Re: Qmail attack
On Wed, Apr 04, 2001 at 12:30:48PM -, Renato wrote: >Could you tell me more about RSS ? http://mail-abuse.org/rss/ Sean -- You know you're in Canada when: A radio advertisement comes on advertising "Buy a case of beer, get a free touque." Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: qmail-autoreponder-0.93
On Mon, Apr 02, 2001 at 05:52:11PM -0300, Jairo Marciano Silva wrote: >Im trying to install qmail-autoreponder-0.93 but when i run the "make" >command I got the following error: > >qmail-autoresponder.c:4: getopt.h: No such file or directory You need to install the development headers -- on my Redhat/KRUD 7.0 box it tells me that getopt.h is in the glibc-devel package. Sean -- Rocky: "Do you know what an A-Bomb is?" Bullwinkle: "Of course. ``A Bomb'' is what some people call our show." Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: Qmail attack
On Tue, Apr 03, 2001 at 06:00:03PM -0600, Keary Suska wrote: >I had a similar experience, but it wasn't actually a mail bomb, it was a >SPAM attempt. If a spammer thinks that your domain may be a free email Yeah, I've had that happen a couple of times to one of my domains. Not sure how they decided that they should try 15,000 addresses within that domain. I finally had to add the whole domain to badrcptto, because the messages were being sent from a few hundred relays. Probably time to enable rss on the main SMTP servers, instead of splitting messages off when I deliver them. RSS in particular has never blocked a legit message so far. I'm just waiting for it to happen again on a message I can track down -- the last one only included some generic 800 number. You see, Colorado has this law that apparently allows me to get $20 to $40 per copy of the message... Sean -- "All I'm saying is that when I'm around you I find myself showing off, which is the idiots version of being interesting." -- _LA_Story_ Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: Partition swap broke qmail
On Wed, Feb 28, 2001 at 04:04:57PM -0700, Stewart Vardaman wrote:
>Qmail was installed on a /var partition that turned out to be too small, so
>I added a new 36 gig disk, made the old /var something else, and copied
>everything with cp -R. Brought the system back up with the new 36 gig /var
>partition, and qmail is only partially running. It does listen on port 25
Sounds like you didn't run "queue-fix" after you moved the box. Check the
qmail web site for it and use it. Make sure that it's set up with the same
conf-split as you built QMail with.
Sean
--
"Engineering Tablets? Does that mean if I swallow one, I'll be an engineer?"
-- Evelyn Mitchell
Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]>
tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: qmail-send progress with large queue/todo
On Tue, Feb 27, 2001 at 02:13:47PM -0600, Bruce Guenter wrote: >I've been thinking about this issue, and was wondering if it would be >possible to fix this in some simple way. Would it be possible to modify If one has big-todo, is there any point in spending so much time working the todo? Switching the priority so that todo isn't processed until the loop runs without starting any qmail-remotes (meaning we're either at concurrency, or we have no more messages to deal with). I haven't dug into the code of qmail-send though, this is likely not to be as easy as it sounds. Sean -- "Engineering Tablets? Does that mean if I swallow one, I'll be an engineer?" -- Evelyn Mitchell Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: Can Qmail send out 2 million mails in 12 hour window?
On Mon, Feb 26, 2001 at 04:28:43PM -0800, Brandon Yu wrote:
>Can I reasonably meet this rate ? Do you have any suggestions?
It largely depends on the actual number of bounces and where the remote
machines are (if you're sending to a lot of international addresses,
for example). 2 million recipients in 12 hours means that (based on
my experience) you'll be running at peak capacity of two high-end
machines. If you *HAVE* to hit the 12-hour window, I'd recommend
you look at a third machine or possibly thinking about ways to take
advantage of some tricks to get a bit better performance.
Sean
--
Program *INTO* a language, not *IN* it.
-- David Gries
Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]>
tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: Mail2db or maildir2html
On Sat, Feb 24, 2001 at 07:30:40PM +0200, Stefan Laudat wrote: >FYI, you could use LIKE clause too. >Anyway, there is a REGEX clause in MySQL which will fulfill what you need :) So I've heard... >MySQL is FASTER. And it has regex support from a long time ago. Yeah, that's the popular rumor. Doesn't seem to bear weight with reports of postgres being "6x faster" than MySQL on some real-world applications. For example, see: http://www.phpbuilder.com/columns/tim20001112.php3 Sean -- Some girl with psychic power, She said "T-bone, what's your sign?" I blinked and answered "Neon", I thought I'd blow her mind. Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: Mail2db or maildir2html
On Fri, Feb 16, 2001 at 01:07:28PM -0600, Barry Smoke wrote: >I see an existing project... Mail2db which uses a python script, and >postgresqlhas anyone played with this? Is there already a program that We actually have all of our e-mail being stored in the Mail2DB db, not suprisingly. It's actually quite handy, but the message body is *NOT* stored in the database. I currently put *EVERYTHING* into the database and don't want the odd 1MB to 50MB message being shoved in there. Besides, it makes it *REALLY* easy to compress the bulk of the data. I'd highly recommend you consider Postgres over MySQL. The regex matching in SQL clauses is fantastic: SELECT filename, hdrsubject FROM mail2db WHERE hdrfrom ~ ".*@example.com"; Mhonarc is an interesting idea, if you just want a bunch of HTML files. For archiving, the ability to run SQL queries on messages has proven very useful... Sean -- You know you're in Canada when: The petrol-station attendant describes -30 degrees C as "she's a bit nippy out there, eh?". Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: WARNING: Worm (?) sending from root@microsoft.com to *@anon.lcs.mit.ed
On Thu, Feb 08, 2001 at 05:02:06PM -0800, Aaron L. Meehan wrote: >I'm pretty sure this is the work of the W95.Hybrid email worm (the >sexyfun.net one), sending copies of itself to the mail2news gateway What triggered the sudden hit then? sexyfun has been around for quite a while and the mail servers have kept up pretty well. This one is really pounding it though. Sean -- Blaming the software quality on the tool is like saying "I can't pick up chicks because my car isn't cool enough." -- Sean Reifschneider, 1998 Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
WARNING: Worm (?) sending from root@microsoft.com to *@anon.lcs.mit.ed
Anyone else seeing thousands of messages filling up your queue, apparently from "[EMAIL PROTECTED]" to addresses such as: [EMAIL PROTECTED] Looks like this has started within the hour. Looks like one of our clients got hit with about 6000 of them, and they're still coming in. We're currently just trapping them by setting up anon.lcs.mit.edu in virtualdomains and directing that to a maildir: echo anon.lcs.mit.edu:virustrap >>/var/qmail/control/virtualdomains echo '/path/to/maildir/' >~alias/.qmail-virustrap maildirmake /path/to/maildir killall -HUP qmail-send It seems like putting "[EMAIL PROTECTED]" in badmailfrom may prevent it from hitting your boxes resources, but we have tons of resources and would like to check it out a bit. The message is around 80 lines of 70 column upper-case text, something like: Subject: i_rz [NZM zmPaLazCnSTOnermbGneLqrmDGbenCfWrCrSXSTiI GYEPBZDWDNIOFPKVGXPSHSGSFRBVIUNTEBFSDRKTEVLNGCCUKCKCOTCXZNPBFWGBOZ EZGZMMLYBQGVNQGBGPOXFNONKMDTBMZQHNPVCTLCBTHXGWDSESBWDMZWHOMRNPKUEC FSOVFVZSDRFNOWHYMZFUDZBUJYJVIMNSDVJYGWFSCMGNDUEBPBDCFUZMMZPVCQMOEM [...] Sean -- Tragedy is when I cut my finger. Comedy is when you fall into an open sewer and die. -- Mel Brooks Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: Newbie: Which Dist Linux, Best?
On Wed, Jan 31, 2001 at 11:09:17PM -0500, Phil Barnett wrote:
>First off, trying to use a .0 release of any Redhat release is,at the
>very least, foolish.
Are you saying that RedHat 7.0 is worse than RedHat 6.1? If so, you
either haven't used RedHat 7.0, or haven't used RedHat 6.1... We have
a RedHat-based release (KRUD -- http://www.tummy.com/krud/) and it was
on the order of 6 months before 6.1+errata was up to a quality where
we started basing our distro on it. With 7.0, it was the month after
it was released. No matter what the press is saying about it...
I find that most people who are bad-mouthing 7.0 have never even used
it...
What distribution is the best for a newbie? I certainly wouldn't wave
you off RedHat 7.0. My recommendation is that you use the distribution
that most of your friends or most of the experienced people in your local
LUG use. You *WILL* need help, better to not have any reason for your
friends not to help you.
Sean
--
We have just gotten a wake-up call from the Nintendo Generation.
-- _Hackers_
Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]>
tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: Qmailadmin
On Thu, Jan 25, 2001 at 10:32:11AM +0100, fred wrote: >I am using qmail1.03 on a rh7.0. >I would like to use qmailadmin 0.39. >but I can't log in, I need 'postmaster' but I don't know who is he. >however I use omail and it run very wel. Qmailadmin is a tool for managing a "vpopmail" setup. If you don't have vpopmail, it won't really do anything for you. Qmailadmin really should be called "Vpopmailadmin" or something. If you do have vpopmail, the "postmaster" account/password it's asking for is the account that you set up to be the "owner" of the virtual domain you are trying to manage. Sean -- A "fuddish" is when you really like Looney Toons a lot. Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: POP Toaster
On Mon, Jan 22, 2001 at 10:00:02AM -0500, Dave Sill wrote: >>So, you're forwarding mail for "[EMAIL PROTECTED]" to >>"webscripting-net-user" *AT WHAT DOMAIN*? > >virtualdomains entries can't redirect to remote domains. Hmm, seems that envnoathost isn't used for delivery of virtual domains. While that's probably what you want, it's not what I expect. Not after being biten by msglog trying to be delivered to msglog@envnoathost Sean -- Jackie Trehorn treats objects like women, man... -- _The_Big_Lebowski_ Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: POP Toaster
On Sun, Jan 21, 2001 at 12:26:09AM -0600, Peder Angvall wrote: >><[EMAIL PROTECTED]>: >>Sorry. Although I'm listed as a best-preference MX or A for that host, > >I've taken webscripting.net out of the locals file (like the document says) >and it is now empty. > >The virtualhosts file has: >webscripting.net:webscripting-net So, you're forwarding mail for "[EMAIL PROTECTED]" to "webscripting-net-user" *AT WHAT DOMAIN*? If a name doesn't have an "@" in it, it uses the value of "/var/qmail/control/envnoathost", which defaults to the value of "/var/qmail/control/me". You probably want to put something like "myhostname.webscripting.net" in envnoathost, and list it in locals. That'll probably fix the problem. >file, but I can't figure out what the problem is. It's almost as if I'm >completely missing some setting (which is possible). Any ideas? Don't worry, this one is kind of subtle and quick to anger. -- 668: Next door neighbor of the beast. vivivi: The editor of the beast. Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: need a howto, something i can follow step by step and get qmail installed..
On Mon, Jan 15, 2001 at 01:02:53PM -, Gonçalo Gomes wrote:
>need a howto, something i can follow step by step and get qmail installed..
Is there something wrong with the step-by-step instructions in the
"INSTALL" file which is included with the Qmail source? I've found
them to be quite useful.
Sean
--
"I'll thrash you like a Netscape process on a machine with 640K."
-- John Shipman, 1998
Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]>
tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: firewall question
On Sun, Jan 07, 2001 at 06:45:06AM +, Andrew Alford wrote:
>554 [EMAIL PROTECTED] Recipient address rejected: Relay access
>denied.
That means that you don't have "abcdefg.com" listed in your control/rcpthosts
file.
Sean
--
A computer is like an Old Testament god, with a lot of rules and no mercy.
-- Joseph Campbell
Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]>
tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
ANNOUNCE: Mail2DB -- Store incoming mail in a PostgreSQL database.
Mail2DB is suitable for putting in a .qmail/.forward file and will archive e-mail to a SQL database. Currently, there is only the storage component. This was written because somone on a LUG list expressed interest in such a system, but he only knew PHP (which isn't an ideal language for calling from a .qmail file ;-). Hopefully a user interface will be forthcoming. Note that if you are using .qmail, the envelope sender/recipient is store as well. You can get it at ftp://ftp.tummy.com/pub/tummy/Mail2DB/ Sean -- "You can tune a file-system, but you can't tune a fish." -- Quote from tunefs(1M) man page Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: Stress Test
On Fri, Jan 05, 2001 at 09:45:20AM +0100, Michael Maier wrote: >No, it hasn't a Mail Header in it. Ding! Ding! Ding! We have a winner. Sean -- Q: What kind of dog goes "BOFH! BOFH!"? A: A rootweiler Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: Stress Test
On Thu, Jan 04, 2001 at 10:11:37AM +0100, Michael Maier wrote: >system 'qmail-inject $addr < 50k.data'; Does 50k.data have a Mail header on it? Just a guess... >I really need to know where the Bottleneck is because I need to sendout >500.000 Mails in 36 hrs. Good luck... I hope your ISP doesn't mind you pushing 25GB of data in 36 hours. Sean -- YOU ARE WITNESSING A FRONT THREE-QUARTER VIEW OF TWO ADULTS SHARING A TENDER MOMENT. -- Gordon Cole, _Twin_Peaks_ Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: synchronize 2 Maildirs
On Sat, Dec 23, 2000 at 08:13:55PM +0100, Clemens Hermann wrote: >not (!) transferred to the office again. The same vice versa. >The problem is: How does the synchronization program know if a missing >mail on one side was deleted there or not yet transferred. >Has anyone solved a similar problem? The problem is that it's a two-way synchronization. I was, at one point, working on a program that would do such a synchronization. Basicly, you have to track the disposition of each local Maildir and propogate changes to the other side. I had a bunch of code that should have done just this, but there was a bug in it. I eventually abandoned this because right around this time we no longer had a need for dealing with e-mail on two machines. I have some other ideas for a system that would effectively allow for distributed, peer-relationship clustering of mail servers where mail could be sent, received, and read on any of the systems in the cluster, but that will probably be something we do as a commercial project. Sean -- Bush says the election should be finished soon for the good of the people. He's 350,000 popular votes behind, why doesn't he concede? Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: mail() spam question (PHP)!
On Sun, Dec 24, 2000 at 02:34:22PM +0300, Michail A.Baikov wrote:
>How to set spam control on mail() function. We allow use mail() for our free
>hosting. How to set limit use mail() (PHP v4.0.3pl1).
This is more of a PHP question than a QMail question. You might want to
do something like build an extension to PHP where the access to the mail()
and socket and other routies is restricted based on something like a
cron.allow file. You'd probably also have to limit access to qmail-inject,
qmail-queue, sendmail and datemail, possibly access to popen(), etc...
The words "finger" and "dike" come to mind.
Sean
--
We are all in the gutter, but some of us are looking at the stars.
-- Oscar Wilde
Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]>
tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: Source RPM
On Wed, Dec 20, 2000 at 10:03:33PM -0200, Davi wrote: >As far as I know, DJB's license allow to build source rpm and distribute it. >The patches are applied at build time and no binaries is distributed. >Does someone can tell me if is it ok? It seems to be. I mean, there's a link for SRPMs for QMail off the main qmail.org page, so he can't be TOO broken up about it... Sean -- Windows NT: From the people who brought you 640K and EDLIN Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: Qmail support in Australia ?
On Sat, Dec 16, 2000 at 10:50:00AM +1100, Dennis wrote: >The IT manager likes throwing "What happens if you get hit by a bus" at I'd answer that question with "Another tech follows my documentation". If you document the common tasks you're doing for day-to-day maintenance and operations, it's really not a problem... QMail runs very well at a lot of places that don't have QMail experts working there... If you get hit by a bus *AND* a QMail emergency comes up, you can either refer them to, or have in place an agreement with one or more of the consultants listed on www.qmail.org (shameless plug ;-). On the one hand, the question of relying on something you can't support is legitimate. On the other hand, I think it's often used as an excuse. Just because the software you select runs under MS doesn't mean that one of the existing techs can just pick it up and deal with it, without a similar learning curve to doing the same sort of thing for QMail. That, of course, depends on the level of automation, documentation, and their willingness to work with something new. As an example, a few years ago we were called in to manage a group of machines in an emergency. The Unix systems posed basicly the same amount of problem as the Windows machines (except that the Unix machines never crashed on us ;-). The Unix machines were running Roxen where I only had experience with Apache, so it was a learning experience all the way around. In this case, we effectively had no access to their existing techs, and there was no documentation other than passwords. Sean -- "The big bad wolf, he learned the rule. You gotta get hot to play real cool." Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: VPOPMAIL Problem
On Thu, Dec 14, 2000 at 07:37:10AM -0500, Hubbard, David wrote:
>Just go to the domain directory and type this:
>
>echo "&[EMAIL PROTECTED]" > .qmail-default
>
>That means any email that comes in to that domain
>addressed to a nonexistent address will be handled
>by the .qmail-default since a .qmail-username for
>that address won't exist.
Except that vpopmail doesn't use a .qmail-username for user accounts.
Everything gets delivered to .qmail-default and the vpopmail dispatcher
does the appropirate thing there.
Perhaps not the right way, but my first thought is:
mv .qmail-default .qmail-
echo '&[EMAIL PROTECTED]' >.qmail-default
That should allow mail for to come in and be handled, while
sending the rest of the mail elsewhere.
Sean
--
I didn't spend 6 years in evil medical school to be called *MISTER* Evil!
-- Dr. Evil, _Austin_Powers:_International_Man_of_Mystery_
Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]>
tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: Using a RAMDISK for /var/qmail/queue thoughts ?
On Wed, Dec 13, 2000 at 06:43:25PM +, Greg Cope wrote: >Would this still be a good idea ? As a 256 meg dim is 108 UK pounds >sterling - or less than a SCSI card ... I can't say... I used such a setup on a system with 1GB RAM sending out 1+million e-mails of the sort you are. It was more painful to manage, but worked. If you need the performance, then there's not much choice. Sean -- I thought Bush and Gore were both bad choices. However, Bush seems to be doing his best to prove he's the greatest of two evils. Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: Using a RAMDISK for /var/qmail/queue thoughts ?
On Wed, Dec 13, 2000 at 04:20:19PM +, Greg Cope wrote: >Has anyone any empirical evidence for the speed increases I may expect >(as opposed to a fast EIDI (ATA 66, 8.5ms seek) or SCSI system (eg 10k, >5.3 ms seek 25mb/s) ? 10ns is much faster than 5.3ms... It works, I've done it, it's reasonably fast, but you still have to worry about things like swamping the todo and on top of that you may have to worry about filling up your queue disc. You can get QMail into a situation where it's completely wedged until you manually remove some files from the ram disc to give it enough space to continue delivering mail. Sean -- I never thought I'd live in a country where physical violence would be used to disenfranchise voters. Have you heard about Bush supporters rioting? Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: Qmail and RFC1894 - Delivery Status Notifications
On Mon, Dec 11, 2000 at 10:04:14PM -0500, James Morgenstein wrote: >This appears to be used by most of the public mail servers that I have >tested against, but when a mail bounces out of one of my local qmail The problem with DSN is that *EVERY* machine that the message passes through must support DSN, or it fails. QMail doesn't support DSN (unless there's a patch, you have looked at www.qmail.org, right?). Check out VERPs -- Variable Envelope Return Paths. Searching google should provide some good hits. Sean -- I never thought I would live in a country which had a self-declared president. Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: IPCHAINS and Qmail
On Sun, Dec 10, 2000 at 10:31:24AM -0500, Steve Manes wrote: >I know what port 25 is and, no, it's not blocking incoming connections. It >seems to be blocking outgoing connections. But if you look at the script >you'll see that port 25 is open both ways: Ahh, I didn't notice the output rule. I don't tend to use output rules. ># SMTP server (25) ># >ipchains -A input -i $EXTERNAL_INTERFACE -p tcp \ > --source-port $UNPRIVPORTS \ > -d $IPADDR 25 -j ACCEPT > >ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y \ > -s $IPADDR 25 \ > --destination-port $UNPRIVPORTS -j ACCEPT This rule includes "! -y", which means "match all rules *EXCEPT* those with the SYN bit set". But, this is only for responses *FROM* your SMTP port. The log lines you posted indicate it's connecting to a remote SMTP port when it gets blocked, which isn't covered above. There should be a section for "outbound connections", which is what's getting blocked. >In fact, the script doesn't firewall any outbound traffic in eth0, only >input. That's why this is weird. The error log throws occasional mentions >about "SYN" (above) so I wonder if it's a problem with that. What's the default policy on the output interface? Deny? If the script doesn't mention outbound connections, that would be the problem... Sean -- I never thought I'd live in a country where physical violence would be used to disenfranchise voters. Have you heard about Bush supporters rioting? Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: IPCHAINS and Qmail
On Sun, Dec 10, 2000 at 02:51:24AM -0500, Steve Manes wrote: >Dec 10 01:02:49 meg kernel: Packet log: output REJECT eth0 PROTO=6 166.84.147. >124:3687 206.26.89.202:25 L=1064 S=0x00 I=46413 F=0x T=64 (#37) >Dec 10 01:02:55 meg kernel: Packet log: output REJECT eth0 PROTO=6 166.84.147. >124:4396 204.242.84.1:25 L=60 S=0x00 I=46421 F=0x T=64 SYN (#37) > >Any idea what's causing this? ipchains is blocking incoming connections to port 25/tcp. You know, the e-mail port. >The problematic firewall script is rather large (25k) so I've posted it on >my web server at http://www.magpie.com/work/rc.firewall.html Yikes! 25KB?!? I have a hard time imagining it being a tenth the size of that. Allow incoming 25 and 113 TCP, maybe 110 and 143, allow outgoing connections, and allow DNS. Probably also want SSH... A dozen rules? Sean -- I never thought I'd live in a country where physical violence would be used to disenfranchise voters. Have you heard about Bush supporters rioting? Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: big-concurrency.patch
On Sat, Dec 09, 2000 at 12:31:16PM -0600, Charles Cazabon wrote: >> echo "65536" > /proc/sys/fs/inode-max >> echo "16384" > /proc/sys/fs/file-max > >This is really more of a Unix/Linux question than anything else. However, >try adding those two lines to the end of /etc/rc.d/rc.local or your >system's equivalent. Also, realize that by default user's are limited to 1024 open files unless you use ulimit -n to increase it. Sean -- It's bad precident for a president to win through illegal influence of the ballots and election process. Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: Qmail and Large Scale Dynamic Mailings
On Wed, Dec 06, 2000 at 11:45:49AM -0500, Thomas Duterme wrote: >2) Qmail is set to open 20 SMTP connections at a time Ding ding ding ding! We have a winner! Try at least doubling that. Unfortunately, you can't say "20 per destination" or "20 per domain", but setting it to "20 total" is really going to kill performance. Going from 240 to 20 may have been a bit of an over-reaction. Can you try 120? That'll help a LOT. If you have to leave it at 20, you may want to turn your SMTP timeout down to like 5 seconds at the beginning of a mailing, so all the slow to respond mail servers are bypassed, then increase it to like 30 after an hour or two, then to 200 after another hour or two and do a "killall -ALRM qmail-send". Wacky, but it might get the job done... Sean -- Why are Bush supporters acting like they won, when Gore has 350,000 more popular votes? Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: SSL in qmail
On Wed, Nov 29, 2000 at 01:33:54PM +0100, Hans-Juergen Schwarz wrote: >I´m running qmail 1.03 and vpopmail 4.9.4 with the >--enable-roaming-users feature and smtp-auth. Now I have found a ssl >patch under http://www.esat.kuleuven.ac.be/~vermeule/qmail/tls.patch I had tried this patch back in August and found that once applied and I installed the new software, I could no longer send mail to any hosts that had the STARTTLS extension. No diagnostics, qmail-remote would just hang. I don't recall if it hung forever, or eventually timed out and generated some "connection timed out" response. >Does it work together with my configuration? Cause many Clients >don´t work with ssl and I need every possibility to control relaying It uses STARTTLS, which means that the normal connections are the standard SMTP, when the server says it supports "STARTTLS", the client has to respond with "STARTTLS" for it to being doing the SSL stuff. So, it should work with all clients (only clients requesting it will get it). >I got many virtuell Users, does everybody need a cert or just the key >from the communicating Server? It's only a cert for the servers. >How do I apply the patch to the conf Files? per typing? You use the "patch" command. Spefically, you need to be in the top qmail source directory and run "patch -p1 -s Is there anywhere a site to find more information about this, cause >I think I don´t really understand how it works. Well, there's the STARTTLS RFC2487, available from www.faqs.org... Probably more than you wanted to know though. ;-) Sean -- Why are Bush supporters acting like they won, when Gore has 350,000 more popular votes? Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: more than 65535 accounts on one mail server
On Tue, Nov 28, 2000 at 07:48:47PM -0800, [EMAIL PROTECTED] wrote: >that UNIX has a limit on the UID's of 65534, any file that has a UID >higher than that number defaults back to UID0.. Actually, it's more like they get UID%65534, but it's a similar result ;-) >I have read the MySQL patch, and from what I understand, the user >accounts still need a UID in the MySQL database, as well as their home >directories need to be owned by the UID assigned to them in MySQL... Yes, it needs *A* UID, doesn't say it needs a *UNIQUE* ID. I set up a similar system using my own checkpoppasswd (I can provide it if you like, it's written in Python) which uses the hashed directories and stores all the data under one user-id. Works great, especially over NFS, because the passwords are in the user home directory, so they get distributed via NFS as well. No need to sync /etc/passwd between machines. The other alternative is to use something like vpopmail or vmailmgr. Sean -- When the law supports you, pound the law. When the facts support you, pound the facts. If neither, pound the table. Bush supporters are rioting... Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: Announce: Automatic mail archiving
On Thu, Nov 23, 2000 at 07:53:06AM +0100, Piotr Kasztelowicz wrote: >give this software a search funktion (Mhonarc don't support it)? Are you volunteering to implement it? ;-) No, MHonArc doesn't have any searching functionality. As I said, the easy way to go about it is using Google. Sean -- People who interview themselves shouldn't criticize writing styles. -- John Bentley, Programming Pearls Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Announce: Automatic mail archiving
I've just put together a package for automaticly managing mailing list archives. The idea being that at times it's nice to save a copy of mail from a list for later review. This system uses QMail extensions, Python, MHonArc, and PHP (for dynamicly generating the archive indexes) to do this. Assuming you have the above (lengthy) list of requirements satisfied, autoarch can be set up in under a minute. Mail sent to "user-autoarch-listname" will then get archived, including web interface (if you have MHonArc and Apache or the like). The first message coming in creates a new archive. Available at ftp://ftp.tummy.com/pub/tummy/autoarch/ If anyone has any ideas on how to make it reasonably secure... ;-) If you keep the archives private, it should be fine. It would be nice to get Google to index them, but that means that your "secret" auto-archive address is available. I suppose I could set up some lock-downs so that the directory had to be created first, and/or the first message sent to it would limit where messages could come from in the future... Sean -- A bus station is where a bus stops. A train station is where a train stops. On my desk I have a workstation... Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: Qmail and RedHat7
On Wed, Nov 22, 2000 at 05:46:44PM -0800, m wrote: >(has anyone installed qmail on RedHat7 yet...it did seem to compile ok) I've done 4 or 5 installs on KRUD 7, which is RedHat 7 + the errata. Are you using the RPMs from http://www.em.ca/~bruceg/qmail+patches/ They worked fine for me. Too bad we can't just put up the pre-compiled binaries, eh? Sean -- Q: What kind of dog goes "BOFH! BOFH!"? A: A rootweiler Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: socket sending to qmail problem... pleaseeeee help...
On Wed, Nov 15, 2000 at 07:24:43PM +0800, Luke Chiam wrote:
> ptmp = pstr;
> sentlen = 0;
> leftover = slen;
> do {
>sentlen = send ( sockfd, ptmp, slen-sentlen, 0 );
>ptmp += sentlen;
> } while ( ptmp < ( pstr + slen ) );
Is pstr supposed to be the data you are sending? Does that data include
the SMTP (EHLO, MAIL, RCPT, DATA, and .) lines? If not, your code
above should negotiate that.
Sean
--
That weapon will replace your tongue. You will learn to speak through
it. And your poetry will now be written with blood. -- _Dead_Man_
Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]>
tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: control files on an NFS share?
On Thu, Nov 16, 2000 at 06:04:31PM -0600, Ben Beuchler wrote: >I am primarily concerned about files like 'rcpthosts'. They are read on >every invocation of qmail-smtpd. Am I going to be looking at >significant overhead from reading a file like that over NFS? Not if you turn the NFS caching options up high enough... I tried to set up /var/qmail/control on an NFS partition at some point, and it was failing. Or was that /etc/tcpcontrol for the CDBs? I forget now... It was very unhappy though, wouldn't run at all. Sean -- Do you think reading about cowboys is sufficient to ride a horse? Like horses, real programs tend to throw you. -- John Shipman, 1997 Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: Forwarding of a whole domain
On Fri, Nov 17, 2000 at 02:56:42PM +0100, Ruprecht Helms wrote: >how can I configure qmail to forward mails for all users of >a domain? Depends on how you want to do it. If you simply want to forward the messages on intact to the same rcpt name at another host (not domain), remove the domain from the "locals" file, leave in in "rcpthosts", and add ":" to "smtphosts". HUP qmail-send and you should be in business. If you want all mail for that domain to go to forward to a single remote name, put "&[EMAIL PROTECTED]" in the .qmail-default file for that virtual domain. If you want mail for [EMAIL PROTECTED] to forward to [EMAIL PROTECTED], use the forward trick mentioned in the other reply. Sean -- Good judgement comes from experience, and experience comes from bad judgement. -- Fred Brooks Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: Separation of qmail-smtpd & qmail-remote
On Tue, Nov 21, 2000 at 01:10:06AM +0900, Gan wrote: >I want to separate my mail server into 2 machines , (simple relaying but >too many users) , How can I do that? Should i use controls/smtproutes file ? Well, you could set up one box which had smtproutes set up with ":", but you would still have to run qmail-smtp on the second box. Perhaps you should look at QMQP to deliver the messages to the second box (it's meant to be lighter weight). It's still going to be injecting the messages into different queues on the different machines. Sean -- Well son, a funny thing about regret is that it's better to regret something you HAVE done than regret something you haven't done. Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: qmail enhancements
On Tue, Nov 21, 2000 at 11:25:36PM +0100, Johan Van Gompel wrote: >A year and a half ago I built a Linux/qmail server to replace an aging >Windows NT 3.51/Microsoft Mail system. This system has been working Excellent. We've had a number of clients asking us to help them migrate from NT to Linux, and they've been happy with the results. If NT works for you, great. If not, there's a nice alternative you should look at. Spend the NT licensing money on a nice Athlon 1GHz upgrade. ;-) >(2) allow POP3 access via SSL only; sslwrap works well for that. >(3) extract any mail attachment and check it for various things; >(viruses, unallowed extensions, etc.) Amavis (with some studly caps thing). Check freshmeat.net... >(4) support delivery to same users at different domains; ? [EMAIL PROTECTED] and [EMAIL PROTECTED] are different users? http://www.inter7.com/vpopmail/ works well for this. Also doesn't require system accounts for virtual domain users. >(5) allow only a more rigid form of authentication; >(e.g. POP-before-SMTP) http://www.em.ca/~bruceg/relay-ctrl/ Very easy install if you use the qmail+patches RPMs from the same site. Sean -- Money is the root of all evil! Man needs roots... Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: Courier or qmail
On Tue, Nov 21, 2000 at 04:39:21PM -0600, Jamin Collins wrote: >Has anyone on the list used Courier as a complete mail server? If so, how >does it compare to qmail? I spent about 5 hours evaluating it, and couldn't get it to act as a simple mail server. This was a few months ago, so I'm sure the status has changed, but I don't think that Courier is quite as stable as QMail... Test it and find out if it works for your needs. I was kind of put off by the rejection of my message to the Courier mailing list. I detailed what all I had done and what the failure was. I wasn't interested in subscribing, sending the message, then unsubscribing. Whatever. Sean -- "When you first started at Pacific Tech you were well on your way to becoming another Einstein and then you know what happened?" "I got a haircut?" Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: Courier
On Thu, Nov 09, 2000 at 04:18:29PM -0500, Dave Sill wrote: >Has anyone checked it out? I picked it up and tried to set up a test mail server with it. It indeed does seem interesting... This was a couple of months ago, so I don't remember the details, but I ran into a problem where it just wasn't delivering mail to the test user/domain I set up. I spent several hours following the documentation and FAQ. The FAQ had some entries about what I was seeing, and I verified I followed the instructions exactly. I'd hope it would be fixed by now, but I haven't had another 5 hours to try mucking with it again. Sean -- kill -HUMP : Process immediately stops what it's doing and fork(2)s a child process, which runs as a daemon. -- Sean Reifschneider, 1998 Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: qmailadmin - 500 Internal Se. Error
On Sun, Nov 12, 2000 at 12:40:48PM +0100, Are Haugsdal wrote: >QmailAdmin loads fine, but when I have given the login information, and press >submit, I get the "500 Internal Server Error". A while ago I ran into a very similar problem that was related to using qmailadmin from a box running a particular version of Internet Exploder. It would generate Internal Server Errors when trying to add POP users. If you are using IE, try Netscape as a test. Sean -- Put out fires during the daytime. Do your real work at night. Sleep is just an addiction. -- Dieter Muller Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: New Mail Notification (with VMailMgr, advanced, not qbiff etc)
On Wed, Nov 08, 2000 at 02:24:11PM -, Michael Vorburger wrote: >future. So a simple forward won't do, I need to call some external script >each time new mail comes in. I would modify vmailmgr so that when it delivers mail to a maildir, it also logs a message somwhere. Then simply write a program that watches that log for new incoming messages and takes the appropriate action. I've done a similar modification to QMail itself and vpopmail. Sean -- What no spouse of a programmer can ever understand is that a programmer is working when he's staring out the window. Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: high performance configs [was: Blocked pipe to qmail-queue]
On Sun, Nov 05, 2000 at 06:48:38PM +0100, Markus Stumpf wrote: >I think there shouldn't be one queue in the scheduler. There's IMHO no >need to have the scheduler do both: insert new messages and schedule >deliveries. the big-todo patch has nothing to do with it. it just Unless you're running a file-system that doesn't do effectively a linear scan of a directory for every insert and remove operation, keeping the todo small is a very good idea. Otherwise you chew up a lot of time in the kernel. That's why I said it's a good idea to have a scheduler that gives precedence to the todo queue. Why do you disagree? >Sorry? No you can't, at least not with a lot of the bounces. If >qmail-remote gets a permantent error, it signals back to qmail-send >and a bounce is generated internally (i.e. injected into the queue). >You can't avoid this happen locally. Sorry? Yes you can. If it's important to you to do so, simply move into place a qmail-queue which injects the messages into the other queue. If you're still injecting into the main queue at this time, you'll need to call qmail-queue directly. It all comes down to how important it is to you to get better performance. The images posted previously suggest that their biggest problem was with remote bounces, however. If they were local bounces, I would expect to have seen consistently lower performance, but the way it looked to me was that delivery would pick up quite nicely and run for a while until remote hosts started turning around a bunch of bounces. That was just a guess, but it seemed not entirely an unreasonable one. Sean -- Hack the man. VOTE! November 7, 2000 Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: high performance configs [was: Blocked pipe to qmail-queue]
On Fri, Nov 03, 2000 at 01:00:10AM +0100, Markus Stumpf wrote: >qmail doesn't use concurrencies to their max as long as there are still >unprocessed messages in the queue or the deliveries generate a lot of >bounces. Giving precidence to processing the todo queue seems like a good idea, especially if you don't have the big-todo patch applied. >well administrated and even after the queue has reached a status where >you have no unprocessed messages at one point the bounces slow down >qmail quite a lot. Sounds like a good case for setting up a second qmail, one just for pumping mail out while another is handling bounces. >I think a big gain in performance would be to split up the scheduler >in qmail-send into at least one for remote, one for locals and one >for sorting in new messages into the remote or local queue. Maybe some profiling on qmail-send would be appropriate... Sean -- Hack the government. VOTE! November 7, 2000 Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: high performance configs [was: Blocked pipe to qmail-queue]
On Fri, Nov 03, 2000 at 11:38:24AM +, Greg Cope wrote: >Hence to improve performance inject should be split up i.e inject 2000, >wait, inject another 2000. In the wait times concurrency remote would >be reached. I always felt that it wasn't that useful to have the concurrency hit, until the injection was completed. It takes time to ramp up and down from full concurrencyremote. During this time you're not reaching full performance for either sending or injection. Unless you're out of space on the queue device. >Any ideas on what a good number to try would be for inject / wait cycle >? You don't want your todo to get too big, I'd pause injection when the todo gets to be a few hundred messages, especially if you aren't using the big-todo patches. Sean -- Hack the government. VOTE! November 7, 2000 Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: high performance configs [was: Blocked pipe to qmail-queue]
On Sun, Nov 05, 2000 at 07:39:42PM +0100, Markus Stumpf wrote: >If within one loop of the scheduler you always have one incoming >message with one remote delivery it's a pari situation, but if >you always have one incoming message with more than one remote delivery >it would be IMHO better to priorize deliveries. If you always have more than one new message on each loop of the scheduler, your system is not going to be able to catch up unless you can make the scheduler loop more often. ;-) The problem is that it's fairly easy to create traffic which causes the todo queue to grow faster than it can be processed. At one point a few years ago I had tweeked with building an SMTP system that could handle injecting messages into a queue much faster than qmail, and I had relative success. Let me run that test again... Nearly 400 3KB messages per second. I really should find time to work on that system again... Sean -- America has the best government money can buy! VOTE! November 7, 2000 Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: high performance configs [was: Blocked pipe to qmail-queue]
On Fri, Nov 03, 2000 at 11:24:07AM +, Greg Cope wrote: >Also sending one message will reduce the I/O required compared to n >messages. If you can get away with having a single message with tons of BCCs... >What about using tcpserver to limit the inbound connections - or even >move this to another box (if you can split the list like that). The incoming mail isn't bounces or the like, it's the actual message to deliver out... Moving bounces off to another machine or another queue can help, but it's still really easy to swamp the system by injecting messages. Sean -- Decide who gets root on your country. VOTE! November 7, 2000 Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: high performance configs [was: Blocked pipe to qmail-queue]
On Thu, Nov 02, 2000 at 02:31:53PM -0800, Jeff Mayzurk wrote: >The model is exactly the same. In both cases you have a bunch of equivalent >independent processes waiting for work from a single queue; and in fact Not exactly the same... qmail-remote exits after every run. Do you have any profile information that suggests that the fork latency is even worth considering as far as making a performance impact? During heavy activity, I'm not sure that the added complexity of the pre-fork code would cause anything but a negative impact on the fork latency. Checking to see if you have any spare workers and then forking is more expensive than forking alone... The first thing to do about this if you want to implement it is to find out exactly WHY apache chose to do it that way. What were they hoping to resolve with that, and did it actually achieve the desired results? The thing to keep in mind is that this scheme resulted in some fairly poor benchmark results in one of the comparisons, because of the time they took to ramp up to handling the full load. >But certainly a component of this design would be to make the worker procesess >persistent, i.e., they handle more than one connection before exit(). Actually, I suspect that ability to optimize the deliveries so that an existing worker could be assigned multiple messages to a single host would be the single biggest win -- especially in this day of a majority of mail going to a handful of domains. >The reason I'm in favor of this model is because (a) it's proven effective for >very similar applications, hence the Apache reference; and (b) I believe it's >possible to modify the qmail-send:qmail-remote interface to support this kind >of model without completely ripping out the guts of qmail. And what sorts of performance improvements do you expect to see? 1%? 3%? >I really *don't* want to write a completely new MTA, particularly when qmail >already does certain things very well. But there are definitely areas where >performance can be improved. It also does certain things particularly poorly. Injecting many messages into the queue being the biggest issue. I don't have any complaints about it the outbound delivery performance. Sean -- All bugs are shallow when there are many eyes looking for them. VOTE! November 7, 2000 Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: high performance configs [was: Blocked pipe to qmail-queue]
On Wed, Nov 01, 2000 at 12:53:27PM +, Greg Cope wrote: >Out of interest does the Netfilter have a large / battery backed cache >to decrease the I/O / disk bottle neck ? Yes. They have a chunk of NVRAM which ACKs the write request as soon as it's committed there. This gives it the ability to ack write messages very quickly while still ensuring that the data is resiliant to crashes. >Also does your system only send one message - the ones I deal with are >all individual (both in content and message headers). That's the problem. It's relatively slow throwing a bunch of messages into QMail. It doesn't take a very powerful machine to completely swamp a fairly hefty QMail server, I've found. And since the smtp daemons are fat, dumb, and happy individual processes, they don't really have the smarts to do any sort of throttling on incoming connections. We ended up having to implement that sort of thing externally so that the originating program wouldn't swamp the box. >> Short of a threaded qmail-remote (or qmail-send/qmail-remote hybrid), a >> pre-forked pool of qmail-remotes waiting on a common socket would probably be >> a significant improvement. In short, Apache-style process management. Well, remember that Apache is pre-forking the *LISTENERS*, not originators. So the exact setup wouldn't exactly be relavent. What you really want to be able to do is keep an existing session open to a mail server and shove additional messages down it. I realize that DJB has numbers which say it's faster to open 10 independant connections than to stream 10 messages over 1 connection. If you're already at concurrencyremote I suspect it's just a waste of time to shut down a connection when you're just going to open it again. Also, pre-forking is only really relavent when you have *ANTICIPATED* load. If you actually have more messages to deliver, it's not called pre-forking. ;-) Sean -- Laws are the source code to our government. Submit a patch November 7. VOTE! November 7, 2000 Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: Me yet again - qmailadmin this time
On Thu, Nov 02, 2000 at 06:03:01PM +0200, Stanislav Grozev wrote: >you can get the autoresponder from the same place you got qmailadmin >(http://www.inter7.com/qmailadmin/) or if you want you can disable >it with a configure option - see ./configure --help I was under the impression that you could not. The install documentation for the current release version says something to the effect of "If you don't have ezmlm and autoresponder, stop and go get them." I have found that you can get around it by specifying the path of both as /usr/local/bin with the configure options though. Sean -- America has the best government money can buy! VOTE! November 7, 2000 Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: Blocked pipe to qmail-queue
On Tue, Oct 31, 2000 at 12:02:55AM +0100, Peter van Dijk wrote:
>DESCRIPTION
> qmail-queue reads a mail message from descriptor 0. It
> then reads envelope information from descriptor 1. It
> places the message into the outgoing queue for future
> delivery by qmail-send.
Yeah, I read through that and while it implies that you terminate the
session by doing a close, it doesn't say that. It could, for example,
terminate it by a line consisting only of '.'...
I'd change it to read:
qmail-queue reads a message from descriptor 0, terminated by a close().
[...]
Sean
--
Memory is like an orgasm. It's a lot better if you don't have to fake it.
-- Seymore Cray, on virtual memory
Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]>
tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: SPAM - Help!
On Fri, Oct 27, 2000 at 09:37:37PM +0200, Markus Stumpf wrote: >What I found has helped a lot in this situation are the "badrcptpatterns" >and "badrcptto" patch that are part of the spamcontrol patch available at >http://www.fehcom.de/qmail/qmail_en.html We get people using one of our domains that way sometimes. Quite annoying... badrcptto is a wonderful thing... I was using "bouncesaying" for a while, but most of the spam double-bounces back to me that way. Might as well let the open relay host handle it, hopefully it will help get somone's attention on that host. ;-) One thing we have found is that sometimes contacting the person listed in the advertisement will help. In one instance we had a spam sent out that included a phone number instead of any electronic means of contact. We called and spoke with the business owner and reamed him a new one. He had outsourced the sending, so we got to tell him just how clueless they were. :-) Sean -- Brooks's Law of Prototypes: Plan to throw one away, you will anyhow. Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: QMail RPM buggy...
>> Crap. I just released a new version of it yesterday. Hmmm. That must >> mean you're the only person using this feature. Shows how really useful >> it is. I'll apply the fix to the next release. I've had to use it in the past as well, though I haven't done so with Bruce's RPM. Basicly it's used mostly in a "because the users want it that way" situation. >Side note: Could you please stick a README into the RPM detailing which >patches are applied and what they do, ie. how your RPM differs from the >"pristine" QMail ? Not a bad idea. Are you volunteering to write it? ;-) Sean -- A smart terminal is not a smart*ass* terminal, but rather a terminal you can educate. -- Rob Pike Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: User password change using web. Suggestions?
On Fri, Oct 27, 2000 at 10:43:58AM +0800, Philip Tong wrote:
>What is a good method to allow users to have their mail password changed
>using a Web Browser?
The recent versions of "passwd" on Linux have the ability to change the
password by piping the password in. This means that changing the system
password of a user can be done fairly easily by program.
>What are the security issues that I need to look into?
The typical CGI-sorts of issues you'll need to check for. You know,
like if the user name entered is "jafo;rm -rf /", you probably don't
want to do: system("su root -c 'passwd %s'" % userName)...
Sean
--
"Isn't having a smoking section in a restaurant kind of like having a
peeing section in a swimming pool?" -- David Broadfoot
Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]>
tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: moving a part of my queue to a ramdisk ?
On Fri, Oct 27, 2000 at 12:26:50PM +0200, Nicolas Deslions wrote: >I'm thinking about using a 500Mb ramdisk on /var/qmail/queue/todo AFAIK, you need to put the entire /var/qmail/queue on the same drive. As mentioned, make sure that you're using the big-todo patches. However, note that moving the queue to a ram-disc will not prevent the todo queue from growing fast. It's fairly easy to swamp it with incoming mail... I'd try modifying qmail-smtpd so that it pauses when the todo gets too large. Probably using some complicated scheme so that every incoming connection doesn't walk the todo, but that's just my style. ;-) Sean -- Get your data structures correct first, and the rest of the program will write itself. -- David Jones Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: What should i modify to run more than 256 qmail processes ?
On Mon, Oct 23, 2000 at 05:42:59PM +0200, Nicolas Deslions wrote: >yup unique messages. The most unique messages I've been able to deal with on a single machine has been between 75,000 and 90,000 per hour. At the minimum you'll probably want the big-todo patches and inject a bunch of messages, then pause waiting for them to be processed. If you grow much, expect to have to throw more hardware at the problem, or expect it to take more than 2 hours. Sean -- On seeing a girl with a pierced tongue, he thought, "Just like Microsoft. Can't do the job right, so throw hardware at it." Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: What should i modify to run more than 256 qmail processes ?
On Mon, Oct 23, 2000 at 05:03:21PM +0200, Nicolas Deslions wrote: >i want to launch a lot of qmail-remote processes , we handle a lot of >outgoing mails here, atm around 150.000/day but it will be more very soon. >I want to send all those mails within 2 hours. Are these unique messages, or are you using a boatload of recipients on a single message? In the former case, you'll be pushing it to get 75,000 individual messages injected into the queue per hour on a single machine. That's about the max I'd expect you to be able to process without going to multiple machines though. Sean -- Tools may limit the user, but the utility of tools is limited by the skill of the user. -- Leonard Compagno Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: relay-ctrl-2.5 doesn't work
On Tue, Oct 17, 2000 at 08:55:56PM -0600, Hans Peyrot wrote: >RedHat Linux 6.3 ^^^ Mm-kay... >tcpserver -v -R 0 pop3 /var/qmail/bin/qmail-popup linux.ags.com.mx \ >/bin/checkpoppassword relay-ctrl-allow /var/qmail/bin/qmail-pop3d Maildir 2>&1 | \ >/var/qmail/bin/splogger pop3d & Did you restart the POP server after making these changes? I just did a qmail install using the SRPMs at http://www.em.ca/~bruceg/ and the relay-ctrl-2.5 RPM worked fine. It even modifies the files automaticly -- just restart the POP server. Sean -- The only people who have anything to fear from free software are those whose products are worth even less. -- David Emery Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: Linux7
On Wed, Oct 18, 2000 at 12:09:42PM +1100, [EMAIL PROTECTED] wrote: >How did you set you setup xinetd? I didn't touch it. As I mentioned, I used RPMs that include tcpserver and set up SMTP and POP so that it doesn't need to run from inetd. My system had no xinetd entries I had to remove, so I didn't touch them at all. Sean -- I used to think that the brain was the most wonderful organ in my body. Then I realized who was telling me this. -- Emo Phillips Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: vpopmail
On Tue, Oct 17, 2000 at 01:47:54PM -0500, Ken Jones wrote: >There is a guy, can't remember his name, that has vpopmail in the >freeBSD ports. freeBSD decided to allocate a uid/gid to vpopmail. >uid = 89, gid=89. It should be included in the next freeBSD CD >and on the ports list. Perhaps this uid/gid pair can be used >on linux too? Yeah, I thought about doing that... With RedHat, you can request a specific user ID with the "adduser" command. You could also set up the SRPM to add the user/group so that you could build it. Seems like a kludge though. Sean -- Think. Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: Linux7
On Tue, Oct 17, 2000 at 01:49:33PM -0700, Mike Jimenez wrote: >Quick question has anyone run into any problems running Qmail or >vpopmail on Linux Redhat 7? The building of RPMs sometimes stalls because of the automatic man page compression program. Other than that, I've installed QMail on several RH 7 machines. Haven't done vpopmail yet though. Sean -- [...] Premature optimization is the root of all evil. -- Donald Knuth Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: vpopmail
On Mon, Oct 16, 2000 at 09:45:40PM -0400, Peter Green wrote:
>No. A UID and GID is required at compile-time to build the vpopmail package.
What's the reason for doing this? I presume it's meant to be some sort
of security thing, but I just don't see it. I mean, you have to go through
extra gyrations to emulate getpwnam. I had actually gone in and started
building a package and making patches to change this behavior, but
got stalled on that.
Sean
--
"I'll thrash you like a Netscape process on a machine with 640K."
-- John Shipman, 1998
Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]>
tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: Bogus MAIL FROM (SPAM)
On Mon, Oct 16, 2000 at 02:19:52PM +1100, Brett Randall wrote: >is addressed to my e-mail address (in the To: header), so it isn't a >normal, cheap one that simply connects to many many servers, it Here's what I've done to combat unsolicited commercial e-mail: I don't give out my real address. Pretty much ny time I give out an address (submit it on a form, give it to a company I'm dealing with, put it on a web-page or mail list), I use a one-time address. Like, "[EMAIL PROTECTED]". If I'm signing up at the foobar.com web site, I'll use "[EMAIL PROTECTED]". You get the idea. Particularly useful on Usenet where I use "jafo-200010" (year-month) so I can gradually expire them as the UCE picks up. I bitch and moan and boycott companies that I do business with who sell or otherwise provide my address to others (remember, I can tell because of the above). I used the badrcptto patch so that in addition to rejecting on the envelope from address, I can do the same with the to. I used to use a bounce, but the UCE almost always had invalid return addresses so I just started refusing e-mail for it. I set up a filter for my inbox which sorts out things based on recpieint, does a MAPS lookup as it's being put in my mail folder, and other fairly complex rules, and sorts them out. See ftp.tummy.com:/pub/tummy/pyspam for the code as it is after a week of poking. All this has reduced the UCE going in to my main box to about 2 messages per day. This is on an address I've had for a decade, mind you, and I have in the past gotten 10 or more UCE messages per day. I did an evaluation of a SMTP filter program last weekend, and while it was thorough, I didn't like it. Cost around $5k per machine, and just was fairly inflexable. I mean, if you're charging those rates, you're selling to large customers (ISPs, businesses, etc). The problem is that this was an all or nothing, it had no ability to tune it on a user-by-user basis. I can just hear the users calling in "I'm waiting for an imporant e-mail, but it's getting bounced. FIX IT!" Sean -- "I feel so insignificant... Like people are laughing at me." "You--You ARE a clown..." -- Bob Newhart Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Re: comparison vmailmgr - inter7
As I have actually used both vmailmgr and vpopmail, I may be able to provide some comparison information. It boils down to: I've switched to using vpopmail these days. vpopmail doesn't have an RPM, which kind of sucks. Making an RPM is hard because vpopmail compiles the user ID of the "vpopmail" account into the binary. I started on some patches to fix this, but ran out of time. vmailmgr DOES work with RPMs. However, the CGI web interface that comes with it is incomplete to the point of not functioning. Add undocumented... I ended up having to dig through the code, and then modify the CGIs so I could even use them... Virtual domains are set up under a user account. Domain administration is done by providing that user's system password to the CGI. Naughty... vpopmail stores all the virtuals under a single "vpopmail" user home directory (or optionally in another location). No system access is required for virtual domains or their maintenance. Also, vpopmail has a nifty option where you can set up virtual IPs for each domain and vpopmail will resolve "user myname" correctly instead of requiring "user [EMAIL PROTECTED]"... >virtual users vmailmgr: virtual domains are hosted under a particular user id. Uses system password for CGI-access to virtual domain. vpopmail: all virtuals stored under a single user ID/directory. >databases for users and aliases Yes for both. >pop access >imap access I had no problems setting up POP or IMAP for either. >quota support I believe both support quotas but I haven't used them. >html-mail-administration vmailmgr: Non-functional demo CGIs provided, which require some time to install and get working. vpopmail: QMailAdmin is full-featured and works well. A separate package from the main vpopmail distribution. >webmail I've had a hell of a time getting webmail going with vmailmgr. Most of them are overly complex to set up or require either PHP4 or a boatload of Perl modules. I've spent days trying out probably half a dozen or more different packages. IMP has a fairly complex setup, and just fell on it's face when I followed the install instructions. AeroMail isn't well maintained, but is VERY simple and easy to use. I spent hours trying to get a PHP4 RPM installed, and never could get one that was functional. I was able to get vpopmail and sqwebmail up and running rather quickly. I tried looking at getting sqwebmail to use the vmailmgr authentication scheme, but didn't have any luck in the limited time I had to muck around with it. >I did not see webmail in the vmailmgr package, does sqwebmail run with the >vmailmgr without problems? I wasn't able to get it to do so. It reads mail directly out of the Maildirs, so it doesn't use POP/IMAP for authentication. That means it has to support the vmailmgr auth scheme, which as far as I can tell it does not. Sean -- [...] who asked "Why do we do it, this science?" No one had an answer until I stood up and said "Isn't there money in a Nobel?" -- Steve Martin Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
