Compile error
Anyone know what component I'm missing: # make setup check nroff -man qmail-clean.8 qmail-clean.0 troff: fatal error: can't find macro file tty-char make: *** [qmail-clean.0] Error 1 Thanks * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
Re: Compile error
I have nroff 1.17 installed. Ran make with the -k option, continue running after errors. Compiled fine, just no man pages. On Mon, 30 Jul 2001, Lukas Beeler wrote: just a thought, but update nroff ? GNU nroff (groff) version 1.17 works fine for me... At 08:29 30.07.2001 -0500, mick wrote: Anyone know what component I'm missing: # make setup check nroff -man qmail-clean.8 qmail-clean.0 troff: fatal error: can't find macro file tty-char make: *** [qmail-clean.0] Error 1 Thanks * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 * At 08:29 30.07.2001 -0500, mick wrote: Anyone know what component I'm missing: # make setup check nroff -man qmail-clean.8 qmail-clean.0 troff: fatal error: can't find macro file tty-char make: *** [qmail-clean.0] Error 1 Thanks * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 * -- --/-/-- Lukas Beeler [EMAIL PROTECTED] ---\-\-- \ \ My HomePage: URL:http://www.projectdream.org / / * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
groff/nroff tty??
Hello, Tried to compile and got the no nroff error, install groff and now I get this: [root@newschools qmail-1.03]# make setup nroff -man qmail-remote.8 qmail-remote.0 troff: fatal error: can't find macro file tty-char make: *** [qmail-remote.0] Error 1 Sure I'm just missing another component. Any insight about what I'm missing? tty-char? * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
Re: Anyone interested in IPv6 support for qmail?
On Wed, 27 Jun 2001, Felix von Leitner wrote: I'm asking because I consider porting qmail to IPv6. Before someone tells me: I know KAME did a patch. I am not satisfied with their work. Felix I dread thinking about all the work IPv6 is going to cause. But we can't slow progress. Yes, I would be interested. * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
shadow password support
Is there, or is there going to be, support for shadow password systems? * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
Re: shadow password support
On Tue, 12 Jun 2001, Henning Brauer wrote: On Tue, Jun 12, 2001 at 09:41:30AM -0500, mick wrote: Is there, or is there going to be, support for shadow password systems? What do you mean by shadow password support? Authentification for pop3 et al? This works. -- * Henning Brauer, [EMAIL PROTECTED], http://www.bsws.de * * Roedingsmarkt 14, 20459 Hamburg, Germany * Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) Interesting. Not on my system. Here is how I start pop3: /sbin/tcpserver -c 200 0 pop3 /var/qmail/bin/qmail-popup cheech.mtco.com /bin/chechpassword /var/qmail/bin/qmail-pop3d Mailbox Right out of the howto's and readme's, no mention of shadow passwords. So I assumed it wasn't supported. * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
Re: shadow password support
On Tue, 12 Jun 2001, Sven Mueller wrote: On Tue, 12 Jun 2001 09:41:30 -0500 (CDT), you wrote: Is there, or is there going to be, support for shadow password systems? Huh? What has qmail (itself) got to do with passwords? Which program are you refering to? pop3d´s checkpasswd? There are numerous implementations for password checking, I´m sure there is at least one with shadow support. cu, sven -- Sven MuellerTel: +49-231-401550 Giessereistr. 11a Mobil: +49-172-2323802 D-44289 Dortmundemail: [EMAIL PROTECTED] cool, and yes I am using checkpassword. perhaps a recommendation of the numerous implementations would help out. * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
Re: shadow password support
On Tue, 12 Jun 2001, mick wrote: On Tue, 12 Jun 2001, Sven Mueller wrote: On Tue, 12 Jun 2001 09:41:30 -0500 (CDT), you wrote: Is there, or is there going to be, support for shadow password systems? Huh? What has qmail (itself) got to do with passwords? Which program are you refering to? pop3d´s checkpasswd? There are numerous implementations for password checking, I´m sure there is at least one with shadow support. cu, sven -- Sven MuellerTel: +49-231-401550 Giessereistr. 11a Mobil: +49-172-2323802 D-44289 Dortmundemail: [EMAIL PROTECTED] cool, and yes I am using checkpassword. perhaps a recommendation of the numerous implementations would help out. This is the error message my mail client returns: this user has no $HOME/Maildir please enter a new password * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
Re: shadow password support
On Tue, 12 Jun 2001, Henning Brauer wrote: On Tue, Jun 12, 2001 at 09:58:40AM -0500, mick wrote: /bin/chechpassword /var/qmail/bin/qmail-pop3d Mailbox Uh-oh - typo alarm! -- * Henning Brauer, [EMAIL PROTECTED], http://www.bsws.de * * Roedingsmarkt 14, 20459 Hamburg, Germany * Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) Yeah, typo has been fixed. but see my error message from previous messages. * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
Re: shadow password support
On Tue, 12 Jun 2001, mick wrote: On Tue, 12 Jun 2001, mick wrote: On Tue, 12 Jun 2001, Sven Mueller wrote: On Tue, 12 Jun 2001 09:41:30 -0500 (CDT), you wrote: Is there, or is there going to be, support for shadow password systems? Huh? What has qmail (itself) got to do with passwords? Which program are you refering to? pop3d´s checkpasswd? There are numerous implementations for password checking, I´m sure there is at least one with shadow support. cu, sven -- Sven MuellerTel: +49-231-401550 Giessereistr. 11a Mobil: +49-172-2323802 D-44289 Dortmundemail: [EMAIL PROTECTED] cool, and yes I am using checkpassword. perhaps a recommendation of the numerous implementations would help out. This is the error message my mail client returns: this user has no $HOME/Maildir please enter a new password Before I get the obvious!!! Yes Maildir is present, and smtp does deliver messages into the new subdirectory. * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
Re: shadow password support
On Tue, 12 Jun 2001, Dean Staff wrote: On 12 Jun 2001, at 12:01, mick wrote: On Tue, 12 Jun 2001, mick wrote: On Tue, 12 Jun 2001, mick wrote: On Tue, 12 Jun 2001, Sven Mueller wrote: On Tue, 12 Jun 2001 09:41:30 -0500 (CDT), you wrote: Is there, or is there going to be, support for shadow password systems? Huh? What has qmail (itself) got to do with passwords? Which program are you refering to? pop3d´s checkpasswd? There are numerous implementations for password checking, I´m sure there is at least one with shadow support. [...] cool, and yes I am using checkpassword. perhaps a recommendation of the numerous implementations would help out. This is the error message my mail client returns: this user has no $HOME/Maildir please enter a new password Before I get the obvious!!! Yes Maildir is present, and smtp does deliver messages into the new subdirectory. Hi Mick, I'd double check how you start pop3-d. In your previous post you showed your xinetd.conf (inetd ) line as the following... /sbin/tcpserver -c 200 0 pop3 /var/qmail/bin/qmail-popup cheech.mtco.com /bin/chechpassword /var/qmail/bin/qmail-pop3d Mailbox Showing that you are using Mailbox for delivery, but in later messages you talk of Maildir delivery. These are two very different things. Mailbox appends each new message to the $HOME/Mailbox file, where as Maildir writes a single file for each new message to $HOME/Maildir/new. Try changing the xinetd.conf line to read Maildir instead of Mailbox. Just my two cents worth. Good Luck Dean Thanks Dean. That was the step that was overlooked! * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
rpm
anyone have any luck with the qmail rpm? have a box I just want to get up and running fast. * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
RE: qmail as Back up MX box
[tail between my legs] burned by my fat fingers again! fixed the type-o in my SOA record and it worked great. Thanks everyone for your responses. Very helpfull as usual. On Thu, 26 Apr 2001, Willy De la Court wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday, April 25, 2001 23:40, mick [SMTP:[EMAIL PROTECTED]] wrote: It resolves to an IP: [root@ns2 log]# ping bogus.mtco.net PING bogus.mtco.net (24.17.22.210): 56 octets data Here is a paste of the results i get set type=mx mtco.net Server: stargate.speedy.home Address: 192.168.1.253 Non-authoritative answer: mtco.netpreference = 30, mail exchanger = ns2.mtco.com mtco.netpreference = 20, mail exchanger = bogus.mtco.com Authoritative answers can be found from: mtco.netnameserver = ns2.mtco.com mtco.netnameserver = ns.mtco.com ns2.mtco.cominternet address = 207.179.200.10 ns.mtco.com internet address = 207.179.200.2 server 207.179.200.10 Default Server: ns2.mtco.com Address: 207.179.200.10 set type=a bogus.mtco.com Server: ns2.mtco.com Address: 207.179.200.10 *** ns2.mtco.com can't find bogus.mtco.com: Non-existent host/domain so it seems there is a problem with your dns i can't seem to resolve the bogus.mtco.com hmm just noticed your pinging to bogus.mtco.net and not to bogus.mtco.com as in the mx record An IP that is not going to respond To simulate a primary MX going down. Which is the point of a backup MX server. If the primary were responding and running smpt it wouldn't matter :) On Wed, 25 Apr 2001, Willy De la Court wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday, April 25, 2001 22:30, mick [SMTP:[EMAIL PROTECTED]] wrote: There is a bogus MX record setup for testing: ; ;MX Records for mtco.net ; mtco.net. IN MX 20 bogus.mtco.com. mtco.net. IN MX 30 ns2.mtco.com. It points to a non-responsive IP address to simulate the primary server going down. that looks good but bogus.mtco.com does not resolve to an ip that maybe the problem the dns resolving of qmail probably disregards this hostname. try to add an a record so that bogus.mtco.com resolves to an ip of a machine that does run smtp Willy De la Court Quint NV http://www.quint.be/projects -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.3 for non-commercial use http://www.pgp.com iQA/AwUBOuctcP4IaGw3x6aJEQI9QQCcCs0WbflKbwO/Fky9POMYXn7ZC94AoNU4 ZjArn/Qew1wCgjeQEWzEnq6n =2eBP -END PGP SIGNATURE- * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 * -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.3 for non-commercial use http://www.pgp.com iQA/AwUBOudBTf4IaGw3x6aJEQIfzQCdEgKGvXdtM74vx5G/VhYUSqLaUWgAoKN8 bss2+jeaYTY/2ncmdLH0rk3b =/zTs -END PGP SIGNATURE- * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
qmail as Back up MX box
Hello, I have a system that I want to run qmail as a backup MX server. I have all the domains I want to accept mail for in control/rcpthosts. I don't have anything in locals or virtualdomans. It should by default queue the messages for one week right? This is what I get instead: I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. [EMAIL PROTECTED]: Sorry. Although I'm listed as a best-preference MX or A for that host, it isn't in my control/locals file, so I don't treat it as local. (#5.4.6) What am I doing wrong? * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
Re: qmail as Back up MX box
There is a bogus MX record setup for testing: ; ;MX Records for mtco.net ; mtco.net. IN MX 20 bogus.mtco.com. mtco.net. IN MX 30 ns2.mtco.com. It points to a non-responsive IP address to simulate the primary server going down. On Wed, 25 Apr 2001, Charles Cazabon wrote: mick [EMAIL PROTECTED] wrote: I have a system that I want to run qmail as a backup MX server. I have all the domains I want to accept mail for in control/rcpthosts. [...] Sorry. Although I'm listed as a best-preference MX or A for that host, it isn't in my control/locals file, so I don't treat it as local. (#5.4.6) What am I doing wrong? If you want your qmail server to act as a backup MX for a domain, there has to be another MX record of higher priority (lower distance number) published in the DNS. i.e. if you want mail.foo.net to act as a backup MX for example.org, and there is an MX record for example.org with distance 10 pointing to mail.foo.net , there has to be another MX record for example.org, with a distance of _less_ than 10, pointing to another mail server. This is so mail.foo.net knows where to send the mail next. You can also use smtproutes, but that's another story. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. --- * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
Re: qmail as Back up MX box
Great! I guess you haven't read my response. It is the second [30] MX. the first is [20]. And I even sent the clip from the SOA. Thats why I'm asking what else would need to be done. On Wed, 25 Apr 2001, Jurjen Oskam wrote: On Wed, Apr 25, 2001 at 02:43:13PM -0500, mick wrote: I have a system that I want to run qmail as a backup MX server. [...] [EMAIL PROTECTED]: Sorry. Although I'm listed as a best-preference MX or A for that host, it isn't in my control/locals file, so I don't treat it as local. (#5.4.6) I'd guess that message is very clear. The best-preference (*lowest* number! think of it as a distance.) mail exchanger isn't configured to accept mail for that domain. -- Jurjen Oskam * http://www.stupendous.org/ for PGP key * Q265230 pro-life bombing bush hacker attack USA president 2600 decss assassinate nuclear strike terrorism gun control eta military disrupt economy encryption 10:33pm up 3 days, 2:19, 1 user, load average: 0.00, 0.00, 0.00 * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
RE: qmail as Back up MX box
It resolves to an IP: [root@ns2 log]# ping bogus.mtco.net PING bogus.mtco.net (24.17.22.210): 56 octets data An IP that is not going to respond To simulate a primary MX going down. Which is the point of a backup MX server. If the primary were responding and running smpt it wouldn't matter :) On Wed, 25 Apr 2001, Willy De la Court wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday, April 25, 2001 22:30, mick [SMTP:[EMAIL PROTECTED]] wrote: There is a bogus MX record setup for testing: ; ;MX Records for mtco.net ; mtco.net. IN MX 20 bogus.mtco.com. mtco.net. IN MX 30 ns2.mtco.com. It points to a non-responsive IP address to simulate the primary server going down. that looks good but bogus.mtco.com does not resolve to an ip that maybe the problem the dns resolving of qmail probably disregards this hostname. try to add an a record so that bogus.mtco.com resolves to an ip of a machine that does run smtp Willy De la Court Quint NV http://www.quint.be/projects -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.3 for non-commercial use http://www.pgp.com iQA/AwUBOuctcP4IaGw3x6aJEQI9QQCcCs0WbflKbwO/Fky9POMYXn7ZC94AoNU4 ZjArn/Qew1wCgjeQEWzEnq6n =2eBP -END PGP SIGNATURE- * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
IP spoofed spam - off topic
hello, sorry for the off topic post. real quick; had a server x.x.x.110 running sendmail. getting complaints of spam originating from that box. removed IP, still getting complaints. turned system off, still getting complaints. Can an IP be spoofed so totally in mail headers? headers: Received: from mailserv01.dartgc.com ([207.34.255.70]) by southwind.org (8.9.3/8.9.3) with ESMTP id WAA21910 for x; Sun, 15 Apr 2001 22:10:26 -0700 (PDT) Date: Sun, 15 Apr 2001 22:10:26 -0700 (PDT) From: [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] Received: from ngqjz.msn.com ([x.x.x.110]) by mailserv01.dartgc.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id H5VRZ1Y1; Mon, 16 Apr 2001 01:09:20 -0400 Again, sorry for the off topic post, and thanks. * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
Re: IP spoofed spam - off topic
The system is off, and has had that ip removed. It no longer belongs to a functioning system. 207.179.205.110 if it helps. On Mon, 16 Apr 2001, Alex Pennace wrote: On Mon, Apr 16, 2001 at 04:00:32PM -0500, mick wrote: hello, sorry for the off topic post. real quick; had a server x.x.x.110 running sendmail. getting complaints of spam originating from that box. removed IP, still getting complaints. turned system off, still getting complaints. Can an IP be spoofed so totally in mail headers? headers: Received: from mailserv01.dartgc.com ([207.34.255.70]) by southwind.org (8.9.3/8.9.3) with ESMTP id WAA21910 for x; Sun, 15 Apr 2001 22:10:26 -0700 (PDT) Date: Sun, 15 Apr 2001 22:10:26 -0700 (PDT) From: [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] Received: from ngqjz.msn.com ([x.x.x.110]) by mailserv01.dartgc.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id H5VRZ1Y1; Mon, 16 Apr 2001 01:09:20 -0400 How is anyone supposed to give you a sure answer if you munge/hide relevant information? * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
Re: IP spoofed spam - off topic
On Mon, 16 Apr 2001, Alex Pennace wrote: On Mon, Apr 16, 2001 at 04:00:32PM -0500, mick wrote: hello, sorry for the off topic post. real quick; had a server x.x.x.110 running sendmail. getting complaints of spam originating from that box. removed IP, still getting complaints. turned system off, still getting complaints. Can an IP be spoofed so totally in mail headers? headers: Received: from mailserv01.dartgc.com ([207.34.255.70]) by southwind.org (8.9.3/8.9.3) with ESMTP id WAA21910 for x; Sun, 15 Apr 2001 22:10:26 -0700 (PDT) Date: Sun, 15 Apr 2001 22:10:26 -0700 (PDT) From: [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] Received: from ngqjz.msn.com ([x.x.x.110]) by mailserv01.dartgc.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id H5VRZ1Y1; Mon, 16 Apr 2001 01:09:20 -0400 How is anyone supposed to give you a sure answer if you munge/hide relevant information? As an additional note: Looks like every system receiving the spam are Exchange servers. Is someone exploiting an exchange fault? * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
Re: IP spoofed spam - off topic
On Mon, 16 Apr 2001, Charles Cazabon wrote: mick [EMAIL PROTECTED] wrote: Can an IP be spoofed so totally in mail headers? Short answer: yes. Spammers are getting better at spoofing mail headers, as misguided "spam protection" features in MTAs force them to. Long answer: can't analyze the situation properly when you munge header information. You might try running the headers through SpamCop or SamSpade to see if they can detect the header forgery. munge the headers? that was a direct copy from the spamcop message! I changed the ip address because that ip (and the server it used to be on) is no longer operational. but thats it. 207.179.205.110 was the address. Charles * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
Re: Deny Relay, Accept local
Ok, thats better. Abuse.net wouldn't go past that first test I listed. Thanks Muhammad. On Thu, 15 Mar 2001, Muhammad Ichsan wrote: May be my report will help you. I was tested the host (leviathan-tu1.mtco.com) for relaying from my host. Here is the report : 220 MTCO ESMTP helo mtco.com 250 MTCO mail from:[EMAIL PROTECTED] 250 ok rcpt to:[EMAIL PROTECTED] 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1) rcpt to:[EMAIL PROTECTED] 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1) rcpt to:[EMAIL PROTECTED] 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1) So, if the domain of recipient address is not in your rcpthosts or virtualdomain, it will be rejected. And it means your qmail server was not an open relay. regards, --M. Ichsan-- Here is the output from another: RSET 250 flushed MAIL FROM:[EMAIL PROTECTED] 250 ok RCPT TO:[EMAIL PROTECTED] 250 ok DATA 354 go ahead (message body) 250 ok 984601860 qp 25826 This one isn't as clear, because it's sending to a local address which is ok. The first test outputs in html so it's pretty ugly to cut and paste. Really I'm just looking to ease my mind and confirm with 100% certainty that I'm not an open relay in any way. * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
Re: Deny Relay, Accept local
Thanks. Your explanation of tcpserver's initial role in the process, etc... has helped put my mind at ease. On Thu, 15 Mar 2001, Charles Cazabon wrote: mick [EMAIL PROTECTED] wrote: No bad feelings intended. Not offended; just frustrated. Here is the full output: Perfect. locals: [...] Messages for mtco.com are delivered locally. [...] rcpthosts: [...] SMTP clients may send messages to recipients at mtco.com. This was the domain used in that "relay test". Since it's one of your domains, by definition it's not a relay. I think the test itself is probably bogus, although I haven't investigated it myself. morercpthosts: (Default.) No effect. morercpthosts.cdb: (Default.) No effect. You may want to look at putting your rcpthosts into the morercpthosts.cdb format -- with several hundred domains, it might (or might not) decrease the overhead of starting up qmail-smtpd slightly. It would be worth measuring, anyway, to see if there's a difference. Phew, that was a mouth full. :) Hope that helps. Thank you again Charles. Yes, it helped, and you're welcome. Sorry if I came off a bit harsh; it came on the tail end of fighting with a user who refused to provide the information we asked for in trying to diagnose his problem. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. --- * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
Deny Relay, Accept local
Got a problem here. Using tcpserver to control relay's, but it also blocks local mail. Noticed that once we got tcpserver locked down that the volume of mail diminished, and the queue was getting huge. Here is a tcp.smtp snipette: 207.179.223.:allow,RELAYCLIENT="" 198.102.252.:allow,RELAYCLIENT="" :allow The :allow at the end makes the server an open relay! Not acceptable. But changing that to deny causes the above symptoms. Here is how qmail is started: /bin/csh -cf '/var/qmail/rc ' /usr/local/bin/tcpserver -x/etc/tcp.smtp.cdb -c 200 -v -u 201 -g 200 0 smtp /var/qmail/bin/qmail-smtpd 21 | /var/qmail/bin/splogger smtpd 3 /usr/local/bin/tcpserver -c 200 0 pop3 /var/qmail/bin/qmail-popup leviathan.mtco.com /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir The domains we wish to accept local mail for are in control/me locals rcpthosts or virtualdomans files. Any suggestions as to the error I've made? ***** Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
Re: Deny Relay, Accept local
On Wed, 14 Mar 2001, Johan Almqvist wrote: * mick [EMAIL PROTECTED] [010314 09:14]: Got a problem here. Using tcpserver to control relay's, but it also blocks local mail. Noticed that once we got tcpserver locked down that the volume of mail diminished, and the queue was getting huge. Here is a tcp.smtp snipette: 207.179.223.:allow,RELAYCLIENT="" 198.102.252.:allow,RELAYCLIENT="" :allow The :allow at the end makes the server an open relay! Not acceptable. No it doesn't. The allow means "allow the connection". RELAYCLIENT="" means "allow relaying to the world". Ok, then how can I test wether I have an open relay or not? All of the tests from the web show us as an open relay because the connection and message are accepted. But changing that to deny causes the above symptoms. Here is how qmail is started: -Johan -- Johan Almqvist http://www.almqvist.net/johan/qmail/ * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
Re: Deny Relay, Accept local
Here is a snipette from showctl: --- qmail home directory: /var/qmail. user-ext delimiter: -. paternalism (in decimal): 2. silent concurrency limit: 120. subdirectory split: 23. user ids: 200, 201, 202, 0, 203, 204, 205, 206. group ids: 200, 201. badmailfrom: [EMAIL PROTECTED] not accepted in MAIL FROM. ... etc ... bouncefrom: (Default.) Bounce user name is MAILER-DAEMON. bouncehost: (Default.) Bounce host name is leviathan-tu1.mtco.com. concurrencylocal: Local concurrency is 120. concurrencyremote: (Default.) Remote concurrency is 20. databytes: (Default.) SMTP DATA limit is 0 bytes. defaultdomain: Default domain name is mtco.com. defaulthost: Default host name is mtco.com. doublebouncehost: (Default.) 2B recipient host: leviathan-tu1.mtco.com. doublebounceto: (Default.) 2B recipient user: postmaster. envnoathost: (Default.) Presumed domain name is leviathan-tu1.mtco.com. helohost: (Default.) SMTP client HELO host name is leviathan-tu1.mtco.com. idhost: (Default.) Message-ID host name is leviathan-tu1.mtco.com. localiphost: (Default.) Local IP address becomes leviathan-tu1.mtco.com. locals: Messages for localhost are delivered locally. Messages for leviathan-tu2.mtco.com are delivered locally. ... etc ... me: My name is leviathan-tu1.mtco.com. percenthack: (Default.) The percent hack is not allowed. plusdomain: Plus domain name is mtco.com. qmqpservers: (Default.) No QMQP servers. queuelifetime: (Default.) Message lifetime in the queue is 604800 seconds. rcpthosts: SMTP clients may send messages to recipients at lesreelbenefit.org. ... etc ... morercpthosts: (Default.) No effect. morercpthosts.cdb: (Default.) No effect. smtpgreeting: SMTP greeting: 220 MTCO. smtproutes: (Default.) No artificial SMTP routes. timeoutconnect: (Default.) SMTP client connection timeout is 60 seconds. timeoutremote: (Default.) SMTP client data timeout is 1200 seconds. timeoutsmtpd: (Default.) SMTP server data timeout is 1200 seconds. virtualdomains: Virtual domain: nash-hasty.com:alias-aliases ... etc ... --- So that looks good... Here is the web link to a open relay check: http://www.prodigysolutions.com/relay_test.html it returns open relay based on the messages being accepted I guess. Here is the output from another: RSET 250 flushed MAIL FROM:[EMAIL PROTECTED] 250 ok RCPT TO:[EMAIL PROTECTED] 250 ok DATA 354 go ahead (message body) 250 ok 984601860 qp 25826 This one isn't as clear, because it's sending to a local address which is ok. The first test outputs in html so it's pretty ugly to cut and paste. Really I'm just looking to ease my mind and confirm with 100% certainty that I'm not an open relay in any way. On Wed, 14 Mar 2001, Charles Cazabon wrote: mick [EMAIL PROTECTED] wrote: The :allow at the end makes the server an open relay! Not acceptable. No it doesn't. The allow means "allow the connection". RELAYCLIENT="" means "allow relaying to the world". Ok, then how can I test wether I have an open relay or not? All of the tests from the web show us as an open relay because the connection and message are accepted. If all of the following are true: -you do not enable the percenthack -you have a file /var/qmail/control/rcpthosts -your .cdb file for the tcpserver instance running qmail-smtpd does not have :allow,RELAYCLIENT="" in it, or some number of IP-specific lines which amount to the same thing you are not an open relay. qmail will accept mail from any host which is address to _any_ local-part in any of the domains in rcpthosts. If that domain is in locals or virtuals, qmail will deliver it appropriately on the local box, and otherwise, will forward it to the domain in question (by looking up MX records or using smtproutes). Show us these "tests from the web" with all their output, and the output of `qmail-showctl`. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. --- * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
Re: Deny Relay, Accept local
Dude, we host a few hundred domains. I was hoping to save some bits. What are you looking for? If needed, and if you really want I can send it all, I just thought it would be easier on the eyes. On Wed, 14 Mar 2001, Charles Cazabon wrote: mick [EMAIL PROTECTED] wrote: Here is a snipette from showctl: I asked for "the output of qmail-showctl", not a "snipette" of it. The problem is... locals: Messages for localhost are delivered locally. Messages for leviathan-tu2.mtco.com are delivered locally. ... etc ... [...] rcpthosts: SMTP clients may send messages to recipients at lesreelbenefit.org. ... etc ... [...] The two sections you deleted were the precise ones we need to tell you if you are an open relay. virtualdomains: Virtual domain: nash-hasty.com:alias-aliases ... etc ... And this may have been useful too. Here is the web link to a open relay check: http://www.prodigysolutions.com/relay_test.html it returns open relay based on the messages being accepted I guess. Here is the output from another: RSET 250 flushed MAIL FROM:[EMAIL PROTECTED] 250 ok RCPT TO:[EMAIL PROTECTED] 250 ok DATA 354 go ahead (message body) 250 ok 984601860 qp 25826 This one isn't as clear, because it's sending to a local address which is ok. The first test outputs in html so it's pretty ugly to cut and paste. Until you post the real output of qmail-showctl, we can't tell you for sure, but seeing as "mtco.com" does seem to be one of your domains, and this is mail addressed to a user in that domain, why on earth would you think that this "test" indicates you are an open relay? Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. --- ***** Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
Re: Deny Relay, Accept local
: baurer.com:baurer Virtual domain: dineamericausa.com:mitymark Virtual domain: scholastic-bowl.com:ned Virtual domain: allinonemall.com:sms Virtual domain: here2help.com:sms Virtual domain: s-smarketing.com:ssiepel Virtual domain: cocc.org:cocc Virtual domain: 4helle.com:helle Virtual domain: midstatesiding.com:midstate Virtual domain: pyxl.com:dhaf Virtual domain: jonnymax.com:jmckee Virtual domain: gordoninstruments.com:gilco Virtual domain: mhequipment.com:mhequip Virtual domain: jayriddleracing.com:jriddle Virtual domain: cahillfirearms.com:brcahill Virtual domain: comfort-specialists.com:comfort Virtual domain: wolfhollow.org:wolf Virtual domain: aljomos.com:aljomos Virtual domain: gcsfurniture.com:paulette Virtual domain: mortonumc.org:mumc Virtual domain: valuerite-pharmacy.com:weekley Virtual domain: valueritepharmacy.com:weekley Virtual domain: healthmartpharmacy.com:weekley Virtual domain: health-martpharmacy.com:weekley Virtual domain: healthmart-pharmacy.com:weekley Virtual domain: valurite-pharmacy.com:weekley Virtual domain: valu-ritepharmacy.com:weekley Virtual domain: usapharmacies.com:weekley Virtual domain: e-pharmacy.com:weekley Virtual domain: andy.to:andy Virtual domain: flyingddancewear.com:flyingd Virtual domain: p-t-v.com:peotoyvo Virtual domain: mechanical-bakery.com:jlarkin Virtual domain: sherriel.com:chitwood Virtual domain: ckcues.com:cueman Virtual domain: danielmfg.com:danmfg Virtual domain: lowufo.net:lowufo Virtual domain: runningg.com:dgarber Virtual domain: ircaweb.com:ilrca Virtual domain: pooldoctoronline.com:pooldr Virtual domain: etcboutique.com:lizarde Virtual domain: gordoninstruments.org:gilco2 Virtual domain: gordoninstruments.net:gilco1 Virtual domain: gracepres.org:gpcadmin Virtual domain: shetlandminiature.com:amershtn Virtual domain: crayonbynumber.com:wentwrth Virtual domain: 309mygrass.com:grnkeprs Virtual domain: christian-center.net:server Virtual domain: newlifeonline.org:dsl05755 Virtual domain: richcraftdesign.com:rdesign Virtual domain: timberridgewoodproducts.com:gas1 Virtual domain: lesreelbenefit.org:sgarman Virtual domain: mortonillinois.org:vom Phew, that was a mouth full. :) Hope that helps. Thank you again Charles. * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
Re: NAKEDWIFE.EXE Virus - Filter available
Okay, I've now verified that /home/virtualdomain1/.qmail-user1 is the correct file. You copied the script into /usr/bin/ ! Change the call and it will work ! Um, not that easy. /var/qmail/bin is a symlink to /usr/bin. So much for that theory? When I opened the scripts they had the windows ^m character at the end of each line. I was getting the same error until I removed them. * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
Re: NAKEDWIFE.EXE Virus - Filter available
VI on true64 unix. I saved the files from Netscape, that may have done it. On Thu, 8 Mar 2001, Peter Peltonen wrote: mick wrote: When I opened the scripts they had the windows ^m character at the end of each line. I was getting the same error until I removed them. When I open the file in pico or vim, I don't see those characters. With what program do I find and remove the characters? Regards, Peter * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
Clustering
May be running True64 cluster system some time in the future. Has anyone used Qmail in a clustering/shared environment? * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
RE: NAKEDWIFE.EXE Virus - Filter available
It's a pretty common problem when working in a mixed environment. Seems most everyone had an available tool. If not its a good one to add to the toolbox. On Thu, 8 Mar 2001, Erwin Hoffmann wrote: Hi everybody, sorry for the inconvenience with the scripts. I have already encountered the same problems (^M). Therefore, on my man qmail web page, I included a section "Download problems" which gives some hints. This is an old http browser/server problem. One may use Dan's http@ client: ./http@ www.fehcom.de qmail/checkfile /usr/local/bin/checkfile and delete the last line (^Z). cheers. eh. At 10:25 8.3.2001 -0500, Ed Henderson wrote: Solaris has a handy utility called "dos2unix" that strips ^M characters out of text files. Perhaps your OS has a similar utility? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Peter Peltonen Sent: Thursday, March 08, 2001 9:50 AM Cc: qmail list Subject: Re: NAKEDWIFE.EXE Virus - Filter available mick wrote: When I opened the scripts they had the windows ^m character at the end of each line. I was getting the same error until I removed them. When I open the file in pico or vim, I don't see those characters. With what program do I find and remove the characters? Regards, Peter +---+ | fffhh http://www.fehcom.deDr. Erwin Hoffmann | | ff hh| | ffeee ccc ooomm mm mm Wiener Weg 8 | | fff ee ee hh hh cc oo oo mmm mm mm 50858 Koeln| | ff ee eee hh hh cc oo oo mm mm mm| | ff eee hh hh cc oo oo mm mm mm Tel 0221 484 4923 | | ff hh hhccc ooomm mm mm Fax 0221 484 4924 | +---+ ***** Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
Re: pop3 dying
Yep still working great. And found this right out of the tcpserver man page: -climit Do not handle more than limit simultaneous connections. If there are limit simultaneous copies of program running, defer acceptance of a new connection until one copy finishes. limit must be a positive integer. Default: 40. Thanks again. On Sat, 17 Feb 2001, mick wrote: Ok, tried changing this: /usr/local/bin/tcpserver 0 pop3 /var/qmail/bin/qmail-popup my.domain.com /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir to this: /usr/local/bin/tcpserver -c 200 0 pop3 /var/qmail/bin/qmail-popup my.domain.com /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir See what that does. On Sat, 17 Feb 2001, Charles Cazabon wrote: mick [EMAIL PROTECTED] wrote: concurency limit is set to 120, does that mean its limited to 120 pop3 sesions? Yes, if that's the number you are supplying as the -c option to the tcpserver instance launching qmail-pop3d. Double or quadruple it and see if your problems stop. You could also enable the logging from tcpserver for that. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. --- * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 * * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
pop3 dying
I've got a qmail system in which pop3 dies after about 30 minutes of use. The system load average in low, can't see any obvious run away process, the rest of the system works fine (sshd, smtp, http, ftp). killing all qmail process's and restarting gets it to work for about another 30 minutes Any suggestions as to where to start looking? * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
Re: pop3 dying
Can't see anything obvious This is a busy server so the logs a flying pretty fast, connetions just time out and I can't see any obvious failure messages in the logs. Any suggestions for what I should grep for? On Sat, 17 Feb 2001, Peter van Dijk wrote: On Sat, Feb 17, 2001 at 03:28:38PM +, mick wrote: I've got a qmail system in which pop3 dies after about 30 minutes of use. The system load average in low, can't see any obvious run away process, the rest of the system works fine (sshd, smtp, http, ftp). killing all qmail process's and restarting gets it to work for about another 30 minutes Any suggestions as to where to start looking? What do the logs say? Greetz, Peter. * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
Re: pop3 dying
grep for pop3 on mail.log and daemon.log for pop3 (digital unix) returns nothing. this is how it is called: /usr/local/bin/tcpserver 0 pop3 /var/qmail/bin/qmail-popup my.domain.com / bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir On Sat, 17 Feb 2001, Peter van Dijk wrote: On Sat, Feb 17, 2001 at 03:41:45PM +, mick wrote: Can't see anything obvious This is a busy server so the logs a flying pretty fast, connetions just time out and I can't see any obvious failure messages in the logs. Any suggestions for what I should grep for? Well, I suppose there's no log of any pop3 activity after it dies. What are the last few lines logged about pop3? Greetz, Peter. * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
Re: pop3 dying
Should I add: | /var/qmail/bin/splogger pop3 3 On Sat, 17 Feb 2001, Peter van Dijk wrote: On Sat, Feb 17, 2001 at 04:02:58PM +, mick wrote: grep for pop3 on mail.log and daemon.log for pop3 (digital unix) returns nothing. this is how it is called: /usr/local/bin/tcpserver 0 pop3 /var/qmail/bin/qmail-popup my.domain.com / bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir This startup doesn't specify any logging. Greetz, Peter. * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
Re: pop3 dying
Ok, tried changing this: /usr/local/bin/tcpserver 0 pop3 /var/qmail/bin/qmail-popup my.domain.com /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir to this: /usr/local/bin/tcpserver -c 200 0 pop3 /var/qmail/bin/qmail-popup my.domain.com /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir See what that does. On Sat, 17 Feb 2001, Charles Cazabon wrote: mick [EMAIL PROTECTED] wrote: concurency limit is set to 120, does that mean its limited to 120 pop3 sesions? Yes, if that's the number you are supplying as the -c option to the tcpserver instance launching qmail-pop3d. Double or quadruple it and see if your problems stop. You could also enable the logging from tcpserver for that. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. --- * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *
Re: pop3 dying
Seems to have worked so far! I'll keep my fingers crossed. Thank you greatly for your help. On Sat, 17 Feb 2001, mick wrote: Ok, tried changing this: /usr/local/bin/tcpserver 0 pop3 /var/qmail/bin/qmail-popup my.domain.com /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir to this: /usr/local/bin/tcpserver -c 200 0 pop3 /var/qmail/bin/qmail-popup my.domain.com /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir See what that does. On Sat, 17 Feb 2001, Charles Cazabon wrote: mick [EMAIL PROTECTED] wrote: concurency limit is set to 120, does that mean its limited to 120 pop3 sesions? Yes, if that's the number you are supplying as the -c option to the tcpserver instance launching qmail-pop3d. Double or quadruple it and see if your problems stop. You could also enable the logging from tcpserver for that. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. --- * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 * * Mick Dobra Systems Administrator MTCO Communications 1-800-859-6826 *