RE: tcpserver problems? or is it qmail? or BOTH! Help?
> -Original Message- > From: Charles Cazabon [mailto:[EMAIL PROTECTED]] > Sent: Saturday, August 04, 2001 6:26 PM > Despite the smiley, that first paragraph sounds supiciously insulting. > And why are you trying to turn this into a dicksize war? Oh, Charles...I'm feeling impetuous. Please believe me, it wasn't an insult and I'm not into dicksize wars...Just got carried away. Sorry. I just took slight offense with you stating your email stats. We're all busy, eh? > > Big question: if you don't want the box to receive mail over the > network, why run an SMTP daemon in the first place? > > Oh, I see -- later on, you state you _do_ want it to receive mail over > the network. U, not precisely. I don't want outside world mail coming in. I simply want to relay internal traffic out. With the exception of me and the guy who is *supposed* to be sysadmin'ing this box, no one inside on the LAN has an account on the box. > I think you've made things much more complex than necessary. There is > lots of documentation on selective relaying with qmail and tcpserver. Charles, in all seriousness, no BS'ing, no being snide, anything, I am a newbie. A very new newbie to qmail and linux. When the consultant hired to do all this work bailed, I got tagged for the job. I read a ton of stuff on the web. I joined this list. I couldn't get selective relaying to work. Period. So the advice, I think from Robin, was to reinstall and follow the LWQ directions to a T - which I did with the exceptions of installing daemontools. The daemontools that I installed are 0.76 and not 0.70 as in the LWQ doc. Still could not get selective relaying to go. I was frantic and guessing. Thought maybe it was a DNS problem but when I brought that to the list and DNS got ruled out. Long story short: If Lukas Beeler hadn't told me to do a command I have NEVER in 6 years of working with SCO UNIX used or even knew existed and you hadn't explained to me about xinetd and wrappers I would still be begging for assistance. So yes, there are good docs on the web. But none that I was able to find addressed the possibility that if you screwed up your run file either a) xinetd might take over (because someone before you had tinkered with it) and make qmail mail an open relay or b) smtp would not run as a daemon at all. And not knowing sh*t about what I was really doing on a new OS with a new product I really think that maybe there is a bit of a gap in documentation - unless I really balled up and missed it somewhere. I was doing everything the docs and faqs had told me to do but selective relaying didn't work. Maybe I missed it when I didn't read the testing docs?? That's my two cents worth. I think maybe I should stop wasting everyone's time and bandwidth and call this closed unless someone wants to do rebuttal. Thanks, Scott
Re: tcpserver problems? or is it qmail? or BOTH! Help?
Scott Zielsdorf <[EMAIL PROTECTED]> wrote: > > Please don't cc: me on your list messages [...] > > While learning anything necessarily about linux or qmail from > you may be dubious, I will definitely learn perfection :) > > My humblest apologies that I failed to remove your personal > address. But only a 1000 a day? Really? Despite the smiley, that first paragraph sounds supiciously insulting. And why are you trying to turn this into a dicksize war? > > > 7. I put a blank rcpthosts file in the /var/qmail/control directory. > > > > Bad. Bad. Bad. Go directly to jail, do not pass Go, do not collect > > $200. > > And this is bad, bad, bad because why? I don't want any traffic > coming back to the box. It does not have an MX record for the > domain and I don't want it to. Big question: if you don't want the box to receive mail over the network, why run an SMTP daemon in the first place? Oh, I see -- later on, you state you _do_ want it to receive mail over the network. [...] > I have closed the open relay state - which is the only state I could > run qmail in and get it to relay when I started posting to this group > seeking the accumulated wisdom of the 'umma'. Now, I have accepted the > orthodoxy of the priests of tcpserver, vanquished the satanic xinetd, > and can selective relay! Hallelujah I think you've made things much more complex than necessary. There is lots of documentation on selective relaying with qmail and tcpserver. > I think the problem with the run script may be that I was subbing > "zero" for "oh" or vice versa in the command line. My telnet > client and my eyes don't work so well differentiating between the > two. Yes, this will bite you. Charles -- --- Charles Cazabon<[EMAIL PROTECTED]> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ ---
RE: tcpserver problems? or is it qmail? or BOTH! Help?
Gadzooks In my previous reply to Charles Cazabon I was IMPRECISE. My rcpthosts file is NOT blank, it has localhost in it. Just wanted to clear that up before Charles could retort :) Scott Zielsdorf Senior Technical Support Consultant Computer Instruments 9901 W. 87th St. Overland Park, KS 66212 (913) 492-1888 ext. 402 [EMAIL PROTECTED]
RE: tcpserver problems? or is it qmail? or BOTH! Help?
> -Original Message- > From: Charles Cazabon [mailto:[EMAIL PROTECTED]] > Sent: Saturday, August 04, 2001 1:52 PM > First of all, I'm on the list, and I set Mail-Followup-To: > appropriately. Please don't cc: me on your list messages; I hate > duplicates and get 500-1000 messages a day already. While learning anything necessarily about linux or qmail from you may be dubious, I will definitely learn perfection :) My humblest apologies that I failed to remove your personal address. But only a 1000 a day? Really? Damn. Can I swap email accounts with you? I've got you beat by at least 600. Automated reports from a half dozen RS6000's plus the 14 UNIXWARE boxes sucking data from the RS6000's plus email from their associated staffs plus all the 25 or 30 messages I get from this list plus... well, like you, I am extremely put upon. How do gods like us do it? > > 7. I put a blank rcpthosts file in the /var/qmail/control directory. > > Bad. Bad. Bad. Go directly to jail, do not pass Go, do not collect > $200. And this is bad, bad, bad because why? I don't want any traffic coming back to the box. It does not have an MX record for the domain and I don't want it to. > > > 8. I checked the /etc/tcp.smtp file and made sure I had my IP > >addresses set in the rules the way I wanted them. > [...] > > 10. Tested by sending a message from the allowable IP range > - success. > > Tested by sending a message from an outside IP range - failure. > > Define "failure" -- no connection, or no relay? Failure from an outside domain/IP address to relay. > > 11. Happiness > > Except that you're either: > > 1) An open relay, or > 2) Not accepting any mail from outside your local network You got it big guy. I have closed the open relay state - which is the only state I could run qmail in and get it to relay when I started posting to this group seeking the accumulated wisdom of the 'umma'. Now, I have accepted the orthodoxy of the priests of tcpserver, vanquished the satanic xinetd, and can selective relay! Hallelujah I only want this box to accept internal traffic and relay internal traffic outbound. After 4 or 5 days of vexing frustration, I have accomplished what someone else set out to do and I had to take over, learned Linux by crash course and, quite spectacularly, proved myself a fool. All in all, a good week. I think the problem with the run script may be that I was subbing "zero" for "oh" or vice versa in the command line. My telnet client and my eyes don't work so well differentiating between the two. Thanks, Scott
Re: tcpserver problems? or is it qmail? or BOTH! Help?
First of all, I'm on the list, and I set Mail-Followup-To: appropriately. Please don't cc: me on your list messages; I hate duplicates and get 500-1000 messages a day already. Scott Zielsdorf <[EMAIL PROTECTED]> wrote: > > > > It's "setuidgid", not "setguidgid". > > Yeah, people keep telling me that *I* spelled it wrong but after an hour > and a half of looking at EVERY script I had edited, "setuidgid" or > "setguidgid" was no where to be found in any text file. Hmmm. > 7. I put a blank rcpthosts file in the /var/qmail/control directory. Bad. Bad. Bad. Go directly to jail, do not pass Go, do not collect $200. > 8. I checked the /etc/tcp.smtp file and made sure I had my IP >addresses set in the rules the way I wanted them. [...] > 10. Tested by sending a message from the allowable IP range - success. > Tested by sending a message from an outside IP range - failure. Define "failure" -- no connection, or no relay? > 11. Happiness Except that you're either: 1) An open relay, or 2) Not accepting any mail from outside your local network Charles -- --- Charles Cazabon<[EMAIL PROTECTED]> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ ---
RE: tcpserver problems? or is it qmail? or BOTH! Help?
-Original Message- > From: Charles Cazabon [mailto:[EMAIL PROTECTED]] > > So did I 'fat finger' setguidid somewhere in a script or did my > daemontools > > install fail and I just didn't realize it? Or is there another problem? > > It's "setuidgid", not "setguidgid". Yeah, people keep telling me that *I* spelled it wrong but after an hour and a half of looking at EVERY script I had edited, "setuidgid" or "setguidgid" was no where to be found in any text file. Turns out I didn't fat finger anywhere. I tracked the problem to the /service/qmail-smtp/run script. I haven't isolated the problem in the script yet but I must have mis-set a flag, misplaced a line break or something. I gave up after a couple of hours on trying to diagnose my faux paux. Here's what I did to get tcpserver to run: 1. I removed the smtp file from the xinetd.d directory which was invoking tcpwrappers through xinetd and HUP'd xinetd. (BTW, simply removing the smtp file and rebooting...and yeah...I know, didn't have to reboot, could have HUP'd, etc did NOT allow tcpserver to "run free". I was still getting the errors about "setguidgid" not being found in the readproctitle log. It was only after replacing the run file with the one from the LWQ install docs that I was able to eliminate the the readproctitle errors.) 2. I stopped qmail. 3. I went back to the LWQ /service/qmail-smtpd/run script and put it into play. (I was using a script sent to me by Robin but I had modified it - hence, my fault not his) 4. I started qmail. 5. I ran `ps auxwf | grep readp` and saw there were no readproctitle errors. 6. I ran `netstat -lp | grep smtp` and saw that tcpserver was the daemon. (Previous invocations of the command either showed that xinetd was running smtp or that NO smtp was running. 7. I put a blank rcpthosts file in the /var/qmail/control directory. 8. I checked the /etc/tcp.smtp file and made sure I had my IP addresses set in the rules the way I wanted them. 9. Restarted qmail. 10. Tested by sending a message from the allowable IP range - success. Tested by sending a message from an outside IP range - failure. 11. Happiness Again, my thanks to you and Lukas for pointing me in the right direction. I'm not enough of a linux wizard yet (going on 5 days now, woohoo!) to know how to delete xinetd. Hell, I didn't even know what xinetd was. Scott Zielsdorf Senior Technical Support Consultant Computer Instruments IVR Solutions Support Group Voice: 913.492.1888 x8862 Fax: 913.492.1483
Re: tcpserver problems? or is it qmail? or BOTH! Help? (fwd)
Charlie Chrisman <[EMAIL PROTECTED]> wrote: > How do you get tcpserver to run the qmail-smtpd daemon? When I run it > as in the faq, it runs and I see the process running, but it doesn't > accept connections. I then changed it to use inetd using tcp-env and > qmail-smtpd accepts connections. Could someone get me starting in the > right direction? Not without some real information. Post the script you use to start tcpserver/qmail-smtpd, along with copies of any tcprules files. The output of qmail-showctl is always good too. Chances are this is FAQ #1. But you didn't even clarify the problem; "doesn't accept connections"? Describe exactly what you did, what you expected to happen, and what did happen. Charles -- --- Charles Cazabon<[EMAIL PROTECTED]> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ ---
Re: tcpserver problems? or is it qmail? or BOTH! Help? (fwd)
Please quote properly; your original text was after a sig delimiter, and you had no attribution for my text. I wrote: > > There are precisely zero advantages to using inetd/xinetd in this > > manner, and several disadvantages (when compared to a simple > > tcpserver installation). [EMAIL PROTECTED] wrote: > What are the disadvantages of using xinetd? Security and concurrency limits, mostly. But it's not qmail, and doesn't belong on this list. Charles -- --- Charles Cazabon<[EMAIL PROTECTED]> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ ---
Re: tcpserver problems? or is it qmail? or BOTH! Help?
Scott Zielsdorf <[EMAIL PROTECTED]> wrote: > > My thanks to Lukas Beeler who asked me to run 'ps auxf' and behold! > I found errors coming from readproctile telling me it couldn't find > /usr/local/bin/setguidid. [...] > So did I 'fat finger' setguidid somewhere in a script or did my daemontools > install fail and I just didn't realize it? Or is there another problem? It's "setuidgid", not "setguidgid". > So aside from me telling the Canadian guy how to use xinetd to *maybe* > get around his problem (I hadn't considered a fire wall issue)instead > of tcpserver, can you give me some guidance into where to look to > solve this? Sorry; I delete inetd/xinetd from all the boxes I administer and can offer you no advice other than "use tcpserver instead". Charles -- --- Charles Cazabon<[EMAIL PROTECTED]> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ ---
RE: tcpserver problems? or is it qmail? or BOTH! Help? (fwd)
How do you get tcpserver to run the qmail-smtpd daemon? When I run it as in the faq, it runs and I see the process running, but it doesn't accept connections. I then changed it to use inetd using tcp-env and qmail-smtpd accepts connections. Could someone get me starting in the right direction? Charlie Chrisman -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Saturday, August 04, 2001 6:04 AM To: [EMAIL PROTECTED] Subject: Re: tcpserver problems? or is it qmail? or BOTH! Help? (fwd) Possibly the reason you were "blasted" is that this is incorrect. You _cannot_ make inetd or xinetd use tcpserver. Your xinetd script doesn't use tcpserver; it uses tcp-env. tcp-env was originally designed to allow you to do tcpserver-like operations from inetd, but is now deprecated. There are precisely zero advantages to using inetd/xinetd in this manner, and several disadvantages (when compared to a simple tcpserver installation). Charles -- What are the disadvantages of using xinetd? Rob...
Re: tcpserver problems? or is it qmail? or BOTH! Help? (fwd)
Possibly the reason you were "blasted" is that this is incorrect. You _cannot_ make inetd or xinetd use tcpserver. Your xinetd script doesn't use tcpserver; it uses tcp-env. tcp-env was originally designed to allow you to do tcpserver-like operations from inetd, but is now deprecated. There are precisely zero advantages to using inetd/xinetd in this manner, and several disadvantages (when compared to a simple tcpserver installation). Charles -- What are the disadvantages of using xinetd? Rob...
RE: tcpserver problems? or is it qmail? or BOTH! Help?
> -Original Message- > From: Charles Cazabon [mailto:[EMAIL PROTECTED]] > Subject: Re: tcpserver problems? or is it qmail? or BOTH! Help? > > Possibly the reason you were "blasted" is that this is incorrect. LOL...You think? > You_cannot_ make inetd or xinetd use tcpserver. Your xinetd script doesn't > use tcpserver; it uses tcp-env. tcp-env was originally designed to > allow you to do tcpserver-like operations from inetd, but is now > deprecated. There are precisely zero advantages to using inetd/xinetd > in this manner, and several disadvantages (when compared to a simple > tcpserver installation). My thanks to Lukas Beeler who asked me to run 'ps auxf' and behold! I found errors coming from readproctile telling me it couldn't find /usr/local/bin/setguidid. Here's the specific error message: root 686 0.8 0.0 1252 16 ?SAug02 14:19 \_ readproctitle service errors: ...xec: /usr/local/bin/setguidgid: cannot execute: No such file or directory?tcpserver: usage: tcpserver [ -1UXpPhHrRoOdDqQv ] [ -c limit ] [ - x rules.cdb ] [ -B banner ] [ -g gid ] [ -u uid ] [ -b backlog ] [ -l localname ] [ -t timeout ] host port program?./run: /usr/local/bin/setguidgid: No such fil e or directory?./run: exec: /usr/local/bin/setguidgid: cannot execute: No such f ile or directory? And, sure 'nuf, their ain't a setguidgid anywhere on the box. So did I 'fat finger' setguidid somewhere in a script or did my daemontools install fail and I just didn't realize it? Or is there another problem? Lukas also had me run 'netstat -lp | grep smtp' and, like there was a doubt , the owner came back as xinetd. So aside from me telling the Canadian guy how to use xinetd to *maybe* get around his problem (I hadn't considered a fire wall issue)instead of tcpserver, can you give me some guidance into where to look to solve this? Thanks Scott
Re: tcpserver problems? or is it qmail? or BOTH! Help?
Scott Zielsdorf <[EMAIL PROTECTED]> wrote: > > By searching on the keywords "xinetd" and "qmail" on the web I was able to > find a script that allowed xinetd to use tcpserver as its daemon and then > the relaying rules in /etc/tcp.smtp.cdb worked. [...] Possibly the reason you were "blasted" is that this is incorrect. You _cannot_ make inetd or xinetd use tcpserver. Your xinetd script doesn't use tcpserver; it uses tcp-env. tcp-env was originally designed to allow you to do tcpserver-like operations from inetd, but is now deprecated. There are precisely zero advantages to using inetd/xinetd in this manner, and several disadvantages (when compared to a simple tcpserver installation). Charles -- --- Charles Cazabon<[EMAIL PROTECTED]> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ ---