stop relay messages :-)
Hello... OK now stop-smtp-relaying works :-) I can allow relaying messages over my smtp-server for some IP-adresses (/etc/tcp.smtp), but how can allow relaying for all clients of a internet-provider? .aol.com:allow,RELAYCLIENT= doesn't work!? Any ideas? Thanks very much for your help: Severin Olloz
Re: stop relay messages :-)
Severin Olloz [EMAIL PROTECTED] wrote: I can allow relaying messages over my smtp-server for some IP-adresses (/etc/tcp.smtp), but how can allow relaying for all clients of a internet-provider? .aol.com:allow,RELAYCLIENT= doesn't work!? You can control relaying by host or domain name, but that's not the correct syntax. You really should read the documentation for ucspi-tcp before trying this. Note that unless you run tcpserver in paranoid mode, this is not a great idea. The bigger question is, why are you trying to be a relay SMTP host for other ISPs? What problem are you trying to solve? Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ ---
RES: stop relay messages :-)
Hi, If you know the ip range from your internet-provider, type this: For example if you provider have IPS from 199.200.101.1 to 199.200.101.254, the line in tcp.smtp file will be: 199.200.101.:allow,RELAYCLIENT= In the last case, all subnets from this internet-provider will be informed. Best regards, Agnaldo Mariano Monteiro Engenharia de Sistemas Fujitsu do Brasil Ltda. Tel.: (11) 245-0964 (Direto) [EMAIL PROTECTED] - Mensagem original - De: Severin Olloz [SMTP:[EMAIL PROTECTED]] Enviada em: terca-feira, 14 de agosto de 2001 13:53 Para: [EMAIL PROTECTED] Assunto:stop relay messages :-) Hello... OK now stop-smtp-relaying works :-) I can allow relaying messages over my smtp-server for some IP-adresses (/etc/tcp.smtp), but how can allow relaying for all clients of a internet-provider? .aol.com:allow,RELAYCLIENT= doesn't work!? Any ideas? Thanks very much for your help: Severin Olloz
Selective relay configuration problems
I've installed tcpserver, but I'm not sure that I'm invoking it = properly. My questions are: 1. Should the 'tcpserver' execution line in qmail/rc? 2. If so, exactly what should qmail/rc now look like? --- Rodney Broom Programmer: Desert.Net
Re: Selective relay configuration problems
Rodney Broom [EMAIL PROTECTED] wrote: I've installed tcpserver, but I'm not sure that I'm invoking it = properly. My questions are: 1. Should the 'tcpserver' execution line in qmail/rc? Not likely. /var/qmail/rc is for starting qmail-send, not qmail-smtpd. 2. If so, exactly what should qmail/rc now look like? Have a look at Life with qmail -- Dave gives examples of just about everything. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ ---
Re: stop relay messages :-)
Severin Olloz [EMAIL PROTECTED] wrote: 127.0.0.1:allow,RELAYCLIENT= So why can I send now emails form remote hosts with other IPs than 127.0.0.1 over this smtp-server? You've misconfigured something. What does `cat /var/qmail/control/rcpthosts` do? By the way, shut qmail-smtpd down until you've diagnosed and repaired this problem. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ ---
Re: stop relay messages :-)
On Mon, Aug 13, 2001 at 09:53:38PM +0200, Severin Olloz wrote: My smtp-process starts with this command: /usr/bin/tcpserver -H -R -v -u 64011 -g 65534 -x /etc/tcp.smtp.cdb 0 smtp /usr/sbin/qmail-smtpd looks good /etc/tcp.smtp looks before a: tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp /etc/tcp.smtp like this: 127.0.0.1:allow,RELAYCLIENT= still looks good So why can I send now emails form remote hosts with other IPs than 127.0.0.1 over this smtp-server? should'nt be possible, are you sure that you did thath all as described ? it really looks correct to me. probably, your rcpthosts is empty, which means that your systems will relay all messages. -- Lukas Beeler[EMAIL PROTECTED] GPG Fingerprint: 8030 1C2F 66C5 9D80 AA31 6604 7D4D 0A67 68D8 B67E
Re: stop relay messages :-)
Severin, I bet you don't have a control/rcpthosts file. I was having the same problem. I don't know if this is a qmail problem, or if it's a qmail-ldap problem (I'm using an old qmail-ldap patch, so this might be even fixed). Try creating a control/rcpthosts file, ok? Good luck, Henrique Pantarotto -Original Message- From: Severin Olloz [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Mon, 13 Aug 2001 21:53:38 +0200 Subject: stop relay messages :-) Hello... I want to stop spammers, but qmail-smtp doesn't want :-( My smtp-process starts with this command: /usr/bin/tcpserver -H -R -v -u 64011 -g 65534 -x /etc/tcp.smtp.cdb 0 smtp /usr/sbin/qmail-smtpd /etc/tcp.smtp looks before a: tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp /etc/tcp.smtp like this: 127.0.0.1:allow,RELAYCLIENT= So why can I send now emails form remote hosts with other IPs than 127.0.0.1 over this smtp-server? I have try all things, but my server relays message at all! Any ideas? Thanks: Severin Olloz ___ Henrique Pantarotto Suporte Nacional - Terra Networks - São Paulo Tel: (11) 5501-7085 - [EMAIL PROTECTED]
relay to valid users
Hi guys, I have some users that I would like to allow relaying but their ip always changes. Any suggestions? REMO
Re: relay to valid users
[EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi guys, I have some users that I would like to allow relaying but their ip always changes. Any suggestions? This has been asked and answered thousands of times on the mailing list. See qmail.org and the qmail list archives. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ ---
RE: relay to valid users
Remo, You have the option of having authenticated SMTP relays if you look at http://www.palomine.net/qmail/relaying.html and your answer lies in http://www.davideous.com/smtp-poplock/ It's amazing what you will find at http://www.qmail.org J.P. Racine -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: August 13, 2001 3:08 PM To: [EMAIL PROTECTED] Subject: relay to valid users Hi guys, I have some users that I would like to allow relaying but their ip always changes. Any suggestions? REMO
Re: relay to valid users
On Mon, Aug 13, 2001 at 04:08:20PM -0600, [EMAIL PROTECTED] wrote: Hi guys, I have some users that I would like to allow relaying but their ip always changes. Any suggestions? spend some seconds on qmail.org and look for SMTP after POP ans/or SMTP AUTH. Don't expect us to do your homework. -- * Henning Brauer, [EMAIL PROTECTED], http://www.bsws.de * * Roedingsmarkt 14, 20459 Hamburg, Germany * Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Outbound mail sent through relay server?
Anyone know how I can have Q-mail send all of it's mail through my relay server? --- Brad Dameron Network Account Executive TSCNet Inc. www.tscnet.com Silverdale, WA. 1-888-8TSCNET
Re: Outbound mail sent through relay server?
On Wed, Aug 08, 2001 at 03:00:59PM -0700, Brad Dameron wrote: Anyone know how I can have Q-mail send all of it's mail through my relay server? Use smtproutes. See the manual page for qmail-remote.
relay Denied
Hi! I made the tcp.smtp file correct, everything looks fine, but I'm still receiving relay denied. What else should I do? Tks, Daniel. -Mensagem original- De: J4cks [mailto:[EMAIL PROTECTED]] Enviada em: Terça-feira, 31 de Julho de 2001 12:00 Para: [EMAIL PROTECTED] Assunto: smtp problem i have a problem again my problem is someone from different domain can use my smtp server. i have see tha FAQ and set tcp.smtp but it doesn't work setting on my tcp.smtp 192.168.1.:allow,RELAYCLIENT= 192.168.2.:allow,RELAYCLIENT= 192.168.3.:allow,RELAYCLIENT= 192.168.4.:allow,RELAYCLIENT= :allow if i set tcp.smtp like this 192.168.1.:allow,RELAYCLIENT= 192.168.2.:allow,RELAYCLIENT= 192.168.3.:allow,RELAYCLIENT= 192.168.4.:allow,RELAYCLIENT= :deny it work (user diferent domain can not use smtp) but my qmail deny connection from other server that send to my domain (we can not receive mail from other domain) please help me.. J4cks _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
RE: relay Denied
I'm having the same problem and am getting ready to reinstall Qmail to make sure it conforms to LWQ but I can't help but wonder if qmail is not seeing the IP coming at it. All my workstations, the only ones I want to have relay capability, sit on a Windows network with DHCP and NAT. When I look at the dialogue with the server the HELO looks like this: (HELO) (scottz)(unknown). Shouldn't the dialogue look like this instead: (HELO) (scottz)(192.168.10.145) If the dialogue is telling me I'm unknown then it can't invoke the rules in tcp.smtp, uh, right? So...is this a Windoze problem or a qmail problem? Anyone know or have I just botched the install at some point? Thanks, Scott -Original Message- From: Daniel Abad [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 31, 2001 10:01 AM To: [EMAIL PROTECTED] Subject: relay Denied Hi! I made the tcp.smtp file correct, everything looks fine, but I'm still receiving relay denied. What else should I do?
Re: mail relay server
On Tue, Jul 31, 2001 at 10:38:07AM +0800, Ami Shamril wrote: This server (ServerA) is in our internal network. Now we want to install qmail to act only as mail relay server (ServerB) to put in our DMZ. So all incoming email will go to ServerB first ServerB will forward to ServerA. Same goes to outgoing email. All outgoing email from ServerA will go to ServerB first ServerB will send it out. My questions are 1. How to configure qmail to act as mail relay server (ServerB) how to confiruge it to forward all incoming email to ServerA.? Put all of the domains that ServerA hosts in ServerB's rcpthosts file (but not in locals or virtualdomains!). Then, for each domain that you just put in rcpthosts, make an entry in /var/qmail/control/smtproutes like this: domain.dom:a.b.c.d where domain.dom is the domain and a.b.c.d is the IP address of ServerA. This is all you have to do on ServerB, and you don't even have to restart any of the qmail programs. 2. In ServerA, how I want to configure qmail to forward all outgoing email go to ServerB? Put: :e.f.g.h in /var/qmail/control/smtproutes, where e.f.g.h is the IP address of ServerB. This is a wildcard entry that tells qmail-remote on ServerA to skip DNS lookups and send everything to ServerB. It's just that easy! Chris PGP signature
relay question (was: badmailfrom the right way)
i know i have asked this before, but got no responses yet, so i simplify my question a little bit and hope for an answer. how can i deny mail from outside with envelope FROM: 123@mydomain RCPT: 456@mydomain (in the case 123 and 456 are valid mailboxes) currently i have tcpserver with RELAYCLIENT and an entry in badmailfrom: @mydomain is this optimal? can qmail end the session after MAIL FROM: ? (now it does after RCPT TO) my setup: INTERNET | QMAIL SERVER (2 Interfaces, qmail-1.03 - qmailqueue and spamcontrol patch) | PRIVATE NETWORK i am switching to qmail from sendmail because got sick of obscure .cf files. qmail is cleaner in design than sendmail and therefore easier to understand. - security benefit. thanks btw. topic of the mailinglist is QMAIL right ? -- Philipp Lopaur
Re: relay question (was: badmailfrom the right way)
Philipp Lopaur [EMAIL PROTECTED] wrote: how can i deny mail from outside with envelope FROM: 123@mydomain RCPT: 456@mydomain (in the case 123 and 456 are valid mailboxes) currently i have tcpserver with RELAYCLIENT and an entry in badmailfrom: @mydomain is this optimal? No -- qmail will then refuse any envelope senders in your domain. can qmail end the session after MAIL FROM: ? Only with patches you'll find at qmail.org or in the list archives. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ ---
Restrict Relay for Users based on Size or Count Per Day
Hello, I am already using combination of tcpserver rules ESMTP to heavily restrict relay access. But an authorized user (thro valid IP or valid username passwd) can still send spam (may be unknowingly thro virus etc) and block the server. So I would like to restrict no of smtp relays from users per day to say 10 (count based) or 1MB (size based). This will also provide a more realistic control as this will allow restrictions on bandwidth consumption per user. As ofcourse Restricting mailbox (maildir) size to some amount does not restrict bandwidth usage thro pop or smtp PER USER and bandwidth is much much more expensive than hard disk Space. Any Suggestion / Directions for above will be highy appreciated (and required :) Thanx Regards Mustafa M. - VeetVision Communications (P) Ltd. Bungalow RH-3, Moghul Gardens, 411001 Pune, India Tel. 91-20-6113056, 6051597, 6051598 / Fax 91-20-6050652
Vpopmail and relay-ctrl
Hi I have a problem mit relay-ctrl... So my tcp.mail-rules looks like so: 127.0.0.1:allow,RELAYCLIENT= :deny So when i try to send a Mail from a client that connected via pop3, it can send messages If not... He can'n send messages So but my problem is, when i send mails from any smtp server to a local mail adress that is managed by vpopmail, than vpopmail cant recieve it. When i delete the :deny from the tcp.mail-rules then it works But then i have a open relay mailer... :( I also checked the control/rcpthost. File There are all domains in it So where can be the problem? Can you help me? Greets Markus
Re: Vpopmail and relay-ctrl
On Mon, Jul 16, 2001 at 12:23:25PM +0200, Markus Hempfling wrote: Hi I have a problem mit relay-ctrl... So my tcp.mail-rules looks like so: 127.0.0.1:allow,RELAYCLIENT= :deny What are you expecting when denying _all_ connections? change the last line to :allow, you aren't an Open Relay than as RELAYCLIENT isn't set. -- * Henning Brauer, [EMAIL PROTECTED], http://www.bsws.de * * Roedingsmarkt 14, 20459 Hamburg, Germany * Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
AW: Vpopmail and relay-ctrl
What are you expecting when denying _all_ connections? change the last line to :allow, you aren't an Open Relay than as RELAYCLIENT isn't set. Hi Henning..! Sorry, i tried that too... But i make a mistake when i tested smtp after pop Im stupid Sorry. Thanks alot :) Markus
Re: remote relay, multiple forwarding
Charles Cazabon [EMAIL PROTECTED] wrote: This is the way to do it. What you could do is make a domain virtual, and create a couple of .qmail files to handle it. In virtual domains, do defaultdomain:alias-defaultdomain then have ~alias/.qmail-defaultdomain-jim, which forwards to two addresses, and ~alias.qmail-defaultdomain-default, which just contains |forward $DEFAULT@otherdomain where otherdomain is an alias that will get the mail to the right MTA, either through an MX record, or an entry in smtproutes. Better yet, make a virtual user. Put: jim@defaultdomain:alias-defaultdomain in control/virtualdomains and create ~alias/.qmail-defaultdomain-jim as above. No need for ~alias/.qmail-defaultdomain-default. -Dave
remote relay, multiple forwarding
Im trying to setup mutliple forwarding for only ONE user account in the domain (ie. jim@defaultdomain forwards to jim@domain1 to jim@domain2) on a qmail server that just does inbound/outbound relaying, only remote deliverys no local ones. I've been reading the life with qmail guide experimenting a bit.. I understand how to do this with local deliverys with a .qmail file in a users directory.. If you dont have user accounts setup on your qmail server with a home dir for users all that, I assume you can use ie. /var/qmail/alias/.qmail-jim(with or without the domain specified) as if it was a ~jim/.qmail file with a few differences Basically what I wanna know is if I'm heading in the right direction.. Is there a better way to do this? like using fastforward? many thanxs d.
Re: remote relay, multiple forwarding
~darkage [EMAIL PROTECTED] wrote: Im trying to setup mutliple forwarding for only ONE user account in the domain (ie. jim@defaultdomain forwards to jim@domain1 to jim@domain2) on a qmail server that just does inbound/outbound relaying, only remote deliverys no local ones. If you're not doing local/virtual delivery, qmail can't do this -- all it does then is store forward. I understand how to do this with local deliverys with a .qmail file in a users directory.. This is the way to do it. What you could do is make a domain virtual, and create a couple of .qmail files to handle it. In virtual domains, do defaultdomain:alias-defaultdomain then have ~alias/.qmail-defaultdomain-jim, which forwards to two addresses, and ~alias.qmail-defaultdomain-default, which just contains |forward $DEFAULT@otherdomain where otherdomain is an alias that will get the mail to the right MTA, either through an MX record, or an entry in smtproutes. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ ---
smtp relay testing w/ abuse.net
dear all, why if i testing my qmail smtp serverrelayusing www.abuse.net/relay.html the test result never more thanrelay test 7 but if using smtp relay with sendmail the test result until relay test 17 why regards yayan
Re: smtp relay testing w/ abuse.net
On Fri, 6 Jul 2001 16:23:31 +0700 Suyanta Satria [EMAIL PROTECTED] wrote: dear all, why if i testing my qmail smtp server relay using www.abuse.net/relay.html the test result never more than relay test 7 but if using smtp relay with sendmail the test result until relay test 17 why regards Because the test is broken (kinda). It stops on test 7 because qmail will accept that mail. What the test dont know is that Qmail will never deliver that email. I think this has been discussed a couple of times before and someone else probably knows the exact details on this better than I do. Cheers Lars
Re: smtp relay testing w/ abuse.net
i install qmail follow the lifewithqmail direction my server is running properly how can i make my qmail server can accept all relay test until relay test 17 what should i do with the configuration ? is my server secure ? sorry i am new with qmail. - Original Message - From: Lars Hansson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, July 06, 2001 5:37 PM Subject: Re: smtp relay testing w/ abuse.net On Fri, 6 Jul 2001 16:23:31 +0700 Suyanta Satria [EMAIL PROTECTED] wrote: dear all, why if i testing my qmail smtp server relay using www.abuse.net/relay.html the test result never more than relay test 7 but if using smtp relay with sendmail the test result until relay test 17 why regards Because the test is broken (kinda). It stops on test 7 because qmail will accept that mail. What the test dont know is that Qmail will never deliver that email. I think this has been discussed a couple of times before and someone else probably knows the exact details on this better than I do. Cheers Lars
Re[2]: smtp relay testing w/ abuse.net
On Fri, 6 Jul 2001 17:15:41 +0700 Suyanta Satria [EMAIL PROTECTED] wrote: i install qmail follow the lifewithqmail direction my server is running properly how can i make my qmail server can accept all relay test until relay test 17 what should i do with the configuration ? is my server secure ? If you followed lifewithqmail to the letter; Yes. If you still have doubts have mail-abuse.org or ordb.org test your server. I'm sure they'll find your server secure. Cheers Lars
Re: smtp relay testing w/ abuse.net
i install qmail follow the lifewithqmail direction my server is running properly how can i make my qmail server can accept all relay test until relay test 17 what should i do with the configuration ? is my server secure ? As far as I know, you cannot make qmail get all the way to test 17. However, it really does not matter, because also as far as I know, a properly configured qmail system will pass all the tests in reality. As Lars pointed out, qmail /appears/ to accept the mail, but in fact it would never be delivered. This I know for a fact, and it is the same with several tests after that, which I have done manually. Lastly...Is your server secure? I don't know. If you did a proper install of qmail, that component should be fine. I recommend you try the tests manually and see what you find. Good luck. Mike Culbertson
Re: smtp relay testing w/ abuse.net
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, Suyanta Satria, I too have this problem on my qmail smtp server, and this problem is relate of this strings: abuse.net!relaytest relaytest%abuse.net The original qmail package permit this string to pass of rcpthosts (very bady), for solve this, I aply one patch write by: AUTHORS - --- Rask Ingemann Lambertsen - who provided the original RELAY Patch Marc Pohl - ported it to QMAIL 1.03 ([EMAIL PROTECTED]) Mark Delany - Auther of the WILDMAT Patch ([EMAIL PROTECTED]) Erwin Hoffmann - ported it to QMAIL 1.03 and put it all together for use another's files for block this strings im FROM and RCPT fields. If you interest for this patch, contact me. No more Todos têm o direito de ser burros, o problema é que alguns abusam... UIN: 14414330 - http://www.dicaslinux.com.br 9:00am up 6 days 19:43 0 users On Fri, 6 Jul 2001, Suyanta Satria wrote: RPT dear all, RPT RPT why if i testing my qmail smtp server relay using www.abuse.net/relay.html RPT the test result never more than relay test 7 RPT but if using smtp relay with sendmail the test result until relay test 17 RPT RPT why RPT RPT regards RPT RPT RPT yayan RPT -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjtFssYACgkQzW1cKu9OlHe70gCZAVFxRILwrHYn8v/1EXYgS0Gw eN0AniUMDCkk7ywSkfYIGPvAMcmaw/lJ =ABdB -END PGP SIGNATURE-
Bruce Guenter's relay-ctrl
when i run relay-ctrl-age from cron or command line, i get # /usr/local/bin: Permission denied I've checked the permissions, from cron its run as root. The only files it should be using in /usr/local/bin is tcprules is this behavior normal? or have I got a few things screwed up? Thanks in advance = Todd Grimes [EMAIL PROTECTED] Internet Systems Specialist [EMAIL PROTECTED] Bass Pro Outdoors Online, L.L.C.(417)873-4354
RE: Bruce Guenter's relay-ctrl
-Original Message- From: Todd Grimes [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 27, 2001 7:05 PM To: [EMAIL PROTECTED] Subject: Bruce Guenter's relay-ctrl when i run relay-ctrl-age from cron or command line, i get # /usr/local/bin: Permission denied probably trying to exec a directory ? I've checked the permissions, from cron its run as root. The only files it should be using in /usr/local/bin is tcprules is this behavior normal? or have I got a few things screwed up? Thanks in advance = Todd Grimes [EMAIL PROTECTED] Internet Systems Specialist [EMAIL PROTECTED] Bass Pro Outdoors Online, L.L.C.(417)873-4354
Re: Bruce Guenter's relay-ctrl
Todd Grimes [EMAIL PROTECTED] wrote: when i run relay-ctrl-age from cron or command line, i get # /usr/local/bin: Permission denied Do you have a space between /usr/local/bin and relay-ctrl-age or some other program in your cron script? Please post your script here (copy paste, NOT retyped). Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ ---
Re: Bruce Guenter's relay-ctrl
* * * * * root/usr/sbin/relay-ctrl-age At 01:43 PM 6/27/2001 -0600, you wrote: Todd Grimes [EMAIL PROTECTED] wrote: when i run relay-ctrl-age from cron or command line, i get # /usr/local/bin: Permission denied Do you have a space between /usr/local/bin and relay-ctrl-age or some other program in your cron script? Please post your script here (copy paste, NOT retyped). Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ ---
open relay
hi all, we are having problem regarding open relay. the tcp.smtp file looks like 20x.xx.xxx.x:allow,RELAYCLIENT= 127.0.0.1:allow,RELAYCLIENT= tcp server has been started as tcpserver -x /etc/tcp.smtp.cdb -u 501 -g 2108 0 smtp /var/qmail/bin/qmail-smtpd where uid and gid of qmaild are 501 and 2108 the problem is that even after running tcpserver it's allowing open relay... what could be the possible reasons please suggest.. thanks in adv, pratibha --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.247 / Virus Database: 120 - Release Date: 4/6/01
RE: open relay
-Original Message- From: C P [mailto:[EMAIL PROTECTED]] Sent: 26 June 2001 11:20 To: [EMAIL PROTECTED] Subject: open relay the problem is that even after running tcpserver it's allowing open relay... what could be the possible reasons please suggest.. Use something like this: 127.0.0.1:allow,RELAYCLIENT= 20x.x.x.:allow,RELAYCLIENT= :DENY I just presume it's because there's no ':DENY' which blocks all else. HTH -- Tanuj Shah Enigma Health UK Limited
Re: open relay
On Tue, Jun 26, 2001 at 03:50:20PM +0530, C P wrote: we are having problem regarding open relay. the tcp.smtp file looks like 20x.xx.xxx.x:allow,RELAYCLIENT= 127.0.0.1:allow,RELAYCLIENT= tcp server has been started as tcpserver -x /etc/tcp.smtp.cdb -u 501 -g 2108 0 smtp /var/qmail/bin/qmail-smtpd where uid and gid of qmaild are 501 and 2108 the problem is that even after running tcpserver it's allowing open relay... what could be the possible reasons Did you run tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.cdb.tmp /etc/tcp.smtp ? Does control/rcpthosts exist? Vince.
Re: open relay
On Tue, Jun 26, 2001 at 12:58:22PM +0100, Tanuj Shah wrote: Use something like this: 127.0.0.1:allow,RELAYCLIENT= 20x.x.x.:allow,RELAYCLIENT= :DENY I just presume it's because there's no ':DENY' which blocks all else. No, that will refuse connections from everywhere except the hosts explicitly allowed. While this is a valid configuration, it will not work for servers that are expected to receive email from the Internet. Vince.
Bruce Guenter's relay-ctrl
Has anyone got Bruce Guenter's relay-ctrl working on FreeBSD? I am having a problem getting it to log the ip address so that remote clients can send their email. I got the src from http://untroubled.org/relay-ctrl/ and modified the relay-ctrl-age.c to put the right directory structures with the exception of /var/spool/relay-ctrl . = Todd Grimes [EMAIL PROTECTED] Internet Systems Specialist [EMAIL PROTECTED] Bass Pro Outdoors Online, L.L.C.(417)873-4354
Re: open relay
On Tue, Jun 26, 2001 at 12:58:22PM +0100, Tanuj Shah wrote: -Original Message- From: C P [mailto:[EMAIL PROTECTED]] Sent: 26 June 2001 11:20 To: [EMAIL PROTECTED] Subject: open relay the problem is that even after running tcpserver it's allowing open relay... what could be the possible reasons please suggest.. Use something like this: 127.0.0.1:allow,RELAYCLIENT= 20x.x.x.:allow,RELAYCLIENT= :DENY NO!! This prevents the receipt of mail from any host except the two that are also allowed to relay. Bad idea. The correct question to ask the original poster is: What are the contents of your /var/qmail/control/rcpthosts file? Do you have this file? -- - Timothy L. Mayo mailto:[EMAIL PROTECTED] Senior System Administrator The National Business Network Inc. localconnect(sm) http://www.localconnect.net/ The National Business Network Inc. http://www.nb.net/ One Monroeville Center, Suite 850 Monroeville, PA 15146 (412) 810- Phone (412) 810-8886 Fax
tcpserver: relay iface question
Hi all. How can I tell tcpserver to relay clients connected from an interface instead of ip addresses? --yapedu
Re: tcpserver: relay iface question
GARGIULO Eduardo INGDESI [EMAIL PROTECTED] wrote: How can I tell tcpserver to relay clients connected from an interface instead of ip addresses? You can wildcard IP addresses on byte boundaries -- i.e., the following entry: 10.10.:allow,RELAYCLIENT= would allow the 16-bit subnet 10.10.x.x to relay. This should probably be good enough. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ ---
Re: tcpserver: relay iface question
Thus spake GARGIULO Eduardo INGDESI ([EMAIL PROTECTED]): How can I tell tcpserver to relay clients connected from an interface instead of ip addresses? You bind one tcpserver on each interface and give the one on the relay-enabled interface a rule set that always matches. It's that easy.
Re: tcpserver: relay iface question
On Mon, Jun 25, 2001 at 09:50:07PM +0200, Felix von Leitner wrote: Thus spake GARGIULO Eduardo INGDESI ([EMAIL PROTECTED]): How can I tell tcpserver to relay clients connected from an interface instead of ip addresses? You bind one tcpserver on each interface and give the one on the relay-enabled interface a rule set that always matches. If, and only if, you make sure no traffic for this interface can come in through the other interface. I think charles suggestion is easier. -- * Henning Brauer, [EMAIL PROTECTED], http://www.bsws.de * * Roedingsmarkt 14, 20459 Hamburg, Germany * Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: Relay IP address ranges - NEWBIE
Thanks for your help - all of you. Based on your advice, I nixed xinetd and tcpserver is happy as a clam - so it is reading its config files and forwarding is working. If/when I need ssh, I'll set that up with tcpserver.
silly relay-ctrl
Ok, Its been 9 hours of searching through the mailing list trying to figure out why my relay-ctrl v2.5 isn't working. I make'd make root-installed, left the definition file alone and let it do a default install, i added /usr/sbin/relay-ctrl-allow in my pop3 startup script, i installed it after the /home/vpopmail/vchkpw line. but for some reason it just still wont work correctly. there is a zombie processs of relay-ctrl-age. Are there any other files you have to create or modify? Thanks for the help Zak THompson
silly relay-ctrl
Ok, Its been 9 hours of searching through the mailing list trying to figure out why my relay-ctrl v2.5 isn't working. I make'd make root-installed, left the definition file alone and let it do a default install, i added /usr/sbin/relay-ctrl-allow in my pop3 startup script, i installed it after the /home/vpopmail/vchkpw line. but for some reason it just still wont work correctly. there is a zombie processs of relay-ctrl-age. Are there any other files you have to create or modify? Thanks for the help Zak THomps
Relay IP address ranges - NEWBIE
Config: RedHat 7.1 qmail - 1.0.3 daemontools-0.70 dot-forward-0.71 ucspi-tcp-0.88 I'm having a helluva time figuring out how to allow my local hosts to relay mail through the server. I put the proper line in hosts.allow (per the FAQ), however, I'm not familiar enough with xinetd to do the other edit in 5.4. In other words, I'm lost - help?
Re: Relay IP address ranges - NEWBIE
On Fri, Jun 15, 2001 at 12:43:24PM -0500, Stephen Froehlich wrote: Config: RedHat 7.1 qmail - 1.0.3 daemontools-0.70 dot-forward-0.71 ucspi-tcp-0.88 I'm having a helluva time figuring out how to allow my local hosts to relay mail through the server. I put the proper line in hosts.allow (per the FAQ), however, I'm not familiar enough with xinetd to do the other edit in 5.4. In other words, I'm lost - help? You mentioned both xinetd and ucspi-tcp, which one are you using?? Try: $ ps axw | tcpserver If you get an output post it, if not check the xinetd FAQ. Jörgen
Re: Relay IP address ranges - NEWBIE
Stephen Froehlich [EMAIL PROTECTED] wrote: Config: RedHat 7.1 qmail - 1.0.3 daemontools-0.70 dot-forward-0.71 ucspi-tcp-0.88 I'm having a helluva time figuring out how to allow my local hosts to relay mail through the server. I put the proper line in hosts.allow (per the FAQ), however, I'm not familiar enough with xinetd to do the other edit in 5.4. Skip hosts.allow and xinetd altogether. You've already got ucspi-tcp and daemontools installed, which is far superior in any case. Then go to lifewithqmail.org and set up tcpserver/tcprules controls to allow relaying. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: Relay IP address ranges - NEWBIE
OK, so both xinetd and tcpserver are running. I get the feeling that I should pull xinetd out of the startup scripts. How will this effect apache and other services (most epically bind)? I assume the two don't coexist well? (A logical push-me-pull-you?) I have two instances of tcp server, both called with the command: /usr/local/bin/tcpserver -H -R -v -p -x /etc/tcp.smtp.cdb -u 502 -g 501 0 smtp /var/qmail/bin/qmail-smptd xinetd is also running (one process). The other services can go; (I'd like the ability to run a web server in a pinch, however, the Mac can actually take care of that on an emergency basis (which is all I want locally).), however I need DNS on the mail box for the internal (NAT) DNS configuration. - Original Message - From: Charles Cazabon [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, June 15, 2001 2:04 PM Subject: Re: Relay IP address ranges - NEWBIE Stephen Froehlich [EMAIL PROTECTED] wrote: Config: RedHat 7.1 qmail - 1.0.3 daemontools-0.70 dot-forward-0.71 ucspi-tcp-0.88 I'm having a helluva time figuring out how to allow my local hosts to relay mail through the server. I put the proper line in hosts.allow (per the FAQ), however, I'm not familiar enough with xinetd to do the other edit in 5.4. Skip hosts.allow and xinetd altogether. You've already got ucspi-tcp and daemontools installed, which is far superior in any case. Then go to lifewithqmail.org and set up tcpserver/tcprules controls to allow relaying. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: Relay IP address ranges - NEWBIE
Technology Strategic Planning, Inc. wrote: OK, so both xinetd and tcpserver are running. I get the feeling that I should pull xinetd out of the startup scripts. How will this effect apache and other services (most epically bind)? I assume the two don't coexist well? (A logical push-me-pull-you?) I have two instances of tcp server, both called with the command: /usr/local/bin/tcpserver -H -R -v -p -x /etc/tcp.smtp.cdb -u 502 -g 501 0 smtp /var/qmail/bin/qmail-smptd xinetd is also running (one process). The other services can go; (I'd like the ability to run a web server in a pinch, however, the Mac can actually take care of that on an emergency basis (which is all I want locally).), however I need DNS on the mail box for the internal (NAT) DNS configuration. Just remove any e-mail related protocols from xinetd's conf files and send it a reload signal (SIGUSR1 if I remember correctly from my darker experiences with it). -- Nick (Keith) Fish Network Engineer Triton Technologies, Inc.
Re: Relay IP address ranges - NEWBIE
For Apache and Bind do not care, they are stand alone servers, if you have an FTP, Telnet, or other service you have 2 options: disable it (safest), make a run script and run it from tcpsefver. Nazghul Microsoft is not the answer, its the question. And the answer is no. www.badran.co.uk - Original Message - From: Technology Strategic Planning, Inc. [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, June 15, 2001 3:24 PM Subject: Re: Relay IP address ranges - NEWBIE OK, so both xinetd and tcpserver are running. I get the feeling that I should pull xinetd out of the startup scripts. How will this effect apache and other services (most epically bind)? I assume the two don't coexist well? (A logical push-me-pull-you?) I have two instances of tcp server, both called with the command: /usr/local/bin/tcpserver -H -R -v -p -x /etc/tcp.smtp.cdb -u 502 -g 501 0 smtp /var/qmail/bin/qmail-smptd xinetd is also running (one process). The other services can go; (I'd like the ability to run a web server in a pinch, however, the Mac can actually take care of that on an emergency basis (which is all I want locally).), however I need DNS on the mail box for the internal (NAT) DNS configuration. - Original Message - From: Charles Cazabon [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, June 15, 2001 2:04 PM Subject: Re: Relay IP address ranges - NEWBIE Stephen Froehlich [EMAIL PROTECTED] wrote: Config: RedHat 7.1 qmail - 1.0.3 daemontools-0.70 dot-forward-0.71 ucspi-tcp-0.88 I'm having a helluva time figuring out how to allow my local hosts to relay mail through the server. I put the proper line in hosts.allow (per the FAQ), however, I'm not familiar enough with xinetd to do the other edit in 5.4. Skip hosts.allow and xinetd altogether. You've already got ucspi-tcp and daemontools installed, which is far superior in any case. Then go to lifewithqmail.org and set up tcpserver/tcprules controls to allow relaying. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: Relay IP address ranges - NEWBIE
On Fri, Jun 15, 2001 at 03:24:05PM -0500, Technology Strategic Planning, Inc. wrote: OK, so both xinetd and tcpserver are running. I get the feeling that I should pull xinetd out of the startup scripts. How will this effect apache and other services (most epically bind)? I assume the two don't coexist well? (A logical push-me-pull-you?) They can coexist but not bind to the same port. I have two instances of tcp server, both called with the command: /usr/local/bin/tcpserver -H -R -v -p -x /etc/tcp.smtp.cdb -u 502 -g 501 0 smtp /var/qmail/bin/qmail-smptd Two identical instances of tcpserver?? one them changing PID all the time?? There's most probably a problem with your start scripts and something (svscan?) tries to start it twice. If you want to control relay check /etc/tcp.smtp and the documentation for tcprules[1]. xinetd is also running (one process). It's fine unless it doesn't try to bind to the same ports as tcpserver. Jörgen [1] http://cr.yp.to/ucspi-tcp/tcprules.html
How to make a qmail hub relay ?
I search in archive's list but I didn't find how to make a qmail hub relay. Anybody can elp me how to makea hub. I want my qmail server to receive mail for a lot domain (know domain :) ) and to redirect to different mail server (foreign mail server). Thx for your help.
Re: How to make a qmail hub relay ?
* NICOLAS Jean-Michel (@ HoME) [EMAIL PROTECTED] [010606 13:25]: I search in archive's list but I didn't find how to make a qmail hub relay. Anybody can elp me how to make a hub. I want my qmail server to receive mail for a lot domain (know domain :) ) and to redirect to different mail server (foreign mail server). This is very simple in qmail. Install qmail, put all of the domains you will be a hub for in /var/qmail/control/rcpthosts (and NOT in locals or virtualdomains) and make one line for each domain in /var/qmail/control/smtproutes like this: the.do.main:[ip.of.real.server] man qmail-control is your friend. For advanced users: use morerctphosts -Johan -- Johan Almqvist http://www.almqvist.net/johan/qmail/ PGP signature
Re: How to make a qmail hub relay ?
On Wed, Jun 06, 2001 at 01:25:36PM +0200, NICOLAS Jean-Michel (@ HoME) wrote: I search in archive's list but I didn't find how to make a qmail hub relay. Anybody can elp me how to make a hub. I want my qmail server to receive mail for a lot domain (know domain :) ) and to redirect to different mail server (foreign mail server). The archives might not explain it but the FAQ[1] does. Jörgen [1] http://cr.yp.to/qmail/faq.html
Return receipts on an SMTP relay machine...
Hi all, I'm running qmail on an OpenBSD2.7 as an relay for incoming and outgoing mail to/from the internet and our internal Exchange server. Before the switch to qmail, I was running sendmail. Sendmail had one feature that I can't for my life figure out how to get in qmail. After a mail had been relayed to the internet, sendmail sent a receipt back to the sender. I can't get qmail to do that. I have read qreceipt's man page, but that only seems to apply to users on the local machine. This machine only has root and a couple of daemon users. I realize that I have to patch qreceipt to recognize Outlooks SMTP tag for receipts, but how do I do that? I use a OpenBSD binary install. I use tcpserver to have separate relaying rules depending on where the mail comes from. Could this also be used as an receipt mechanism? I anything is unclear, please mail me. Also, Please point me towards TFM.. Or speculations.. or ideas.. or.. ANYTHING!?!? =) A bit desperate, yep.. With Best Regards, Peter Fredriksson Compu-Mark Nordic AB Email: [EMAIL PROTECTED] Phone: +46-8-4417730 Fax:+46-8-6980909 ICQ#: 6166226
Re: Return receipts on an SMTP relay machine...
[EMAIL PROTECTED] wrote: After a mail had been relayed to the internet, sendmail sent a receipt back to the sender. I can't get qmail to do that. Hmm. So Sendmail on your relay sent a message to the sender of each message it relayed informing them of the fact that it'd relayed the message? And you found this desirable? What if every relay on the net starting doing that? You'd often get 4-5 relay notifications for each message you send. What's the point? I have read qreceipt's man page, but that only seems to apply to users on the local machine. This machine only has root and a couple of daemon users. Yes, qreceipt allows users to confirm final delivery to senders who request confirmation. That's much more reasonable than what you're asking for. I realize that I have to patch qreceipt to recognize Outlooks SMTP tag for receipts, but how do I do that? If you really want to do that, I think you'll have to hack qmail-scanner[1] or implement a custom filter[2]. -Dave Footnotes: [1] http://qmail-scanner.sourceforge.net/ [2] http://www.faqts.com/knowledge_base/view.phtml/aid/2142/fid/206
RE: Return receipts on an SMTP relay machine...
Dave, This function is very, very good when you have a client that can't tell the sender that the message has been received. An example is below. This is generated by sendmail. If I get two (one like this, and one from the receiving client), it OK. I don't like to rely on the receivers ability to tell me that they have received the message. From: Mail Delivery Subsystem [mailto:[EMAIL PROTECTED]] Sent: den 21 maj 2001 14:17 To: [EMAIL PROTECTED] Subject: Return receipt The original message was received at Mon, 21 May 2001 14:16:29 +0200 (CEST) from dmz.skriptor.com [195.84.158.65] - The following addresses had successful delivery notifications - [EMAIL PROTECTED] (relayed to non-DSN-aware mailer) - Transcript of session follows - [EMAIL PROTECTED]... relayed; expect no further notifications Any better suggestions then hacking? =) With Best Regards, Peter Fredriksson Compu-Mark Nordic AB Email: [EMAIL PROTECTED] Phone: +46-8-4417730 Fax:+46-8-6980909 ICQ#: 6166226 -Original Message- From: Dave Sill [mailto:[EMAIL PROTECTED]] Sent: den 31 maj 2001 15:51 To: [EMAIL PROTECTED] Subject: Re: Return receipts on an SMTP relay machine... [EMAIL PROTECTED] wrote: After a mail had been relayed to the internet, sendmail sent a receipt back to the sender. I can't get qmail to do that. Hmm. So Sendmail on your relay sent a message to the sender of each message it relayed informing them of the fact that it'd relayed the message? And you found this desirable? What if every relay on the net starting doing that? You'd often get 4-5 relay notifications for each message you send. What's the point? I have read qreceipt's man page, but that only seems to apply to users on the local machine. This machine only has root and a couple of daemon users. Yes, qreceipt allows users to confirm final delivery to senders who request confirmation. That's much more reasonable than what you're asking for. I realize that I have to patch qreceipt to recognize Outlooks SMTP tag for receipts, but how do I do that? If you really want to do that, I think you'll have to hack qmail-scanner[1] or implement a custom filter[2]. -Dave Footnotes: [1] http://qmail-scanner.sourceforge.net/ [2] http://www.faqts.com/knowledge_base/view.phtml/aid/2142/fid/206
Dynamic allow of relay
Title: Dynamic allow of relay Is there a way to setup qmail such that it will dynamically allow relay hosts based on their previous login to the qmail-pop3d? Namezero has their mail servers set up this way, so that as long as you've checked your mail within the last 10 minutes from that IP, you can use the server to send mail through. My mail server is not local to my workstations, and the workstations are on a DSL PPPoE connection which changes ip's every time I connect. Making a setup like this would greatly simplify how things work for me. Anyone have any ideas on how to do this? Mark Douglas - Architecture Sympatico-Lycos Inc. All your base are belong to us! Make your time!
Re: Dynamic allow of relay
Mark Douglas [EMAIL PROTECTED] wrote: Is there a way to setup qmail such that it will dynamically allow relay hosts based on their previous login to the qmail-pop3d? Yes, and there's several implementations available. See qmail.org for details, and read the mailing list archives; there are hundreds of messages discussing the various methods. I favour Bruce Guenter's relay-ctrl. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
R: Dynamic allow of relay
Title: Dynamic allow of relay Yes, it's called realy-ctrl. If you're using vpopmail, there is an option to allow it. Have a look on qmail home page. ---Cordiali saluti / Best regardsAndrea Cerrito^^Net.Admin @ Centro MultiMediale di Terni S.p.A.P.zzale Bosco 3A05100 Terni ITTel. +39 744 5441330Fax. +39 744 5441372 -Messaggio originale-Da: Mark Douglas [mailto:[EMAIL PROTECTED]]Inviato: giovedì 31 maggio 2001 18.50A: '[EMAIL PROTECTED]'Oggetto: Dynamic allow of relay Is there a way to setup qmail such that it will dynamically allow relay hosts based on their previous login to the qmail-pop3d? Namezero has their mail servers set up this way, so that as long as you've checked your mail within the last 10 minutes from that IP, you can use the server to send mail through. My mail server is not local to my workstations, and the workstations are on a DSL PPPoE connection which changes ip's every time I connect. Making a setup like this would greatly simplify how things work for me. Anyone have any ideas on how to do this? Mark Douglas - Architecture Sympatico-Lycos Inc. All your base are belong to us! Make your time!
Re: Dynamic allow of relay
Charles Cazabon writes: Mark Douglas [EMAIL PROTECTED] wrote: Is there a way to setup qmail such that it will dynamically allow relay hosts based on their previous login to the qmail-pop3d? Yes, and there's several implementations available. See qmail.org for details, and read the mailing list archives; there are hundreds of messages discussing the various methods. I favour Bruce Guenter's relay-ctrl. Me too, even over mine. -- -russ nelson [EMAIL PROTECTED] http://russnelson.com Crynwr sells support for free software | PGPok | Microsoft rivets everything. 521 Pleasant Valley Rd. | +1 315 268 1925 voice | Linux has some loose screws. Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | You own a screwdriver.
Re: Dynamic allow of relay
As much as this is mostly a FAQ, I would appreciate suggestions for my particular situation. My need is to support mobile employees who's laptops are sometimes connected to the internal LAN and sometimes dial up to an ISP. The possibilities I've looked at so far consist of: 1) use relay-ctrl or something similar, but since we're 100% IMAP, and use Cyrus instead of Courier, I'm not aware of a solution that works. 2) Have all mobile employees establish a VPN to a DMZ whose block of IPs is allowed to relay. This is probably the final and best solution, but I can't implement it yet due to infrastructure reasons, and complications involving different OSes including MacOS. 3) Apply the SMTP-AUTH patch. (leading contender for temporary solution). Any comments or suggestions. Anything I'm overlooking? -Tupshin - Original Message - From: Russell Nelson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, May 31, 2001 11:23 AM Subject: Re: Dynamic allow of relay Charles Cazabon writes: Mark Douglas [EMAIL PROTECTED] wrote: Is there a way to setup qmail such that it will dynamically allow relay hosts based on their previous login to the qmail-pop3d? Yes, and there's several implementations available. See qmail.org for details, and read the mailing list archives; there are hundreds of messages discussing the various methods. I favour Bruce Guenter's relay-ctrl. Me too, even over mine. -- -russ nelson [EMAIL PROTECTED] http://russnelson.com Crynwr sells support for free software | PGPok | Microsoft rivets everything. 521 Pleasant Valley Rd. | +1 315 268 1925 voice | Linux has some loose screws. Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | You own a screwdriver.
Re: Dynamic allow of relay
Tupshin Harper [EMAIL PROTECTED] wrote: As much as this is mostly a FAQ, I would appreciate suggestions for my particular situation. My need is to support mobile employees who's laptops are sometimes connected to the internal LAN and sometimes dial up to an ISP. The possibilities I've looked at so far consist of: 1) use relay-ctrl or something similar, but since we're 100% IMAP, and use Cyrus instead of Courier, I'm not aware of a solution that works. Bruce Guenter's relay-ctrl works as both an SMTP-after-POP3 solution (with qmail-smtpd) and an SMTP-after-IMAP solution (with Courier IMAP). You're covered. Anything I'm overlooking? Just that relay-ctrl already works with Courier IMAP. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: Dynamic allow of relay
Charles Cazabon [EMAIL PROTECTED] wrote: 1) use relay-ctrl or something similar, but since we're 100% IMAP, and use Cyrus instead of Courier, I'm not aware of a solution that works. Obviously I misread the Cyrus instead of ... part. Is there anything preventing you from switching from Cyrus to Courier? I'm not very familiar with Cyrus' IMAP server, so I don't know how easy it would be to plug relay-ctrl in. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: Dynamic allow of relay
I think you misread what I wrote...we're using cyrus, not courier ;-( -Tupshin - Original Message - From: Charles Cazabon [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, May 31, 2001 12:58 PM Subject: Re: Dynamic allow of relay Tupshin Harper [EMAIL PROTECTED] wrote: As much as this is mostly a FAQ, I would appreciate suggestions for my particular situation. My need is to support mobile employees who's laptops are sometimes connected to the internal LAN and sometimes dial up to an ISP. The possibilities I've looked at so far consist of: 1) use relay-ctrl or something similar, but since we're 100% IMAP, and use Cyrus instead of Courier, I'm not aware of a solution that works. Bruce Guenter's relay-ctrl works as both an SMTP-after-POP3 solution (with qmail-smtpd) and an SMTP-after-IMAP solution (with Courier IMAP). You're covered. Anything I'm overlooking? Just that relay-ctrl already works with Courier IMAP. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: Dynamic allow of relay
I think you misread what I wrote...we're using cyrus, not courier ;-( I rolled my own smtp after pop/imap setup. It's really easy. There's a 94 line daemon written in perl (running under supervise, of course) that makes a named pipe and then reads lines from it in the form IP 22.33.44.55 that tell it when someone's logged in, and updates the cdb file that the smtp tcpserver uses to control relay. I use courier and rather than try to stuff a shim into the authentication, I just hacked the code into courier's pop and imap login routines, adding three lines to each to open the named pipe, write out the IP that just logged in, and close the pipe. I haven't looked at the code, but it's unlikely that it'd be difficult to make a similar change to Cyrus. If you want the daemon, you're welcome to it. It also handles a file of fixed relay addresses for hosts on the local network and ages relays out after about an hour. -- John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 387 6869 [EMAIL PROTECTED], Village Trustee and Sewer Commissioner, http://iecc.com/johnl, Member, Provisional board, Coalition Against Unsolicited Commercial E-mail
checkpassword v2 for SMTP relay success story
Hello qmailers, I thought I should post this one the list if anyone is trying to use NT authentication to selectively allow relaying in qmail, and has had trouble. I can say I did! After giving up on the checkpassword based on squid's MSNTAuth (an old version) I moved on to checkpassword + PAM patch (applied to checkpassword 0.90) that worked - but I had too much trouble with Windbind from Samba-tng project to make it work. When a helpful someone on my local linux mailing list pointed out that the problem wasn't with PAM - it was with checkpassword - the problem was found. Checkpassword uses a getpwnam() call that has the same effect as pam_smb_auth without the nolocal option. I do not want to have accounts for all my NT users on the qmail server. I puzzled for days why checkpassword+pam wasn't doing auths unless there was a local account on the machine (except for accounts with \ in them like winbind uses). Checkpassword that uses Msntauth available for download from the qmail page gave me some grief - so I took a diff from it against the MSNTAuth it was based on and applied it to the latest version of MsNTauth that comes with squid. I then had to comment out the parts of smbauth.c (checkpassword.c in normal checkpassword) that runs the doit function and sets up the environment (PWD HOME USER and so on). Note one should only do this if they are using checkpassword for mail relaying. Not setting up the environment would break qmail-pop3d I think. I hope this helps someone who searches the archives. Someone should upgrade the version of checkpassword on the qmail page to be based on the latest msntauth source and add a define to to use the getpwnam() function or set up the environment that depends on this function. I'll put my hand up to do this if nobody else will. Best Regards, Luke McKee Original Message X-Mozilla-Status: 0001 X-Mozilla-Status2: BCC: Steve Cavey [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Date: Mon, 28 May 2001 18:15:17 +1000 From: Luke McKee [EMAIL PROTECTED] Organization: Webpay X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.4 i686) X-Accept-Language: en MIME-Version: 1.0 To: Del [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: [SLUG] Fwd: pam_smb question References: 20010528131624.A6663@willow [EMAIL PROTECTED] [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Del, Thanks heaps for your help! The problem wasn't with PAM all this time, it was the fact there was getpwnam() in the program I was using. If getpwnam() didn't work then it would exit. I got shitted with winbind is not working at all now that I broke it futher by removing the NT workstation account before adding it again in troubleshooting so I went back to where I was before I tried to use PAM. I removed getpwnam from the checkpassword replacement that is based on msntauth from squid. It didn't work so I did a extracted a patch from it against the version of msntauth it was based on. Using the patchfile I created I patched version 2.0 of msntauth that came with the latest squid. The after commenting out the subroutine that used getpwnam the bitch finally worked. YAY :-) I'll revisit samba-tng/winbindd in the future when my level of patience and frustration is restored :-) Luke McKee
relay problem
Hi I'm using qmail with tcpserver and have some problems with relay. I set all needed sets of relay in tcp.smtp and qmtp.tcp With masquerade ips it works fine - no problem but i want to relay other class of ip 195.205.148. I wrote to files (tcp.smtp and so on) and tcpserver is accepting connections and meesages but qmail doesn't send them to the world. All those messages stay in mess folder. What's wrong ? Regards Rad-T
Re: Relay-ctrl compiles wrong with RH 7.0?
Not sure if this help you but from my experience with relay-ctrl: 1. create the /var/spool/relay-ctrl directory yourself .. (afair the relay-ctrl-age don't have the code to create this) 2. check in the relay-ctrl-age.c file and modify the folowing lines for your system then try to compile and install again. --- BEGIN CUT --- const char* rulesdir = /etc/tcpcontrol;-- probably this line is /etc for you :) const char* smtprules = smtp.rules;-- this is the line you should check and change acordingly with your tcp.smtp file name const char* smtpcdb = smtp.cdb;-- this is the line you should check and change acordingly with your tcp.smtp.cdb file name const char* tcprules = /usr/bin/tcprules;-- as i understood you allready create a symlink for that !? const char* spooldir = /var/spool/relay-ctrl;-- create this directory yourself --- END CUT --- 3. on my machine (Slack 7.1) the relay-ctrl-age have a minor bug in memory allocation and don't allow file names more than 11 chars .. so you must write the smtp cdb file in something like this tcpsmtp.cdb instead of tcp.smtp.cdb ... don't know if this gone work on a rh machine .. but you should check to see if the cdb file is properly created ... (try this creating an file with the name 192.168.100.1 in your /var/spool/relay-ctrl and then run relay-ctrl-age from the prompt and see what tcp.smt.cdb file contain) 4. be sure that at the end of the tcp.smtp file are a CR (cariage return) because the relay-ctrl-age append the remote pop3 addres at the end of this file and if there are no CR after the last line then will concatenate the last line with the remote pop3 address and tcprules will return an error ... Sorry .. don't know anything about rpm ... i'm on slack so I don't use this :)) Best regards, George Pogorelschi Quadrant Interactive http://www.qi.ro/ Tel: +40-1 323 06 99 Mobile: +40-09 55 10 17 ___ Message: 1 Date: Thu, 24 May 2001 15:09:25 +0200 From: Webservice [EMAIL PROTECTED] Subject: Re: Relay-ctrl compiles wrong with RH 7.0? From: Santosh Pasi [EMAIL PROTECTED] 1. Did you install relay-ctrl as root and after using make; did you follow make install-root. Yes 2. Add entry in crontab using crontab -e as given in relay-control doc Yes, it works fine, I see that coming up each time 3. Make this link ln -s /usr/local/bin/tcprules /usr/bin/tcprules Did that. -- no effect 4. Check your smtp-script(for -x /etc/tcpcontrol/smtp.cdb), as make necessary control database file. This works, /etc/tcp.smtp.cdb is based on /etc/tcp.smtpd I've been trying for 2 days now to install relay-ctrl-2.5. Everyting goes well (I see no errors in compiling), but the dir's are normally not created (once I saw a /var/spool/relay-ctrl, but don't know forsure), all the other times I created the dirs myself. When compiling I never got an error, I tried in /usr and /usr/local. This is how I start my tcpserver: /usr/local/bin/tcpserver -R 0 pop3 /var/qmail/bin/qmail-popup \ ns4.pi-group.net /bin/checkpoppasswd /usr/sbin/relay-ctrl-allow \ /var/qmail/bin/qmail-pop3d Maildir I can loggin at all times, but this 'easy' program doesn't seem to work. /var/spool/relay-ctrl stays empty
Re: relay problem
Radoslaw Tomczyszyn [EMAIL PROTECTED] wrote: I'm using qmail with tcpserver and have some problems with relay. I set all needed sets of relay in tcp.smtp and qmtp.tcp With masquerade ips it works fine - no problem but i want to relay other class of ip 195.205.148. I wrote to files (tcp.smtp and so on) and tcpserver is accepting connections and meesages but qmail doesn't send them to the world. All those messages stay in mess folder. What's wrong ? You've misconfigured something. If my response is unhelpful, it's because you've supplied insufficient information. Show us the contents of your config files and relevant log entries, at a minimum. -Dave
SV: relay problem
SoHOW THE F.. DO I UNSUBSCRIBE, from this...amazing mail-list ? PLEASE SOMEONE HELP ! -Pa°L -Opprinnelig melding- Fra: Dave Sill [mailto:[EMAIL PROTECTED]] Sendt: 25. mai 2001 15:08 Til: [EMAIL PROTECTED] Emne: Re: relay problem Radoslaw Tomczyszyn [EMAIL PROTECTED] wrote: I'm using qmail with tcpserver and have some problems with relay. I set all needed sets of relay in tcp.smtp and qmtp.tcp With masquerade ips it works fine - no problem but i want to relay other class of ip 195.205.148. I wrote to files (tcp.smtp and so on) and tcpserver is accepting connections and meesages but qmail doesn't send them to the world. All those messages stay in mess folder. What's wrong ? You've misconfigured something. If my response is unhelpful, it's because you've supplied insufficient information. Show us the contents of your config files and relevant log entries, at a minimum. -Dave
Re: Relay-ctrl compiles wrong with RH 7.0?
Not sure if this help you but from my experience with relay-ctrl: 1. create the /var/spool/relay-ctrl directory yourself .. (afair the relay-ctrl-age don't have the code to create this) I've done that, what owner/perms must it have? (its now 777 root-root) Perhaps this is the basic problem? 2. check in the relay-ctrl-age.c file and modify the folowing lines for your system then try to compile and install again. relay-ctrl-age works (the cdb-file get's updated). Only /var/spool/relay-ctrl stays empty. Does any-one know how to check relay-ctrl-allow works? Running from the prompt doesn't work. Best Regards, Pascal
Re: SV: relay problem
P=E5l Fr. Johansen [EMAIL PROTECTED] wrote: SoHOW THE F.. DO I UNSUBSCRIBE, from this...amazing mail-list =3F PLEASE SOMEONE HELP ! Every message sent to the list contains the field: Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm -Dave
Re: SV: relay problem
On Fri, 25 May 2001, Pål Fr. Johansen wrote: Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm ^^ ^^ ^^ ^^ SoHOW THE F.. DO I UNSUBSCRIBE, from this...amazing mail-list ? By using the info the list gave you when you subscribed. If you've for some reason has thrown it away away you might get it once more. The contact address is written in every message on this list, see above. Doesn't your MUA show you this info? By the way, RFC 2822 section 3.6.5 says that you may put Re: in front of the Subject when you're answering. Why do you put SV: there? SV is an abbreviation of a Norwegian word, most subscribers of this list are not familiar with the Norwegian language. Ask your MUA vendor to fix this. Mads
Re: Relay-ctrl compiles wrong with RH 7.0?
Webservice [EMAIL PROTECTED] wrote: Not sure if this help you but from my experience with relay-ctrl: 1. create the /var/spool/relay-ctrl directory yourself .. (afair the relay-ctrl-age don't have the code to create this) I've done that, what owner/perms must it have? (its now 777 root-root) Perhaps this is the basic problem? That should be fine, if you're running relay-ctrl-age as root. relay-ctrl-age works (the cdb-file get's updated). Only /var/spool/relay-ctrl stays empty. Does any-one know how to check relay-ctrl-allow works? It takes the IP address of a client which has just successfully authenticated with POP3 from an environment variable set by tcpserver. It records it in the spool directory. It rebuilds the tcprules file from the snippets you supply plus the IP addresses it records, and then calls tcprules on it to generate the appropriate .cdb file. relay-ctrl-age removes IP addresses from the spool directory after a configurable time limit. Of course, if I've got the fine detail incorrect, Bruce will correct me :). Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: Relay-ctrl compiles wrong with RH 7.0?
--- In [EMAIL PROTECTED], Webservice [EMAIL PROTECTED] wrote: Not sure if this help you but from my experience with relay-ctrl: 1. create the /var/spool/relay-ctrl directory yourself .. (afair the relay-ctrl-age don't have the code to create this) I've done that, what owner/perms must it have? (its now 777 root-root) Perhaps this is the basic problem? from here that's seems to be ok ! :) 2. check in the relay-ctrl-age.c file and modify the folowing lines for your system then try to compile and install again. relay-ctrl-age works (the cdb-file get's updated). Only /var/spool/relay-ctrl stays empty. hmmm .. sure is empty .. :) because the file are writen here only when a pop3 login is succesfull and after 15 minutes (dependens on your cron settings) relay-ctrl-age delete that file ... Does any-one know how to check relay-ctrl-allow works? Running from the prompt doesn't work. that's ok .. because it use a tcpserver enviroment .. hmmm see bellow (from the README file): -- BEGIN CUT -- - relay-ctrl-age records IPs in /var/spool/relay-ctrl, checks all previously recorded addresses, and removes any that have not been updated for at least 15 minutes. It then lists all of the addresses through a pipe to tcprules to build the control database for the smtp server. - relay-ctrl-allow checks the environment for the remote IP from which the connection is originating. It runs relay-ctrl-age to ensure that it is recorded in the control tables. -- END CUT -- If you want to test your configuration try first to connect to the pop3 server and after a succesfull login try to see if the ip address is written in the /var/spool/ctrl-realy ... Actually I use checkpassword instead of checkpoppasword .. and works fine for me .. maybe it's something that you have to look at .. Best regards, George Pogorelschi Quadrant Interactive http://www.qi.ro/ Tel: +40-1 323 06 99 Mobile: +40-09 55 10 17
Re: Re: Relay-ctrl compiles wrong with RH 7.0?
Hi, check the time stamp of controb db files, it may give you some idea. Use pop and smtp and immediately check the timestamp of /var/spool/relay-ctrl --- should be current time /etc/tcp.smtp.cdb --- should be current time else Make control database file /etc/tcp.smtp.cdb, use following command # tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp /etc/tcp.smtp try settings as given below Good luck Santosh Pasi ---Original Message-- Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm Precedence: bulk From: Webservice [EMAIL PROTECTED] To: [EMAIL PROTECTED] References: [EMAIL PROTECTED] Subject: Re: Relay-ctrl compiles wrong with RH 7.0? Date: Thu, 24 May 2001 15:09:25 +0200 Content-Transfer-Encoding: 7bit From: Santosh Pasi [EMAIL PROTECTED] 1. Did you install relay-ctrl as root and after using make; did you follow make install-root. Yes 2. Add entry in crontab using crontab -e as given in relay-control doc Yes, it works fine, I see that coming up each time 3. Make this link ln -s /usr/local/bin/tcprules /usr/bin/tcprules Did that. -- no effect 4. Check your smtp-script(for -x /etc/tcpcontrol/smtp.cdb), as make necessary control database file. This works, /etc/tcp.smtp.cdb is based on /etc/tcp.smtpd I've been trying for 2 days now to install relay-ctrl-2.5. Everyting goes well (I see no errors in compiling), but the dir's are normally not created (once I saw a /var/spool/relay-ctrl, but don't know forsure), all the other times I created the dirs myself. When compiling I never got an error, I tried in /usr and /usr/local. This is how I start my tcpserver: /usr/local/bin/tcpserver -R 0 pop3 /var/qmail/bin/qmail-popup \ ns4.pi-group.net /bin/checkpoppasswd /usr/sbin/relay-ctrl-allow \ /var/qmail/bin/qmail-pop3d Maildir I can loggin at all times, but this 'easy' program doesn't seem to work. /var/spool/relay-ctrl stays empty
Re: Re: Relay-ctrl compiles wrong with RH 7.0?
Hi, check the time stamp of controb db files, it may give you some idea. Use pop and smtp and immediately check the timestamp of /var/spool/relay-ctrl --- should be current time No, it's the time when I touched a file into it (4 hours ago, and the file is still there) #ls -all /var/spool/relay-ctrl total 8 drwxr-xr-x2 root root 4096 May 25 14:53 . drwxr-xr-x 10 root root 4096 May 23 18:38 .. -rw-rw-r--1 root root0 May 25 14:53 192.168.100.1 /etc/tcp.smtp.cdb --- should be current time Yes, that's OK It looks like relay-ctrl-allow cannot find the spool dir. Strange that the cdb file get's updated but the file 192.168.100.1 is not deleted. Best Regards, Pascal
Re: Relay-ctrl compiles wrong with RH 7.0?
From: Santosh Pasi [EMAIL PROTECTED] 1. Did you install relay-ctrl as root and after using make; did you follow make install-root. Yes 2. Add entry in crontab using crontab -e as given in relay-control doc Yes, it works fine, I see that coming up each time 3. Make this link ln -s /usr/local/bin/tcprules /usr/bin/tcprules Did that. -- no effect 4. Check your smtp-script(for -x /etc/tcpcontrol/smtp.cdb), as make necessary control database file. This works, /etc/tcp.smtp.cdb is based on /etc/tcp.smtpd I've been trying for 2 days now to install relay-ctrl-2.5. Everyting goes well (I see no errors in compiling), but the dir's are normally not created (once I saw a /var/spool/relay-ctrl, but don't know forsure), all the other times I created the dirs myself. When compiling I never got an error, I tried in /usr and /usr/local. This is how I start my tcpserver: /usr/local/bin/tcpserver -R 0 pop3 /var/qmail/bin/qmail-popup \ ns4.pi-group.net /bin/checkpoppasswd /usr/sbin/relay-ctrl-allow \ /var/qmail/bin/qmail-pop3d Maildir I can loggin at all times, but this 'easy' program doesn't seem to work. /var/spool/relay-ctrl stays empty
Re: Relay-ctrl compiles wrong with RH 7.0?
Hi, 1. Did you install relay-ctrl as root and after using make; did you follow make install-root. 2. Add entry in crontab using crontab -e as given in relay-control doc 3. Make this link ln -s /usr/local/bin/tcprules /usr/bin/tcprules 4. Check your smtp-script(for -x /etc/tcpcontrol/smtp.cdb), as make necessary control database file. Santosh Pasi ---Original Message-- Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm Precedence: bulk From: Webservice [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Relay-ctrl compiles wrong with RH 7.0? Date: Wed, 23 May 2001 16:28:20 +0200 Content-Transfer-Encoding: 7bit I've been trying for 2 days now to install relay-ctrl-2.5. Everyting goes well (I see no errors in compiling), but the dir's are normally not created (once I saw a /var/spool/relay-ctrl, but don't know forsure), all the other times I created the dirs myself. When compiling I never got an error, I tried in /usr and /usr/local. This is how I start my tcpserver: /usr/local/bin/tcpserver -R 0 pop3 /var/qmail/bin/qmail-popup \ ns4.pi-group.net /bin/checkpoppasswd /usr/sbin/relay-ctrl-allow \ /var/qmail/bin/qmail-pop3d Maildir I can loggin at all times, but this 'easy' program doesn't seem to work. /var/spool/relay-ctrl stays empty maybe I think I've read something that RH 7.0 is using a strangegcc-compiler, but I don't know for sure. I'm a rookie when it comes to compiling. O yeah, I tried the RPM: -- error: relay-ctrl-2.5-1.i386.rpm cannot be installed Hope someone can help, cause it's not funny anymore after 2 days. Best Regards, Pascal
Relay-ctrl compiles wrong with RH 7.0?
I've been trying for 2 days now to install relay-ctrl-2.5. Everyting goes well (I see no errors in compiling), but the dir's are normally not created (once I saw a /var/spool/relay-ctrl, but don't know for sure), all the other times I created the dirs myself. When compiling I never got an error, I tried in /usr and /usr/local. This is how I start my tcpserver: /usr/local/bin/tcpserver -R 0 pop3 /var/qmail/bin/qmail-popup \ ns4.pi-group.net /bin/checkpoppasswd /usr/sbin/relay-ctrl-allow \ /var/qmail/bin/qmail-pop3d Maildir I can loggin at all times, but this 'easy' program doesn't seem to work. /var/spool/relay-ctrl stays empty maybe I think I've read something that RH 7.0 is using a strange gcc-compiler, but I don't know for sure. I'm a rookie when it comes to compiling. O yeah, I tried the RPM: -- error: relay-ctrl-2.5-1.i386.rpm cannot be installed Hope someone can help, cause it's not funny anymore after 2 days. Best Regards, Pascal
Re: Relay-ctrl compiles wrong with RH 7.0?
Webservice [EMAIL PROTECTED] wrote: I've been trying for 2 days now to install relay-ctrl-2.5. You may want to ask this question on the author's bgware mailing list if you don't get an answer here -- this isn't strictly a qmail issue. Everyting goes well (I see no errors in compiling), but the dir's are normally not created (once I saw a /var/spool/relay-ctrl, but don't know for sure), all the other times I created the dirs myself. How did you compile? make? Did you do make install? Did you do it as root? Why did you think it would work if part of the installation failed? This is how I start my tcpserver: /usr/local/bin/tcpserver -R 0 pop3 /var/qmail/bin/qmail-popup \ ns4.pi-group.net /bin/checkpoppasswd /usr/sbin/relay-ctrl-allow \ /var/qmail/bin/qmail-pop3d Maildir What is checkpoppasswd? Normally, relay-ctrl is used with either a vanilla checkpassword or with vmailmgr's replacement (checkvpw). Perhaps it does not implement the full checkpassword interface? relay-ctrl relies on this interface to work. I can loggin at all times, but this 'easy' program doesn't seem to work. /var/spool/relay-ctrl stays empty maybe I think I've read something that RH 7.0 is using a strange gcc-compiler, but I don't know for sure. I'm a rookie when it comes to compiling. If it was a compiler issue, you'd have seen error messages during the build, and it almost certainly would have hit a fatal error at that point. O yeah, I tried the RPM: -- error: relay-ctrl-2.5-1.i386.rpm cannot be installed Why? RPM gives better error messages than that. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: Relay-ctrl compiles wrong with RH 7.0?
I've been trying for 2 days now to install relay-ctrl-2.5. You may want to ask this question on the author's bgware mailing list if you don't get an answer here -- this isn't strictly a qmail issue. I've already did that (no response, the list looks empty) Everyting goes well (I see no errors in compiling), but the dir's are normally not created (once I saw a /var/spool/relay-ctrl, but don't know for sure), all the other times I created the dirs myself. How did you compile? make? Did you do make install? Did you do it as root? Why did you think it would work if part of the installation failed? Everytime as root, make followed by make install, also tried make root-install This is how I start my tcpserver: /usr/local/bin/tcpserver -R 0 pop3 /var/qmail/bin/qmail-popup \ ns4.pi-group.net /bin/checkpoppasswd /usr/sbin/relay-ctrl-allow \ /var/qmail/bin/qmail-pop3d Maildir What is checkpoppasswd? Normally, relay-ctrl is used with either a vanilla checkpassword or with vmailmgr's replacement (checkvpw). Perhaps it does not implement the full checkpassword interface? relay-ctrl relies on this interface to work. checkpoppasswd is a patch from Philip Jacob to put the user in a different file insteadof /etc/passwd http://www.whirlycott.com/phil/pop3.html I've seen users in the lists that actualy use both. O yeah, I tried the RPM: -- error: relay-ctrl-2.5-1.i386.rpm cannot be installed Why? RPM gives better error messages than that. # rpm -i -vv relay*rpm D: counting packages to install D: found 1 packages D: looking for packages to download D: retrieved 0 packages D: New Header signature D: Signature size: 149 D: Signature pad : 3 D: sigsize : 152 D: Header + Archive: 18342 D: expected size : 18431 error: relay-ctrl-2.5-1.i386.rpm cannot be installed D: found 0 source and 0 binary packages
Re: Relay-ctrl compiles wrong with RH 7.0?
Webservice [EMAIL PROTECTED] wrote: I've been trying for 2 days now to install relay-ctrl-2.5. You may want to ask this question on the author's bgware mailing list if you don't get an answer here -- this isn't strictly a qmail issue. I've already did that (no response, the list looks empty) I'm on that list and I never saw your message. I just checked the list archives for May, and you're not in it. The list is certainly not empty, either -- bgware gets a couple of dozen messages a month. This is how I start my tcpserver: /usr/local/bin/tcpserver -R 0 pop3 /var/qmail/bin/qmail-popup \ ns4.pi-group.net /bin/checkpoppasswd /usr/sbin/relay-ctrl-allow \ /var/qmail/bin/qmail-pop3d Maildir What is checkpoppasswd? Normally, relay-ctrl is used with either a vanilla checkpassword or with vmailmgr's replacement (checkvpw). Perhaps it does not implement the full checkpassword interface? relay-ctrl relies on this interface to work. checkpoppasswd is a patch from Philip Jacob to put the user in a different file insteadof /etc/passwd http://www.whirlycott.com/phil/pop3.html I've seen users in the lists that actualy use both. Okay, fair enough. But is it actually working? O yeah, I tried the RPM: -- error: relay-ctrl-2.5-1.i386.rpm cannot be installed Why? RPM gives better error messages than that. # rpm -i -vv relay*rpm D: counting packages to install D: found 1 packages D: looking for packages to download D: retrieved 0 packages D: New Header signature D: Signature size: 149 D: Signature pad : 3 D: sigsize : 152 D: Header + Archive: 18342 D: expected size : 18431 error: relay-ctrl-2.5-1.i386.rpm cannot be installed D: found 0 source and 0 binary packages You have a corrupt RPM, or a version of RPM which cannot verify the signature on the RPM. Which part of expected size != size is unclear? Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
how control smtp relay
Hello, i've many User the works with dhcp, so i can't set the ip or ip range in /etc/tcp.smtp file. How can i control this user, i want that only this users work with the smtp server. In the moment can anybody send (relaying). Can i filter, that the recipient or the sender must have definite domain address? (for example to: [EMAIL PROTECTED] or from: [EMAIL PROTECTED]) Thanks for the help best regards Gustav -- Machen Sie Ihr Hobby zu Geld bei unserem Partner 11! http://profiseller.de/info/index.php3?ac=OM.PS.PS003K00596T0409a -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net
RE: how control smtp relay
i've many User the works with dhcp, so i can't set the ip or ip range in /etc/tcp.smtp file. How can i control this user, i want that only this users work with the smtp server. In the moment can anybody send (relaying). Can i filter, that the recipient or the sender must have definite domain address? (for example to: [EMAIL PROTECTED] or from: [EMAIL PROTECTED] 'To' and 'From' fields can be forged. Try using relay-control. On the www.qmail.org, search keyword 'relay-control'. best regards, Dai yuwen __ === ÐÂÀËÃâ·Ñµç×ÓÓÊÏä (http://mail.sina.com.cn) Ñ°ÕÒÐÂÏÊ, Ó®¿ÆÁú±ùÏä! (http://ad.doubleclick.net/clk;2847753;5579344;y?http://gd.sina.com.cn/ad/kelon) ʹÓÃÊÖ»ú¶ÌÐÅ¡°ÓʼþÌáÐÑ¡±¹¦ÄÜ£¬ËæʱÁ˽âµÄÊÕÐÂÐÅÇé¿ö£¡ (http://sms.sina.com.cn/docs/sina_mailalert.html)
Re: unauthorized relay :-(
On Thu, May 17, 2001 at 08:47:46PM -0400, Todd Finney wrote: At 08:55 PM 5/17/01, Roger Walker wrote: :allow Doesn't that last allow line cause an open relay? NO! The last :allow is needed for other Mailservers delivering mail to your domains listed in rcpthosts. Unless RELAYCLIENT is set qmail does not relay to foreign domains. -- * Henning Brauer, [EMAIL PROTECTED], http://www.bsws.de * * Roedingsmarkt 14, 20459 Hamburg, Germany * Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: unauthorized relay :-(
At 04:47 AM 5/18/01, Henning Brauer wrote: On Thu, May 17, 2001 at 08:47:46PM -0400, Todd Finney wrote: At 08:55 PM 5/17/01, Roger Walker wrote: :allow Doesn't that last allow line cause an open relay? NO! The last :allow is needed for other Mailservers delivering mail to your domains listed in rcpthosts. Unless RELAYCLIENT is set qmail does not relay to foreign domains. No need to shout there, Henning. Please note the question mark at the end of my sentence; I wasn't sure. If you must use caps, please save them for the idiots that can't figure out how to unsubscribe. cheers, Todd
Re: unauthorized relay :-(
On Fri, May 18, 2001 at 06:53:30AM -0400, Todd Finney wrote: At 04:47 AM 5/18/01, Henning Brauer wrote: On Thu, May 17, 2001 at 08:47:46PM -0400, Todd Finney wrote: At 08:55 PM 5/17/01, Roger Walker wrote: :allow Doesn't that last allow line cause an open relay? NO! The last :allow is needed for other Mailservers delivering mail to your domains listed in rcpthosts. Unless RELAYCLIENT is set qmail does not relay to foreign domains. No need to shout there, Henning. No offense intended, Todd. Just meant as clarification. -- * Henning Brauer, [EMAIL PROTECTED], http://www.bsws.de * * Roedingsmarkt 14, 20459 Hamburg, Germany * Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: unauthorized relay :-(
On 18 May 2001, Mark Delany wrote: So you are saying that you've checked the qmail-send logs and there is no injection that matches the headers of the bounce? Are you sure? If you found a match, then the uid trail will tell you who did it. The log portion I supplied is indicative of all of the stuff related to the aol mail. The PID associated with those messages was not there when I became aware of what was happening, so I can't definitively trace it. Well, if you showed us the headers and corresponding log entries from qmail-send and tcpserver, we wouldn't have to speculate would we now? Surely as a person who administer[s] mail servers for a major ISP you realise the value that concrete data has in reducing speculation. All of the logs for qmail I have go to a single file. I do not have headers, or I would probably have been able to definitely say that this was a relay (or generated directly from my system by a cracker). -- Roger Walker http://www.rat-hole.com Voice/Fax 1-780-440-2685 http://www.man-from-linux.com HIS Pain; YOUR Gainhttp://www.rope.net http://www.rope.net/signature.html
Re: unauthorized relay :-(
On 18 May 2001, John R. Levine wrote: Any chance it's coming from formmail.pl or a similar insecure CGI? That seems a lot more likely than spam sneaking in via SMTP. Actually, that thought just occured to me this morning. I was talking with the other person who has access to the system and he mentioned that the only anonymous address he ever saw was from a formmail script. I have an altered one that allows those I've blocked to contact me (i.e. relays, spammers, scanners) when their email won't otherwise get through. Since the form creates email on the system, qmail would not block the outbound relay. Unfortunately, I might not be able to get to this until next week. Fortunately, it seems to have been a one time occurance. However, I now have something to go on that sounds reasonable, and it's a good idea for others to check their setups, too. Thanks. -- Roger Walker http://www.rat-hole.com Voice/Fax 1-780-440-2685 http://www.man-from-linux.com HIS Pain; YOUR Gainhttp://www.rope.net http://www.rope.net/signature.html
Re: unauthorized relay :-(
On Fri, May 18, 2001 at 06:55:59AM -0600, Roger Walker wrote: On 18 May 2001, Mark Delany wrote: So you are saying that you've checked the qmail-send logs and there is no injection that matches the headers of the bounce? Are you sure? If you found a match, then the uid trail will tell you who did it. The log portion I supplied is indicative of all of the stuff related to the aol mail. The PID associated with those messages was not there when I became aware of what was happening, so I can't definitively trace it. UID != PID And, er, qmail-send (with UID) and (tcpserver with PID) unconditionally log their UID and PID, so what exactly do you mean by was not there? But, AOL doesn't help matters as their bounces don't return any original header information, blah. Regards.
Unauthorized relay :-( == formmail
This would seem to be the conclusive evidence that the formmail was the back door to allow the relay, although I'm not immediately sure how it was done - check the bottom of the message... The IP is for mail-in.namezero.com, which also happens to be the MX for spammah.com. I don't know that this information is meaningful or not, at the moment. In any case, I hope to try some things and see if I can get it to relay. I'll let the list know what I find. I'll probably replace it anyway, with a custom perl cgi that will only deliver to a specific address, period. -- Roger Walker http://www.rat-hole.com Voice/Fax 1-780-440-2685 http://www.man-from-linux.com HIS Pain; YOUR Gainhttp://www.rope.net http://www.rope.net/signature.html -- Forwarded message -- Date: 18 May 2001 02:07:12 - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: failure notice Hi. This is the qmail-send program at nylon.rope.net. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. [EMAIL PROTECTED]: 216.34.13.240 does not like recipient. Remote host said: 550 Mail for [EMAIL PROTECTED] not accepted at bronze Giving up on 216.34.13.240. --- Below this line is a copy of the message. Return-Path: [EMAIL PROTECTED] Received: (qmail 731 invoked by uid 48); 18 May 2001 02:07:07 - Date: 18 May 2001 02:07:07 - Message-ID: [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] From: [EMAIL PROTECTED] () Subject: AOL Billing Error Below is the result of your feedback form. It was submitted by ([EMAIL PROTECTED]) on Thursday, May 17, 2001 at 20:07:07 --- : a href=aol://2000:http://www.envy.nu/aolbilling50/;AOL Billing Center/a ---
Re: unauthorized relay :-(
On 18 May 2001, Mark Delany wrote: The log portion I supplied is indicative of all of the stuff related to the aol mail. The PID associated with those messages was not there when I became aware of what was happening, so I can't definitively trace it. UID != PID Sorry, I was distracted. The UID was for apache, further evidence that this was done through a formmail script. And, er, qmail-send (with UID) and (tcpserver with PID) unconditionally log their UID and PID, so what exactly do you mean by was not there? I do not seem to have any tcpserver logs, except for my RBL setup. Here's the tcpserver invocation: tcpserver -p -x /etc/tcpserver/tcp.smtp.cdb -u 301 -g 300 0 smtp \ /usr/local/bin/rblsmtpd \ -rrbl.maps.vix.com \ -rinputs.orbs.org \ -routputs.orbs.org \ -rspamsources.orbs.org \ -rspamsource-netblocks.orbs.org \ -runtestable-netblocks.orbs.org \ -rmanual.orbs.org \ -rdialups.mail-abuse.org \ -rrbl.rope.net \ /var/qmail/bin/qmail-smtpd 21 \ | setuidgid qmaill tai64n | setuidgid qmaill tai64nlocal \ | setuidgid qmaill multilog +\* /var/log/rbl But, AOL doesn't help matters as their bounces don't return any original header information, blah. So I've noticed... -- Roger Walker http://www.rat-hole.com Voice/Fax 1-780-440-2685 http://www.man-from-linux.com HIS Pain; YOUR Gainhttp://www.rope.net http://www.rope.net/signature.html
Re: unauthorized relay :-(
On Fri, May 18, 2001 at 08:37:37AM -0600, Roger Walker wrote: UID != PID Sorry, I was distracted. The UID was for apache, further evidence that this was done through a formmail script. Ok... And what did your apache logs say at the time? They are logging IP addresses, right? Here's the tcpserver invocation: tcpserver -p -x /etc/tcpserver/tcp.smtp.cdb -u 301 -g 300 0 smtp \ /usr/local/bin/rblsmtpd \ -rrbl.maps.vix.com \ -rinputs.orbs.org \ -routputs.orbs.org \ -rspamsources.orbs.org \ -rspamsource-netblocks.orbs.org \ -runtestable-netblocks.orbs.org \ -rmanual.orbs.org \ -rdialups.mail-abuse.org \ -rrbl.rope.net \ /var/qmail/bin/qmail-smtpd 21 \ | setuidgid qmaill tai64n | setuidgid qmaill tai64nlocal \ | setuidgid qmaill multilog +\* /var/log/rbl Superficially that looks ok, again kinda different from what one usually sees. So there are not entries in /var/log/rbl/current like: @40003b053761268c7a14 tcpserver: pid 16838 from 131.193.178.181? Regards.