Re: [qmailtoaster] Re: Logs Problem
Hi Eric, yes. I've added that line. I will see if it works. Thanks Regards, A. Eric Shubert ha scritto: Digital Instruments - Toaster List wrote: Greetings list, on 25 Gen 2010 my logs stopped to be sent via e-mail to my log e-mail. Since I'm not sure it's a qmail problem (it could be related to logwatch) is there any method I can use for check if isoqlog is working correctly? Thanks, Alberto. I'm guessing that you're talking about the output from logwatch being emailed to you. TTBOMK that's specified in the /etc/logwatch/conf/logwatch.conf file. It should contain something like: # Local configuration options go here (defaults are in # /usr/share/logwatch/default.conf/logwatch.conf) MailTo = acco...@mydomain.com Nessun virus nel messaggio in arrivo. Controllato da AVG - www.avg.com Versione: 9.0.733 / Database dei virus: 271.1.1/2648 - Data di rilascio: 01/27/10 08:36:00 -- Cordialmente, --- Alberto Guzzetti - RD Network Administrator alberto.guzze...@digital-instruments.it Digital Instruments S.r.l. Via Parco degli Scout, 13 - 20091 Bresso (MI) Tel: +39 02 66506250 Fax: +39 02 66506103 www.digital-instruments.it --- Le informazioni, i dati ed il contenuto della comunicazione che precede, nonch i suoi eventuali allegati, hanno carattere strettamente confidenziale o comunque non accessibile al pubblico, e sono destinati esclusivamente al destinatario. La loro diffusione, divulgazione, copiatura o utilizzo da parte di soggetti diversi da quest'ultimo proibita ai sensi del D. Lgs. 196/2003 (Testo Unico Privacy). Il contenuto della comunicazione che precede, nonch i suoi eventuali allegati, possono inoltre essere tutelati dal segreto professionale, dal diritto d'autore, da brevetto, da marchio registrato o da altro diritto di privativa. La loro diffusione, divulgazione, copiatura o utilizzo da parte di soggetti diversi dal titolare del diritto quindi proibita anche ai sensi della normativa di legge in materia, nonch perseguibile legalmente. Qualora la comunicazione che precede sia stata da Voi ricevuta per errore, del quale ci scusiamo, Vi preghiamo di comunicarcelo immediatamente e di cancellarla senza diffonderla, riprodurla o utilizzarla in alcun modo. Grazie per la collaborazione. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Diese E-Mail enthält vertrauliche und/ oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet. Nessun virus nel messaggio in uscita. Controllato da AVG - www.avg.com Versione: 9.0.733 / Database dei virus: 271.1.1/2650 - Data di rilascio: 01/27/10 20:36:00 - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Allow sending of emails only after approval - How to do?
Hi, Is there a way to restrict emails sent to outside world to be restricted using some access control lists? - Depending upon the access control, the users are either allowed to send emails to outside world else they are restricted to internal (same domain) email sending. - Also, I would like to restrict sending of emails to the internal GROUP ids from the same domain user. For Eg: We have a group id 'every...@test.com' consisting of all the users of the domain, test.com. Then, x...@test.com should not be able to send email to this group until the mail has been authorized by the admin else dropped. How can we achieve this? Regards, Atul Paralikar
Re: [qmailtoaster] Protection against spam coming from within your email server
Hi Regarding the spam mail generated through a authenticated user, today i have send a test mail and checked with gmail account for spamming, i changed the from address as a...@xyz.com and i used the authentication through a valid gmail account x...@gmail.com. The beauty is that the FROM address has changed to x...@gmail.com instead of a...@xyz.com and the message is properly delivered to the mentioned recipient. NOTE Eventhough i changed the from address and tried to do spamming, gmail server changes the from address as a authentiacted user email id, so their IP will not be listed in RBL. Is it possible in qmailtoaster to implement like this. As per Rajesh suggestion, we can limit the number of connections later. I think, by doing this we can prevent our server IP from rbl list. Jake and Eric i am looking forward for your comments on this. Best Regards Vinay On 12/12/09, Rajesh M 24x7ser...@24x7server.net wrote: hi we run qmail toaster on our all our email servers. qmailtoaster provided great protection against external spam but to date i am quite helpless against spam coming from within the server or the misuse of the same by own customers i am quoting below my experiences 1) authenticated sender spamming qmailtoaster smtp is built in such a way that once authenticated it allows sending out emails immaterial of whether the envelope sender is a domain on the server or not. example in my outlook express i create a dummy email id ; x...@yahoo.com as the mail from and reply to. for authentication i use some use...@domain_on_server.com and password ... and thats it i can send any no of emails with the mailfrom as a dummy yahoo account. this is how spamming has been taking place thru my server since some smart hacker picks up the smtp auth userid and password of some client of mine and misuses it. 2) clients misusing the system my own clients can misuse the system. they purchase email service for one single domain and use the smtp auth information for sending out emails with the mailfrom as their other domains 3) at present there is no check on the number of emails per hour / per day been implemented, there is no such restrictions in qmail ... work around solutions that i am looking at is as such i have created absolutely non-standard ports for my clients i have analysed smtp traffic during different times of day example during night time the traffic is very low and during day time from 10 am to 6 pm it is at the peak i used simple iptables rules to block ips which trespass the limits one rule for daytime and one rule for night time which are added / removed automtically by a cron job. RULE BETWEEN 10 AM AND 6 PM iptables -I INPUT -p tcp --dport 25 -i eth0 -m state --state NEW -m recent --set iptables -I INPUT -p tcp --dport 25 -i eth0 -m state --state NEW -m recent --update --seconds 120 --hitcount 90 -j DROP RULE BETWEEN 6 PM UPTO 10 AM iptables -I INPUT -p tcp --dport 5225 -i eth0 -m state --state NEW -m recent --set iptables -I INPUT -p tcp --dport 5225 -i eth0 -m state --state NEW -m recent --update --seconds 120 --hitcount 30 -j DROP also building a queue monitoring tool -- checking the queue and if the no of emails exceed a specified limit, the tool will pickup ips from the emails in the queue and block them thanks rajesh - Qmailtoaster is sponsored by Vickers Consulting Group ( www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: Succession of strange problem...
Eric Shubert wrote: Kaven Gagnon wrote: Hi, since a few days, I got some strange issues on a Qmail Toaster, which was running without any flaw for two years. It begin with false positive spam detection on legitimate e-mail. Most of them highly score 60 to 105 with Spam Assassin. Strangely, I reboot the server and it solve this problem. After come the duplicate e-mail problem. Every new incoming e-mail are doubled. Not all user are affected by this problem. The server is not on high load and plenty of resources available. Same for disk space. And then, a specific forward to mailbox that simply not working. User received this error message: addr...@domain.tld: /bin/sh: .w: command not found I'm not going to try again; this message has been in the queue too long. (sh symlink to bash is present on /bin...) Any clue about this? Thanks for your help! Kaven G. - Kaven, 1) see post on this list on 1/1/2010 about spamassassin Y2K10 bug. 2) duplicates typically happen when server is under heavy load. Early clamav 0.9x releases had some problem. if you're running an early 0.9x version of clamav, upgrade. Check that DNS is working properly, and there are no errors in spamd log. 3) Be sure there's no .qmail forward file in the user's directory, then try deleting and recreating the forward file using qmailadmin (web). so as I understand it from http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg25989.html You can fix it by adding the following to your local.cf and restarting spamassassin. scoreFH_DATE_PAST_20XX0.0 how do i know if I have the version of spamassassin that might have this problem? and if I maight ask what is ment by 3) Be sure there's no .qmail forward file in the user's directory, then try deleting and recreating the forward file using qmailadmin does that mean an individual user dir? - basically what would be an example of a path to such a usr dir. thanks - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: Succession of strange problem...
Hi Jim and Eric, I tried to apply the solution for the SA 2010 problem but it doesn't solve the problem. Some mails still intercepted as high score spam without any reason. I also try to white list one of theses e-mail address but it seem to ignore totally local.cf. I temporarily raise the score level to 105 to work around this problem for now... About the double e-mail problem, I really don't know what's going on... the machine is really comfortable on system resources. I've examination every log file and there is no error. I also update to latest toaster version last night, so clam and sa are up2date... About the forward, it solved the problem. I've noticed garbage in the .qmail file. Delete and re-create did it. Thanks regards, Kaven G. Kaven Gagnon wrote: Hi, since a few days, I got some strange issues on a Qmail Toaster, which was running without any flaw for two years. It begin with false positive spam detection on legitimate e-mail. Most of them highly score 60 to 105 with Spam Assassin. Strangely, I reboot the server and it solve this problem. After come the duplicate e-mail problem. Every new incoming e-mail are doubled. Not all user are affected by this problem. The server is not on high load and plenty of resources available. Same for disk space. And then, a specific forward to mailbox that simply not working. User received this error message: addr...@domain.tld: /bin/sh: .w: command not found I'm not going to try again; this message has been in the queue too long. (sh symlink to bash is present on /bin...) Any clue about this? Thanks for your help! Kaven G. - Kaven, 1) see post on this list on 1/1/2010 about spamassassin Y2K10 bug. 2) duplicates typically happen when server is under heavy load. Early clamav 0.9x releases had some problem. if you're running an early 0.9x version of clamav, upgrade. Check that DNS is working properly, and there are no errors in spamd log. 3) Be sure there's no .qmail forward file in the user's directory, then try deleting and recreating the forward file using qmailadmin (web). -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Allow sending of emails only after approval - How to do?
Atul, eMPF does exactly what you are asking for. look here for instructions: http://www.qmailwiki.org/EMPF The more recent qmail-toaster releases include empf. Dave Atul Paralikar wrote: Hi, Is there a way to restrict emails sent to outside world to be restricted using some access control lists? - Depending upon the access control, the users are either allowed to send emails to outside world else they are restricted to internal (same domain) email sending. - Also, I would like to restrict sending of emails to the internal GROUP ids from the same domain user. For Eg: We have a group id every...@test.com consisting of all the users of the domain, test.com. Then, x...@test.com should not be able to send email to this group until the mail has been authorized by the admin else dropped. How can we achieve this? Regards, Atul Paralikar - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] qmail tree permissions/ownerships
I just fixed up a server where the ownership of some of the qmail files became corrupted. Not sure exactly how it happened (related to named), but it got me to thinking. Would a script that checks/fixes permission bits and ownership of the qmt files be useful? Sort of like queue_repair.py fixes up the queue, but this would fix all QMT related files. Does anyone have such a thing? How useful would it be to have? -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] qmail tree permissions/ownerships
I think that toaster spec file is a good start. Write a script from there should be easy. On Thu, Jan 28, 2010 at 5:41 PM, Eric Shubert e...@shubes.net wrote: I just fixed up a server where the ownership of some of the qmail files became corrupted. Not sure exactly how it happened (related to named), but it got me to thinking. Would a script that checks/fixes permission bits and ownership of the qmt files be useful? Sort of like queue_repair.py fixes up the queue, but this would fix all QMT related files. Does anyone have such a thing? How useful would it be to have? -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- [ ]'s Aledr - Alexandre OpenSource Solutions for SmallBusiness Problems - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: Succession of strange problem...
Kaven Gagnon wrote: Hi Jim and Eric, I tried to apply the solution for the SA 2010 problem but it doesn't solve the problem. Some mails still intercepted as high score spam without any reason. I also try to white list one of theses e-mail address but it seem to ignore totally local.cf. I temporarily raise the score level to 105 to work around this problem for now... About the double e-mail problem, I really don't know what's going on... the machine is really comfortable on system resources. I've examination every log file and there is no error. I also update to latest toaster version last night, so clam and sa are up2date... About the forward, it solved the problem. I've noticed garbage in the .qmail file. Delete and re-create did it. where is this .qmail file that you speak of - ? thanks - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: Fetch Mail Alternative
You don't need to forward the whole domain. You can forward only the users that use the local server. Unless I misunderstand what you're saying. senthil vel wrote: Dear Eric, Thanks for your suggestion. The thing is the main server is located in the datacenter. The local server is in our office. We are using the local server to fetch mails to our outlook (Internet is restricted to all users). Few users are there, called as roaming users, they will be located in different geographical location, They will use the main server to download mails. So that i cant implement this. Regards, S.Senthilvel On Thu, Jan 28, 2010 at 8:55 AM, Eric Shubert e...@shubes.net mailto:e...@shubes.net wrote: senthil vel wrote: Dear List, We are using qmailtoaster in two places. Both are working excellently. One server will be available for the external world. It will receive all the mails. The local server will fetch mails from the main server and deliver to the users. Now the number of users are increased (around 500). Now the time to complete one cycle of the fetch mail has been increased. In future, the number of user may increased further. Is there any possibility to run the fetch mail in multiple instances? or is there any alternatives can be used for fetch mails? Please provide your suggestions. Thanks and Regards, S.Senthilvel. Can you eliminate fetchmail on the local server and configure the external server to deliver to directly to the local server using smtproutes? -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com http://www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com http://qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com mailto:qmailtoaster-list-h...@qmailtoaster.com -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: Succession of strange problem...
Jim Shupert wrote: Kaven Gagnon wrote: Hi Jim and Eric, I tried to apply the solution for the SA 2010 problem but it doesn't solve the problem. Some mails still intercepted as high score spam without any reason. I also try to white list one of theses e-mail address but it seem to ignore totally local.cf. I temporarily raise the score level to 105 to work around this problem for now... About the double e-mail problem, I really don't know what's going on... the machine is really comfortable on system resources. I've examination every log file and there is no error. I also update to latest toaster version last night, so clam and sa are up2date... About the forward, it solved the problem. I've noticed garbage in the .qmail file. Delete and re-create did it. where is this .qmail file that you speak of - ? thanks - In the user's directory: /home/vpopmail/domainname/username/. (replace domainname and username with appropriate values) -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: General Server Question
PakOgah wrote: Amit wrote: Hi Everyone, I want to ask general question that is it a good option if I configure Squid proxy and Qmail Toaster on 1 server? This way I can reduce a separate hardware cost for proxy server and mail server. Also if I configure squid proxy in transparent mode will it affect my webmail service? Thanks and regards, Amit no problem at all. as long as you squid's and qmail's cpu/memory load still can be handled by your server. if not, upgrade your server - Or tune up your QMT. Jake a great video on this. And use spamdyke if you don't already. That really lightens the load. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: Allow sending of emails only after approval - How to do?
Good solution, Dave. I don't know eMPF well at all, but I think it would be your best solution. If your second requirement can't be done with eMPF, it could be done with a mail list (mailman for sure, not sure about ezmlm), but that would be a more complicated solution I'm sure. Dave Hallowell wrote: Atul, eMPF does exactly what you are asking for. look here for instructions: http://www.qmailwiki.org/EMPF The more recent qmail-toaster releases include empf. Dave Atul Paralikar wrote: Hi, Is there a way to restrict emails sent to outside world to be restricted using some access control lists? - Depending upon the access control, the users are either allowed to send emails to outside world else they are restricted to internal (same domain) email sending. - Also, I would like to restrict sending of emails to the internal GROUP ids from the same domain user. For Eg: We have a group id ‘every...@test.com’ consisting of all the users of the domain, test.com. Then, x...@test.com mailto:x...@test.com should not be able to send email to this group until the mail has been authorized by the admin else dropped. How can we achieve this? Regards, Atul Paralikar - -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: Fetch Mail Alternative
On 01/27/2010 10:44 PM, senthil vel wrote: Dear Eric, Thanks for your suggestion. The thing is the main server is located in the datacenter. The local server is in our office. We are using the local server to fetch mails to our outlook (Internet is restricted to all users). Few users are there, called as roaming users, they will be located in different geographical location, They will use the main server to download mails. So that i cant implement this. You could do something like I show you how to setup in my replicating video series. You could even limit it to specific users/folders if you want to code it all out in the replication phase. - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Protection against spam coming from within your email server
On 01/28/2010 12:41 PM, karpaha vinayaham wrote: Hi Regarding the spam mail generated through a authenticated user, today i have send a test mail and checked with gmail account for spamming, i changed the from address as a...@xyz.com mailto:a...@xyz.com and i used the authentication through a valid gmail account x...@gmail.com mailto:x...@gmail.com. The beauty is that the FROM address has changed to x...@gmail.com mailto:x...@gmail.com instead of a...@xyz.com mailto:a...@xyz.com and the message is properly delivered to the mentioned recipient. NOTE Eventhough i changed the from address and tried to do spamming, gmail server changes the from address as a authentiacted user email id, so their IP will not be listed in RBL. Is it possible in qmailtoaster to implement like this. As per Rajesh suggestion, we can limit the number of connections later. I think, by doing this we can prevent our server IP from rbl list. Jake and Eric i am looking forward for your comments on this. No, you cannot do this. I guess you could write a perl script wrapper around the deliver portion of Qmail and rewrite the message, but that's beyond what this project does.
Re: [qmailtoaster] Re: Succession of strange problem...
On 01/28/2010 02:19 PM, Kaven Gagnon wrote: Hi Jim and Eric, I tried to apply the solution for the SA 2010 problem but it doesn't solve the problem. Some mails still intercepted as high score spam without any reason. I also try to white list one of theses e-mail address but it seem to ignore totally local.cf. I temporarily raise the score level to 105 to work around this problem for now... About the double e-mail problem, I really don't know what's going on... the machine is really comfortable on system resources. I've examination every log file and there is no error. I also update to latest toaster version last night, so clam and sa are up2date... About the forward, it solved the problem. I've noticed garbage in the .qmail file. Delete and re-create did it. Show us a message header and some log files. - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: Protection against spam coming from within your email server
Let me see if I can paraphrase what you're saying. gmail's outbound server forces the from address to be the same as the address which was used to authenticate the submission. Is that correct? While this would eliminated forged headers, I fail to see what it would accomplish. I don't see how it would keep a server's IP address from being listed in an RBL. In addition, I suspect that it would go against the RFCs for handling of email. I'm not certain of this though. Would someone care to look it up? As Jake mentioned, this would require some customized programming to accomplish. This is not something we typically do. I haven't yet read and thought about Rajesh's writing. I apologize for that. It certainly deserves some careful deliberation. -- -Eric 'shubes' karpaha vinayaham wrote: Hi Regarding the spam mail generated through a authenticated user, today i have send a test mail and checked with gmail account for spamming, i changed the from address as a...@xyz.com mailto:a...@xyz.com and i used the authentication through a valid gmail account x...@gmail.com mailto:x...@gmail.com. The beauty is that the FROM address has changed to x...@gmail.com mailto:x...@gmail.com instead of a...@xyz.com mailto:a...@xyz.com and the message is properly delivered to the mentioned recipient. NOTE Eventhough i changed the from address and tried to do spamming, gmail server changes the from address as a authentiacted user email id, so their IP will not be listed in RBL. Is it possible in qmailtoaster to implement like this. As per Rajesh suggestion, we can limit the number of connections later. I think, by doing this we can prevent our server IP from rbl list. Jake and Eric i am looking forward for your comments on this. Best Regards Vinay On 12/12/09, *Rajesh M* 24x7ser...@24x7server.net mailto:24x7ser...@24x7server.net wrote: hi we run qmail toaster on our all our email servers. qmailtoaster provided great protection against external spam but to date i am quite helpless against spam coming from within the server or the misuse of the same by own customers i am quoting below my experiences 1) authenticated sender spamming qmailtoaster smtp is built in such a way that once authenticated it allows sending out emails immaterial of whether the envelope sender is a domain on the server or not. example in my outlook express i create a dummy email id ; x...@yahoo.com mailto:x...@yahoo.com as the mail from and reply to. for authentication i use some use...@domain_on_server.com mailto:use...@domain_on_server.com and password ... and thats it i can send any no of emails with the mailfrom as a dummy yahoo account. this is how spamming has been taking place thru my server since some smart hacker picks up the smtp auth userid and password of some client of mine and misuses it. 2) clients misusing the system my own clients can misuse the system. they purchase email service for one single domain and use the smtp auth information for sending out emails with the mailfrom as their other domains 3) at present there is no check on the number of emails per hour / per day been implemented, there is no such restrictions in qmail ... work around solutions that i am looking at is as such i have created absolutely non-standard ports for my clients i have analysed smtp traffic during different times of day example during night time the traffic is very low and during day time from 10 am to 6 pm it is at the peak i used simple iptables rules to block ips which trespass the limits one rule for daytime and one rule for night time which are added / removed automtically by a cron job. RULE BETWEEN 10 AM AND 6 PM iptables -I INPUT -p tcp --dport 25 -i eth0 -m state --state NEW -m recent --set iptables -I INPUT -p tcp --dport 25 -i eth0 -m state --state NEW -m recent --update --seconds 120 --hitcount 90 -j DROP RULE BETWEEN 6 PM UPTO 10 AM iptables -I INPUT -p tcp --dport 5225 -i eth0 -m state --state NEW -m recent --set iptables -I INPUT -p tcp --dport 5225 -i eth0 -m state --state NEW -m recent --update --seconds 120 --hitcount 30 -j DROP also building a queue monitoring tool -- checking the queue and if the no of emails exceed a specified limit, the tool will pickup ips from the emails in the queue and block them thanks rajesh - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com http://www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today!
RE: [qmailtoaster] Re: Allow sending of emails only after approval - How to do?
Dave / Eric, If I plan to use eMPF, will it effect my current setup of QmailToaster? is it compatible with QMT? Can mailman polices be defined per domain and deliver emails of users only after approval? Is the mailman similar to group email ids? - Atul -Original Message- From: news [mailto:n...@ger.gmane.org] On Behalf Of Eric Shubert Sent: Friday, January 29, 2010 6:47 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: Allow sending of emails only after approval - How to do? Good solution, Dave. I don't know eMPF well at all, but I think it would be your best solution. If your second requirement can't be done with eMPF, it could be done with a mail list (mailman for sure, not sure about ezmlm), but that would be a more complicated solution I'm sure. Dave Hallowell wrote: Atul, eMPF does exactly what you are asking for. look here for instructions: http://www.qmailwiki.org/EMPF The more recent qmail-toaster releases include empf. Dave Atul Paralikar wrote: Hi, Is there a way to restrict emails sent to outside world to be restricted using some access control lists? - Depending upon the access control, the users are either allowed to send emails to outside world else they are restricted to internal (same domain) email sending. - Also, I would like to restrict sending of emails to the internal GROUP ids from the same domain user. For Eg: We have a group id 'every...@test.com' consisting of all the users of the domain, test.com. Then, x...@test.com mailto:x...@test.com should not be able to send email to this group until the mail has been authorized by the admin else dropped. How can we achieve this? Regards, Atul Paralikar - -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com