Re: [qmailtoaster] smtproutes and domainkeys, spf, srs
SRS and SPF can be used if your upstream isp publishes spf records. You can use the include statement (more info at openspf.org) to include their spf entries into your spf records. SBC, however, doesn't publish SPF records as Yahoo handles their infrastructure. The Qmail DomainKey implementation is to spec, but doesn't implement the optional h= header that limits the scope of the DomainKey signature to certain parts. Because of this, DomainKeys will fail if it is forwarded through a third party server. Erik On 1/16/07, Trung Pham [EMAIL PROTECTED] wrote: I currently have all my outgoing emails forwarded to my ISP server using smtproutes. So I am curious if I can still use domainkeys, spf, or srs features since my ISP will definitely modify the email header. FYI, I am using SBC Business DSL. I had to resolve to smtproutes otherwise Yahoo will put emails coming from me into the bulk folder. Please let me know if those features still work if I use my ISP to relay my mails. My goal is to stop incoming spams that forge my own address. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Should I use qmail toaster?
Might want to check out the wiki. There are a ton of scripts that you can use to keep the QT up to date. ES and JV have done some great work on keeping the QmailToaster up to date. Due to licensing restrictions, we aren't allowed to give out binary updates, so no yum. The wiki has an faq entry on this. Thanks, Erik On 1/16/07, Dave Q.T. Newbiw [EMAIL PROTECTED] wrote: Hi Erik, Thanks for the reply... What size VM, memory-wise, does QM Toaster need? Is 96MB enough? In anticipation of the fact the that over the next few years _some_ bug/security issues will be found, how exactly does the auto update process work? Is everything updated, or just the base CentOS files? Thank you, David Erik Espinoza [EMAIL PROTECTED] wrote: Hello Dave Can QM Toaster be used to turn a default CentOS install into a very basic POP3/IMAP/SMTP email server? It's a lot more than basic, as it comes with antivirus, antispam, domainkeys, spf and srs. I'd call it thorough rather than basic. Our current ISP where we host ~15 domains and ~25+ email accounts has a mandatory incoming auto-discard spam filter that is far too strict to continue using. That sucks. Unfortunately, switching ISPs is not an option right now. Good luck! I am looking at signing up for a basic low-memory CentOS Virtual Dedicated Server to handle our own incoming ( outgoing) mail. I wouldn't go too low on the memory unless you don't want antivirus and antispam. There will not be a full-time IT person to maintain the server, so simplicity is a must. The QmailToaster is very simple. This is a no brainer. I am perfectly fine with leaving out server-side spam filtering, though I suspect that some basic blacklist usage would be a good idea. I'd recommend against leaving out the spam filtering, as blacklists are usually too encompassing. Most specifically, I don't want to add the performance overhead, security liability, and maintenance requirements of a typical default server. (Apache, MySQL, Bind, etc.) In reality, the only thing that requires maintenance is the antispam, antivirus and webmail.The project keeps those all up to date. The rest is, for the most part, already a couple of years old and battle tested on the internet. Known to be secure. Basically, I want an ultra-basic server that I can set for automatic updates and let it continue running hands-off until CentOS 4 is no longer supported with security patches. Sounds like the plan. It's how I run mine. Will Qmail Toaster do what I need? Yes. It's not basic, but it is simple. And there is plenty of support here, on the wiki and on the main site. Thanks, Erik - QmailToaster hosted by: VR Hosted - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Don't be flakey. Get Yahoo! Mail for Mobile and always stay connected to friends. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] Changing hostname of the server
Hi, Can anyone guide me how can I change the hostname of a live qmail server? In which all control files we need to make changes if I change the hostname? Thanks in advance, Midhun
[qmailtoaster] compile errors
Hello 1)I have been trying to install Toaster on Fedora Core 5! I have been getting the error below during installation! can any one point me in the right direction?? 2) There was a post earlier on the list on problems experienced while installing toaster on CentOS server install, was this erectified?? ie can I move my installation to CentOS?? I have just had enough with Fedora Core Errors below; Installing courier-authlib-toaster-0.59-1.3.4.src.rpm error: Failed build dependencies /usr/include/ltdl.h is needed by courier-authlib-toaster-0.59-1.3.4.i386 error: File not found by glob: /usr/src/redhat/RPMS/i386/courier-authlib-toaster*.rpm Installing courier-imap-toaster-4.1.2-1.3.6.src.rpm error: Failed build dependencies courier-authlib-toaster is needed by courier-imap-toaster-4.1.2-1.3.6.i386 error: File not found by glob: /usr/src/redhat/RPMS/i386/courier-imap-toaster*.rpm thanks ALex
[qmailtoaster] Password fail
vpopmail[24367]: vchkpw-smtp: password fail (pass: '0b3acf566e0899014146fee9fa23f760') [EMAIL PROTECTED]:IP This connection is from scaner sending its work to email. In tutorial is only info that password is coded. Change to send password in plain text is not possible. How resolve it? -- Tuptus System uptime: 41 years 8 months 3 weeks 1 days 9 hours 45 minuts - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Greylisting
Dnia wtorek, 16 stycznia 2007 09:43, Erik Espinoza napisał: You may want to check this out: http://thomas.mangin.me.uk/software/qmail-greylist.html Simple and effective. THX Erik. -- System uptime: 41 years 8 months 3 weeks 1 days 9 hours 45 minuts - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Greylisting
Wojciech Gabor wrote: Dnia wtorek, 16 stycznia 2007 09:43, Erik Espinoza napisał: You may want to check this out: http://thomas.mangin.me.uk/software/qmail-greylist.html Simple and effective. THX Erik. WG, I take it you've had success with this? Would you care to elaborate some? -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] qtp-newmodel sandbox clarification
Just want to see if I understand this fully. The qtp-newmodel script builds the newest version into a sandbox, once its successfully built and installed in the sandbox it will then proceed to install it outside the sandbox to the actual server? Sorry if this is confusing. Dan
Re: [qmailtoaster] compile errors
Check whether sendmail is already uninstalled from the system. issue this command: rpm -e sendmail --nodeps I have the same problem sometime due to sendmail havent uninstall - Original Message From: Kisakye Alex [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, January 17, 2007 8:37:12 PM Subject: [qmailtoaster] compile errors Hello 1)I have been trying to install Toaster on Fedora Core 5! I have been getting the error below during installation! can any one point me in the right direction?? 2) There was a post earlier on the list on problems experienced while installing toaster on CentOS server install, was this erectified?? ie can I move my installation to CentOS?? I have just had enough with Fedora Core Errors below; Installing courier-authlib-toaster-0.59-1.3.4.src.rpm error: Failed build dependencies /usr/include/ltdl.h is needed by courier-authlib-toaster-0.59-1.3.4.i386 error: File not found by glob: /usr/src/redhat/RPMS/i386/courier-authlib-toaster*.rpm Installing courier-imap-toaster-4.1.2-1.3.6.src.rpm error: Failed build dependencies courier-authlib-toaster is needed by courier-imap-toaster-4.1.2-1.3.6.i386 error: File not found by glob: /usr/src/redhat/RPMS/i386/courier-imap-toaster*.rpm thanks ALex Need Mail bonding? Go to the Yahoo! Mail QA for great tips from Yahoo! Answers users. http://answers.yahoo.com/dir/?link=listsid=396546091
Re: [qmailtoaster] Should I use qmail toaster?
What exactly are the licensing issues that prevent qmail from simply being folded in to the CentOS or Ubuntu disrabutions? I'm a little uneasy running a sevrer that requires a kludge to keep automatically up to date. Also, the QM Toaster kit seems to force the use of PHP and MySQL. (... Both items that are hard to secure and I would rather keep off this low-volume server.) Thanks, David --- Erik Espinoza [EMAIL PROTECTED] wrote: Might want to check out the wiki. There are a ton of scripts that you can use to keep the QT up to date. ES and JV have done some great work on keeping the QmailToaster up to date. Due to licensing restrictions, we aren't allowed to give out binary updates, so no yum. The wiki has an faq entry on this. Thanks, Erik Get your own web address. Have a HUGE year through Yahoo! Small Business. http://smallbusiness.yahoo.com/domains/?p=BESTDEAL - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Changing hostname of the server
Midhun Ramadas wrote: Hi, Can anyone guide me how can I change the hostname of a live qmail server? In which all control files we need to make changes if I change the hostname? Thanks in advance, Midhun # grep -R `hostname` /etc/* /var/qmail/* (note, those are back-quotes, not apostrophes) You can obviously ignore some of the hits, such as those in /var/qmail/queue. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Should I use qmail toaster?
On Jan 17, 2007, at 10:10 AM, Dave wrote: What exactly are the licensing issues that prevent qmail from simply being folded in to the CentOS or Ubuntu disrabutions? http://cr.yp.to/distributors.html -steve -- If this were played upon a stage now, I could condemn it as an improbable fiction. - Fabian, Twelfth Night, III,v - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Should I use qmail toaster?
What exactly are the licensing issues that prevent qmail from simply being folded in to the CentOS or Ubuntu disrabutions? http://cr.yp.to/distributors.html Yeah... I saw that, but I am not sure what the implications of that are Seemingly you could distribute a binary image... right? -- David Looking for earth-friendly autos? Browse Top Cars by Green Rating at Yahoo! Autos' Green Center. http://autos.yahoo.com/green_center/ - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] compile errors
Kisakye Alex wrote: Hello 1)I have been trying to install Toaster on Fedora Core 5! I have been getting the error below during installation! can any one point me in the right direction?? 2) There was a post earlier on the list on problems experienced while installing toaster on CentOS server install, was this erectified?? ie can I move my installation to CentOS?? I have just had enough with Fedora Core Errors below; Installing courier-authlib-toaster-0.59-1.3.4.src.rpm error: Failed build dependencies /usr/include/ltdl.h is needed by courier-authlib-toaster-0.59-1.3.4.i386 error: File not found by glob: /usr/src/redhat/RPMS/i386/courier-authlib-toaster*.rpm Installing courier-imap-toaster-4.1.2-1.3.6.src.rpm error: Failed build dependencies courier-authlib-toaster is needed by courier-imap-toaster-4.1.2-1.3.6.i386 error: File not found by glob: /usr/src/redhat/RPMS/i386/courier-imap-toaster*.rpm thanks ALex CentOS is a much better choice for a toaster distro than Fedora in terms of stability. You'll have far fewer OS upgrades to do once it's up and running, and you'll also run into fewer hurdles installing and upgrading the toaster software. There is no advantage to using Fedora that I'm aware of. In general, Fedora is good for desktops, CentOS is good for servers. IIRC, someone was having a problem with a particular SATA drive/controller with CentOS4 and couldn't get the base distro installed. I've no idea why, and I'm guessing that the HW was some sort of bleeding edge, which SATA is generally not. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Password fail
Wojciech Gabor wrote: vpopmail[24367]: vchkpw-smtp: password fail (pass: '0b3acf566e0899014146fee9fa23f760') [EMAIL PROTECTED]:IP This connection is from scaner sending its work to email. In tutorial is only info that password is coded. That's a good thing. Change to send password in plain text is not possible. You wouldn't want to do that. How resolve it? Which encoding scheme is used by the scanner? Encoding scheme must match what vpopmail is using (I'm not sure what that is off hand). -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Should I use qmail toaster?
On Jan 17, 2007, at 10:30 AM, Dave wrote: http://cr.yp.to/distributors.html Yeah... I saw that, but I am not sure what the implications of that are Seemingly you could distribute a binary image... right? no; you may not distribute a binary image, you must distribute exactly the binary image provided by DJB (which is a tarball of / var/qmail, whereas QmailToaster uses RPMs). the version of qmail in QmailToaster includes a number of patches that differentiate it from stock qmail. same with ezmlm, daemontools, etc. do i have this right, folks? -steve -- If this were played upon a stage now, I could condemn it as an improbable fiction. - Fabian, Twelfth Night, III,v - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Error when trying to set a Domain Admin in VqAdmin. Anyone else seeing this? It is occuring on 2 new toaster installs. Thanks Ed
Erik Espinoza wrote: Have you tried using the command line? No I hadn't. Just did and it worked. Curious that the web interface didn't. Any thoughts? Can you send a list of installed packages? I performed a default install of the qmail-toaster: [EMAIL PROTECTED] ~]# rpm -qa *toaster daemontools-toaster-0.76-1.3.2 libsrs2-toaster-1.0.18-1.3.2 courier-imap-toaster-4.1.2-1.3.6 ezmlm-cgi-toaster-0.53.324-1.3.2 spamassassin-toaster-3.1.7-1.3.6 ucspi-tcp-toaster-0.88-1.3.2 libdomainkeys-toaster-0.68-1.3.2 qmail-toaster-1.03-1.3.10 courier-authlib-toaster-0.59-1.3.4 autorespond-toaster-2.0.4-1.3.2 ezmlm-toaster-0.53.324-1.3.2 qmailadmin-toaster-1.2.9-1.3.3 maildrop-toaster-2.0.3-1.3.4 isoqlog-toaster-2.1-1.3.2 squirrelmail-toaster-1.4.9a-1.3.5 clamav-toaster-0.88.7-1.3.7 simscan-toaster-1.3.1-1.3.3 vpopmail-toaster-5.4.13-1.3.3 qmail-pop3d-toaster-1.03-1.3.10 control-panel-toaster-0.5-1.3.2 qmailmrtg-toaster-4.2-1.3.2 vqadmin-toaster-2.3.4-1.3.2 ripmime-toaster-1.4.0.6-1.3.2 What distribution are your using? CentOS 4.4 - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] qtp-newmodel sandbox clarification
Dan Herbon wrote: Just want to see if I understand this fully. The qtp-newmodel script builds the newest version into a “sandbox”, Yes. once its successfully built and installed in the sandbox it will then proceed to install it outside the sandbox to the actual server? Yes. Right before the script is ready to do the 'live' update, it will ask you if you want to continue, giving you the opportunity to gracefully quit and do the 'live' upgrade later. When you subsequently rerun the script, it will recognize what's already been done, allowing you to complete the upgrade in short order (usually less than 10 minutes). Note, the script will automatically stop and restart qmail at the appropriate points to minimize down time. Sorry if this is confusing. No, that's my line! ;) If you would care to add some clarification to the wiki, please do. HTH P.S. Please be sure that you're using the latest qmailtoaster-plus package: # rpm -q qmailtoaster-plus qmailtoaster-plus-0.2.7-1.3.9 -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] compile errors
On Wed, 2007-01-17 at 08:34 -0700, Eric Shubes wrote: CentOS is a much better choice for a toaster distro than Fedora in terms of stability. You'll have far fewer OS upgrades to do once it's up and running, and you'll also run into fewer hurdles installing and upgrading the toaster software. There is no advantage to using Fedora that I'm aware of. In general, Fedora is good for desktops, CentOS is good for servers. While in general I would agree with you, but not in this case. Centos works fine with the exception of spamassassin. All the people that sent me the lint outputs only one showed all the modules functioning. Spamassassin is one of the key elements needed in the spam battle. I now have five fedora boxes running qmail-toaster, all are stable and spam free. It is true that updates come out more often for fedora than for Centos. Fedora is used as a test bed before things are available for Centos and Redhat. So long as everything is working, there is not much need to update unless you want to. I posted my notes previously on this list on fedora installs. If you follow those it is a painless install on fdr60. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] simscan (simscan-toaster-1.3.1-1.3.3) segfaults
Sorry, I have been out of the office for a few days. There is not much to post. /var/log/qmail/smtp/current gets this: @400045acd89036e2684c simscan: connect error 2 Running it gives this: [EMAIL PROTECTED] simscan]# /var/qmail/bin/simscan Segmentation fault Are there any other logs that I am missing? W Erik Espinoza wrote: Could you paste the log output. I've not noticed any problems. Erik On 1/12/07, Warren (mailing lists) [EMAIL PROTECTED] wrote: I noticed that simscan was not able to be called in the logs. When I try to run it directly (./simscan in the bin directory) it gives a segfault. Any ideas? W - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Should I use qmail toaster?
Dave wrote: What exactly are the licensing issues that prevent qmail from simply being folded in to the CentOS or Ubuntu disrabutions? Steve has this right in his reply, TTBOMK. I'm a little uneasy running a sevrer that requires a kludge to keep automatically up to date. I'm the same way, Dave. I tend to be more comfortable running binary rpms myself. However that is simply not an option with any derivative of qmail, including the toaster. The scripts provided with the toaster (and qmailtoaster-plus) packages (which *are* rpms), do an adequate job of overcoming this difficulty. The advantages of using rpms are not lost with the toaster. All packages are installed using rpm binaries, it's just that they're built on your specific machine. If you really wanted to use yum to do the upgrades, you could (but there's really no point in doing so). Simply build your own yum repository containing the toaster binary rpms that are produced by the scripts (or built yourself manually), and you're good to go. You just can't *distribute* your binary rpms to anyone else. Also, the QM Toaster kit seems to force the use of PHP and MySQL. (... Both items that are hard to secure and I would rather keep off this low-volume server.) I cannot speak authoritatively on this. Thanks, David --- Erik Espinoza [EMAIL PROTECTED] wrote: Might want to check out the wiki. There are a ton of scripts that you can use to keep the QT up to date. ES and JV have done some great work on keeping the QmailToaster up to date. Due to licensing restrictions, we aren't allowed to give out binary updates, so no yum. The wiki has an faq entry on this. Thanks, Erik -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] compile errors
Sendmail is installed Alex _ From: Gabriel Lai [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 17, 2007 6:02 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] compile errors Check whether sendmail is already uninstalled from the system. issue this command: rpm -e sendmail --nodeps I have the same problem sometime due to sendmail havent uninstall - Original Message From: Kisakye Alex [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, January 17, 2007 8:37:12 PM Subject: [qmailtoaster] compile errors Hello 1)I have been trying to install Toaster on Fedora Core 5! I have been getting the error below during installation! can any one point me in the right direction?? 2) There was a post earlier on the list on problems experienced while installing toaster on CentOS server install, was this erectified?? ie can I move my installation to CentOS?? I have just had enough with Fedora Core Errors below; Installing courier-authlib-toaster-0.59-1.3.4.src.rpm error: Failed build dependencies /usr/include/ltdl.h is needed by courier-authlib-toaster-0.59-1.3.4.i386 error: File not found by glob: /usr/src/redhat/RPMS/i386/courier-authlib-toaster*.rpm Installing courier-imap-toaster-4.1.2-1.3.6.src.rpm error: Failed build dependencies courier-authlib-toaster is needed by courier-imap-toaster-4.1.2-1.3.6.i386 error: File not found by glob: /usr/src/redhat/RPMS/i386/courier-imap-toaster*.rpm thanks ALex _ Finding fabulous fares is fun. Let http://farechase.yahoo.com/promo-generic-14795097;_ylc=X3oDMTFtNW45amVpBF9T Azk3NDA3NTg5BF9zAzI3MTk0ODEEcG9zAzEEc2VjA21haWx0YWdsaW5lBHNsawNxMS0wNw--%0a Yahoo! FareChase search your favorite travel sites to find flight and hotel bargains.
Re: [qmailtoaster] simscan (simscan-toaster-1.3.1-1.3.3) segfaults
The connect error 2 message is simply a warning regarding the new P0F checking in simscan. The toaster does not (yet) implement a P0F daemon, so this feature is turned off. Add ,NOP0FCHECK=1 to your /etc/tcprules.d/tcp.smtp file (not needed on the 127. line) and the message will go away. (Don't forget to qmailctl cdb after making your change) Warren (mailing lists) wrote: Sorry, I have been out of the office for a few days. There is not much to post. /var/log/qmail/smtp/current gets this: @400045acd89036e2684c simscan: connect error 2 Running it gives this: [EMAIL PROTECTED] simscan]# /var/qmail/bin/simscan Segmentation fault Are there any other logs that I am missing? W Erik Espinoza wrote: Could you paste the log output. I've not noticed any problems. Erik On 1/12/07, Warren (mailing lists) [EMAIL PROTECTED] wrote: I noticed that simscan was not able to be called in the logs. When I try to run it directly (./simscan in the bin directory) it gives a segfault. Any ideas? W -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] compile errors
Vince Callaway wrote: On Wed, 2007-01-17 at 08:34 -0700, Eric Shubes wrote: CentOS is a much better choice for a toaster distro than Fedora in terms of stability. You'll have far fewer OS upgrades to do once it's up and running, and you'll also run into fewer hurdles installing and upgrading the toaster software. There is no advantage to using Fedora that I'm aware of. In general, Fedora is good for desktops, CentOS is good for servers. While in general I would agree with you, but not in this case. Centos works fine with the exception of spamassassin. All the people that sent me the lint outputs only one showed all the modules functioning. Spamassassin is one of the key elements needed in the spam battle. This seems to indicate that some extra work needs to be done to get SA working 100% on CentOS, which is indeed the case. .) no less true on Fedora .) SA does not need to be 100% operative to be effective. E.g. the stock toaster has only local rules enabled. I now have five fedora boxes running qmail-toaster, all are stable and spam free. spam free is relative at best. ;) Congratulations though! It is true that updates come out more often for fedora than for Centos. Fedora is used as a test bed before things are available for Centos and Redhat. So long as everything is working, there is not much need to update unless you want to. This comes down to stability/security. With CentOS, only security updates are released and should be applied. With Fedora, you get security and development updates, which increases the risk of instability. I posted my notes previously on this list on fedora installs. If you follow those it is a painless install on fdr60. I'm sure that it is. Unfortunately, Kisakye was starting with FC5! :( Thank you for your trail blazing work, Vince. Will you kindly take the time to post your fdr60 notes on the wiki? I'm sure it would be a valuable addition. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] compile errors
yum install libtool-ltdl libtool-ltdl-devel Try again. Erik On 1/17/07, Kisakye Alex [EMAIL PROTECTED] wrote: Hello 1)I have been trying to install Toaster on Fedora Core 5! I have been getting the error below during installation! can any one point me in the right direction?? 2) There was a post earlier on the list on problems experienced while installing toaster on CentOS server install, was this erectified?? ie can I move my installation to CentOS?? I have just had enough with Fedora Core Errors below; Installing courier-authlib-toaster-0.59-1.3.4.src.rpm error: Failed build dependencies /usr/include/ltdl.h is needed by courier-authlib-toaster-0.59-1.3.4.i386 error: File not found by glob: /usr/src/redhat/RPMS/i386/courier-authlib-toaster*.rpm Installing courier-imap-toaster-4.1.2-1.3.6.src.rpm error: Failed build dependencies courier-authlib-toaster is needed by courier-imap-toaster-4.1.2-1.3.6.i386 error: File not found by glob: /usr/src/redhat/RPMS/i386/courier-imap-toaster*.rpm thanks ALex - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] Re: Accepting mail from local mail servers
Hi, I am not sure what the problem is and how to resolve it. I am hosting my company qmailtoaster server in the datacenter on an external ip, I also have some development machines inside the company behind the nat on internal ips. When an internal application sends email out to [EMAIL PROTECTED] using sendmail on localhost, I am not getting that email at [EMAIL PROTECTED] I am pretty sure qmail rejects these emails because they come from a mailserver behind nat which doesnt resolve to anything. What do I need to configure on qmailtoaster so I can allow my development machines to send me email to [EMAIL PROTECTED] Is there a setting where I can just specify my company external ip to allow all the mail from my internal subnet without being rejected? Thank you - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Re: Accepting mail from local mail servers
Hi, Any messages in the logfiles (on both qmailtoaster server and development machines) What do you get when you telnet from the development machine to the qmailtoaster on port 25 and type something like helo mail from:[EMAIL PROTECTED] rcpt to:[EMAIL PROTECTED] data subject: test test . Simply said, more info is needed to solve this for you. Regards, JP - Original Message - From: [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, January 17, 2007 8:29 PM Subject: [qmailtoaster] Re: Accepting mail from local mail servers Hi, I am not sure what the problem is and how to resolve it. I am hosting my company qmailtoaster server in the datacenter on an external ip, I also have some development machines inside the company behind the nat on internal ips. When an internal application sends email out to [EMAIL PROTECTED] using sendmail on localhost, I am not getting that email at [EMAIL PROTECTED] I am pretty sure qmail rejects these emails because they come from a mailserver behind nat which doesnt resolve to anything. What do I need to configure on qmailtoaster so I can allow my development machines to send me email to [EMAIL PROTECTED] Is there a setting where I can just specify my company external ip to allow all the mail from my internal subnet without being rejected? Thank you - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Re: Accepting mail from local mail servers
You can disable sender checking by adding the nat public IP to tcp.smtp with the RELAYCLIENT option On 1/17/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi, I am not sure what the problem is and how to resolve it. I am hosting my company qmailtoaster server in the datacenter on an external ip, I also have some development machines inside the company behind the nat on internal ips. When an internal application sends email out to [EMAIL PROTECTED] using sendmail on localhost, I am not getting that email at [EMAIL PROTECTED] I am pretty sure qmail rejects these emails because they come from a mailserver behind nat which doesnt resolve to anything. What do I need to configure on qmailtoaster so I can allow my development machines to send me email to [EMAIL PROTECTED] Is there a setting where I can just specify my company external ip to allow all the mail from my internal subnet without being rejected? Thank you - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Re: Accepting mail from local mail servers
What JP says would certainly help. Given what you *have* said though, and making a few presumptions, I might have a fix for you. Since your internal machines are being nat'd, I'm thinking that the smtp sessions for these will appear to the toaster to be coming from the external address of the natting device. Simply add that address (the external address of your natting device) to /etc/tcprules.d/tcp.smtp file like so: external.address.of.nat:allow,RELAYCLIENT= Regenerate your cdb file: # qmailctl cdb and you should be good to go. Note, this solution is a tad bit insecure. If someone were able to spoof this address (while unlikely it *is* possible), they could use your toaster as an open relay. Not much of an issue if it's a private address, somewhat more so if it's public. The best solution, while not as easy but more secure, would be to configure the sendmail clients to authenticate themselves. Jean-Paul van de Plasse wrote: Hi, Any messages in the logfiles (on both qmailtoaster server and development machines) What do you get when you telnet from the development machine to the qmailtoaster on port 25 and type something like helo mail from:[EMAIL PROTECTED] rcpt to:[EMAIL PROTECTED] data subject: test test . Simply said, more info is needed to solve this for you. Regards, JP - Original Message - From: [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, January 17, 2007 8:29 PM Subject: [qmailtoaster] Re: Accepting mail from local mail servers Hi, I am not sure what the problem is and how to resolve it. I am hosting my company qmailtoaster server in the datacenter on an external ip, I also have some development machines inside the company behind the nat on internal ips. When an internal application sends email out to [EMAIL PROTECTED] using sendmail on localhost, I am not getting that email at [EMAIL PROTECTED] I am pretty sure qmail rejects these emails because they come from a mailserver behind nat which doesnt resolve to anything. What do I need to configure on qmailtoaster so I can allow my development machines to send me email to [EMAIL PROTECTED] Is there a setting where I can just specify my company external ip to allow all the mail from my internal subnet without being rejected? Thank you -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Re: Accepting mail from local mail servers
ES, Only udp and icmp connections can be spoofed. The tcp handshake makes spoofing tcp impossible. The only way for such an attach to be feasible would be to hack a few different routers in between their link. At that point, they got bigger problems than an open relya. Erik On 1/17/07, Eric Shubes [EMAIL PROTECTED] wrote: What JP says would certainly help. Given what you *have* said though, and making a few presumptions, I might have a fix for you. Since your internal machines are being nat'd, I'm thinking that the smtp sessions for these will appear to the toaster to be coming from the external address of the natting device. Simply add that address (the external address of your natting device) to /etc/tcprules.d/tcp.smtp file like so: external.address.of.nat:allow,RELAYCLIENT= Regenerate your cdb file: # qmailctl cdb and you should be good to go. Note, this solution is a tad bit insecure. If someone were able to spoof this address (while unlikely it *is* possible), they could use your toaster as an open relay. Not much of an issue if it's a private address, somewhat more so if it's public. The best solution, while not as easy but more secure, would be to configure the sendmail clients to authenticate themselves. Jean-Paul van de Plasse wrote: Hi, Any messages in the logfiles (on both qmailtoaster server and development machines) What do you get when you telnet from the development machine to the qmailtoaster on port 25 and type something like helo mail from:[EMAIL PROTECTED] rcpt to:[EMAIL PROTECTED] data subject: test test . Simply said, more info is needed to solve this for you. Regards, JP - Original Message - From: [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, January 17, 2007 8:29 PM Subject: [qmailtoaster] Re: Accepting mail from local mail servers Hi, I am not sure what the problem is and how to resolve it. I am hosting my company qmailtoaster server in the datacenter on an external ip, I also have some development machines inside the company behind the nat on internal ips. When an internal application sends email out to [EMAIL PROTECTED] using sendmail on localhost, I am not getting that email at [EMAIL PROTECTED] I am pretty sure qmail rejects these emails because they come from a mailserver behind nat which doesnt resolve to anything. What do I need to configure on qmailtoaster so I can allow my development machines to send me email to [EMAIL PROTECTED] Is there a setting where I can just specify my company external ip to allow all the mail from my internal subnet without being rejected? Thank you -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Re: Accepting mail from local mail servers
Thanks for that insight, EE! I love it when I learn new stuff. (If I could only remember more of it!) :) Erik Espinoza wrote: ES, Only udp and icmp connections can be spoofed. The tcp handshake makes spoofing tcp impossible. The only way for such an attach to be feasible would be to hack a few different routers in between their link. At that point, they got bigger problems than an open relya. Erik On 1/17/07, Eric Shubes [EMAIL PROTECTED] wrote: What JP says would certainly help. Given what you *have* said though, and making a few presumptions, I might have a fix for you. Since your internal machines are being nat'd, I'm thinking that the smtp sessions for these will appear to the toaster to be coming from the external address of the natting device. Simply add that address (the external address of your natting device) to /etc/tcprules.d/tcp.smtp file like so: external.address.of.nat:allow,RELAYCLIENT= Regenerate your cdb file: # qmailctl cdb and you should be good to go. Note, this solution is a tad bit insecure. If someone were able to spoof this address (while unlikely it *is* possible), they could use your toaster as an open relay. Not much of an issue if it's a private address, somewhat more so if it's public. The best solution, while not as easy but more secure, would be to configure the sendmail clients to authenticate themselves. Jean-Paul van de Plasse wrote: Hi, Any messages in the logfiles (on both qmailtoaster server and development machines) What do you get when you telnet from the development machine to the qmailtoaster on port 25 and type something like helo mail from:[EMAIL PROTECTED] rcpt to:[EMAIL PROTECTED] data subject: test test . Simply said, more info is needed to solve this for you. Regards, JP - Original Message - From: [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, January 17, 2007 8:29 PM Subject: [qmailtoaster] Re: Accepting mail from local mail servers Hi, I am not sure what the problem is and how to resolve it. I am hosting my company qmailtoaster server in the datacenter on an external ip, I also have some development machines inside the company behind the nat on internal ips. When an internal application sends email out to [EMAIL PROTECTED] using sendmail on localhost, I am not getting that email at [EMAIL PROTECTED] I am pretty sure qmail rejects these emails because they come from a mailserver behind nat which doesnt resolve to anything. What do I need to configure on qmailtoaster so I can allow my development machines to send me email to [EMAIL PROTECTED] Is there a setting where I can just specify my company external ip to allow all the mail from my internal subnet without being rejected? Thank you -- -Eric 'shubes' -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] tcpserver-limits-patch
Hello EE would it be possible to integrate the tcpserver-limits-patch into the ucspi-tcp-toaster ? It is pretty useful to have MAXLOAD MAXCONNIP MAXCONNC DIEMSG in the tcp.smtp cdb file I am already doing that trough my iptables setup but it could be useful Thx -Philip - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] tcpserver-limits-patch
Hi Philip, Just curious but what good does it do when you can allready do this with iptables? When I changed ucspi-tcp-toaster last week I figured they were not very usefull.. Regards, JP - Original Message - From: Philip Nix Guru [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, January 17, 2007 10:24 PM Subject: [qmailtoaster] tcpserver-limits-patch Hello EE would it be possible to integrate the tcpserver-limits-patch into the ucspi-tcp-toaster ? It is pretty useful to have MAXLOAD MAXCONNIP MAXCONNC DIEMSG in the tcp.smtp cdb file I am already doing that trough my iptables setup but it could be useful Thx -Philip - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Re: Accepting mail from local mail servers
Thank you for all the replys. Eric, you are right. The toaster is seeing my internal localhost sendmail session as coming from the public nat ip. My next question is, am i adding the tcp.smtp settings you mentioned to be able to use mail.company.com from my internal app behind nat to send mail through the mail.company.com instead of the localhost sendmail? Basically with allow and relayclient settings in tcp.smtp my internal app behind nat should be able to send email through the external toaster without authenticating? I think i want to do that, but would it be more secure being able to authenticate from the internal php app to mail.company.com through a specific account without any tcp.smtp settings? What JP says would certainly help. Given what you *have* said though, and making a few presumptions, I might have a fix for you. Since your internal machines are being nat'd, I'm thinking that the smtp sessions for these will appear to the toaster to be coming from the external address of the natting device. Simply add that address (the external address of your natting device) to /etc/tcprules.d/tcp.smtp file like so: external.address.of.nat:allow,RELAYCLIENT= Regenerate your cdb file: # qmailctl cdb and you should be good to go. Note, this solution is a tad bit insecure. If someone were able to spoof this address (while unlikely it *is* possible), they could use your toaster as an open relay. Not much of an issue if it's a private address, somewhat more so if it's public. The best solution, while not as easy but more secure, would be to configure the sendmail clients to authenticate themselves. Jean-Paul van de Plasse wrote: Hi, Any messages in the logfiles (on both qmailtoaster server and development machines) What do you get when you telnet from the development machine to the qmailtoaster on port 25 and type something like helo mail from:[EMAIL PROTECTED] rcpt to:[EMAIL PROTECTED] data subject: test test . Simply said, more info is needed to solve this for you. Regards, JP - Original Message - From: [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, January 17, 2007 8:29 PM Subject: [qmailtoaster] Re: Accepting mail from local mail servers Hi, I am not sure what the problem is and how to resolve it. I am hosting my company qmailtoaster server in the datacenter on an external ip, I also have some development machines inside the company behind the nat on internal ips. When an internal application sends email out to [EMAIL PROTECTED] using sendmail on localhost, I am not getting that email at [EMAIL PROTECTED] I am pretty sure qmail rejects these emails because they come from a mailserver behind nat which doesnt resolve to anything. What do I need to configure on qmailtoaster so I can allow my development machines to send me email to [EMAIL PROTECTED] Is there a setting where I can just specify my company external ip to allow all the mail from my internal subnet without being rejected? Thank you -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] tcpserver-limits-patch
Hi JP I was just thinking in a general setup. Not everyone knows how to set iptables. And I often see spammers connecting to some of my smtps with 30-40 connections (at least trying ..) :) that would easily get your server down for your customers, the max concurrencyincoming wont allow any new connections I use that kind of template (you can easily add -s and -d to filter) iptables -I INETIN -p tcp --dport 25 -i eth1 -m state --state NEW -m recent --set iptables -I INETIN -p tcp --dport 25 -i eth1 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 -j DROP QToaster should add either the option through tcp.smtp or some basic iptables rules it would help a few users I think. Too often you see 30-100 connections from the same source and that just blocks your server for your real users Just an idea :) Jean-Paul van de Plasse wrote: Hi Philip, Just curious but what good does it do when you can allready do this with iptables? When I changed ucspi-tcp-toaster last week I figured they were not very usefull.. Regards, JP - Original Message - From: Philip Nix Guru [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, January 17, 2007 10:24 PM Subject: [qmailtoaster] tcpserver-limits-patch Hello EE would it be possible to integrate the tcpserver-limits-patch into the ucspi-tcp-toaster ? It is pretty useful to have MAXLOAD MAXCONNIP MAXCONNC DIEMSG in the tcp.smtp cdb file I am already doing that trough my iptables setup but it could be useful Thx -Philip - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] smtproutes and domainkeys, spf, srs
So in my case, I am forwarding my mail through Yahoo. I should not bother setting up SPF, SRS, and Domainkeys since I won't see any benefit at all. Supposed if I handle my own outbound email and setup all those features properly. Do you think Yahoo will still put my mails in the Bulk folder? Another question, is it necessary for us to setup reverse IP DNS? Because I think SBC will not help me do it. SRS and SPF can be used if your upstream isp publishes spf records. You can use the include statement (more info at openspf.org) to include their spf entries into your spf records. SBC, however, doesn't publish SPF records as Yahoo handles their infrastructure. The Qmail DomainKey implementation is to spec, but doesn't implement the optional h= header that limits the scope of the DomainKey signature to certain parts. Because of this, DomainKeys will fail if it is forwarded through a third party server. Erik On 1/16/07, Trung Pham [EMAIL PROTECTED] wrote: I currently have all my outgoing emails forwarded to my ISP server using smtproutes. So I am curious if I can still use domainkeys, spf, or srs features since my ISP will definitely modify the email header. FYI, I am using SBC Business DSL. I had to resolve to smtproutes otherwise Yahoo will put emails coming from me into the bulk folder. Please let me know if those features still work if I use my ISP to relay my mails. My goal is to stop incoming spams that forge my own address. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] tcpserver-limits-patch
While doing this w/ iptables is certainly doable, I'd like to see a simple way of handling it with the toaster too. The patch would be nice (imho). Philip Nix Guru wrote: Hi JP I was just thinking in a general setup. Not everyone knows how to set iptables. And I often see spammers connecting to some of my smtps with 30-40 connections (at least trying ..) :) that would easily get your server down for your customers, the max concurrencyincoming wont allow any new connections I use that kind of template (you can easily add -s and -d to filter) iptables -I INETIN -p tcp --dport 25 -i eth1 -m state --state NEW -m recent --set iptables -I INETIN -p tcp --dport 25 -i eth1 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 -j DROP QToaster should add either the option through tcp.smtp or some basic iptables rules it would help a few users I think. Too often you see 30-100 connections from the same source and that just blocks your server for your real users Just an idea :) Jean-Paul van de Plasse wrote: Hi Philip, Just curious but what good does it do when you can allready do this with iptables? When I changed ucspi-tcp-toaster last week I figured they were not very usefull.. Regards, JP - Original Message - From: Philip Nix Guru [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, January 17, 2007 10:24 PM Subject: [qmailtoaster] tcpserver-limits-patch Hello EE would it be possible to integrate the tcpserver-limits-patch into the ucspi-tcp-toaster ? It is pretty useful to have MAXLOAD MAXCONNIP MAXCONNC DIEMSG in the tcp.smtp cdb file I am already doing that trough my iptables setup but it could be useful Thx -Philip -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] smtproutes and domainkeys, spf, srs
On Wed, 2007-01-17 at 14:30 -0800, Trung Pham wrote: So in my case, I am forwarding my mail through Yahoo. I should not bother setting up SPF, SRS, and Domainkeys since I won't see any benefit at all. EVERYONE should use SPF. Forwarding mail through yahoo does not negate the benefits. My own email forwards through centurytel (my isp). My SPF record is v=spf1 a include:centurytel.net ~all. Pretty simple and effective. My /var/qmail/control/spfbehavior value is set to 4. Keeps the fraud down. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] smtproutes and domainkeys, spf, srs
Vince Callaway wrote: On Wed, 2007-01-17 at 14:30 -0800, Trung Pham wrote: So in my case, I am forwarding my mail through Yahoo. I should not bother setting up SPF, SRS, and Domainkeys since I won't see any benefit at all. EVERYONE should use SPF. Forwarding mail through yahoo does not negate the benefits. My own email forwards through centurytel (my isp). My SPF record is v=spf1 a include:centurytel.net ~all. Pretty simple and effective. My /var/qmail/control/spfbehavior value is set to 4. Keeps the fraud down. Thanks for clearing this up, Vince. That was my understanding too. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] smtproutes and domainkeys, spf, srs
Trung, Is your toaster on a dynamic or static IP address? Trung Pham wrote: So in my case, I am forwarding my mail through Yahoo. I should not bother setting up SPF, SRS, and Domainkeys since I won't see any benefit at all. Supposed if I handle my own outbound email and setup all those features properly. Do you think Yahoo will still put my mails in the Bulk folder? TTBOMK, yahoo will not put your mail in bulk folders if you have DK configured properly. Another question, is it necessary for us to setup reverse IP DNS? Because I think SBC will not help me do it. SRS and SPF can be used if your upstream isp publishes spf records. You can use the include statement (more info at openspf.org) to include their spf entries into your spf records. SBC, however, doesn't publish SPF records as Yahoo handles their infrastructure. The Qmail DomainKey implementation is to spec, but doesn't implement the optional h= header that limits the scope of the DomainKey signature to certain parts. Because of this, DomainKeys will fail if it is forwarded through a third party server. Erik On 1/16/07, Trung Pham [EMAIL PROTECTED] wrote: I currently have all my outgoing emails forwarded to my ISP server using smtproutes. So I am curious if I can still use domainkeys, spf, or srs features since my ISP will definitely modify the email header. FYI, I am using SBC Business DSL. I had to resolve to smtproutes otherwise Yahoo will put emails coming from me into the bulk folder. Please let me know if those features still work if I use my ISP to relay my mails. My goal is to stop incoming spams that forge my own address. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] tcpserver-limits-patch
I could not agree more on this. Will do this today! JP - Original Message - From: Eric Shubes [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Thursday, January 18, 2007 12:24 AM Subject: Re: [qmailtoaster] tcpserver-limits-patch While doing this w/ iptables is certainly doable, I'd like to see a simple way of handling it with the toaster too. The patch would be nice (imho). Philip Nix Guru wrote: Hi JP I was just thinking in a general setup. Not everyone knows how to set iptables. And I often see spammers connecting to some of my smtps with 30-40 connections (at least trying ..) :) that would easily get your server down for your customers, the max concurrencyincoming wont allow any new connections I use that kind of template (you can easily add -s and -d to filter) iptables -I INETIN -p tcp --dport 25 -i eth1 -m state --state NEW -m recent --set iptables -I INETIN -p tcp --dport 25 -i eth1 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 -j DROP QToaster should add either the option through tcp.smtp or some basic iptables rules it would help a few users I think. Too often you see 30-100 connections from the same source and that just blocks your server for your real users Just an idea :) Jean-Paul van de Plasse wrote: Hi Philip, Just curious but what good does it do when you can allready do this with iptables? When I changed ucspi-tcp-toaster last week I figured they were not very usefull.. Regards, JP - Original Message - From: Philip Nix Guru [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, January 17, 2007 10:24 PM Subject: [qmailtoaster] tcpserver-limits-patch Hello EE would it be possible to integrate the tcpserver-limits-patch into the ucspi-tcp-toaster ? It is pretty useful to have MAXLOAD MAXCONNIP MAXCONNC DIEMSG in the tcp.smtp cdb file I am already doing that trough my iptables setup but it could be useful Thx -Philip -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] smtproutes and domainkeys, spf, srs
SPF will not work in this case. Reread my earlier email. Yahoo doesn't publish records for one to include. In addition DK usually fails when you use a smarthost. On 1/17/07, Eric Shubes [EMAIL PROTECTED] wrote: Trung, Is your toaster on a dynamic or static IP address? Trung Pham wrote: So in my case, I am forwarding my mail through Yahoo. I should not bother setting up SPF, SRS, and Domainkeys since I won't see any benefit at all. Supposed if I handle my own outbound email and setup all those features properly. Do you think Yahoo will still put my mails in the Bulk folder? TTBOMK, yahoo will not put your mail in bulk folders if you have DK configured properly. Another question, is it necessary for us to setup reverse IP DNS? Because I think SBC will not help me do it. SRS and SPF can be used if your upstream isp publishes spf records. You can use the include statement (more info at openspf.org) to include their spf entries into your spf records. SBC, however, doesn't publish SPF records as Yahoo handles their infrastructure. The Qmail DomainKey implementation is to spec, but doesn't implement the optional h= header that limits the scope of the DomainKey signature to certain parts. Because of this, DomainKeys will fail if it is forwarded through a third party server. Erik On 1/16/07, Trung Pham [EMAIL PROTECTED] wrote: I currently have all my outgoing emails forwarded to my ISP server using smtproutes. So I am curious if I can still use domainkeys, spf, or srs features since my ISP will definitely modify the email header. FYI, I am using SBC Business DSL. I had to resolve to smtproutes otherwise Yahoo will put emails coming from me into the bulk folder. Please let me know if those features still work if I use my ISP to relay my mails. My goal is to stop incoming spams that forge my own address. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Should I use qmail toaster?
Dave wrote: What exactly are the licensing issues that prevent qmail from simply being folded in to the CentOS or Ubuntu disrabutions? I'm a little uneasy running a sevrer that requires a kludge to keep automatically up to date. Also, the QM Toaster kit seems to force the use of PHP and MySQL. (... Both items that are hard to secure and I would rather keep off this low-volume server.) The writer of the software (Bernstein) requires that it be distributed as source code so that you know you're getting EXACTLY what he wrote, which is secure. If you read on his site, he's had a running reward for anyone who could find a security hole in his software. It's never been claimed as far as I know. I am not aware of any security patches released for QMail itself since the early 90's, which means that no one has found any. You *COULD* give out RPMs if Bernstein gives you permission, but I know several people that have asked (repeatedly in some cases) but he does not answer any of those emails. As such, we use patches to add functionality to the whole affair, much as everyone else does. Yahoo! runs a patched version of QMail for their whole email system, if that gives you any reassurance to it's stability and security. The PHP and MySQL portions are pretty secure, and I have not heard of too many security problems with either. If you're really worried, I'd suggest bocking incoming connections on port 3306, which will stop outside people from accessing MySQL, and then shutting down Apache (httpd). It's not needed for anything if you're not using webmail as all of the commands can be run from the command line. Then there's no real need to update anything besides spamassassin or clamav if you even decide to use those, and then it's usually only for updates for rules and virus signatures. If you don't use those there's no need to update Toaster anymore (in theory) since the code itself hasn't changed (even the patches) in a long time for security reasons - only for features. If it's still that much of a concern you may look at having someone else run your email, and allow them to deal with updates and security issues. I (as well as several other people on this list, like Erik) run servers like this as part of our businesses so we try and stay on top of all the latest/greatest updates and patches. Hope that helps some. smime.p7s Description: S/MIME Cryptographic Signature
Re: [qmailtoaster] Error when trying to set a Domain Admin in VqAdmin. Anyone else seeing this? It is occuring on 2 new toaster installs. Thanks Ed
Ed Morrison wrote: Erik Espinoza wrote: Have you tried using the command line? No I hadn't. Just did and it worked. Curious that the web interface didn't. Any thoughts? VQAdmin has been lame for a while now. It's released by Inter7 who is no longer doing any support/development for it. They're supposed to come out with a replacement, but it's still on the horizon. The interface you were using is alright to do some things like recovering lost passwords, but I don't think too many people rely on it anymore since it only half works anymore. There's been some talk of people contributing to recode it (actually write a new package entirely) but it's always a side-project that falls to the wayside. smime.p7s Description: S/MIME Cryptographic Signature
Re: [qmailtoaster] tcpserver-limits-patch
Hey JP, Please ensure that the patch defaults to the original behavior of the QmailToaster if no settings are added to the tcp.smtp. I don't want to accept a patch that changes the default behavior of the default install. Thanks, Erik On 1/17/07, Jean-Paul van de Plasse [EMAIL PROTECTED] wrote: I could not agree more on this. Will do this today! JP - Original Message - From: Eric Shubes [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Thursday, January 18, 2007 12:24 AM Subject: Re: [qmailtoaster] tcpserver-limits-patch While doing this w/ iptables is certainly doable, I'd like to see a simple way of handling it with the toaster too. The patch would be nice (imho). Philip Nix Guru wrote: Hi JP I was just thinking in a general setup. Not everyone knows how to set iptables. And I often see spammers connecting to some of my smtps with 30-40 connections (at least trying ..) :) that would easily get your server down for your customers, the max concurrencyincoming wont allow any new connections I use that kind of template (you can easily add -s and -d to filter) iptables -I INETIN -p tcp --dport 25 -i eth1 -m state --state NEW -m recent --set iptables -I INETIN -p tcp --dport 25 -i eth1 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 -j DROP QToaster should add either the option through tcp.smtp or some basic iptables rules it would help a few users I think. Too often you see 30-100 connections from the same source and that just blocks your server for your real users Just an idea :) Jean-Paul van de Plasse wrote: Hi Philip, Just curious but what good does it do when you can allready do this with iptables? When I changed ucspi-tcp-toaster last week I figured they were not very usefull.. Regards, JP - Original Message - From: Philip Nix Guru [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, January 17, 2007 10:24 PM Subject: [qmailtoaster] tcpserver-limits-patch Hello EE would it be possible to integrate the tcpserver-limits-patch into the ucspi-tcp-toaster ? It is pretty useful to have MAXLOAD MAXCONNIP MAXCONNC DIEMSG in the tcp.smtp cdb file I am already doing that trough my iptables setup but it could be useful Thx -Philip -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] tcpserver-limits-patch
Hey Erik, Thats the only way I would do this.. :) JP - Original Message - From: Erik Espinoza [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Thursday, January 18, 2007 1:54 AM Subject: Re: [qmailtoaster] tcpserver-limits-patch Hey JP, Please ensure that the patch defaults to the original behavior of the QmailToaster if no settings are added to the tcp.smtp. I don't want to accept a patch that changes the default behavior of the default install. Thanks, Erik On 1/17/07, Jean-Paul van de Plasse [EMAIL PROTECTED] wrote: I could not agree more on this. Will do this today! JP - Original Message - From: Eric Shubes [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Thursday, January 18, 2007 12:24 AM Subject: Re: [qmailtoaster] tcpserver-limits-patch While doing this w/ iptables is certainly doable, I'd like to see a simple way of handling it with the toaster too. The patch would be nice (imho). Philip Nix Guru wrote: Hi JP I was just thinking in a general setup. Not everyone knows how to set iptables. And I often see spammers connecting to some of my smtps with 30-40 connections (at least trying ..) :) that would easily get your server down for your customers, the max concurrencyincoming wont allow any new connections I use that kind of template (you can easily add -s and -d to filter) iptables -I INETIN -p tcp --dport 25 -i eth1 -m state --state NEW -m recent --set iptables -I INETIN -p tcp --dport 25 -i eth1 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 -j DROP QToaster should add either the option through tcp.smtp or some basic iptables rules it would help a few users I think. Too often you see 30-100 connections from the same source and that just blocks your server for your real users Just an idea :) Jean-Paul van de Plasse wrote: Hi Philip, Just curious but what good does it do when you can allready do this with iptables? When I changed ucspi-tcp-toaster last week I figured they were not very usefull.. Regards, JP - Original Message - From: Philip Nix Guru [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, January 17, 2007 10:24 PM Subject: [qmailtoaster] tcpserver-limits-patch Hello EE would it be possible to integrate the tcpserver-limits-patch into the ucspi-tcp-toaster ? It is pretty useful to have MAXLOAD MAXCONNIP MAXCONNC DIEMSG in the tcp.smtp cdb file I am already doing that trough my iptables setup but it could be useful Thx -Philip -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Should I use qmail toaster?
Thank you for the explanation... :) I do have some specific config questions, but I'll read through the wiki first. Also, is there a basic post-install walk through that shows how to configure things like log rotation, mailbox quotas, auto-updates of signatures, etc... plus what ever else is needed to set up the server for hands free use. Thanks again, David --- Jake Vickers [EMAIL PROTECTED] wrote: Dave wrote: What exactly are the licensing issues that prevent qmail from simply being folded in to the CentOS or Ubuntu disrabutions? I'm a little uneasy running a sevrer that requires a kludge to keep automatically up to date. Also, the QM Toaster kit seems to force the use of PHP and MySQL. (... Both items that are hard to secure and I would rather keep off this low-volume server.) The writer of the software (Bernstein) requires that it be distributed as source code so that you know you're getting EXACTLY what he wrote, which is secure. If you read on his site, he's had a running reward for anyone who could find a security hole in his software. It's never been claimed as far as I know. I am not aware of any security patches released for QMail itself since the early 90's, which means that no one has found any. You *COULD* give out RPMs if Bernstein gives you permission, but I know several people that have asked (repeatedly in some cases) but he does not answer any of those emails. As such, we use patches to add functionality to the whole affair, much as everyone else does. Yahoo! runs a patched version of QMail for their whole email system, if that gives you any reassurance to it's stability and security. The PHP and MySQL portions are pretty secure, and I have not heard of too many security problems with either. If you're really worried, I'd suggest bocking incoming connections on port 3306, which will stop outside people from accessing MySQL, and then shutting down Apache (httpd). It's not needed for anything if you're not using webmail as all of the commands can be run from the command line. Then there's no real need to update anything besides spamassassin or clamav if you even decide to use those, and then it's usually only for updates for rules and virus signatures. If you don't use those there's no need to update Toaster anymore (in theory) since the code itself hasn't changed (even the patches) in a long time for security reasons - only for features. If it's still that much of a concern you may look at having someone else run your email, and allow them to deal with updates and security issues. I (as well as several other people on this list, like Erik) run servers like this as part of our businesses so we try and stay on top of all the latest/greatest updates and patches. Hope that helps some. Cheap talk? Check out Yahoo! Messenger's low PC-to-Phone call rates. http://voice.yahoo.com - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Should I use qmail toaster?
Dave wrote: Thank you for the explanation... :) I do have some specific config questions, but I'll read through the wiki first. Also, is there a basic post-install walk through that shows how to configure things like log rotation, mailbox quotas, auto-updates of signatures, etc... plus what ever else is needed to set up the server for hands free use. Everyone is trying to add these things as we think of them. Some is usually just answered on the list. Log rotation is done automatically, and the size of the log files before rotation is defined in /var/qmail/control/logcount and logsize (the wiki will explain some more). Not really much to do post-install besides add domains and users. There are some spam things you can add in if your needs require them, and some other customizations (such as smtproutes) but it's only if you need them. Updates of signatures is done automatically (cron job), so just about everything should be hands-free unless you need to change something to fit your environment. smime.p7s Description: S/MIME Cryptographic Signature
Re: [qmailtoaster] tcpserver-limits-patch
Hi JP I was just thinking in a general setup. Not everyone knows how to set iptables. And I often see spammers connecting to some of my smtps with 30-40 connections (at least trying ..) :) that would easily get your server down for your customers, the max concurrencyincoming wont allow any new connections I use that kind of template (you can easily add -s and -d to filter) iptables -I INETIN -p tcp --dport 25 -i eth1 -m state --state NEW -m recent --set iptables -I INETIN -p tcp --dport 25 -i eth1 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 -j DROP QToaster should add either the option through tcp.smtp or some basic iptables rules it would help a few users I think. Too often you see 30-100 connections from the same source and that just blocks your server for your real users Just an idea :) Jean-Paul van de Plasse wrote: Hi Philip, Just curious but what good does it do when you can allready do this with iptables? When I changed ucspi-tcp-toaster last week I figured they were not very usefull.. Regards, JP - Original Message - From: Philip Nix Guru [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, January 17, 2007 10:24 PM Subject: [qmailtoaster] tcpserver-limits-patch Hello EE would it be possible to integrate the tcpserver-limits-patch into the ucspi-tcp-toaster ? It is pretty useful to have MAXLOAD MAXCONNIP MAXCONNC DIEMSG in the tcp.smtp cdb file I am already doing that trough my iptables setup but it could be useful Thx -Philip - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Should I use qmail toaster?
Thanks for pointers Perhaps there should be a post install guide section on the wiki? -- David --- Jake Vickers [EMAIL PROTECTED] wrote: Dave wrote: Thank you for the explanation... :) I do have some specific config questions, but I'll read through the wiki first. Also, is there a basic post-install walk through that shows how to configure things like log rotation, mailbox quotas, auto-updates of signatures, etc... plus what ever else is needed to set up the server for hands free use. Everyone is trying to add these things as we think of them. Some is usually just answered on the list. Log rotation is done automatically, and the size of the log files before rotation is defined in /var/qmail/control/logcount and logsize (the wiki will explain some more). Not really much to do post-install besides add domains and users. There are some spam things you can add in if your needs require them, and some other customizations (such as smtproutes) but it's only if you need them. Updates of signatures is done automatically (cron job), so just about everything should be hands-free unless you need to change something to fit your environment. Food fight? Enjoy some healthy debate in the Yahoo! Answers Food Drink QA. http://answers.yahoo.com/dir/?link=listsid=396545367 - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Should I use qmail toaster?
Dave wrote: Thanks for pointers Perhaps there should be a post install guide section on the wiki? No reason there can't be. I just can't think of what to put in it. Do you have any suggestions to help us get started? Thanks. smime.p7s Description: S/MIME Cryptographic Signature
Re: [qmailtoaster] Re: Accepting mail from local mail servers
[EMAIL PROTECTED] wrote: Thank you for all the replys. Eric, you are right. The toaster is seeing my internal localhost sendmail session as coming from the public nat ip. Lucky guess. ;) My next question is, am i adding the tcp.smtp settings you mentioned to be able to use mail.company.com from my internal app behind nat to send mail through the mail.company.com instead of the localhost sendmail? Sort of, but not exactly. The tcp.smtp settings will allow mail.company.com (the server, not necessarily the domain) to be used as an open relay (to anywhere, as far as the toaster's concerned) for any smtp connection coming from from your internal lan. The internal hosts still use their localhost sendmail. It's just that when localhost sendmail on each of their computers tries to send an email to company.com, it looks up the DNS MX record for company.com and tries to connect there. Question is, why is the toaster at company.com rejecting the message? I'm not quite sure. A look at /var/log/qmail/smtp/current on the toaster should tell. I'm curious to know exactly why the message is failing (I'm still learning this stuff too!). In any case, the changes to tcp.smtp should give a green light (open relay) for any session coming from the specified address. Basically with allow and relayclient settings in tcp.smtp my internal app behind nat should be able to send email through the external toaster without authenticating? TTBOMK, yes. I think i want to do that, but would it be more secure being able to authenticate from the internal php app to mail.company.com through a specific account without any tcp.smtp settings? TTBOMK, yes. From what I know (and there's a lot that I don't), I'd try using postfix in place of sendmail on the internal hosts, and have them route all (or just company.com) mail to the toaster, with authentication. I've seen this type of configuration before, and it works quite well. From what I understand postfix is a bit better (easier to configure, more secure) than sendmail. Postfix is a drop-in replacement for sendmail, so you shouldn't have to modify any of your apps. Best of luck! What JP says would certainly help. Given what you *have* said though, and making a few presumptions, I might have a fix for you. Since your internal machines are being nat'd, I'm thinking that the smtp sessions for these will appear to the toaster to be coming from the external address of the natting device. Simply add that address (the external address of your natting device) to /etc/tcprules.d/tcp.smtp file like so: external.address.of.nat:allow,RELAYCLIENT= Regenerate your cdb file: # qmailctl cdb and you should be good to go. Note, this solution is a tad bit insecure. If someone were able to spoof this address (while unlikely it *is* possible), they could use your toaster as an open relay. Not much of an issue if it's a private address, somewhat more so if it's public. The best solution, while not as easy but more secure, would be to configure the sendmail clients to authenticate themselves. Jean-Paul van de Plasse wrote: Hi, Any messages in the logfiles (on both qmailtoaster server and development machines) What do you get when you telnet from the development machine to the qmailtoaster on port 25 and type something like helo mail from:[EMAIL PROTECTED] rcpt to:[EMAIL PROTECTED] data subject: test test . Simply said, more info is needed to solve this for you. Regards, JP - Original Message - From: [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, January 17, 2007 8:29 PM Subject: [qmailtoaster] Re: Accepting mail from local mail servers Hi, I am not sure what the problem is and how to resolve it. I am hosting my company qmailtoaster server in the datacenter on an external ip, I also have some development machines inside the company behind the nat on internal ips. When an internal application sends email out to [EMAIL PROTECTED] using sendmail on localhost, I am not getting that email at [EMAIL PROTECTED] I am pretty sure qmail rejects these emails because they come from a mailserver behind nat which doesnt resolve to anything. What do I need to configure on qmailtoaster so I can allow my development machines to send me email to [EMAIL PROTECTED] Is there a setting where I can just specify my company external ip to allow all the mail from my internal subnet without being rejected? Thank you -- -Eric 'shubes' -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Should I use qmail toaster?
That would be great! Care to write one? Dave wrote: Thanks for pointers Perhaps there should be a post install guide section on the wiki? -- David --- Jake Vickers [EMAIL PROTECTED] wrote: Dave wrote: Thank you for the explanation... :) I do have some specific config questions, but I'll read through the wiki first. Also, is there a basic post-install walk through that shows how to configure things like log rotation, mailbox quotas, auto-updates of signatures, etc... plus what ever else is needed to set up the server for hands free use. Everyone is trying to add these things as we think of them. Some is usually just answered on the list. Log rotation is done automatically, and the size of the log files before rotation is defined in /var/qmail/control/logcount and logsize (the wiki will explain some more). Not really much to do post-install besides add domains and users. There are some spam things you can add in if your needs require them, and some other customizations (such as smtproutes) but it's only if you need them. Updates of signatures is done automatically (cron job), so just about everything should be hands-free unless you need to change something to fit your environment. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Should I use qmail toaster?
Jake Vickers wrote: Dave wrote: Thanks for pointers Perhaps there should be a post install guide section on the wiki? No reason there can't be. I just can't think of what to put in it. Do you have any suggestions to help us get started? Thanks. Aw, cm'on Jake. ;) I'd start with qmailtoaster-plus ;) (if it wasn't used to do the install in the first place). Then there's: .) caching nameserver verification .) backups (always dreaded, but pretty simple with QTP) .) rbls (the stock toaster doesn't do much in this arena) .) spamassassin - turn off local rules only - turn on SURBLs - rules-du-jour (if desired) - turn autoexpire off and run from cron .) SPF, SRS, DK configuration The list isn't endless, but that's a start. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Re: Accepting mail from local mail servers
Question is, why is the toaster at company.com rejecting the message? I'm not quite sure. A look at /var/log/qmail/smtp/current on the toaster should tell. I'm curious to know exactly why the message is failing (I'm still learning this stuff too!). In any case, the changes to tcp.smtp should give a green light (open relay) for any session coming from the specified address. I'd wager that the relay was denied because the internal machines hostnames aren't resolve-able in DNS on the real Internet. Suppose my public internet is kabewm.com and my internal infrastructure runs on internal.kabewm.com. Since my public DNS records don't have any A, MX or other entries for internal.kabewm.com, then the QmailToaster will reject e-mail coming from [EMAIL PROTECTED] since it couldn't possibly be a real return e-mail. shamelessplugBy the way, my blog is http://www.kabewm.com/ and contains info on things going on with QmailToaster. :)/shamelessplug Erik - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] SMTP connection failed all of a sudden
Hi list, My Qmail server was working fine until 2 days ago I suddenly couldn't connect to the SMTP service externally. The service is running, and I can connect from localhost. At first I thought it's a firewall issue and I turned off firewall as well as iptables. However, the same thing is still happening. From the log I see that a few other connections got to make through from other countries. However, for mine, the server log just says there is a connection, and the telnet client simply says connection failed. Then the connection on the server would time out. This is so strange... can someone help me here? Best regards, Peter Wu
Re: [qmailtoaster] compile errors
Hi Alex, try removing sendmail: command: rpm -e sendmail --nodeps then try running the script again I've the same problem before. - Original Message From: Kisakye Alex [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Thursday, January 18, 2007 12:21:50 AM Subject: RE: [qmailtoaster] compile errors Sendmail is installed Alex From: Gabriel Lai [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 17, 2007 6:02 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] compile errors Check whether sendmail is already uninstalled from the system. issue this command: rpm -e sendmail --nodeps I have the same problem sometime due to sendmail havent uninstall - Original Message From: Kisakye Alex [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, January 17, 2007 8:37:12 PM Subject: [qmailtoaster] compile errors Hello 1)I have been trying to install Toaster on Fedora Core 5! I have been getting the error below during installation! can any one point me in the right direction?? 2) There was a post earlier on the list on problems experienced while installing toaster on CentOS server install, was this erectified?? ie can I move my installation to CentOS?? I have just had enough with Fedora Core Errors below; Installing courier-authlib-toaster-0.59-1.3.4.src.rpm error: Failed build dependencies /usr/include/ltdl.h is needed by courier-authlib-toaster-0.59-1.3.4.i386 error: File not found by glob: /usr/src/redhat/RPMS/i386/courier-authlib-toaster*.rpm Installing courier-imap-toaster-4.1.2-1.3.6.src.rpm error: Failed build dependencies courier-authlib-toaster is needed by courier-imap-toaster-4.1.2-1.3.6.i386 error: File not found by glob: /usr/src/redhat/RPMS/i386/courier-imap-toaster*.rpm thanks ALex Finding fabulous fares is fun. Let Yahoo! FareChase search your favorite travel sites to find flight and hotel bargains. Need a quick answer? Get one in minutes from people who know. Ask your question on www.Answers.yahoo.com
Re: [qmailtoaster] SMTP connection failed all of a sudden
Hi Peter, 1. Please check if your /var/qmail/control/blacklists contains any obsolete servers and make sure they can respond to you wihtin a resonable time. You can also minimize your blacklist. Currently, I have only one entry: -r zen.spamhaus.org 2. If you connect to the email server by using your ISP's dynamic IP, make sure it is not blacklisted. If that's the problem you are facing, you may consider creating the submission port (port 587) for authenticated users to send email. I suppose the stable version should have already had such feature built-in (Would anybody correct me if I am wrong). Best regards, Bill On 1/18/07, Yi-Lei Wu [EMAIL PROTECTED] wrote: Hi list, My Qmail server was working fine until 2 days ago I suddenly couldn't connect to the SMTP service externally. The service is running, and I can connect from localhost. At first I thought it's a firewall issue and I turned off firewall as well as iptables. However, the same thing is still happening. From the log I see that a few other connections got to make through from other countries. However, for mine, the server log just says there is a connection, and the telnet client simply says connection failed. Then the connection on the server would time out. This is so strange... can someone help me here? Best regards, Peter Wu
Re: [qmailtoaster] SMTP connection failed all of a sudden
Hi Bill, Thank you so much for your help. Apparently it's related to issue #1 you mentioned. The server could not find the blacklist server, and this is still due to the earthquake's damage of lines in Asia. It also could not find zen.spamhaus.org Oh well, nevertheless I cleared out the blacklist and now connections are restored. Thank you again for the prompt help. If you ever come by Guangzhou, China, drop me an email and I'll invite you to dinner :-) Best regards, Peter Wu On 1/18/07, Bill Kwok [EMAIL PROTECTED] wrote: Hi Peter, 1. Please check if your /var/qmail/control/blacklists contains any obsolete servers and make sure they can respond to you wihtin a resonable time. You can also minimize your blacklist. Currently, I have only one entry: -r zen.spamhaus.org 2. If you connect to the email server by using your ISP's dynamic IP, make sure it is not blacklisted. If that's the problem you are facing, you may consider creating the submission port (port 587) for authenticated users to send email. I suppose the stable version should have already had such feature built-in (Would anybody correct me if I am wrong). Best regards, Bill On 1/18/07, Yi-Lei Wu [EMAIL PROTECTED] wrote: Hi list, My Qmail server was working fine until 2 days ago I suddenly couldn't connect to the SMTP service externally. The service is running, and I can connect from localhost. At first I thought it's a firewall issue and I turned off firewall as well as iptables. However, the same thing is still happening. From the log I see that a few other connections got to make through from other countries. However, for mine, the server log just says there is a connection, and the telnet client simply says connection failed. Then the connection on the server would time out. This is so strange... can someone help me here? Best regards, Peter Wu
Re: [qmailtoaster] Should I use qmail toaster?
No reason there can't be. I just can't think of what to put in it. Do you have any suggestions to help us get started? Thanks. Hmm As a new user, I guess even after the install guides, I would still view the system as a fresh OS-esque install Given that most users are probably not experienced Linux admins, the ideal post-install guide would clearly explain the full range and sequence of tasks needed to prepare the server for a long term deployment as an e-mail appliance. (Even addressing non-qmail specific items.) Here are some things that come to mind, but I am sure you folks can think of much more: - Network ACL's - System backups - User data and config backups - Daemon lockdown - Removal of unneeded services - Auto-updates of anything possible. (Think Apache/PHP/SSH/etc... or, even more important, SquirrelMail.) - Basic health reporting / stats to someone. ... and so on... :) -- David TV dinner still cooling? Check out Tonight's Picks on Yahoo! TV. http://tv.yahoo.com/ - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Should I use qmail toaster?
Hi Dave, There are projects about Network ACL's (IPTables), System backups (Amanda), Daemon Lockdowns (Bastille) and so on. In addition there are plenty of books on the subject matter. That said I mean absolutely no offense to anyone by this next comment. This community isn't here to teach you (or anyone) how to be a network and system admin. We're here about the QmailToaster Project. Don't get me wrong, this community always goes above and beyond to help out a straggled user, but come on . . . My apologies if anyone is offended. Thanks, Erik Here are some things that come to mind, but I am sure you folks can think of much more: - Network ACL's - System backups - User data and config backups - Daemon lockdown - Removal of unneeded services - Auto-updates of anything possible. (Think Apache/PHP/SSH/etc... or, even more important, SquirrelMail.) - Basic health reporting / stats to someone. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Should I use qmail toaster?
Hi Erik, We're here about the QmailToaster Project. Don't get me wrong, this community always goes above and beyond to help out a straggled user, but come on . . . My apologies if anyone is offended. No offense taken The impressive amount of customization and packaging effort that has been put into QmailToaster project solves some of the biggest problems that a new sysadmin would face in setting up an email server. As you rightly point out, much of remaining points are not at all about qmail. This project almost provides a turn-key solution that even the most harried office administrator could use to set up a small email server. The suggestions, if implemented, would simply move the project further down the appliance path. -- David Sucker-punch spam with award-winning protection. Try the free Yahoo! Mail Beta. http://advision.webevents.yahoo.com/mailbeta/features_spam.html - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Should I use qmail toaster?
For that we have the QmailToaster Virtual Appliance for VMware Server/Player/Workstation. :) Erik On 1/17/07, Dave [EMAIL PROTECTED] wrote: Hi Erik, We're here about the QmailToaster Project. Don't get me wrong, this community always goes above and beyond to help out a straggled user, but come on . . . My apologies if anyone is offended. No offense taken The impressive amount of customization and packaging effort that has been put into QmailToaster project solves some of the biggest problems that a new sysadmin would face in setting up an email server. As you rightly point out, much of remaining points are not at all about qmail. This project almost provides a turn-key solution that even the most harried office administrator could use to set up a small email server. The suggestions, if implemented, would simply move the project further down the appliance path. -- David Sucker-punch spam with award-winning protection. Try the free Yahoo! Mail Beta. http://advision.webevents.yahoo.com/mailbeta/features_spam.html - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] reason: 554 : Relay access denied / Returned mail: see transcript for details
At this point, this problem is really paralizing, so I implore anyone for some help and assistance. Okay, this is a repeat, and a renewed effort to try to get to the bottom of this - I am starting to believe that there is something screwed up on my qmail toaster, as this odd behavior seems to have started around the same time I performed the last update - but that's speculation. Anyway, here's the scenario: QmailToaster installed on a Centos 4.4 box (frequently updated via yum) Pre-existing accounts work just fine. When creating a new domain (either via vqadmin, or vadddomain), and subsequently setting up new accounts using qmailadmin, the error below happens every single time when someone tries to send mail *TO* those accounts. Anyone else on the same server can send and receive mail from those accounts. Someone from an outside server, say Yahoo, dot-mac, or gmail, for example, will get the error message below back, claiming inability to deliver. Other domains and accounts on that same server, that existed previously, work just fine. Only new domains and accounts act that way. Essentially, it acts as if someone tried to relay through it, but in fact, how would that pop up if one is just sending mail, simply, from an outside account? Only additional piece of that puzzle might be that this is a separate mail server box, from the domain's web-server, and DNS server. Within the DNS record, it simply points properly to the IP of the web- server, and the one from the mail server - just as the others are doing. Is there something in DNS I should be checking out? Anyway, from Yahoo.com sent mail gets the error message below: [EMAIL PROTECTED]: 216.193.231.146 does not like recipient. Remote host said: 554 [EMAIL PROTECTED]: Relay access denied Giving up on 216.193.231.146. All other accounts get the error message as follows: Begin forwarded message: From: Mail Delivery Subsystem [EMAIL PROTECTED] Date: January 17, 2007 11:30:23 PM PST To: [EMAIL PROTECTED] Subject: Returned mail: see transcript for details The original message was received at Wed, 17 Jan 2007 23:30:23 -0800 (PST) from smtpin05-en2 [10.13.10.150] - The following addresses had permanent fatal errors - [EMAIL PROTECTED] (reason: 554 [EMAIL PROTECTED]: Relay access denied) - Transcript of session follows - ... while talking to realasia-services.com.: DATA 554 [EMAIL PROTECTED]: Relay access denied 554 5.0.0 Service unavailable 554 Error: no valid recipients Reporting-MTA: dns; smtpout.mac.com Received-From-MTA: DNS; smtpin05-en2 Arrival-Date: Wed, 17 Jan 2007 23:30:23 -0800 (PST) Final-Recipient: RFC822; [EMAIL PROTECTED] Action: failed Status: 5.0.0 Remote-MTA: DNS; realasia-services.com Diagnostic-Code: SMTP; 554 [EMAIL PROTECTED]: Relay access denied Last-Attempt-Date: Wed, 17 Jan 2007 23:30:23 -0800 (PST) From: Harry Zink [EMAIL PROTECTED] Date: January 17, 2007 11:30:20 PM PST To: Dr. Harald K. Zink [EMAIL PROTECTED] Subject: new test (from mac.com)