rblsmtpd
Hi, Where i can fin a exemple of a qmail startup-script like in lifewithqmail.org for http://cr.yp.to/ucspi-tcp/rblsmtpd.html ? Can you help me to setup it ? Where i can find a update because the mail-abuse.org need money :( Thanks for your help.
rblsmtpd
Hello, In the first time, i'm sorry for the user who have send many virus alert message with him antivurus program on my domain (ndsoftware.net). I use for test rblsmtpd. When i'm logon on my telnet, i get this: [xxx@xxx /home]# rblsmtpd: 129.132.2.199 pid 7941: 451 Open relay. Please see http://orbz.org/?129.132.2.199 rblsmtpd: 129.132.2.199 pid 8799: 451 Open relay. Please see http://orbz.org/?129.132.2.199 Why this warning aren't in the qmail log ? How I can do this ? The best is to manage a another log with all blacklist deny. It's possible to make a path for rblsmtpd, for what the postmaster can receipt message in blacklist (for help the admin who have a mail server blacklisted). Thanks very much.
rblsmtpd
I have some problems with the "-a" option of rblsmtpd. To be more precise, I cant get it to work at all. I have set up rbldns on one of my servers with the intention of using it as an "anti-blocked" list. The rbldns is working, both dig and dnsq can get A records from rbl.unet.net.ph The problem is that rblsmtpd doesnt seem to do any lookup to it at all. The only requests that shows up in the rbldns log is the ones I make with dig and dnsq. # dig @rbl.unet.net.ph 142.205.105.202.rbl.unet.net.ph ; <<>> DiG 8.2 <<>> @rbl.unet.net.ph 142.205.105.202.rbl.unet.net.ph ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUERY SECTION: ;; 142.205.105.202.rbl.unet.net.ph, type = A, class = IN ;; ANSWER SECTION: 142.205.105.202.rbl.unet.net.ph. 34m8s IN A 127.0.0.2 ;; Total query time: 3 msec ;; FROM: mail to SERVER: rbl.unet.net.ph 203.65.246.6 ;; WHEN: Thu Aug 2 15:25:57 2001 ;; MSG SIZE sent: 49 rcvd: 65 # dnsq a 142.205.105.202.rbl.unet.net.ph rbl.unet.net.ph 1 142.205.105.202.rbl.unet.net.ph: 65 bytes, 1+1+0+0 records, response, authoritative, noerror query: 1 142.205.105.202.rbl.unet.net.ph answer: 142.205.105.202.rbl.unet.net.ph 2048 A 127.0.0.2 /service/qmail-smptd/run #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` QMAILQUEUE=`cat /var/qmail/control/queueprogram`;export QMAILQUEUE exec /usr/local/bin/softlimit -m 600 /usr/local/bin/tcpserver \ -H -R -v -p -x /etc/tcp.smtp.cdb -c $MAXSMTPD -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/rblsmtpd -b -a rbl.unet.net.ph -r relays.ordb.org -r or.orbl.org /var/qmail/bin/qmail-smtpd 2>&1 -- Lars Hansson Technical Consultant/System Administrator UNET, Inc.Makati City, Philippines e-mail: [EMAIL PROTECTED]
rblsmtpd
anyway to test the rblsmtp service from ucspi .88? by default... where do messages get logged (via syslogd?). Paul Farber Farber Technology [EMAIL PROTECTED] Ph 570-628-5303 Fax 570-628-5545
rblsmtpd
Hi! I'm in dire need of some help here. I've been working on getting rblsmtpd up and running with tcpserver and am having no luck at all. I've searched the mailing list back and fourth and still can't find a thing. Heres what I got: tcpserver invocation: /usr/local/bin/tcpserver -x /usr/local/etc/ip/tcp.smtp.cdb /usr/local/b in/rblsmtpd -rrelays.radparker.com /var/qmail/bin/qmail-smtpd 2>&1 Nelsons test: 220 I'm not as think as you drunk I am ESMTP helo linux.crynwr.com 250 I'm not as think as you drunk I am mail from:<> 250 ok rcpt to:<[EMAIL PROTECTED]> 250 ok data 354 go ahead From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Mon, 10 Jul 2000 19:41:18 - Message-Id: <[EMAIL PROTECTED]> Test message . 250 ok 963257616 qp 2244 quit Successful termination. As far as I can tell, the email was delivered. This may not be what you want. I've tried just about every way I know of starting tcpserver with no luck whatsoever. If anyone out there can offer any assistance, I'd greatly appreciate it! Tks. -Aaron
rblsmtpd
Hi, Some rather basic questions How do I set the $RBLSMTPD environment variable in order for rblsmtpd to block incoming rbl mails? Does rblsmtpd need it's own daemon or can it be integrated with the smtpd daemon if so how? Thanks AC
rblsmtpd
Anyone ever used DJBs rblsmtp daemon to prevent spam? Could someone tell me where to insert rblsmtpd in my ../supervise/run script. The docs at cr.yp.to are a bit thin, at least for me ;-) my current run script looks like the following: exec /usr/local/bin/softlimit -m 400 /usr/local/bin/tcpserver -v -H -R -l mydomain -x /etc/tcp.smtp.cdb -u $QMAILDUID -g $NOFILESGID 0 smtp /var/qmail/bin/qmail-smtpd 2>&1 Thanx Manuel
RBLSMTPD
Hi, Can anyone please advise me if there is anyway of telling an attacker if you like that they have been blocked via an email or something similiar. I am having the problem that people are getting blocked however it appears the mail goes through but is then not returned. Please Help. Drew
rblsmtpd
I run this script (/var/qmail/supervise/qmail-smtpd/run) to run my qmail-smtpd : #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` exec /usr/local/bin/softlimit -m 200 \ /usr/local/bin/tcpserver -v -p -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp rblsmtpd \ /var/qmail/bin/qmail-smtpd 2>&1 rblsmtpd by default pointed to "rbl.maps.vix.com". How to add more rblsmtpd process to check another blacklist resource like "relays.mail-abuse.org", "blackholes.mail-abuse.org" or "dialups.mail-abuse.org"?
rblsmtpd
Hi, I'm running vpopmail on qmail using ucspi-tcp and daemon tools. I want to implement the rblsmtpd, I've looked at the links from qmail.org but I'm not sure how or where I am supposed to implement it? Thank you Raymond
rblsmtpd...
Hey, I've recently started using rblsmtpd with /etc/tcp.smtp.cdb listing the IPs I don't care to receive mail from. Seems to work ok (I don't receive nearly as much spam as I use to). There's something I still can't find however. Does rblsmtpd leave a trace anywhere of the mail it rejects ? In the doc, there's a line which says; "Meanwhile it prints one line on descriptor 2 to log its activity." Ok. Now this is where I start sounding stupid... do I need to redirect descriptor 2 to a file ? If so, where do I define this ? Jean
Re: rblsmtpd
On Fri, Jul 27, 2001 at 11:50:19PM +0200, NDSoftware wrote: > [xxx@xxx /home]# rblsmtpd: 129.132.2.199 pid 7941: 451 Open relay. > Please see http://orbz.org/?129.132.2.199 > rblsmtpd: 129.132.2.199 pid 8799: 451 Open relay. Please see > http://orbz.org/?129.132.2.199 > > Why this warning aren't in the qmail log ? Show us the rblsmtpd startup script (if you're running qmail, probably the qmail-smtpd startup script). > It's possible to make a path for rblsmtpd, for what the postmaster can > receipt message in blacklist (for help the admin who have a mail server > blacklisted). That turns rblsmtpd from an IP-level ACL enforcer to a mail proxy, so it's more like a brand-new program. You're much better off running a proper filtering SMTP proxy for this purpose. -- Adrian HoTinker, Drifter, Fixer, Bum [EMAIL PROTECTED] ListArchive: <http://marc.theaimsgroup.com/?l=qmail> Useful URLs: <http://cr.yp.to/qmail.html> <http://www.qmail.org> <http://www.lifewithqmail.org/> <http://qmail.faqts.com/>
RE: rblsmtpd
On my Debian: #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` #exec /usr/local/bin/softlimit -m 200 /usr/local/bin/tcpserver -v -R -l 0 -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /usr/local/bin/rblsmtpd -r relays.osirusoft.com -r inputs.relays.osirusoft.com -r dev.null.sk -r inputs.orbz.org -r outputs.orbz.org -r relays.ordb.org -r or.orbl.org -r orbs.dorkslayers.com -r ztl.dorkslayers.com /var/qmail/bin/qmail-smtpd 2>&1 On my Redhat ... env - PATH="/var/qmail/bin:/usr/local/bin" \ tcpserver -H -R -x /etc/tcp.smtp.cdb -c100 -u503 -g503 0 smtp \ /usr/local/bin/rblsmtpd -r relays.osirusoft.com -r inputs.relays.osirusoft.com -r dev.null.sk -r inputs.orbz.org -r outputs.orbz.org -r relays.ordb.org -r or.orbl.org -r orbs.dorkslayers.com -r ztl.dorkslayers.com \ /var/qmail/bin/qmail-smtpd 2>&1 > /dev/null & echo "smtp" ;; Note: My Redhat don't use supervise script. Another problem: my debian who use supervise script log in syslogd and qmail log, why ? How I can log only in my qmail log ? Thanks very much. -Original Message- From: Adrian Ho [mailto:[EMAIL PROTECTED]] Sent: Saturday, July 28, 2001 3:12 AM To: Mailing-List Qmail Subject: Re: rblsmtpd On Fri, Jul 27, 2001 at 11:50:19PM +0200, NDSoftware wrote: > [xxx@xxx /home]# rblsmtpd: 129.132.2.199 pid 7941: 451 Open relay. > Please see http://orbz.org/?129.132.2.199 > rblsmtpd: 129.132.2.199 pid 8799: 451 Open relay. Please see > http://orbz.org/?129.132.2.199 > > Why this warning aren't in the qmail log ? Show us the rblsmtpd startup script (if you're running qmail, probably the qmail-smtpd startup script). > It's possible to make a path for rblsmtpd, for what the postmaster can > receipt message in blacklist (for help the admin who have a mail server > blacklisted). That turns rblsmtpd from an IP-level ACL enforcer to a mail proxy, so it's more like a brand-new program. You're much better off running a proper filtering SMTP proxy for this purpose. -- Adrian HoTinker, Drifter, Fixer, Bum [EMAIL PROTECTED] ListArchive: <http://marc.theaimsgroup.com/?l=qmail> Useful URLs: <http://cr.yp.to/qmail.html> <http://www.qmail.org> <http://www.lifewithqmail.org/> <http://qmail.faqts.com/>
rblsmtpd & log
Hello, When I work on my qmail server I have: [xxx@xxx xxx]# rblsmtpd: 207.217.120.123 pid 9848: 451 Open relay. Please see http://orbz.org/?207.217.120.123 And I can't find this in my log ! My question: How I can display this message in log and not during session ? My config file: /var/qmail/supervise/smtpd/run #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` exec /usr/local/bin/softlimit -m 200 /usr/local/bin/tcpserver -v -R -l 0 -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /usr/local/bin/rblsmtpd -r relays.osirusoft.com -r inputs.relays.osirusoft.com -r dev.null.sk -r inputs.orbz.org -r outputs.orbz.org -r relays.ordb.org -r or.orbl.org /var/qmail/bin/qmail-smtpd 2>&1 A another question: Why my qmail log in syslog ? How I can log only in qmail log ? Why in /var/log/qmail: state lock current @xxx is empty ? It's normal ? In /var/log/qmail/smtpd, the log are good... My log supervise script: /var/qmail/supervise/qmail-send/log/run: #!/bin/sh exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail /var/qmail/supervise/qmail-smtpd/log/run: #!/bin/sh exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail/smtpd Thanks very much
Re: rblsmtpd
On Thu, Aug 02, 2001 at 03:33:53PM +0800, Lars Hansson wrote: > The problem is that rblsmtpd doesnt seem to do any lookup to it at all. Actually, I'd bet it's a DNS problem, not an rblsmtpd one. I'd also bet you made the erroneous assumption that '-a rbl.unet.net.ph' tells rblsmtpd to send TXT queries directly to rbl.unet.net.ph. It does no such thing -- all rblsmtpd queries are done via your DNS resolver, and therefore follow all the normal DNS delegation rules. If running 'dig rbl.unet.net.ph ns' from your qmail server returns 0 records, that's a 50-foot blinking neon sign that your DNS setup needs fixing. -- Adrian HoTinker, Drifter, Fixer, Bum [EMAIL PROTECTED] ListArchive: <http://marc.theaimsgroup.com/?l=qmail> Useful URLs: <http://cr.yp.to/qmail.html> <http://www.qmail.org> <http://www.lifewithqmail.org/> <http://qmail.faqts.com/>
Re: rblsmtpd
On Thu, Aug 02, 2001 at 04:54:02PM +0800, Adrian Ho wrote: > On Thu, Aug 02, 2001 at 03:33:53PM +0800, Lars Hansson wrote: > Actually, I'd bet it's a DNS problem, not an rblsmtpd one. I'd also bet [snip] Ah yes, right you are. I thought rblsmtpd would look it up directly. Adding the subdomain rbl.unet.net.ph fixed it. -- Lars Hansson Technical Consultant/System Administrator UNET, Inc.Makati City, Philippines e-mail: [EMAIL PROTECTED]
rblsmtpd error
A previously-compiled version is on my system. Qmail with rblsmtpd is the only thing running from inetd, and I'm getting the following errors (a lot of them): Jul 2 20:21:31 cyrix inetd[810]: pid 27892: exit status 1 That seems to point to rblsmtpd. When I tried to recompile, thinking perhaps something in RHL had changed, it refused to compile. So, aside from the compiling issue, does this error means something was found in the RBL, or does it mean that the rblsmtpd program is failing? -- Todd A. Jacobs Senior Network Consultant
Re: rblsmtpd
Aaron Nowalk wrote: > > Hi! I'm in dire need of some help here. I've been working on getting > rblsmtpd up and running with tcpserver and am having no luck at all. I've > searched the mailing list back and fourth and still can't find a > thing. Heres what I got: > > tcpserver invocation: > /usr/local/bin/tcpserver -x /usr/local/etc/ip/tcp.smtp.cdb /usr/local/b > in/rblsmtpd -rrelays.radparker.com /var/qmail/bin/qmail-smtpd 2>&1 > ^ You may need a space here (where I've marked with ^), at least that's the way mine is configured - of course I'm not running tcpserver so you may have another problem. Eric
Re: rblsmtpd
I've tried it both ways. Doesn't seem to make a difference :( -Aaron Nowalk =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= | Systems Engineer - Stargate Industries, LLC | | mailto: [EMAIL PROTECTED] www.stargate.net | | 412.316.7827 412.316.7899 | =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Real Internet. Real Easy On Mon, 10 Jul 2000, Eric Cox wrote: > > > Aaron Nowalk wrote: > > > > Hi! I'm in dire need of some help here. I've been working on getting > > rblsmtpd up and running with tcpserver and am having no luck at all. I've > > searched the mailing list back and fourth and still can't find a > > thing. Heres what I got: > > > > tcpserver invocation: > > /usr/local/bin/tcpserver -x /usr/local/etc/ip/tcp.smtp.cdb /usr/local/b > > in/rblsmtpd -rrelays.radparker.com /var/qmail/bin/qmail-smtpd 2>&1 > > ^ > > You may need a space here (where I've marked with ^), at least > that's the way mine is configured - of course I'm not running > tcpserver so you may have another problem. > > Eric >
Re: rblsmtpd
I've been working on this all day again! Anyone out there have _any_ suggestions? Once again, heres the info: /usr/local/bin/tcpserver -u 102 -g 100 -x /usr/local/etc/ip/tcp.smt p.cdb 0 smtp /usr/local/bin/rblsmtpd -rrelays.radparker.com /var/qmail/bin/qmail-smtpd 2>&1 I'm running qmail1-03 on a Sparc 5 running Solaris 7. I'd really appreciate any help anyone has to offer. Thanks. -Aaron Nowalk =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= | Systems Engineer - Stargate Industries, LLC | | mailto: [EMAIL PROTECTED] www.stargate.net | | 412.316.7827 412.316.7899 | =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Real Internet. Real Easy On Mon, 10 Jul 2000, Eric Cox wrote: > > > Aaron Nowalk wrote: > > > > Hi! I'm in dire need of some help here. I've been working on getting > > rblsmtpd up and running with tcpserver and am having no luck at all. I've > > searched the mailing list back and fourth and still can't find a > > thing. Heres what I got: > > > > tcpserver invocation: > > /usr/local/bin/tcpserver -x /usr/local/etc/ip/tcp.smtp.cdb /usr/local/b > > in/rblsmtpd -rrelays.radparker.com /var/qmail/bin/qmail-smtpd 2>&1 > > ^ > > You may need a space here (where I've marked with ^), at least > that's the way mine is configured - of course I'm not running > tcpserver so you may have another problem. > > Eric >
Re: rblsmtpd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11 Jul 00, at 14:02, Aaron Nowalk wrote: > I've been working on this all day again! Anyone out there have _any_ > suggestions? Once again, heres the info: > > /usr/local/bin/tcpserver -u 102 -g 100 -x /usr/local/etc/ip/tcp.smt > p.cdb 0 smtp /usr/local/bin/rblsmtpd -rrelays.radparker.com > /var/qmail/bin/qmail-smtpd 2>&1 Hi, 1. Is all the stuff on one line? 2. Does rblsmtpd really live in /usr/local/bin? 3. Does "relays.radparker.com" really live? To me it seems it's dead. You may test your rblsmtpd like this: env TCPREMOTEIP=127.0.0.2 rblsmtpd -r relays.radparker.com echo hello (all on one line) and see what happens. You may also test with different IPs. > > I'm running qmail1-03 on a Sparc 5 running Solaris 7. I'd really > appreciate any help anyone has to offer. Thanks. > > -Aaron Nowalk > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > | Systems Engineer - Stargate Industries, LLC | > | mailto: [EMAIL PROTECTED] www.stargate.net | > | 412.316.7827 412.316.7899 | > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > Real Internet. Real Easy > > On Mon, 10 Jul 2000, Eric Cox wrote: > > > > > > > Aaron Nowalk wrote: > > > > > > Hi! I'm in dire need of some help here. I've been working on > > > getting rblsmtpd up and running with tcpserver and am having no > > > luck at all. I've searched the mailing list back and fourth and > > > still can't find a thing. Heres what I got: > > > > > > tcpserver invocation: > > > /usr/local/bin/tcpserver -x /usr/local/etc/ip/tcp.smtp.cdb > > > /usr/local/b in/rblsmtpd -rrelays.radparker.com > > > /var/qmail/bin/qmail-smtpd 2>&1 > > > ^ > > > > You may need a space here (where I've marked with ^), at least > > that's the way mine is configured - of course I'm not running > > tcpserver so you may have another problem. > > > > Eric > > > > -BEGIN PGP SIGNATURE- Version: PGP 6.0.2 -- QDPGP 2.60 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBOWtXalMwP8g7qbw/EQInAQCgpYdjpliOwHiYpE4SUO8/INFgTqMAn2u5 W+/FGY5CXjfLlu4ibrJs7bGL =FRIk -END PGP SIGNATURE- -- Petr Novotny, ANTEK CS [EMAIL PROTECTED] http://www.antek.cz PGP key ID: 0x3BA9BC3F -- Don't you know there ain't no devil there's just God when he's drunk. [Tom Waits]
Re: rblsmtpd
Hi. Thanks for responding! I'll answer your questions one at a time: > Hi, > > 1. Is all the stuff on one line? Yes. > 2. Does rblsmtpd really live in /usr/local/bin? Yes. > 3. Does "relays.radparker.com" really live? To me it seems it's > dead. I can ping it and I've tried changing the hostname to maps.vix.com in the tcpserver rc script. > > You may test your rblsmtpd like this: > env TCPREMOTEIP=127.0.0.2 rblsmtpd -r relays.radparker.com > echo hello > (all on one line) and see what happens. You may also test with > different IPs. I tried and I always get "hello." I'm really stumped! > > > > I'm running qmail1-03 on a Sparc 5 running Solaris 7. I'd really > > appreciate any help anyone has to offer. Thanks. > > > > -Aaron Nowalk > > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > > | Systems Engineer - Stargate Industries, LLC | > > | mailto: [EMAIL PROTECTED] www.stargate.net | > > | 412.316.7827 412.316.7899 | > > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > > Real Internet. Real Easy > > > > On Mon, 10 Jul 2000, Eric Cox wrote: > > > > > > > > > > > Aaron Nowalk wrote: > > > > > > > > Hi! I'm in dire need of some help here. I've been working on > > > > getting rblsmtpd up and running with tcpserver and am having no > > > > luck at all. I've searched the mailing list back and fourth and > > > > still can't find a thing. Heres what I got: > > > > > > > > tcpserver invocation: > > > > /usr/local/bin/tcpserver -x /usr/local/etc/ip/tcp.smtp.cdb > > > > /usr/local/b in/rblsmtpd -rrelays.radparker.com > > > > /var/qmail/bin/qmail-smtpd 2>&1 > > > > ^ > > > > > > You may need a space here (where I've marked with ^), at least > > > that's the way mine is configured - of course I'm not running > > > tcpserver so you may have another problem. > > > > > > Eric > > > > > > > > > > > -BEGIN PGP SIGNATURE- > Version: PGP 6.0.2 -- QDPGP 2.60 > Comment: http://community.wow.net/grt/qdpgp.html > > iQA/AwUBOWtXalMwP8g7qbw/EQInAQCgpYdjpliOwHiYpE4SUO8/INFgTqMAn2u5 > W+/FGY5CXjfLlu4ibrJs7bGL > =FRIk > -END PGP SIGNATURE- > -- > Petr Novotny, ANTEK CS > [EMAIL PROTECTED] > http://www.antek.cz > PGP key ID: 0x3BA9BC3F > -- Don't you know there ain't no devil there's just God when he's drunk. > [Tom Waits] >
Re: rblsmtpd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11 Jul 00, at 14:31, Aaron Nowalk wrote: > > 3. Does "relays.radparker.com" really live? To me it seems it's > > dead. > I can ping it and I've tried changing the hostname to > maps.vix.com in the tcpserver rc script. Well yes, it pings, but does it serve out any meaningful information? (Let me remind you that "no record" means "host is OK"; it the zone is empty, no machine will be considered spam- source.) > > You may test your rblsmtpd like this: > > env TCPREMOTEIP=127.0.0.2 rblsmtpd -r relays.radparker.com > > echo hello > > (all on one line) and see what happens. You may also test with > > different IPs. > > I tried and I always get "hello." I'm really stumped! What if you try without the -r parameter? env TCPREMOTEIP=127.0.0.2 rblsmtpd echo whoops It doesn't get through on my comp. -BEGIN PGP SIGNATURE- Version: PGP 6.0.2 -- QDPGP 2.60 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBOWtccVMwP8g7qbw/EQIOswCeJt4iatiKpxNdzxHKsMl7r1VQLMcAn2tL uLOFdORnR/dNfuJCES3/Re/9 =5OoL -END PGP SIGNATURE- -- Petr Novotny, ANTEK CS [EMAIL PROTECTED] http://www.antek.cz PGP key ID: 0x3BA9BC3F -- Don't you know there ain't no devil there's just God when he's drunk. [Tom Waits]
Re: rblsmtpd
> -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 11 Jul 00, at 14:31, Aaron Nowalk wrote: > > > 3. Does "relays.radparker.com" really live? To me it seems it's > > > dead. > > I can ping it and I've tried changing the hostname to > > maps.vix.com in the tcpserver rc script. > > Well yes, it pings, but does it serve out any meaningful > information? (Let me remind you that "no record" means "host is > OK"; it the zone is empty, no machine will be considered spam- > source.) Heres what I get when I try it without any options from the command line: root@xx:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd echo whoops rblsmtpd: pid 6387: 451 Blackholed - see http://mail-abuse.org/cgi-bin/lookup?127.0.0.2> 220 rblsmtpd.local quit 221 rblsmtpd.local So that appears to work. Now, heres with the -r option: root@xx:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd -r maps.vix.com echo whoops whoops So with the -r option, it looks like it goes through. I tried removing the -r option from my tcpserver startup script and it doesn't seem to help. Still getting Nelsons friendly "UH OH! Your RBL blocker isn't working!!!" > > > > You may test your rblsmtpd like this: > > > env TCPREMOTEIP=127.0.0.2 rblsmtpd -r relays.radparker.com > > > echo hello > > > (all on one line) and see what happens. You may also test with > > > different IPs. > > > > I tried and I always get "hello." I'm really stumped! > > What if you try without the -r parameter? > env TCPREMOTEIP=127.0.0.2 rblsmtpd echo whoops > > It doesn't get through on my comp. > > -BEGIN PGP SIGNATURE- > Version: PGP 6.0.2 -- QDPGP 2.60 > Comment: http://community.wow.net/grt/qdpgp.html > > iQA/AwUBOWtccVMwP8g7qbw/EQIOswCeJt4iatiKpxNdzxHKsMl7r1VQLMcAn2tL > uLOFdORnR/dNfuJCES3/Re/9 > =5OoL > -END PGP SIGNATURE- > -- > Petr Novotny, ANTEK CS > [EMAIL PROTECTED] > http://www.antek.cz > PGP key ID: 0x3BA9BC3F > -- Don't you know there ain't no devil there's just God when he's drunk. > [Tom Waits] >
Re: rblsmtpd
also sprach amnowalk: > Heres what I get when I try it without any options from the command line: > > root@xx:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd echo whoops > rblsmtpd: pid 6387: 451 Blackholed - see > http://mail-abuse.org/cgi-bin/lookup?127.0.0.2> > 220 rblsmtpd.local > quit > 221 rblsmtpd.local > > So that appears to work. Now, heres with the -r option: Good. > root@xx:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd -r > maps.vix.com echo whoops > whoops The zone is ``rbl.maps.vix.com'', NOT simply ``maps.vix.com''. :) /pg -- Peter Green : Gospel Communications Network, SysAdmin : [EMAIL PROTECTED] --- Although the Perl Slogan is There's More Than One Way to Do It, I hesitate to make 10 ways to do something. :-) --- Larry Wall in <[EMAIL PROTECTED]>
Re: rblsmtpd
On Tue, 11 Jul 2000, Peter Green wrote: > also sprach amnowalk: > > Heres what I get when I try it without any options from the command line: > > > > root@xx:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd echo whoops > > rblsmtpd: pid 6387: 451 Blackholed - see > > http://mail-abuse.org/cgi-bin/lookup?127.0.0.2> > > 220 rblsmtpd.local > > quit > > 221 rblsmtpd.local > > > > So that appears to work. Now, heres with the -r option: > > Good. > > > root@xx:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd -r > > maps.vix.com echo whoops > > whoops > > The zone is ``rbl.maps.vix.com'', NOT simply ``maps.vix.com''. :) > Tried that with no luck. Its still getting through. ARGH! Once again, any suggestions?!? /usr/local/bin/tcpserver -u 102 -g 100 -x /usr/local/etc/ip/tcp.smtp .cdb 0 smtp /usr/local/bin/rblsmtpd -r rbl.maps.vix.com /var/qmail/bin/qmail-smt pd 2>& 1 |\ > /pg > -- > Peter Green : Gospel Communications Network, SysAdmin : [EMAIL PROTECTED] > --- > Although the Perl Slogan is There's More Than One Way to Do It, I hesitate > to make 10 ways to do something. :-) > --- Larry Wall in <[EMAIL PROTECTED]> > >
Re: rblsmtpd
Aaron Nowalk wrote: > > On Tue, 11 Jul 2000, Peter Green wrote: > > > also sprach amnowalk: > > > root@xx:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd -r > > > maps.vix.com echo whoops > > > whoops > > > > The zone is ``rbl.maps.vix.com'', NOT simply ``maps.vix.com''. :) > > > > Tried that with no luck. Its still getting through. ARGH! Once again, > any suggestions?!? You said you tried env TCPREMOTEIP=127.0.0.2 rblsmtpd echo "got thru" but have you specifically tried env TCPREMOTEIP=127.0.0.2 rblsmtpd -r rbl.maps.vix.com echo "got thru" and got the "blackholed" notice? Eric
Re: rblsmtpd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11 Jul 00, at 15:24, Aaron Nowalk wrote: > So that appears to work. Now, heres with the -r option: > > root@xx:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd -r > maps.vix.com echo whoops whoops > > So with the -r option, it looks like it goes through. That's because "maps.vix.com" is no RBL zone. You want dul.maps.vix.com or rbl.maps.vix.com. -BEGIN PGP SIGNATURE- Version: PGP 6.0.2 -- QDPGP 2.60 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBOWwCglMwP8g7qbw/EQJQ6wCfVXEsAKlgVQnexzrqV0tuyMQKUPoAn2Ah EPFbDBUuOaq/oJ4okPuNUdSJ =Mm0W -END PGP SIGNATURE- -- Petr Novotny, ANTEK CS [EMAIL PROTECTED] http://www.antek.cz PGP key ID: 0x3BA9BC3F -- Don't you know there ain't no devil there's just God when he's drunk. [Tom Waits]
Re: rblsmtpd
On Tue, 11 Jul 2000, Eric Cox wrote: > > > Aaron Nowalk wrote: > > > > On Tue, 11 Jul 2000, Peter Green wrote: > > > > > also sprach amnowalk: > > > > root@xx:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd -r > > > > maps.vix.com echo whoops > > > > whoops > > > > > > The zone is ``rbl.maps.vix.com'', NOT simply ``maps.vix.com''. :) > > > > > > > Tried that with no luck. Its still getting through. ARGH! Once again, > > any suggestions?!? > > You said you tried > > env TCPREMOTEIP=127.0.0.2 rblsmtpd echo "got thru" > > > but have you specifically tried > > env TCPREMOTEIP=127.0.0.2 rblsmtpd -r rbl.maps.vix.com echo "got thru" > > and got the "blackholed" notice? > Yep. :( root@x:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd -r rbl.maps.vix.com echo "got thru" rblsmtpd: 127.0.0.2 pid 9212: 451 Blackholed - see http://mail-abuse.org/cgi-bin/lookup?127.0.0.2> 220 rblsmtpd.local quit 221 rblsmtpd.local > Eric >
Re: rblsmtpd
Scratch that last one. Got it working. Had to specify the IP address in the tcpserver command line. Instead of: /usr/local/bin/tcpserver -u 102 -g 100 -x /usr/local/etc/ip/tcp.smtp.cdb smtp 0 I had replace '0' with the IP of my machine. Alls good now. Thanks everyone, for your help! -Aaron Nowalk =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= | Systems Engineer - Stargate Industries, LLC | | mailto: [EMAIL PROTECTED] www.stargate.net | | 412.316.7827 412.316.7899 | =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Real Internet. Real Easy On Wed, 12 Jul 2000, Aaron Nowalk wrote: > On Tue, 11 Jul 2000, Eric Cox wrote: > > > > > > > Aaron Nowalk wrote: > > > > > > On Tue, 11 Jul 2000, Peter Green wrote: > > > > > > > also sprach amnowalk: > > > > > root@xx:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd -r > > > > > maps.vix.com echo whoops > > > > > whoops > > > > > > > > The zone is ``rbl.maps.vix.com'', NOT simply ``maps.vix.com''. :) > > > > > > > > > > Tried that with no luck. Its still getting through. ARGH! Once again, > > > any suggestions?!? > > > > You said you tried > > > > env TCPREMOTEIP=127.0.0.2 rblsmtpd echo "got thru" > > > > > > but have you specifically tried > > > > env TCPREMOTEIP=127.0.0.2 rblsmtpd -r rbl.maps.vix.com echo "got thru" > > > > and got the "blackholed" notice? > > > > Yep. :( > > root@x:/usr/local/bin# env TCPREMOTEIP=127.0.0.2 rblsmtpd -r > rbl.maps.vix.com echo "got thru" > rblsmtpd: 127.0.0.2 pid 9212: 451 Blackholed - see > http://mail-abuse.org/cgi-bin/lookup?127.0.0.2> > 220 rblsmtpd.local > quit > 221 rblsmtpd.local > > > > Eric > > > >
rblsmtpd-0.70
Hi, I want to use rblsmtpd-0.70 with tcp-server. can you tell me how I make rblsmtpd-0.70 running with qmail ?? Rgds, Al.
Re: rblsmtpd
www.qmail.org download ucspi-tcp-0.88 its included in the package... docs are also on the site. Paul Farber Farber Technology [EMAIL PROTECTED] Ph 570-628-5303 Fax 570-628-5545 On Wed, 2 Aug 2000, Slider wrote: > > Hi, > > Some rather basic questions > > How do I set the $RBLSMTPD environment variable in order for rblsmtpd to > block incoming rbl mails? > Does rblsmtpd need it's own daemon or can it be integrated with the smtpd > daemon if so how? > > Thanks > > AC > >
Re: rblsmtpd
See 'man rblsmtpd'. Briefly, you don't set the var normally. If the var is set, but empty, rblsmtpd won't block the mail in any case. If the var is set to an actual value, it will block the mail. You can set the var in your tcp.smtp CDB file like so: 63.88.133.:allow,RBLSMTPD="-Yesmail email is not wanted here" The 'allow' is misleading. It says to allow the TCP connection, but not necessarily to allow the mail. The $RBLSMTPD var being set tells rblsmtpd to reject the mail. HTH, jon On Wed, Aug 02, 2000 at 12:31:21PM +0100, Slider wrote: > > Hi, > > Some rather basic questions > > How do I set the $RBLSMTPD environment variable in order for rblsmtpd to > block incoming rbl mails? > Does rblsmtpd need it's own daemon or can it be integrated with the smtpd > daemon if so how? > > Thanks > > AC >
Re: rblsmtpd
Jon Rust wrote: > > See 'man rblsmtpd'. :-) No man page for rblsmtpd, at least on my 6-month old package. Docs are actually on the rblsmtpd download page. [snip.] > > Some rather basic questions > > > > How do I set the $RBLSMTPD environment variable in order for rblsmtpd to > > block incoming rbl mails? > > Does rblsmtpd need it's own daemon or can it be integrated with the smtpd > > daemon if so how?
rblsmtpd emergency
Thx for Chris J. for explaining why rblsmtpd stopped working with relays.mail-abuse.org. Such emergencies I think just really show the necessity to simplify "rbl" lookups. Namely, I think rblsmtpd/rbldns should work in such a way that any mail administrator should be able to set up a local mirror of mail-abuse.org. This means, there should not be a need to have a domain delegated to the rbldns server. So what if there was a flag `R" to rblsmtpd so that rblsmtpd -R a.b.c would mean in essence "check the connecting IP at the server a.b.c running rbldns". BTWY, I know many people are attached to using DNS for rbl lookups, but would not it be relatively simple to implement a server software using tcpserver that would just lookup an IP number in a .cdb database of IP numbers, and send an appropriate response? A client might be similarly simple to implement using tcpclient. Mate
TCPSERVER + RBLSMTPD
DJB: Are there any plans to release the official version of rblsmtpd (in tcpserver) with the patch to work with the A records when TXT records aren't available?
Re: rblsmtpd
try: /usr/local/bin/tcpserver -v -H -R -l mydomain -x /etc/tcp.smtp.cdb -u \ $QMAILDUID -g $NOFILESGID 0 smtp /var/qmail/bin/rblsmtpd \ /var/qmail/bin/qmail-smtpd 2>&1 and you should be set. -steve On 09/05/00 @ 03:26PM, Manuel Gisbert wrote: > Anyone ever used DJBs rblsmtp daemon to prevent spam? > Could someone tell me where to insert rblsmtpd in my ../supervise/run > script. > The docs at cr.yp.to are a bit thin, at least for me ;-) > > my current run script looks like the following: > > exec /usr/local/bin/softlimit -m 400 > > Thanx > Manuel >
Re: rblsmtpd
Manuel, On Tue, 5 Sep 2000, Manuel Gisbert wrote: > Anyone ever used DJBs rblsmtp daemon to prevent spam? > Could someone tell me where to insert rblsmtpd in my ../supervise/run > script. > The docs at cr.yp.to are a bit thin, at least for me ;-) > > my current run script looks like the following: > > exec /usr/local/bin/softlimit -m 400 > /usr/local/bin/tcpserver -v -H -R -l mydomain -x /etc/tcp.smtp.cdb -u > $QMAILDUID -g $NOFILESGID 0 smtp /var/qmail/bin/qmail-smtpd 2>&1 You must insert rblsmtpd call just before qmail-smtpd. See: exec /usr/local/bin/softlimit -m 400 \ /usr/local/bin/tcpserver -v -H -R -l mydomain -x /etc/tcp.smtp.cdb -u \ $QMAILDUID -g $NOFILESGID 0 smtp /path/to/rblsmtpd \ /var/qmail/bin/qmail-smtpd 2>&1 Antonio Dias
parallel rblsmtpd
I did an experiment that may be of interest. I parallelized a stand-alone command line rbl program (1) that can check "a bunch" (I had it check 6) of rbl-ish lists in series. I used pthreads. For non-cached answers the parallel version took about 1.1 to 1.5x as long, for cached answers about 10x as long. Some simple experiments lead me to the conclusion that the pthread creation overhead is very large in comparison to the delay of just waiting for the resolver to get the answer. Compared to forking though, I'd imagine creating a thread is a stroll in the park. I'm going to see if I can hack it up (without the pthreads, tho) to drop into where rblsmtp goes. I'm guessing it will be a zillion times faster. (1) http://www.xnet.com/~emarshal/rblcheck/ -- Aaron Nabil
rblsmtpd fun
I'm trying to get multiple RBLs working. However the executed command: supervise /service/qmail-smtpd tcpserver -v -x /etc/tcp.smtpd.cdb -v -u412 -g5 0 smtp rblsmtpd -r dul.maps.vix.com rblsmtpd -r relayips.rbl.shub-inter.net rblsmtpd -r spamips.rbl.shub-inter.net rblsmtpd /var/qmail/bin/qmail-smtpd 2>&1 | /usr/local/bin/accustamp | /usr/local/bin/setuser qmaill /usr/local/bin/cyclog -s 100 -n 50 /servers/log/smtpd & Bounces *everything* like so- 1999-04-25 14:13:46.485549 tcpserver: pid 15206 from 128.227.183.223 1999-04-25 14:13:46.937439 tcpserver: ok 15206 cache-ns.duesouth.net:216.98.0.55:25 m2hb.shands.ufl.edu:128.227.183.223:majordom:6702 1999-04-25 14:13:47.124150 rblsmtpd: pid 15206: 451 IP addresses of relayers. If you've fixed your relay rules. contact us Any ideas? -doug
new rblsmtpd
In case you have not seen it: the new rblsmtpd (in the ucspi-tcp package!) has: Options: * -r base: Use base as an RBL source. An IP address a.b.c.d is listed by that source if d.c.b.a.base has a TXT record. rblsmtpd uses the contents of the TXT record as an error message for the client. * -a base: Use base as an anti-RBL source. An IP address a.b.c.d is anti-listed by that source if d.c.b.a.base has an A record. In this case rblsmtpd does not block mail. You may supply any number of -r and -a options. rblsmtpd tries each source in turn until it finds one that lists or anti-lists $TCPREMOTEIP. (Sorry for polluting). Mate
Bypassing rblsmtpd
I'm under the impression that if I have qmail under the control of a tcpserver with cdb, I can simply do the following to bypass the rblsmtpd invocations: 192.168.1.1:allow,RBLSMTPD="",RELAYCLIENT="" in order to allow an IP to relay, yes? Basically, I'm going to submit my new dial-nets to the DUL, and I don't want to get burned. -- --Matt Schnierle --mgs at stargate dot net --Stargate Industries, LLC --#include --"It's not that simple."
new rblsmtpd
Does not the new rblsmtpd obsolete Russ's patches, or is their any functionality that is still not provided by the new rblsmtpd? Thx Mate
rblsmtpd - notification
Hi, Just read my last message and it is not really clear. I have rblsmtpd set up and it is working fine. However when I send an email to myself through an open relay it appears to send the mail but does not. The mail is obviously being blocked by rblsmtpd. My question is: Is there anyway of notifying the person who sent the mail to you through the open relay, with a generic message that they were blocked. Say "Your message could not be processed by our server." If anyone could help with this it would be much appreciated. Drew
Re: RBLSMTPD
Hello > Hi, > Can anyone please advise me if there is anyway of telling > an attacker if you like that they have been blocked via an email or > something similiar. I am having the problem that people are getting > blocked however it appears the mail goes through but is then not > returned. Please Help. The rblsmtpd based for instance on ORBS - this is not good idea. I think - each admin should generate its own "black" list of spam hosts rather than take it from ORBS. This server from I'm writing now (administrated by me) does not support open relay now, since time, when I have begun administrate it, I have installed the newest software - qmail and configure it with tcpserver. The relayclients are carefuly established. Nothing more are not able to relay post by server of mine but I'm existing further time till today on ORBS list as insecure. Why? How about ask Alan Brown? I suppose, that in like my case are more peoples! If any host might support open relay if not, would bee seen without complicated tests. Each can see that my host does not support open relay but my host sitll exists on ORBS list! ORBS and like ORBS lists there are stupid idea, which makes more evil than good. First of all from such as ORBS 'insecure hosts' list" are using all presented on Net hacers, who have directly listing of host, which potentialy can be used to attack. I'm of opinion, that giving such list public is illegal and harmful. I have met such case, that after each test made from ORBS was reported hackers proof to destroy my host, therefore the access for ORBS on my host has been by my on tcpserver blocked: =nl:deny =nz:deny Best Wishes Piotr --- Piotr Kasztelowicz <[EMAIL PROTECTED]> [http://www.am.torun.pl/~pekasz]
Re: RBLSMTPD
On Thu, Dec 28, 2000 at 10:12:48AM +0100, Piotr Kasztelowicz wrote: > ORBS and like ORBS lists > there are stupid idea, which makes more evil than good. First of all > from such as ORBS 'insecure hosts' list" are using all presented on Net > hacers, who have directly listing of host, which potentialy can > be used to attack. I'm of opinion, that giving such list public > is illegal and harmful. I have met such case, that after each test > made from ORBS was reported hackers proof to destroy my host, therefore > the access for ORBS on my host has been by my on tcpserver blocked: This lists are irrelevant for attacks and security through obscurity is no security at all. Hackers will find your server regardless whether you are listed in a RBL list or not. On a freshly setup system with an IP address never assigned before I had - within a week - 4 complete port scans + 6 additional scans for relay open mailservers. Trying to "hide" is useless. Fix your systems. I personally have no mercy for ppl doing lousy system administration and whining when they get hacked. If you can't handle all the hosts in your responsibility use at least some port filters or a firewall or disconnect them by pulling the network plug. \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research & Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
Re: RBLSMTPD
On Thu, 28 Dec 2000, Markus Stumpf wrote: > This lists are irrelevant for attacks and security through obscurity is > no security at all. The peoples, who manages with RBL could inform admin of tested host prior to begin such tests. If test had presented insecurity or open relay possibilities, ORBS admins could have informed me about them first prior to inform all peoples about them to write it on data base. I'd like to pay your attention to this fact, that all cases to connect to my smtp to use it other than for sending or receiving e-mail (for instance to the test without to inform me about them) can be taken as hackers proof itself. Additionaly each case such tests due to more acitivity of hackers. Should I report this without reaction? I were in such case a bad administrator. > Hackers will find your server regardless whether you are listed in a RBL > list or not. But you can this not excluded, that this listing would have been a good direction for hackers, because it is public on WWW. > Trying to "hide" is useless. Fix your systems. I personally have no mercy .. This was already made by me in September, when I have begun manage with this server (I have under my care more servers), but I will not idle to look to logs, where are observed logs from ORBS tests' proofs common with proofs of achieve my server on ftp or telnet. I suppose, that I'm permited to request from ORBS to use my smtp only for provided for it use - email sending or receiving. This same I wish me to stop all tests. I think, I have a rhight to its... Best Wishes Piotr Kasztelowicz --- Piotr Kasztelowicz <[EMAIL PROTECTED]> [http://www.am.torun.pl/~pekasz]
Re: rblsmtpd
* Agi Subagio <[EMAIL PROTECTED]> [010125 03:00]: > How to add more rblsmtpd process to check another blacklist resource like > "relays.mail-abuse.org", "blackholes.mail-abuse.org" or > "dialups.mail-abuse.org"? (lart@socha):(~)$ cat /service/smtp/run #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` exec /usr/local/bin/softlimit -m 200 \ /usr/local/bin/tcpserver -v -p -x tcp.cdb \ -u $QMAILDUID -g $NOFILESGID 0 smtp /usr/local/bin/rblsmtpd \ -rrelays.orbs.org -rrbl.maps.vix.com \ -r blackholes.mail-abuse.org \ -r dialups.mail-abuse.org \ -r 'relays.mail-abuse.org:Open relay problem - see http://www.mail-abuse.org/cgi-bin/nph-rss?%IP%>' \ /var/qmail/bin/qmail-smtpd 2>&1
Re: rblsmtpd
On Thu, Jan 25, 2001 at 04:35:58AM -0500, Robin S. Socha wrote: > * Agi Subagio <[EMAIL PROTECTED]> [010125 03:00]: > > How to add more rblsmtpd process to check another blacklist resource like > > "relays.mail-abuse.org", "blackholes.mail-abuse.org" or > > "dialups.mail-abuse.org"? > > (lart@socha):(~)$ cat /service/smtp/run > #!/bin/sh > QMAILDUID=`id -u qmaild` > NOFILESGID=`id -g qmaild` > exec /usr/local/bin/softlimit -m 200 \ > /usr/local/bin/tcpserver -v -p -x tcp.cdb \ > -u $QMAILDUID -g $NOFILESGID 0 smtp /usr/local/bin/rblsmtpd \ > -rrelays.orbs.org -rrbl.maps.vix.com \ > -r blackholes.mail-abuse.org \ > -r dialups.mail-abuse.org \ > -r 'relays.mail-abuse.org:Open relay problem - see > http://www.mail-abuse.org/cgi-bin/nph-rss?%IP%>' \ I think this last entry requires a patched rbslmptd. You could instead use: -r relays.msci.memphis.edu relays.msci.memphis.edu is a mirror of relays.mail-abuse.org, but it runs Dan's rbldns and gives out the TXT record that rblsmtpd needs. Chris
Re: rblsmtpd
Hello Chris On 25-Jan-01, you wrote: > > I think this last entry requires a patched rbslmptd. You could instead > use: > > -r relays.msci.memphis.edu > > relays.msci.memphis.edu is a mirror of relays.mail-abuse.org, but it runs > Dan's rbldns and gives out the TXT record that rblsmtpd needs. > > Chris > Funny, I was just about to look at rblsmtpd later today or this evening. Apparently the records changed from txt to ?? last August. I was hoping that as ucspi-tcp had been overhauled and rblsmtpd is now within it, at 0.88 this inter-operability problem had been fixed. What is the status of this problem ? Further, what's the -a option all about ? Whilst I'm hereI noticed that most mail servers connecting have cutomised greetings and endings during the 220, 250 and 221 responses. I searched the docs plus Dave Sills archives but couldn't find anything on this. Just curious... Regards...Martin -- 1) If you have to ask, you're not entitled to know. 2) If you don't like the answer, you shouldn't have asked. == Abbott's Law
Re: rblsmtpd
On Thu, Jan 25, 2001 at 02:06:58PM -0500, Martin Randall wrote: [snip] > Whilst I'm hereI noticed that most mail servers connecting have > cutomised greetings and endings during the 220, 250 and 221 responses. I > searched the docs plus Dave Sills archives but couldn't find anything on > this. man qmail-smtpd, look for smtpgreeting. Greetz, Peter.
Re: rblsmtpd
Martin Randall <[EMAIL PROTECTED]> writes: > Whilst I'm hereI noticed that most mail servers connecting have > cutomised greetings and endings during the 220, 250 and 221 responses. I > searched the docs plus Dave Sills archives but couldn't find anything on > this. Naturally qmail provides this essential customization. See the smtpgreeting control file. Ian
Re: rblsmtpd
Hello Peter On 25-Jan-01, you wrote: > On Thu, Jan 25, 2001 at 02:06:58PM -0500, Martin Randall wrote: > [snip] >> Whilst I'm hereI noticed that most mail servers connecting have >> cutomised greetings and endings during the 220, 250 and 221 responses. I >> searched the docs plus Dave Sills archives but couldn't find anything on >> this. > > man qmail-smtpd, look for smtpgreeting. > > Greetz, Peter. > Well there were twp partsto this, the main part the rblsmtpd and the trivial/curious part, which is this. Let me start with the rblsmtpd. Here is a rbl log on another mail server. Sat 2001-01-27 13:39:51: [1164:8057] EHLO mail02.osite.com.br Sat 2001-01-27 13:39:51: [1164:8057] Spam Blocker checking 200.189.209.131 using cache... Sat 2001-01-27 13:39:51: [1164:8057] Spam Blocker checking 200.189.209.131 using 131.209.189.200.dialups.mail-abuse.org... Sat 2001-01-27 13:39:51: [1164:8057] Spam Blocker A-record resolution of [131.209.189.200.dialups.mail-abuse.org] in progress (DNS Server: 216.136.29.250)... Sat 2001-01-27 13:40:01: [1164:8057] Spam Blocker 10 second wait for DNS response exceeded Sat 2001-01-27 13:40:01: [1164:8057] Spam Blocker checking 200.189.209.131 using 131.209.189.200.rbl.maps.vix.com... Sat 2001-01-27 13:40:01: [1164:8057] Spam Blocker A-record resolution of [131.209.189.200.rbl.maps.vix.com] in progress (DNS Server: 216.136.29.250)... Sat 2001-01-27 13:40:02: [1164:8057] Spam Blocker checking 200.189.209.131 using 131.209.189.200.relays.mail-abuse.org... Sat 2001-01-27 13:40:02: [1164:8057] Spam Blocker A-record resolution of [131.209.189.200.relays.mail-abuse.org] in progress (DNS Server: 216.136.29.250)... Sat 2001-01-27 13:40:02: [1164:8057] Spam Blocker D=131.209.189.200.relays.mail-abuse.org TTL=(5) A=[127.0.0.2] Sat 2001-01-27 13:40:02: [1164:8057] 550 mail from 200.189.209.131 refused by RSS, see http://www.mail-abuse.org/rss/ Sat 2001-01-27 13:40:03: [1164:8057] SMTP session abnormally terminated, 26 bytes transferred. Sat 2001-01-27 13:40:03: -- As you can see, it says it is doing A-record resolutions with the relevent abuse locations. I did note in the earlier mail that rblsmtpd is now in the ucspi-tcp program and has a -a query. The only thing about this is why it says "anti-listed" instead of listed. On my second question which was about the 220, 221 etc. codes, Yes, I had already tried putting something in SMTPGREETING. What that gives me is (I've deleted most of the junk for brevity) :- Sat 2001-01-27 13:38:15: [2356:8055] 220 How's it hanging ? ESMTP Sat 2001-01-27 13:38:15: [2356:8055] EHLO chaossolutions.org Sat 2001-01-27 13:38:15: [2356:8055] 250-How's it hanging ? Sat 2001-01-27 13:38:15: [2356:8055] 221 How's it hanging ? Sat 2001-01-27 13:38:15: [2356:8055] SMTP session successful, 675 bytes transferred. As you can see, it gives the same text string for 220, 221 and 250 ie the smtpgreeting. Wheras, other pople customise the strings which is what I was asking about. Sat 2001-01-27 05:41:30: [2608:7809] 220 smtp2.home.se Novonyx SMTP ready $Revision: 2.74 $ Sat 2001-01-27 05:41:30: [2608:7809] EHLO chaossolutions.org Sat 2001-01-27 05:41:32: [2608:7809] 250-smtp2.home.se Pleased to meet you Sat 2001-01-27 05:41:44: [2608:7809] 221 smtp2.home.se So long, and thanks for all the fish Sat 2001-01-27 05:41:34: [2228:7803] 250 warrior-inbound - Plus.Net, The smarter way to Internet - Sat 2001-01-27 05:41:43: [2228:7803] 250 ok 980592233 qp 27053 Sat 2001-01-27 05:41:43: [2228:7803] QUIT Sat 2001-01-27 05:41:49: [2228:7803] 221 warrior-inbound - Plus.Net, The smarter way to Internet - Sat 2001-01-27 05:41:37: [2444:7858] 250-post.it.helsinki.fi Hello server.chaossolutions.org [216.136.109.158] (may be forged), pleased to meet you. Unless you are a SPAMmer Sat 2001-01-27 05:41:38: [2444:7858] 250 2.1.0 <[EMAIL PROTECTED]>... Sender looks kinda ok Sat 2001-01-27 05:41:50: [2444:7858] 250 2.0.0 f0RAhmx20818 Message accepted for delivery. Lucky you Sat 2001-01-27 05:41:50: [2444:7858] QUIT Sat 2001-01-27 05:41:51: [2444:7858] 221 2.0.0 post.it.helsinki.fi closing connection. Nice meeting you Anyway, this part I was just curious about. The main bit was/is the rblsmtpd. Please refer back to my original mail if you are confused. Regards...Martin -- Ah, Blackadder. Notice anything...unusual? Yes, sir. It's eleven thirty in the morning, and you're moving about. Is the bed on fire? == George and Edmund : Duel and Duality
rblsmtpd patch
Hi! I have made a patch to rblsmtpd that allows to call an arbitrary program whenever a connecting mailserver is in one of the lists. I use it to send the postmasters of this host and the respective domains a short mail saying that they have an open relay and they should fix it. This is maybe not what everybody wants, because it generates traffic. But I have my users in the back complaining about not getting mails from the outside. So I started to send out mails manually to the respective postmasters to close their open relays. This was getting too much work, therefore this patch: ftp://epigenomics.org/pub/oss/ucspi-tcp/rblsmtpd.patch When rblsmtpd is called with the new option "-x /path/to/program", it calls the program every time a connecting mailserver is blocked and quits. It calls the given program, which gets all the environment variables from tcpserver and a new one set by rblsmtpd: $RBLMESSAGE, which is the message the connecting mailserver was rejected with. The program now can make decisions based on $TCPREMOTEHOST et. al. to do anything like sending mail to postmaster@$TCPREMOTEHOST. I do know that the error should show up in the logs of the remote host, but when they are misconfigured, it is likely the postmaster does not look into the logs. I do hope she/he is looking into the mailbox... In the ftp-directory is a sample bash script called rblscript that sends a short mail to the postmaster of the remote host. Please feel free to send any additions/corrections to me. Greetings -- Robert Sander Computer Scientist Epigenomics AG Bioinformatics R&Dwww.epigenomics.com Kastanienallee 24 +493024345330 10435 Berlin
Re: rblsmtpd
> I did note in the earlier mail that rblsmtpd is now in the ucspi-tcp > program and has a -a query. The only thing about this is why it > says "anti-listed" instead of listed. Perhaps you want to read the docs for rblsmtpd for the meaning of the -a flag. Unpatched rblsmtpd blocks using TXT records. Mate
Re: rblsmtpd
Hello Mate On 29-Jan-01, you wrote: >> I did note in the earlier mail that rblsmtpd is now in the ucspi-tcp >> program and has a -a query. The only thing about this is why it >> says "anti-listed" instead of listed. > > > Perhaps you want to read the docs for rblsmtpd for the meaning of the > -a flag. > > Unpatched rblsmtpd blocks using TXT records. > > Mate > There isn't a man rblsmtpd. what other docs besides DJB's ucspi-tcp (rblsmtmp) http://cr.yp.to/ucspi-tcp/rblsmtpd.html Options: -r base: Use base as an RBL source. An IP address a.b.c.d is listed by that source if d.c.b.a. base has a TXT record. rblsmtpd uses the contents of the TXT record as an error message for the client. -a base: Use base as an anti-RBL source. An IP address a.b.c.d is anti-listed by that source if d.c .b.a.base has an A record. In this case rblsmtpd does not block mail. This is the reference to :- "The only thing about this is why it says "anti-listed" instead of listed." That I made. I am not sure why it says "anti-listed". As in not in the rbl. It seems to be saying that if the IP matches then it's allowed. I'd have thought that if they had changed their rbl listing from txt to A-record, then doing a A-record against it and getting a result would be "listed" and then qmail would deny the connection. Obviously, I'm missing something here, but that section of the ucspi-tcp/rblmstpd is just not clear. Regards...Martin -- "Good taste is better than bad taste, but bad taste is better than no taste." - Arnold Bennett.
rblsmtpd log
sorry for this question, how to log rblsmtpd conversation in to /var/log/qmail or other place?
rblsmtpd logging
I noticed when I implemented rblsmtpd that several legitimate sites were being blocked. They were mostly other .edu sites. Is there any way to create a list of exceptions, hopefully with a wild card so I could allow all .edu traffic to pass regardless? Or better yet can I get rblsmtpd to just tell me which sites it has gotten matches on but not actually block the mail. So I can then encourage sites that should be allowed in to improve their servers, and make the web a better place for us all. I've already written a script to pull out those who get blocked from the log file. That was how I discovered I was blocking people who needed to send us email. I would be happy to share it. John McCoy, Jr Central Systems Administrator Mills College, Oakland, CA 510-430-3321 [EMAIL PROTECTED]
tcpserver rblsmtpd
Anyone have a good example of using the tcpserver rblsmtpd with qmail? I am currently using "/usr/local/bin/tcpserver -c 120 -D -x /mail/etc/tcp.smtp.cdb -u 501 -g 500 0 smt p /var/qmail/bin/qmail-smtpd 2>&1 | /var/qmail/bin/splogger smtpd 3 &" as my start line in my rc.local file. Please let me know what the best way to use the rblsmtpd program is. Thank you. --- Brad Dameron[EMAIL PROTECTED] Network Account Executive 877-663-4349 TSCNet Online Services www.tscnet.com --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.237 / Virus Database: 115 - Release Date: 3/7/2001
rblsmtpd and rblplus?
Has anyone modified rblsmtpd to work with MAPS' rbl-plus? It's a merged RBL, RSS, and DUL with the particular list(s) an address is on being determined by bits in the low part. The changes I'd want to rblsmtpd would be 1) tell which bits to pay attention to and which not tom since I reject RBL and RSS mail, but send DUL mail into a spam trap, and 2) provide default TXT messages to use depending on which bits are set. It's not all that hard to do, but I'd rather not do it if someone else already has. I see nothing about rbl-plus in the archives yet. -- John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 387 6869 [EMAIL PROTECTED], Village Trustee and Sewer Commissioner, http://iecc.com/johnl, Member, Provisional board, Coalition Against Unsolicited Commercial E-mail
ucspi / rblsmtpd docs?
Hello all Got the latest verion of ucspi (.88) that is said to incorporate the older rblsmtpd program from djb Are the old rblsmtpd docs still valid??? The tcpserver man page DOES list rblsmtpd under 'see also', but rblsmtpd is not part of ucspi.. and round and round we go! So where are the docs??? Tcpserver or rblsmtpd Paul Farber Farber Technology [EMAIL PROTECTED] Ph 570-628-5303 Fax 570-628-5545
qmail/rblsmtpd error
I have the following line in /etc/inetd.conf: smtp stream tcp nowait qmaild /usr/sbin/tcpd /var/qmail/bin/tcp-env /usr/local/bin/rblsmtpd /var/qmail/bin/qmail-smtpd I'm getting oodles of the following errors in my logs: Jul 3 14:12:12 cyrix inetd[810]: pid 31351: exit status 1 Jul 3 14:27:41 cyrix inetd[810]: pid 31420: exit status 1 Jul 3 14:43:22 cyrix inetd[810]: pid 31458: exit status 1 Jul 3 14:59:00 cyrix inetd[810]: pid 31481: exit status 1 Since qmail isn't restarting all the time, the problem seems to point to rblsmtpd. I did a grep of all the source files, but only found exit(1) in subgetopt.3, and am not sure how this applies. Can anyone help? -- Todd A. Jacobs Senior Network Consultant
build-rblsmtpd error
Hi ! Running Debian, I done the "build-rblsmtpd" which debian implements in a DEB rblsmtpd-source package. The only problem is that the "build-rblsmtpd" part exits with a rather nice error. These are the lines it does : Press ENTER to continue... make make[1]: Entering directory `/tmp/rblsmtpd/rblsmtpd-0.70´ nroff -man rblsmtpd.8 > rblsmtpd.0 nroff -man antirbl.8 > antirbl.0 ./compile rblsmtpd.c make[1]: execvp: ./compile: Permission Denied make[1]: *** [rblsmtpd.o] Error 127 make[1]: Leaving directory `/tmp/rblsmtpd/rblsmtpd-0.70´ make: *** [build] Error 2 I don´t know if anyone has come across this problem before, or if I have missed a step. Any ideas ? Thanks, Neil
Re: rblsmtpd emergency
On Wed, Aug 16, 2000 at 07:08:28AM -0500, Mate Wierdl wrote: > BTWY, I know many people are attached to using DNS for rbl lookups, > but would not it be relatively simple to implement a server software > using tcpserver that would just lookup an IP number in a .cdb database > of IP numbers, and send an appropriate response? A client might be > similarly simple to implement using tcpclient. That would not allow for the rapid changes necessary in a blackhole list. Imagine you are an ISP with several thousand customers. Through an oversight, your mail server is blacklisted. Would you rather wait for the tens or hundreds of thousands of sysadmins out there administering mail servers to remove you from their blackhole list or just submit it to the maintainer of the list and have it fixed in minute or hours? Ben -- Ben Beuchler [EMAIL PROTECTED] MAILER-DAEMON (612) 321-9290 x101 Bitstream Underground www.bitstream.net
Re: rblsmtpd emergency
On Wed, Aug 16, 2000 at 09:55:53AM -0500, Ben Beuchler wrote: > On Wed, Aug 16, 2000 at 07:08:28AM -0500, Mate Wierdl wrote: > > > BTWY, I know many people are attached to using DNS for rbl lookups, > > but would not it be relatively simple to implement a server software > > using tcpserver that would just lookup an IP number in a .cdb database > > of IP numbers, and send an appropriate response? A client might be > > similarly simple to implement using tcpclient. > > That would not allow for the rapid changes necessary in a blackhole > list. Imagine you are an ISP with several thousand customers. Through > an oversight, your mail server is blacklisted. Would you rather wait > for the tens or hundreds of thousands of sysadmins out there > administering mail servers to remove you from their blackhole list or > just submit it to the maintainer of the list and have it fixed in minute > or hours? I do not understand this comment: it seems you are arguing against the very existence of rbldns. And I was asking if rbldns could be implemented in a less restrictive way---without the need for a domain delegation. As a separate but related question, I was also asking if DNS needs to be involved in the first place. The fact is a few thousand mail servers running rblsmtpd cannot use relays.mail-abuse.org. So now they all have to apply for a domain so that they can use rbldns. Or they can start patching rblsmtpd to use A records---until relays.mail-abuse.org will change the record structure again. To address your concern: a reasonable site running rbldns would transfer the zone from relays.mail-abuse.org frequently, so a change at relays.mail-abuse.org would propagate to the mirrors quite quickly. Mate
Re: rblsmtpd emergency
- Original Message - From: "Mate Wierdl" <[EMAIL PROTECTED]> > On Wed, Aug 16, 2000 at 09:55:53AM -0500, Ben Beuchler wrote: > > On Wed, Aug 16, 2000 at 07:08:28AM -0500, Mate Wierdl wrote: > > > > That would not allow for the rapid changes necessary in a blackhole > > list. Imagine you are an ISP with several thousand customers. Through > > an oversight, your mail server is blacklisted. Would you rather wait > > for the tens or hundreds of thousands of sysadmins out there > > administering mail servers to remove you from their blackhole list or > > just submit it to the maintainer of the list and have it fixed in minute > > or hours? > > The fact is a few thousand mail servers running rblsmtpd cannot use > relays.mail-abuse.org. So now they all have to apply for a domain so > that they can use rbldns. Or they can start patching rblsmtpd to use > A records---until relays.mail-abuse.org will change the record > structure again. The best approach to this is to have rblsmtpd use A records, as it should have from the beginning (that's what you get for optimising solely for speed, not for correctness).
Re: rblsmtpd emergency
On Thu, Aug 17, 2000 at 06:34:21PM -0400, Michael T. Babcock wrote: > The best approach to this is to have rblsmtpd use A records, as it should > have from the beginning (that's what you get for optimising solely for > speed, not for correctness). But then the TXT record is really useful: it does give a clue to the client how to get out of the mess. Mate
Re: rblsmtpd emergency
You're right -- there's no doubt that the TXT record is useful (or was ;-) ). But my point is that the lookups (according to the spec) were to be done on A records, and the TXT records fetched if you wanted that description. This is two lookups, so no qmail person would settle for that (humour). That was the jist of my original coment. - Original Message - From: "Mate Wierdl" <[EMAIL PROTECTED]> > On Thu, Aug 17, 2000 at 06:34:21PM -0400, Michael T. Babcock wrote: > > The best approach to this is to have rblsmtpd use A records, as it should > > have from the beginning (that's what you get for optimising solely for > > speed, not for correctness). > > But then the TXT record is really useful: it does give a clue to the > client how to get out of the mess.
Re: rblsmtpd emergency
Hello, On Wed, Aug 16, 2000 at 10:28:48AM -0500, Mate Wierdl wrote: > On Wed, Aug 16, 2000 at 09:55:53AM -0500, Ben Beuchler wrote: > > On Wed, Aug 16, 2000 at 07:08:28AM -0500, Mate Wierdl wrote: > > > but would not it be relatively simple to implement a server software > > > using tcpserver that would just lookup an IP number in a .cdb database > > > of IP numbers, and send an appropriate response? A client might be hmm. I don't understand the question. For ucspi-tcp-0.88, I get from http://cr.yp.to/ucspi-tcp/rblsmtpd.html (slightly wrapped): - cut Options: -r base: Use base as an RBL source. An IP address a.b.c.d is listed by that source if d.c.b.a.base has a TXT record. rblsmtpd uses the contents of the TXT record as an error message for the client. - cut and: - cut You may supply any number of -r and -a options. rblsmtpd tries each source in turn until it finds one that lists or anti-lists $TCPREMOTEIP. It also tries an RBL source of rbl.maps.vix.com if you do not supply any -r options. See http://maps.vix.com/rbl/ for more information about rbl.maps.vix.com. If you want to run your own RBL source or anti-RBL source for rblsmtpd, you can use rbldns from the djbdns package. - cut I didn't try this, but imho this clearly says "-r maps.vix.com gets you the default behaviour of asking Paul Vixie". So, what's the problem? You need to axfr the zone from somewhere and massage that into a cdb the rbldns would probably use. That could be done with a cron job. How much mail you then deny is up to you... But that's one thing every sysadmin has to decide for oneself, do I have a default closed (-c) or open (-C) setup when my rbl servers fail? Best Regards, --Toni++
DUL and rblsmtpd
Does anyone know if Dan is planning on adding DUL support to rblsmtpd? --Adam
abuse@... vs rblsmtpd
Hiyas, I have a little cosmetic problem with spam handling. I'd like to make a controlled account where the handled-as-spammer-hosts can post mail. This account can be practically [EMAIL PROTECTED] Well, I understand that RBL lists are a solution of today's problems and it have to be isolated from smtpd, but it would be good if some spammer could send complaining letters to my host. Before some of you suggest me to use another IP address I have to tell that we currently own 32 addresses and I cannot give one just for spam complains. I think I musn't isolate myself from spammers completely because it's generally a bad idea. Regards: Balazs -- #!/usr/bin/perl -export-a-crypto-system-sig -http://dcs.ex.ac.uk/~aba/rsa print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0
multiple rblsmtpd instances
Is is possible to run multiple rblsmtpd instances in front of one another? We use both the maps RBL and the maps DUL on our remaining sendmail box, and I need to verify that this can be done for the process of phasing in qmail. I'm guessing that I can just daisychain the rblsmptd instances in front of one another. Is this possible, and what in blazes would the syntax look like? TIA. --Matt Schnierle --mgs at stargate dot net --Stargate Industries, LLC --#include --"It's not that simple."
rblsmtpd not blocking
I have verified that orbs's host are not blocked with my setup. I dont see what's wrong. What exactly should I do? Also: Can I get denials logged? Here is my complete startup script (AIX-4.2.1): /usr/local/bin/supervise /usr/local/qmail/supervise/qmail-send env - \ PATH="/usr/local/qmail/bin:$PATH" \ TZ=MET-1METDST,M3.5.0,M10.5.0 \ qmail-start ./Mailbox /usr/local/bin/accustamp|/usr/local/bin/setuser qm aill \ /usr/local/bin/cyclog -s14000 -n2 /var/adm/maillog qmail & /usr/local/bin/supervise /usr/local/qmail/supervise/tcpserver env - \ PATH="/usr/local/bin:$PATH" TZ=MET-1METDST,M3.5.0,M10.5.0 \ tcpserver -x /usr/local/etc/tcp.smtp.cdb \ -v -p -t 5 -c 400 -b 40 -u 203 -g 200 0 \ smtp /usr/local/bin/smtplog \ /usr/local/bin/rblsmtpd -rrelays.orbs.org -rrbl.maps.vix.com \ /usr/local/qmail/bin/qmail-smtpd 2>&1 \ | /usr/local/bin/accustamp \ | /usr/local/bin/cyclog -s14000 -n2 /var/adm/smtpd smtpd 3 & -- Med venlig hilsen / Regards Netdriftgruppen / Network Management Group UNI-C Tlf./Phone +45 35 87 89 41Mail: UNI-C Fax. +45 35 87 89 90 Bygning 304 E-mail: [EMAIL PROTECTED] DK-2800 Lyngby
rblsmtpd error codes
Sam writes: > Is it only my opinion that rblsmtpd returns a temporary error code, > for no good reason, so that the blacklisted relay keeps banging at > your server for two weeks, until the mail bounces? It's not an opinion. It's a statement of fact. And it's wrong. rblsmtpd gives you the choice between code 553, telling legitimate clients to bounce the message immediately, and code 451, giving innocent relay operators a chance to fix the problem. Read the fucking manual. ---Dan
rblsmtpd error redirection?
Hi, I am running rblsmtpd under tcpserver, and I would like the error messages to be saved to a log file instead of being directed to stderr. Is there a way that I can do this? Thanks. barton
rblsmtpd w/inetd?
Hi, (I've been off this list for a while, but I'm back now - apologies if I've just missed anything like this) Has anyone successfully setup rblsmtpd (as a front for qmail-smtpd) running through inetd? I realise that having something like: smtp stream tcp nowait.1000 qmaild /usr/sbin/tcpd \ /usr/local/qmail/bin/tcp-env /usr/local/qmail/bin/rblsmtpd \ /usr/local/qmail/bin/qmail-smtpd is going to be at least a little inefficient, but it would do an initial attempt to start using the RBLs. Also, (and slightly off-topic) does anyone here have experience of the list at http://www.imrss.org/dssl/? Cheers, Matthew.
elementary rblsmtpd question
I now realized, I do not understand how rbl(smtpd) works. Is it correct to say that rblsmtpd checks the rbl database only for the (most recently) connecting host? In particular, suppose I run rblsmtpd on A and I do not run it on B. If I have a .qmail file on B, with mw@A in it, and a spam is sent to this .qmail file from an rbl'd site, mw@A will get the message. Thx Mate
Help with rblsmtpd
I found out about qmail a few months ago and I installed it in a production system basing myself on the excellent reference titled "Life with qmail"; I use qmail's initialization script that comes in that reference. Lately, however, several users have complained about not receiving email from certain places. I investigated further and realized that these places are those that have open relay configured in their servers. My question is, which /var/qmail/control file should I specify to receive the emails from certain domains? I appreciate your attention, thanks in advance. Regards
qmail and rblsmtpd
Hi All, I'm new the list and hopefully have an easily answered questions, which is : How do I apply the coorect options to get rblsmtpd to work with qmail. This is my current tcpserver command line : /usr/local/bin/tcpserver -v -u 101 -g 100 0 smtp /var/qmail/bin/qmail-smtpd & I want to use relays.mail-abuse.org and my rblsmtpd is located in /opt/software/bin/rblsmtpd Can anyoone help at all? Many thanks, Kevin Smith
qmail and rblsmtpd
Hi All, Is there anyone who knows about how to setup rblsmtpd ? I've tried loads of different sources and I can't seem to find a way to set-up qmail to bloke relay spam to my server. This my current start-up for qmail in /etc/init.d : /usr/local/bin/tcpserver -v -u 101 -g 100 0 smtp /var/qmail/bin/qmail-smtpd & I have tried the following combinations : Here is the rblsmtpd help prompt : rblsmtpd [ -b ] [ -R ] [ -r domain ] [ -t timeout ] smtpd [ arg ... ] And in theory this should work : /usr/local/bin/tcpserver -v -u 101 -g 100 0 smtp /opt/software/bin/rblmstpd /var/qmail/bin/qmail-smtpd & But, ir doesn't bloke reply spam from the test from RSS list? Any ideas? Regards, Kevin Smith Lemon Lainey Design UK http://www.lemonlaineydesign.com
rblsmtpd + multiple listings
I am a bit confused ... I am looking at Aaron Nabil's patch to allow rblsmtpd to use multiple listing services ... but does rblsmtpd not already support multiple services? Of course it does, I'm using the rbl and relays.mail-abuse right now. Why the patch? -- __ Mark Drummond|ICQ#19153754|mailto:[EMAIL PROTECTED] Gang Warily|http://signals.rmc.ca/ Kingston Linux Users Group|http://signals.rmc.ca/klug/
help with rblsmtpd
> > I just need another pair of eyes (or a dozen parirs) to tell me why the > following startup files wouldn't work: > > #!/bin/sh > QMAILDUID=`id -u qmaild` > NOFILESGID=`id -g qmaild` > exec /usr/local/bin/softlimit -m 200 \ > /usr/local/bin/tcpserver -v -p -x /etc/tcp.smtp.cdb -c 5\ > -u $QMAILDUID -g $NOFILESGID 0 smtp /var/qmail/bin/rblsmtpd -b -r rbl >.ma > ps.vix.com -r dul.maps.vix.com -r relays.radparker.com -r rss.maps.vix.com \ > /var/qmail/bin/qmail-smtpd 2>&1 > > I just upgraded my copies of ucspi and daemontools to the latest versions and > removed my old startup file in favor of the LWQ startfile. Everything worked > until I tried to integrate rblsmtpd into the mix. Using the above caused smtp >d > to not respond: > > brandon@dudman [9:59am] /home/brandon 4060> telnet discontent.com 25 > Trying 216.100.35.70... > Connected to discontent.com. > Escape character is '^]'. > Connection closed by foreign host. > > although a ps auxww showed what looked like a working smtpd: > > qmaild 26262 0.0 0.5 1260 520 pts/0S10:05 0:00 /usr/local/bin >/tcpserver -v -p -x /etc/tcp.smtp.cdb -c 5 -u 16 -g 52 0 smtp > /var/qmail/bin/rblsmtpd -b -r rbl.maps.vix.com -r dul.maps.vix.com -r relays. >radparker.com -r rss.maps.vix.com /var/qmail/bin/qmail-smtpd > > Any suggestions? > > Brandon
Re: new rblsmtpd
Mate Wierdl writes: > Does not the new rblsmtpd obsolete Russ's patches, or is their any > functionality that is still not provided by the new rblsmtpd? You can make your own decision, but ... I use the new rblsmtpd. -- -russ nelson <[EMAIL PROTECTED]> http://russnelson.com Crynwr sells support for free software | PGPok | "Ask not what your country 521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | do for you..." -Perry M.
Relay and rblsmtpd
Hi, I want to block some emails so, I installed rlblsmtpd. I need to put it in qmail initialization script but, I don't know how to do it. This line is in my qmail.sh start up script. tcpserver -b 64 -c 64 -x/etc/tcp.smtp.cdb -g 82 -u 82 -t 600 0 smtp /var/qmail/bin/qmail-smtpd 2>&1 | /var/qmail/bin/splogger smtpd & Another question: If I need to block an email from my system, I need only to put the next line in /etc/tcp.smtp ? deny:$RBLSMTPD="email@email" thanks, Roberto Samarone Araujo
rblsmtpd and firewall
I turned on my firewall and I looked at my logs when I found this message: smtpd: 975401579.539737 tcpserver: fatal: unable to figure out port number for /usr/local/bin/rblsmtpd What's the port number and protocol(TCP or UDP) that rblsmtpd use ? thanks, Roberto Samarone Araujo
Qmail and rblsmtpd
Hi, When I set up Qmail without 'rblsmtpd' module and try to telnet to port 25, it repospond fastly but, after install 'rblsmtpd' module it suffered a big delay. I would like to know what can I do to qmail respond more fastly when 'rblsmtpd' is working. I put int my qmail.rc file the line : /usr/local/bin/tcpserver -b 64 -c 64 -x/etc/tcp.smtp.cdb -g 82 -u 82 -t 600 0 smtp /usr/local/bin/rblsmtpd /var/qmail/bin/qmail-smtpd 2>&1 | /var/qmail/bin/splogger smtpd & Roberto Samarone Araujo
Re: rblsmtpd - notification
On Thu, Dec 28, 2000 at 11:10:37AM +1100, [EMAIL PROTECTED] wrote: > question is: Is there anyway of notifying the person who sent the > mail to you through the open relay, with a generic message that > they were blocked. Say "Your message could not be processed by > our server." If anyone could help with this it would be much > appreciated. rblsmtpd either rejects the message permanently (5xx code) or temporarily (4xx code). Depending on the option you start rblsmtpd with and assuming a correctly working smtpd on the sending side, the user will either get a immediate failure notice on a 5xx code or a delayed one as soon as the retry interval (typically around a week) of the sending smtpd has expired. See http://cr.yp.to/ucspi-tcp/rblsmtpd.html> and especially the section on "Temporary errors" and the "-b -B" switches for more information. Note: a 4xx code is more "social" but may trigger bugs in some smtpds (e.g. Microsoft SMTP) causing them to hammer on your smtpd with retries. See: http://support.microsoft.com/support/kb/articles/Q224/9/83.ASP> \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research & Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
rblsmtpd and inetd
I'm getting a lot of errors like the following in my syslog: Feb 27 20:09:51 cyrix inetd[925]: pid 27274: exit status 1 which I suspect are coming from rblsmtpd. The problem is that I don't know how to redirect the stderr to a log file where I can see what the actual problem is. My inetd line is as follows: smtp stream tcp nowait qmaild /usr/sbin/tcpd \ /var/qmail/bin/tcp-env /usr/local/bin/rblsmtpd \ /var/qmail/bin/qmail-smtpd According to the rblsmtpd man page, the errors are being sent to stderr, but they're apparently not getting logged to syslog. What can I do? -- Todd A. Jacobs CodeGnome Consulting, LTD
Re: rblsmtpd logging
"John McCoy, Jr." <[EMAIL PROTECTED]> writes: > I noticed when I implemented rblsmtpd that several legitimate sites were > being blocked. They were mostly other .edu sites. Is there any way to create > a list of exceptions, hopefully with a wild card so I could allow all .edu > traffic to pass regardless? Or better yet can I get rblsmtpd to just tell me > which sites it has gotten matches on but not actually block the mail. So I > can then encourage sites that should be allowed in to improve their servers, > and make the web a better place for us all. I've already written a script to > pull out those who get blocked from the log file. That was how I discovered > I was blocking people who needed to send us email. I would be happy to share > it. Yes; set the environment variable RBLSMTPD to a null string ("") using tcpserver (in the cdb file; well, you put it in the source which is compiled into the cdb file): 209.98.94.1-8:allow,RBLSMTPD="" -- David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED] SF: http://www.dd-b.net/dd-b/ Minicon: http://www.mnstf.org/minicon/ Photos: http://dd-b.lighthunters.net/
Re: tcpserver rblsmtpd
On Wed, Mar 21, 2001 at 02:44:33PM -0800, Brad Dameron wrote: > > Anyone have a good example of using the tcpserver rblsmtpd with qmail? /usr/local/bin/tcpserver -x/var/qmail/tcp.smtp.cdb -R -v -u82 -g81 0 smtp \ /usr/local/bin/rblsmtpd -r 'relays.mail-abuse.org:Open relay problem - see http://www.mail-abuse.org/cgi-bin/nph-rss?query=%IP%>' \ -r dialups.mail-abuse.org -r blackholes.mail-abuse.org \ /var/qmail/bin/qmail-smtpd 2>&1 | /var/qmail/bin/splogger smtpd 2 & > Please let me know what the best way to use the rblsmtpd program is. Get the patch to use A records from www.qmail.org. It's called ucspi-rss.diff . Apply it and rebuild ucspi-tcp. Use the above command line (or something similar). Note that, for the relays.mail-abuse.org list (also known as the RSS), you *must* follow the host name with a colon and a text string, as above. The %IP% is replaced by the IP address of the listed host. > Thank you. You're welcome. Hope that's helpful. Tim
Re: tcpserver rblsmtpd
- Original Message - From: "Brad Dameron" <[EMAIL PROTECTED]> > Anyone have a good example of using the tcpserver rblsmtpd with qmail? > > I am currently using "/usr/local/bin/tcpserver -c 120 -D -x > /mail/etc/tcp.smtp.cdb -u 501 -g 500 0 smt > p /var/qmail/bin/qmail-smtpd 2>&1 | /var/qmail/bin/splogger smtpd 3 &" as my > start line in my rc.local file. I use a LWQ style - vpopmail enbabled supervised run script #!/bin/sh # Note: concurrencyincoming is a feature of this script. QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` exec /usr/local/bin/softlimit -m 400 \ tcpserver -v -p -x /home/vpopmail/etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \ /usr/local/bin/rblsmtpd \ -r relays.orbs.org \ -r rbl.maps.vix.com \ -r blackholes.mail-abuse.org \ -r dialups.mail-abuse.org \ -r 'relays.mail-abuse.org:Open relay problem - see http://www.mail-abuse.org/cgi-bin/nph-rss?%IP%>' \ qmail-smtpd 2>&1 Hope this helps Rick Up
rblsmtpd and 'tagging' emails
Hi Folks, Is there any way to use rblsmtpd to simply set a header in qmail, rather than bouncing emails? Thanks, Lance
Re: ucspi / rblsmtpd docs?
On Mon, Jul 03, 2000 at 12:51:48PM -0400, Paul Farber wrote: > Hello all > > Got the latest verion of ucspi (.88) that is said to incorporate the older > rblsmtpd program from djb > > Are the old rblsmtpd docs still valid??? The tcpserver man page DOES list > rblsmtpd under 'see also', but rblsmtpd is not part of ucspi.. Um, yeah it is. --Adam
Re: ucspi / rblsmtpd docs?
On Mon, Jul 03, 2000 at 12:51:48PM -0400, Paul Farber wrote: > Hello all > > Got the latest verion of ucspi (.88) that is said to incorporate the older > rblsmtpd program from djb > > Are the old rblsmtpd docs still valid??? The tcpserver man page DOES list > rblsmtpd under 'see also', but rblsmtpd is not part of ucspi.. and round > and round we go! > Assuming You mean the man-pages I did, sorry, I seem to forgot this one. In fact, there are missing the man-pages for addcr, delcr, mconnect-io an rblsmtpd. I will do them the next days. > So.... where are the docs??? Tcpserver or rblsmtpd > http://cr.yp.to/ucspi-tcp/rblsmtpd.html . Gerrit. -- [EMAIL PROTECTED] innominate AG networking people fon: +49.30.308806-0 fax: -77 web: http://innominate.de pgp: /pgp/gpa
Re: ucspi / rblsmtpd docs?
I got several tarballs of ucspi doc's (.87 and .88) yet none of them had any rblsmtpd man pages. anyone have a complete set? Paul Farber Farber Technology [EMAIL PROTECTED] Ph 570-628-5303 Fax 570-628-5545 On Mon, 3 Jul 2000, Adam McKenna wrote: > On Mon, Jul 03, 2000 at 12:51:48PM -0400, Paul Farber wrote: > > Hello all > > > > Got the latest verion of ucspi (.88) that is said to incorporate the older > > rblsmtpd program from djb.... > > > > Are the old rblsmtpd docs still valid??? The tcpserver man page DOES list > > rblsmtpd under 'see also', but rblsmtpd is not part of ucspi.. > > Um, yeah it is. > > --Adam >
rblsmtpd and not bouncing
I would like to offer an option similar to pobox.com's [spam: 84%] "Subject:" munging for incoming messages from RBL or RSS listed sites. Instead of actually bouncing the message as RBLSMTPD does, allow the message but add [spam - rbl] or [spam - rss] or the like to the Subject: field of the messages in question. I'm wondering if anyone else has done this before I go making a completely modified version of rblsmtpd to do so.
using RBLSMTPD env var
I was just denying all Yesmail connections in my tcp.smtp.cdb file. After watching the thread today on blocking mail, I wanted to use the RBLSMTPD var instead. Like so: # Yesmail.com 63.88.133.:allow,RBLSMTPD="-Yesmail email is not wanted here" 63.89.82.:allow,RBLSMTPD="-Yesmail email is not wanted here" 63.238.242-243.:allow,RBLSMTPD="-Yesmail email is not wanted here" 63.79.151.:allow,RBLSMTPD="-Yesmail email is not wanted here" 207.154.137.:allow,RBLSMTPD="-Yesmail email is not wanted here" 207.154.208.:allow,RBLSMTPD="-Yesmail email is not wanted here" 208.44.19.:allow,RBLSMTPD="-Yesmail email is not wanted here" 216.80.61.240-255:allow,RBLSMTPD="-Yesmail email is not wanted here" 216.229.132.128-143:allow,RBLSMTPD="-Yesmail email is not wanted here" 64.208.162.128-143:allow,RBLSMTPD="-Yesmail email is not wanted here" 216.52.151.64-95:allow,RBLSMTPD="-Yesmail email is not wanted here" Just for fun, I added one of my own IPs to the list as a test. The test failed. :-( host:~{503} $ telnet mail.vcnet.com 25 Trying 209.239.239.15... Connected to mail.vcnet.com. Escape character is '^]'. 220 rblsmtpd.local Connection closed by foreign host. host:~{504} $ I thought it was supposed to spit out the contents of RBLSMTPD? And no 553 either. What did I miss? (I tried with both a space after the hyphen and without.) jon
Re: build-rblsmtpd error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2 Aug 00, at 14:08, Neil D. Roberts wrote: > make > make[1]: Entering directory `/tmp/rblsmtpd/rblsmtpd-0.70´ [snip] > ./compile rblsmtpd.c > make[1]: execvp: ./compile: Permission Denied [snip] > I don´t know if anyone has come across this problem before, or if I > have missed a step. Any ideas ? Two possibilities: 1. The source package is broken and "compile" is not marked as executable. 2. Your /tmp directory is mounted as "noexec". -BEGIN PGP SIGNATURE- Version: PGP 6.0.2 -- QDPGP 2.60 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBOYgEulMwP8g7qbw/EQKEPgCgu16heeXY1O0bU1mRJ8UmU6dfzJIAniDc ZrxwEuh4JtgHc4qMUtqUmZ1i =jd5l -END PGP SIGNATURE-
Re: build-rblsmtpd error
On Wed, Aug 02, 2000 at 02:08:48PM +0200, Neil D. Roberts wrote: > Hi ! > > Running Debian, I done the "build-rblsmtpd" which debian implements in a > DEB rblsmtpd-source package. The only problem is that the > "build-rblsmtpd" part exits with a rather nice error. These are the > lines it does : > > Press ENTER to continue... > make > make[1]: Entering directory `/tmp/rblsmtpd/rblsmtpd-0.70´ > nroff -man rblsmtpd.8 > rblsmtpd.0 > nroff -man antirbl.8 > antirbl.0 > ./compile rblsmtpd.c > make[1]: execvp: ./compile: Permission Denied > make[1]: *** [rblsmtpd.o] Error 127 > make[1]: Leaving directory `/tmp/rblsmtpd/rblsmtpd-0.70´ > make: *** [build] Error 2 > > I don´t know if anyone has come across this problem before, or if I have > missed a step. Any ideas ? > You have wrong permissions on ./compile, execution not allowed. rblsmtpd is now include in ucspi-tcp-0.88 . You should use this version and build from source. Gerrit. -- [EMAIL PROTECTED] innominate AG networking people tel: +49.30.308806-0 fax: -77 web: http://innominate.de pgp: /pgp/gpa
rblsmtpd and relays.mail-abuse.org
While checking out a spam I received this morning I noticed that rblcheck finds it in the RSS. Hrmf. I run rblsmtpd so I'm not clear on how it got through: /usr/local/bin/rblsmtpd -b -t10\ -r rbl.maps.vix.com \ -r dul.maps.vix.com \ -r relays.mail-abuse.org According to the RSS it was added yesterday at 1700 PDT. The address is 133.5.173.200 if you want to test for yourself. I vaguely remember someone mentioning a patch for rblsmtpd, but not a whole lot of discussion on why it's not working anymore. Anyone got the low-down? Anyone tried the patch? Thanks, jon