russia all go to war and wipe each other out? :) ---Kris Kelley
Re: Help with my girlfriend?
A brave man giving himself options for servicing more than one gf. My system has /dev/wife with no options for others. In fact, the driver will actively hunt down other instances, kill -9 and remove all associated files :) After which the device unmounts, causing half of your other files to disappear. ---Kris Kelley
Re: Qmail not delivering...
I have a working qmail configuration, but one problem, when trying to send a message to myself on another mail server within our network I get the following: @400039dae1e6378f3a7c status: local 0/10 remote 4/20 @400039dae20d396054e4 delivery 84: deferral: Connected_to_195.40.11.130_but_connection_die d._(#4.4.2)/ @400039dae20d3960cdfc status: local 0/10 remote 3/20 @400039dae5a001f2488c delivery 85: deferral: Connected_to_195.40.11.130_but_connection_die d._(#4.4.2)/ @400039dae5a001f2c58c status: local 0/10 remote 2/20 @400039dae5fe39f90aa4 delivery 86: deferral: Connected_to_195.40.11.130_but_connection_die d._(#4.4.2)/ @400039dae5fe39f98b8c status: local 0/10 remote 1/20 @400039dae696395fdbcc delivery 87: deferral: Connected_to_195.40.11.130_but_connection_die d._(#4.4.2)/ @400039dae69639604d14 status: local 0/10 remote 0/20 Have you tried doing a manual SMTP session with the other machine? That is, have you tried telnetting to port 25 and entering a few SMTP commands? If this doesn't work, then your problem probably isn't specific to qmail (perhaps a routing problem). Try it and find out. ---Kris Kelley
NFS without a user database?
Is there a way to make qmail defer messages in the event of an NFS outage that does *not* involve creating a user database? The project I am working on involves three mail servers, each with an NFS connection to the user directories. No user information is stored locally on any of the machines; I use a modified version of qmail-getpw to validate user names via the network (my company is willing to sacrifice the necessary local bandwidth for this to work). Because there is no local storage of information, keeping the user database updated would involve a periodic query across the network for an updated list of user names. My company feels/hopes that we will be servicing enough users to make this approach impractical, as users will be constantly added and removed from the system. So far my results have been successful. All is well when the network is behaving itself, and qmail defers messages properly when qmail-getpw fails due to a bad network connection. A contingency for a failed NFS mount is one of my last hurdles to getting this all in place. I'm open to any ideas, from .qmail tricks to code patching. ---Kris Kelley
Re: NFS without a user database?
Peter van Dijk and markd wrote: Or, *duh*: the homedir check is in qmail-getpw. Since you've already modified it, modify it some more :) Right. But he may not actually have to check for the existance of HOME currently and in any event there is a timing window between qmail-getpw and the invocation of qmail-local. So it may disappear after the check in qmail-getpw. That's what I thought, I considered a race attack, but there is none. qmail-local *defers* on homedir failures. Only qmail-getpw actually *bounces* on homedir failures. He's using a *modified* qmail-getpw, not a rewritten one. The homedir check is probably just still in there. Having said all that, qmail-local exit with a *temp* error if it cannot stat the home directory, so I'm not sure what the exact problem is. If the nfs home is gone, then this stat() should fail at some point and defer the delivery. Yeah, that's because qmail-getpw does the bouncing. Makes sense. Okay, so if I make qmail-getpw either not do a directory check, or handle the results differently, then there shouldn't be any lost or bounced email, even if the NFS mount happens to disappear between qmail-getpw and qmail-local. Correct? The only general problem is that the NFS timeouts may clog the concurrencylocal limits, but then if you have no homes, there's nothing to delivery anyway. That depends. Where I work we have homedirs spread over about 40 userservers, which means indeed one can be down while the others are up. There will only be one server for user directories, at least to begin with. So, yeah, hitting the concurrencylocal limit won't be an issue. Michael Boyiaz's idea is a good one too. Sounds like it would make planned outages easy to wade through. Thanks for the input! ---Kris Kelley
Re: 421 out of memory (#4.3.0)
Outlook Express 5.50.4133.2400 SMTP Log started at 10/02/2000 15:21:37 SMTP: 15:22:08 [rx] 220 xxx..com ESMTP SMTP: 15:22:08 [tx] EHLO test1 SMTP: 15:22:08 [rx] 250-xxx..com SMTP: 15:22:08 [rx] 250-AUTH=LOGIN CRAM-MD5 PLAIN SMTP: 15:22:08 [rx] 250-AUTH LOGIN CRAM-MD5 PLAIN SMTP: 15:22:08 [rx] 250-PIPELINING SMTP: 15:22:08 [rx] 250 8BITMIME SMTP: 15:22:08 [tx] AUTH LOGIN SMTP: 15:22:08 [rx] 334 VXNlc5hbWU6 SMTP: 15:22:08 [tx] xxx= SMTP: 15:22:08 [rx] 334 UGFzcdvcmQ6 SMTP: 15:22:08 [tx] xxx= SMTP: 15:22:08 [rx] 421 out of memory (#4.3.0) Are you using Mrs. Brisby's auth patch, or a derivation of it? If so, your problem is most likely centered around /bin/checkpassword. Mrs. Brisby's patch expects it to have a bit more freedom than it normally has. See the mini-FAQ on the mouse's site for details: http://www.nimh.org/code.shtml Scroll down to the line that begins with "I keep getting authentication errors!" ---Kris Kelley
Re: Best Winbloze Mail Client?
Umm, for what it's worth, the "RE:" bug isn't in Outlook Express 5, at least not the one that came with my Windows 2000 work box. Can't vouch for the rest of the "features", though. ---Kris Kelley
Re: Problems receiving mail
"Wagner R. Landgraf" [EMAIL PROTECTED] writes: Hmmm..., that might be correct. However, in an internal machine, I can open the www browser and type http://200.201.1.1 as the URL of web page, and it works. What does it mean? You originally said that trying to access port 80 using the external address from an internal machine didn't work. Was that a typo? If you *are* able to access the external address from an internal machine using port 80, but not port 25, then it may still be your firewall. Perhaps it is allowing external traffic on port 80 while denying external traffic on port 25. Check the configuration. Anyway, if you could test it for me, my real IP is 200.201.34.197 . 200.201.34.197 port 80 = success 200.201.34.197 port 25 = failure (connection timed out) ---Kris Kelley
Re: ORBS doesn't like me :(
I put the rcpthosts back and all mail (local and remote) was returned undeliverable. However, I had also removed the :allow from my tcp.smtp so I don't know if that is the problem. The lack of a rcpthosts file was *definitely* the problem. When you don't have this file, qmail's default behavior is to accept and relay email for the entire Internet. Having an ":allow" line in your tcp.smtp file won't affect your server's behavior one way or the other. This line tells tcpserver to accept connections from any remote host (besides those mentioned elsewhere in the tcp.smtp file), but don't modify any environment variables during the session (such as RELAYCLIENT). This is tcpserver's default behavior anyway, so the only reason to have this line is for the sake of readability. Note that allowing a host to make a connection is not the same thing as allowing that host to use your server as a relay. So, the short answer is, now that you have a rcpthosts file again, ORBS will stop blacklisting you. ---Kris Kelley
Semi-OT: Allowing only specific email clients.
I'm currently brainstorming ways that a mail server can be modified to work only with specific email clients. Ideas like user authentication and different port numbers are good places to start, but other popular clients can be easily configured to accomodate these changes. One possibility I'm looking at is to have the client send a specific text string in its HELO or EHLO command. The server would then reject any connections that didn't have this text string. Is this viable? If so, how hard would it be modify qmail to work this way? I am adept at C programming and have even coded my own SMTP server in the past. Of course, if there's already a patch out there that does this, even better. I'm also open to other suggestions on how to make a server work with only specific clients. The clients will be coded in-house, so we will have complete control over the syntax the clients and servers use. At this point I'm not completely convinced my company needs to tie the servers specifically to their clients, but it's being bandied about, so I want to make sure I have a course of action ready should they decide this is the way to go. Thanks! ---Kris Kelley