[qmailtoaster] Qmailtoaster on 64bit OS
Hi there! We are presently using Qmailtoaster on RedHat Linux 9.0 professional. We have recently purchased two servers – One Intel Itanium based and the other Intel Xeon EM64T based. We have also purchased RedHat Linux ES 4.0 Enterprise Server 64 bit and is installed in the servers mentioned above. I would like to use the above servers as mail servers but am not sure whether the present version of Qmailtoaster supports the RHEL 64 bit OS. Can anybody help me out on this please? Thanks, Supriyo
Re: [qmailtoaster] Violation of security policies?
> > I forwarded several messages in a row (11 to be exact) and they started > bouncing. The last 4 came back with undeliverable messages. There were > only two addresses in the email, so I know I didn't violate the maximum > amount there. What could cause this? I have included the return message > from one of the emails below, they are all identical. > > __ > From: System Administrator > Sent: Thursday, December 22, 2005 11:48 AM > To: 'Tray Coffey'; '[EMAIL PROTECTED]' > Subject: Undeliverable: Tourists & the pictures they take. > > Your message did not reach some or all of the intended recipients. > > Subject:FW: Tourists & the pictures they take. > Sent: 12/22/2005 11:47 AM > > The following recipient(s) could not be reached: > > 'Tray Coffey' on 12/22/2005 11:48 AM > 571 sorry, you are violating our security policies (#5.7.1 - > chkuser) > > '[EMAIL PROTECTED]' on 12/22/2005 11:48 AM > 571 sorry, you are violating our security policies (#5.7.1 - > chkuser) > > > Jack D. Martin, Jr. > > Wireless Internet Service Providers LLC > [EMAIL PROTECTED] > P.O. Box 278 > Oilton, OK 74052 > (918) 862-1065 > (918) 605-9552 cellular > Hi Jack, Let me take a look at the code in chkuser to see all the possible situations that give that error. I may not have time to get at it until next week. Regards, Nick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] Season's Greetings
MERRY CHRISTMAS AND HAPPY NEW YEAR TO ALL!
Re: [qmailtoaster] my office want to
> it is strange ??, my vmoduser is like this... > > [EMAIL PROTECTED] root]# /home/vpopmail/bin/vmoduser > vmoduser: usage: [options] email_addr or domain (for each user in domain) > options: -v ( display the vpopmail version number ) > -n ( don't rebuild the vpasswd.cdb file ) > -q quota ( set quota ) > -c comment (set the comment/gecos field ) > -e encrypted_passwd (set the password field ) > -C clear_text_passwd (set the password field ) > the following options are bit flags in the gid int field > -x ( clear all flags ) > -d ( don't allow user to change password ) > -p ( disable POP access ) > -s ( disable SMTP AUTH access ) > -w ( disable webmail [IMAP from localhost*] access ) >( * full list of webmail server IPs in vchkpw.c ) > -i ( disable non-webmail IMAP access ) > -b ( bounce all mail ) > -o ( user is not subject to domain limits ) > *-r ( disable roaming user/pop-before-smtp )* > -a ( grant qmailadmin administrator privileges) > [The following flags aren't used directly by vpopmail, but are] > [included for other programs that share the user database.] > -u ( set no dialup flag ) > -0 ( set V_USER0 flag ) > -1 ( set V_USER1 flag ) > -2 ( set V_USER2 flag ) > -3 ( set V_USER3 flag ) > > is it wrong , or what? > no, I just snip out the output (that´s the meaning of "<...>") - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] Violation of security policies?
Title: Violation of security policies? I forwarded several messages in a row (11 to be exact) and they started bouncing. The last 4 came back with undeliverable messages. There were only two addresses in the email, so I know I didn't violate the maximum amount there. What could cause this? I have included the return message from one of the emails below, they are all identical. __ From: System Administrator Sent: Thursday, December 22, 2005 11:48 AM To: 'Tray Coffey'; '[EMAIL PROTECTED]' Subject: Undeliverable: Tourists & the pictures they take. Your message did not reach some or all of the intended recipients. Subject: FW: Tourists & the pictures they take. Sent: 12/22/2005 11:47 AM The following recipient(s) could not be reached: 'Tray Coffey' on 12/22/2005 11:48 AM 571 sorry, you are violating our security policies (#5.7.1 - chkuser) '[EMAIL PROTECTED]' on 12/22/2005 11:48 AM 571 sorry, you are violating our security policies (#5.7.1 - chkuser) Jack D. Martin, Jr. Wireless Internet Service Providers LLC [EMAIL PROTECTED] P.O. Box 278 Oilton, OK 74052 (918) 862-1065 (918) 605-9552 cellular
RE: [qmailtoaster] Backup MX
Hanks again, Here's my qmailctl stat: [EMAIL PROTECTED] ~]# qmailctl stat imap4: up (pid 1799) 24640 seconds imap4-ssl: up (pid 1824) 24640 seconds pop3: up (pid 1806) 24640 seconds pop3-ssl: up (pid 1797) 24640 seconds send: up (pid 5209) 23679 seconds smtp: up (pid 4921) 23796 seconds spamd: up (pid 1816) 24640 seconds imap4/log: up (pid 1812) 24640 seconds imap4-ssl/log: up (pid 1809) 24640 seconds pop3/log: up (pid 1808) 24640 seconds pop3-ssl/log: up (pid 1798) 24640 seconds send/log: up (pid 1810) 24640 seconds smtp/log: up (pid 1805) 24640 seconds spamd/log: up (pid 1807) 24640 seconds Does this show everything is up? I added the extra stuff to the tcp.smtp file and did the rebuild command and it all went ok but a tail -f on the current log doesn't look much different... Is there a place I can see what services I should have running and if not how I can get them running? Thanks Si <<> > -Original Message- > From: Jake Vickers [mailto:[EMAIL PROTECTED] > Sent: 23 December 2005 14:51 > To: qmailtoaster-list@qmailtoaster.com > Subject: Re: [qmailtoaster] Backup MX > > Simon Jones wrote: > > >Here's the rpm query: > > > >[EMAIL PROTECTED] ~]# rpm -qa | grep toaster > >| sort > > > > > > > Hmm. All the packages seem like they're there, are they all running? > (qmailctl stat). If they are, you may want to change your > tcp.smtp file to read like the example i sent you. Right now > you're not scanning emails for spam/viruses without the > simscan portion. You're also not limiting the recipients by > not having the chkuser options in there. > Obviously you don't HAVE to use them. > > >As for the backup mx: > > > >The problem is that since the backup server will always > accept mail for > >any domains listed in its accepted relay file (so it WILL > relay if the > >primary goes down) I only want it to relay under these > circumstances - > >reason being that the backup can be used as a spam gateway for > >dictionary attacks even if the primary is online, the relay > server does > >not know if [EMAIL PROTECTED] is a valid address, only the primary > >knows this because that is where the account is specified. > > > > > Okay, I understand a little better now. The short answer is > that unless you move to a cluster-type setup there's no easy > way to do this. I've begun looking into modifying the > Toaster package to a "cluster-toaster" > package, but this is a spare-time thing for me so it will be a while. > What I have done on my systems, (1 main MX, 1 or 2 backup > MX's depending on the domain) is this: > Set the queuelifetime of 10800 in the main MX (3 hours), and > backup MX's have a queuelifetime of the 7200 (2 hours). > Backup MX checks to see if Main MX is alive (bash script) > every 45 seconds. If it is, continue as normal. If it's NOT, > then the backup MX's change their queuelifetime to 259200 (3 > days) and reload qmail for the change to take. This makes the > backup MX's hold the emails for 3 days while I get the main > back up and running. > This serves 2 purposes - it keeps my queuelifetimes low in > normal operation, so mail bounces are processed in a timely > manner (letting the users know they misspelled a name or > whatever within 3 hours), and gets the spam that is stuck in > queue out in a timely manner. If the main MX goes down, it > takes action to hold the emails for 3 days which gives me > plenty of time to either get the main server back online (or > rebuilt) or log into them and change the queuelifetime to a > longer period of time if it's needed. > Sure, spam gets stuck in the queue (my backup servers stay at > a constant 50-60 messages in the queue), but they get dumped > out in a timely manner > (2 hours). In the event the main MX is down, I'm not > concerned with spam at that time, honestly. The impact of the > backup MX trying to deliver those messages to the main MX is > minuscule, so I don't worry about it. > The only real way to get around it would be to go with a > clustering system, like the one Bill Shupp outlined > (http://shupp.org/maps/ispcluster.html) > Hope that helps some. > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > --- > > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.1.371 / Virus Database: 267.14.5/212 - Release > Date: 23/12/2005 > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Backup MX
Simon Jones wrote: Here's the rpm query: [EMAIL PROTECTED] ~]# rpm -qa | grep toaster | sort Hmm. All the packages seem like they're there, are they all running? (qmailctl stat). If they are, you may want to change your tcp.smtp file to read like the example i sent you. Right now you're not scanning emails for spam/viruses without the simscan portion. You're also not limiting the recipients by not having the chkuser options in there. Obviously you don't HAVE to use them. As for the backup mx: The problem is that since the backup server will always accept mail for any domains listed in its accepted relay file (so it WILL relay if the primary goes down) I only want it to relay under these circumstances - reason being that the backup can be used as a spam gateway for dictionary attacks even if the primary is online, the relay server does not know if [EMAIL PROTECTED] is a valid address, only the primary knows this because that is where the account is specified. Okay, I understand a little better now. The short answer is that unless you move to a cluster-type setup there's no easy way to do this. I've begun looking into modifying the Toaster package to a "cluster-toaster" package, but this is a spare-time thing for me so it will be a while. What I have done on my systems, (1 main MX, 1 or 2 backup MX's depending on the domain) is this: Set the queuelifetime of 10800 in the main MX (3 hours), and backup MX's have a queuelifetime of the 7200 (2 hours). Backup MX checks to see if Main MX is alive (bash script) every 45 seconds. If it is, continue as normal. If it's NOT, then the backup MX's change their queuelifetime to 259200 (3 days) and reload qmail for the change to take. This makes the backup MX's hold the emails for 3 days while I get the main back up and running. This serves 2 purposes - it keeps my queuelifetimes low in normal operation, so mail bounces are processed in a timely manner (letting the users know they misspelled a name or whatever within 3 hours), and gets the spam that is stuck in queue out in a timely manner. If the main MX goes down, it takes action to hold the emails for 3 days which gives me plenty of time to either get the main server back online (or rebuilt) or log into them and change the queuelifetime to a longer period of time if it's needed. Sure, spam gets stuck in the queue (my backup servers stay at a constant 50-60 messages in the queue), but they get dumped out in a timely manner (2 hours). In the event the main MX is down, I'm not concerned with spam at that time, honestly. The impact of the backup MX trying to deliver those messages to the main MX is minuscule, so I don't worry about it. The only real way to get around it would be to go with a clustering system, like the one Bill Shupp outlined (http://shupp.org/maps/ispcluster.html) Hope that helps some. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Where can I see this log?
Fajar Priyanto wrote: Hi all, I have another box that is build using qmailrocks package. In that box, I have this log in /var/spool/qmailscan/current: Fri, 23 Dec 2005 19:40:35 WIT:25074: +++ starting debugging for process 25074 by uid=509 Fri, 23 Dec 2005 19:40:36 WIT:25074: w_c: elapsed time from start 1.960728 secs Fri, 23 Dec 2005 19:40:36 WIT:25074: return-path='[EMAIL PROTECTED]', recips='[EMAIL PROTECTED]' Fri, 23 Dec 2005 19:40:36 WIT:25074: from='"Kamla" <[EMAIL PROTECTED]>', subj='FW: The finest American fab items. Browse to see what it looks like.', via SMTP from 220.174.224.164 The QmailRocks package uses the qmail-queue patch to scan messages, so they're a little different. The Toaster packages uses something similar, with a lot of the debugging info that QMR uses turned off. To see the Spamassassin/ClamAV logs, you would issue this command: tail /var/log/qmail/spamd/current | tai64nlocal That will give you the tail of that log, converted to human-readable time format. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] Backup MX
Here's the rpm query: [EMAIL PROTECTED] ~]# rpm -qa | grep toaster | sort daemontools-toaster-0.76-1.2.9 qmail-pop3d-toaster-1.03-1.2.10 ezmlm-toaster-0.53.324-1.2.10 isoqlog-toaster-2.1-1.2.9 ucspi-tcp-toaster-0.88-1.2.9 qmail-toaster-1.03-1.2.10 courier-imap-toaster-3.0.8-1.2.9 control-panel-toaster-0.5-1.2.8 ezmlm-cgi-toaster-0.53.324-1.2.10 qmailmrtg-toaster-4.2-1.2.8 maildrop-toaster-devel-1.8.1-1.2.10 vqadmin-toaster-2.3.4-1.2.12 spamassassin-toaster-3.1.0-1.2.11 vpopmail-toaster-5.4.10-1.2.10 autorespond-toaster-2.0.4-1.2.8 qmailadmin-toaster-1.2.9-1.2.11 maildrop-toaster-1.8.1-1.2.10 squirrelmail-toaster-1.4.5-1.2.13 As for the backup mx: The problem is that since the backup server will always accept mail for any domains listed in its accepted relay file (so it WILL relay if the primary goes down) I only want it to relay under these circumstances - reason being that the backup can be used as a spam gateway for dictionary attacks even if the primary is online, the relay server does not know if [EMAIL PROTECTED] is a valid address, only the primary knows this because that is where the account is specified. Ok, if the primary goes down then we're back to square one because the backup doesn't know what addresses are valid and which are not but at least I could stop this kind of traffic if the primary mx is alive - which is usually 99% of the time anyway as its only downed for occasional reboots for updates etc. Si. > -Original Message- > From: Jake Vickers [mailto:[EMAIL PROTECTED] > Sent: 23 December 2005 11:59 > To: qmailtoaster-list@qmailtoaster.com > Subject: Re: [qmailtoaster] Backup MX > > Simon Jones wrote: > > >Just one final question... > > > >This is my /etc/tcprules.d/tcp.smtp file: > > > >[EMAIL PROTECTED] smtp]# vi /etc/tcprules.d/tcp.smtp > > > >127.:allow,RELAYCLIENT="" > >:allow,BADMIMETYPE="",BADLOADERTYPE="M" > > > >I can't see the numbers you mention for controling unknown > user and max > >recipients.. > > > > > You're missing a package or two then. What does 'rpm -qa | > grep toaster > | sort' show? With the chkuser patch, it would look like this: > [EMAIL PROTECTED] ~]# cat /etc/tcprules.d/tcp.smtp 127.:allow,RELAYCLIENT="" > :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="20" > ,CHKUSER_WRONGRCPTLIMIT="3",QMAILQUEUE="/var/qmail/bin/simscan" > > Of course I gave my users up to 20 recipients to stop a > couple from whining all the time. > Back on your Backup MX thing... Okay, what exactly were you > trying to do? The email gets sent through the backups when > the main goes down; does it really matter which one gets the > mail? I'm just trying to understand why the extra steps > (read: complications) would be needed? > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > --- > > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.1.371 / Virus Database: 267.14.5/212 - Release > Date: 23/12/2005 > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] Where can I see this log?
Hi all, I have another box that is build using qmailrocks package. In that box, I have this log in /var/spool/qmailscan/current: Fri, 23 Dec 2005 19:40:35 WIT:25074: +++ starting debugging for process 25074 by uid=509 Fri, 23 Dec 2005 19:40:36 WIT:25074: w_c: elapsed time from start 1.960728 secs Fri, 23 Dec 2005 19:40:36 WIT:25074: return-path='[EMAIL PROTECTED]', recips='[EMAIL PROTECTED]' Fri, 23 Dec 2005 19:40:36 WIT:25074: from='"Kamla" <[EMAIL PROTECTED]>', subj='FW: The finest American fab items. Browse to see what it looks like.', via SMTP from 220.174.224.164 Fri, 23 Dec 2005 19:40:36 WIT:25074: clamdscan: finished scan in 0.008093 secs Fri, 23 Dec 2005 19:40:37 WIT:25074: SA: required_hits 5.0 / sa_quarantine +0 / sa_delete +0.5 Fri, 23 Dec 2005 19:40:37 WIT:25074: SA: finished scan in 0.731742 secs - hits=-2.6 Fri, 23 Dec 2005 19:40:37 WIT:25074: p_s: finished scan in 0.023778 secs Fri, 23 Dec 2005 19:40:37 WIT:25074: ini_sc: finished scan of "/var/spool/qmailscan/tmp/server.mydomain.com.113534163576025074"... Fri, 23 Dec 2005 19:40:37 WIT:25074: -- Process 25074 finished. Total of 2.817949 secs Is there any similar log like that? Thanks. -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 19:42:58 up 6:42, 2.6.14-1.1653_FC4 GNU/Linux Let's use OpenOffice. http://www.openoffice.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Backup MX
Simon Jones wrote: Just one final question... This is my /etc/tcprules.d/tcp.smtp file: [EMAIL PROTECTED] smtp]# vi /etc/tcprules.d/tcp.smtp 127.:allow,RELAYCLIENT="" :allow,BADMIMETYPE="",BADLOADERTYPE="M" I can't see the numbers you mention for controling unknown user and max recipients.. You're missing a package or two then. What does 'rpm -qa | grep toaster | sort' show? With the chkuser patch, it would look like this: [EMAIL PROTECTED] ~]# cat /etc/tcprules.d/tcp.smtp 127.:allow,RELAYCLIENT="" :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="20",CHKUSER_WRONGRCPTLIMIT="3",QMAILQUEUE="/var/qmail/bin/simscan" Of course I gave my users up to 20 recipients to stop a couple from whining all the time. Back on your Backup MX thing... Okay, what exactly were you trying to do? The email gets sent through the backups when the main goes down; does it really matter which one gets the mail? I'm just trying to understand why the extra steps (read: complications) would be needed? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Backup MX
You'd automate the network test on your primary server of course using something as simple as ping, or a bit more sophisticated using netcat. I'm sure with a google search or a hunt on sourceforge you'd find a script that checked your mail service. Regards, Wayne Blick - Original Message - From: "Simon Jones" <[EMAIL PROTECTED]> To: Sent: Friday, December 23, 2005 8:09 PM Subject: RE: [qmailtoaster] Backup MX > Thanks Wayne, > > That wouldn't work too well in my environment though as it would need > constant monitoring, we're an ISP so our 4 primary servers process around > 20GB of mail every day each, so its essential that a backup is be available > whenever needed, when I figure it out I'll post it to the list. > > Have a great Christmas :) > > Si. > > > -Original Message- > > From: Wayne Blick [mailto:[EMAIL PROTECTED] > > Sent: 22 December 2005 22:01 > > To: qmailtoaster-list@qmailtoaster.com > > Subject: Re: [qmailtoaster] Backup MX > > > > > > Perhaps you could just do a simple network test for server_a > > status. When it goes offline do "qmailctl start" on server_b. > > > > Alternatively, you could use the same approach but > > enable/disable port 25 on server_b as server _a goes off/on line. > > > > Regards, > > Wayne Blick > > > > > > - Original Message - > > From: "Simon Jones" <[EMAIL PROTECTED]> > > To: > > Sent: Friday, December 23, 2005 3:50 AM > > Subject: RE: [qmailtoaster] Backup MX > > > > > > > Thanks Jake, > > > > > > Perhaps I didn't provide enough info: > > > > > > I have 2 mail servers: > > > > > > MX10 server_a > > > MX20 server_b > > > > > > If server_a is off line server_b will relay for server_a > > and queue the > > mail > > > until it is alive, this is OK. > > > > > > Because this is an established server it is known to relay > > for certain > > > domains, here's the problem, the server will currently > > accept mail for its > > > relay domains regardless of whether server_a is online, > > this is usually > > junk > > > mail so I'd like to check if server_a is alive before > > accepting mail, if > > it > > > is server_b will reject the message, if it is not server_b > > will queue the > > > message. > > > > > > Simon. > > > > > > > -Original Message- > > > > From: Jake Vickers [mailto:[EMAIL PROTECTED] > > > > Sent: 22 December 2005 16:22 > > > > To: qmailtoaster-list@qmailtoaster.com > > > > Subject: Re: [qmailtoaster] Backup MX > > > > > > > > Simon Jones wrote: > > > > > > > > >Hi, > > > > > > > > > >I have a backup server which will relay for customers if the > > > > primary MX > > > > >is unreachable, problem is we've been around for years > > so my backup > > > > >relays are known to relay for certain domains. I see a lot > > > > of bounced > > > > >mail in the logs. > > > > > > > > > >I would like to have qmail only accept mail for relaying if > > > > the higher > > > > >MX preferences are unreachable, for example is this server > > > > is MX 30 for > > > > >domain.com and the MX 10 is available the server should > > > > reject the message. > > > > > > > > > >Only if MX 10 and MX 20 are unreachable should the server > > > > accept mail. > > > > > > > > > >How can I do this? > > > > > > > > > >I have just switched to qmail from sendmail which I have so > > > > far found > > > > >to be easier to configure and much quicker, so apologies if > > > > this is a > > > > >dumb question! > > > > > > > > > > > > > > I'm not understanding quite what you're trying to do. Most of > > > > what you outlined should work as is. When my server, for > > > > example, tries to send you a message, it will look up the MX > > > > records in DNS, and then normally send to the 30 MX record. > > > > If the 30 is unavailable, it moves up to the 20 record, and > > > > eventually to the 10 if none of those are available. Or I > > > > could have it backward (goes to 10 first, then moves down). > > > > Windows does it one way, and Linux does it another. > > > > > > > > Anyway, the 30 record machine should get the mail, and then > > > > hold it while trying to deliver it to the 10 MX record every > > > > 5 minutes until the value in queuelifetime on that machine is > > > > reached - then it bounces it to the sender. If what you're > > > > asking is how to get the other MX record machine to accept > > > > the emails, the only thing you need to do is add the domain > > > > to the /var/qmail/control/rcpthosts file and it will accept > > > > emails for that domain, and try to deliver them to the 10 > > MX machine. > > > > Let me know if you were looking for some different information. > > > > > > > > > > - > > > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > > > For additional commands, e-mail: > > > > [EMAIL PROTECTED] > > > > > > > > --- > > > > > > > > > > > > -- > > > > No virus found in this incoming message. > > > > Checked by AVG Free Edition. > > > > Version: 7.1.371 / Virus Database:
RE: [qmailtoaster] Backup MX
Just one final question... This is my /etc/tcprules.d/tcp.smtp file: [EMAIL PROTECTED] smtp]# vi /etc/tcprules.d/tcp.smtp 127.:allow,RELAYCLIENT="" :allow,BADMIMETYPE="",BADLOADERTYPE="M" I can't see the numbers you mention for controling unknown user and max recipients.. Thanks Si > -Original Message- > From: Jake Vickers [mailto:[EMAIL PROTECTED] > Sent: 23 December 2005 03:49 > To: qmailtoaster-list@qmailtoaster.com > Subject: Re: [qmailtoaster] Backup MX > > Simon Jones wrote: > > >Thanks Jake, > > > >No matter - I would like to also know: > > > >How to enable > > > >Reverse lookup's (ptr) > >Protect against dictionary attacks > >Throttle recipients > >Get Clamav & Spamassassin working > > > >Sorry I know these will be common questions but I'm used to editing > >sendmail > >M4 and job done! If you can point me to any relevent docs > it would be cool. > > > > > No big deal, it's what the list is for. I've roughed some of > this (I've been guilty of not working on it) over at the wiki > (wiki.qmailtoaster.com). Anyway: > Reverse IP lookup is controlled in possibly a couple spots. > You probably want to turn it on for tcpserver by editing the > /var/qmail/supervise/smtp/run file and changing the tcpsever > flag from -H to -h, and maybe adding a -p switch to that. The > switches are explained here http://cr.yp.to/ucspi-tcp/tcpserver.html > The next couple are one and the same. These are controlled > with the chkuser patch, and the limits can be changed in your > /etc/tcprules.d/tcp.smtp file. The (current values) 15 is how > many people chkuser allows to be in the TO and/or CC lines > before bouncing the messages. This can be set all the way up > to about 254, until the next version rolls out and Nick > writes a patch for chkuser to allow larger numbers. The 3 in > there is how many bad emails it will allow before dropping > the connection, also. So even if they are only sending to 10 > recipients and don't get thumped by chkuser, after the 3rd > wrong email chkuser kicks back in and drops the connection. > If you change any of the values in this file, you'll need to > run the command 'qmailctl cdb' to rebuild the DB file. > And lastly (almost), clamav and spamassassin should be > working already if you installed all the packages from > qmailtoaster.com. You can check this from the command line by > typing 'qmailctl stat' and seeing if the daemons are up. > I didn't quote it, but you were looking to add additional RBL lists. > Almost all of your qmail config files are in > /var/qmail/control. In here you will see blacklists, which is > where the RBLs are added. Just follow the format already in > this file (-r your.blacklist.com). I have a list on the wiki > of what the majority of the control files are. > Let us know if you have any more questions! > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > --- > > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.1.371 / Virus Database: 267.14.1/207 - Release > Date: 19/12/2005 > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] Backup MX
Thanks Jake, There's loads of info for me there. Have a great Christmas! Si. > -Original Message- > From: Jake Vickers [mailto:[EMAIL PROTECTED] > Sent: 23 December 2005 03:49 > To: qmailtoaster-list@qmailtoaster.com > Subject: Re: [qmailtoaster] Backup MX > > Simon Jones wrote: > > >Thanks Jake, > > > >No matter - I would like to also know: > > > >How to enable > > > >Reverse lookup's (ptr) > >Protect against dictionary attacks > >Throttle recipients > >Get Clamav & Spamassassin working > > > >Sorry I know these will be common questions but I'm used to editing > >sendmail > >M4 and job done! If you can point me to any relevent docs > it would be cool. > > > > > No big deal, it's what the list is for. I've roughed some of > this (I've been guilty of not working on it) over at the wiki > (wiki.qmailtoaster.com). Anyway: > Reverse IP lookup is controlled in possibly a couple spots. > You probably want to turn it on for tcpserver by editing the > /var/qmail/supervise/smtp/run file and changing the tcpsever > flag from -H to -h, and maybe adding a -p switch to that. The > switches are explained here http://cr.yp.to/ucspi-tcp/tcpserver.html > The next couple are one and the same. These are controlled > with the chkuser patch, and the limits can be changed in your > /etc/tcprules.d/tcp.smtp file. The (current values) 15 is how > many people chkuser allows to be in the TO and/or CC lines > before bouncing the messages. This can be set all the way up > to about 254, until the next version rolls out and Nick > writes a patch for chkuser to allow larger numbers. The 3 in > there is how many bad emails it will allow before dropping > the connection, also. So even if they are only sending to 10 > recipients and don't get thumped by chkuser, after the 3rd > wrong email chkuser kicks back in and drops the connection. > If you change any of the values in this file, you'll need to > run the command 'qmailctl cdb' to rebuild the DB file. > And lastly (almost), clamav and spamassassin should be > working already if you installed all the packages from > qmailtoaster.com. You can check this from the command line by > typing 'qmailctl stat' and seeing if the daemons are up. > I didn't quote it, but you were looking to add additional RBL lists. > Almost all of your qmail config files are in > /var/qmail/control. In here you will see blacklists, which is > where the RBLs are added. Just follow the format already in > this file (-r your.blacklist.com). I have a list on the wiki > of what the majority of the control files are. > Let us know if you have any more questions! > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > --- > > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.1.371 / Virus Database: 267.14.1/207 - Release > Date: 19/12/2005 > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] Backup MX
Thanks Wayne, That wouldn't work too well in my environment though as it would need constant monitoring, we're an ISP so our 4 primary servers process around 20GB of mail every day each, so its essential that a backup is be available whenever needed, when I figure it out I'll post it to the list. Have a great Christmas :) Si. > -Original Message- > From: Wayne Blick [mailto:[EMAIL PROTECTED] > Sent: 22 December 2005 22:01 > To: qmailtoaster-list@qmailtoaster.com > Subject: Re: [qmailtoaster] Backup MX > > > Perhaps you could just do a simple network test for server_a > status. When it goes offline do "qmailctl start" on server_b. > > Alternatively, you could use the same approach but > enable/disable port 25 on server_b as server _a goes off/on line. > > Regards, > Wayne Blick > > > - Original Message - > From: "Simon Jones" <[EMAIL PROTECTED]> > To: > Sent: Friday, December 23, 2005 3:50 AM > Subject: RE: [qmailtoaster] Backup MX > > > > Thanks Jake, > > > > Perhaps I didn't provide enough info: > > > > I have 2 mail servers: > > > > MX10 server_a > > MX20 server_b > > > > If server_a is off line server_b will relay for server_a > and queue the > mail > > until it is alive, this is OK. > > > > Because this is an established server it is known to relay > for certain > > domains, here's the problem, the server will currently > accept mail for its > > relay domains regardless of whether server_a is online, > this is usually > junk > > mail so I'd like to check if server_a is alive before > accepting mail, if > it > > is server_b will reject the message, if it is not server_b > will queue the > > message. > > > > Simon. > > > > > -Original Message- > > > From: Jake Vickers [mailto:[EMAIL PROTECTED] > > > Sent: 22 December 2005 16:22 > > > To: qmailtoaster-list@qmailtoaster.com > > > Subject: Re: [qmailtoaster] Backup MX > > > > > > Simon Jones wrote: > > > > > > >Hi, > > > > > > > >I have a backup server which will relay for customers if the > > > primary MX > > > >is unreachable, problem is we've been around for years > so my backup > > > >relays are known to relay for certain domains. I see a lot > > > of bounced > > > >mail in the logs. > > > > > > > >I would like to have qmail only accept mail for relaying if > > > the higher > > > >MX preferences are unreachable, for example is this server > > > is MX 30 for > > > >domain.com and the MX 10 is available the server should > > > reject the message. > > > > > > > >Only if MX 10 and MX 20 are unreachable should the server > > > accept mail. > > > > > > > >How can I do this? > > > > > > > >I have just switched to qmail from sendmail which I have so > > > far found > > > >to be easier to configure and much quicker, so apologies if > > > this is a > > > >dumb question! > > > > > > > > > > > I'm not understanding quite what you're trying to do. Most of > > > what you outlined should work as is. When my server, for > > > example, tries to send you a message, it will look up the MX > > > records in DNS, and then normally send to the 30 MX record. > > > If the 30 is unavailable, it moves up to the 20 record, and > > > eventually to the 10 if none of those are available. Or I > > > could have it backward (goes to 10 first, then moves down). > > > Windows does it one way, and Linux does it another. > > > > > > Anyway, the 30 record machine should get the mail, and then > > > hold it while trying to deliver it to the 10 MX record every > > > 5 minutes until the value in queuelifetime on that machine is > > > reached - then it bounces it to the sender. If what you're > > > asking is how to get the other MX record machine to accept > > > the emails, the only thing you need to do is add the domain > > > to the /var/qmail/control/rcpthosts file and it will accept > > > emails for that domain, and try to deliver them to the 10 > MX machine. > > > Let me know if you were looking for some different information. > > > > > > > - > > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > > For additional commands, e-mail: > > > [EMAIL PROTECTED] > > > > > > --- > > > > > > > > > -- > > > No virus found in this incoming message. > > > Checked by AVG Free Edition. > > > Version: 7.1.371 / Virus Database: 267.14.1/207 - Release > > > Date: 19/12/2005 > > > > > > > > > > > > > - > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > --- > > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.1.371 / Virus Database: 267.14.1/207 - Release > Date: 19/12/2005 > > --
