Re: stunnel
On Thu, Jul 26, 2001 at 02:44:17PM +0200, Per-fredrik Pollnow (EPK) wrote: I start the stunnel like this: /usr/local/sbin/stunnel -p /etc/stunnel.pem -l /var/qmail/bin/qmail-pop3d Maildir 21 -f -d 995 [ ... ] Anyone who knows what's wrong? We do it that way: exec /usr/local/bin/tcpserver -R -v -c 50 \ -l popmail.space.net\ 195.30.0.14 pop3s \ /usr/local/sbin/stunnel \ -p /usr/local/services/apache-webmail/conf/ssl/space.pem \ -l /var/qmail/bin/qmail-popup -- qmail-popup\ popmail.space.net \ /var/qmail/contrib/checkpassword\ /var/qmail/bin/qmail-pop3d Maildir 21 \ | /var/qmail/bin/splogger qmail-pop3d-ssl 17 Works without problems ... \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: deferral: Sorry,_I_couldn't_find_any_host_by_that_name
On Wed, Jul 25, 2001 at 08:19:35PM +0700, Vu Xuan Ngoc wrote: @40003b5ec1d00c59ef14 starting delivery 357: msg 1848217 to remote [EMAIL PROTECTED] There are some RFC violating mail clients that do SMTP inject. But instead of RCPT TO: [EMAIL PROTECTED] they send RCPT TO: [EMAIL PROTECTED] with a blank character added to the end. The domain example.comblank does obviously not exist and so it can't be found. It is hard to see this from the above log lines. You may want to modify qmail-send.c in function del_start to output and around the address. log3(: msg ,strnum3,tochan[c]); log1(); logsafe(recip); log1(); log1(\n); The other possibility is to apply a DNS validating patch to qmail-smtpd that makes it not to accept these kind of malformed addresses ;-)) \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: Higher number of deliveries
On Tue, Jun 26, 2001 at 03:07:48PM +0530, D Rajesh wrote: The problem is that, when I tried sending 4700 mails ( to different domains . say like yahoo, hotmail, rediff, etc and not a single user in my domain ), it took one whole day to send all the mails.. qmail-inject placed mails in the queue at a speed of 70 - 90 mails in a second. But, if the logs are checked, it took one whole day to finish sending all the mails It sometimes takes me 2 or 3 days to get only one message delivered to yahoo. This is not a problem that you can fix with qmail configuration on your side. The problem is with yahoo and their mailservers and I can see it for more than one year. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: Bounce-backs with attachments, log files. . .
On Tue, Jun 26, 2001 at 05:01:36PM +0200, Peter van Dijk wrote: I think there is a patch. Yup. Fred Lindberg did it and it can be found on http://www.ezmlm.org/pub/patches/qmail-mime.tgz (also listed on http://www.qmail.org/ Yet More Qmail Addons) \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: charset problems?
On Fri, Jun 08, 2001 at 12:59:09PM +0200, Thomas König wrote: Now I have tried to replace =22 with =3D22, it looks like good, for some Mailreaders, but some one, e.g. t-online, ignore the =3D and dont convert =3D into =. Where is my Problem, wrong charset? T-Online Mailreaders are known to have broken quoted-printable handling. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: doublebounceto ignored??
On Fri, May 18, 2001 at 09:09:26AM -0700, David Boone wrote: Trying to get rid of annoying doublebounceto emails I get as a result of spam, I did an echo doublebounce Did you restart qmail-send after the change? If not, do it ;-) \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: #4.2.1 access denied
On Fri, May 18, 2001 at 08:54:46PM +0200, Tom Beer wrote: it's driving me nuts. I don't know a not tested permission setting. Why do I get an access denied error, every time a message bounces, because there's no mbox? The problem is, if the delivery is done via ~alias, it's done with the permissions of the user alias, which is not allowed to write /home/tom/Mailbox Whether it's done via ~alias/.qmail-tom depends on entries in /etc/passwd and/or /var/qmail/users/assign. However the line @40003b056f360ee85a54 starting delivery 1357: msg 224842 to local [EMAIL PROTECTED] indicates that the problem is not with the user tom, but delivery to user root, which is handled by ~alias/.qmail-root (under permissions of user alias). Replace in that file (I assume!!) /home/tom/Mailbox with tom and it will probably work. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: linebreak handling / qmail-inject
On Mon, May 07, 2001 at 12:58:12PM +0200, Sascha Dahl wrote: I considered that qmail seems to make a difference between DOS and UNIX style linebreaks (\r\n AND \n) when sending mails from localhost. Read RFC 2821 (obsoleted 821) Bare LF without a preceding CR are invalid in SMTP dialogue. Is this the usual behaviour of qmail? That would mean, that it is not 100% sendmail compatible... or did I misconfigure something? If there is a Compatibility to sendmail is irrelevant. qmail implements the standard. Some version of MS exchange and Outloook don't. The funny thing about it is that under some circumstances Outlook can't decode email that has been sent by another Outlook client. solution for handling DOS style linebreaks with qmail I would appreciate any hints. Do correct escaping of LFs according to RFC 2821. Just a notice: it is also irrelevant if LF to CRLF conversion does make sense in your opinion. The standard defines that it has to be converted. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: Can MX record be CNAME?
On Fri, May 04, 2001 at 11:14:52AM +0300, Peter Peltonen wrote: But you are absolutely sure that it won't? If so, great, no problemo then. You can't be sure about anything. There are broken DNS libraries out there, paranoid configured tcpservers/inetds/... The funny thing about this whole thread is that the source of all problems is probably a lousy provider, that doesn't care for PTR delegations. So why don't you get yourself a caring one? \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: Can MX record be CNAME?
What Charles said is totally correct, however I do not understand: On Thu, May 03, 2001 at 08:34:04AM -0600, Charles Cazabon wrote: Peter Peltonen [EMAIL PROTECTED] wrote: Unfortunately I do not control my PTR records so I have to do the dns name change with CNAME. What do - in this context - have PTR records to do with CNAMEs?? Just to make it clear, a MX record MAY NOT point to a CNAME nor to an A record, it always has to be a FQDN (which points to an A record). Speaking bind config it is invalid to have: blubb IN MX 100 1.2.3.4 blubb IN MX 100 mail mailIN CNAME exa exa IN A 1.2.3.4 \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: ezmlm warning
On Wed, May 02, 2001 at 07:41:07AM +0100, Kevin Smith wrote: Can anyone tell me why I'm receiving this message apart from the obvious 99.9% of the Qmail List messages I receive anyway. [EMAIL PROTECTED]: 195.224.255.14 does not like recipient. Remote host said: 571 [EMAIL PROTECTED]... Relaying denied. Giving up on 195.224.255.14. 195.224.255.14 - relay1.mail.gxn.net lemonlaineydesign.com. 1D IN MX10 dwshop2.dedic.web.xara.net. lemonlaineydesign.com. 1D IN MX50 relay1.mail.gxn.net. lemonlaineydesign.com. 1D IN MX50 relay2.mail.gxn.net. At least one of your official MX hosts does not relay messages for the domain lemonlaineydesign.com. \Maex
Re: [ezmlm] lock: file does not exist
On Wed, May 02, 2001 at 08:30:12PM +0200, Karsten W. Rohrbach wrote: Peter Farmer([EMAIL PROTECTED])@2001.05.02 15:50:13 +: 1) thats the same like 'ezmlm-sub /path/to/list adress.txt' but wastes more system resources by creating the process environment for cat. This will *NOT* work (neither of both commands) with a vanilla ezmlm. You need the ezmlm-idx patch for that. If you do not have the ezmlm-idx patch applied you may try xargs ezmlm-sub /path/to/list adress.txt In any case ezmlm-sub will stop processing the bulk if it encounters an invalid email address (e.g. addresses containing spaces which will result in email addresses withou an '@' sign). As xargs may start ezmlm-sub more than one time you may encounter the problem that only a portion of the bulk is missing (i.e. the one that contained an invalid address). \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: Strange Bounce
On Wed, May 02, 2001 at 09:40:29PM +0200, Marco Calistri wrote: I've been bombed too by this lesoleil and I put its MAILER-DAEMON into my /var/qmail/control/badmailfrom ;) Which will *SURELY NOT* work, as the envelope sender for bounces is and not mailer-daemon@... and badmailfrom does work with the envelope sender and not into the From: field in the message header. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: Filter incoming messages for one particualr user
On Wed, May 02, 2001 at 05:15:33PM -0400, Todd Finney wrote: You can use iftocc, from the mess822 package, to do this. No, you can not. The original poster wanted to check the *sender* not the recipient. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: spmacontrol patch 1.4.2 for qmail .
On Tue, May 01, 2001 at 11:16:38AM +0200, Nissim Penias wrote: I have a patched my qmail with the spamcontrol patch version 1.4.2 which can be found in : http://www.feccom.de/qmail/spam.html This patch enables the badrcptpatterns under ../control/ in the qmail directory but it seems to be that it disables the badmailfrom because qmail is ignoring the entries I have entered in this file . 1) you have the READMEs for that patch, why don't you read them? 2) you have the source, so why don't you look at the source. 3) no, this patch does not remove badmailfrom support Why don't you show us the contents of your badmailfrom file and which addresses went through that shouldn't. And please use REAL data and not faked one. Can You please help to solve this issue because its really anoting that i can't use the badmailfrom . Maybe you should do a man qmail-smtpd and check the description of the format of the badmailfrom file with what you put in there. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: username@domain@domain relay hole !
On Mon, Apr 30, 2001 at 11:27:57AM -0400, Robert Geller wrote: I think Nissim is correct. I have tested several qmail servers and this does happen. I am sure he is not: $ telnet mail.space.net smtp Trying 195.30.0.8... Connected to mail.space.net. Escape character is '^]'. 220 mail.space.net ESMTP MAIL FROM: [EMAIL PROTECTED] 250 ok RCPT TO: [EMAIL PROTECTED]@space.net 250 ok DATA 354 go ahead Subject: relay test . 250 ok 988645099 qp 20023 quit 221 mail.space.net Connection closed by foreign host. From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: failure notice [EMAIL PROTECTED]@space.net No such user. That other have relay open/misconfigured qmail servers isn't a prove :-) \Maex
Re: username@domain@domain relay hole !
On Mon, Apr 30, 2001 at 10:37:20AM -0600, Charles Cazabon wrote: If baz.net is in rcpthosts, but not in locals or virtuals, qmail will then forward the whole thing on to the primary MX for baz.net. If this is what is happening, it's not (unauthorized) relaying at all, and doesn't involve bar.com at any point. An if there is a .qmail-default file for the domain baz.net that forwards all emails to [EMAIL PROTECTED] this is no unauthorized relaying either :-))) \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: Is there something like a BADMAILTO directive???HELP...
On Fri, Apr 27, 2001 at 09:48:52AM -0700, Julio Guillen wrote: Hi there, I hope someone help me with this issue. My scenario is as follows: Internet-Mail Gateway-Main Mail Server-End Users Set up a virtual domain on the Mail Gateway that is your real domain (called example.com further on): file: control/virtualdomains: example.com:filter create a qmail user account like: file users/assign: +filter-:user:uid:uid:/home/filter:-:: . (please notice that a . has to be alone on the last line, see man qmail-users for more information on the structure of the file) Run qmail-newu. Now # mkdir /home/filter # chmod 711 /home/filter # chown uid:gid /home/filter In that directory add files .qmail-user for each user@example.com containing the line [EMAIL PROTECTED] where internal.example.com is the name of Main Mail Server. add one file .qmail-default containing the line |/var/qmail/bin/bouncesaying the rejection message sent back to senders this will bounce back eMails to all addresses user@example.com that do not have a .qmail-user file in that directory. The text is the error message that will be sent back along with the message to the sender sending to a blocked user. If tou simply want the error message to be no such user you don't need the .qmail-default file. On Main Mail Server set up a qmail server that does the deliveries as you like. Via tcpserver (see -x option) block all connections but from IP addresses of your internal net and Mail Gateway. This setup should work as a mail from the Internet block, as you wanted it to be. For the outgoing block it is a bit harder and depends on local infrastructure: On your firewall, block port 25 for outgoing connections originiating from all local IPs but your Mail Gateway. On the Mail Gateway block all SMTP connections from local IP addresses but from Main Mail Server and make the IP of Main Mail Server a RELAYCLIENT (again, using tcpserver). On Main Mail Server create a file control/smtproutes and add one line: :mailgate.example.com which will forward all messages that are non local to the Mail Gateway. For the last step (allow certain users to send to the Internet) you need two constraints: - none of the other users has a login on Main Mail Server - you can identify those certain users by IP address. Allow relaying from the IP addresses of those certain users by making them RELAYCLIENTs (again, via tcpserver). -- IMHO this setup should work, but maybe someone has a better/easier solution. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: question about ezmlm
On Thu, Apr 26, 2001 at 09:18:28AM +, [EMAIL PROTECTED] wrote: if there is someone who ever tried ezmlm. I tried to compile it, but failed. It said: Correct, YOU failed not the compiler :-)) auto-str.c: In function `main': auto-str.c:15: warning: return type of `main' is not `int' I think I shouldn't edit it one by one, but what caused the error message? Read it again. It says warning and not error. You can simply ignore it. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: | preline -f sed -n p ... = Is it dangerous/improper?
On Thu, Apr 26, 2001 at 06:04:36PM +, qmail wrote: OH, do you know the variable name wich refers to the qmail-local messages names? If I use the same name that qmail-local uses I wouldn't have name collisions, right? Is it possible? As Charles mentioned there is no variable. But you could use ./some_user/Maildir/new/`/bin/date '+%s'`.$$.`/bin/hostname` which would mimic qmails naming system at the cost of two program calls. Please test on the command line $ /bin/date '+%s' as not all date commands support the '+%s' format. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
ANN: qmail delivery speed comparison graphs available
We run a 9+ subscribers newsletter type mailing list on a dedicated server. I have taken this opportunity to gather information on delivery behaviour/speed using different concurrencyremote settings (150, 250 and 500) and graph the results. The result of the comparison is rather astonishing (for me ;-) as there is not really a big difference. The main work at concurrencyremote=500 was finished after about 1250 seconds, at concurrencyremote=150 it was finished after about 1450 seconds; concurrencyremote=250 is in between at about 1350 seconds. The number of finished successful deliveries/second is nearly the same for all three data sets (about 75-80 deliveries/second). However the number of failures/deferrals per second was lower in the 150 data set than in the 250 and much lower than in the 500. Also the maximum and median delivery times were smaller for the 150 set. (as the list is ezmlm maintained by far the most failures are deferrals). *MY* conclusion from that comparisons is that the power of the qmail-bigconcurrency patch is probably commonly overestimated and the patch is kinda useless. PLEASE NOTE: the data sets are collected from delivery cycles of three successive weeks (the newsletter is a weekly one). Although it's delivered the same weekday (Friday) and around the same time (early afternoon GMT+2) the load on the remote (i.e. receiving) mail servers has a large impact on the data. This is even more true as 90% of the messages are sent to only 300 unique IP addresses (some of which are surely hidden behind load balancers). Thus minor tendencies are to be handled with care and the data sets may not be really representative. I have set up a WebPage at http://www.lamer.de/maex/creative/software/qmail/deliveries/ which contains a bit more explanations and a lot (about 20) of lessened images (full size by clicking on the small images). Although the images in the page are lessened the whole page has about 300 KB, so it may take a while to load completely. All the graphs were made with the help of the qmail logfile, perl, awk, grep and gnuplot ;-) Thanks to Peter van Dijk for his comments and thoughts while previewing the weekly results. I'd be very interested in your opinions/comments. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: max concurrency for qmail is 500, what's it for sendmail?
On Wed, Apr 25, 2001 at 03:59:04PM -0700, Brett wrote: Does anybody know the maximum concurrency for sendmail? From what I understand, with the big concurrency patch, it's 500 for qmail but I can't find any data on sendmail. Thanks in advance. Dunno about sendmail, but with the big concurrency patch maximum concurrency for qmail can be as high as 2^16 (okay, you need a few descriptors, but 65500 should be possible). And from the README to that patch: **CAUTION** if you do this one should realise that qmail-send might try to open 64K connections to the /same/ host because it doesn't maintain a per-domain concurrency. And as I have posted about 60 minutes ago to this list, I have made the observation that the big concurrency patch for qmail is pretty much useless. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: how to _delay_ failed authentication
On Wed, Apr 25, 2001 at 03:36:28PM +0200, Karsten W. Rohrbach wrote: oh yes it is in control of at least the process it calls directly (qmail-popup) which terminates nonzero on auth error Yeah, it exits nonzero at auth error and it exists nonzero in any other case. See my post (to qmail list) some days ago. qmail-popup ALWAYS exits with _exit(1); tcpserver lacks the feature of connection rate limiting which exactly would be the application in our case. i also thought about defining a scheme like openssh does (max simultaneous connections, soft threshold for sessions, percentage of connections to drop) combined with some advanced tarpitting per ip address (like accept n connections per minute from each ip address and back off with delay d and increase that delay each connection attempt, and perhaps multiply it with the exitcode of the process called). does this make sense? That's what I'd liked to accomplish with the server/client framework I wrote about. IMHO on a well administered system this is not error prone - at least not more than having a LDAP or MySQL server for authentication. The benefit however is that it can also be used in clustered environments and you won't need code changes to djb software. Putting all the load on tcpserver itself is IMHO a bad idea: - it would need massive code changes in tcpserver - it would slow down tcpserver itself - depending on implementation tcpserver would need a lot more memory - you'd have to have different versions of tcpserver (with/without rating) - on new versions of tcpserver you'd have to port/make patches again - lack of clustering support (POP-Toasters, SMTP-arrays) If the client really could not connect to the server you can have a failsafe method for this that either accepts like for ok or denies like for fail. DJB's strategy is always to have small, high specialised programs for special tasks. I like this idea, it's in the spirit of Unix and I think one should stick to it. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: how to _delay_ failed authentication
On Wed, Apr 25, 2001 at 03:12:31AM +0200, Karsten W. Rohrbach wrote: maybe add it to tcpserver? tcpserver ist not in control of checkpassword and has no knowledge of corrrect/incorrect user:password pairs. The solution I would like most (and which would be rather flexible and also working with clusters) would be to have a fast http server (maybe based on djb's publicfile). This server would have a configurable sized hash table (similar to dnscache) and a strategy for expiring entries. There would be two clients/APIs: - one would send ip:fail or ip:ok and the server would either increment or delete an internal counter - the other would send ip:query and the server would return allow or deny. These two clients could be placed withing the calling queue after tcpserver and checkpassword. Within this framework one could write other clients/servers that would e.g. allow for controlling the number of smtp connects per IP per time interval: - have a client that sends ip:connect to the server and the server returns ok or fail. - if the answer the ok give over to the next program in queue - if the answer is fail act similar to rblsmtpd and send a 4xx to every SMTP protocol request from the sender. I've been working on the last server/client with a friend. We have some code but it's not finished yet. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: how to _delay_ failed authentication
On Tue, Apr 24, 2001 at 11:48:09AM +0700, Kittiwat Manosuthi wrote: Anybody know how to delay failed authentication attempts to prevent brute force pwd cracking on POP3 server using qmail vpopmail? IMHO not out of the box. But you surely could construct something in checkpassword that uses a (process independent) ip related counter and just as you use POP after SMTP to enable relaying you could add ip:deny lines to your tcpserver control file. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: Qmail SMTP HELP response
On Fri, Apr 20, 2001 at 06:01:58PM -, WebSec WebSec wrote: Can anyone please tell me how to quickly change default Qmail response to SMTP HELP string? Qmail is secure - but we would like to make it less obvious. (we changed the greeting string already and working on error responses) You have to edit the source. Editing qmail-smtpd.c should be sufficient. If you want to mimic sendmail change the texts to look like sendmails' and you probably have to add some comands (like "debug"). \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: Resource Load with qmail
On Thu, Apr 19, 2001 at 05:00:00PM -0300, jpablo wrote: hardware requirements for high traffic qmail/vpopmail instalations. define high traffic. In a heavy loaded machine, with a lot of maildirs, wich will define lot of maildirs. be the bottleneck? Disk i/o? CPU? Memory? Network troughput? If any of you are running high-load qmail servers please tell me the quantity of maildirs and the hardware used. Thanks in advance. We have a medium sized POP3 server. 16000 users (i.e. "Maildirs") 30 pop3 connects/day (about 50% remote access, from "outside" of our networks, causing smtp after pop enabling). both plain pop3 and ssl tunneled pop3 supported 5 SMTP connects/day 6 messages per SMTP/day 13 deliveries a day (we do an extra delivery per message for accounting reasons) The machine is also running a few small mailing lists, a webmail interface (perl + apache), a MySQL database (user authentication) and a djbdns dnscache server (cachesize 100 MB). The bandwidth in/out is approx the same proportion throughout the day and is at 300 KByte/s (i.e. 150 KBs in + 150 KBs out) during prime time (9 to 18) with a few rare peaks up to 300-500 KBs We have a range of 15 to 50 parallel pop3 connections during prime time hours. Medium is around 25-30. The max average load in a 15 minute interval is usually not over 0.5 $ swapinfo Device 1K-blocks UsedAvail Capacity Type /dev/amrd0s1b 10484480 1048448 0%Interleaved The machine is FreeBSD 4.2-RELEASE CPU: Pentium III/Pentium III Xeon/Celeron (796.54-MHz 686-class CPU) dual processor real memory = 536805376 (524224K bytes) amr0: AMI MegaRAID amr0: Series 490 Firmware H795, BIOS 2.03, 32MB RAM amrd0: MegaRAID logical drive on amr0 amrd0: 70004MB (143368192 sectors) RAID 5 (optimal) ahc0: Adaptec aic7896/97 Ultra2 SCSI adapter aic7896/97: Wide Channel A, SCSI Id=7, 32/255 SCBs ahc1: Adaptec aic7896/97 Ultra2 SCSI adapter aic7896/97: Wide Channel B, SCSI Id=7, 32/255 SCBs fxp0: Intel Pro 10/100B/100+ Ethernet I'd say this machine is currently well prepared for at least the double number of users without any problems. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: store and forward incoming e-mail
On Thu, Apr 19, 2001 at 05:16:28PM -0400, alexus wrote: how can i store and forward all incoming emails Put in your .qmail file: # ./Maildir/ [EMAIL PROTECTED] # This will put a copy of your email into the maildir named "Maildir" (please note the triling "/") in your $HOME and it will forward a copy of the email to "[EMAIL PROTECTED]". If you use mailbox delivery change the first line to e.g. # ./Mailbox [EMAIL PROTECTED] # (no trailing "/" this time ;-) \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: store and forward incoming e-mail
On Thu, Apr 19, 2001 at 06:59:05PM -0400, alexus wrote: i just joined that list yeah sure, and because your time is so worthwhile, you can't spend ten minutes searching the archives. Rather than that you try to steal the time of some 100 high qualified IT professionals and demand help. I am not a prophet, but with this attitude you will have a hard time on this list. if you don't want to "bothered" unsubscribe from this list.. If you don't want to have to wear asbestos underwear you'd better do some preliminary research and RTFM in the future. \Maex -- A few weeks of development and testing can save an afternoon in the library.
Re: pop3d, fixcrio, tcpserver
On Tue, Apr 17, 2001 at 07:44:23PM -0700, Michael Werneke wrote: Telnetting to port 110 is successful. Surely there must be a workaround for this. This setup has been working for months in the same configuration for months with the same mail clients. What could cause it to stop working over night? What is your startup sequence for tcpserver? If your/your clients DNS is broken "overnight" (some unnoticed syntax error in zone file e.g.) this may exactly be the symptoms. What exactly do you mean by "pop3 connections keep timing out" ? If you do a $ telnet pophost pop3 do you get a "prompt" like +OK [EMAIL PROTECTED] or is it hanging like $ telnet popmail pop3 Trying 195.30.0.14... Connected to popmail.Space.Net. Escape character is '^]'. [ hanging now ] If it's the latter, you may add "-H", "-l localname" and remove (if present) the "-p" flag to tcpserver. Also, you may have reached a capacity limit. If you have really a *lot* of clients connecting you may hit the default for simultaneous connections (=40), but from the log you've posted I don;t think this is the case (tcpserver: status: 2/40 - means 2 active connections out of 40 simultaneous allowed). What puzzled me in your log is the line: Apr 17 18:36:05 alpha pop3d: 987557765.215412 tcpserver: ok 2010 :111.222.77.121:110 adsl-11-222-33-87.dsl.sndg02.dslisp.net:11.222.33.87::3015 I can neither get records for adsl-11-222-33-87.dsl.sndg02.dslisp.net(NXDOMAIN) nor 87.33.222.11.in-addr.arpa (NXDOMAIN) \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: Cant sent to yahoo or hotmail
On Wed, Apr 18, 2001 at 09:21:58AM +0300, Andrew Wafula wrote: I have configured qmail as per instructions but when i try to send to yahoo or hotmail i get the following error: Why should it try to deliver external mail to itself? It doesn't. It looks like you try to use your qmail server as an outgoing relay. qmail-smtpd does only accept email for hosts listed in control/rcpthosts. If you want to relay messages (i.e. not deliver to local accounts) qmail will reject them, except if the environment variable "RELAYCLIENT" is set, in that case qmail will relay the message. Please have a look at http://cr.yp.to/qmail/faq/servers.html#authorized-relay for basic infos on how to setup authorized relays. You may also have a look at The qmail newbie's guide to relaying URL:http://www.palomine.net/qmail/relaying.html - Selective relaying with tcpserver and qmail-smtpd URL:http://www.palomine.net/qmail/selectiverelay.html \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: pop3d, fixcrio, tcpserver
On Wed, Apr 18, 2001 at 02:28:10PM -0700, Michael Werneke wrote: It doesn't hang with telnet. The mail clients (Outlook in this case) are able to connect to the pop3 and authenticate, but not retrieve mail messages. A tail --follow=name maillog gives shows this as the reason for the timeouts: Apr 17 18:36:05 alpha pop3d: 987557765.365642 tcpserver: end 2010 status 256 This is no abnormal termination. What is the contents of the Maildir of that user? How big are the files? I changed the actual addresses to protect the innocent. :) Really a *great* idea. What else did you change? And why didn't you state this fact in the first place? Look you want us to help you. I spent at least some minutes to do the lookups, checked DNS servers for problems, tried to help you and it's for the trash can. Thanks for that. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: Feedback about RBLs
On Wed, Apr 18, 2001 at 04:26:41PM -0500, David Talkington wrote: Works quite well. Unfortunately, we weren't able to continue using it for political reasons. Once in place, rblsmtpd began rejecting and logging several messages per hour, and too many of the open relays turned out to be "friendlies". I have made modifications to rblsmtpd, qmail-smtpd and wrote a mess822 package that allows you to not reject but tag messages with infos about RBLs the sending IP is in and with the mess822 package users can decide which messages to - reject (with bouncesaying) - forward to another account for review in their .qmail files. In case you're interested, have a look (start) at http://www.lamer.de/maex/creative/software/ucspi-tcp/ \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: pop3d, fixcrio, tcpserver
On Wed, Apr 18, 2001 at 11:43:40PM +0200, Peter van Dijk wrote:
On Wed, Apr 18, 2001 at 11:40:38PM +0200, Markus Stumpf wrote:
On Wed, Apr 18, 2001 at 02:28:10PM -0700, Michael Werneke wrote:
Apr 17 18:36:05 alpha pop3d: 987557765.365642 tcpserver: end 2010 status 256
This is no abnormal termination.
status 256 is abnormal.
Aehm ...
qmail-pop3d: 987544742.033581 tcpserver: end 65447 status 256
ALL my tcpservers that handle pop3 conns exit like that. They work
fine and without problems for years ...
Startup via:
exec /usr/local/bin/tcpserver -R -v -c 150 \
-l popmail.space.net\
195.30.0.14 pop3\
/var/qmail/bin/qmail-popup popmail.space.net\
/var/qmail/contrib/checkpassword\
/var/qmail/bin/qmail-pop3d Maildir 21 \
| /var/qmail/bin/splogger qmail-pop3d 17
Unmodified qmail-1.03.
Unmodified ucspi-tcp-0.88
FreeBSD 4.2-RELEASE
I have digged through the code, manpages and include files.
Anyone not interested in C code may press 'd' now ;-)
I think the "256" is due to the fact that qmail-popup does:
switch(child = fork()) {
case -1:
die_fork();
case 0:
close(pi[1]);
sig_pipedefault();
execvp(*childargs,childargs);
_exit(1);
}
And also the die() in qmail-popup.c does an _exit(1).
So I'd say that qmail-popup *always* exits with a value of 1 which
maps to a code 256 returned via status by waitpid() (at least on my
system).
Of course unless it receives some signal.
tcpserver.c:
while ((pid = wait_nohang(wstat)) 0) {
wait_nohang.c:
return waitpid(-1,wstat,WNOHANG);
from the manpage to waitpid()
pid_t
waitpid(pid_t wpid, int *status, int options)
WIFEXITED(status)
True if the process terminated normally by a call to _exit(2) or
exit(3).
WEXITSTATUS(status)
If WIFEXITED(status) is true, evaluates to the low-order 8 bits
of the argument passed to _exit(2) or exit(3) by the child.
from /usr/include/sys/wait.h
#define _W_INT(i) (i)
#define _WSTATUS(x) (_W_INT(x) 0177)
#define WIFEXITED(x)(_WSTATUS(x) == 0)
#define WEXITSTATUS(x) (_W_INT(x) 8)
So, status 256 would have a WIFEXITED() of true and WEXITSTATUS() should
be "1".
\Maex
--
SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299
Stress is when you wake up screaming and you realize you haven't fallen
asleep yet.
Re: how to calculate the number of returned mails using qmail
On Tue, Apr 17, 2001 at 05:32:52PM +0530, mugundhan wrote: iam very much confused as to how to find the number of bounced back mails. iam able to receive all the bounce back mails to my email address. but, i need to count them manually to get the number of returned mails. Set up an account that will only receive the bounces. Make the delivery of that account a Maildir. Do a "/bin/ls -1 | wc -l" in that Maildir/new . The number you get is the number of messages in that box. If you want to start over, remove all the files in that Maildir. Please note that it may take hours and days for bounces to come back. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: Some mail is getting to qmail, some others aren't
On Tue, Apr 10, 2001 at 03:11:43PM -0700, Steve Quezadas wrote: I have a weird problem. 90% of the people can email me fine to my qmail server. 10% of the people can't. The 10% of the people who can't get the following error: fano(2:2819) $ dnsqr mx pcrush.com 15 pcrush.com: 57 bytes, 1+1+0+0 records, response, noerror query: 15 pcrush.com answer: pcrush.com 21524 MX 5 63.204.40.234 * a MX record *MAY NOT* point to a IP address. It's supposed to point to a FQDN. Your DNS zone setup is broken. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: Very slow qmail response
On Fri, Apr 06, 2001 at 10:05:33PM +0100, Ricardo Cerqueira wrote: This should be "-l localhostname" this is a NAME, not a number. Says who? Says me (see below) You should have seen it yourself. From that URL: * -l localname: Do not look up the local host name in DNS; use localname * for the environment variable $TCPLOCALHOST. A common choice for localname * is 0. To avoid loops, you must use this option for servers on TCP port * 53. Tom wrote me personally that this document lists "0". Haven't been there for a long time and I wrote to Tom I'm sorry. But I still hold the statement that putting 0 instead of local hostname there is nonsense, if you have programs that do depend on $TCPLOCALHOST more than using this string for logging (as tcpserver itself). \Maex
Re: Very slow qmail response
On Fri, Apr 06, 2001 at 09:50:14AM -0700, Tom Jackson wrote: Also note that a few recent messages were in error in suggesting -h flag to tcpserver. The options I used are: -v -p -l 0 -H -R -x /etc/tcp.smtp.cdb But isn't the -p not correct here? If you use -p and DNS is broken you will get a lot of timeouts, as -p enforces a few more DNS lookups. And "-l 0" is also nonsense. This should be "-l localhostname" this is a NAME, not a number. See http://cr.yp.to/ucspi-tcp/tcpserver.html \Maex
Re: Error 550 message rejected
On Thu, Apr 05, 2001 at 04:29:58PM -0700, Matt Simonsen wrote: From what I can tell this message was rejected by the lhh.com server, perhaps an email gateway which was not setup correctly? Correct. [EMAIL PROTECTED]: 207.195.180.22 does not like recipient. Remote host said: 550 Mail relay not allowed at this server Giving up on 207.195.180.22. $ host -t mx lhh.com lhh.com mail is handled (pri=10) by fc.lhh.com lhh.com mail is handled (pri=10) by mail.lhh.com lhh.com mail is handled (pri=10) by seattle.lhh.com lhh.com mail is handled (pri=20) by seattle2.lhh.com DNS indicates that these four hosts are to be used as mail exchangers for lhh.com fc.lhh.com has address 12.25.48.197 mail.lhh.com has address 12.25.48.197 seattle.lhh.com is a nickname for lhhmail.dedicatednet.com lhhmail.dedicatednet.com has address 207.195.180.22 lhhmail.dedicatednet.com has address 207.195.180.22 seattle2.lhh.com is a nickname for mx.dedicatednet.com mx.dedicatednet.com has address 207.195.180.11 mx.dedicatednet.com has address 207.195.180.11 seattle.lhh.com and seattle2.lhh.com are configured wrong in DNS. MX records may not point to CNAMEs ... thats one (not critical) problem. 207.195.180.22 does not like recipient. So it looks like none of the prio=10 hosts was available at that time so the message was sent to seattle.lhh.com and this smtp server is misconfigured according to DNS as it is a MX host for lhh.com but does not accept messages for lhh.com. The same holds for seattle2.lhh.com: $ telnet 207.195.180.11 smtp Trying 207.195.180.11... Connected to ns1.dedicatednet.com. Escape character is '^]'. 220 ns1.dedicatednet.com NTMail (v4.30.0013/NU7670.00.0cc0ca14) ready for ESMTP transfer HELO sucker 250 ns1.dedicatednet.com sucker MAIL FROM: [EMAIL PROTECTED] 250 OK. RCPT TO: [EMAIL PROTECTED] 550 Mail relay not allowed at this server quit 221 Goodbye sucker So, either the DNS for lhh.com is set up wrong in terms of MX records or the mail servers at dedicatednet.com are set up wrong according to DNS. \Maex P.S. At the moment the prio 10 MX hosts work (again) for me. -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: isn't this kinda slow?
On Wed, Apr 04, 2001 at 12:33:56PM -0700, Brett wrote: I just ran a test on our machine here and the results are not good. I sent a message bcc'ed to a 1000 different non-existent recipients on another one of our machines. 14 minutes later and only 600 of them have been processed/bounced. This is pretty slow. You are hitting two problems here: 1) is the max number of parallel connections the remote will accept 2) you are getting only bounces back that the sending qmail has to process which will eventually slow down the remote delivery Better would be to configure the receiving mail server as a data sink that will deliver (for that test!!!) messages to non existing user to /dev/null I have a mailing list run by ezmlm (so nearly no bounces at all) with about 93000 subscribers on a dedicated machine. Earlier this week I did some graphs on the delivery behaviour. It's a vanilla qmail patched with the big-concurrency mod to get a concurrencyremote of 500. In case you're interested the graphs are at http://www.lamer.de/maex/creative/software/qmail/deliveries/ Maybe I'll configure qmail to a concurrencyremote of 250 and see how the behaviour changes later this week ... \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: Be all, end all checkpasswd
On Fri, Mar 30, 2001 at 09:46:26AM -0500, Dan Newcombe wrote: There is a patch to do MD5, so the users can securly send their password for POP and SMTP AUTH transactions. Can't help with the other questions, as I am using my own model for checkpassword, but the encoding schemes for POP3 APOP and SMTP AUTH (CRAM-MD5) are not compatible. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: redundant mail servers
On Fri, Mar 23, 2001 at 11:02:13AM -0500, Russell Nelson wrote: You use POP3 when you want to get the email the hell off your servers. Anyone else noticing a heavy growth in "Keep eMails on Server" settings in POP3 ? :((( You use IMAP when you want to have a mail expiration policy, *smile* thanks to Maildirs this has become easy with POP3, too ;-) \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: Repeated Identical Messages
On Fri, Mar 16, 2001 at 05:44:54PM -, Steve Crowder wrote: We restarted our qmail server last night explicitly adding to control/timeoutsmtpd a value of 1200 as per the mail by \Maex 1200 is the default. So setting this to 1200 won't change anything ;-) btw. you do not need to restart qmail, this file is read by every invocation of qmail-smtpd (i.e. on every new connection). I have looked at the code of qmail-smtpd.c The 451 timeout is issued by the receiver if it doesn't get any infos from the sender within timeout (=1200 default or from timeoutsmtpd). - the message seems to have arrived successfully (including CRLF.CRLF) otherwise the receiver wouldn't have it correctly in queue. At that point if the connection breaks the mail will be delivered. (if there where no local filesystem problems, message size problems, too many hops or the like). - Then the receiver sends back the "250 ok tstamp qp pid". This tells the sender that the message was received ok. And it looks like this code never arrives at the sender. Would all of you that have the problems mind makeing a test and inserting an explicit flush(); call in qmail-smtpd.c in function acceptmessage() as the last statement. This *should* not be needed, as the data command has a flush entry ... What *really* puzzels me is that saferead() spits out an error to the sender before closing, but safewrite() simply does an _exit(1). Maybe inserting some error output could also help tracking down the problem. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: Repeated Identical Messages
First let me say I have NEVER seen duplicates from this list (nor from anywhere else, nor did one of our customers complain about dupes from qmail). And we live on the other side of the big pond ;-) On Thu, Mar 15, 2001 at 10:16:35AM -0500, dan kelley wrote: when i started to capture all smtp sessions with recordio to see if that gave any hints, i found that i had lots of these in my logs: 451 timeout are you seeing he same thing? Is this a message from the sender or from your smtpd? If it's yours you might give control/timeoutsmtpd a chance (default is 1200 seconds, see "man qmail-smtpd"). \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: Repeated Identical Messages
On Thu, Mar 15, 2001 at 05:05:30PM -0500, dan kelley wrote: they're definitley qmail; both run qmail-1.03 unpatched under tcpserver. what do you mean by 'help for smtp' ? lagrange(2:2697) $ telnet mailhost.otec.com smtp Trying 209.3.117.5... Connected to mx1.ny.otec.com. Escape character is '^]'. 220 * help 502 unimplemented (#5.5.1) quit 221 mx1.ny.otec.com this is definitely NOT an unpatched qmail. Unmodified qmail's look like that: lagrange(2:2698) $ telnet mail.space.net smtp Trying 195.30.0.8... Connected to mail.space.net. Escape character is '^]'. 220 mail.space.net ESMTP help 214 qmail home page: http://pobox.com/~djb/qmail.html quit 221 mail.space.net \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: simple spam filtering system: critiques welcome
On Thu, Mar 15, 2001 at 02:42:53PM -0800, Jon Rust wrote: We currently use rblsmtpd to block mail based on RSS, DUL and RBL. What I've wanted all along is a way for individual users to have this same ability, rather than as a system-wide setting. Here's what I've come up with, and I'd appreciate criticisms and comments from my fellow qmail admins: Sorry to follow up your announcement with mine ... I've done something like that, start at http://www.lamer.de/maex/creative/software/ucspi-tcp/ It consists of 3 parts: 1) is a modification to rblsmtpd that allows to define "tags" for RBLs. Each tag of a RBL that had a hit for that IP is put blank delimited into an evironment var RBLID 2) is a modification to qmail-smtpd it checks for RBLID env var and inserts one line per RBL tag into the header of the received mail like: X-RBL-Check: MAPS-RSS X-RBL-Check: MAPS-DUL 3) is a mess822 package called 822xrblcheck you can put it into .qmail files and call it e.g. with |bouncesaying "no messages from blacklisted hosts accepted" /path/to/822xrblcheck MAPS-RSS \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: block unknown hosts
On Tue, Mar 13, 2001 at 06:57:17PM -0800, Eric Pretorious wrote: Is there a method to verify that the "From:" field contains a working address before accepting the message? (I've heard of this approach somewhere...) It's a verification of the envelope sender domain (it there is a A or MX record). You cannot verify the username on the fly, though ... The code for that is part of e.g. the SPAMCONTROL modifications for qmail-smtpd: http://www.fehcom.de/qmail/qmail_en.html \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
OT: CRAM-MD5 vs APOP MD5 digest in checkpassword
Sorry, this is slightly off topic. We use a (homegrown) checkpassword programm (with MySQL support) that also does APOP authentification for POP3. I'd like to add SMTP AUTH (based on Eric M. Johnston qmail-smtpd AUTH patch 20010105). From what I've read from the RFCs (I'm not so good with crypto things :( I am rather sure ;-) that APOP and CRAM-MD5 are not compatible. However I'd like to - if possible - maintain one codebase for our checkpassword programm and not have two different versions. Is there a chance to tell from the digest whether it's a APOP (i.e. plain MD5) or a CRAM-MD5 digest? (Otherwise I'd probably try to make a really ugly hack and look at argv[1] to decide whether it's called in a POP3 sequence or a smtpd one). Thanks, \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: another port as 25
On Wed, Mar 14, 2001 at 01:16:06PM -0500, Michael Peppard wrote: This is a good question actually... maybe I should rtfm, but can you receive mail on port 25 and transport it on another port? This could be useful in pushing through a firewall, in addition to the redirection. My next to next task. You can setup a standard qmail installation on one host. This would listen on port 25 and accept emails. On that host use /var/qmail/control/smtproutes to send the emails on to the host behind the firewall, by adding a line domain:desthost:port See "man qmail-remote" for more information. On that host you can configure (e.g. via tcpserver) to have qmail-smtpd accepting mails on that port. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: qmail postfix
On Fri, Mar 09, 2001 at 10:43:28AM -0600, Mate Wierdl wrote: Well, I am thinking about bad or sluggish addresses; a bounce comes back, and deposited in the queue. Then there are the messages ezmlm-warn sends out... I doubt they are single messages with lots of recipients... With no experience here, I believe what you are saying, that this activity is pretty negligible. The big gain in using ezmlm here is that you have a pretty much "clean" userbase. Users that don't have valid email addresses cannot subscribe because they don't get the confirmation request back. So the only dropouts are addresses that got deleted which in turn will be automagically unsubscribed by ezmlm. I had posted the URL of a picture that shows the delivery of the 95000+ newletter in the past, here it is again: http://www.lamer.de/maex/creative/software/qmail/deliver-stats2.gif The delivery starts at about timestamp 300 and the first pass is finished at around 2950 (scale is seconds). The next two peaks are retries. a high percentage of the subscriber base is at yahoo addresses :(( The problem ist that the mail servers are very unresponsive and at certain times quite a lot of delivery slots are filled up with hanging delivery attempts which degrades the performance :(( But as this is a dedicated server for that newsletter at the moment there is no need for optimising at the moment (could be done e.g. with a second qmail on that same machine that gets all the yahoo mails, so they're out of the way for list delivery). \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: Traffic measurement
On Fri, Mar 09, 2001 at 12:41:16PM +0100, Qmaillist wrote: I tried many tools in order to get to know how much traffic my different virtual domains on my machine (not every domain has its own IP) comsume. Sorry, no script but a way to code ... we use something similar but it wouldn't help as it is highly dependant on some logging modifications we'd made. When you get a new email qmail logs: mail qmail: 984092366.436762 new msg 603366 mail qmail: 984092366.437102 info msg 603366: bytes 51771 from [EMAIL PROTECTED] qp 39056 uid 101 Important is the message number: 603366 This shows up again when qmail delivers the email: mail qmail: 984092366.476909 starting delivery 573283: msg 603366 to local [EMAIL PROTECTED] mail qmail: 984092366.579607 delivery 573283: success: did_1+0+0/ From this two lines you can see that msg 603366 triggered a delivery with id 573283 that was successful. After that qmail is done with the message and logs mail qmail: 984092366.608063 end msg 603366 With this infos it shouldn't be too hard to code a script that processes this information and outputs lines like Bytes Sender Recipient 51771 [EMAIL PROTECTED] [EMAIL PROTECTED] and a postprocessor that e.g. sums up the bytes for each recipient.domain or [EMAIL PROTECTED] With all that you should have in mind that the size info is only the payload (i.e. the number of bytes as seen by qmail) and does not account for the real TCP/IP and SMTP protocol overhead. Form our experience during the years you have to multiply by a factor of 1.8 to get close to the average ip traffic each message consumes. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: qmail postfix
On Thu, Mar 08, 2001 at 12:26:55PM -0600, Mate Wierdl wrote: On the ezmlm list somebody asked if he needed the bigtodo patch if he is to set up 15 lists with 50K subscribers each, and the lists get exactly one message/day. I would have thought, no since my P120 box handles 180K messages a day with no noticable problem. But Russ said 15x50K is hard on a normal qmail queue. Aehm ... if you use ezmlm you get 15 messages (i.e. files) not 15x50K messages. So the big-todo patch ist of no relevance here. However I would recommend using the big-concurrency patch and set concurrencyremote to 500 or more. I have a Pentium III (551.25-MHz 686-class CPU) 256 MB RAM on a RAID 5 dedicated machine for a 95000 users newsletter list. concurrencyremote set to 250. It delivers the 95000 messages in about 1 hour. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: Can Qmail send out 2 million mails in 12 hour window?
On Tue, Feb 27, 2001 at 08:11:10PM +0100, Peter van Dijk wrote: As long as you are injecting messages, qmail won't perform at full speed. Play with that rate, maybe no limiting *is* the best option. Maybe an idea would also be to "disable" the trigger mechanism in qmail-queue/qmail-send (changing permission on trigger would be sufficient) and change qmail-send's sleep timeout to some 60 seconds. This can be easily done by changing qmail-send: #define SLEEP_TODO 1500 /* check todo/ every 25 minutes in any case */ This would cause qmail to "bulk", i.e. scan todo and organize, send out the mails, and then start again. With that one could measure (system and bulk job dependant) how many emails qmail can send out in a certain interval. Then one could synch the SLEEP_TODO and the number of injects per SLEEP_TODO. \Maex P.S. as some ppl wondered ... no, i didn't get lost ;-) only had no time to read the list which bestowed me 1200 unread messages :/ but I'm nearly though ;-) -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: mailserver buffering
On Tue, Feb 27, 2001 at 12:08:12AM -0700, Andy Bradford wrote: Not necessary. They will be queued up in qmail's mail queue until they can be delivered to their mail server (or until the message has been in your queue too long and the message bounces). Simple really. We've had simmilar problems with "dialup customer" wanting their email delivered via SMTP. What we did (and also use for some backup MX customers, that turn off their mailservers during weekends *argl*) is to use a maildirsmtp setup. I find it pretty annoying having some 1000 email for them in the "active" qmail queue and the customers complain "that some emails take a long time to arrive although the mailserver is back up again" (this is due to the quadratic backoff). What we do: 1) create a /var/qmail/channels/serialmail directory. 2) in this directory create another directory "dom.ain" 3) in this directory create a maildir (e.g. called "Maildir") and a .qmail-default file containing ./Maildir/ 4) add to users/assign a line like: +dom.ain-:qmaild:101:101:/var/qmail/channels/serialmail/dom.ain:-:: (101:101 is the uid:gid for qmaild:nofiles - this is because of section 10) below ;-) 5) run qmail-newu 6) add lines to control/virtualdomains dom.ain:dom.ain .dom.ain:dom.ain 7) kill -HUP pidof(qmail-send) Now mails for [EMAIL PROTECTED] will end up in the maildir /var/qmail/channels/serialmail/dom.ain/Maildir/ If the customer has more than one domain (e.g. .net, .com. org) you can use in virtualdomains example.com:dom.ain .example.com:dom.ain example.net:dom.ain .example.net:dom.ain And they will end up in the same directory. 8) In /var/qmail/channels/serialmail/dom.ain create a file "RELAYHOST" and put in it the name of the mail exchanger for that dom.ain (e.g. mail.dom.ain) 9) All you need now is a script that periodically scans (we use 3 minutes) all the /var/qmail/channels/serialmail/dom.ain directories, checks if there are eMails in Maildir/new. If so, flock the RELAYHOST file (to avoid concurrent deliveries) and start maildirsmtp to try to deliver the email to `cat RELAYHOST` We do this in a two way style, so we have one scanner and one deliverer thats been forked off from scanner. The maildir command would look like maildirsmtp /var/qmail/channels/serialmail/dom.ain/Maildir \ dom.ain- `cat .../dom.ain/RELAYHOST` mail.mydom.ain (don't forget the trailing "-" on dom.ain- above) 10) we also use tcpserver to set the ETRN="dom.ain" Variable for the ip the mail.dom.ain runs on and we use a wrapper to qmail-smtpd that checks for the existance of the ETRN Variable and if it exists it forks off deliverer for dom.ain (kinda AutoTURN like ETRN). We use this setup for about two years now and it works like a charm. There is only one problem: if the customer changes the mail exchanger without telling you *sigh* The scripts for scanner and deliverer are in perl, the qmail-smtpd wrapper is in sh. If I find some time, I'll write some docs and cleanup the code and put it up for public retrival. *sigh* but I cannot promise any date as I have nearly zero spare time right now :/ \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: badmailfrom...
On Mon, Feb 05, 2001 at 03:24:26PM -0500, Jean Caron wrote: Would this be valid in control/badmailfrom; @*.cn ? No it isn't. If not, is there an equivalent ? Not with an unmodified qmail version. There exist addons to support wildcard matching ... www.qmail.org should list some. I've seen enough spam from those little I doubt that woul really help. Most SPAM I see is relayed through *.cn servers but badmailfrom only goes for envelope senders (which mostly always have no *.cn addresses). You may try plugging rblsmtpd in http://cr.yp.to/ucspi-tcp/rblsmtpd.html from the ucspi-tcp package at http://cr.yp.to/ucspi-tcp.html and set RBLSMTPD for *.cn netblocks using tcpservers rules (-x flag). \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: qmail problem
On Mon, Jan 29, 2001 at 07:25:25PM +0100, NDSoftware wrote: The logs say only for one message ! And the headers of the emails please. Possibly the MUA does a Fcc and as the mail is to yourself you end up with two copies, a local saved one and a sent and received one. \Maex
Re: Moving qmail servers
On Mon, Jan 29, 2001 at 08:55:26PM +0200, Alex Kramarov wrote: The problem is probably with you moving the queue directory (which is a definite no-no, because the filenames in there must correspond to their inode numbers). Check out queue-fix on qmail-org, it should help at least one of your problems. an easy way to "move" the queue would have been to - allow relaying for mailold on mailnew - make mailold:/var/qmail/control/smtproutes consist of one single line :mailnew.domain - on mailold: # kill -ALRM pidof(qmail-send) \Maex
Re: Re: Sorry about the size of my prevous e-mail (I have beem flamed on this before).
On Mon, Jan 29, 2001 at 09:12:54PM +0200, Alex Kramarov wrote: well, that was in the heat of the moment, make it 5000. But 2000 can make people send in plain text, someone has already proposed this here. Why should anyone impose artificial limits on the size of messages to this mailing list, only because a) you use a broken MUA b) you are unable to configure it correctly c) you seem to be the only one that has permanent problems with a) and b) \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: qmail+virtualdomain
On Fri, Jan 26, 2001 at 12:05:18PM +0100, Massimiliano Santarelli wrote: Well , now i put "avatar.yi.org:alias-avatar" into virtualdomains file, and made a: touch ~alias/.qmail-avatar-pluto Into my locals file i've: cikosub.yi.org but if i send a mail to [EMAIL PROTECTED] and [EMAIL PROTECTED] it seems there's no difference between the two domains for the same user. Did you kill -HUP pidof(qmail-send) \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: Things I have noted
On Fri, Jan 26, 2001 at 10:13:28AM -0800, [EMAIL PROTECTED] wrote: The problem with "there is a delay in delivering the message"-type mails is that the average user never takes the time to read those messages, and thinks that they mean that the mail has bounced. No, the problem is that while they may be helpful if sent by a server under your control (where you can delete the message if you like) they are a nightmare if sent by remote systems where you have no chance to control them. As I said before, if you will get one every hour for a whole week (and then the message was bounced with a undelivery notice) you will surely start to hate this "feature". \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: failure notice (qmail and ezmlm)
On Fri, Jan 26, 2001 at 11:08:49AM -0700, Ben wrote: All mailing lists are in the form "[EMAIL PROTECTED]" (virtual domain) -- but seems to get reformatted to "[EMAIL PROTECTED]", This is because of hdshc.asu.edu. IN CNAME aquinas.pp.asu.edu. hdshc.asu.edu will be rewritten to aquinas.pp.asu.edu by mailservers as a CNAME says kinda "this host does not exist and is really called aquinas.pp.asu.edu". control/locals-- localhost.asu.edu aquinas.pp.asu.edu control/virtualdomains--- aquinas.pp.asu.edu:hdshc.asu.edu A host may not be in locals and virtualdomains at the same time (i.e. it may, but locals takes precedence to virtualdomains). Another problem might be that if the ezmlm mailinglist is configured to be [EMAIL PROTECTED] it will not accept beeing called [EMAIL PROTECTED] The easiest way to fix your problem is probably to change hdshc.asu.edu. IN CNAME aquinas.pp.asu.edu. to hdshc.asu.edu. IN A 129.219.125.101 \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: Why so few qmail-remote processes
On Thu, Jan 25, 2001 at 12:08:22PM +0100, Jacques Frip' WERNERT wrote: I know that well so I put "5" but I can't take too much time to send my mails ... No, you obviously don't. Otherwise you'd noticed that the the first retry for a message in the queue starts after 6m40s so any value lower than 400 has the same effect than setting it to 0. \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
Re: A lot of Temporary_error_on_maildir_delivery
On Thu, Jan 25, 2001 at 09:06:52AM +0200, Kaj-Michael Lang wrote: I'm having a very serious problem.. the mail queue is full of messages (about 31k) and local delivery is very slow if at all. I get lot of those temporary delivery errors in the logs. Sorry, I can't find the error message in your mail. \Maex
Re: Things I have noted
On Thu, Jan 25, 2001 at 10:33:18PM +1100, Rod... Whitworth wrote: Q1: I have learnt that qmail does not issue reply codes indicating permanent failure for invalid users/mailboxes. I know that these messages will eventually bounce but (apart from the issue of determining whether a recipient exists within a valid domain for delivery) is this "less expensive" than the more obvious 5xx response? qmail - unlike other mail "systems" - is not one big monolith program bt has many modules that work together. qmail-smtpd is receiving the messages and putting it in a queue. qmail-smtpd does not know about local users, just domains. qmail-local has all the mechanisms to deliver emails locally. I think someone (Sam?) had a modification to qmail-smtpd to mimic all of qmail-locals mechanisms to enable it to bounce messages to non local users, but that way you do all the decisions twice. For usual use (no attack with a e.g. dictionary spam) qmails way of handling things is no problem. Q2: Perhaps I have a user who makes a typo in an address. Say it is in the local-part and that the domain is valid. I have learnt tha qmail does not issue deferral notices. On the server I have worked with in the past a deferral after a few hours may result in the sender correcting the address. (Some are so stupid that a 4x4 hardwood billet but never mind!) Waiting days doesn't seem like other than a godlike retribution process for fallible beings. I personally *hate* those delay messages. Once I got one every hour for a whole week from a remote system telling me that it cannot contact the final delivery system. Really annoying and pretty useless, as there's nothing I could have done against the problems. However there is a addon module available at http://www.qmail.org/ that IMHO does what you want. Search for delayed-mail notifier on qmails website. \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
Re: Is it safe to recompile and install qmail after patching.
On Thu, Jan 25, 2001 at 02:49:15PM +, Eng. Ramy M. Hassan wrote: On a production environment is it safe to patch qmail source and make setup check once again. Yes. Any precautions should be taken ? You should shut down all qmail services before doing a "make setup", otherwise some programs might not be installable due to "Text file busy". \Maex
Re: Why so few qmail-remote processes
On Thu, Jan 25, 2001 at 02:31:58PM +0100, Jacques Frip' WERNERT wrote: Where do u find this value "6m40" ? See qmail-send.c. chanskip[remote] ist initialized to 20 and qmail uses a quadratic retry schedule. This results in the tables that can found at e.g. http://www.lamer.de/maex/creative/software/qmail/times.html http://www.lifewithqmail.org/lwq.html#retry-schedule \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: No transport provider was available for delivery to this recipient
On Thu, Jan 25, 2001 at 07:53:48AM -0800, john roberts wrote: I sometimes get this message when I am trying to send mail from Outlook 2000 or 97 to qmail 1.03 server: No transport provider was available for delivery to this recipient. Dies this message pop up immediately or after some kinda timout? What do the qmail logs say? Maybe tcpservers max connection limit was hit at that time? \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: No transport provider was available for delivery to this recipient
On Thu, Jan 25, 2001 at 10:17:07AM -0600, Charles Cazabon wrote: john roberts [EMAIL PROTECTED] wrote: No transport provider was available for delivery to this recipient. http://support.microsoft.com/support/kb/articles/Q197/4/17.ASP?LN=EN-USSD=gnFR=0 Basically, they're violating the SMTP spec by not enclosing addresses in . Dan "fixed" this (i.e. added the workaround for non RFC compliant clients) in at least qmail-1.03 (just verified, works). The problem only happens with pre qmail-1.03 versions (our old qmail-1.01 server does not accept addresses withou the ). \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: No transport provider was available for delivery to this recipient
On Thu, Jan 25, 2001 at 08:40:12AM -0800, john roberts wrote: delivery". How do I look to see what the tcpservers max connection limit is? tcpservers option "-c" defines the number of simultaneous connections. Default is 40. See http://cr.yp.to/ucspi-tcp/tcpserver.html You have to check your qmail-smtpd startup script to see what value you are using. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: qmail-pop3d and fetchmail
On Thu, Jan 25, 2001 at 05:42:56PM +0100, Peter van Dijk wrote: qmail-pop3d sorts messages based on size, so supporting LAST would yield wrong results anyway. Hmmm ... are you sure? From looking at the code I'd say it's sorted by modification time. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: qmail+virtualdomain
On Thu, Jan 25, 2001 at 06:05:48PM +0100, Massimiliano Santarelli wrote: modifying the locals/rcpthost files , and in virtualdomain file (newvirtualdomain:newuser). A domain has to be either in locals OR virtualdomains, not in both (if you have it in both, locals overrides virtualdomains). Don;t forget to kill -HUP `pidof qmail-send` after making changes to locals and/or virtualdomains file. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: ORBS
On Thu, Jan 25, 2001 at 03:18:53PM -0200, Marcilio Jorgensen Cassella wrote: TO:orbs-relaytest%manawatu.co.nz@[200.18.178.4] How to fix it, please ? You probably have a control/percenthack file. Remove it. \Maex
Re: Subtle qmail bug? (was Re: Handling an MX record of 0.0.0.0 or 127.0.0.1)
On Thu, Jan 25, 2001 at 12:40:47PM -0500, Patrick Bihan-Faou wrote: Well I guess that this one is definitely elligible for the "qmail security challenge". http://web.infoave.net/~dsill/qmail-challenge.html If you don't count that as a bug in qmail, then I don't know what is a bug... You quote it, but have you also read the document? Especially the "Rules" section, part 1. (and also 8.1) \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: relay controls
On Thu, Jan 25, 2001 at 10:39:26AM -0700, Dan Egli wrote: This file does exist, and it is readable, containing the following rule: 127.0.0.1:allow,RELAYCLIENT="" 209.254.33.:allow,RELAYCLIENT="" yet if I jump onto a machine that is not in these rules, and I telnet into port 25, I can setup a mail from outside the realm to outside the realm. I do not understand Qmail at all so I need some major help here. Do you have a file called /var/qmail/control/rcpthosts if that file does not exist your mailserver is relay open. $ man qmail-smtpd (located in /var/qmail/man) [ ... ] rcpthosts Allowed RCPT domains. If rcpthosts is supplied, qmail-smtpd will reject any envelope recipient address with a domain not listed in rcpthosts. Exception: If the environment variable RELAYCLIENT is set, qmail-smtpd will ignore rcpthosts, and will append the value of RELAYCLIENT to each incoming recipient address. rcpthosts may include wildcards: heaven.af.mil .heaven.af.mil Envelope recipient addresses without @ signs are always allowed through. [ ... ] \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: how to stop smtp .... there's no sendmail
On Thu, Jan 25, 2001 at 10:55:01AM -0700, [EMAIL PROTECTED] wrote: when I did netstat -l I got this: LISTEN tcp 0 0 *:pop-3 *: * LISTEN tcp 0 0 *:smtp This is probably inetd listening on that ports. Edit /etc/inetd.conf and comment the lines for "smtp" and "pop"/"pop3" (i.e. put a '#' as the first char on that line). After that do a kill -HUP `pidof inetd` \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: Subtle qmail bug? (was Re: Handling an MX record of 0.0.0.0 or 127.0.0.1)
On Thu, Jan 25, 2001 at 01:56:45PM -0500, Patrick Bihan-Faou wrote: Well failure to recognize that 0.0.0.0 is yourself is not quite DNS related exploit. It is a bug. If AOL or hotmail would decide to change their MX records to your mailserver this will for sure also cause you problems. But neither is a *security* bug. the code is completely obfuscated (I know I know, style is a matter of taste), there is 0 line of comments in the code The ability to read the code depends on your C language skills. The ability to work with the code depends on the tools you have and use (ever given ctags a try?). Limited capabilities don't mean the code is obfuscated. A book written in Kishuaheli will look obfuscated to most people on this planet and it doesn't have comments, too. However this is not a criteria for the quality of the book. Well my answer to this is "don't use qmail" Nobody says you have to. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: relay controls
On Thu, Jan 25, 2001 at 11:26:09AM -0700, Dan Egli wrote: rcpthosts is no good. We want to accept mail for ALL domains. This is a primary mail server for many virtual domains. I need to be able to send to any domain in existance. such a rcpt hosts file would be HUGE! So what? qmail has no problems with huge files. Mine has some 60,000 records. What you describe is a relay open mailserver, and that's what you have now. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: Subtle qmail bug? (was Re: Handling an MX record of 0.0.0.0 or 127.0.0.1)
On Thu, Jan 25, 2001 at 06:32:47PM -0500, Scott Gifford wrote: Markus Stumpf [EMAIL PROTECTED] writes: If AOL or hotmail would decide to change their MX records to your mailserver this will for sure also cause you problems. No it won't. qmail will give an error that the MX records points back to itself, and bounce the message. I don't think that any mailserver out there will be able to handle the load if AOL or Hotmail will change the MX record to point at that system (without prior notice). This would be a DOS just like the 0.0.0.0 is. qmail knows that MX records that point back to you are a problem, it just doesn't know that 0.0.0.0 points back to itself. That's why it's a bug. I never said it's not a bug, it's IMHO just not a security bug. It's triggered by a DNS misconfiguration (done on purpose). And, btw., thanks for finding it and supplying a fix. \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: large todo queue - HELP!
On Wed, Jan 24, 2001 at 10:59:04AM +0100, Peter van Dijk wrote: The todo-queue is *slowly* getting smaller (71288 now, compared to 71690 when I started typing), but the complete queue is growing (100121 now). What I did once was to compile an identical copy of qmail but with another location of the queue directory (however on the same physical disk) and install it. Compile a copy of qmail with big todo. Stop all qmail services (also smtp) Now, rm -r the queue directory of the identical copy and "mv" the queue directory of the original qmail there. Install qmail with big todo. start qmail-send for the bigtodo and the copy. start smtpd for bigtodo only. With this procedure you get the queue "out of the way", have a new, fresh one that will work (hopefully) fast and the old one will get smaller with the time. HTH, \Maex
Re: conf-split
On Wed, Jan 24, 2001 at 06:59:26PM +0100, Peter van Dijk wrote: Yes there are (answering my own post). Scanning todo/ takes longer, if you are using the big-todo patch, because every subdir has to be scanned, instead of just one dir. Where *is* the benefit in the big-todo patch? I think the benefit is with OSs having poor directory access routines. As directories are scanned on a linear basis access is faster scanning two small directories than one very big one. Also modifications in the small directories (adding/removing files) will be faster. And (not sure about that, though) the first level directory is held in the filesystem cache as it has lots of accesses but does (usually) not change. However IIRC this patch is mostly (only?) a benefit with Linux' ext2 filesystem. \Maex
Re: Why so few qmail-remote processes
On Wed, Jan 24, 2001 at 07:06:30PM +0100, Jacques Frip' WERNERT wrote: So I'll make a test with "queuelifetime=0" to see if my number of qmail-remote will increase dramatically. You surely DON'T want to do this. This will cause every message that cannot be delivered with the first try to be bounced back to the sender as a failure. \Maex
Re: alias domain
On Wed, Jan 24, 2001 at 09:36:34PM +0100, Clemens Hermann wrote: Can I do this by just adding the new domain to virtualdomains with the same user then the existing domain Yes.\Maex
Re: pop3d and tcpserver and qmail
On Wed, Jan 24, 2001 at 04:45:53PM -0800, Register, Dadrien wrote: correctly, but I can't revieve email from outside networks. I can recieve email locally, so the qmail daemon seems to work. I'm pretty sure it has something to do with pop3d and tcpserver. Also, the MX records are setup correctly. To receive eMails you need a SMTP not a POP3 daemon. You can start it like /usr/local/bin/tcpserver -v -p -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /var/qmail/bin/qmail-smtpd 21 Be sure to disable/kill smtp/sendmail in /etc/inetd.conf and and the system startup scripts. The best way to start up qmail is using daemontools. See http://www.lifewithqmail.org/lwq.html#start-qmail for examples. \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
Re: queue is empty, but qmail still complains
On Wed, Jan 24, 2001 at 07:27:14PM -0600, Charles Cazabon wrote: I've also just noticed something else odd about the error messages -- aren't the files in the split directories normally named by inode number? In this case, the "missing" files all share the names of the split directories that qmail thinks they should be in -- i.e. mess/13/13, mess/14/14, etc. [ ... ] I just don't get it. I've searched the archives of the list, and can't find any occurrences of this. I'd appreciate any thoughts on what might be causing this. Could it be the big-todo patch somehow failed? Or - that you have a big-todo queue layout and the active qmail installation (or at least qmail-send) uses the vanilla qmail structure. Then it would think the subdirs in todo are files and tries to find the corresponding files in queue/mess, which obviously would fail as this are no files, but dirs? \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
Re: queue is empty, but qmail still complains
On Wed, Jan 24, 2001 at 08:25:44PM -0600, Charles Cazabon wrote: That's the funny part -- this is a machine which has worked fine for two years, and just recently started giving me this trouble. I haven't changed the qmail installation itself. *smile* maybe the installation changed 1.5 years ago, but nobody restarted qmail-send for that two years, now it happend and now there are problems :-) Unfortunately I can't imagine an easy way to tell whether a binary is built with or without the big-todo patch :( \Maex
Re: Patches
On Tue, Jan 23, 2001 at 02:45:39PM +0530, Sumith Ail wrote: We are planning to install Qmail on a production server which will have around 500+ virtual domains. I am aware that some patches need to be applied to qmail before it can be used on a production server. This is wrong. Can someone please let me know on what are the necessary patches to be applied. I am using the latest memphis RPM's of Qmail, daemontools and ucspi-tcp package. So I would like to know on which are the most required patches to these RPM's You don't need any patches. If you like modifications of some sort see http://www.qmail.org/ and pick what you like. \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
Re: 502 unimplemented
On Tue, Jan 23, 2001 at 10:56:29AM +0100, Stef Hoesli Wiederwald wrote: After that I said: quit and got a 451 timeout (#4.4.2) some minutes later... First I thought it is your keyboard, now I tend to think it's either your telnet of your terminal device driver thats broken. Or maybe it's the TCP/IP Stack on that machine? How is qmail started on that host, what do the logfiles say, what version of qmail are you using, did you apply any modifications, what OS is the machine running, ... As long as you're hiding information we cannot even test the qmail smtpd server. If you want help, provide information. \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
Re: QMail DOS
On Mon, Jan 22, 2001 at 09:40:13AM -0500, Andy Abshagen wrote: We are in the midst of a security audit performed by Ernst Young. They are claiming something about a DOS situation. What I need to find out is whether there are any known DOS situations out there. If so what needs to be done to take care of the problem. There are two "problems" with a vanilla qmail installation I can think of: 1) if an agressor sends zillions of emails to a non-existing local address qmail-smtpd will - unlike a lot of other smtpds - accept the messages, pass it through it's delivery mechanism and bounce them back creating bounce messages itself. qmail-smtpd cannot decide at SMTP level wether a user exists or not. It is IMHO a question of definition whether you will call this a DoS vulnerability. 2) is only applicable if the qmail server is acting as a relay to the final MTA. If again an agressor sends zillions of emails to (non-existing) local addresses (even with multiple RCPT TO commands in one SMTP session) qmail-remote will send one mail per recipient to the final MTA. If this final MTA is also qmail you again have situation 1) and if the user does not exist, qmail will return a bounce message for each message received, regardless what type of SMTP receiver the final MTA is. This could cause the receiver of the bounces problems and some ppl claimed that - because of that - qmail could be used to DoS other systems (e.g. by faking the sender address). I'd personally not call any of the two situations DoS vulnerabilities, other might want to. Your mileage may vary. \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
Re: 502 unimplemented
On Mon, Jan 22, 2001 at 05:20:56PM +0100, Stef Hoesli Wiederwald wrote: manually via telnet to port 25. Sometimes I can send a message without problems, and sometimes I get the 502 error, but not at the same point, i.e. arbitrarily after any of the helo, mail, rcpt or data commands. How about you show examples of the situation where the 502 is returned. \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
Re: QMail DOS
On Mon, Jan 22, 2001 at 07:25:20PM -, Andrew Richards wrote: The standard DoS is to open lots of SMTP connections to an SMTP server, which could be qmail, or any other MTA - and leave them open. Which can easily be dealt with by setting Q/control/timeoutsmtpd to a lower value (default is 1200 seconds). \Maex
Re: URL on Exchange retrying like mad
On Thu, Jan 18, 2001 at 09:46:50PM -0500, Peter Green wrote: Looking for a little help... I seem to remember that in certain cases, Exchange will retry immediately after a temporary error, generating a mail storm. I also seem to remember that there was a URL (possibly on microsoft.com) describing the problem. This is a Microsoft confirmed problem and they have a A TARGET="TOP" HREF="http://support.microsoft.com/support/kb/articles/Q224/9/83.ASP"bug description and fix/A. I'm trying to make a case against using Exchange (based on the fact that it doesn't obey standards) and this would be really helpful. Interestingly enough the patch mention on this page looks like it never made it in the official "service pack"s. Although I have this URL for about 1.5 years now. To fix the server hosting our NT webservers we'd to pay some $200 bucks for calling M$ hotline and it took them 3 days to mail the patch. So much on "how to make easy money": write broken software and let them pay for fixes. \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
Re: Help diagnosing problem
On Wed, Jan 17, 2001 at 05:58:42PM -0800, Boz Crowther wrote: Can anyone help me with a little direction on diagnosing exactly what's going on here, and how to resolve it? I appreciate any help you can provide. The ucspi-tcp package contains a program "recordio". You may want to plug it in before the invocation of qmail-smtpd (just like fixcrio). recordio will write everything that passes through it to the logfile, so you can see whats beeing received and sent. \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
tcpserver with more connection control
Sorry, if this is somewhat off topic, but I haven't found a ucspi-tcp list. (and nothing approriate searching with search engines ;-) Has someone written an addon to tcpserver that allows control of connection frequency based on ip addresses? I am thinking of something like specifing 1.2.3.4 20 connects per 10 minutes If that limit is hit tcpserver would either deny the connection or start an optional other program e.g. smtpreject which could send 220 mail.example.com and a 451 too many connections as an answer to sucessive commands. Thanks, \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
Re: Does -probe mean removed?
On Tue, Jan 16, 2001 at 05:56:19PM -0800, Brian Ghidinelli wrote: In the Log files generated by ezmlm in DIR/Log, does "-probe" mean the user was removed or only that the user was probed? I'm trying to run statistics and can't find a conclusive answer in the man pages. Thanks! + subscribe via email - unsubscribe via email +manual subscribe manually (e.g. commandline) +manual unsubscribe manually (e.g. commandline) -probe removed because a probe message that bounced back \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
max RCPT TOs and RFC821
I am going to patch qmail-smtpd to have a maximum number of rcpt to's it will accept in one session. (I regularily see spammers that try to send to a lot of (valid) adresses in one bulk). The value I am thinking of is around 20 and after that I will reject the recipients with a "451 Too many recipients." message. Looking at RFC821 I find (Page 42) recipients buffer The maximum total number of recipients that must be buffered is 100 recipients. Thus this patch would violate RFC821. Do you think this violation is critical? A correctly implemented smtp server should resend those "451 ack'd" addresses anyways, shouldn't it? Hmmm ... thinking about that quote (maybe it's my bad english) does that make a sense at all? What's the meaning? Wouldn't The MINIMUM total number of recipients that must be buffered is 100 recipients. make more sense if one would like to impose a limit? And why (some lines later at that page) would one reject too many recipients with a "552 Too many recipients.", i.e. a permanent failure code instead of a 4xx temporary code? Puzzled, \Maex
Re: etern
On Sat, Jan 06, 2001 at 10:17:52AM -0500, [EMAIL PROTECTED] wrote: On Sat, 6 Jan 2001, Bill Hults wrote: Hi I need to grab mail from a qmail server via etern. Can this be done? Thanks No. Yes and No. It depends on the program that wants to fetch the emails and whether you have a fix IP address or not and how much control you have on the qmail server. If the program doesn't depend on positive return codes to the ETRN command (otherwise you have to patch qmail-smtpd) and you have a fixed IP address and you have control of the qmail server have a look at the serialmail package written by djb and the AutoTURN section on http://cr.yp.to/serialmail.html \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
Re: Alias problem with - before .
Cc adjusted. On Wed, Jan 03, 2001 at 03:29:24PM +0100, oliver bender wrote: To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] There is a user account "paul" existing on that system, having a .qmail file in his home directory /home/paul. This .qmail (or even .qmail-john (as I've read in some of the replies to other similar problems)) will lead into the above result. We're using qmail as a mailrelay server running Microsoft Exchange as the local mailsystem. Mails within our company sites are encrypted. We don't have the dot-forward installed, yet. Create a .qmail-default file in /home/paul. This will catch up addresses like paul-anything. If you want to treat paul-john.doe specially you need a .qmail-john:doe file in /home/paul. See dot-qmail(5) "EXTENSION ADDRESSES" \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
Re: qmtpd
While you're on it, will there be support for specifying qmtp connects via the smtproutes file? Maybe try qmtp first if the port is set to 209? Thanks, \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
Re: rblsmtpd - notification
On Thu, Dec 28, 2000 at 11:10:37AM +1100, [EMAIL PROTECTED] wrote: question is: Is there anyway of notifying the person who sent the mail to you through the open relay, with a generic message that they were blocked. Say "Your message could not be processed by our server." If anyone could help with this it would be much appreciated. rblsmtpd either rejects the message permanently (5xx code) or temporarily (4xx code). Depending on the option you start rblsmtpd with and assuming a correctly working smtpd on the sending side, the user will either get a immediate failure notice on a 5xx code or a delayed one as soon as the retry interval (typically around a week) of the sending smtpd has expired. See URL:http://cr.yp.to/ucspi-tcp/rblsmtpd.html and especially the section on "Temporary errors" and the "-b -B" switches for more information. Note: a 4xx code is more "social" but may trigger bugs in some smtpds (e.g. Microsoft SMTP) causing them to hammer on your smtpd with retries. See: URL:http://support.microsoft.com/support/kb/articles/Q224/9/83.ASP \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
Re: What does return address is refused mean?
On Wed, Dec 27, 2000 at 05:04:32PM -0800, Dai Yuwen wrote:
Sometimes my mail will be bounced with the subject "return address is
refused". What does that mean? I'm using qmail-1.03.
This is not a qmail error message.
If these messages are bounces this may be caused by badly configured
mail servers incorrectly rejecting messages with an empty sender ("").
\Maex
--
SpaceNet AG | http://www.Space.Net/ | Stress is when you wake
Research Development| mailto:[EMAIL PROTECTED] | up screaming and you
Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't
D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
