[qmailtoaster] UpdateSaneSecurity.sh problems.
Hi, I get these error msgs every hour from cron. /etc/cron.hourly/UpdateSaneSecurity.sh: Cannot run: there is already a running copy It has been working fine no problems at all.. it just began some days ago. Ive tried to reboot but it didn't help. Anny suggestions ? qtp-whatami v0.2.4 DISTRO=CentOS OSVER=5 ARCH=i686 BUILD_DIST=cnt50 BUILD_DIR=/usr/src/redhat This machine's OS is supported, but this version/arch has not been tested.
RE: [qmailtoaster] hand mail off to exchange
-Original Message- From: Jake Vickers [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 10:02 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] hand mail off to exchange Here's an interesting situation, and I'm polling for ideas. I have a client that has an IT department that is running an Exchange server. I currently run all of their email. They would like to start using the Exchange server, so they would like me to pass the email off to their exchange server. They still want to SEND emails through my SMTP server as well. Here's the ways I know I can use: I can remove their accounts from my machine and just do a simple smtproutes rule to send all email for them to the Exchange's IP. Have them send all emails through 1 authenticated email address through my machine as a relay. I know I can also give their Exchange server a new name (exchange.client.com) and just create forwards to the new addresses there. they would use their old account ([EMAIL PROTECTED]) to send emails as they always have. They could use the POP3 connector built into Exchange to poll the email from me (bear in mind that this IT department is not very friendly or cooperative - they love to go out of their way and show that they are better than I am - long story) and still use their normal SMTP-AUTH accounts to send email through me. I'm sure there are other ways, and that's what I'm looking to hear from those of you out there who have tried things. What about creating a tap on the domain to send to their IP address? Has anyone tried anything similar? I remember someone posting about getting emails to 2 different machines hosting the same domain, and I thought they had sent copies to the other machine's hostname to get emails in 2 places (so the user could log into either server and see their emails). Anyone else have any other ideas? Thanks. Jake, You know better than anyone my limited knowledge on this subject but isn't what you are looking to do similar to how our Exchange server handles things in our network? Steve Ingraham - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] hand mail off to exchange
Jake Vickers wrotes: Here's an interesting situation, and I'm polling for ideas. I have a client that has an IT department that is running an Exchange server. I currently run all of their email. They would like to start using the Exchange server, so they would like me to pass the email off to their exchange server. They still want to SEND emails through my SMTP server as well. Here's the ways I know I can use: I can remove their accounts from my machine and just do a simple smtproutes rule to send all email for them to the Exchange's IP. Have them send all emails through 1 authenticated email address through my machine as a relay. I know I can also give their Exchange server a new name (exchange.client.com) and just create forwards to the new addresses there. they would use their old account ([EMAIL PROTECTED]) to send emails as they always have. They could use the POP3 connector built into Exchange to poll the email from me (bear in mind that this IT department is not very friendly or cooperative - they love to go out of their way and show that they are better than I am - long story) and still use their normal SMTP-AUTH accounts to send email through me. I suggest to move ALL the accounts to the exchange server and becoming a simple smtp relay for it , and let the administration of them to the IT people. It is also much more easy for you , because you will be charged only of the administration of the smtp relay, and you can manage the in/out mail flow . Have fun, Davide - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] hand mail off to exchange
Here's an interesting situation, and I'm polling for ideas. I have a client that has an IT department that is running an Exchange server. I currently run all of their email. They would like to start using the Exchange server, so they would like me to pass the email off to their exchange server. They still want to SEND emails through my SMTP server as well. Here's the ways I know I can use: I can remove their accounts from my machine and just do a simple smtproutes rule to send all email for them to the Exchange's IP. Have them send all emails through 1 authenticated email address through my machine as a relay. I know I can also give their Exchange server a new name (exchange.client.com) and just create forwards to the new addresses there. they would use their old account ([EMAIL PROTECTED]) to send emails as they always have. They could use the POP3 connector built into Exchange to poll the email from me (bear in mind that this IT department is not very friendly or cooperative - they love to go out of their way and show that they are better than I am - long story) and still use their normal SMTP-AUTH accounts to send email through me. I'm sure there are other ways, and that's what I'm looking to hear from those of you out there who have tried things. What about creating a tap on the domain to send to their IP address? Has anyone tried anything similar? I remember someone posting about getting emails to 2 different machines hosting the same domain, and I thought they had sent copies to the other machine's hostname to get emails in 2 places (so the user could log into either server and see their emails). Anyone else have any other ideas? Thanks. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] hand mail off to exchange
I run several qmail servers that forward to Exchange servers. I could fill you in on specific details if you wanted. We just use smtproutes to route that mail to the Exchange server. We've also setup a POP3Connector to poll the mail from our qmail server in one unique situation. I would avoid that as Microsoft no longer supports their POP3Connector (there's a good alternate out there named Native POP3 Connector that integrates in Exchange seamlessly). But I've learned that I did more maintenance with that setup so I've stopped configuring it that way. Jacob Billingsley MCR Technologies, Inc. 2674 Kraft Ave SE Grand Rapids, MI 49546 Office: 616-942-7244 ext: 205 Fax: 616-942-5988 The information contained in this communication is confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, please note that any dissemination, distribution, or copying of this communication is strictly prohibited. -Original Message- From: Jake Vickers [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 11:02 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] hand mail off to exchange Here's an interesting situation, and I'm polling for ideas. I have a client that has an IT department that is running an Exchange server. I currently run all of their email. They would like to start using the Exchange server, so they would like me to pass the email off to their exchange server. They still want to SEND emails through my SMTP server as well. Here's the ways I know I can use: I can remove their accounts from my machine and just do a simple smtproutes rule to send all email for them to the Exchange's IP. Have them send all emails through 1 authenticated email address through my machine as a relay. I know I can also give their Exchange server a new name (exchange.client.com) and just create forwards to the new addresses there. they would use their old account ([EMAIL PROTECTED]) to send emails as they always have. They could use the POP3 connector built into Exchange to poll the email from me (bear in mind that this IT department is not very friendly or cooperative - they love to go out of their way and show that they are better than I am - long story) and still use their normal SMTP-AUTH accounts to send email through me. I'm sure there are other ways, and that's what I'm looking to hear from those of you out there who have tried things. What about creating a tap on the domain to send to their IP address? Has anyone tried anything similar? I remember someone posting about getting emails to 2 different machines hosting the same domain, and I thought they had sent copies to the other machine's hostname to get emails in 2 places (so the user could log into either server and see their emails). Anyone else have any other ideas? Thanks. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.19.6/1229 - Release Date: 1/17/2008 11:12 AM - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] hand mail off to exchange
Steve Ingraham wrote: You know better than anyone my limited knowledge on this subject but isn't what you are looking to do similar to how our Exchange server handles things in our network? Close Steve. I realize that just being the smtproute for them would be easiest on my end (that's what you're running), but I have the users to look after as well. The IT department that is taking over their desktop support (hence the Exchange server) does not allow access to email unless they're in the network. I'm trying to keep them with webmail access but still fit the criteria of the IT department. I'm stuck between 2 rocks - it's just a matter of deciding if I want my hand smashed or my foot. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] general e-mail issue
I've had this at customer locations before. Can you get a copy of the spam message and get the IP of the sending machine from the header info? Most likely it's a rogue machine with a virus. Then you know the culprit. OR Big hammer cure: turn off / block port 25 outbound for any machine except the legitimate post offices. This might be a good thing to do now anyhow until you can track down the offender. It will keep you from getting re-listed. Run a packet sniffer before the router to see where the port 25 traffic is coming from. You'll need to do this before blocking 25 though. Phil -Original message- From: Jacob Billingsley [EMAIL PROTECTED] Date: Thu, 17 Jan 2008 13:57:58 -0500 To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] general e-mail issue This is not specific to qmail, but I think you guys could still help me. I have a customer that showed up on some blacklists yesterday. I spent some time removing them from the lists and searching for the culprit. I've had this issue once before and it was an infected PC spewing out spam. So we found one very infected PC which we removed from the network and their IT staff is cleaning it up. As of this morning they were not on any blacklists and were e-mailing away. I checked again a little while ago and they are again on blacklists. I'm wondering how you guys would deal with this issue. They are setup so the main campus has an exchange server behind the qmail server. They have two satellite sites that connect to the exchange server to download their e-mail via POP and they send e-mail through the qmail server. Now, I don't think it's possible for someone from the satellite sites to be the culprit but I'm not sure. Have any of you ran into this issue before/ how would you go about identifying the infection? Jacob Billingsley MCR Technologies, Inc. 2674 Kraft Ave SE Grand Rapids, MI 49546 Office: 616-942-7244 ext: 205 Fax: 616-942-5988 The information contained in this communication is confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, please note that any dissemination, distribution, or copying of this communication is strictly prohibited. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] hand mail off to exchange
I haven't tried this but couldn't you remove the domain from the control/virtualdomains file and setup an smtproute from your toaster to the exchange server? Removing the domain from the virtualdomains file should cause qmail-send to deliver any message for the domain remotely and then qmail-remote, using the smtproute, will forward to the exchange server. -Original Message- From: Jake Vickers [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 11:02 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] hand mail off to exchange Here's an interesting situation, and I'm polling for ideas. I have a client that has an IT department that is running an Exchange server. I currently run all of their email. They would like to start using the Exchange server, so they would like me to pass the email off to their exchange server. They still want to SEND emails through my SMTP server as well. Here's the ways I know I can use: I can remove their accounts from my machine and just do a simple smtproutes rule to send all email for them to the Exchange's IP. Have them send all emails through 1 authenticated email address through my machine as a relay. I know I can also give their Exchange server a new name (exchange.client.com) and just create forwards to the new addresses there. they would use their old account ([EMAIL PROTECTED]) to send emails as they always have. They could use the POP3 connector built into Exchange to poll the email from me (bear in mind that this IT department is not very friendly or cooperative - they love to go out of their way and show that they are better than I am - long story) and still use their normal SMTP-AUTH accounts to send email through me. I'm sure there are other ways, and that's what I'm looking to hear from those of you out there who have tried things. What about creating a tap on the domain to send to their IP address? Has anyone tried anything similar? I remember someone posting about getting emails to 2 different machines hosting the same domain, and I thought they had sent copies to the other machine's hostname to get emails in 2 places (so the user could log into either server and see their emails). Anyone else have any other ideas? Thanks. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] general e-mail issue
Phil, Unfortunately, the Spam Police don't provide any evidence off the spam. I understand this as spammers could probably use that information to detect their spam traps. That is a good point to block port 25, I'm going to do that right now. That would probably block anyone using other POP accounts from sending mail also, wouldn't it? What packet sniffer would people recommend? I've been using iptraf to look at some traffic but I can't pin down where traffic on port 25 is coming from. Jacob Billingsley MCR Technologies, Inc. 2674 Kraft Ave SE Grand Rapids, MI 49546 Office: 616-942-7244 ext: 205 Fax: 616-942-5988 The information contained in this communication is confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, please note that any dissemination, distribution, or copying of this communication is strictly prohibited. -Original Message- From: Phil Leinhauser [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 1:34 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] general e-mail issue I've had this at customer locations before. Can you get a copy of the spam message and get the IP of the sending machine from the header info? Most likely it's a rogue machine with a virus. Then you know the culprit. OR Big hammer cure: turn off / block port 25 outbound for any machine except the legitimate post offices. This might be a good thing to do now anyhow until you can track down the offender. It will keep you from getting re-listed. Run a packet sniffer before the router to see where the port 25 traffic is coming from. You'll need to do this before blocking 25 though. Phil -Original message- From: Jacob Billingsley [EMAIL PROTECTED] Date: Thu, 17 Jan 2008 13:57:58 -0500 To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] general e-mail issue This is not specific to qmail, but I think you guys could still help me. I have a customer that showed up on some blacklists yesterday. I spent some time removing them from the lists and searching for the culprit. I've had this issue once before and it was an infected PC spewing out spam. So we found one very infected PC which we removed from the network and their IT staff is cleaning it up. As of this morning they were not on any blacklists and were e-mailing away. I checked again a little while ago and they are again on blacklists. I'm wondering how you guys would deal with this issue. They are setup so the main campus has an exchange server behind the qmail server. They have two satellite sites that connect to the exchange server to download their e-mail via POP and they send e-mail through the qmail server. Now, I don't think it's possible for someone from the satellite sites to be the culprit but I'm not sure. Have any of you ran into this issue before/ how would you go about identifying the infection? Jacob Billingsley MCR Technologies, Inc. 2674 Kraft Ave SE Grand Rapids, MI 49546 Office: 616-942-7244 ext: 205 Fax: 616-942-5988 The information contained in this communication is confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, please note that any dissemination, distribution, or copying of this communication is strictly prohibited. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.19.6/1229 - Release Date: 1/17/2008 11:12 AM - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] hand mail off to exchange
On Jan 17, 2008, at 8:35 AM, Jake Vickers wrote: Steve Ingraham wrote: You know better than anyone my limited knowledge on this subject but isn't what you are looking to do similar to how our Exchange server handles things in our network? Close Steve. I realize that just being the smtproute for them would be easiest on my end (that's what you're running), but I have the users to look after as well. The IT department that is taking over their desktop support (hence the Exchange server) does not allow access to email unless they're in the network. I'm trying to keep them with webmail access but still fit the criteria of the IT department. I'm stuck between 2 rocks - it's just a matter of deciding if I want my hand smashed or my foot. ...or you can wait for the IT department to screw up royally - in such cases of zealous devotion to MS technologies, that is bound to happen. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] UpdateSaneSecurity.sh problems.
That seemed to do the trick.. Thank you. -Opprinnelig melding- Fra: Davide Bozzelli [mailto:[EMAIL PROTECTED] Sendt: 17. januar 2008 14:48 Til: qmailtoaster-list@qmailtoaster.com Emne: Re: [qmailtoaster] UpdateSaneSecurity.sh problems. Espen ha scritto: Hi, I get these error msgs every hour from cron. /etc/cron.hourly/UpdateSaneSecurity.sh: Cannot run: there is already a running copy It seems that the script does not exit cleanly, and so the lock file /tmp/update-sane.lck has not been deleted. Try to delete it manually and then run the script , and check the logfile to see where are the errors. Generally you should receive via cron also the errors related to download problem and so on . Hope this can help, Davide - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] general e-mail issue
Yes, the downside of blocking port 25 is that the users that have external accounts will also be blocked. Sometimes you need to do what you have to do for the moment. It's not permanent. For a sniffer, look at www.ethereal.com. To sniff the network you need to keep 2 things in mind, you need to put a netowork HUB not a switch between the router and the network. Then plug your sniffer machine into the HUB. You cannot sniff from a switch unless you have a manged switch with port replication (Expensive). Also, you'll need to open 25 back up and let the connection happen otherwise your sniffer won't see anything. Ethereal is a great scanner and FREE. Like any good scanner, it will take time to get used to but you should be able to quickly get this much going. It would be worth your time to learn how to really use it so when something else happens you have a handy tool in your arsenal. Phil -Original message- From: Jacob Billingsley [EMAIL PROTECTED] Date: Thu, 17 Jan 2008 15:10:36 -0500 To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] general e-mail issue Phil, Unfortunately, the Spam Police don't provide any evidence off the spam. I understand this as spammers could probably use that information to detect their spam traps. That is a good point to block port 25, I'm going to do that right now. That would probably block anyone using other POP accounts from sending mail also, wouldn't it? What packet sniffer would people recommend? I've been using iptraf to look at some traffic but I can't pin down where traffic on port 25 is coming from. Jacob Billingsley MCR Technologies, Inc. 2674 Kraft Ave SE Grand Rapids, MI 49546 Office: 616-942-7244 ext: 205 Fax: 616-942-5988 The information contained in this communication is confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, please note that any dissemination, distribution, or copying of this communication is strictly prohibited. -Original Message- From: Phil Leinhauser [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 1:34 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] general e-mail issue I've had this at customer locations before. Can you get a copy of the spam message and get the IP of the sending machine from the header info? Most likely it's a rogue machine with a virus. Then you know the culprit. OR Big hammer cure: turn off / block port 25 outbound for any machine except the legitimate post offices. This might be a good thing to do now anyhow until you can track down the offender. It will keep you from getting re-listed. Run a packet sniffer before the router to see where the port 25 traffic is coming from. You'll need to do this before blocking 25 though. Phil -Original message- From: Jacob Billingsley [EMAIL PROTECTED] Date: Thu, 17 Jan 2008 13:57:58 -0500 To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] general e-mail issue This is not specific to qmail, but I think you guys could still help me. I have a customer that showed up on some blacklists yesterday. I spent some time removing them from the lists and searching for the culprit. I've had this issue once before and it was an infected PC spewing out spam. So we found one very infected PC which we removed from the network and their IT staff is cleaning it up. As of this morning they were not on any blacklists and were e-mailing away. I checked again a little while ago and they are again on blacklists. I'm wondering how you guys would deal with this issue. They are setup so the main campus has an exchange server behind the qmail server. They have two satellite sites that connect to the exchange server to download their e-mail via POP and they send e-mail through the qmail server. Now, I don't think it's possible for someone from the satellite sites to be the culprit but I'm not sure. Have any of you ran into this issue before/ how would you go about identifying the infection? Jacob Billingsley MCR Technologies, Inc. 2674 Kraft Ave SE Grand Rapids, MI 49546 Office: 616-942-7244 ext: 205 Fax: 616-942-5988 The information contained in this communication is confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, please note that any dissemination, distribution, or copying of this communication is strictly prohibited. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL
RE: [qmailtoaster] general e-mail issue
The qmail server is the gateway so all the traffic goes through it anyway. I should be able to user ethereal right on the server then, right? Does it only have a gui or does ethereal accept command line Jacob Billingsley MCR Technologies, Inc. 2674 Kraft Ave SE Grand Rapids, MI 49546 Office: 616-942-7244 ext: 205 Fax: 616-942-5988 The information contained in this communication is confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, please note that any dissemination, distribution, or copying of this communication is strictly prohibited. -Original Message- From: Phil Leinhauser [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 2:45 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] general e-mail issue Yes, the downside of blocking port 25 is that the users that have external accounts will also be blocked. Sometimes you need to do what you have to do for the moment. It's not permanent. For a sniffer, look at www.ethereal.com. To sniff the network you need to keep 2 things in mind, you need to put a netowork HUB not a switch between the router and the network. Then plug your sniffer machine into the HUB. You cannot sniff from a switch unless you have a manged switch with port replication (Expensive). Also, you'll need to open 25 back up and let the connection happen otherwise your sniffer won't see anything. Ethereal is a great scanner and FREE. Like any good scanner, it will take time to get used to but you should be able to quickly get this much going. It would be worth your time to learn how to really use it so when something else happens you have a handy tool in your arsenal. Phil -Original message- From: Jacob Billingsley [EMAIL PROTECTED] Date: Thu, 17 Jan 2008 15:10:36 -0500 To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] general e-mail issue Phil, Unfortunately, the Spam Police don't provide any evidence off the spam. I understand this as spammers could probably use that information to detect their spam traps. That is a good point to block port 25, I'm going to do that right now. That would probably block anyone using other POP accounts from sending mail also, wouldn't it? What packet sniffer would people recommend? I've been using iptraf to look at some traffic but I can't pin down where traffic on port 25 is coming from. Jacob Billingsley MCR Technologies, Inc. 2674 Kraft Ave SE Grand Rapids, MI 49546 Office: 616-942-7244 ext: 205 Fax: 616-942-5988 The information contained in this communication is confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, please note that any dissemination, distribution, or copying of this communication is strictly prohibited. -Original Message- From: Phil Leinhauser [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 1:34 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] general e-mail issue I've had this at customer locations before. Can you get a copy of the spam message and get the IP of the sending machine from the header info? Most likely it's a rogue machine with a virus. Then you know the culprit. OR Big hammer cure: turn off / block port 25 outbound for any machine except the legitimate post offices. This might be a good thing to do now anyhow until you can track down the offender. It will keep you from getting re-listed. Run a packet sniffer before the router to see where the port 25 traffic is coming from. You'll need to do this before blocking 25 though. Phil -Original message- From: Jacob Billingsley [EMAIL PROTECTED] Date: Thu, 17 Jan 2008 13:57:58 -0500 To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] general e-mail issue This is not specific to qmail, but I think you guys could still help me. I have a customer that showed up on some blacklists yesterday. I spent some time removing them from the lists and searching for the culprit. I've had this issue once before and it was an infected PC spewing out spam. So we found one very infected PC which we removed from the network and their IT staff is cleaning it up. As of this morning they were not on any blacklists and were e-mailing away. I checked again a little while ago and they are again on blacklists. I'm wondering how you guys would deal with this issue. They are setup so the main campus has an exchange server behind the qmail server. They have two satellite sites that connect to the exchange server to download their e-mail via POP and they send e-mail through the qmail server. Now, I don't think it's possible for someone from the satellite sites to be the culprit but
[qmailtoaster] general e-mail issue
This is not specific to qmail, but I think you guys could still help me. I have a customer that showed up on some blacklists yesterday. I spent some time removing them from the lists and searching for the culprit. I've had this issue once before and it was an infected PC spewing out spam. So we found one very infected PC which we removed from the network and their IT staff is cleaning it up. As of this morning they were not on any blacklists and were e-mailing away. I checked again a little while ago and they are again on blacklists. I'm wondering how you guys would deal with this issue. They are setup so the main campus has an exchange server behind the qmail server. They have two satellite sites that connect to the exchange server to download their e-mail via POP and they send e-mail through the qmail server. Now, I don't think it's possible for someone from the satellite sites to be the culprit but I'm not sure. Have any of you ran into this issue before/ how would you go about identifying the infection? Jacob Billingsley MCR Technologies, Inc. 2674 Kraft Ave SE Grand Rapids, MI 49546 Office: 616-942-7244 ext: 205 Fax: 616-942-5988 The information contained in this communication is confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, please note that any dissemination, distribution, or copying of this communication is strictly prohibited. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] hand mail off to exchange
With this configuration, all messages for this domain are delivered to the remote exchange server. The toaster performs the SMTP, SMTP-AUTH, spam/virus detection and even domainkeys functions and the exchange server performs the local delivery and IMAP/POP functions. -Original Message- From: Jake Vickers [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:01 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] hand mail off to exchange Tim Mancour wrote: I haven't tried this but couldn't you remove the domain from the control/virtualdomains file and setup an smtproute from your toaster to the exchange server? Removing the domain from the virtualdomains file should cause qmail-send to deliver any message for the domain remotely and then qmail-remote, using the smtproute, will forward to the exchange server. Hmm. Are you thinking the message would be delivered locally and also remotely that way? (side note: I already know which route I'm going to use - I'm just fishing to see what other methods people may have come up with. The tap idea was an interesting one I had thought of, and wanted to see if anyone had tried it or any other method that I was not aware of) Thanks! - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] general e-mail issue
I've never run Ethereal on Linux. I have an old laptop that I only use as a network scanner. It's got Windows on it and ethereal. I doubt there is a CL version. When you run it in windows you'll see data that I think would be hard to deal with in CL. -Original message- From: Jacob Billingsley [EMAIL PROTECTED] Date: Thu, 17 Jan 2008 16:02:57 -0500 To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] general e-mail issue The qmail server is the gateway so all the traffic goes through it anyway. I should be able to user ethereal right on the server then, right? Does it only have a gui or does ethereal accept command line Jacob Billingsley MCR Technologies, Inc. 2674 Kraft Ave SE Grand Rapids, MI 49546 Office: 616-942-7244 ext: 205 Fax: 616-942-5988 The information contained in this communication is confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, please note that any dissemination, distribution, or copying of this communication is strictly prohibited. -Original Message- From: Phil Leinhauser [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 2:45 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] general e-mail issue Yes, the downside of blocking port 25 is that the users that have external accounts will also be blocked. Sometimes you need to do what you have to do for the moment. It's not permanent. For a sniffer, look at www.ethereal.com. To sniff the network you need to keep 2 things in mind, you need to put a netowork HUB not a switch between the router and the network. Then plug your sniffer machine into the HUB. You cannot sniff from a switch unless you have a manged switch with port replication (Expensive). Also, you'll need to open 25 back up and let the connection happen otherwise your sniffer won't see anything. Ethereal is a great scanner and FREE. Like any good scanner, it will take time to get used to but you should be able to quickly get this much going. It would be worth your time to learn how to really use it so when something else happens you have a handy tool in your arsenal. Phil -Original message- From: Jacob Billingsley [EMAIL PROTECTED] Date: Thu, 17 Jan 2008 15:10:36 -0500 To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] general e-mail issue Phil, Unfortunately, the Spam Police don't provide any evidence off the spam. I understand this as spammers could probably use that information to detect their spam traps. That is a good point to block port 25, I'm going to do that right now. That would probably block anyone using other POP accounts from sending mail also, wouldn't it? What packet sniffer would people recommend? I've been using iptraf to look at some traffic but I can't pin down where traffic on port 25 is coming from. Jacob Billingsley MCR Technologies, Inc. 2674 Kraft Ave SE Grand Rapids, MI 49546 Office: 616-942-7244 ext: 205 Fax: 616-942-5988 The information contained in this communication is confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, please note that any dissemination, distribution, or copying of this communication is strictly prohibited. -Original Message- From: Phil Leinhauser [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 1:34 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] general e-mail issue I've had this at customer locations before. Can you get a copy of the spam message and get the IP of the sending machine from the header info? Most likely it's a rogue machine with a virus. Then you know the culprit. OR Big hammer cure: turn off / block port 25 outbound for any machine except the legitimate post offices. This might be a good thing to do now anyhow until you can track down the offender. It will keep you from getting re-listed. Run a packet sniffer before the router to see where the port 25 traffic is coming from. You'll need to do this before blocking 25 though. Phil -Original message- From: Jacob Billingsley [EMAIL PROTECTED] Date: Thu, 17 Jan 2008 13:57:58 -0500 To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] general e-mail issue This is not specific to qmail, but I think you guys could still help me. I have a customer that showed up on some blacklists yesterday. I spent some time removing them from the lists and searching for the culprit. I've had this issue once before and it was an infected PC spewing out spam. So we found one very infected PC which we removed from the
Re: [qmailtoaster] general e-mail issue
Jacob Billingsley wrote: This is not specific to qmail, but I think you guys could still help me. I have a customer that showed up on some blacklists yesterday. I spent some time removing them from the lists and searching for the culprit. I've had this issue once before and it was an infected PC spewing out spam. So we found one very infected PC which we removed from the network and their IT staff is cleaning it up. As of this morning they were not on any blacklists and were e-mailing away. I checked again a little while ago and they are again on blacklists. I'm wondering how you guys would deal with this issue. They are setup so the main campus has an exchange server behind the qmail server. They have two satellite sites that connect to the exchange server to download their e-mail via POP and they send e-mail through the qmail server. Now, I don't think it's possible for someone from the satellite sites to be the culprit but I'm not sure. Have any of you ran into this issue before/ how would you go about identifying the infection? Jacob Billingsley MCR Technologies, Inc. 2674 Kraft Ave SE Grand Rapids, MI 49546 Office: 616-942-7244 ext: 205 Fax: 616-942-5988 The information contained in this communication is confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, please note that any dissemination, distribution, or copying of this communication is strictly prohibited. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] stop all connections to port 25 from inside and do a port logging to see what computer is trying to access outside email server (ofcorse you let them to access qmail server) - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] libsepol.so.1 with 1/1/2008 patches for CentOS 5 x86_64
Hi!!! WOWW!!! Changing /var/qmail/supervise/smtp/run to the higher soft limit did it. Thanks! Ben Philip Nix Guru [EMAIL PROTECTED] 01/11/2008 10:49 AM Please respond to qmailtoaster-list@qmailtoaster.com To qmailtoaster-list@qmailtoaster.com cc Subject Re: [qmailtoaster] libsepol.so.1 with 1/1/2008 patches for CentOS 5 x86_64 Hello Yiu must change the memory allocated but to the smtp run file /var/qmail/supervise/smtp/run Try exec /usr/bin/softlimit -m 8500 ... It will work Cheers -P Benjamin O Baez wrote: Thanks, but that didn't fix the problem. In answer to an earlier email, I did reboot the server. The updates appliead were about 400+ and look to be update 1 from CentOS. I usually snapshot before an update, but forgot this time. I will be going back to a bare metal backup image of the server. Thanks, Ben *Johannes Weberhofer, Weberhofer GmbH [EMAIL PROTECTED]* 01/09/2008 12:43 AM Please respond to qmailtoaster-list@qmailtoaster.com To qmailtoaster-list@qmailtoaster.com cc Subject Re: [qmailtoaster] libsepol.so.1 with 1/1/2008 patches for CentOS 5 x86_64 Hi Ben, please check http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg14674.html it could be the same issue. Johannes Benjamin O Baez schrieb: Hi, I am running CentOS 5 x86_64 and after a long period of no updates to the OS, I decided to install the latest and greatest updates. I am now not getting email and here are the following error messages in log /var/log/qmail/smtp/current @40004784a6b50e4d0c84 tcpserver: status: 0/100 @40004784a6b5181daee4 tcpserver: status: 1/100 @40004784a6b5181daee4 tcpserver: pid 3097 from 64.18.133.125 @40004784a6b5181daee4 tcpserver: ok 3097 mta01.biospectra.com:64.142.102.68:25 :64.18.133.125::43529 @40004784a6b5182b0cc4 /var/qmail/bin/qmail-smtpd: error while loading shared libraries: libsepol.so.1: failed to map segment from shared object: Cannot allocate memory @40004784a6b5182b187c tcpserver: end 3097 status 32512 Any ideas? Thanks, Ben -- |- | weberhofer GmbH | Johannes Weberhofer | information technologies | Austria, 1080 Wien, Blindengasse 52/3 | | Firmenbuch: 225566s, Handelsgericht Wien | UID: ATU55277701 | | phone : +43 (0)1 5454421 0| email: [EMAIL PROTECTED] | fax : +43 (0)1 5454421 19 | web : http://weberhofer.at | mobile: +43 (0)699 11998315 |--- - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] 'New' packages at Devel site?
Hello, I noticed that there ate many new packages available for download at the developement site but the version numbers look the same as the old ones. Are these really different or newer?? thanks, Chas. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] 'New' packages at Devel site?
No. They are the same. Migrating to one project site. On 1/17/08, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hello, I noticed that there ate many new packages available for download at the developement site but the version numbers look the same as the old ones. Are these really different or newer?? thanks, Chas. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Sent from Gmail for mobile | mobile.google.com - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] mail server and proxy server
Hello group, We have a proxy server and a mail server that are installed in a different box. They are both having a public IP. Then from my proxy server we have an internal server that will send email outside and will use our mail server. That internal server is sending email notification. The QT is working well if the mail came from other domain but if it comes from our proxy server then only 2 mails can be delivered. I did a tail in the smtp and here is the result. May i know on what you think of this? Thank you. sandeil @4000478f0d0e2dcac934 CHKUSER accepted sender: from [EMAIL PROTECTED]:: remote oracleebsprod:unknown:proxy_ip rcpt : sender accepted @4000478f0d0e2dee85a4 CHKUSER accepted rcpt: from [EMAIL PROTECTED]:: remote oracleebsprod:unknown:proxy_ip rcpt [EMAIL PROTECTED] : found existing recipient @4000478f0d0e2e98db1c connect(): No such file or directory @4000478f0d0e2ea9b39c qmail-smtpd: qq soft reject (mail server temporarily rejected message (#4.3.0)): MAILFROM:[EMAIL PROTECTED] RCPTTO:[EMAIL PROTECTED] @4000478f0d0f08b28254 tcpserver: status: 3/100 - Looking for last minute shopping deals? Find them fast with Yahoo! Search.