Re: [qmailtoaster] Two Toasters And A Backup Script?
Duncan Sterling wrote: Jake Vickers wrote: Duncan Sterling wrote: Greetings All, Quick question: in the interest of redundancy and quick disaster recovery, would it not make sense while running a production toaster to: 1) Build an identically configured backup toaster 2) Run (Jakes?) backup script daily on the production toaster, backing it up to the the backup toaster Thereby allowing near instant recovery in the event of HW/sotware failure on the production box? In the past, for ISPs, I've used some type of shared filesystem (usually NFS using 2 servers running DRBD and heartbeat) and then configured 2+ Qmail systems to act as front ends using the shared backend filesystem (most of the config files, and the mail store). Then you have 2 servers that you can DNS-round-robin, and it's trivial to plug more in as load increases. Although what you're suggesting WOULD work. The biggest things is always sharing the mysql DB, but there's several ways to do that depending on your conditions. Thanks for your reply, Jake. I was thinking that perhaps the backup box's mysql could be slaved to the primary's as one possible solution? --Duncan - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] You don't have to run the backup script because it will be waste of time to archive the files, just rsync your domain dir and do a mysql dump/restore. Regards, Lucian - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] TLS
Hello John, just replace /var/qmail/control/servercert.pem with your certificate and restart qmail-toaster. Certificates for IMAPS/POP3S and SMTP/TLS are using this certificate. Johannes Tek Support schrieb: Hi, now that I'm strongly considering using port 587 for my staff, I thought it also a wise choice to make them use TLS. I am in my thunderbird and tested it myself and I get an error message that the certificate is owned by localhost, and when I view the cert, it actually says cn=qmailtoaster. Of course I would like to install my own certificate so the error doesn't come up. I have searched the wiki for TLS and for other relevant items and only in CentOS 4 install do I find instructions on setting up my own TLS. But they are somewhat wrong as the directory it shows does not exist. Can someone point me to the correct instructions for setting up TLS with my own name so the error no longer comes up. CentOS 5 x86_64 bit Thanks John - QmailToaster hosted by: VR Hostedhttp://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- |- | weberhofer GmbH | Johannes Weberhofer | information technologies | Austria, 1080 Wien, Blindengasse 52/3 | | Firmenbuch: 225566s, Handelsgericht Wien | UID: ATU55277701 | | phone : +43 (0)1 5454421 0| email: [EMAIL PROTECTED] | fax : +43 (0)1 5454421 19 | web : http://weberhofer.at | mobile: +43 (0)699 11998315 |--- - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] TLS
Thanks, I'll do that, and do I need a 3party signed cert (like HTTPS)? Thanks John On Tue, Aug 26, 2008 at 1:41 AM, Johannes Weberhofer, Weberhofer GmbH [EMAIL PROTECTED] wrote: Hello John, just replace /var/qmail/control/servercert.pem with your certificate and restart qmail-toaster. Certificates for IMAPS/POP3S and SMTP/TLS are using this certificate. Johannes Tek Support schrieb: Hi, now that I'm strongly considering using port 587 for my staff, I thought it also a wise choice to make them use TLS. I am in my thunderbird and tested it myself and I get an error message that the certificate is owned by localhost, and when I view the cert, it actually says cn=qmailtoaster. Of course I would like to install my own certificate so the error doesn't come up. I have searched the wiki for TLS and for other relevant items and only in CentOS 4 install do I find instructions on setting up my own TLS. But they are somewhat wrong as the directory it shows does not exist. Can someone point me to the correct instructions for setting up TLS with my own name so the error no longer comes up. CentOS 5 x86_64 bit Thanks John - QmailToaster hosted by: VR Hostedhttp://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- |- | weberhofer GmbH | Johannes Weberhofer | information technologies | Austria, 1080 Wien, Blindengasse 52/3 | | Firmenbuch: 225566s, Handelsgericht Wien | UID: ATU55277701 | | phone : +43 (0)1 5454421 0| email: [EMAIL PROTECTED] | fax : +43 (0)1 5454421 19 | web : http://weberhofer.at | mobile: +43 (0)699 11998315 |--- - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] TLS
Tek Support wrote: Thanks, I'll do that, and do I need a 3party signed cert (like HTTPS)? The reason you're getting the other error is because the cert is not signed by a trusted authority. If you don't have it signed by a trusted authority, you'll be getting the same error unless you import the certificate (in which case you might as well import the current one - it's a self signed cert is all). - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] Two Toasters And A Backup Script?
You could also look at the qmail replication script which you can find in the wiki. It automates the domain sync. We have 2 identical servers running the script which runs every 15 minutes, so when if our primary fails, we change ip's on the backup and we are back up and running with at most 15 minutes difference. We've had to use this recovery once, which work flawlessly with about 3 minutes downtime. Basically none of our clients even noticed a problem. -Original Message- From: Lucian Cristian [mailto:[EMAIL PROTECTED] Sent: 26 August 2008 08:38 To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Two Toasters And A Backup Script? Duncan Sterling wrote: Jake Vickers wrote: Duncan Sterling wrote: Greetings All, Quick question: in the interest of redundancy and quick disaster recovery, would it not make sense while running a production toaster to: 1) Build an identically configured backup toaster 2) Run (Jakes?) backup script daily on the production toaster, backing it up to the the backup toaster Thereby allowing near instant recovery in the event of HW/sotware failure on the production box? In the past, for ISPs, I've used some type of shared filesystem (usually NFS using 2 servers running DRBD and heartbeat) and then configured 2+ Qmail systems to act as front ends using the shared backend filesystem (most of the config files, and the mail store). Then you have 2 servers that you can DNS-round-robin, and it's trivial to plug more in as load increases. Although what you're suggesting WOULD work. The biggest things is always sharing the mysql DB, but there's several ways to do that depending on your conditions. Thanks for your reply, Jake. I was thinking that perhaps the backup box's mysql could be slaved to the primary's as one possible solution? --Duncan - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] You don't have to run the backup script because it will be waste of time to archive the files, just rsync your domain dir and do a mysql dump/restore. Regards, Lucian - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] Re: Re: Problems with perl upgrading CentOS 5.1 to 5.2 [SOLVED?]
Taking a view into perl packages (classes) needed by spamassassin (qmail-toaster package), I saw that there are a script that install the classes using CPAN. I discovered that CPAN installed packages goes into a diferent directory that distro ones. The workaround (solution) I found is rename this directory and install the needed packages manually from rpmforge repository. All appears to be working now. The steps have been: 1) Rename /usr/lib/perl5/site_perl. 2) Update perl packages. 3) Install the needed clases as packages (from rpmforge) instead from CPAN. 4) Reinstall packages broken because they install manually any propietary perl classes into the system (vmware-server for example). Thanks to all for the help. Regards El Lun, 25 de Agosto de 2008, 6:00, Eric Shubert escribió: Eric Shubert wrote: Here's a list of perl modules on an up-to-date COS5.2 toaster. I would try upgrading any packages that do not match these. You do have the proper rpmforge yum repo configured, don't you? It appears that you have some el5.rf packages, but there are some packages for which there are updates available. I'm not confident that this will fix your problem, but it won't hurt, and might just fix it. There's something on your system hanging around from a 2.6.9 kernel, which I think is earlier than FC5 and COS5. Strange. Might have picked it up with the latest upgrade? I can't imagine how, unless you had an incorrect repo configured at some point. (Oops - forgot the list!): [EMAIL PROTECTED] ~]# yum list installed | grep perl perl.i3864:5.8.8-10.el5_2.3 installed perl-Archive-Tar.noarch 1.38-1.el5.rf installed perl-Compress-Raw-Zlib.i386 2.011-1.el5.rf installed perl-Compress-Zlib.noarch2.011-1.el5.rf installed perl-Crypt-OpenSSL-Bignum.i386 0.04-1.el5.rf installed perl-Crypt-OpenSSL-RSA.i386 0.25-1.el5.rf installed perl-Crypt-PasswdMD5.noarch 1.3-1.2.el5.rf installed perl-DBD-MySQL.i386 3.0007-1.fc6 installed perl-DBI.i3861.605-1.el5.rf installed perl-Digest-HMAC.noarch 1.01-15installed perl-Digest-SHA.i386 5.47-1.el5.rf installed perl-Digest-SHA1.i3862.11-1.2.1 installed perl-Encode-Detect.i386 1.01-1.el5.rf installed perl-Error.noarch0.17014-1.el5.rf installed perl-Geography-Countries.noarch 1.4-2.2.el5.rf installed perl-HTML-Parser.i3863.56-1.el5.rf installed perl-HTML-Tagset.noarch 3.20-1.el5.rf installed perl-IO-Compress-Base.noarch 2.011-1.el5.rf installed perl-IO-Compress-Zlib.noarch 2.011-1.el5.rf installed perl-IO-Socket-INET6.noarch 2.54-1.el5.rf installed perl-IO-Socket-SSL.noarch1.13-1.el5.rf installed perl-IO-Zlib.noarch 1.09-1.el5.rf installed perl-IP-Country.noarch 2.24-1.el5.rf installed perl-Mail-DKIM.noarch0.32-1.el5.rf installed perl-Mail-DomainKeys.noarch 1.0-1.el5.rf installed perl-Mail-SPF.noarch 2.005-1.el5.rf installed perl-Mail-SPF-Query.noarch 1.999.1-2.el5.rf installed perl-MailTools.noarch2.03-1.el5.rf installed perl-Net-CIDR.noarch 0.11-1.2.el5.rfinstalled perl-Net-CIDR-Lite.noarch0.20-1.2.el5.rfinstalled perl-Net-DNS.i3860.63-1.el5.rf installed perl-Net-Daemon.noarch 0.43-1.el5.rf installed perl-Net-IP.noarch 1.25-2.fc6 installed perl-Net-Ident.noarch1.20-1.2.el5.rfinstalled perl-Net-SSLeay.i386 1.32-1.el5.rf installed perl-NetAddr-IP.i386 4.007-1.el5.rf installed perl-PlRPC.noarch0.2020-1.el5.rfinstalled perl-Socket6.i3860.20-1.el5.rf installed perl-String-CRC32.i386 1.4-2.fc6 installed perl-Sys-Hostname-Long.noarch1.4-1.2.el5.rf installed perl-TimeDate.noarch 1:1.16-5.el5 installed perl-URI.noarch 1.35-3 installed perl-libwww-perl.noarch 5.805-1.1.1installed perl-version.i3860.74-1.el5.rf installed ArcosCom Linux User wrote: Linux myhost 2.6.18-92.1.10.1.el5_ArcosComPAE #1 SMP Wed Aug 6 22:16:52 CEST 2008 i686
[qmailtoaster] Re: about received same email many times
I can't upgrade the spamassassin in qtp-newmodel. find dependency with perl module problem . one module (xxx:ssl)can't complete the test. what should i do? thanks a lot~ On 8/26/08, Tek Support [EMAIL PROTECTED] wrote: So for a 64bit system is qtp-newmodel worth trying? I'm a bit scared Thanks John On Sat, Aug 23, 2008 at 11:35 AM, Harry Zink [EMAIL PROTECTED] wrote: On Aug 23, 2008, at 8:45 AM, Eric Shubert wrote: qtp-newmodel, which is part of the qmailtoaster-plus package, is the most reliable way to upgrade. Unless you're on a 64-bit system... It is very simple to use, and does the upgrade with absolute minimum down time (typically just a minute or so). See http://wiki.qmailtoaster.com/index.php/Upgrading for details. It *IS* conceptually the very best way to upgrade, just make sure you meet all the plain vanilla requirements. Honestly, I would love for it to work flawlessly on my end -- and I hope that now that I fixed (with Eric's help) all the weird Perl dependencies and other issues (duplicate zlib - wtf?), that the next update will work flawlessly Either way, highly recommended, as it also simplifies the installation of other tools, newer and better spam rules, and housekeeping... Harry gum trolium wrote: What method I should use to update the toaster packages? Recently, I also find yahoo related email are bounced or delay. On Tue, Aug 19, 2008 at 2:36 AM, Eric Shubert [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: You should definitely update to the lastest toaster packages. Running a yum update to update the OS packages beforehand would be a good idea too. gum trolium wrote: I am using: ucspi-tcp-toaster-0.88-1.3.5 qmail-toaster-1.03-1.3.15 autorespond-toaster-2.0.4-1.3.3 qmailadmin-toaster-1.2.11-1.3.4 isoqlog-toaster-2.1-1.3.4 clamav-toaster-0.90.1-1.3.13 qmailtoaster-plus-0.3.0-1.4.0 squirrelmail-toaster-1.4.13-1.3.9 daemontools-toaster-0.76-1.3.3 vpopmail-toaster-5.4.17-1.3.4 libsrs2-toaster-1.0.18-1.3.3 qmail-pop3d-toaster-1.03-1.3.15 courier-imap-toaster-4.1.2-1.3.7 control-panel-toaster-0.5-1.3.4 ezmlm-cgi-toaster-0.53.324-1.3.3 qmailmrtg-toaster-4.2-1.3.3 maildrop-toaster-devel-2.0.3-1.3.5 vqadmin-toaster-2.3.4-1.3.3 spamassassin-toaster-3.1.8-1.3.8 ripmime-toaster-1.4.0.6-1.3.3 qmailtoaster-plus.repo-0.1-1 libdomainkeys-toaster-0.68-1.3.3 courier-authlib-toaster-0.59.2-1.3.6 ezmlm-toaster-0.53.324-1.3.3 maildrop-toaster-2.0.3-1.3.5 simscan-toaster-1.3.1-1.3.6 On Mon, Aug 4, 2008 at 11:44 PM, Eric Shubert [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: I'd like to know versions of all toaster packages, clamav-toaster in particular. gum trolium wrote: it is qmail-toaster-1.03-1.3.15 On 8/4/08, Eric Shubert [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: gum trolium wrote: I have problem in the received many same emails. I used qmailiso 1.4 to setup my box. I can't find queue jam in qmailctl queue Will simscan make this problem? What should I check? Thank you~ What versions of toaster packages? # rpm -qa | grep toaster How long has your toaster been operational? If it's been more than several days, autoexpire could be kicking in. To rememdy this, turn off autoexpire in /etc/mail/spamassassin/local.cf http://local.cf http://local.cf (bayes_auto_expire 0) and restart spamassassin. You should then add a cron job to do the expiration daily or so. Check the list archive for an example, and be sure to always run spamassassin as user vpopmail. -- -Eric 'shubes' -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted
Re: [qmailtoaster] Re: about received same email many times
Yep, seems like the same exact series of problems I ran into as well. I ended up manually having to upgrade everything, including dependencies, with Eric's help to isolate some of the issues. Harry On Aug 26, 2008, at 3:45 AM, gum trolium wrote: I can't upgrade the spamassassin in qtp-newmodel. find dependency with perl module problem . one module (xxx:ssl)can't complete the test. what should i do? thanks a lot~ On 8/26/08, Tek Support [EMAIL PROTECTED] wrote: So for a 64bit system is qtp-newmodel worth trying? I'm a bit scared Thanks John On Sat, Aug 23, 2008 at 11:35 AM, Harry Zink [EMAIL PROTECTED] wrote: On Aug 23, 2008, at 8:45 AM, Eric Shubert wrote: qtp-newmodel, which is part of the qmailtoaster-plus package, is the most reliable way to upgrade. Unless you're on a 64-bit system... It is very simple to use, and does the upgrade with absolute minimum down time (typically just a minute or so). See http://wiki.qmailtoaster.com/index.php/Upgrading for details. It *IS* conceptually the very best way to upgrade, just make sure you meet all the plain vanilla requirements. Honestly, I would love for it to work flawlessly on my end -- and I hope that now that I fixed (with Eric's help) all the weird Perl dependencies and other issues (duplicate zlib - wtf?), that the next update will work flawlessly Either way, highly recommended, as it also simplifies the installation of other tools, newer and better spam rules, and housekeeping... Harry gum trolium wrote: What method I should use to update the toaster packages? Recently, I also find yahoo related email are bounced or delay. On Tue, Aug 19, 2008 at 2:36 AM, Eric Shubert [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: You should definitely update to the lastest toaster packages. Running a yum update to update the OS packages beforehand would be a good idea too. gum trolium wrote: I am using: ucspi-tcp-toaster-0.88-1.3.5 qmail-toaster-1.03-1.3.15 autorespond-toaster-2.0.4-1.3.3 qmailadmin-toaster-1.2.11-1.3.4 isoqlog-toaster-2.1-1.3.4 clamav-toaster-0.90.1-1.3.13 qmailtoaster-plus-0.3.0-1.4.0 squirrelmail-toaster-1.4.13-1.3.9 daemontools-toaster-0.76-1.3.3 vpopmail-toaster-5.4.17-1.3.4 libsrs2-toaster-1.0.18-1.3.3 qmail-pop3d-toaster-1.03-1.3.15 courier-imap-toaster-4.1.2-1.3.7 control-panel-toaster-0.5-1.3.4 ezmlm-cgi-toaster-0.53.324-1.3.3 qmailmrtg-toaster-4.2-1.3.3 maildrop-toaster-devel-2.0.3-1.3.5 vqadmin-toaster-2.3.4-1.3.3 spamassassin-toaster-3.1.8-1.3.8 ripmime-toaster-1.4.0.6-1.3.3 qmailtoaster-plus.repo-0.1-1 libdomainkeys-toaster-0.68-1.3.3 courier-authlib-toaster-0.59.2-1.3.6 ezmlm-toaster-0.53.324-1.3.3 maildrop-toaster-2.0.3-1.3.5 simscan-toaster-1.3.1-1.3.6 On Mon, Aug 4, 2008 at 11:44 PM, Eric Shubert [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: I'd like to know versions of all toaster packages, clamav-toaster in particular. gum trolium wrote: it is qmail-toaster-1.03-1.3.15 On 8/4/08, Eric Shubert [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: gum trolium wrote: I have problem in the received many same emails. I used qmailiso 1.4 to setup my box. I can't find queue jam in qmailctl queue Will simscan make this problem? What should I check? Thank you~ What versions of toaster packages? # rpm -qa | grep toaster How long has your toaster been operational? If it's been more than several days, autoexpire could be kicking in. To rememdy this, turn off autoexpire in /etc/mail/spamassassin/local.cf http://local.cf http://local.cf (bayes_auto_expire 0) and restart spamassassin. You should then add a cron job to do the expiration daily or so. Check the list archive for an example, and be sure to always run spamassassin as user vpopmail. -- -Eric 'shubes' -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For
Re: [qmailtoaster] Re: about received same email many times
Let me try to explain something. The problems with upgrading spamassassin lately have nothing to do with qtp-newmodel. These issues are the result of changes in spamassassin packaging, and occur even when updating 'manually'. qtp-newmodel has the advantage of letting you know that there's a problem and giving you the opportunity to fix it with no interruption of the running toaster. If you were to upgrade manually from the get-go, you could end up with your toaster down and unable to come back up because a package failed to build or install. Not a pretty picture. I can assure you, using qtp-newmodel will absolutely minimize your down time. That being said, I'll move on to trying to assist Tek and gum with whatever issues they have. Harry Zink wrote: Yep, seems like the same exact series of problems I ran into as well. I ended up manually having to upgrade everything, including dependencies, with Eric's help to isolate some of the issues. Harry On Aug 26, 2008, at 3:45 AM, gum trolium wrote: I can't upgrade the spamassassin in qtp-newmodel. find dependency with perl module problem . one module (xxx:ssl)can't complete the test. what should i do? thanks a lot~ On 8/26/08, Tek Support [EMAIL PROTECTED] wrote: So for a 64bit system is qtp-newmodel worth trying? I'm a bit scared Thanks John On Sat, Aug 23, 2008 at 11:35 AM, Harry Zink [EMAIL PROTECTED] wrote: On Aug 23, 2008, at 8:45 AM, Eric Shubert wrote: qtp-newmodel, which is part of the qmailtoaster-plus package, is the most reliable way to upgrade. Unless you're on a 64-bit system... It is very simple to use, and does the upgrade with absolute minimum down time (typically just a minute or so). See http://wiki.qmailtoaster.com/index.php/Upgrading for details. It *IS* conceptually the very best way to upgrade, just make sure you meet all the plain vanilla requirements. Honestly, I would love for it to work flawlessly on my end -- and I hope that now that I fixed (with Eric's help) all the weird Perl dependencies and other issues (duplicate zlib - wtf?), that the next update will work flawlessly Either way, highly recommended, as it also simplifies the installation of other tools, newer and better spam rules, and housekeeping... Harry gum trolium wrote: What method I should use to update the toaster packages? Recently, I also find yahoo related email are bounced or delay. On Tue, Aug 19, 2008 at 2:36 AM, Eric Shubert [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: You should definitely update to the lastest toaster packages. Running a yum update to update the OS packages beforehand would be a good idea too. gum trolium wrote: I am using: ucspi-tcp-toaster-0.88-1.3.5 qmail-toaster-1.03-1.3.15 autorespond-toaster-2.0.4-1.3.3 qmailadmin-toaster-1.2.11-1.3.4 isoqlog-toaster-2.1-1.3.4 clamav-toaster-0.90.1-1.3.13 qmailtoaster-plus-0.3.0-1.4.0 squirrelmail-toaster-1.4.13-1.3.9 daemontools-toaster-0.76-1.3.3 vpopmail-toaster-5.4.17-1.3.4 libsrs2-toaster-1.0.18-1.3.3 qmail-pop3d-toaster-1.03-1.3.15 courier-imap-toaster-4.1.2-1.3.7 control-panel-toaster-0.5-1.3.4 ezmlm-cgi-toaster-0.53.324-1.3.3 qmailmrtg-toaster-4.2-1.3.3 maildrop-toaster-devel-2.0.3-1.3.5 vqadmin-toaster-2.3.4-1.3.3 spamassassin-toaster-3.1.8-1.3.8 ripmime-toaster-1.4.0.6-1.3.3 qmailtoaster-plus.repo-0.1-1 libdomainkeys-toaster-0.68-1.3.3 courier-authlib-toaster-0.59.2-1.3.6 ezmlm-toaster-0.53.324-1.3.3 maildrop-toaster-2.0.3-1.3.5 simscan-toaster-1.3.1-1.3.6 On Mon, Aug 4, 2008 at 11:44 PM, Eric Shubert [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: I'd like to know versions of all toaster packages, clamav-toaster in particular. gum trolium wrote: it is qmail-toaster-1.03-1.3.15 On 8/4/08, Eric Shubert [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: gum trolium wrote: I have problem in the received many same emails. I used qmailiso 1.4 to setup my box. I can't find queue jam in qmailctl queue Will simscan make this problem? What should I check? Thank you~ What versions of toaster packages? # rpm -qa | grep toaster How long has your toaster been operational? If it's been more than several days, autoexpire could be kicking in. To rememdy this, turn off autoexpire in /etc/mail/spamassassin/local.cf http://local.cf http://local.cf (bayes_auto_expire 0) and restart spamassassin. You should then add a cron job to do the expiration daily or so. Check the list archive for an example, and be sure to always run spamassassin as user vpopmail. -- -Eric 'shubes' -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org -
Re: [qmailtoaster] about received same email many times
Absolutely. See my reply to Harry. There have been several successful upgrades on 64bit machines using qtp-newmodel. You might have some issues with dependencies for spamassassin, but that has nothing to do with using qtp-newmodel or not. Jake and I have tried to include these SA dependencies in qtp-newmodel's processing, although that part of the process isn't very robust yet (for instance, it doesn't check to see if you've configured the RPMForge repo or not). In time, with constructive feedback, I expect that might improve. Tek Support wrote: So for a 64bit system is qtp-newmodel worth trying? I'm a bit scared Thanks John On Sat, Aug 23, 2008 at 11:35 AM, Harry Zink [EMAIL PROTECTED] wrote: On Aug 23, 2008, at 8:45 AM, Eric Shubert wrote: qtp-newmodel, which is part of the qmailtoaster-plus package, is the most reliable way to upgrade. Unless you're on a 64-bit system... It is very simple to use, and does the upgrade with absolute minimum down time (typically just a minute or so). See http://wiki.qmailtoaster.com/index.php/Upgrading for details. It *IS* conceptually the very best way to upgrade, just make sure you meet all the plain vanilla requirements. Honestly, I would love for it to work flawlessly on my end -- and I hope that now that I fixed (with Eric's help) all the weird Perl dependencies and other issues (duplicate zlib - wtf?), that the next update will work flawlessly Either way, highly recommended, as it also simplifies the installation of other tools, newer and better spam rules, and housekeeping... Harry gum trolium wrote: What method I should use to update the toaster packages? Recently, I also find yahoo related email are bounced or delay. On Tue, Aug 19, 2008 at 2:36 AM, Eric Shubert [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: You should definitely update to the lastest toaster packages. Running a yum update to update the OS packages beforehand would be a good idea too. gum trolium wrote: I am using: ucspi-tcp-toaster-0.88-1.3.5 qmail-toaster-1.03-1.3.15 autorespond-toaster-2.0.4-1.3.3 qmailadmin-toaster-1.2.11-1.3.4 isoqlog-toaster-2.1-1.3.4 clamav-toaster-0.90.1-1.3.13 qmailtoaster-plus-0.3.0-1.4.0 squirrelmail-toaster-1.4.13-1.3.9 daemontools-toaster-0.76-1.3.3 vpopmail-toaster-5.4.17-1.3.4 libsrs2-toaster-1.0.18-1.3.3 qmail-pop3d-toaster-1.03-1.3.15 courier-imap-toaster-4.1.2-1.3.7 control-panel-toaster-0.5-1.3.4 ezmlm-cgi-toaster-0.53.324-1.3.3 qmailmrtg-toaster-4.2-1.3.3 maildrop-toaster-devel-2.0.3-1.3.5 vqadmin-toaster-2.3.4-1.3.3 spamassassin-toaster-3.1.8-1.3.8 ripmime-toaster-1.4.0.6-1.3.3 qmailtoaster-plus.repo-0.1-1 libdomainkeys-toaster-0.68-1.3.3 courier-authlib-toaster-0.59.2-1.3.6 ezmlm-toaster-0.53.324-1.3.3 maildrop-toaster-2.0.3-1.3.5 simscan-toaster-1.3.1-1.3.6 On Mon, Aug 4, 2008 at 11:44 PM, Eric Shubert [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: I'd like to know versions of all toaster packages, clamav-toaster in particular. gum trolium wrote: it is qmail-toaster-1.03-1.3.15 On 8/4/08, Eric Shubert [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: gum trolium wrote: I have problem in the received many same emails. I used qmailiso 1.4 to setup my box. I can't find queue jam in qmailctl queue Will simscan make this problem? What should I check? Thank you~ What versions of toaster packages? # rpm -qa | grep toaster How long has your toaster been operational? If it's been more than several days, autoexpire could be kicking in. To rememdy this, turn off autoexpire in /etc/mail/spamassassin/local.cf http://local.cf http://local.cf (bayes_auto_expire 0) and restart spamassassin. You should then add a cron job to do the expiration daily or so. Check the list archive for an example, and be sure to always run spamassassin as user vpopmail. -- -Eric 'shubes' -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- -Eric 'shubes' -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] TLS
There are some more detailed instructions here: http://wiki.qmailtoaster.com/index.php/Certificate On 25-Aug-08, at 10:39 PM, Tek Support wrote: Hi, now that I'm strongly considering using port 587 for my staff, I thought it also a wise choice to make them use TLS. I am in my thunderbird and tested it myself and I get an error message that the certificate is owned by localhost, and when I view the cert, it actually says cn=qmailtoaster. Of course I would like to install my own certificate so the error doesn't come up. I have searched the wiki for TLS and for other relevant items and only in CentOS 4 install do I find instructions on setting up my own TLS. But they are somewhat wrong as the directory it shows does not exist. Can someone point me to the correct instructions for setting up TLS with my own name so the error no longer comes up. CentOS 5 x86_64 bit Thanks John - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Re: about received same email many times
gum trolium wrote: I can't upgrade the spamassassin in qtp-newmodel. Then you probably can't upgrade spamassassin manually either. find dependency with perl module problem . one module (xxx:ssl)can't complete the test. what should i do? Is this a build dependency or an install dependency? Please post the actual message(s) from qtp-newmodel's log file. thanks a lot~ On 8/26/08, Tek Support [EMAIL PROTECTED] wrote: So for a 64bit system is qtp-newmodel worth trying? I'm a bit scared Thanks John On Sat, Aug 23, 2008 at 11:35 AM, Harry Zink [EMAIL PROTECTED] wrote: On Aug 23, 2008, at 8:45 AM, Eric Shubert wrote: qtp-newmodel, which is part of the qmailtoaster-plus package, is the most reliable way to upgrade. Unless you're on a 64-bit system... I'm sorry Harry, but this is just not true. I've seen no evidence that any of your issues were the result of qtp-newmodel. Your having to do some 'manual' things was more the result of your having other 'issues'. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Re: Re: Problems with perl upgrading CentOS 5.1 to 5.2 [SOLVED?]
Thanks for posting your solution, Arcos (or whatever your name is!). This definitely clarifies things a bit. ArcosCom Linux User wrote: Taking a view into perl packages (classes) needed by spamassassin (qmail-toaster package), I saw that there are a script that install the classes using CPAN. I discovered that CPAN installed packages goes into a diferent directory that distro ones. The workaround (solution) I found is rename this directory and install the needed packages manually from rpmforge repository. All appears to be working now. The steps have been: 1) Rename /usr/lib/perl5/site_perl. 2) Update perl packages. 3) Install the needed clases as packages (from rpmforge) instead from CPAN. 4) Reinstall packages broken because they install manually any propietary perl classes into the system (vmware-server for example). Thanks to all for the help. Regards El Lun, 25 de Agosto de 2008, 6:00, Eric Shubert escribió: Eric Shubert wrote: Here's a list of perl modules on an up-to-date COS5.2 toaster. I would try upgrading any packages that do not match these. You do have the proper rpmforge yum repo configured, don't you? It appears that you have some el5.rf packages, but there are some packages for which there are updates available. I'm not confident that this will fix your problem, but it won't hurt, and might just fix it. There's something on your system hanging around from a 2.6.9 kernel, which I think is earlier than FC5 and COS5. Strange. Might have picked it up with the latest upgrade? I can't imagine how, unless you had an incorrect repo configured at some point. (Oops - forgot the list!): [EMAIL PROTECTED] ~]# yum list installed | grep perl perl.i3864:5.8.8-10.el5_2.3 installed perl-Archive-Tar.noarch 1.38-1.el5.rf installed perl-Compress-Raw-Zlib.i386 2.011-1.el5.rf installed perl-Compress-Zlib.noarch2.011-1.el5.rf installed perl-Crypt-OpenSSL-Bignum.i386 0.04-1.el5.rf installed perl-Crypt-OpenSSL-RSA.i386 0.25-1.el5.rf installed perl-Crypt-PasswdMD5.noarch 1.3-1.2.el5.rf installed perl-DBD-MySQL.i386 3.0007-1.fc6 installed perl-DBI.i3861.605-1.el5.rf installed perl-Digest-HMAC.noarch 1.01-15installed perl-Digest-SHA.i386 5.47-1.el5.rf installed perl-Digest-SHA1.i3862.11-1.2.1 installed perl-Encode-Detect.i386 1.01-1.el5.rf installed perl-Error.noarch0.17014-1.el5.rf installed perl-Geography-Countries.noarch 1.4-2.2.el5.rf installed perl-HTML-Parser.i3863.56-1.el5.rf installed perl-HTML-Tagset.noarch 3.20-1.el5.rf installed perl-IO-Compress-Base.noarch 2.011-1.el5.rf installed perl-IO-Compress-Zlib.noarch 2.011-1.el5.rf installed perl-IO-Socket-INET6.noarch 2.54-1.el5.rf installed perl-IO-Socket-SSL.noarch1.13-1.el5.rf installed perl-IO-Zlib.noarch 1.09-1.el5.rf installed perl-IP-Country.noarch 2.24-1.el5.rf installed perl-Mail-DKIM.noarch0.32-1.el5.rf installed perl-Mail-DomainKeys.noarch 1.0-1.el5.rf installed perl-Mail-SPF.noarch 2.005-1.el5.rf installed perl-Mail-SPF-Query.noarch 1.999.1-2.el5.rf installed perl-MailTools.noarch2.03-1.el5.rf installed perl-Net-CIDR.noarch 0.11-1.2.el5.rfinstalled perl-Net-CIDR-Lite.noarch0.20-1.2.el5.rfinstalled perl-Net-DNS.i3860.63-1.el5.rf installed perl-Net-Daemon.noarch 0.43-1.el5.rf installed perl-Net-IP.noarch 1.25-2.fc6 installed perl-Net-Ident.noarch1.20-1.2.el5.rfinstalled perl-Net-SSLeay.i386 1.32-1.el5.rf installed perl-NetAddr-IP.i386 4.007-1.el5.rf installed perl-PlRPC.noarch0.2020-1.el5.rfinstalled perl-Socket6.i3860.20-1.el5.rf installed perl-String-CRC32.i386 1.4-2.fc6 installed perl-Sys-Hostname-Long.noarch1.4-1.2.el5.rf installed perl-TimeDate.noarch 1:1.16-5.el5 installed perl-URI.noarch 1.35-3 installed perl-libwww-perl.noarch 5.805-1.1.1installed perl-version.i386
Re: [qmailtoaster] some problems
Tek Support wrote: Hi all, recently I had asked if there was a reason to use the port 587 if I installed spamdyke (because spamdyke authenticated my dynamic users and ignored the rbls). Well, maybe I've found something that would still require me to use 587 instead of port 25. I would appreciate any info. As of right now, my staff are using port 25 for outbound - I just didn't see the need to have another port open to the outside when after installing spamdyke, they were able to send and were not blocked as dynamic. But the staff have been having trouble sending to yahoo.com, and in looking at the headers on a message that finally arrived into yahoo (and gmail) the headers show this: Authentication-Results: mta553.mail.mud.yahoo.com from=mydomain.com; domainkeys=fail (bad sig) But I had gone through the process step by step and tested my DKIM with the sourceforge.net sites, and those showed that my dkim seemed accurate. So, anyway in a brilliant flash of light I decided to try port 587, and on my first try I got these headers in an email sent to yahoo and gmail: Received-SPF: pass DomainKey-Status: good Authentication-Results: mx.google.com; spf=pass ... So, I guess my question would be, does something in the spam checking on outbound emails from pop3/smtp users (not imap and squirrelmail) with spamdyke, rewrite the headers after the dkim has processed the email which would cause my DKIM hash to be invalid when yahoo and gmail check it? I don't believe that spam checking is enabled on outgoing mail, at least not in the 'stock' toaster. So the answer is, not that I'm aware of. Note, squirrelmail gets a 'free pass' (open relay), due to the localhost line in the /etc/tcprules/tcp.smtp file. Also, be aware that DK and DKIM are 2 different things. The toaster has a (somewhat broken, at least on the incoming side) DK implementation. The toaster has no DKIM capability. I suppose that DK might work (better) with the port 587 configuration than with port 25. I wouldn't know why though, as I'm not familiar with the problem(s) that DK has. We had a fellow in Russia on the list a while back who fixed some things with it, but we haven't heard from him in quite a while. CentOS 5 x86_64bit Thanks John -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] TLS
Ok, I'll see if importing will work also. But initially it said I needed to import it, and I did that, the error I get now is that the name doesn't match. So if I create a new cert with the correct name, then obviously import, that should be the end of the errors. So once I get my staff's computers to import a correctly named cert and the error doesn't come back, I can live with that. Thanks John On Tue, Aug 26, 2008 at 1:51 AM, Jake Vickers [EMAIL PROTECTED] wrote: Tek Support wrote: Thanks, I'll do that, and do I need a 3party signed cert (like HTTPS)? The reason you're getting the other error is because the cert is not signed by a trusted authority. If you don't have it signed by a trusted authority, you'll be getting the same error unless you import the certificate (in which case you might as well import the current one - it's a self signed cert is all). - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] some problems
Hi Eric, thanks for the quick reply. The reason I think it's doing outbound scanning is a specific line in the header, maybe you can shed some light on it. In an email sent from mydomain to my yahoo accout these are in the headers. The line I'm interrested in, is possibly added by yahoo, but I think it's from me. Received: by simscan 1.3.1 ppid: 4768, pid: 4895, t: 0.0658s scanners: attach: 1.3.1 clamav: 0.93.3 Wouldn't simscan be run on my box, and if so, would it be done before DKIM or after? Thanks John On Tue, Aug 26, 2008 at 9:42 AM, Eric Shubert [EMAIL PROTECTED] wrote: Tek Support wrote: Hi all, recently I had asked if there was a reason to use the port 587 if I installed spamdyke (because spamdyke authenticated my dynamic users and ignored the rbls). Well, maybe I've found something that would still require me to use 587 instead of port 25. I would appreciate any info. As of right now, my staff are using port 25 for outbound - I just didn't see the need to have another port open to the outside when after installing spamdyke, they were able to send and were not blocked as dynamic. But the staff have been having trouble sending to yahoo.com, and in looking at the headers on a message that finally arrived into yahoo (and gmail) the headers show this: Authentication-Results: mta553.mail.mud.yahoo.com from=mydomain.com; domainkeys=fail (bad sig) But I had gone through the process step by step and tested my DKIM with the sourceforge.net sites, and those showed that my dkim seemed accurate. So, anyway in a brilliant flash of light I decided to try port 587, and on my first try I got these headers in an email sent to yahoo and gmail: Received-SPF: pass DomainKey-Status: good Authentication-Results: mx.google.com; spf=pass ... So, I guess my question would be, does something in the spam checking on outbound emails from pop3/smtp users (not imap and squirrelmail) with spamdyke, rewrite the headers after the dkim has processed the email which would cause my DKIM hash to be invalid when yahoo and gmail check it? I don't believe that spam checking is enabled on outgoing mail, at least not in the 'stock' toaster. So the answer is, not that I'm aware of. Note, squirrelmail gets a 'free pass' (open relay), due to the localhost line in the /etc/tcprules/tcp.smtp file. Also, be aware that DK and DKIM are 2 different things. The toaster has a (somewhat broken, at least on the incoming side) DK implementation. The toaster has no DKIM capability. I suppose that DK might work (better) with the port 587 configuration than with port 25. I wouldn't know why though, as I'm not familiar with the problem(s) that DK has. We had a fellow in Russia on the list a while back who fixed some things with it, but we haven't heard from him in quite a while. CentOS 5 x86_64bit Thanks John -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] TLS
That's great, that's exactly what I was looking for, thank you for the link. Thanks John On Tue, Aug 26, 2008 at 9:07 AM, dnk [EMAIL PROTECTED] wrote: There are some more detailed instructions here: http://wiki.qmailtoaster.com/index.php/Certificate On 25-Aug-08, at 10:39 PM, Tek Support wrote: Hi, now that I'm strongly considering using port 587 for my staff, I thought it also a wise choice to make them use TLS. I am in my thunderbird and tested it myself and I get an error message that the certificate is owned by localhost, and when I view the cert, it actually says cn=qmailtoaster. Of course I would like to install my own certificate so the error doesn't come up. I have searched the wiki for TLS and for other relevant items and only in CentOS 4 install do I find instructions on setting up my own TLS. But they are somewhat wrong as the directory it shows does not exist. Can someone point me to the correct instructions for setting up TLS with my own name so the error no longer comes up. CentOS 5 x86_64 bit Thanks John - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] TLS
Yes, that should do it. FWIW, you can use cacert.org to sign certificates for free. Unfortunately, cacert.org isn't generally recognized (yet) at an authoritative CA. You can, however, have your uses import cacert's root certificate, then any certificate that you have cacert sign will be recognized by your users. This saves your users from having to import more than one certificate, or re-importing a certificate that has changed (in the case a host name changes or a certificate expires). Tek Support wrote: Ok, I'll see if importing will work also. But initially it said I needed to import it, and I did that, the error I get now is that the name doesn't match. So if I create a new cert with the correct name, then obviously import, that should be the end of the errors. So once I get my staff's computers to import a correctly named cert and the error doesn't come back, I can live with that. Thanks John On Tue, Aug 26, 2008 at 1:51 AM, Jake Vickers [EMAIL PROTECTED] wrote: Tek Support wrote: Thanks, I'll do that, and do I need a 3party signed cert (like HTTPS)? The reason you're getting the other error is because the cert is not signed by a trusted authority. If you don't have it signed by a trusted authority, you'll be getting the same error unless you import the certificate (in which case you might as well import the current one - it's a self signed cert is all). -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] TLS
Eric Shubert wrote: Yes, that should do it. FWIW, you can use cacert.org to sign certificates for free. Unfortunately, cacert.org isn't generally recognized (yet) at an authoritative CA. You can, however, have your uses import cacert's root certificate, then any certificate that you have cacert sign will be recognized by your users. This saves your users from having to import more than one certificate, or re-importing a certificate that has changed (in the case a host name changes or a certificate expires). I'll add some notes to the wiki on it, but be aware that regfly (RapidSSL) is not recognized by IE6 or 7, nor Firefox 2 or 3. You have to import their CA-Bundle for it to not give you an error, so IMHO you might as well save $9.99 and generate your own certs and import them. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] some problems
Simscan does scan outbound mail, but scans only for viruses (clamav), not spam (spamassassin). This is consistent with the message you're seeing. Adding the DK signature would (have to) happen after this scan. Tek Support wrote: Hi Eric, thanks for the quick reply. The reason I think it's doing outbound scanning is a specific line in the header, maybe you can shed some light on it. In an email sent from mydomain to my yahoo accout these are in the headers. The line I'm interrested in, is possibly added by yahoo, but I think it's from me. Received: by simscan 1.3.1 ppid: 4768, pid: 4895, t: 0.0658s scanners: attach: 1.3.1 clamav: 0.93.3 Wouldn't simscan be run on my box, and if so, would it be done before DKIM or after? Thanks John On Tue, Aug 26, 2008 at 9:42 AM, Eric Shubert [EMAIL PROTECTED] wrote: Tek Support wrote: Hi all, recently I had asked if there was a reason to use the port 587 if I installed spamdyke (because spamdyke authenticated my dynamic users and ignored the rbls). Well, maybe I've found something that would still require me to use 587 instead of port 25. I would appreciate any info. As of right now, my staff are using port 25 for outbound - I just didn't see the need to have another port open to the outside when after installing spamdyke, they were able to send and were not blocked as dynamic. But the staff have been having trouble sending to yahoo.com, and in looking at the headers on a message that finally arrived into yahoo (and gmail) the headers show this: Authentication-Results: mta553.mail.mud.yahoo.com from=mydomain.com; domainkeys=fail (bad sig) But I had gone through the process step by step and tested my DKIM with the sourceforge.net sites, and those showed that my dkim seemed accurate. So, anyway in a brilliant flash of light I decided to try port 587, and on my first try I got these headers in an email sent to yahoo and gmail: Received-SPF: pass DomainKey-Status: good Authentication-Results: mx.google.com; spf=pass ... So, I guess my question would be, does something in the spam checking on outbound emails from pop3/smtp users (not imap and squirrelmail) with spamdyke, rewrite the headers after the dkim has processed the email which would cause my DKIM hash to be invalid when yahoo and gmail check it? I don't believe that spam checking is enabled on outgoing mail, at least not in the 'stock' toaster. So the answer is, not that I'm aware of. Note, squirrelmail gets a 'free pass' (open relay), due to the localhost line in the /etc/tcprules/tcp.smtp file. Also, be aware that DK and DKIM are 2 different things. The toaster has a (somewhat broken, at least on the incoming side) DK implementation. The toaster has no DKIM capability. I suppose that DK might work (better) with the port 587 configuration than with port 25. I wouldn't know why though, as I'm not familiar with the problem(s) that DK has. We had a fellow in Russia on the list a while back who fixed some things with it, but we haven't heard from him in quite a while. CentOS 5 x86_64bit Thanks John -- -Eric 'shubes' -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Re: about received same email many times
I got this from qtp-newmodel: qtp-build-rpms - rpm -Uvh failed for spamassassin-toaster-3.2.5-1.3.14 qtp-build-rpms - see /mnt/qtp-sandbox/usr/src/qtp-upgrade/log/build-recent.log inside the build-recent.log: Installing spamassassin-toaster-3.2.5-1.3.14 in the sandbox ... error: Failed dependencies: perl(HTML::Parser) = 3.43 is needed by spamassassin-toaster-3.2.5-1.3.14.i686 but when I manually try cpan and install HTML::Parser: Fetching with LWP: ftp://ftp.perl.org/pub/CPAN/modules/03modlist.data.gz Going to read /root/.cpan/sources/modules/03modlist.data.gz Going to write /root/.cpan/Metadata HTML::Parser is up to date. How can I fix it? On Tue, Aug 26, 2008 at 11:11 PM, Eric Shubert [EMAIL PROTECTED] wrote: gum trolium wrote: I can't upgrade the spamassassin in qtp-newmodel. Then you probably can't upgrade spamassassin manually either. find dependency with perl module problem . one module (xxx:ssl)can't complete the test. what should i do? Is this a build dependency or an install dependency? Please post the actual message(s) from qtp-newmodel's log file. thanks a lot~ On 8/26/08, Tek Support [EMAIL PROTECTED] wrote: So for a 64bit system is qtp-newmodel worth trying? I'm a bit scared Thanks John On Sat, Aug 23, 2008 at 11:35 AM, Harry Zink [EMAIL PROTECTED] wrote: On Aug 23, 2008, at 8:45 AM, Eric Shubert wrote: qtp-newmodel, which is part of the qmailtoaster-plus package, is the most reliable way to upgrade. Unless you're on a 64-bit system... I'm sorry Harry, but this is just not true. I've seen no evidence that any of your issues were the result of qtp-newmodel. Your having to do some 'manual' things was more the result of your having other 'issues'. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Re: about received same email many times
I check the HTML::Parser again: cpan[1] install HTML::Parser CPAN: Storable loaded ok (v2.13) Going to read /root/.cpan/Metadata Database was generated on Tue, 26 Aug 2008 23:02:52 GMT HTML::Parser is up to date (3.56). On Wed, Aug 27, 2008 at 12:37 PM, gum trolium [EMAIL PROTECTED] wrote: I got this from qtp-newmodel: qtp-build-rpms - rpm -Uvh failed for spamassassin-toaster-3.2.5-1.3.14 qtp-build-rpms - see /mnt/qtp-sandbox/usr/src/qtp-upgrade/log/build-recent.log inside the build-recent.log: Installing spamassassin-toaster-3.2.5-1.3.14 in the sandbox ... error: Failed dependencies: perl(HTML::Parser) = 3.43 is needed by spamassassin-toaster-3.2.5-1.3.14.i686 but when I manually try cpan and install HTML::Parser: Fetching with LWP: ftp://ftp.perl.org/pub/CPAN/modules/03modlist.data.gz Going to read /root/.cpan/sources/modules/03modlist.data.gz Going to write /root/.cpan/Metadata HTML::Parser is up to date. How can I fix it? On Tue, Aug 26, 2008 at 11:11 PM, Eric Shubert [EMAIL PROTECTED] wrote: gum trolium wrote: I can't upgrade the spamassassin in qtp-newmodel. Then you probably can't upgrade spamassassin manually either. find dependency with perl module problem . one module (xxx:ssl)can't complete the test. what should i do? Is this a build dependency or an install dependency? Please post the actual message(s) from qtp-newmodel's log file. thanks a lot~ On 8/26/08, Tek Support [EMAIL PROTECTED] wrote: So for a 64bit system is qtp-newmodel worth trying? I'm a bit scared Thanks John On Sat, Aug 23, 2008 at 11:35 AM, Harry Zink [EMAIL PROTECTED] wrote: On Aug 23, 2008, at 8:45 AM, Eric Shubert wrote: qtp-newmodel, which is part of the qmailtoaster-plus package, is the most reliable way to upgrade. Unless you're on a 64-bit system... I'm sorry Harry, but this is just not true. I've seen no evidence that any of your issues were the result of qtp-newmodel. Your having to do some 'manual' things was more the result of your having other 'issues'. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Re: about received same email many times
Don't use CPAN to update your perl modules. (I think I mentioned that in a recent post). Try this: # yum install perl-HTML-Parser If it doesn't find a new enough version (or no version at all), configure your yum to use the RPMforge repository. For instructions on how to do that, you can search the list archive, or (I love this one) see http://dag.wieers.com/rpm/FAQ.php#B2 and do what's appropriate for your OS/Arch. side note I'm beginning to see that a qtp-function would be nice for handling this (installing the RPMforge yum repo). Wouldn't be too tough to do with a script. Could be run automatically by qtp-newmodel, I suppose. /side note Once you have installed the required package(s), run qtp-newmodel once again, and this time be sure to use a fresh sandbox (because the required package isn't in the sandbox that qtp-newmodel created/used the last time it ran, even though you have actually installed it). Things should go fine from there. And remember everyone, update your toaster's perl packages using yum and RPMforge, NOT CPAN. ;) gum trolium wrote: I got this from qtp-newmodel: qtp-build-rpms - rpm -Uvh failed for spamassassin-toaster-3.2.5-1.3.14 qtp-build-rpms - see /mnt/qtp-sandbox/usr/src/qtp-upgrade/log/build-recent.log inside the build-recent.log: Installing spamassassin-toaster-3.2.5-1.3.14 in the sandbox ... error: Failed dependencies: perl(HTML::Parser) = 3.43 is needed by spamassassin-toaster-3.2.5-1.3.14.i686 but when I manually try cpan and install HTML::Parser: Fetching with LWP: ftp://ftp.perl.org/pub/CPAN/modules/03modlist.data.gz Going to read /root/.cpan/sources/modules/03modlist.data.gz Going to write /root/.cpan/Metadata HTML::Parser is up to date. How can I fix it? On Tue, Aug 26, 2008 at 11:11 PM, Eric Shubert [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: gum trolium wrote: I can't upgrade the spamassassin in qtp-newmodel. Then you probably can't upgrade spamassassin manually either. find dependency with perl module problem . one module (xxx:ssl)can't complete the test. what should i do? Is this a build dependency or an install dependency? Please post the actual message(s) from qtp-newmodel's log file. thanks a lot~ On 8/26/08, Tek Support [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: So for a 64bit system is qtp-newmodel worth trying? I'm a bit scared Thanks John On Sat, Aug 23, 2008 at 11:35 AM, Harry Zink [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: On Aug 23, 2008, at 8:45 AM, Eric Shubert wrote: qtp-newmodel, which is part of the qmailtoaster-plus package, is the most reliable way to upgrade. Unless you're on a 64-bit system... I'm sorry Harry, but this is just not true. I've seen no evidence that any of your issues were the result of qtp-newmodel. Your having to do some 'manual' things was more the result of your having other 'issues'. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Re: about received same email many times
Dear Eric, I change to install the repo and yum install perl-HTML-Parser After complete with no error, I go to qtp-newmodel again with new sandbox. and it stopped with following this time: Starting to build the binary rpms ...(pizza anyone?) qtp-build-rpms v0.3 qtp-remove-pkgs v0.3.1 *** glibc detected *** double free or corruption (fasttop): 0x08a2bc30 *** /usr/sbin/qtp-remove-pkgs: line 133: 6238 Aborted rpm -e --nodeps $pkg logfile 21 Building squirrelmail-toaster-1.4.15-1.3.10 ... Installing squirrelmail-toaster-1.4.15-1.3.10 in the sandbox ... Building spamassassin-toaster-3.2.5-1.3.14 ... qtp-build-rpms - rpmbuild failed for spamassassin-toaster-3.2.5-1.3.14 qtp-build-rpms - see /mnt/qtp-sandbox/usr/src/qtp-upgrade/log/build-recent.log Build failed, Exiting. Sorry for trouble, I am newbie in this list toaster. Thank you so much. On Wed, Aug 27, 2008 at 12:59 PM, Eric Shubert [EMAIL PROTECTED] wrote: Don't use CPAN to update your perl modules. (I think I mentioned that in a recent post). Try this: # yum install perl-HTML-Parser If it doesn't find a new enough version (or no version at all), configure your yum to use the RPMforge repository. For instructions on how to do that, you can search the list archive, or (I love this one) see http://dag.wieers.com/rpm/FAQ.php#B2 and do what's appropriate for your OS/Arch. side note I'm beginning to see that a qtp-function would be nice for handling this (installing the RPMforge yum repo). Wouldn't be too tough to do with a script. Could be run automatically by qtp-newmodel, I suppose. /side note Once you have installed the required package(s), run qtp-newmodel once again, and this time be sure to use a fresh sandbox (because the required package isn't in the sandbox that qtp-newmodel created/used the last time it ran, even though you have actually installed it). Things should go fine from there. And remember everyone, update your toaster's perl packages using yum and RPMforge, NOT CPAN. ;) gum trolium wrote: I got this from qtp-newmodel: qtp-build-rpms - rpm -Uvh failed for spamassassin-toaster-3.2.5-1.3.14 qtp-build-rpms - see /mnt/qtp-sandbox/usr/src/qtp-upgrade/log/build-recent.log inside the build-recent.log: Installing spamassassin-toaster-3.2.5-1.3.14 in the sandbox ... error: Failed dependencies: perl(HTML::Parser) = 3.43 is needed by spamassassin-toaster-3.2.5-1.3.14.i686 but when I manually try cpan and install HTML::Parser: Fetching with LWP: ftp://ftp.perl.org/pub/CPAN/modules/03modlist.data.gz Going to read /root/.cpan/sources/modules/03modlist.data.gz Going to write /root/.cpan/Metadata HTML::Parser is up to date. How can I fix it? On Tue, Aug 26, 2008 at 11:11 PM, Eric Shubert [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: gum trolium wrote: I can't upgrade the spamassassin in qtp-newmodel. Then you probably can't upgrade spamassassin manually either. find dependency with perl module problem . one module (xxx:ssl)can't complete the test. what should i do? Is this a build dependency or an install dependency? Please post the actual message(s) from qtp-newmodel's log file. thanks a lot~ On 8/26/08, Tek Support [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: So for a 64bit system is qtp-newmodel worth trying? I'm a bit scared Thanks John On Sat, Aug 23, 2008 at 11:35 AM, Harry Zink [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: On Aug 23, 2008, at 8:45 AM, Eric Shubert wrote: qtp-newmodel, which is part of the qmailtoaster-plus package, is the most reliable way to upgrade. Unless you're on a 64-bit system... I'm sorry Harry, but this is just not true. I've seen no evidence that any of your issues were the result of qtp-newmodel. Your having to do some 'manual' things was more the result of your having other 'issues'. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] some problems
As you said (would have to), how do I determine the order they are run? Is it simply that the DKIM header is added on top of the simscan, thus simscan first and dkim 2nd? Thanks John On Tue, Aug 26, 2008 at 2:14 PM, Eric Shubert [EMAIL PROTECTED] wrote: Simscan does scan outbound mail, but scans only for viruses (clamav), not spam (spamassassin). This is consistent with the message you're seeing. Adding the DK signature would (have to) happen after this scan. Tek Support wrote: Hi Eric, thanks for the quick reply. The reason I think it's doing outbound scanning is a specific line in the header, maybe you can shed some light on it. In an email sent from mydomain to my yahoo accout these are in the headers. The line I'm interrested in, is possibly added by yahoo, but I think it's from me. Received: by simscan 1.3.1 ppid: 4768, pid: 4895, t: 0.0658s scanners: attach: 1.3.1 clamav: 0.93.3 Wouldn't simscan be run on my box, and if so, would it be done before DKIM or after? Thanks John On Tue, Aug 26, 2008 at 9:42 AM, Eric Shubert [EMAIL PROTECTED] wrote: Tek Support wrote: Hi all, recently I had asked if there was a reason to use the port 587 if I installed spamdyke (because spamdyke authenticated my dynamic users and ignored the rbls). Well, maybe I've found something that would still require me to use 587 instead of port 25. I would appreciate any info. As of right now, my staff are using port 25 for outbound - I just didn't see the need to have another port open to the outside when after installing spamdyke, they were able to send and were not blocked as dynamic. But the staff have been having trouble sending to yahoo.com, and in looking at the headers on a message that finally arrived into yahoo (and gmail) the headers show this: Authentication-Results: mta553.mail.mud.yahoo.com from=mydomain.com; domainkeys=fail (bad sig) But I had gone through the process step by step and tested my DKIM with the sourceforge.net sites, and those showed that my dkim seemed accurate. So, anyway in a brilliant flash of light I decided to try port 587, and on my first try I got these headers in an email sent to yahoo and gmail: Received-SPF: pass DomainKey-Status: good Authentication-Results: mx.google.com; spf=pass ... So, I guess my question would be, does something in the spam checking on outbound emails from pop3/smtp users (not imap and squirrelmail) with spamdyke, rewrite the headers after the dkim has processed the email which would cause my DKIM hash to be invalid when yahoo and gmail check it? I don't believe that spam checking is enabled on outgoing mail, at least not in the 'stock' toaster. So the answer is, not that I'm aware of. Note, squirrelmail gets a 'free pass' (open relay), due to the localhost line in the /etc/tcprules/tcp.smtp file. Also, be aware that DK and DKIM are 2 different things. The toaster has a (somewhat broken, at least on the incoming side) DK implementation. The toaster has no DKIM capability. I suppose that DK might work (better) with the port 587 configuration than with port 25. I wouldn't know why though, as I'm not familiar with the problem(s) that DK has. We had a fellow in Russia on the list a while back who fixed some things with it, but we haven't heard from him in quite a while. CentOS 5 x86_64bit Thanks John -- -Eric 'shubes' -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] TLS
Good plan, I'll see if the Mac program (Mail) will accept cacert.org root cert and see what we get. Thanks a lot, John On Tue, Aug 26, 2008 at 12:58 PM, Eric Shubert [EMAIL PROTECTED] wrote: Yes, that should do it. FWIW, you can use cacert.org to sign certificates for free. Unfortunately, cacert.org isn't generally recognized (yet) at an authoritative CA. You can, however, have your uses import cacert's root certificate, then any certificate that you have cacert sign will be recognized by your users. This saves your users from having to import more than one certificate, or re-importing a certificate that has changed (in the case a host name changes or a certificate expires). Tek Support wrote: Ok, I'll see if importing will work also. But initially it said I needed to import it, and I did that, the error I get now is that the name doesn't match. So if I create a new cert with the correct name, then obviously import, that should be the end of the errors. So once I get my staff's computers to import a correctly named cert and the error doesn't come back, I can live with that. Thanks John On Tue, Aug 26, 2008 at 1:51 AM, Jake Vickers [EMAIL PROTECTED] wrote: Tek Support wrote: Thanks, I'll do that, and do I need a 3party signed cert (like HTTPS)? The reason you're getting the other error is because the cert is not signed by a trusted authority. If you don't have it signed by a trusted authority, you'll be getting the same error unless you import the certificate (in which case you might as well import the current one - it's a self signed cert is all). -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
