qmail II request
I know we've discussed this in the past and someone came up with a patch to do it, but I'd really like to see a control/badmailto in qmail II. The spammers have gleaned some nonexistant email addresses out of UseNet, they were parts of the message id. I'm getting around 10 or 20 double bounces a day from these two addresses, and in the past we've had other problems with nonexistant addresses that double bounce (or lusers that we've closed their accounts after they pissed off the world). Vince. -- == Vince Vielhaber -- KA8CSH email: [EMAIL PROTECTED] flame-mail: /dev/null # includeTEAM-OS2 Online Searchable Campground Listingshttp://www.camping-usa.com "There is no outfit less entitled to lecture me about bloat than the federal government" -- Tony Snow ==
Re: qmail II request
Hi Vince, Vince Vielhaber <[EMAIL PROTECTED]> wrote: > ...badmailto...I'm getting around 10 or 20 double bounces a day from > these two addresses, and in the past we've had other problems with > nonexistant addresses that double bounce... This isn't a detailed criticism--I'm not a mail admin of a large site, after all! However... Can't you already do what you want with existing qmail mechanisms? For example, suppose these spammers send mail to "[EMAIL PROTECTED]", which is not a valid address. One idea is to create the file ~alias/.qmail-whacko123 with the line: # Drop it right now! I'm pretty sure that solves your problem right there. If not, replace the comment with a command like "exit 99" and qmail should discard the mail and be satisfied. Since you indicate that a very small number of addresses cause this problem, the above suggestion doesn't seem like too much work. What do you think? Len. ~~~ Len Budney | Some people are suffering from the delusion Maya Design Group | that program modularity is incompatible [EMAIL PROTECTED]| with good performance. | -- Prof. Dan Bernstein ~~~
Re: qmail II request
On or about 03:24 PM 1/2/99 -0500, Len Budney was caught in a dark alley
speaking these words:
>Vince Vielhaber <[EMAIL PROTECTED]> wrote:
>
>> ...badmailto...I'm getting around 10 or 20 double bounces a day from
>> these two addresses, and in the past we've had other problems with
>> nonexistant addresses that double bounce...
>
>This isn't a detailed criticism--I'm not a mail admin of a large site,
>after all! However...
>
>Can't you already do what you want with existing qmail mechanisms? For
>example, suppose these spammers send mail to "[EMAIL PROTECTED]",
>which is not a valid address.
>
>One idea is to create the file ~alias/.qmail-whacko123 with the line:
> # Drop it right now!
[snip]
I didn't see Vince's original message, but I've received spam where in the
headers, it says "To: [EMAIL PROTECTED]"... maybe he means the To: header.
That would help me for sure.
Otherwise, remember: if you do your alias trick, qmail will accept the
message as delivered, then /dev/null it. With badmailto, I believe the
message would be rejected during the SMTP conversation and not delivered at
all.
Just a dummy's $0.02... ;-)
Roger "Merch" Merchberger
=
Roger "Merch" Merchberger -- [EMAIL PROTECTED]
SysAdmin - Iceberg Computers
= Merch's Wild Wisdom of the Moment: =
for (1..15) { print "Merry Christmas\n"; }
(from perl.1 man page, version 4.)
Re: qmail II request
On Sat, Jan 02, 1999 at 03:24:45PM -0500, Len Budney wrote: # Hi Vince, # # Vince Vielhaber <[EMAIL PROTECTED]> wrote: # # > ...badmailto...I'm getting around 10 or 20 double bounces a day from # > these two addresses, and in the past we've had other problems with # > nonexistant addresses that double bounce... # # This isn't a detailed criticism--I'm not a mail admin of a large site, # after all! However... # # Can't you already do what you want with existing qmail mechanisms? For # example, suppose these spammers send mail to "[EMAIL PROTECTED]", # which is not a valid address. # # One idea is to create the file ~alias/.qmail-whacko123 with the line: # # # Drop it right now! # # I'm pretty sure that solves your problem right there. If not, replace # the comment with a command like "exit 99" and qmail should discard the # mail and be satisfied. the point I see it as is to not accept the mail in the first place, so the processing power is wasted by the sender, if mail just keeps getting accepted and deleted then it will always keep coming in. If it is not accepted to begin with less resources are wasted by the local machine, and the address(es) may eventually be removed from the spam lists. -- /- [EMAIL PROTECTED] --- [EMAIL PROTECTED] -\ |Justin Bell NIC:JB3084| Time and rules are changing. | |Simon & Schuster A&AT | Attention span is quickening.| |Programmer | Welcome to the Information Age. | \ http://www.superlibrary.com/people/justin/ --/
Re: qmail II request
On 02-Jan-99 Justin Bell wrote: > On Sat, Jan 02, 1999 at 03:24:45PM -0500, Len Budney wrote: ># Hi Vince, ># ># Vince Vielhaber <[EMAIL PROTECTED]> wrote: ># ># > ...badmailto...I'm getting around 10 or 20 double bounces a day from ># > these two addresses, and in the past we've had other problems with ># > nonexistant addresses that double bounce... ># ># This isn't a detailed criticism--I'm not a mail admin of a large site, ># after all! However... ># ># Can't you already do what you want with existing qmail mechanisms? For ># example, suppose these spammers send mail to "[EMAIL PROTECTED]", ># which is not a valid address. ># ># One idea is to create the file ~alias/.qmail-whacko123 with the line: ># ># # Drop it right now! ># ># I'm pretty sure that solves your problem right there. If not, replace ># the comment with a command like "exit 99" and qmail should discard the ># mail and be satisfied. > > > the point I see it as is to not accept the mail in the first place, so the > processing power is wasted by the sender, if mail just keeps getting > accepted > and deleted then it will always keep coming in. If it is not accepted to > begin with less resources are wasted by the local machine, and the > address(es) may eventually be removed from the spam lists. > Exactly. I don't want to receive it in the first place. Also on rare occasions there may be a valid username, but I wouldn't want it to get mail (my database being one) via SMTP, but it would get it locally from cron or whatever so I can't dump all mail for it. In response to Roger's comment about the To: header, that's actually part of the data, not the RCPT TO: part of the conversation which is where I want to block it. I use Dan's 822 package to handle good ol' Friend@public Wonder if that stupid toner guy is one you're thinking of right now! Vince. -- == Vince Vielhaber -- KA8CSH email: [EMAIL PROTECTED] flame-mail: /dev/null # includeTEAM-OS2 Online Searchable Campground Listingshttp://www.camping-usa.com "There is no outfit less entitled to lecture me about bloat than the federal government" -- Tony Snow ==
Re: qmail II request
On Sat, 2 Jan 1999, Len Budney wrote: > Hi Vince, > > Vince Vielhaber <[EMAIL PROTECTED]> wrote: > > > ...badmailto...I'm getting around 10 or 20 double bounces a day from > > these two addresses, and in the past we've had other problems with > > nonexistant addresses that double bounce... > > This isn't a detailed criticism--I'm not a mail admin of a large site, > after all! However... > > Can't you already do what you want with existing qmail mechanisms? For > example, suppose these spammers send mail to "[EMAIL PROTECTED]", > which is not a valid address. > > One idea is to create the file ~alias/.qmail-whacko123 with the line: > > # Drop it right now! > > I'm pretty sure that solves your problem right there. If not, replace /var/qmail/badmailfrom matches against the SMTP "MAIL FROM", the envelope sender. Typical spam looks like this: Return-Path: <[EMAIL PROTECTED]> Delivered-To: [EMAIL PROTECTED] From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Make lots of money sdflsdf sdf sd sd f sdfsdf What you want is: /var/qmail/control/badmailheaderto which really doesn't buy you anything.
Re: qmail II request
>What you want is: >/var/qmail/control/badmailheaderto >which really doesn't buy you anything. What I would like, and I believe what he's asking for, is /var/qmail/control/badmailto which would list specific addresses in otherwise acceptable domains to which all mail should bounce instantly. They'd match against the "MAIL TO:" command, not anything in the body. I have a fist full of 100% spam-only addresses in my domains that were scraped ages ago, never were valid, and get spammed every day. I currently receive the spam and complain back to the IP sender, but it would be easier to bounce them directly. -- John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 387 6869 [EMAIL PROTECTED], Village Trustee and Sewer Commissioner, http://iecc.com/johnl, Member, Provisional board, Coalition Against Unsolicited Commercial E-mail
Re: qmail II request
On 03-Jan-99 02:21:08, John R. Levine wrote something about "Re: qmail II request". I just couldn't help replying to it, thus: > What I would like, and I believe what he's asking for, is > /var/qmail/control/badmailto which would list specific addresses in > otherwise acceptable domains to which all mail should bounce > instantly. They'd match against the "MAIL TO:" command, not > anything in the body. This feature is implemented by at least two of the spam patches with a control/badrcptto file. Regards, /¯¯T¯\ | Rask Ingemann Lambertsen | [EMAIL PROTECTED] | | Registered Phase5 developer | WWW: http://www.gbar.dtu.dk/~c948374/ | | A4000, 775 kkeys/s (RC5-64) | "ThrustMe" on XPilot and EFnet IRC | | Never underestimate the bandwidth of a CD-ROM flying through the lab. |
Re: qmail II request
On 03-Jan-99 Rask Ingemann Lambertsen wrote: > On 03-Jan-99 02:21:08, John R. Levine wrote something about "Re: qmail II > request". I just couldn't help replying to it, thus: > >> What I would like, and I believe what he's asking for, is >> /var/qmail/control/badmailto which would list specific addresses in >> otherwise acceptable domains to which all mail should bounce >> instantly. They'd match against the "MAIL TO:" command, not >> anything in the body. > >This feature is implemented by at least two of the spam patches with a > control/badrcptto file. Look at the subject, then remember the entire thread. I originally said that I know there are patches that do this and that this is a request for qmail II. I'd like to avoid having to add patches and if you give Dan good reason for adding something, it just may get added. Vince. -- == Vince Vielhaber -- KA8CSH email: [EMAIL PROTECTED] flame-mail: /dev/null # includeTEAM-OS2 Online Searchable Campground Listingshttp://www.camping-usa.com "There is no outfit less entitled to lecture me about bloat than the federal government" -- Tony Snow ==
Re: qmail II request
On 04-Jan-99 00:15:58, Vince Vielhaber wrote something about "Re: qmail II request". I just couldn't help replying to it, thus: > Look at the subject, then remember the entire thread. I originally said > that I know there are patches that do this and that this is a request for > qmail II. I'd like to avoid having to add patches and if you give Dan > good reason for adding something, it just may get added. Oops, I forgot that. Good luck. Regards, /¯¯T¯\ | Rask Ingemann Lambertsen | [EMAIL PROTECTED] | | Registered Phase5 developer | WWW: http://www.gbar.dtu.dk/~c948374/ | | A4000, 775 kkeys/s (RC5-64) | "ThrustMe" on XPilot and EFnet IRC | | Without C people would code in Basi, Pasal and Obol. |
Re: qmail II request
On Jan 03, Rask Ingemann Lambertsen wrote: > On 04-Jan-99 00:15:58, Vince Vielhaber wrote something about "Re: qmail II request". >I just couldn't help replying to it, thus: > > > Look at the subject, then remember the entire thread. I originally said > > that I know there are patches that do this and that this is a request for > > qmail II. I'd like to avoid having to add patches and if you give Dan > > good reason for adding something, it just may get added. > >Oops, I forgot that. Good luck. Hmm - ISTR Dan calling badmailfrom something along the lines of "a mistake that won't be repeated" so I don't think it's very likely. Matt. -- m: 0973 479515 "Don't put off for tomorrow what you can w: 0171-681 4026do today, because if you enjoy it today http://www.yoyo.org/you can do it again tomorrow."
Re: qmail II request
John R. Levine wrote: >>What you want is: >>/var/qmail/control/badmailheaderto >>which really doesn't buy you anything. > What I would like, and I believe what he's asking for, is > /var/qmail/control/badmailto which would list specific addresses in > otherwise acceptable domains to which all mail should bounce > instantly. They'd match against the "MAIL TO:" command, not > anything in the body. > I have a fist full of 100% spam-only addresses in my domains that were > scraped ages ago, never were valid, and get spammed every day. I > currently receive the spam and complain back to the IP sender, but it > would be easier to bounce them directly. What you and others have failed to realise in this thread is that although you may be receiving spams with the header "To: [EMAIL PROTECTED]" you *will not* be receiving the email into your system with a RCPT TO: <[EMAIL PROTECTED]> Others have pointed out the two differing and *unrelated* matching against rcpt smtp envelope addressing and the To: Headers. So, Either you match against the smtp envelope address (currently available by default because qmail controls where your local users mail is delivered to), or as suggested above you need a control/badmailheaderto type file. So, to conclude, just so there is no misunderstanding. You can't reject mail before accepting it just because it has a To: header commonly used by spammers. [Obviously, because to see the header you must have accepted the email]. And to give you a solution, if you really need one, is to have qmail pipe the email to a Maildir enabled procmail which can easily see common spammer headers. http://www.tibus.net/pgregg/projects/qmail/spamfilter/ Paul Gregg -- Email pgregg at tibus.net | Email pgregg at nyx.net| Eight out of every Technical Director| System Administrator | five people are math The Internet Business Ltd | Nyx Public Access Internet | illiterates. http://www.tibus.net | http://www.nyx.net | - Anon.
Re: qmail II request
On Sun, Jan 03, 1999 at 11:53:32PM +, Paul Gregg wrote: # John R. Levine wrote: # >>What you want is: # >>/var/qmail/control/badmailheaderto # >>which really doesn't buy you anything. # # > What I would like, and I believe what he's asking for, is # > /var/qmail/control/badmailto which would list specific addresses in # > otherwise acceptable domains to which all mail should bounce # > instantly. They'd match against the "MAIL TO:" command, not # > anything in the body. # # What you and others have failed to realise in this thread is that although # you may be receiving spams with the header "To: [EMAIL PROTECTED]" you # *will not* be receiving the email into your system with a # RCPT TO: <[EMAIL PROTECTED]> no, it is you who have failed to see that when he said Mail to: he meant rcpt to:
Re: qmail II request
On Sun, Jan 03, 1999 at 06:58:39PM -0500, Justin Bell wrote: > On Sun, Jan 03, 1999 at 11:53:32PM +, Paul Gregg wrote: > # John R. Levine wrote: > # >>What you want is: > # >>/var/qmail/control/badmailheaderto > # >>which really doesn't buy you anything. > # > # > What I would like, and I believe what he's asking for, is > # > /var/qmail/control/badmailto which would list specific addresses in > # > otherwise acceptable domains to which all mail should bounce > # > instantly. They'd match against the "MAIL TO:" command, not > # > anything in the body. > # > # What you and others have failed to realise in this thread is that although > # you may be receiving spams with the header "To: [EMAIL PROTECTED]" you > # *will not* be receiving the email into your system with a > # RCPT TO: <[EMAIL PROTECTED]> > > no, it is you who have failed to see that when he said Mail to: he meant rcpt > to: Errrm.. that's what he's saying. Greetz, Peter. -- AND I AM GONNA KILL MIKE| Peter van Dijk hardbeat, als je nog nuchter bent: | [EMAIL PROTECTED] @date = localtime(time); | realtime security d00d $date[5] += 2000 if ($date[5] < 37); | $date[5] += 1900 if ($date[5] < 99); |-x- I love Rhona -x-
Re: qmail II request
In article <[EMAIL PROTECTED]> you wrote: > On Sun, Jan 03, 1999 at 11:53:32PM +, Paul Gregg wrote: > # John R. Levine wrote: > # >>What you want is: > # >>/var/qmail/control/badmailheaderto > # >>which really doesn't buy you anything. > # > # > What I would like, and I believe what he's asking for, is > # > /var/qmail/control/badmailto which would list specific addresses in > # > otherwise acceptable domains to which all mail should bounce > # > instantly. They'd match against the "MAIL TO:" command, not > # > anything in the body. > # > # What you and others have failed to realise in this thread is that although > # you may be receiving spams with the header "To: [EMAIL PROTECTED]" you > # *will not* be receiving the email into your system with a > # RCPT TO: <[EMAIL PROTECTED]> > no, it is you who have failed to see that when he said Mail to: he meant rcpt > to: Err, no. Read it again. I assumed he ment RCPT TO: when he said MAIL TO:. All my points are valid and correct. Paul. -- Email pgregg at tibus.net | Email pgregg at nyx.net| Eight out of every Technical Director| System Administrator | five people are math The Internet Business Ltd | Nyx Public Access Internet | illiterates. http://www.tibus.net | http://www.nyx.net | - Anon.
Re: qmail II request
On 04-Jan-99 Paul Gregg wrote: >> # >>What you want is: >> # >>/var/qmail/control/badmailheaderto >> # >>which really doesn't buy you anything. >> # >> # > What I would like, and I believe what he's asking for, is >> # > /var/qmail/control/badmailto which would list specific addresses in >> # > otherwise acceptable domains to which all mail should bounce >> # > instantly. They'd match against the "MAIL TO:" command, not >> # > anything in the body. >> # >> # What you and others have failed to realise in this thread is that >> # although >> # you may be receiving spams with the header "To: [EMAIL PROTECTED]" you >> # *will not* be receiving the email into your system with a >> # RCPT TO: <[EMAIL PROTECTED]> > >> no, it is you who have failed to see that when he said Mail to: he meant >> rcpt >> to: > > Err, no. Read it again. I assumed he ment RCPT TO: when he said MAIL TO:. > All my points are valid and correct. > Your points may be valid and correct, but you only echoed what was originally stated anyway. The "To: [EMAIL PROTECTED]" IS part of the body, not the RCPT TO: The [EMAIL PROTECTED] stuff started when someone else said they'd like to bounce that too, but I just answered that. Since I started this thread I can tell you without question what it's about and [EMAIL PROTECTED] isn't any part of it. I want to reject mail being sent to certain valid usernames, such as my database. I'd also like to bounce some mail to nonvalid usernames without accepting and bouncing afterward since they only double bounce anyway. The problem with accepting and trashing the messages is that if mail is sent to the database (ferinstance) I'd have to filter out what is junk mail and what's valid - like cron results. Vince. -- == Vince Vielhaber -- KA8CSH email: [EMAIL PROTECTED] flame-mail: /dev/null # includeTEAM-OS2 Online Searchable Campground Listingshttp://www.camping-usa.com "There is no outfit less entitled to lecture me about bloat than the federal government" -- Tony Snow ==
Re: qmail II request
In article <[EMAIL PROTECTED]> you wrote: > Your points may be valid and correct, but you only echoed what was originally > stated anyway. The "To: [EMAIL PROTECTED]" IS part of the body, not the RCPT > TO: The [EMAIL PROTECTED] stuff started when someone else said they'd like > to bounce that too, but I just answered that. I echoed what others had said, yes. But I had to pull it all together because people were not grasping what was actually going on. > Since I started this thread I can tell you without question what it's about > and [EMAIL PROTECTED] isn't any part of it. I want to reject mail being > sent to certain valid usernames, such as my database. I'd also like to bounce > some mail to nonvalid usernames without accepting and bouncing afterward since > they only double bounce anyway. To do this, then it requires qmail-smtpd to know everything that qmail-send does. It requires a major rethink and rewriting of the qmail system. We'll have to see what dbj comes up with for Qmail-II - we know that many of us would like to see such a feature. > The problem with accepting and trashing the messages is that if mail is sent > to the database (ferinstance) I'd have to filter out what is junk mail and > what's valid - like cron results. If you are in control of the local delivery then you already can control who sends mail to your database. Why can't you use procmail? Paul. -- Email pgregg at tibus.net | Email pgregg at nyx.net| Eight out of every Technical Director| System Administrator | five people are math The Internet Business Ltd | Nyx Public Access Internet | illiterates. http://www.tibus.net | http://www.nyx.net | - Anon.
Re: qmail II request
On Mon, Jan 04, 1999 at 12:39:33AM +, Paul Gregg wrote: # In article <[EMAIL PROTECTED]> you wrote: # # > Your points may be valid and correct, but you only echoed what was originally # > stated anyway. The "To: [EMAIL PROTECTED]" IS part of the body, not the RCPT # > TO: The [EMAIL PROTECTED] stuff started when someone else said they'd like # > to bounce that too, but I just answered that. # # I echoed what others had said, yes. But I had to pull it all together because # people were not grasping what was actually going on. # # > Since I started this thread I can tell you without question what it's about # > and [EMAIL PROTECTED] isn't any part of it. I want to reject mail being # > sent to certain valid usernames, such as my database. I'd also like to bounce # > some mail to nonvalid usernames without accepting and bouncing afterward since # > they only double bounce anyway. # # To do this, then it requires qmail-smtpd to know everything that qmail-send # does. It requires a major rethink and rewriting of the qmail system. # We'll have to see what dbj comes up with for Qmail-II - we know that many of # us would like to see such a feature. no, it wouldnt invalid usernames would be dfined in a file, and would then be not accepted admin defined user named # > The problem with accepting and trashing the messages is that if mail is sent # > to the database (ferinstance) I'd have to filter out what is junk mail and # > what's valid - like cron results. # # If you are in control of the local delivery then you already can control # who sends mail to your database. Why can't you use procmail? not every machine has procmail, or wants to run procmail -- /- [EMAIL PROTECTED] --- [EMAIL PROTECTED] -\ |Justin Bell NIC:JB3084| Time and rules are changing. | |Simon & Schuster A&AT | Attention span is quickening.| |Programmer | Welcome to the Information Age. | \ http://www.superlibrary.com/people/justin/ --/
Re: qmail II request
>> Since I started this thread I can tell you without question what it's about >> and [EMAIL PROTECTED] isn't any part of it. I want to reject mail being >> sent to certain valid usernames, such as my database. I'd also like to bounce >> some mail to nonvalid usernames without accepting and bouncing afterward since >> they only double bounce anyway. > >To do this, then it requires qmail-smtpd to know everything that qmail-send >does. It requires a major rethink and rewriting of the qmail system. >We'll have to see what dbj comes up with for Qmail-II - we know that many of >us would like to see such a feature. Well, there is a simpler way... Why not create a virtual domain (or another locals) that isn't in rcpthosts? Eg: echo internalonly.mydomain.com >>locals Then have your scripts mail to [EMAIL PROTECTED] Virtualdomains is slightly harder, but not by much. Regards.
Re: qmail II request
On 04-Jan-99 Paul Gregg wrote: >> Since I started this thread I can tell you without question what it's >> about >> and [EMAIL PROTECTED] isn't any part of it. I want to reject mail being >> sent to certain valid usernames, such as my database. I'd also like to >> bounce >> some mail to nonvalid usernames without accepting and bouncing afterward >> since >> they only double bounce anyway. > > To do this, then it requires qmail-smtpd to know everything that qmail-send > does. It requires a major rethink and rewriting of the qmail system. > We'll have to see what dbj comes up with for Qmail-II - we know that many > of > us would like to see such a feature. It's not that far off of badmailfrom. The to and the from happen in the same conversation before the data begins. > >> The problem with accepting and trashing the messages is that if mail is >> sent >> to the database (ferinstance) I'd have to filter out what is junk mail and >> what's valid - like cron results. > > If you are in control of the local delivery then you already can control > who sends mail to your database. Why can't you use procmail? > Why should I accept it at all? And why should I use procmail to control it? I can install a patch too, but that's not what this thread is about. Reread the subject. Vince. -- == Vince Vielhaber -- KA8CSH email: [EMAIL PROTECTED] flame-mail: /dev/null # includeTEAM-OS2 Online Searchable Campground Listingshttp://www.camping-usa.com "There is no outfit less entitled to lecture me about bloat than the federal government" -- Tony Snow ==
Re: qmail II request
Mark Delany <[EMAIL PROTECTED]> writes: > Well, there is a simpler way... Why not create a virtual domain (or > another locals) that isn't in rcpthosts? > Eg: > echo internalonly.mydomain.com >>locals > Then have your scripts mail to [EMAIL PROTECTED] > Virtualdomains is slightly harder, but not by much. Somewhere down the road, I think someone mentioned that one of the problems was cron mail. cron mail is going to go just to the username, no domain qualification. -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/>
Re: qmail II request
On 04-Jan-99 Mark Delany wrote: > Why not create a virtual domain (or another locals) that isn't in > rcpthosts? > > Eg: > > echo internalonly.mydomain.com >>locals > > Then have your scripts mail to [EMAIL PROTECTED] > > Virtualdomains is slightly harder, but not by much. > > Because I'm not looking for a solution, I'm making a request for qmail II. Vince. -- == Vince Vielhaber -- KA8CSH email: [EMAIL PROTECTED] flame-mail: /dev/null # includeTEAM-OS2 Online Searchable Campground Listingshttp://www.camping-usa.com "There is no outfit less entitled to lecture me about bloat than the federal government" -- Tony Snow ==
Re: qmail II request
>> Since I started this thread I can tell you without question what it's about >> and [EMAIL PROTECTED] isn't any part of it. I want to reject mail being >> sent to certain valid usernames, such as my database. I'd also like to bounce >> some mail to nonvalid usernames without accepting and bouncing afterward since >> they only double bounce anyway. Me too. As people pointed out, I meant RCPT TO not MAIL TO. >To do this, then it requires qmail-smtpd to know everything that qmail-send >does. It requires a major rethink and rewriting of the qmail system. Interesting theory, but hard to believe. All I want is a place to put a list of addresses that won't be accepted as RCPT TO arguments even if the domain is otherwise acceptable. Note that there's no new linkage here to anything other than perhaps a file in which the names are listed. >If you are in control of the local delivery then you already can control >who sends mail to your database. Why can't you use procmail? As has been noted many times, rejecting mail at the SMTP level saves processing and makes it more likely that the sender will notice that it was rejected. I'll dig up the patch that does this and try it out. Given that the badmailfrom code already exists, it shouldn't be very big. -- John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 387 6869 [EMAIL PROTECTED], Village Trustee and Sewer Commissioner, http://iecc.com/johnl, Member, Provisional board, Coalition Against Unsolicited Commercial E-mail
Re: qmail II request
In article <[EMAIL PROTECTED]> you wrote: >>> Since I started this thread I can tell you without question what it's about >>> and [EMAIL PROTECTED] isn't any part of it. I want to reject mail being >>> sent to certain valid usernames, such as my database. I'd also like to bounce >>> some mail to nonvalid usernames without accepting and bouncing afterward since >>> they only double bounce anyway. >>To do this, then it requires qmail-smtpd to know everything that qmail-send >>does. It requires a major rethink and rewriting of the qmail system. > Interesting theory, but hard to believe. All I want is a place to put > a list of addresses that won't be accepted as RCPT TO arguments even > if the domain is otherwise acceptable. Note that there's no new > linkage here to anything other than perhaps a file in which the names > are listed. There was two issues above. 1) reject mail being sent to valid usernames and 2) bounce mail sent to non-valid usernames without accepting the message. As you note, 1) Is "easy" to patch in. 2) Is non-trivial. >>If you are in control of the local delivery then you already can control >>who sends mail to your database. Why can't you use procmail? > As has been noted many times, rejecting mail at the SMTP level saves > processing and makes it more likely that the sender will notice that it > was rejected. True, but since when has processing be a major issue in a qmail box? And if the sender is a valid user then qmail will make sure he gets an error message. > I'll dig up the patch that does this and try it out. Given that the > badmailfrom code already exists, it shouldn't be very big. Yes, but this is only going to resolve "1" above. I noted to the thread poster that he can use procmail to ensure that only his system can email his database; and Mark pointed out that he can leave the domain out of rcpthosts which will prevent qmail-smtpd from accepting it from remote sites. If the domain is his normal one, then it shouldn't be hard to use Mark's method and make up a dummy domain for which a .qmail-default can relay the email through to his database. Why does anyone need a control file for "badmailto" ? Think about it. You don't need one. Why would you want to list valid users email addresses in a "badmailto" file? (listing non-valid addresses isn't going to do much, except saving qmail from having to generate a no such user bounce). Paul. -- Email pgregg at tibus.net | Email pgregg at nyx.net| Eight out of every Technical Director| System Administrator | five people are math The Internet Business Ltd | Nyx Public Access Internet | illiterates. http://www.tibus.net | http://www.nyx.net | - Anon.
Re: qmail II request
In article <[EMAIL PROTECTED]> you wrote: > On Mon, Jan 04, 1999 at 12:39:33AM +, Paul Gregg wrote: > # In article <[EMAIL PROTECTED]> you wrote: > # > Since I started this thread I can tell you without question what it's about > # > and [EMAIL PROTECTED] isn't any part of it. I want to reject mail being > # > sent to certain valid usernames, such as my database. I'd also like to bounce > # > some mail to nonvalid usernames without accepting and bouncing afterward since > # > they only double bounce anyway. > # > # To do this, then it requires qmail-smtpd to know everything that qmail-send > # does. It requires a major rethink and rewriting of the qmail system. > # We'll have to see what dbj comes up with for Qmail-II - we know that many of > # us would like to see such a feature. > no, it wouldnt > invalid usernames would be dfined in a file, and would then be not accepted > admin defined user named As noted in another post in this thread. See it for an explanation of what this applies to. > # If you are in control of the local delivery then you already can control > # who sends mail to your database. Why can't you use procmail? > not every machine has procmail, or wants to run procmail Lessee... You willing to hack up badmailfrom to create a badmailto patch for Qmail 1.0[13], but can't or won't run procmail. Someone please point out the logic to me, I really can't see it. Paul. -- Email pgregg at tibus.net | Email pgregg at nyx.net| Eight out of every Technical Director| System Administrator | five people are math The Internet Business Ltd | Nyx Public Access Internet | illiterates. http://www.tibus.net | http://www.nyx.net | - Anon.
Re: qmail II request
On Mon, Jan 04, 1999 at 01:04:51AM +, Paul Gregg wrote: # In article <[EMAIL PROTECTED]> you wrote: # >>> Since I started this thread I can tell you without question what it's about # >>> and [EMAIL PROTECTED] isn't any part of it. I want to reject mail being # >>> sent to certain valid usernames, such as my database. I'd also like to bounce # >>> some mail to nonvalid usernames without accepting and bouncing afterward since # >>> they only double bounce anyway. # # >>To do this, then it requires qmail-smtpd to know everything that qmail-send # >>does. It requires a major rethink and rewriting of the qmail system. # # > Interesting theory, but hard to believe. All I want is a place to put # > a list of addresses that won't be accepted as RCPT TO arguments even # > if the domain is otherwise acceptable. Note that there's no new # > linkage here to anything other than perhaps a file in which the names # > are listed. # # There was two issues above. 1) reject mail being sent to valid usernames # and 2) bounce mail sent to non-valid usernames without accepting the message. # # As you note, 1) Is "easy" to patch in. 2) Is non-trivial. # # >>If you are in control of the local delivery then you already can control # >>who sends mail to your database. Why can't you use procmail? # # > As has been noted many times, rejecting mail at the SMTP level saves # > processing and makes it more likely that the sender will notice that it # > was rejected. # # True, but since when has processing be a major issue in a qmail box? # And if the sender is a valid user then qmail will make sure he gets an # error message. # # > I'll dig up the patch that does this and try it out. Given that the # > badmailfrom code already exists, it shouldn't be very big. # # Yes, but this is only going to resolve "1" above. I noted to the thread poster # that he can use procmail to ensure that only his system can email his # database; and Mark pointed out that he can leave the domain out of # rcpthosts which will prevent qmail-smtpd from accepting it from # remote sites. If the domain is his normal one, then it shouldn't be hard to # use Mark's method and make up a dummy domain for which a .qmail-default # can relay the email through to his database. # # Why does anyone need a control file for "badmailto" ? Think about it. You # don't need one. Why would you want to list valid users email addresses in # a "badmailto" file? (listing non-valid addresses isn't going to do much, # except saving qmail from having to generate a no such user bounce). # and saving on double bounces when you have addresses you generated for posting to newsgroups for certain time periods so that SPAM would be bounced is fine and dandy, until after those addresses are invalid, and the return addresses supplied by spammers are invalid as well. The point here is to eliminate this and to make the spammers/sender notice that the message was undeliverable, BEFORE Qmail accepts it, so it doesnt have to deal with it in the first place. Just as badmailfrom rejects messages before a messages is accepted, badrcptto or something like that should also do the same. -- /- [EMAIL PROTECTED] --- [EMAIL PROTECTED] -\ |Justin Bell NIC:JB3084| Time and rules are changing. | |Simon & Schuster A&AT | Attention span is quickening.| |Programmer | Welcome to the Information Age. | \ http://www.superlibrary.com/people/justin/ --/
Re: qmail II request
On Mon, Jan 04, 1999 at 01:10:01AM +, Paul Gregg wrote: # In article <[EMAIL PROTECTED]> you wrote: # > On Mon, Jan 04, 1999 at 12:39:33AM +, Paul Gregg wrote: # > # If you are in control of the local delivery then you already can control # > # who sends mail to your database. Why can't you use procmail? # > not every machine has procmail, or wants to run procmail # # Lessee... You willing to hack up badmailfrom to create a badmailto patch # for Qmail 1.0[13], but can't or won't run procmail. Someone please point # out the logic to me, I really can't see it. no, no one wanted to do anything to qmail 1.0[123] it is a feature request for qmail 2 not all machines come with procmail installed, like the later versions of Linux, and not all sites WANT to install procmail, or need to for that matter. -- /- [EMAIL PROTECTED] --- [EMAIL PROTECTED] -\ |Justin Bell NIC:JB3084| Time and rules are changing. | |Simon & Schuster A&AT | Attention span is quickening.| |Programmer | Welcome to the Information Age. | \ http://www.superlibrary.com/people/justin/ --/
Re: qmail II request
Russ Allbery ([EMAIL PROTECTED]) wrote: > Somewhere down the road, I think someone mentioned that one of the > problems was cron mail. cron mail is going to go just to the username, no > domain qualification. But cron only emails any output sent to stdout. So ensure none happens and tack on |/var/qmail/bin/qmail-inject [EMAIL PROTECTED] to the end of the cron line. Paul. -- Email pgregg at tibus.net | Email pgregg at nyx.net| Eight out of every Technical Director| System Administrator | five people are math The Internet Business Ltd | Nyx Public Access Internet | illiterates. http://www.tibus.net | http://www.nyx.net | - Anon.
Re: qmail II request
>There was two issues above. 1) reject mail being sent to valid usernames >and 2) bounce mail sent to non-valid usernames without accepting the message. > >As you note, 1) Is "easy" to patch in. 2) Is non-trivial. > >>>If you are in control of the local delivery then you already can control >>>who sends mail to your database. Why can't you use procmail? > >> As has been noted many times, rejecting mail at the SMTP level saves >> processing and makes it more likely that the sender will notice that it >> was rejected. > >True, but since when has processing be a major issue in a qmail box? It can be when someone uses a forged address in your domain to spam, eg, AOL. I've seen upwards of 30,000 bounces inbound as a result of this. Avoiding 30K queue submissions is a big issue. I suspect that DjB's answer to this problem, is zeroseek queues. 2) is certainly non-trivial and I think this has been discussed many times here. Though there are patches around that handle partial solutions. Regards.
Re: qmail II request
Paul Gregg <[EMAIL PROTECTED]> writes: > But cron only emails any output sent to stdout. So ensure none happens > and tack on |/var/qmail/bin/qmail-inject [EMAIL PROTECTED] > to the end of the cron line. I think djb should add this functionality to qmail so that people don't have to have crontab files that look horrible. Fight against >80 column files! Take a stance against word-wrap today! And that should be 2>&1 |/var/qmail/bin/qmail-inject, I believe. :) -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/>
Re: qmail II request
In article <[EMAIL PROTECTED]> you wrote: > On Mon, Jan 04, 1999 at 01:10:01AM +, Paul Gregg wrote: > # In article <[EMAIL PROTECTED]> you wrote: > # > On Mon, Jan 04, 1999 at 12:39:33AM +, Paul Gregg wrote: > # > # If you are in control of the local delivery then you already can control > # > # who sends mail to your database. Why can't you use procmail? > # > not every machine has procmail, or wants to run procmail > # > # Lessee... You willing to hack up badmailfrom to create a badmailto patch > # for Qmail 1.0[13], but can't or won't run procmail. Someone please point > # out the logic to me, I really can't see it. > no, no one wanted to do anything to qmail 1.0[123] > it is a feature request for qmail 2 Point taken. However although the thread is about (or was ment to) qmail-II several people were talking about using existing patches and doing stuff now. Let's move it back on track. *If* Dan is to do anything about pre-accept rejection of SMTP messages then it should most definately NOT be using a control file ala badrcptto or suchlike. The smtpd will have to know wether a rcpt to: address will be locally deliverable or not and reject immediately. How Dan does it is really up to him, he's infinately better at program design than I. I'd see it working somthing like: qmail-smtpd-accept -> qmail-smtpd-checkaddrs -> qmail-smtpd -> qmail-smtpd-accept would accept the SMTP conversation up until the DATA statement (so it knows that all rcpt to: statements are received), then pass all data into checkaddrs which would be a custom prog much like checkpoppasswd (i.e. you build in your own badmailfrom, badrctpto, etc checking). If checkaddrs doesn't like any address is can print some error message and exit, else normally it'll execvp qmail-smtpd an carry on. > not all machines come with procmail installed, like the later versions of > Linux, and not all sites WANT to install procmail, or need to for that > matter. There aren't many machines come with qmail installed either ;-) Paul. -- Email pgregg at tibus.net | Email pgregg at nyx.net| Eight out of every Technical Director| System Administrator | five people are math The Internet Business Ltd | Nyx Public Access Internet | illiterates. http://www.tibus.net | http://www.nyx.net | - Anon.
Re: qmail II request
Paul Gregg writes: > John R. Levine wrote: > >>What you want is: > >>/var/qmail/control/badmailheaderto > >>which really doesn't buy you anything. > > > What I would like, and I believe what he's asking for, is > > /var/qmail/control/badmailto which would list specific addresses in > > otherwise acceptable domains to which all mail should bounce > > instantly. They'd match against the "MAIL TO:" command, not > > anything in the body. > > > I have a fist full of 100% spam-only addresses in my domains that were > > scraped ages ago, never were valid, and get spammed every day. I > > currently receive the spam and complain back to the IP sender, but it > > would be easier to bounce them directly. > > What you and others have failed to realise in this thread is that although > you may be receiving spams with the header "To: [EMAIL PROTECTED]" you > *will not* be receiving the email into your system with a > RCPT TO: <[EMAIL PROTECTED]> Paul? John knows *exactly* what he's talking about. He wants the ability for an unpatched qmail-smtpd to reject mail which is *known* to bounce. For example, I repeatedly get spam sent to [EMAIL PROTECTED] Obviously some spammer database got munged, and of course the people selling the database don't care. I would like to have a badrcptto file which contains [EMAIL PROTECTED] > And to give you a solution, if you really need one, is to have qmail pipe the > email to a Maildir enabled procmail which can easily see common spammer > headers. Nope. Won't do it. The point is to reject the mail in the SMTP conversation -- something which qmail-smtpd does not have the ability to do. Oh yeah, you can insert a qmail-queue wrapper, but what happens the next time you do a ``make setup''?? Your wrapper gets blown away. Oops! Dan's probable reply? "Don't be stupid." Sorry, Dan, I *am* stupid (or at least more stupid than you). I'm not completely stupid, though -- I know enough to ask for a mechanism to protect me against my stupidity. AND, it's just plain impolite and wasteful to issue a DATA command for email you *know* you're going to bounce. -- -russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson Crynwr supports Open Source(tm) Software| PGPok | There is good evidence 521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
Re: qmail II request
Paul Gregg writes: > In article <[EMAIL PROTECTED]> you wrote: > > Since I started this thread I can tell you without question what it's about > > and [EMAIL PROTECTED] isn't any part of it. I want to reject mail being > > sent to certain valid usernames, such as my database. I'd also like to bounce > > some mail to nonvalid usernames without accepting and bouncing afterward since > > they only double bounce anyway. > > To do this, then it requires qmail-smtpd to know everything that qmail-send > does. Nonsense. qmail-send needs to know what recipients it will accept. qmail-smtpd needs to know what recipients it will reject. The two are disjoint but not covering sets. -- -russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson Crynwr supports Open Source(tm) Software| PGPok | There is good evidence 521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
Re: qmail II request
At 01:04 4/01/99 GMT, Paul Gregg wrote: >Why does anyone need a control file for "badmailto" ? Think about it. You >don't need one. Why would you want to list valid users email addresses in >a "badmailto" file? (listing non-valid addresses isn't going to do much, >except saving qmail from having to generate a no such user bounce). I personally don't see a need for this for MY system, but I can see where people might want this. In Australia (and a lot of other countries) most traffic is charged by per meg. Reducing traffic is a number one concern (and it is why we like things like qmail that give us such control over what we can do. Other products like squid are useful too, which help us save bandwidth). Rejecting mail as early in the conversation as possible reduces wasted bandwidth, and in many cases money. (It has happened a few times where people have been hit with large amounts of data from various domains where they do NOT pay for data, have been unable to pay for said data, and has since driven them out of business.) In many places, this is irrevelant, but in some places, it is very important. Stuart Young - [EMAIL PROTECTED] - [EMAIL PROTECTED] (aka Cefiar) - http://amarok.glasswing.com.au/ [All opinions expressed in the above message are my] [own and not necessarily the views of my employer..]
Re: qmail II request
On 3 Jan 1999, Russ Allbery wrote: > > Paul Gregg <[EMAIL PROTECTED]> writes: > > > But cron only emails any output sent to stdout. So ensure none happens > > and tack on |/var/qmail/bin/qmail-inject [EMAIL PROTECTED] > > to the end of the cron line. > [...] > > And that should be 2>&1 |/var/qmail/bin/qmail-inject, I believe. Except that that will result in a blank email if there is no output. I had to kludge a broken cron implementation so I wrote a quick script that only sends email if there is any output. See cronoutput at: http://www.foogrill.com/scripts.html I've only tested it for a short time so YMMV. Cheers, Vern -- ,+'^'+, Vern Hart O Creative Design Engineer - The Hungry Programmers `+,.,+' [EMAIL PROTECTED] http://www.hungry.org 10:43pm up 22 day(s), 12:52, 16 users, load average: 0.07, 0.12, 0.14
Re: qmail II request
[EMAIL PROTECTED] (Russell Nelson) wrote: > Paul Gregg writes: > > In article <[EMAIL PROTECTED]> you wrote: > > > Since I started this thread I can tell you without question what it's about > > > and [EMAIL PROTECTED] isn't any part of it. I want to reject mail being > > > sent to certain valid usernames, such as my database. I'd also like to bounce ^^ > > > some mail to nonvalid usernames without accepting and bouncing afterward since > > > they only double bounce anyway. > > > > To do this, then it requires qmail-smtpd to know everything that qmail-send > > does. > Nonsense. qmail-send needs to know what recipients it will accept. > qmail-smtpd needs to know what recipients it will reject. The two are > disjoint but not covering sets. Usually I would believe much of what you say Russell, but in this case to do this qmail-smtpd needs to know what it will accept, which is basically what I was saying. Paul. -- Email pgregg at tibus.net | Email pgregg at nyx.net| Eight out of every Technical Director| System Administrator | five people are math The Internet Business Ltd | Nyx Public Access Internet | illiterates. http://www.tibus.net | http://www.nyx.net | - Anon.
Re: qmail II request
On 04-Jan-99 01:39:33, Paul Gregg wrote something about "Re: qmail II request". I just couldn't help replying to it, thus: > In article <[EMAIL PROTECTED]> you wrote: >> Since I started this thread I can tell you without question what it's about >> and [EMAIL PROTECTED] isn't any part of it. I want to reject mail being >> sent to certain valid usernames, such as my database. I'd also like to >> bounce some mail to nonvalid usernames without accepting and bouncing >> afterward since they only double bounce anyway. > To do this, then it requires qmail-smtpd to know everything that qmail-send > does. Not at all. Try rereading the message that started this thread. The same mechanism that works for control/badmailfrom will do the trick. > If you are in control of the local delivery then you already can control > who sends mail to your database. Why can't you use procmail? No good. Then you have already accepted the message, and the point was to reject it. Regards, /¯¯T¯\ | Rask Ingemann Lambertsen | [EMAIL PROTECTED] | | Registered Phase5 developer | WWW: http://www.gbar.dtu.dk/~c948374/ | | A4000, 775 kkeys/s (RC5-64) | "ThrustMe" on XPilot and EFnet IRC | |If you had an off switch, Doctor, would you not keep it secret? |
