[qmailtoaster] Re: '451 4.4.0 DNS temporary failure
Is the error is gone now? -- -Eric 'shubes' On 08/27/2013 09:23 PM, Linux wrote: /etc/resolve.conf search domain.com nameserver 8.8.8.8 nameserver 127.0.0.1 but now i install pdns and change it as, #search domain.com #nameserver 8.8.8.8 nameserver 127.0.0.1 Regards, Vivek Patil system admin -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Tuesday, August 27, 2013 8:35 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: '451 4.4.0 DNS temporary failure On 08/27/2013 05:04 AM, Linux wrote: Server error: '451 4.4.0 DNS temporary failure (chkuser)' Can I apply # yum install pdns-recursor # service pdns-recursor start # chkconfig pdns-recursor on Then change /etc/resolv.conf to be: nameserver 127.0.0.1 Regards, Vivek Patil system admin You can. What does your /etc/resolv.conf file presently contain? - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] SPF, DKIM, and now DMARC... a discussion?
Ok, so off-list I've been having this conversation with about 3 other QMT users about SPF QMT. Throughout the discussion, we've talked about SPF handling of both INBOUND mail (the /var/qmail/control/spfbehavior setting which controls how we process other people's SPF records) -and- OUTBOUND mail (the DNS SPF records that tell other people how to handle OUR SPF records). It will come as no surprise to most, but I have some opinions on these -- opinions that it was suggested that I share with this group for discussion; 1) Inbound SPF Mail Processing - Although admittedly reported by others, I have very seldom had issues with QMT processing of SPF records - and when I did, it was usually a DNS error, not a processing one. Still, I agree with Eric that it should be more of a simscan or spamdyke setting than a QMail setting. Be that as it may, I still trust and rely on SPF for minimal SPAM control. NOTE: If simscan and/or spamdyke were to take on SPF, they should also include the DMARC specs as well. - Because I haven't had the problems others have reported (maybe because I use BIND9?), I use a value of *3 (yes, THREE)* in the */var/qmail/control/spfbehavior* file This means that, if a sender has an SPF record and it says to /hard-fail/ unless the rules are met, then by golly, I reject non-compliant messages! However, many (/perhaps even most/?) SPF records are published with a SOFT-FAIL option (~all), so those soft-fails are still permitted through Domains that have NO SPF record, invalid SPF records, or whose DNS lookups fail are also allowed 2) Outbound SPF Mail Processing (a lot more discussion on this one, I suppose) - There are plenty of HOWTO's for this one, but *I* prefer to do the following [using YOUR domain(s) instead of domain.com]: a) Create a TXT record for *spf.domain.com *(and, if supported, a duplicate SPF record) that reads v=spf1 ip4:x.x.x.x *?all* Repeating the ip4 parts for each IP address that your legitimate MTAs may reside While this seems like an EXTRA step, it will help greatly if, later on, you decide to host multiple domains on your server. Why? because if you make each domain a stand-alone SPF record, then when your ISP forces you to change your IP address, you have to make the change in each and every one of your hosted domains' SPF records with the spf.domain.com TXT (and/or SPF) record, you can include the spf record from your domain to their domain and change multiple domains simultaneously. Next, what's with the *?all *at the end? This creates a neutral result for anything that doesn't match the rules so far -- this means that if there is a problem with the include, no pass/fail is set at all. This way, the domain in which you use the include is free to use additional includes and to set their own fail policy (~all or -all). b) So, as alluded to above, the next step is to create TXT (and SPF) records for your actual domain(s) that show: v=spf1 *include:spf.domain.com -all* The include part should make sense now -- but many people question why I use -all (instead of ~all) and the answer for me is simple... I know what I'm doing! LOL! The ~all setting is SUPPOSED to be used while you're testing SPF settings. With the ~all, a mail server (MTA) receiving a message from my domain is supposed to note that there is an error, but let the message pass (unless configured to fail on soft-fail codes as well)... that's essentially not even using SPF! With the -all, I'm telling the likes of Yahoo!, Gmail, etc. that if it says its from my domain, and it isn't from one of MY servers, then kick it back -- it must be bogus. As some of you know, I host quite a bit of email (enough that I now have 3 separate mail servers, each with their own domain lists!)... some of the clients on those mail servers pay extra for MessageLabs (Symantec) to do extra SPAM and AV checking (more than simscan spamdyke)... in doing so, all I have to do for those domains is use the appropriate include:spf.messagelabs.com type statement and I can redirect their mail to the appropriate (or receive their mail from the appropriate) set of servers. In these cases, their SPF records look like: v=spf1 *include:spf.it4soho.com include:spf.messagelabs.com -all* c) The final step takes me back to DNS again... and the newbie to the SPAM fighting arcade: DMARC (see DMARC.org) NOTE: Because DKIM in QMT is essentially break prone (as-in it often fails -- especially for mail from other QMT hosts -- even when all outside tests say things are good), I choose to implement DKIM in a TESTING mode. This isn't important here, except to explain why DKIM is noted in my DMARC record the way that it is ASIDE: If anyone wants to discuss the merits, demerits of DKIM, I'm happy to do so -- I just found that it was broken too often, so I removed it from my configs DMARC is relatively
Re: [qmailtoaster] Re: How to remove cached and buffer memory in Centos server
Hi All, Use Dns Yes is already commented in this file. But still am seeing this message. Can you help me. On Tue, Aug 27, 2013 at 11:52 PM, Eric Shubert e...@shubes.net wrote: On 08/27/2013 08:26 AM, Dan McAllister wrote: On 8/27/2013 10:35 AM, Eric Shubert wrote: I just did this, but I'm sorry to say that it didn't solve my problem entirely. After a few tests, it appears that every other login is quick, and every other login has a delay (20 seconds or so). Seems persistent in that regard (I did a dozen or so tests). Perhaps a nss config issue? Thanks. (P.S. I'm aging here!) ;) Eric -- I thought you were running COS5??? This one in particular is COS5. I'm (slowly) getting things migrated to COS6 because it runs a *lot* better as a KVM (on Proxmox). As soon as I get a certain samba issue ironed out (anyone know about changing the host name on a PDC?), I'll be tackling QMT on COS6. In COS6, there is another set of SSHd configs whose default was changed: *GSSAPI* Like the reverse DNS lookup, you want to TURN OFF this feature: Change to: *GSSAPIAuthentication no* (The other GSSAPI settings don't matter much if you're not permitting AUTH) To my understanding, the GSSAPI functionality is an alternative way of securing your connection for a password-less connection (vs. auth keys) that uses a Kerberos-type auth scheme no thanks... :) Somehow I had GSSAPIAuthentication turned on. I've no idea when/how/why that happened. I turned it off, and *voila*, no more delays! Thanks Dan! You're the bomb-diggity! -- -Eric 'shubes' --**--**- To unsubscribe, e-mail: qmailtoaster-list-unsubscribe@**qmailtoaster.comqmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-help@**qmailtoaster.comqmailtoaster-list-h...@qmailtoaster.com -- *Thanks Best Regards, Manikandan.C *
[qmailtoaster] Re: How to remove cached and buffer memory in Centos server
The commented lines indicate the default values. You need an uncommented line: UseDNS no You also need: GSSAPIAuthentication no Once you've made those changes, you need to restart sshd: # service sshd restart -- -Eric 'shubes' On 08/28/2013 07:18 PM, ChandranManikandan wrote: Hi All, Use Dns Yes is already commented in this file. But still am seeing this message. Can you help me. On Tue, Aug 27, 2013 at 11:52 PM, Eric Shubert e...@shubes.net mailto:e...@shubes.net wrote: On 08/27/2013 08:26 AM, Dan McAllister wrote: On 8/27/2013 10:35 AM, Eric Shubert wrote: I just did this, but I'm sorry to say that it didn't solve my problem entirely. After a few tests, it appears that every other login is quick, and every other login has a delay (20 seconds or so). Seems persistent in that regard (I did a dozen or so tests). Perhaps a nss config issue? Thanks. (P.S. I'm aging here!) ;) Eric -- I thought you were running COS5??? This one in particular is COS5. I'm (slowly) getting things migrated to COS6 because it runs a *lot* better as a KVM (on Proxmox). As soon as I get a certain samba issue ironed out (anyone know about changing the host name on a PDC?), I'll be tackling QMT on COS6. In COS6, there is another set of SSHd configs whose default was changed: *GSSAPI* Like the reverse DNS lookup, you want to TURN OFF this feature: Change to: *GSSAPIAuthentication no* (The other GSSAPI settings don't matter much if you're not permitting AUTH) To my understanding, the GSSAPI functionality is an alternative way of securing your connection for a password-less connection (vs. auth keys) that uses a Kerberos-type auth scheme no thanks... :) Somehow I had GSSAPIAuthentication turned on. I've no idea when/how/why that happened. I turned it off, and *voila*, no more delays! Thanks Dan! You're the bomb-diggity! -- -Eric 'shubes' --__--__- To unsubscribe, e-mail: qmailtoaster-list-unsubscribe@__qmailtoaster.com mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-help@__qmailtoaster.com mailto:qmailtoaster-list-h...@qmailtoaster.com -- */Thanks Best Regards, Manikandan.C /* - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: Mailer -daemon failure notice
Hi All, Again i received below message when we send email to any one and getting bounce with unwanted emails are showing also. I have to mention other thing. Am using outgoing server other smtp server. Is any problem occur from outgoing smtp server. Please help me. Below All ip and email address is not ours. Hi. This is the qmail-send program at mail.panasiagroup.net. I tried to deliver a bounce message to this address, but the bounce bounced! jk...@stsinspect.com: User and password not set, continuing without authentication. jk...@stsinspect.com 72.167.238.29 failed after I sent the message. Remote host said: 552 5.2.0 H1Dm1m00r2XfecZ011DoK1 IB212 msg rejected as spam harms...@supanet.com: User and password not set, continuing without authentication. harms...@supanet.com 213.40.180.222 failed after I sent the message. Remote host said: 550-This message contains a virus or other harmful content 550 (Sanesecurity.Spam.ldb.59.UNOFFICIAL) --- Below this line is the original bounce. Return-Path: Received: (qmail 21062 invoked for bounce); 28 Aug 2013 15:27:45 - Date: 28 Aug 2013 15:27:45 - From: mailer-dae...@mail.panasiagroup.net To: ravindran.recruiter+caf_=ravi=panasiagroup@gmail.com Subject: failure notice Hi. This is the qmail-send program at mail.panasiagroup.net. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. ear...@familyaccess.net: Sorry, I couldn't find a mail exchanger or IP address. (#5.4.4) itcpubli...@flashmail.com: User and password not set, continuing without authentication. 173.194.79.27 does not like recipient. Remote host said: 550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient's email address for typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596hb3si7063498pac.65 - gsmtp Giving up on 173.194.79.27. cmo...@filmgraphics.com: User and password not set, continuing without authentication. 173.194.79.27 does not like recipient. Remote host said: 550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient's email address for typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596bo2si6500759pbb.44 - gsmtp Giving up on 173.194.79.27. c...@farbeduciel.com: User and password not set, continuing without authentication. 66.39.2.47 does not like recipient. Remote host said: 554 5.7.1 c...@farbeduciel.com: Recipient address rejected: Access denied Giving up on 66.39.2.47. home...@fastwebnet.it: User and password not set, continuing without authentication. home...@fastwebnet.it 85.18.95.16 failed after I sent the message. Remote host said: 554 Message refused hannu.sydanm...@fi.abb.com: User and password not set, continuing without authentication. 129.35.204.80 does not like recipient. Remote host said: 550 Denied by policy. Giving up on 129.35.204.80. joshcot...@familyfed.org: User and password not set, continuing without authentication. 67.227.135.108 does not like recipient. Remote host said: 550 No Such User Here Giving up on 67.227.135.108. gringo...@fastmail.fm: User and password not set, continuing without authentication. 66.111.4.71 does not like recipient. Remote host said: 552 5.7.1 gringo...@fastmail.fm: Recipient address rejected: User has been over quota for 1 week, email rejected Giving up on 66.111.4.71. leonlthur...@fairview.org: User and password not set, continuing without authentication. leonlthur...@fairview.org 208.84.65.44 failed after I sent the message. Remote host said: 550 5.1.1 User Unknown - Please check the email address and try again. Otherwise, please contact the person and verify the address is correct --- Below this line is a copy of the message. Return-Path: ravindran.recruiter+caf_=ravi=panasiagroup@gmail.com Received: (qmail 20726 invoked by uid 89); 28 Aug 2013 15:27:21 - Received: by simscan 1.4.0 ppid: 20651, pid: 20709, t: 0.4102s scanners: attach: 1.4.0 clamav: 0.97.8/m:54/d:17761 spam: 3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on mail.panasiagroup.net X-Spam-Level: *** X-Spam-Status: No, score=3.8 required=10.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,EMPTY_MESSAGE,FREEMAIL_FROM,LOTS_OF_MONEY, MONEY_FORM_SHORT,RDNS_NONE,T_FILL_THIS_FORM_SHORT autolearn=no version=3.3.2 Received: from unknown (HELO mail-ob0-f177.google.com) (209.85.214.177) by mail.panasiagroup.net with (RC4-SHA encrypted) SMTP; 28 Aug 2013 15:27:21 - Received-SPF: pass (mail.panasiagroup.net: SPF record at _ netblocks.google.com designates 209.85.214.177 as permitted sender) Received: by mail-ob0-f177.google.com with SMTP id f8so6742190obp.8 for r...@panasiagroup.net; Wed, 28 Aug 2013 08:27:19 -0700 (PDT) X-Received: by 10.60.115.164 with SMTP id
[qmailtoaster] Some emails are going to spam or junk box to some recipients
Hi All, Still am facing this kind of issue some emails are going to spam and junk box in recipient email boxes. Can you please help me this. -- *Thanks Best Regards, Manikandan.C *
[qmailtoaster] My Email clients are hanging and disconnected frequently
Hi All, I am using Qmailtoaster with courier imap and my total mailboxes is around 100. Some email mailbox is very large from 10 to 15 GB. At a time all users accessing emails from outlook or thunderbird or squirrelmail email client. My server is hosting in our Main office. Problem is if main office 20 users accessing emails through outlook still they are facing hang and disconnected frequently. Same issue face in our branch office also. When they switch from inbox to any other folder hanging and not able to see the mails. Am planning to migrate from courier to dovecot. If i migrate my above query will solved or still do i face this issue. or do i need to change settings in courier imapd config file. I want to solve this issue permanently. My server config is 500GB and 10 GB RAM and our main office internet speed is upload and download 30 MB Fibre optic broadband. Centos 5.7. 32 Bit. Kindly help me any one, -- *Thanks Best Regards, Manikandan.C * *System Admin*
Re: [qmailtoaster] My Email clients are hanging and disconnected frequently
We need an autoresponder for this question...convert to Dovecot. Instructions on the wiki. On 08/28/2013 09:51 PM, ChandranManikandan wrote: Hi All, I am using Qmailtoaster with courier imap and my total mailboxes is around 100. Some email mailbox is very large from 10 to 15 GB. At a time all users accessing emails from outlook or thunderbird or squirrelmail email client. My server is hosting in our Main office. Problem is if main office 20 users accessing emails through outlook still they are facing hang and disconnected frequently. Same issue face in our branch office also. When they switch from inbox to any other folder hanging and not able to see the mails. Am planning to migrate from courier to dovecot. If i migrate my above query will solved or still do i face this issue. or do i need to change settings in courier imapd config file. I want to solve this issue permanently. My server config is 500GB and 10 GB RAM and our main office internet speed is upload and download 30 MB Fibre optic broadband. Centos 5.7. 32 Bit. Kindly help me any one, -- Thanks Best Regards, Manikandan.C System Admin --
RE: [qmailtoaster] Re: '451 4.4.0 DNS temporary failure
Yes it solved. Regards, Vivek Patil system admin -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Wednesday, August 28, 2013 8:18 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: '451 4.4.0 DNS temporary failure Is the error is gone now? -- -Eric 'shubes' On 08/27/2013 09:23 PM, Linux wrote: /etc/resolve.conf search domain.com nameserver 8.8.8.8 nameserver 127.0.0.1 but now i install pdns and change it as, #search domain.com #nameserver 8.8.8.8 nameserver 127.0.0.1 Regards, Vivek Patil system admin -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Tuesday, August 27, 2013 8:35 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: '451 4.4.0 DNS temporary failure On 08/27/2013 05:04 AM, Linux wrote: Server error: '451 4.4.0 DNS temporary failure (chkuser)' Can I apply # yum install pdns-recursor # service pdns-recursor start # chkconfig pdns-recursor on Then change /etc/resolv.conf to be: nameserver 127.0.0.1 Regards, Vivek Patil system admin You can. What does your /etc/resolv.conf file presently contain? - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] My Email clients are hanging and disconnected frequently
Aside from converting to dovecot for IMAP, I also use JFS instead of EXT3. I do not think EXT3 is up to the task anymore. Are you on any RAID? Best wishes, Edwin On Thursday, 29 August, 2013 12:53 PM, cj yother wrote: We need an autoresponder for this question...convert to Dovecot. Instructions on the wiki. On 08/28/2013 09:51 PM, ChandranManikandan wrote: Hi All, I am using Qmailtoaster with courier imap and my total mailboxes is around 100. Some email mailbox is very large from 10 to 15 GB. At a time all users accessing emails from outlook or thunderbird or squirrelmail email client. My server is hosting in our Main office. Problem is if main office 20 users accessing emails through outlook still they are facing hang and disconnected frequently. Same issue face in our branch office also. When they switch from inbox to any other folder hanging and not able to see the mails. Am planning to migrate from courier to dovecot. If i migrate my above query will solved or still do i face this issue. or do i need to change settings in courier imapd config file. I want to solve this issue permanently. My server config is 500GB and 10 GB RAM and our main office internet speed is upload and download 30 MB Fibre optic broadband. Centos 5.7. 32 Bit. Kindly help me any one, -- Thanks Best Regards, Manikandan.C System Admin --
[qmailtoaster] 571 sorry, you are violating our security policies
Team, when I sent the mail in my domain user from my same domain email id, I got an error, 571 sorry, you are violating our security policies (#5.7.1 - chkuser) when I checked in qcontrol I found an error, delivery 1678: deferral: write_failed_errno_=_28/system_error/ Regards, Vivek Patil system admin