Re: [qmailtoaster] TLS reason: 503_MAIL_first_(#5.5.1)
hello it does not work i get the same error. auth: (unknown) encryption: (none) reason: 503_MAIL_first_(#5.5.1) rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 18 Jun 2019 09:25:59 -0600 Subject: yes, tls-level=none On 6/18/2019 9:19 AM, Rajesh M wrote: > tls-level=smtp ? - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] TLS reason: 503_MAIL_first_(#5.5.1)
eric should i comment the line in the spamdyke.conf tls-level=smtp ? #tls-certificate-file=/var/qmail/control/servercert.pem tls-level=smtp also please do note that this issue is occurring only for emails received from one single external domain. rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 18 Jun 2019 09:14:27 -0600 Subject: In /etc/spamdyke/spamdyke.conf set 'tls-level' to 'none'. tls-level=none allow qmail to do the tls and see if it works. On 6/18/2019 9:07 AM, Rajesh M wrote: > eric > > in the spamdyke.conf i can see this > tls-certificate-file=/var/qmail/control/servercert.pem > > also i am using the > /var/qmail/control/servercert.pem > for domain key signing of outgoing emails. > > rajesh > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Tue, 18 Jun 2019 08:52:13 -0600 > Subject: > > So you have spamdyke doing the TLS? > > On 6/18/2019 8:38 AM, Rajesh M wrote: >> Hi >> >> ISSUE 1 >> all of a sudden we are receiving error on one of our servers for one >> specific sender domain (sending from microsoft server) >> >> the sender domain is not able to send emails to the recepient domain on our >> server. The email bounces with the following error >> encryption: TLS reason: 503_MAIL_first_(#5.5.1) >> >> 06/18/2019 19:33:16 LOG OUTPUT TLS >> DENIED_OTHER from: rethish.n...@sender.com to: nominati...@dxb.recepient.com >> origin_ip: 40.107.69.126 origin_rdns: >> mail-eopbgr690126.outbound.protection.outlook.com auth: (unknown) >> encryption: TLS reason: 503_MAIL_first_(#5.5.1) >> 06/18/2019 19:33:16 FROM REMOTE TO CHILD: 6 bytes TLS >> QUIT >> 06/18/2019 19:33:16 LOG OUTPUT TLS >> ERROR(tls_write()@tls.c:678): unable to write to SSL/TLS stream: The >> operation failed due to an I/O error, Connection reset by peer >> ERROR(output_writeln()@log.c:104): unable to write 27 bytes to file >> descriptor 1: Connection reset by peer >> 06/18/2019 19:33:16 FROM CHILD TO REMOTE: 27 bytes TLS >> 221 ns1.HOSTNAME.com >> 06/18/2019 19:33:16 LOG OUTPUT TLS >> ERROR(tls_read()@tls.c:620): unable to read from SSL/TLS stream: The >> operation failed due to an I/O error, Unexpected EOF found >> >> 06/18/2019 19:33:16 - TLS ended and closed >> >> >> the error log of spamdyke full-log-dir is give below follows >> >> >> ISSUE 2 >> also i noted that spamdyke log mentions as such >> reset address space soft limit to infinity: please stop using the softlimit >> program >> >> What exactly does this mean. What is the alternative to prevent large files >> should i disable softlimit program in >> /usr/bin/softlimit -m 6400 \ >> in the smtp run file >> >> require your kind help in resolving the above 2 issues >> >> thanks >> rajesh >> >> 06/18/2019 19:32:54 STARTED: VERSION = 5.0.1+TLS+CONFIGTEST+DEBUG, PID = >> 19829 >> >> 06/18/2019 19:32:54 CURRENT ENVIRONMENT >> PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin >> PWD=/var/qmail/supervise/smtp >> SHLVL=0 >> PROTO=TCP >> TCPLOCALIP=103.241.181.154 >> TCPLOCALPORT=25 >> TCPLOCALHOST=ns1.HOSTNAME.com >> TCPREMOTEIP=40.107.69.126 >> TCPREMOTEPORT=42264 >> BADMIMETYPE= >> BADLOADERTYPE=M >> QMAILQUEUE=/var/qmail/bin/simscan >> CHKUSER_START=ALWAYS >> CHKUSER_RCPTLIMIT=50 >> CHKUSER_WRONGRCPTLIMIT=10 >> NOP0FCHECK=1 >> DKQUEUE=/var/qmail/bin/qmail-queue.orig >> DKVERIFY=DEGIJKfh >> DKSIGN=/var/qmail/control/domainkeys/%/private >> >> 06/18/2019 19:32:54 CURRENT CONFIG >> config-file=/etc/spamdyke/spamdyke.conf >> dns-blacklist-entry=zen.spamhaus.org >> full-log-dir=/var/log/spamdyke >> graylist-dir=/var/spamdyke/graylist >> graylist-max-secs=2678400 >> graylist-min-secs=180 >> header-blacklist-entry=From:*>,*<* >> idle-timeout-secs=600 >> ip-blacklist-file=/etc/spamdyke/blacklist_ip >> ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords >> ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords >> ip-whitelist-file=/etc/spamdyke/whitelist_ip >> log-level=info >> max-recipients=100 >> rdns-blacklist-file=/etc/spamdyke/blacklist_rdns >> rdns-whitelist-file=/etc/spamdyke/whitelist_rdns >> recipient-blacklist-file=/etc/spamdyke/blacklist_recipients >> recipient-whitelist-file=/etc/spamdyke/whitelist_recipients >> reject-empty-rdns=1 >> reject-se
Re: [qmailtoaster] TLS reason: 503_MAIL_first_(#5.5.1)
eric in the spamdyke.conf i can see this tls-certificate-file=/var/qmail/control/servercert.pem also i am using the /var/qmail/control/servercert.pem for domain key signing of outgoing emails. rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 18 Jun 2019 08:52:13 -0600 Subject: So you have spamdyke doing the TLS? On 6/18/2019 8:38 AM, Rajesh M wrote: > Hi > > ISSUE 1 > all of a sudden we are receiving error on one of our servers for one specific > sender domain (sending from microsoft server) > > the sender domain is not able to send emails to the recepient domain on our > server. The email bounces with the following error > encryption: TLS reason: 503_MAIL_first_(#5.5.1) > > 06/18/2019 19:33:16 LOG OUTPUT TLS > DENIED_OTHER from: rethish.n...@sender.com to: nominati...@dxb.recepient.com > origin_ip: 40.107.69.126 origin_rdns: > mail-eopbgr690126.outbound.protection.outlook.com auth: (unknown) encryption: > TLS reason: 503_MAIL_first_(#5.5.1) > 06/18/2019 19:33:16 FROM REMOTE TO CHILD: 6 bytes TLS > QUIT > 06/18/2019 19:33:16 LOG OUTPUT TLS > ERROR(tls_write()@tls.c:678): unable to write to SSL/TLS stream: The > operation failed due to an I/O error, Connection reset by peer > ERROR(output_writeln()@log.c:104): unable to write 27 bytes to file > descriptor 1: Connection reset by peer > 06/18/2019 19:33:16 FROM CHILD TO REMOTE: 27 bytes TLS > 221 ns1.HOSTNAME.com > 06/18/2019 19:33:16 LOG OUTPUT TLS > ERROR(tls_read()@tls.c:620): unable to read from SSL/TLS stream: The > operation failed due to an I/O error, Unexpected EOF found > > 06/18/2019 19:33:16 - TLS ended and closed > > > the error log of spamdyke full-log-dir is give below follows > > > ISSUE 2 > also i noted that spamdyke log mentions as such > reset address space soft limit to infinity: please stop using the softlimit > program > > What exactly does this mean. What is the alternative to prevent large files > should i disable softlimit program in > /usr/bin/softlimit -m 6400 \ > in the smtp run file > > require your kind help in resolving the above 2 issues > > thanks > rajesh > > 06/18/2019 19:32:54 STARTED: VERSION = 5.0.1+TLS+CONFIGTEST+DEBUG, PID = 19829 > > 06/18/2019 19:32:54 CURRENT ENVIRONMENT > PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin > PWD=/var/qmail/supervise/smtp > SHLVL=0 > PROTO=TCP > TCPLOCALIP=103.241.181.154 > TCPLOCALPORT=25 > TCPLOCALHOST=ns1.HOSTNAME.com > TCPREMOTEIP=40.107.69.126 > TCPREMOTEPORT=42264 > BADMIMETYPE= > BADLOADERTYPE=M > QMAILQUEUE=/var/qmail/bin/simscan > CHKUSER_START=ALWAYS > CHKUSER_RCPTLIMIT=50 > CHKUSER_WRONGRCPTLIMIT=10 > NOP0FCHECK=1 > DKQUEUE=/var/qmail/bin/qmail-queue.orig > DKVERIFY=DEGIJKfh > DKSIGN=/var/qmail/control/domainkeys/%/private > > 06/18/2019 19:32:54 CURRENT CONFIG > config-file=/etc/spamdyke/spamdyke.conf > dns-blacklist-entry=zen.spamhaus.org > full-log-dir=/var/log/spamdyke > graylist-dir=/var/spamdyke/graylist > graylist-max-secs=2678400 > graylist-min-secs=180 > header-blacklist-entry=From:*>,*<* > idle-timeout-secs=600 > ip-blacklist-file=/etc/spamdyke/blacklist_ip > ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords > ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords > ip-whitelist-file=/etc/spamdyke/whitelist_ip > log-level=info > max-recipients=100 > rdns-blacklist-file=/etc/spamdyke/blacklist_rdns > rdns-whitelist-file=/etc/spamdyke/whitelist_rdns > recipient-blacklist-file=/etc/spamdyke/blacklist_recipients > recipient-whitelist-file=/etc/spamdyke/whitelist_recipients > reject-empty-rdns=1 > reject-sender=no-mx > reject-sender=authentication-domain-mismatch > reject-unresolvable-rdns=1 > relay-level=normal > sender-blacklist-file=/etc/spamdyke/blacklist_senders > sender-whitelist-file=/etc/spamdyke/whitelist_senders > tls-certificate-file=/var/qmail/control/servercert.pem > > 06/18/2019 19:32:54 - Remote IP = 40.107.69.126 > > 06/18/2019 19:32:54 CURRENT CONFIG > config-file=/etc/spamdyke/spamdyke.conf > dns-blacklist-entry=zen.spamhaus.org > dns-server-ip-primary=8.8.8.8 > full-log-dir=/var/log/spamdyke > graylist-dir=/var/spamdyke/graylist > graylist-max-secs=2678400 > graylist-min-secs=180 > header-blacklist-entry=From:*>,*<* > idle-timeout-secs=600 > ip-blacklist-file=/etc/spamdyke/blacklist_ip > ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords > ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords > ip-whitelist-file=/etc/spamdyke/whitelist_ip > log-level=info > max-recipients=100 > rdns-blacklist-file=/etc/spamdyke
[qmailtoaster] TLS reason: 503_MAIL_first_(#5.5.1)
Hi ISSUE 1 all of a sudden we are receiving error on one of our servers for one specific sender domain (sending from microsoft server) the sender domain is not able to send emails to the recepient domain on our server. The email bounces with the following error encryption: TLS reason: 503_MAIL_first_(#5.5.1) 06/18/2019 19:33:16 LOG OUTPUT TLS DENIED_OTHER from: rethish.n...@sender.com to: nominati...@dxb.recepient.com origin_ip: 40.107.69.126 origin_rdns: mail-eopbgr690126.outbound.protection.outlook.com auth: (unknown) encryption: TLS reason: 503_MAIL_first_(#5.5.1) 06/18/2019 19:33:16 FROM REMOTE TO CHILD: 6 bytes TLS QUIT 06/18/2019 19:33:16 LOG OUTPUT TLS ERROR(tls_write()@tls.c:678): unable to write to SSL/TLS stream: The operation failed due to an I/O error, Connection reset by peer ERROR(output_writeln()@log.c:104): unable to write 27 bytes to file descriptor 1: Connection reset by peer 06/18/2019 19:33:16 FROM CHILD TO REMOTE: 27 bytes TLS 221 ns1.HOSTNAME.com 06/18/2019 19:33:16 LOG OUTPUT TLS ERROR(tls_read()@tls.c:620): unable to read from SSL/TLS stream: The operation failed due to an I/O error, Unexpected EOF found 06/18/2019 19:33:16 - TLS ended and closed the error log of spamdyke full-log-dir is give below follows ISSUE 2 also i noted that spamdyke log mentions as such reset address space soft limit to infinity: please stop using the softlimit program What exactly does this mean. What is the alternative to prevent large files should i disable softlimit program in /usr/bin/softlimit -m 6400 \ in the smtp run file require your kind help in resolving the above 2 issues thanks rajesh 06/18/2019 19:32:54 STARTED: VERSION = 5.0.1+TLS+CONFIGTEST+DEBUG, PID = 19829 06/18/2019 19:32:54 CURRENT ENVIRONMENT PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin PWD=/var/qmail/supervise/smtp SHLVL=0 PROTO=TCP TCPLOCALIP=103.241.181.154 TCPLOCALPORT=25 TCPLOCALHOST=ns1.HOSTNAME.com TCPREMOTEIP=40.107.69.126 TCPREMOTEPORT=42264 BADMIMETYPE= BADLOADERTYPE=M QMAILQUEUE=/var/qmail/bin/simscan CHKUSER_START=ALWAYS CHKUSER_RCPTLIMIT=50 CHKUSER_WRONGRCPTLIMIT=10 NOP0FCHECK=1 DKQUEUE=/var/qmail/bin/qmail-queue.orig DKVERIFY=DEGIJKfh DKSIGN=/var/qmail/control/domainkeys/%/private 06/18/2019 19:32:54 CURRENT CONFIG config-file=/etc/spamdyke/spamdyke.conf dns-blacklist-entry=zen.spamhaus.org full-log-dir=/var/log/spamdyke graylist-dir=/var/spamdyke/graylist graylist-max-secs=2678400 graylist-min-secs=180 header-blacklist-entry=From:*>,*<* idle-timeout-secs=600 ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords ip-whitelist-file=/etc/spamdyke/whitelist_ip log-level=info max-recipients=100 rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns recipient-blacklist-file=/etc/spamdyke/blacklist_recipients recipient-whitelist-file=/etc/spamdyke/whitelist_recipients reject-empty-rdns=1 reject-sender=no-mx reject-sender=authentication-domain-mismatch reject-unresolvable-rdns=1 relay-level=normal sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders tls-certificate-file=/var/qmail/control/servercert.pem 06/18/2019 19:32:54 - Remote IP = 40.107.69.126 06/18/2019 19:32:54 CURRENT CONFIG config-file=/etc/spamdyke/spamdyke.conf dns-blacklist-entry=zen.spamhaus.org dns-server-ip-primary=8.8.8.8 full-log-dir=/var/log/spamdyke graylist-dir=/var/spamdyke/graylist graylist-max-secs=2678400 graylist-min-secs=180 header-blacklist-entry=From:*>,*<* idle-timeout-secs=600 ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords ip-whitelist-file=/etc/spamdyke/whitelist_ip log-level=info max-recipients=100 rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns recipient-blacklist-file=/etc/spamdyke/blacklist_recipients recipient-whitelist-file=/etc/spamdyke/whitelist_recipients reject-empty-rdns=1 reject-sender=no-mx reject-sender=authentication-domain-mismatch reject-unresolvable-rdns=1 relay-level=normal sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders tls-certificate-file=/var/qmail/control/servercert.pem 06/18/2019 19:32:54 - Remote rDNS = mail-eopbgr690126.outbound.protection.outlook.com 06/18/2019 19:32:54 LOG OUTPUT DEBUG(filter_rdns_missing()@filter.c:947): checking for missing rDNS; rdns: mail-eopbgr690126.outbound.protection.outlook.com DEBUG(filter_rdns_whitelist_file()@filter.c:1055): searching rDNS whitelist file(s); rdns: mail-eopbgr690126.outbound.protection.outlook.com DEBUG(filter_rdns_blacklist_file()@filter.c:1159): searching rDNS blacklist file(s); rdns: mail-eopbgr690126.outbound.protection.outlook.com DEBUG(filter_ip_whitelist()@f
Re: [qmailtoaster] dovecot error related to test-compression
hello i am building as a root user on centos version 6.9, 64 bit command that is used rpmbuild --rebuild --define "dist .qt.el6" dovecot-ce-2.3.0-1.qt.el6.src.rpm error that i got make[3]: Leaving directory `/root/rpmbuild/BUILD/dovecot-ce-2.3.0/src/lib-imap-client' make[2]: Leaving directory `/root/rpmbuild/BUILD/dovecot-ce-2.3.0/src/lib-imap-client' Making check in lib-imap-urlauth make[2]: Entering directory `/root/rpmbuild/BUILD/dovecot-ce-2.3.0/src/lib-imap-urlauth' make[2]: Nothing to be done for `check'. make[2]: Leaving directory `/root/rpmbuild/BUILD/dovecot-ce-2.3.0/src/lib-imap-urlauth' Making check in lib-compression make[2]: Entering directory `/root/rpmbuild/BUILD/dovecot-ce-2.3.0/src/lib-compression' make check-local make[3]: Entering directory `/root/rpmbuild/BUILD/dovecot-ce-2.3.0/src/lib-compression' for bin in test-compression; do \ if ! /bin/sh ../../run-test.sh ../.. ./$bin; then exit 1; fi; \ done compression handler gz ... : ok compression handler bz2 .. : ok compression handler deflate .. : ok compression handler xz ... : ok gz concat : ok gz no concat . : ok gz large header .. : ok 0 / 7 tests failed ==639== Conditional jump or move depends on uninitialised value(s) ==639==at 0x3509A0ACB2: ??? (in /usr/lib64/liblzma.so.0.0.0) ==639==by 0x3509A0AEA9: ??? (in /usr/lib64/liblzma.so.0.0.0) ==639==by 0x3509A03121: ??? (in /usr/lib64/liblzma.so.0.0.0) ==639==by 0x3509A061A0: ??? (in /usr/lib64/liblzma.so.0.0.0) ==639==by 0x3509A05212: lzma_easy_encoder (in /usr/lib64/liblzma.so.0.0.0) ==639==by 0x406ACF: o_stream_create_lzma (ostream-lzma.c:206) ==639==by 0x403D89: test_compression_handler (test-compression.c:36) ==639==by 0x4040BD: test_compression (test-compression.c:96) ==639==by 0x408281: test_run_funcs (test-common.c:244) ==639==by 0x4083E0: test_run (test-common.c:315) ==639==by 0x40398B: main (test-compression.c:308) ==639== Failed to run: ./test-compression make[3]: *** [check-local] Error 1 make[3]: Leaving directory `/root/rpmbuild/BUILD/dovecot-ce-2.3.0/src/lib-compression' make[2]: *** [check-am] Error 2 make[2]: Leaving directory `/root/rpmbuild/BUILD/dovecot-ce-2.3.0/src/lib-compression' make[1]: *** [check-recursive] Error 1 make[1]: Leaving directory `/root/rpmbuild/BUILD/dovecot-ce-2.3.0/src' make: *** [check-recursive] Error 1 error: Bad exit status from /var/tmp/rpm-tmp.aUYAhV (%check) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.aUYAhV (%check) @eric : while searching i noted that you got a similar error in Jan 2018. https://www.mail-archive.com/dovecot@dovecot.org/msg72130.html do you recollect how your fixed it ? thanks rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Fri, 12 Oct 2018 15:27:34 -0600 Subject: Are you building as not root user? On 10/12/2018 3:08 PM, Andreas Galatis wrote: > Hi Rajesh, > > what exactly is the error-message? > > > Andreas Galatis > > Computerservice & Datenschutz > > Am 12.10.2018 um 17:00 schrieb Rajesh M: >> hello >> >> i am using centos 6, 64 bit system -- with the latest updates. >> >> i am trying to build a new server with qmailtoaster. >> >> all qmail packages installed successfully. >> >> however i get an error while compiling dovecot using the source rpm related >> to test-compression >> >> i tried this with multiple version of dovecot but still the same error. >> ftp://ftp.whitehorsetc.com/pub/qmail/CentOS6/qmt/srpms/dovecot-2.2.35-19.qt.src.rpm >> upto dovecot-2.2.22-7.qt.src.rpm >> >> i am using qmailtoaster for the past over 8 years on 4 of my servers and >> have always built from source, but all of a sudden facing the above errors >> >> i formatted and reinstalled Centos 3 times but the same error persists. >> >> i wonder what i am missing. >> >> Could you please help. >> >> thanks, >> rajesh >> >> >> >> >> - >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com >> -- Eric Broch White Horse Technical Consulting (WHTC) - To unsubscribe, e-
[qmailtoaster] dovecot error related to test-compression
hello i am using centos 6, 64 bit system -- with the latest updates. i am trying to build a new server with qmailtoaster. all qmail packages installed successfully. however i get an error while compiling dovecot using the source rpm related to test-compression i tried this with multiple version of dovecot but still the same error. ftp://ftp.whitehorsetc.com/pub/qmail/CentOS6/qmt/srpms/dovecot-2.2.35-19.qt.src.rpm upto dovecot-2.2.22-7.qt.src.rpm i am using qmailtoaster for the past over 8 years on 4 of my servers and have always built from source, but all of a sudden facing the above errors i formatted and reinstalled Centos 3 times but the same error persists. i wonder what i am missing. Could you please help. thanks, rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] bayes setup
hello all qmail toaster on centos 6, 64 bit Please advise concerning steps to be followed for implementing bayes. should i follow the steps listed here ? or is there anything specific related specific to qmail toaster https://wiki.apache.org/spamassassin/SiteWideBayesSetup the mail traffic on this server is around 6 emails per day thanks rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Simscan
hi the temporary resolution is as such cd /var/lib/clamav service clamd stop mv daily.cld daily.cld.BAK mv main.cld main.cld.BAK mv bytecode.cld bytecode.cld.BAK also rename any main.cvd daily.cvd bytecode.cvd keep foxhole_all and badmacro.ndb unoffical which handles all kinds of bad attachments (even if they are zipped / archived) / macros. also have spam-assassin with oledb macro plugin. service clamd start with this config you can have simscan working clam will work and stop a major amount of viruses which comes in the form of attachments and macros. rajesh - Original Message - From: Tommi Järvilehto [mailto:tommi.jarvile...@datavahti.fi] To: qmailtoaster-list@qmailtoaster.com Sent: Fri, 26 Jan 2018 17:19:48 +0200 Subject: Same here one of our servers (CentOs6 64bit). CentOS5 and CentOS7 servers currently ok. I disabled now simscan temporarily. On 26.1.2018 16:24, Havrla wrote: > Hi, Eric > > problem = clamav after update (antivir base) > > simscan no problem > > > LOG: > Jan 26 11:24:50 tonda clamd: LibClamAV Error: cli_gentempfd: Can't > create temporary file > /tmp/clamav-4cfa012223685613cbdd51ea20c64a9a.tmp/clamav-696c37f51f984623e21bb7af92cbbf08.tmp: > Too many open files > Jan 26 11:24:50 tonda clamd: LibClamAV Warning: fileblobScan, fullname > == NULL > Jan 26 11:24:50 tonda clamd: LibClamAV Error: fileblobDestroy: unknown > not saved: report to http://bugs.clamav.net > Jan 26 11:24:50 tonda clamd: LibClamAV Error: cli_gentempfd: Can't > create temporary file > /tmp/clamav-4cfa012223685613cbdd51ea20c64a9a.tmp/clamav-576c58385e2b2488934fd90e8c45efa4.tmp: > Too many open files > > > Havrla > > Dne 26.1.2018 v 15:11 Eric Broch napsal(a): >> On 1/26/2018 7:04 AM, Jeff Koch wrote: >>> Hi Eric - we're having massive problems this morning with soft >>> rejects. How do we bypass simscan? I can't find the email in which >>> you explained >>> >>> Jeff > > -- Tommi Järvilehto DataVahti Oy 040 732 8032 - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] how to disable clamav updates
hi all, how to disable clamav updates basically i do not want clamav downloading the daily.cvd and other files automatically i removed the following but in sometime these got automatically updated daily.cld main.cld bytecode.cld mirrors.dat rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Update clamav
chandran are you getting the following error all of a sudden today even ***before*** you update clam ? qmail-smtpd: qq soft reject (mail server temporarily rejected message (#4.3.0)) rajesh - Original Message - From: Chandran Manikandan [mailto:tech2m...@gmail.com] To: qmailtoaster-list@qmailtoaster.com Sent: Fri, 26 Jan 2018 13:02:38 +0800 Subject: Hi Eric, Thank you. I have updated above your link. but i cannot send and receive email and the logs showing below. qmail-smtpd: qq soft reject (mail server temporarily rejected message (#4.3.0)) Please help me to fix this issue my server is down now nobody using email. On Fri, Jan 26, 2018 at 12:50 PM, Eric Brochwrote: > There is clamav-99.2-3 (x86 and x86_64) on the CentOS 6 mirror: > ftp://ftp.qmailtoaster.com/pub/repo/qmt/CentOS/6/current/ > SRPMS/clamav-0.99.2-3.qt.src.rpm & > > ftp://ftp.qmailtoaster.com/pub/repo/qmt/CentOS/6/current/ > i386/clamav-0.99.2-3.qt.el6.i686.rpm > > clamav-99.3 just came out today. I'll get it rolled in the next couple of > days...most likely tomorrow. > > On 1/25/2018 9:29 PM, Chandran Manikandan wrote: > > Dear Friends, > > Clamav is running outdated version in my system when i run the freshclam > today with the below message. > > ClamAV update process started at Fri Jan 26 12:24:24 2018 > WARNING: Your ClamAV installation is OUTDATED! > WARNING: Local version: 0.99.1 Recommended version: 0.99.3 > DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav > > > I am using qmailtoaster in CentOS release 6.7 (Final) 32 bit in one > machine and another machine is CentOS release 6.7 (Final) 64 bit. > > Kindly help me to provide the procedure without affect our existing > packages. > > Both the server is production server. > > Appreciate your help. > > -- > *Thanks,* > *Manikandan.C* > *System Administrator* > > > -- > Eric Broch > White Horse Technical Consulting (WHTC) > > -- *Thanks,* *Manikandan.C* *System Administrator* - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] qq soft reject
hi we are getting qq soft reject on one of our server on random basis this is a busy server around -- 6000 mails in 1 hour during peak hours we disabled both spam and clam ie set spam=no, clam=no but still the error continues till we disable the /var/qmail/simscan from the tcp.smtp softlimit for smtp in the supervise/run file is kept at 100 mb. rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] simscan in ramdisk
hi eric i am creating simscan on ramdisk however there is always 3-4 emails in the folder /var/qmail/simscan how do i transfer these email to the memory based simscan. thanks 'rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: Fwd: Re: [qmailtoaster] dmarc implementation
eric and jaime thank you very much for your help i have dkim, dmarc and simscan on ramdisk implemented. regds rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Wed, 10 Jan 2018 08:32:35 -0700 Subject: dknewkey domain.tld.key 1024 > domain.tld.txt On 1/10/2018 6:51 AM, Rajesh M wrote: > eric > > concerning dkim signing > > i was testing the records for a sample domain i got messages that the "key is > insecure since it is less than 384 characters" > > is it advisable to increase this to 1024 bits ? > > if yes then how do i do that ? > > thanks, > rajesh > > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To:qmailtoaster-list@qmailtoaster.com > Sent: Tue, 9 Jan 2018 17:05:02 -0700 > Subject: > > I'm sure it will, but I don't know how much. > > > On 1/9/2018 9:55 AM, Rajesh M wrote: >> eric >> >> it worked correctly but the dns record generated in the MYDOMAIN.com.txt >> file was not correct ... not sure what i was doing wrong. >> >> i used this >> >> perl -pi -e 's/.key._domainkey//' /var/qmail/control/dkim/otherdomain.com.txt >> >> googled a bit and entered in the following in my zone file >> >> selector = otherdomain.com >> >> _domainkey.otherdomain.com. IN TXT"o=!;r=x...@y.com" >> >> otherdomain.com._domainkey.otherdomain.com. IN TXT "v=DKIM1;k=rsa;p=" >> >> >> Also will changing the qmail-remote file increase the load on the server, >> especially since qmail-remote is no longer a binary ? My servers are quite >> busy. >> >> >> >> >> rajesh >> >> - Original Message - >> From: Eric Broch [mailto:ebr...@whitehorsetc.com] >> To:qmailtoaster-list@qmailtoaster.com >> Sent: Tue, 2 Jan 2018 15:09:34 -0700 >> Subject: >> >> Rajesh, >> >> 1) Yes >> >> 2) tcp.smtp >> >> 127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1" >> :allow,SPFBEHAVIOR="1",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="200",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue.orig",NOP0FCHECK="1",SENDER_NOCHECK="1" >> >> Eric >> >> >> On 1/2/2018 11:20 AM, Rajesh M wrote: >>> Eric >>> >>> 2 questions please >>> >>> Question 1) >>> >>> the default qmail install points the symlink for qmailqueue to qmail-dk >>> >>> which i have changed to >>> >>> qmail-queue -> qmail-queue.orig >>> >>> Do keep the same setting which is >>> >>> qmail-queue -> qmail-queue.orig >>> >>> >>> Question 2) >>> >>> Could you please send me the corresponding settings required in the >>> tcp.smtp file ? >>> >>> thanks, >>> rajesh >>> >>> >>> >>> - Original Message - >>> From: Eric Broch [mailto:ebr...@whitehorsetc.com] >>> To:qmailtoaster-list@qmailtoaster.com >>> Sent: Tue, 2 Jan 2018 08:51:07 -0700 >>> Subject: >>> >>> Hi Rajesh, >>> >>> Thank you! I appreciate your sentiments and hope your New Year brings >>> blessings of health and happiness as well. >>> >>> This is a better link: >>> >>> http://qmailtoaster.org/dkim.html >>> >>> which will show you how to implement per domain. >>> >>> Remember this is only signing messages going out. As of yet there is no >>> dkim checking coming in, I'm looking into that. >>> >>> Eric >>> >>> >>> On 1/2/2018 7:50 AM, Rajesh M wrote: >>>> eric, >>>> >>>> Wish you a wonderful New Year, full of health and happiness. >>>> >>>> I wish to implement dmarc on my qmailtoaster servers >>>> >>>> i am using centos6 64 bit with the latest versions of qmailtoaster >>>> >>>> SPF is already being used on my server >>>> >>>> Concerning dkim, currently my qmail-queue is symlinked to >>>> qmail-queue.orig and not pointing to qmail-dk >>>> >>>> qmail-queue -> qmail-queue.orig >>>> >>>> could you please guide me on the implementation of DMARC >>>> >>>> i am planning to implement this for all the domains in my serve
Re: [qmailtoaster] dmarc implementation
eric concerning dkim signing i was testing the records for a sample domain i got messages that the "key is insecure since it is less than 384 characters" is it advisable to increase this to 1024 bits ? if yes then how do i do that ? thanks, rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 9 Jan 2018 17:05:02 -0700 Subject: I'm sure it will, but I don't know how much. On 1/9/2018 9:55 AM, Rajesh M wrote: > eric > > it worked correctly but the dns record generated in the MYDOMAIN.com.txt file > was not correct ... not sure what i was doing wrong. > > i used this > > perl -pi -e 's/.key._domainkey//' /var/qmail/control/dkim/otherdomain.com.txt > > googled a bit and entered in the following in my zone file > > selector = otherdomain.com > > _domainkey.otherdomain.com. IN TXT "o=!;r=x...@y.com" > > otherdomain.com._domainkey.otherdomain.com. IN TXT "v=DKIM1;k=rsa;p=" > > > Also will changing the qmail-remote file increase the load on the server, > especially since qmail-remote is no longer a binary ? My servers are quite > busy. > > > > > rajesh > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Tue, 2 Jan 2018 15:09:34 -0700 > Subject: > > Rajesh, > > 1) Yes > > 2) tcp.smtp > > 127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1" > :allow,SPFBEHAVIOR="1",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="200",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue.orig",NOP0FCHECK="1",SENDER_NOCHECK="1" > > Eric > > > On 1/2/2018 11:20 AM, Rajesh M wrote: >> Eric >> >> 2 questions please >> >> Question 1) >> >> the default qmail install points the symlink for qmailqueue to qmail-dk >> >> which i have changed to >> >> qmail-queue -> qmail-queue.orig >> >> Do keep the same setting which is >> >> qmail-queue -> qmail-queue.orig >> >> >> Question 2) >> >> Could you please send me the corresponding settings required in the tcp.smtp >> file ? >> >> thanks, >> rajesh >> >> >> >> - Original Message - >> From: Eric Broch [mailto:ebr...@whitehorsetc.com] >> To: qmailtoaster-list@qmailtoaster.com >> Sent: Tue, 2 Jan 2018 08:51:07 -0700 >> Subject: >> >> Hi Rajesh, >> >> Thank you! I appreciate your sentiments and hope your New Year brings >> blessings of health and happiness as well. >> >> This is a better link: >> >> http://qmailtoaster.org/dkim.html >> >> which will show you how to implement per domain. >> >> Remember this is only signing messages going out. As of yet there is no >> dkim checking coming in, I'm looking into that. >> >> Eric >> >> >> On 1/2/2018 7:50 AM, Rajesh M wrote: >>> eric, >>> >>> Wish you a wonderful New Year, full of health and happiness. >>> >>> I wish to implement dmarc on my qmailtoaster servers >>> >>> i am using centos6 64 bit with the latest versions of qmailtoaster >>> >>> SPF is already being used on my server >>> >>> Concerning dkim, currently my qmail-queue is symlinked to qmail-queue.orig >>> and not pointing to qmail-dk >>> >>> qmail-queue -> qmail-queue.orig >>> >>> could you please guide me on the implementation of DMARC >>> >>> i am planning to implement this for all the domains in my server. >>> >>> I saw this link while searching for a solution. >>> >>> https://github.com/qmtoaster/dkim >>> >>> Should i follow these steps as per the above link or would you like >>> recommend some other document. >>> >>> thanks as always, >>> rajesh >>> >>> >>> >>> >>> >>> - >>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com >> >> - >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Eric Broch White Horse Technical Consulting (WHTC) - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] dmarc implementation
eric it worked correctly but the dns record generated in the MYDOMAIN.com.txt file was not correct ... not sure what i was doing wrong. i used this perl -pi -e 's/.key._domainkey//' /var/qmail/control/dkim/otherdomain.com.txt googled a bit and entered in the following in my zone file selector = otherdomain.com _domainkey.otherdomain.com. IN TXT "o=!;r=x...@y.com" otherdomain.com._domainkey.otherdomain.com. IN TXT "v=DKIM1;k=rsa;p=" Also will changing the qmail-remote file increase the load on the server, especially since qmail-remote is no longer a binary ? My servers are quite busy. rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 2 Jan 2018 15:09:34 -0700 Subject: Rajesh, 1) Yes 2) tcp.smtp 127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1" :allow,SPFBEHAVIOR="1",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="200",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue.orig",NOP0FCHECK="1",SENDER_NOCHECK="1" Eric On 1/2/2018 11:20 AM, Rajesh M wrote: > Eric > > 2 questions please > > Question 1) > > the default qmail install points the symlink for qmailqueue to qmail-dk > > which i have changed to > > qmail-queue -> qmail-queue.orig > > Do keep the same setting which is > > qmail-queue -> qmail-queue.orig > > > Question 2) > > Could you please send me the corresponding settings required in the tcp.smtp > file ? > > thanks, > rajesh > > > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Tue, 2 Jan 2018 08:51:07 -0700 > Subject: > > Hi Rajesh, > > Thank you! I appreciate your sentiments and hope your New Year brings > blessings of health and happiness as well. > > This is a better link: > > http://qmailtoaster.org/dkim.html > > which will show you how to implement per domain. > > Remember this is only signing messages going out. As of yet there is no > dkim checking coming in, I'm looking into that. > > Eric > > > On 1/2/2018 7:50 AM, Rajesh M wrote: >> eric, >> >> Wish you a wonderful New Year, full of health and happiness. >> >> I wish to implement dmarc on my qmailtoaster servers >> >> i am using centos6 64 bit with the latest versions of qmailtoaster >> >> SPF is already being used on my server >> >> Concerning dkim, currently my qmail-queue is symlinked to qmail-queue.orig >> and not pointing to qmail-dk >> >> qmail-queue -> qmail-queue.orig >> >> could you please guide me on the implementation of DMARC >> >> i am planning to implement this for all the domains in my server. >> >> I saw this link while searching for a solution. >> >> https://github.com/qmtoaster/dkim >> >> Should i follow these steps as per the above link or would you like >> recommend some other document. >> >> thanks as always, >> rajesh >> >> >> >> >> >> - >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Eric Broch White Horse Technical Consulting (WHTC) - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] dmarc implementation
eric thank you. i will check this out and revert. regds rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 2 Jan 2018 15:09:34 -0700 Subject: Rajesh, 1) Yes 2) tcp.smtp 127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1" :allow,SPFBEHAVIOR="1",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="200",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue.orig",NOP0FCHECK="1",SENDER_NOCHECK="1" Eric On 1/2/2018 11:20 AM, Rajesh M wrote: > Eric > > 2 questions please > > Question 1) > > the default qmail install points the symlink for qmailqueue to qmail-dk > > which i have changed to > > qmail-queue -> qmail-queue.orig > > Do keep the same setting which is > > qmail-queue -> qmail-queue.orig > > > Question 2) > > Could you please send me the corresponding settings required in the tcp.smtp > file ? > > thanks, > rajesh > > > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Tue, 2 Jan 2018 08:51:07 -0700 > Subject: > > Hi Rajesh, > > Thank you! I appreciate your sentiments and hope your New Year brings > blessings of health and happiness as well. > > This is a better link: > > http://qmailtoaster.org/dkim.html > > which will show you how to implement per domain. > > Remember this is only signing messages going out. As of yet there is no > dkim checking coming in, I'm looking into that. > > Eric > > > On 1/2/2018 7:50 AM, Rajesh M wrote: >> eric, >> >> Wish you a wonderful New Year, full of health and happiness. >> >> I wish to implement dmarc on my qmailtoaster servers >> >> i am using centos6 64 bit with the latest versions of qmailtoaster >> >> SPF is already being used on my server >> >> Concerning dkim, currently my qmail-queue is symlinked to qmail-queue.orig >> and not pointing to qmail-dk >> >> qmail-queue -> qmail-queue.orig >> >> could you please guide me on the implementation of DMARC >> >> i am planning to implement this for all the domains in my server. >> >> I saw this link while searching for a solution. >> >> https://github.com/qmtoaster/dkim >> >> Should i follow these steps as per the above link or would you like >> recommend some other document. >> >> thanks as always, >> rajesh >> >> >> >> >> >> - >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Eric Broch White Horse Technical Consulting (WHTC) - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] dmarc implementation
Dan thanks for your detailed reply. i will be testing out the communications in between my multiple mailservers before i go into production. regds rajesh - Original Message - From: Dan McAllister - QMT DNS Admin [mailto:q...@it4soho.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 2 Jan 2018 16:54:39 -0500 Subject: A couple of things: 1) The QMail DKIM solution works well -- EXCEPT when connecting to other QMail DKIM enabled systems, at which point it tends to disallow messages. No one has found a fix for this, to the standard is to keep DKIM turned OFF. 2) DMARC is not a security implementation like SPF or DKIM, it is more of a reporting and admin tool, the former being the original intent. Your DMARC settings tell other servers that they should send reports about failed connects to an email address. That way, should you misconfigure your DKIM or SPF settings and someone starts blocking your messages, you don't have to wait for USERS to complain to know about it! Thus, DMARC is a purely DNS setting -- there is nothing to do in QMail to manage DMARC. If you follow the project lead and leave DKIM turned off, you simply indicate as such in your DMARC setting for your domain. Finally, to my knowledge, only the "Big Guns" have implemented the email-server side of DMARC (that is, the side that generates reports and sends them). Hotmail/MSN/Outlook.com, Gmail, and Yahoo being the ones I've received reports from. I hope this helps Dan -Original Message- From: Rajesh M [mailto:24x7ser...@24x7server.net] Sent: Tuesday, January 2, 2018 1:21 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] dmarc implementation Eric 2 questions please Question 1) the default qmail install points the symlink for qmailqueue to qmail-dk which i have changed to qmail-queue -> qmail-queue.orig Do keep the same setting which is qmail-queue -> qmail-queue.orig Question 2) Could you please send me the corresponding settings required in the tcp.smtp file ? thanks, rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 2 Jan 2018 08:51:07 -0700 Subject: Hi Rajesh, Thank you! I appreciate your sentiments and hope your New Year brings blessings of health and happiness as well. This is a better link: http://qmailtoaster.org/dkim.html which will show you how to implement per domain. Remember this is only signing messages going out. As of yet there is no dkim checking coming in, I'm looking into that. Eric On 1/2/2018 7:50 AM, Rajesh M wrote: > eric, > > Wish you a wonderful New Year, full of health and happiness. > > I wish to implement dmarc on my qmailtoaster servers > > i am using centos6 64 bit with the latest versions of qmailtoaster > > SPF is already being used on my server > > Concerning dkim, currently my qmail-queue is symlinked to > qmail-queue.orig and not pointing to qmail-dk > > qmail-queue -> qmail-queue.orig > > could you please guide me on the implementation of DMARC > > i am planning to implement this for all the domains in my server. > > I saw this link while searching for a solution. > > https://github.com/qmtoaster/dkim > > Should i follow these steps as per the above link or would you like recommend > some other document. > > thanks as always, > rajesh > > > > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: > qmailtoaster-list-h...@qmailtoaster.com -- Eric Broch White Horse Technical Consulting (WHTC) - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] dmarc implementation
Eric 2 questions please Question 1) the default qmail install points the symlink for qmailqueue to qmail-dk which i have changed to qmail-queue -> qmail-queue.orig Do keep the same setting which is qmail-queue -> qmail-queue.orig Question 2) Could you please send me the corresponding settings required in the tcp.smtp file ? thanks, rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 2 Jan 2018 08:51:07 -0700 Subject: Hi Rajesh, Thank you! I appreciate your sentiments and hope your New Year brings blessings of health and happiness as well. This is a better link: http://qmailtoaster.org/dkim.html which will show you how to implement per domain. Remember this is only signing messages going out. As of yet there is no dkim checking coming in, I'm looking into that. Eric On 1/2/2018 7:50 AM, Rajesh M wrote: > eric, > > Wish you a wonderful New Year, full of health and happiness. > > I wish to implement dmarc on my qmailtoaster servers > > i am using centos6 64 bit with the latest versions of qmailtoaster > > SPF is already being used on my server > > Concerning dkim, currently my qmail-queue is symlinked to qmail-queue.orig > and not pointing to qmail-dk > > qmail-queue -> qmail-queue.orig > > could you please guide me on the implementation of DMARC > > i am planning to implement this for all the domains in my server. > > I saw this link while searching for a solution. > > https://github.com/qmtoaster/dkim > > Should i follow these steps as per the above link or would you like recommend > some other document. > > thanks as always, > rajesh > > > > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Eric Broch White Horse Technical Consulting (WHTC) - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] dmarc implementation
eric, Wish you a wonderful New Year, full of health and happiness. I wish to implement dmarc on my qmailtoaster servers i am using centos6 64 bit with the latest versions of qmailtoaster SPF is already being used on my server Concerning dkim, currently my qmail-queue is symlinked to qmail-queue.orig and not pointing to qmail-dk qmail-queue -> qmail-queue.orig could you please guide me on the implementation of DMARC i am planning to implement this for all the domains in my server. I saw this link while searching for a solution. https://github.com/qmtoaster/dkim Should i follow these steps as per the above link or would you like recommend some other document. thanks as always, rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] simcan on ramdisk
hi all, has anyone tried putting the /var/qmail/simscan folder on ramdisk how do i do it incase of centos 6 i was checking out this page and found that it significantly increases performance https://qmail.jms1.net/simscan/ if anyone has done it could you please share the details of how to do it and the performance improvement. thanks rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] chkusr settings
tonino, eric thanks for your help it looks like setting #define CHKUSER_STARTING_VARIABLE "CHKUSER_START" and CHKUSER_START="NONE" compels authentication but will not check for other aspects like valid mx, recpient /sender format etc tcp.smtp (tcp.smtp.587.cdb in my case) needs to be recompiled and qmail has to be restarted. rajesh - Original Message - From: Tonix - Antonio Nati [mailto:to...@interazioni.it] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 19 Sep 2017 11:57:19 +0200 Subject: Rajesh, I don't know which version of chkuser is included in qmailtoaster. Behaviour has changed sometimes. I always tried to configurations stable, but sometimes evolutions lead to a change. So, which is the version in qmailtoaster? About forcing to authenticate, you need the *CHKUSER_EXTRA_MUSTAUTH_VARIABLE* feature, but it exists from 2.0.9. Check documentation in http://opensource.interazioni.it/qmail/chkuser/documentation/chkuser_settings.html. Regards, Tonino Il 19/09/2017 11:39, Rajesh M ha scritto: > Tonino, > > thanks for the detailed information > > just wanted a final clarification > > i require chkuser for smtp authentication purpose only on port 587 for my > customers who need unrestricted email sending with authentication. > > I have compiled a separate cdb file called tcp.smtp.587.cdb exclusively for > port 587. > > in my chkuser_settings.h i have uncommented and recompiled qmailtoaster > > #define CHKUSER_STARTING_VARIABLE "CHKUSER_START" > > so in my tcp.smtp, if i set > > CHKUSER_START="NONE" > > it should allow my customers to authenticate and send out emails without any > chkuser checks other than smtp authentication, right ? > > thanks, > rajesh > > > > will that disable all other aspects for > > > - Original Message - > From: Tonix - Antonio Nati [mailto:to...@interazioni.it] > To: qmailtoaster-list@qmailtoaster.com > Sent: Tue, 19 Sep 2017 09:23:01 +0200 > Subject: > > Eric, > > it looks like I told and wrote wrong instructions (and I remembered > wrong sequences in last reply). > > Let's say there is a potential bug in the application, which I'm seeing > only now, after years. It is not really a code bug. It is that I wrote > something in the code and something different in documentation. > > Logic (in version 2.0.9 of chkuser code) says: > > 1. if CHKUSER_ALWAYS_ON is declared, chkuser is always ON: > starting_value = 1 (this option is not compatible in compilation > with CHKUSER_STARTING_VARIABLE; only one of them may be defined). > 2. if CHKUSER_STARTING_VARIABLE (by default CHKUSER_START) is NOT > declared checkuser works on domain base (starting_value = 0) > 3. if CHKUSER_STARTING_VARIABLE (by default CHKUSER_START) is declared > and NOT assigned, checkuser is disabled (starting_value = -1) > 4. if CHKUSER_STARTING_VARIABLE is declared and assigned AND equal to > ALWAYS, checkuser is always ON (starting_value = 1) > 5. if CHKUSER_STARTING_VARIABLE is declared and assigned AND equal to > DOMAIN, checkuser works on domains base (starting_value = 0) > 6. if CHKUSER_STARTING_VARIABLE is declared and assigned with values > different from ALWAYS and DOMAIN, checkuser works on domains bases > (starting_value = 0) > 7. if CHKUSER_STARTING_VARIABLE (by default CHKUSER_START) is NOT > declared checkuser works on domains base (starting_value = 0) > > So, the real default is chekuser working on domains base. Other options > lead to different behaviours. If you want to disable it, you must > declare a variable and not assign it (not assign it is different than > assigning "" or empty value). > > For a better code and a better usage, it should be (in red the code I > added): > > > > +#if defined CHKUSER_STARTING_VARIABLE > +starting_string = env_get (CHKUSER_STARTING_VARIABLE); > +if (starting_string) { > +if (strcasecmp(starting_string, "ALWAYS") == 0) { > +starting_value = 1; > +} else if (strcasecmp(starting_string, "DOMAIN") == > 0) { > +starting_value = 0; > +} else if (strcasecmp(starting_string, "NONE") == 0) { > +starting_value = -1; > +} > +} else { > +starting_string = ""; > +starting_value = -1; > +} > +#endif > > > > In such a case value "NONE" and absence of variable assign would disable > chkuser. ALWAYS would enab
Re: [qmailtoaster] chkusr settings
> >>> I apologize for the responses that have not been helpful. After >>> looking at the settings (below) from here >>> <http://opensource.interazioni.it/qmail/chkuser/documentation/chkuser_settings.html> >>> and going through the code, I'm convinced that the "NONE" option >>> will not be helpful or do what you expect or what the documentation >>> even states (Tonix, please review): >>> >>> >>> >>> CHKUSER_STARTING_VARIABLE 2.0.5 commented "CHKUSER_START" >>> Sets the variable that must be read, at qmail-smtpd start, in order >>> to understand how to use chkuser for any domain. The variable must >>> be filled with the following values: >>> >>> NONE = chkuser will not work >>> ALWAYS = chkuser will work always >>> DOMAIN = chkuser will work depending on single domain settings >>> >>> Any other value, or a missing value, will disable chkuser. >>> Incompatible with CHKUSER_ALWAYS_ON since 2.0.9 >>> >>> >>> >>> Since you've already defined 'CHKUSER_STARTING_VARIABLE' at compile >>> time in chkuser_settings.h, I think simply leaving the variable >>> CHKUSER_START (null) out of both the run file and the tcp.smtp file >>> you will get what you've been expecting (stop and start qmail of >>> course). The settings section indicates this as well: >>> "Any other value, or a missing value, will disable chkuser." >>> In fact, in my study of the code, I don't think the NONE option does >>> anything. If Tonix is looking at this thread maybe he could help >>> *fingers crossed*. >>> >>> Please let me know how it goes. >>> >>> Eric >>> >>> On 9/18/2017 12:33 PM, Eric Broch wrote: >>>> >>>> Rajesh, >>>> >>>> Can you set this in /var/qmail/supervise/smtp/run >>>> >>>> CHKUSER_START="NONE" >>>> export CHKUSER_START >>>> >>>> exec >>>> /usr/bin/softlimit >>>> >>>> >>>> >>>> On 9/18/2017 12:10 PM, Eric Broch wrote: >>>>> >>>>> Sorry, my mistake, Rajesh, >>>>> >>>>> #define CHKUSER_STARTING_VARIABLE "CHKUSER_START" >>>>> >>>>> sets CHKUSER_STARTING_VARIABLE to CHKUSER_START >>>>> >>>>> >>>>> On 9/18/2017 11:53 AM, Eric Broch wrote: >>>>>> >>>>>> Rajesh, >>>>>> >>>>>> In the code there is no check for 'CHKUSER_START' but there is >>>>>> for 'CHKUSER_STARTING_VARIABLE'. So, in tcp.smtp use >>>>>> 'CHKUSER_STARTING_VARIABLE' like so: >>>>>> >>>>>> CHKUSER_STARTING_VARIABLE="NONE" >>>>>> >>>>>> then stop and start qmail. >>>>>> >>>>>> Here's the code and the environment variable chkuser checks: >>>>>> >>>>>> >>>>>> >>>>>> starting_string = env_get (CHKUSER_STARTING_VARIABLE); >>>>>> if (starting_string) { >>>>>> if (strcasecmp(starting_string, "ALWAYS") == 0) { >>>>>> starting_value = 1; >>>>>> } else if (strcasecmp(starting_string, "DOMAIN") >>>>>> == 0) { >>>>>> starting_value = 0; >>>>>> } >>>>>> } else { >>>>>> starting_string = ""; >>>>>> starting_value = -1; >>>>>> } >>>>>> >>>>>> >>>>>> >>>>>> Eric >>>>>> >>>>>> On 9/18/2017 11:38 AM, Eric Broch wrote: >>>>>>> Sorry to ask this, but did you restart qmail after the change? >>>>>>> >>>>>>> On 9/18/2017 8:52 AM, Rajesh M wrote: >>>>>>>> hi eric >>>>>>>> >>>>>>>> i wished to disable chkusr mx check, format check etc .. and turn off >>>>>>>> chkuser using CHKUSER_START="NONE" >>>>>>>> >>>>>>>> the defaul
[qmailtoaster] chkusr settings
hi eric i wished to disable chkusr mx check, format check etc .. and turn off chkuser using CHKUSER_START="NONE" the default installation of qmail always keeps chkuser on with no control so i rebuild chkuser from source CHANGES FOR CHK USER EXTRA SOURCE FROM RPM rpm -Uvh qmail-1.03-1.qt.src.rpm nano /root/rpmbuild/SPECS/qmail.spec put a sleep in this for 120 seconds open 2nd window of ssh service qmail stop in first window run rpmbuild -bb --define "dist .qt.el6" qmail.spec the process will now for halt for 180 seconds which gives us time to modify chkuser_settings.h settings in second window go to cd /root/rpmbuild/BUILD/qmail-1.03 nano chkuser_settings.h UNCOMMENT THIS #define CHKUSER_STARTING_VARIABLE "CHKUSER_START" comment out the following /* #define CHKUSER_RCPT_MX */ /* #define CHKUSER_ENABLE_USERS_EXTENSIONS */ /* #define CHKUSER_USERS_DASH '-' */ now the problem is that even if I set CHKUSER_START="NONE" i get errors here is my tcp.smtp file for submission port (i use separate tcp.smtp files for 25 and 587) :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_START="NONE" i still get errors as such 2017-09-18 11:48:08.810159500 CHKUSER rejected rcpt: from <a.muruga...@mycustomer.com:a.muruga...@mycustomer.com:> remote rcpt <slncubm...@domain1.com> : max number of recipients 2017-09-18 11:48:09.894092500 CHKUSER rejected intrusion: from <a.muruga...@mycustomer.com:a.muruga...@mycustomer.com:> remote rcpt <sreecharanbank@domain2> : rcpt ignored, session over intrusion threshold 2017-09-18 11:48:11.226284500 CHKUSER rejected intrusion: from <a.muruga...@mycustomer.com:a.muruga...@mycustomer.com:> remote rcpt <sreekumarga...@gmail.com> : rcpt ignored, session over intrusion threshold help required please rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] simcontrol logic
hi these are my entries in the simcontrol file mycustomerdomain.com:clam=yes,spam=no mydomain.com:clam=yes,spam=yes,spam_hits=20,spam_passthru=yes :clam=yes,spam=yes,spam_hits=8,spam_passthru=yes,attach=.ace:.arc:.arj:.b64:.bat:.bhx:.cab my requirement is that mydomain.com should have a spam_hits=20 and mycustomerdomain.com should not be scanned by spamassassin at all however noted that mycustomerdomain.com is always scanned by spamassassin. the only way to prevent mycustomerdomain.com from being scanned is to remove the entry mydomain.com help required please thanks rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] chkusr and spamdyke
thanks eric rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Thu, 14 Sep 2017 00:04:55 -0600 Subject: It looks like you'll need to download the spamdyke source and compile it as follows: 1) ./configure --with-vpopmail-support VALIAS_PATH=/path/to/valias VUSERINFO_PATH=/path/to/vuserinfo 2) make 3) make install 4) vi /etc/spamdyke/spamdyke.conf (Add) recipient-validation-command=/path/to/spamdyke-qrv I'd ask on the spamdyke mailing list to make sure. Also, qmail needs to be recompiled to disable chkuser. On 9/13/2017 9:59 PM, Rajesh M wrote: > Hi > > noted that spamdyke is checking port 25 for the number of emails in one > session, mx dns, etc > > lot of duplicate functions between spamdyke and chkusr > > is there any reason to continue keeping chkusr ? > > can spamdyke also handle cases when emails from outside are sent to > non-exiting recipients ? > > thanks > rajesh > > > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] chkusr and spamdyke
Hi noted that spamdyke is checking port 25 for the number of emails in one session, mx dns, etc lot of duplicate functions between spamdyke and chkusr is there any reason to continue keeping chkusr ? can spamdyke also handle cases when emails from outside are sent to non-exiting recipients ? thanks rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] update error : dovecot-2.2.29.1-15.qt.src.rpm
eric only openssl openssl-devel shows up for updates i carried out updates on my test server and there were no issues will try on my production during the weekend and revert. thanks rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Wed, 6 Sep 2017 10:10:45 -0600 Subject: Rajesh, I can't be sure whether it would break anything, or not; although, I've only had an update cause issues only once that I remember. At that time all I had to do was restart mariadb server. You could do a 'yum update openssl openssl-devel' and find out what packages would be updated. If it were only the two and issues did occur you could always downgrade easily. Eric On 9/6/2017 9:28 AM, Rajesh M wrote: > any chance this may break anything ? > > rajesh > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Wed, 6 Sep 2017 08:26:39 -0600 > Subject: > > Looks like you have an older version of openssl and openssl-devel on the > > servers that didn't work. > > 1.0.1e-16.el6_5.15 (failed) > > 1.0.1e-48.el6_8.4 (worked) > > can you upgrade? > > > On 9/6/2017 8:16 AM, Rajesh M wrote: >> eric, >> >> >> 152 -- did not work >> crypto-utils 2.4.1-24.2.el6 >> mod_ssl 2.2.15-31.el6.centos >> nss_compat_ossl 0.9.6-1.el6 >> openssl 1.0.1e-16.el6_5.15 >> openssl-devel 1.0.1e-16.el6_5.15 >> perl-Crypt-OpenSSL-Bignum 0.04-8.1.el6 >> perl-Crypt-OpenSSL-Random 0.04-9.1.el6 >> perl-Crypt-OpenSSL-RSA 0.25-10.1.el6 >> perl-IO-Socket-SSL 1.31-2.el6 >> perl-Net-SSLeay 1.35-9.el6 >> >> 154 - did not work >> crypto-utils 2.4.1-24.2.el6 >> mod_ssl 2.2.15-31.el6.centos >> openssl 1.0.1e-16.el6_5.15 >> openssl-devel 1.0.1e-16.el6_5.15 >> perl-Crypt-OpenSSL-Bignum 0.04-8.1.el6 >> perl-Crypt-OpenSSL-Random 0.04-9.1.el6 >> perl-Crypt-OpenSSL-RSA 0.25-10.1.el6 >> perl-IO-Socket-SSL 1.31-2.el6 >> perl-Net-SSLeay 1.35-9.el6 >> >> 137 -- worked >> mod_ssl 2.2.15-54.el6.centos >> nss_compat_ossl 0.9.6-2.el6_7 >> openssl 1.0.1e-48.el6_8.4 >> openssl-devel 1.0.1e-48.el6_8.4 >> perl-Crypt-OpenSSL-Bignum 0.04-8.1.el6 >> perl-Crypt-OpenSSL-Random 0.04-9.1.el6 >> perl-Crypt-OpenSSL-RSA 0.25-10.1.el6 >> perl-Crypt-SSLeay 0.57-17.el6 >> perl-IO-Socket-SSL 1.31-2.el6 >> perl-Net-SSLeay 1.35-9.el6 >> pyOpenSSL 0.13.1-2.el6 >> >> 153 - worked >> crypto-utils 2.4.1-24.2.el6 >> mod_ssl 2.2.15-31.el6.centos >> nss_compat_ossl 0.9.6-1.el6 >> openssl 1.0.1e-48.el6_8.3 >> openssl-devel 1.0.1e-48.el6_8.3 >> perl-Crypt-OpenSSL-Bignum 0.04-8.1.el6 >> perl-Crypt-OpenSSL-Random 0.04-9.1.el6 >> perl-Crypt-OpenSSL-RSA 0.25-10.1.el6 >> perl-Crypt-SSLeay 0.57-16.el6 >> perl-IO-Socket-SSL 1.31-2.el6 >> perl-Net-SSLeay 1.35-9.el6 >> pyOpenSSL 0.10-2.el6 >> >> >> rajesh >> >> - Original Message - >> From: Eric Broch [mailto:ebr...@whitehorsetc.com] >> To: 24x7ser...@24x7server.net >> Sent: Wed, 6 Sep 2017 06:52:45 -0600 >> Subject: >> >> Are those the exact modules on all the servers, the ones that worked and >> the ones that didn't? >> >> >> On 9/6/2017 1:00 AM, Rajesh M wrote: >>> eric >>> >>> these are the ssl related packages i have on my server which fails to >>> compile >>> >>> crypto-utils 2.4.1-24.2.el6 >>> mod_ssl 2.2.15-31.el6.centos >>> nss_compat_ossl 0.9.6-1.el6 >>> openssl 1.0.1e-16.el6_5.15 >>> openssl-devel 1.0.1e-16.el6_5.15 >>> perl-Crypt-OpenSSL-Bignum 0.04-8.1.el6 >>> perl-Crypt-OpenSSL-Random 0.04-9.1.el6 >>> perl-Crypt-OpenSSL-RSA 0.25-10.1.el6 >>> perl-IO-Socket-SSL 1.31-2.el6 >>> perl-Net-SSLeay 1.35-9.el6 >>> >>> thanks >>> rajesh >>> >>> - Original Message - >>> From: Eric Broch [mailto:ebr...@whitehorsetc.com] >>> To: 24x7ser...@24x7server.net >>> Sent: Tue, 5 Sep 2017 21:53:35 -0600 >>> Subject: >>> >>> What other ssl packages do you have. These are on mine. >>> >>> python-backports-ssl_match_hostname-3.4.0.2-5.el6.noarch >>> mod_ssl-2.2.15-60.el6.centos.4.x86_64 >>> openssl-devel-1.0.1e-57.el6.x86_64 >>> openssl-1.0.1e-57.el6.x86_64 >>> >>> >>> On 9/5/2017 7:12 PM, Rajesh M wrote: >>>> on all my servers >>>> >>>> OpenSSL 1.0.1e-fips 11 Feb 2013 >>>> >>>> it compiled
Re: [qmailtoaster] update error : dovecot-2.2.29.1-15.qt.src.rpm
any chance this may break anything ? rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Wed, 6 Sep 2017 08:26:39 -0600 Subject: Looks like you have an older version of openssl and openssl-devel on the servers that didn't work. 1.0.1e-16.el6_5.15 (failed) 1.0.1e-48.el6_8.4 (worked) can you upgrade? On 9/6/2017 8:16 AM, Rajesh M wrote: > eric, > > > 152 -- did not work > crypto-utils 2.4.1-24.2.el6 > mod_ssl 2.2.15-31.el6.centos > nss_compat_ossl 0.9.6-1.el6 > openssl 1.0.1e-16.el6_5.15 > openssl-devel 1.0.1e-16.el6_5.15 > perl-Crypt-OpenSSL-Bignum 0.04-8.1.el6 > perl-Crypt-OpenSSL-Random 0.04-9.1.el6 > perl-Crypt-OpenSSL-RSA 0.25-10.1.el6 > perl-IO-Socket-SSL 1.31-2.el6 > perl-Net-SSLeay 1.35-9.el6 > > 154 - did not work > crypto-utils 2.4.1-24.2.el6 > mod_ssl 2.2.15-31.el6.centos > openssl 1.0.1e-16.el6_5.15 > openssl-devel 1.0.1e-16.el6_5.15 > perl-Crypt-OpenSSL-Bignum 0.04-8.1.el6 > perl-Crypt-OpenSSL-Random 0.04-9.1.el6 > perl-Crypt-OpenSSL-RSA 0.25-10.1.el6 > perl-IO-Socket-SSL 1.31-2.el6 > perl-Net-SSLeay 1.35-9.el6 > > 137 -- worked > mod_ssl 2.2.15-54.el6.centos > nss_compat_ossl 0.9.6-2.el6_7 > openssl 1.0.1e-48.el6_8.4 > openssl-devel 1.0.1e-48.el6_8.4 > perl-Crypt-OpenSSL-Bignum 0.04-8.1.el6 > perl-Crypt-OpenSSL-Random 0.04-9.1.el6 > perl-Crypt-OpenSSL-RSA 0.25-10.1.el6 > perl-Crypt-SSLeay 0.57-17.el6 > perl-IO-Socket-SSL 1.31-2.el6 > perl-Net-SSLeay 1.35-9.el6 > pyOpenSSL 0.13.1-2.el6 > > 153 - worked > crypto-utils 2.4.1-24.2.el6 > mod_ssl 2.2.15-31.el6.centos > nss_compat_ossl 0.9.6-1.el6 > openssl 1.0.1e-48.el6_8.3 > openssl-devel 1.0.1e-48.el6_8.3 > perl-Crypt-OpenSSL-Bignum 0.04-8.1.el6 > perl-Crypt-OpenSSL-Random 0.04-9.1.el6 > perl-Crypt-OpenSSL-RSA 0.25-10.1.el6 > perl-Crypt-SSLeay 0.57-16.el6 > perl-IO-Socket-SSL 1.31-2.el6 > perl-Net-SSLeay 1.35-9.el6 > pyOpenSSL 0.10-2.el6 > > > rajesh > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: 24x7ser...@24x7server.net > Sent: Wed, 6 Sep 2017 06:52:45 -0600 > Subject: > > Are those the exact modules on all the servers, the ones that worked and > the ones that didn't? > > > On 9/6/2017 1:00 AM, Rajesh M wrote: >> eric >> >> these are the ssl related packages i have on my server which fails to compile >> >> crypto-utils 2.4.1-24.2.el6 >> mod_ssl 2.2.15-31.el6.centos >> nss_compat_ossl 0.9.6-1.el6 >> openssl 1.0.1e-16.el6_5.15 >> openssl-devel 1.0.1e-16.el6_5.15 >> perl-Crypt-OpenSSL-Bignum 0.04-8.1.el6 >> perl-Crypt-OpenSSL-Random 0.04-9.1.el6 >> perl-Crypt-OpenSSL-RSA 0.25-10.1.el6 >> perl-IO-Socket-SSL 1.31-2.el6 >> perl-Net-SSLeay 1.35-9.el6 >> >> thanks >> rajesh >> >> - Original Message - >> From: Eric Broch [mailto:ebr...@whitehorsetc.com] >> To: 24x7ser...@24x7server.net >> Sent: Tue, 5 Sep 2017 21:53:35 -0600 >> Subject: >> >> What other ssl packages do you have. These are on mine. >> >> python-backports-ssl_match_hostname-3.4.0.2-5.el6.noarch >> mod_ssl-2.2.15-60.el6.centos.4.x86_64 >> openssl-devel-1.0.1e-57.el6.x86_64 >> openssl-1.0.1e-57.el6.x86_64 >> >> >> On 9/5/2017 7:12 PM, Rajesh M wrote: >>> on all my servers >>> >>> OpenSSL 1.0.1e-fips 11 Feb 2013 >>> >>> it compiled in two servers and it threw the same errors in two server. >>> >>> rajesh >>> >>> >>> >>> >>> - Original Message - >>> From: Eric Broch [mailto:ebr...@whitehorsetc.com] >>> To: 24x7ser...@24x7server.net >>> Sent: Tue, 5 Sep 2017 15:05:45 -0600 >>> Subject: >>> >>> What version of opennssl do you have and what ssl packages do you have? >>> >>> >>> On 9/5/2017 10:13 AM, Rajesh M wrote: >>>> eric >>>> >>>> i am trying to update dovecot to version from >>>> CentOS6/qmt/srpms/updates/dovecot-2.2.29.1-15.qt.src.rpm >>>> >>>> rpmbuild --rebuild --define "dist .qt.el6" dovecot-2.2.29.1-15.qt.src.rpm >>>> >>>> >>>> but getting error as follows on one server only >>>> >>>> make[3]: Leaving directory >>>> `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/quota' >>>> Making check in quota-clone >>>> make[3]: Entering directory >>>> `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/quota-clone' >>>> make[3]: Nothing to be done for `check'. >>
RE: [qmailtoaster] update error : dovecot-2.2.29.1-15.qt.src.rpm
now two of my servers show the same errors centos 6, 64 bit rajesh - Original Message - From: Rajesh M [mailto:24x7ser...@24x7server.net] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 5 Sep 2017 21:43:26 +0530 Subject: eric i am trying to update dovecot to version from CentOS6/qmt/srpms/updates/dovecot-2.2.29.1-15.qt.src.rpm rpmbuild --rebuild --define "dist .qt.el6" dovecot-2.2.29.1-15.qt.src.rpm but getting error as follows on one server only make[3]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/quota' Making check in quota-clone make[3]: Entering directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/quota-clone' make[3]: Nothing to be done for `check'. make[3]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/quota-clone' Making check in imap-quota make[3]: Entering directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/imap-quota' make[3]: Nothing to be done for `check'. make[3]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/imap-quota' Making check in pop3-migration make[3]: Entering directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/pop3-migration' for bin in test-pop3-migration-plugin; do \ if ! ./$bin; then exit 1; fi; \ done pop3 migration get hdr sha1 .. : ok 0 / 1 tests failed make[3]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/pop3-migration' Making check in replication make[3]: Entering directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/replication' make[3]: Nothing to be done for `check'. make[3]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/replication' Making check in snarf make[3]: Entering directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/snarf' make[3]: Nothing to be done for `check'. make[3]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/snarf' Making check in stats make[3]: Entering directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/stats' make[3]: Nothing to be done for `check'. make[3]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/stats' Making check in imap-stats make[3]: Entering directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/imap-stats' make[3]: Nothing to be done for `check'. make[3]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/imap-stats' Making check in mail-crypt make[3]: Entering directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/mail-crypt' for bin in test-mail-global-key test-mail-key; do \ if ! env NOUNDEF=1 ./$bin; then exit 1; fi; \ done try_load_keys : ok test_empty_keyset : ok 0 / 2 tests failed generate user key : ok generate inbox key ... : ok cache reset .. : ok verify keys .. : ok test-mail-key.c:429: Assert failed: mail_crypt_get_private_key(t, mcp_old_box_key_id, FALSE, FALSE, , ) > 0 test: random seed #2 was 2074645272 test-mail-key(root): Error: mail_crypt_get_private_key(7c9a1039ea2e4fed73e81dd3ffc3fa22ea4a28352939adde7bf8ea858b00fa4f) failed: Cannot decrypt key 7c9a1039ea2e4fed73e81dd3ffc3fa22ea4a28352939adde7bf8ea858b00fa4f: error:100AE081:elliptic curve routines:EC_GROUP_new_by_curve_name:unknown group test-mail-key.c:438: Assert failed: privkey != NULL old keys . : FAILED 1 / 5 tests failed make[3]: *** [check-test] Error 1 make[3]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/mail-crypt' make[2]: *** [check-recursive] Error 1 make[2]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins' make[1]: *** [check-recursive] Error 1 make[1]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src' make: *** [check-recursive] Error 1 error: Bad exit status from /var/tmp/rpm-tmp.LDWEGt (%check) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.LDWEGt (%check) thanks rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] update error : dovecot-2.2.29.1-15.qt.src.rpm
eric i am trying to update dovecot to version from CentOS6/qmt/srpms/updates/dovecot-2.2.29.1-15.qt.src.rpm rpmbuild --rebuild --define "dist .qt.el6" dovecot-2.2.29.1-15.qt.src.rpm but getting error as follows on one server only make[3]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/quota' Making check in quota-clone make[3]: Entering directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/quota-clone' make[3]: Nothing to be done for `check'. make[3]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/quota-clone' Making check in imap-quota make[3]: Entering directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/imap-quota' make[3]: Nothing to be done for `check'. make[3]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/imap-quota' Making check in pop3-migration make[3]: Entering directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/pop3-migration' for bin in test-pop3-migration-plugin; do \ if ! ./$bin; then exit 1; fi; \ done pop3 migration get hdr sha1 .. : ok 0 / 1 tests failed make[3]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/pop3-migration' Making check in replication make[3]: Entering directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/replication' make[3]: Nothing to be done for `check'. make[3]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/replication' Making check in snarf make[3]: Entering directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/snarf' make[3]: Nothing to be done for `check'. make[3]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/snarf' Making check in stats make[3]: Entering directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/stats' make[3]: Nothing to be done for `check'. make[3]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/stats' Making check in imap-stats make[3]: Entering directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/imap-stats' make[3]: Nothing to be done for `check'. make[3]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/imap-stats' Making check in mail-crypt make[3]: Entering directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/mail-crypt' for bin in test-mail-global-key test-mail-key; do \ if ! env NOUNDEF=1 ./$bin; then exit 1; fi; \ done try_load_keys : ok test_empty_keyset : ok 0 / 2 tests failed generate user key : ok generate inbox key ... : ok cache reset .. : ok verify keys .. : ok test-mail-key.c:429: Assert failed: mail_crypt_get_private_key(t, mcp_old_box_key_id, FALSE, FALSE, , ) > 0 test: random seed #2 was 2074645272 test-mail-key(root): Error: mail_crypt_get_private_key(7c9a1039ea2e4fed73e81dd3ffc3fa22ea4a28352939adde7bf8ea858b00fa4f) failed: Cannot decrypt key 7c9a1039ea2e4fed73e81dd3ffc3fa22ea4a28352939adde7bf8ea858b00fa4f: error:100AE081:elliptic curve routines:EC_GROUP_new_by_curve_name:unknown group test-mail-key.c:438: Assert failed: privkey != NULL old keys . : FAILED 1 / 5 tests failed make[3]: *** [check-test] Error 1 make[3]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins/mail-crypt' make[2]: *** [check-recursive] Error 1 make[2]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src/plugins' make[1]: *** [check-recursive] Error 1 make[1]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.29.1/src' make: *** [check-recursive] Error 1 error: Bad exit status from /var/tmp/rpm-tmp.LDWEGt (%check) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.LDWEGt (%check) thanks rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: Fwd: Re: [qmailtoaster] qq soft reject errors on high load
eric i did not yet simulate it using your script these are errors in my live production server during peak hours today and there were mails with and without attachments. the max processes i got was 47 only. rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Mon, 4 Sep 2017 11:19:35 -0600 Subject: Did you hit it with email containing attachments as well? On 9/4/2017 10:58 AM, Rajesh M wrote: > eric > > the max i saw was 47 connections using the shell script you gave me. > > there were a few errors related to qq soft reject but they got delivered. > > rajesh > > > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Sat, 2 Sep 2017 12:35:14 -0600 > Subject: > > Rajesh, > > I'm still not sure the process limit is being reached. > > I'm testing a COS6/QMT server now and haven't been able to bring about > 'qq soft reject' or failure of any sort. I'm hitting it with email using > a delivery script from two servers with attachment size of 320KB. > > try the script below (psmem) to monitor: > > > > #!/bin/bash > ps -C $1 -O rss | gawk '{ count ++; sum += $2 }; END {count --; print > "Number of processes =",count; print "Memory usage per process > =",sum/1024/count, "MB"; print "Total memory usage =", sum/1024, "MB" ;};' > > > > # chmod 755 psmem > > # watch -n 1 ./psmem simscan > > > Not sure I should change anything until we figure out what's going on. > > Eric > > > > On 9/2/2017 12:03 PM, Rajesh M wrote: >> eric >> >> i could not get the bash script working with either of the two options. >> still gives error >>line 23: `return-limits': not a valid identifier. >> >> >> >> can the limits issue in simscan be fixed ? >> >> thanks, >> rajesh >> >> - Original Message - >> From: Eric Broch [mailto:ebr...@whitehorsetc.com] >> To:qmailtoaster-list@qmailtoaster.com >> Sent: Fri, 1 Sep 2017 23:46:15 -0600 >> Subject: >> >> Rajesh, >> >> It has something to do with #!/bin/bash or #!/bin/sh. >> >> At top of script, when I use #!/bin/sh I get the same error you do, but >> when I use #!/bin/bash script works fine. >> >> >> Eric >> >> >> On 9/1/2017 11:07 PM, Rajesh M wrote: >>> eric >>> >>> 1) is their any resolution for this issue ? >>> >>> 2) if i run the script it throws error as such >>> . >>> /limits.sh: line 23: `return-limits': not a valid identifier >>> >>> #!/bin/bash >>> if [ "$#" -ne "1" ]; then >>> echo "" >>> echo -e "\033[01;32mLimit checker\033[00m" >>> echo -e "\033[01;37mUsage:\033[01;33m $0 process_name\033[00m" >>> echo "" >>> exit 0 >>> fi >>> >>> return-limits(){ >>> for process in $@; do >>> process_pids=`ps -C $process -o pid --no-headers | cut -d " " -f 2` >>> >>> if [ -z $@ ]; then >>> echo "[no $process running]" >>> else >>> for pid in $process_pids; do >>>echo "[$process #$pid -- limits]" >>>cat /proc/$pid/limits >>> done >>> fi >>> done >>> } >>> return-limits $1 >>> >>> rajesh >>> >>> >>> >>> - Original Message - >>> From: Eric Broch [mailto:ebr...@whitehorsetc.com] >>> To:qmailtoaster-list@qmailtoaster.com >>> Sent: Fri, 1 Sep 2017 17:28:40 -0600 >>> Subject: >>> >>> I sent myself a large file so that I could examine simscan with the >>> below script (limits.sh). Here's the output: >>> >>> [root@pet105 simscan-1.4.0]# ./limits simscan >>> [simscan #31535 -- limits] >>> Limit   >>>    >>>    >>>    >>>    >>>    >>>   Soft LimitÂÃ
Re: Fwd: Re: [qmailtoaster] qq soft reject errors on high load
eric i got 3 types of errors like earlier. failure to fork, ripmime and /var/qmail/simscan/1simscan: check_spam had an error ret: -1 what exactly would be /var/qmail/simscan/1simscan ... there is no such file do want me to send you a few of my log files directly to your email id ? rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Mon, 4 Sep 2017 11:19:04 -0600 Subject: What kind of qq soft reject errors were there? Failure to fork or ripmime? On 9/4/2017 10:58 AM, Rajesh M wrote: > eric > > the max i saw was 47 connections using the shell script you gave me. > > there were a few errors related to qq soft reject but they got delivered. > > rajesh > > > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Sat, 2 Sep 2017 12:35:14 -0600 > Subject: > > Rajesh, > > I'm still not sure the process limit is being reached. > > I'm testing a COS6/QMT server now and haven't been able to bring about > 'qq soft reject' or failure of any sort. I'm hitting it with email using > a delivery script from two servers with attachment size of 320KB. > > try the script below (psmem) to monitor: > > > > #!/bin/bash > ps -C $1 -O rss | gawk '{ count ++; sum += $2 }; END {count --; print > "Number of processes =",count; print "Memory usage per process > =",sum/1024/count, "MB"; print "Total memory usage =", sum/1024, "MB" ;};' > > > > # chmod 755 psmem > > # watch -n 1 ./psmem simscan > > > Not sure I should change anything until we figure out what's going on. > > Eric > > > > On 9/2/2017 12:03 PM, Rajesh M wrote: >> eric >> >> i could not get the bash script working with either of the two options. >> still gives error >>line 23: `return-limits': not a valid identifier. >> >> >> >> can the limits issue in simscan be fixed ? >> >> thanks, >> rajesh >> >> - Original Message - >> From: Eric Broch [mailto:ebr...@whitehorsetc.com] >> To:qmailtoaster-list@qmailtoaster.com >> Sent: Fri, 1 Sep 2017 23:46:15 -0600 >> Subject: >> >> Rajesh, >> >> It has something to do with #!/bin/bash or #!/bin/sh. >> >> At top of script, when I use #!/bin/sh I get the same error you do, but >> when I use #!/bin/bash script works fine. >> >> >> Eric >> >> >> On 9/1/2017 11:07 PM, Rajesh M wrote: >>> eric >>> >>> 1) is their any resolution for this issue ? >>> >>> 2) if i run the script it throws error as such >>> . >>> /limits.sh: line 23: `return-limits': not a valid identifier >>> >>> #!/bin/bash >>> if [ "$#" -ne "1" ]; then >>> echo "" >>> echo -e "\033[01;32mLimit checker\033[00m" >>> echo -e "\033[01;37mUsage:\033[01;33m $0 process_name\033[00m" >>> echo "" >>> exit 0 >>> fi >>> >>> return-limits(){ >>> for process in $@; do >>> process_pids=`ps -C $process -o pid --no-headers | cut -d " " -f 2` >>> >>> if [ -z $@ ]; then >>> echo "[no $process running]" >>> else >>> for pid in $process_pids; do >>>echo "[$process #$pid -- limits]" >>>cat /proc/$pid/limits >>> done >>> fi >>> done >>> } >>> return-limits $1 >>> >>> rajesh >>> >>> >>> >>> - Original Message - >>> From: Eric Broch [mailto:ebr...@whitehorsetc.com] >>> To:qmailtoaster-list@qmailtoaster.com >>> Sent: Fri, 1 Sep 2017 17:28:40 -0600 >>> Subject: >>> >>> I sent myself a large file so that I could examine simscan with the >>> below script (limits.sh). Here's the output: >>> >>> [root@pet105 simscan-1.4.0]# ./limits simscan >>> [simscan #31535 -- limits] >>> Limit   >>>    >>>    >>>    >>>    >>>   Ãââ
RE: Fwd: Re: [qmailtoaster] qq soft reject errors on high load
eric the max i saw was 47 connections using the shell script you gave me. there were a few errors related to qq soft reject but they got delivered. rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Sat, 2 Sep 2017 12:35:14 -0600 Subject: Rajesh, I'm still not sure the process limit is being reached. I'm testing a COS6/QMT server now and haven't been able to bring about 'qq soft reject' or failure of any sort. I'm hitting it with email using a delivery script from two servers with attachment size of 320KB. try the script below (psmem) to monitor: #!/bin/bash ps -C $1 -O rss | gawk '{ count ++; sum += $2 }; END {count --; print "Number of processes =",count; print "Memory usage per process =",sum/1024/count, "MB"; print "Total memory usage =", sum/1024, "MB" ;};' # chmod 755 psmem # watch -n 1 ./psmem simscan Not sure I should change anything until we figure out what's going on. Eric On 9/2/2017 12:03 PM, Rajesh M wrote: > eric > > i could not get the bash script working with either of the two options. still > gives error > line 23: `return-limits': not a valid identifier. > > > > can the limits issue in simscan be fixed ? > > thanks, > rajesh > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To:qmailtoaster-list@qmailtoaster.com > Sent: Fri, 1 Sep 2017 23:46:15 -0600 > Subject: > > Rajesh, > > It has something to do with #!/bin/bash or #!/bin/sh. > > At top of script, when I use #!/bin/sh I get the same error you do, but > when I use #!/bin/bash script works fine. > > > Eric > > > On 9/1/2017 11:07 PM, Rajesh M wrote: >> eric >> >> 1) is their any resolution for this issue ? >> >> 2) if i run the script it throws error as such >> . >> /limits.sh: line 23: `return-limits': not a valid identifier >> >> #!/bin/bash >> if [ "$#" -ne "1" ]; then >> echo "" >> echo -e "\033[01;32mLimit checker\033[00m" >> echo -e "\033[01;37mUsage:\033[01;33m $0 process_name\033[00m" >> echo "" >> exit 0 >> fi >> >> return-limits(){ >> for process in $@; do >> process_pids=`ps -C $process -o pid --no-headers | cut -d " " -f 2` >> >> if [ -z $@ ]; then >>echo "[no $process running]" >> else >>for pid in $process_pids; do >> echo "[$process #$pid -- limits]" >> cat /proc/$pid/limits >> done >> fi >> done >> } >> return-limits $1 >> >> rajesh >> >> >> >> - Original Message - >> From: Eric Broch [mailto:ebr...@whitehorsetc.com] >> To:qmailtoaster-list@qmailtoaster.com >> Sent: Fri, 1 Sep 2017 17:28:40 -0600 >> Subject: >> >> I sent myself a large file so that I could examine simscan with the >> below script (limits.sh). Here's the output: >> >> [root@pet105 simscan-1.4.0]# ./limits simscan >> [simscan #31535 -- limits] >> Limit        >>         >>     Soft Limit   >>        Hard >> Limit        >>   Units >> Max cpu time       >>       unlimited >> unlimited       >>     seconds >> Max file size       >>      unlimited unlimited >>         >>   bytes >> Max data size       >>      unlimited unlimited >>         >>   bytes >> Max stack size 10485760 unlimited    >>        bytes >> Max core file size     ÂÂÂ
Re: [qmailtoaster] using dovecot seive
remo everything is working fine, thanks there was no error only some fine tuning since the mail_location was not specified dovecot was searching for various types of locations in a sequence https://wiki.dovecot.org/MailLocation once we specified the same then dovecot directly looked into the Maildir only rajesh - Original Message - From: Remo Mattei [mailto:r...@mattei.org] To: qmailtoaster-list@qmailtoaster.com Sent: Sun, 3 Sep 2017 20:26:04 -0700 Subject: I thought you had it working. What’s happening now ? Inviato da iPhone Il giorno 03 set 2017, alle ore 19:46, Eric Broch <ebr...@whitehorsetc.com> ha scritto: Rajesh, I don't touch anything in conf.d. All my settings are in /etc/dovecot/toaster.conf and /etc/dovecot/local.conf. Anything in these files overrides anything in /etc/dovecot/conf.d. I put mail_location in the local.conf file. # 2.2.29.1 (e0b76e3): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.18 (29cc74d) # OS: Linux 2.6.32-642.13.1.el6.x86_64 x86_64 CentOS release 6.9 (Final) auth_cache_size = 32 M auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes disable_plaintext_auth = no first_valid_uid = 89 listen = * log_path = /var/log/dovecot.log login_greeting = Dovecot toaster ready. mail_location = maildir:~/Maildir mail_max_userip_connections = 20 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = create special_use = \Junk } mailbox Sent { auto = create special_use = \Sent } mailbox "Sent Items" { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } mailbox spam { auto = subscribe special_use = \Junk } prefix = separator = . type = private } passdb { args = cache_key=%u%r webmail=127.0.0.1 driver = vpopmail } plugin { quota = maildir sieve = ~/.dovecot.sieve sieve_dir = ~/.sieve } protocols = imap pop3 sieve service imap-login { service_count = 0 } service managesieve-login { inet_listener sieve { port = 4190 } } ssl_cert = -<%e> :: Subject:<%s> :: Status:<%$> :: MsgID:<%m> :: Size<%p> :: vSize<%w> info_log_path = /var/log/dovecot-lda/lda.log log_path = /var/log/dovecot-lda/lda-err.log mail_debug = yes mail_plugins = " sieve" } Eric > On 9/3/2017 8:37 PM, Rajesh M wrote: > eric > > could you please let me know where you specified the mail_location > > i am using the configurations as specified by remo, excepting that i have > added the debugging for lda > > if you could send me your dovecot -n it would be great. > > thanks > rajesh > > > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Sun, 3 Sep 2017 16:14:59 -0600 > Subject: > > It worked for me, and ended the sdbox and mdbox failed access errors. > > On 9/3/2017 1:40 PM, Rajesh M wrote: >> eric >> >> i got the dovecot lda working in production. i saw this in the log files >> >> as per the dovecot docs dovecot searchs in a sequence mdbox, sdbox and then >> Maildir (as per lda logs below) >> >> so should i specify the mail_location ? >> mail_location = maildir:~/Maildir >> >> https://wiki2.dovecot.org/MailLocation/Maildir >> >> Sep 04 00:01:28 lda(n...@xxx.com): Debug: Quota grace: root=ignore=Trash >> bytes=0 (10%) >> Sep 04 00:01:28 lda(n...@xxx.com): Debug: Namespace : type=private, prefix=, >> sep=., inbox=yes, hidden=no, list=yes, subscriptions=yes location= >> Sep 04 00:01:28 lda(n...@xxx.com): Debug: mdbox: >> access(/home/vpopmail/domains/xxx.com/noc/mdbox, rwx): failed: No such file >> or directory >> Sep 04 00:01:28 lda(n...@xxx.com): Debug: mdbox: couldn't find root dir >> Sep 04 00:01:28 lda(n...@xxx.com): Debug: sdbox: >> access(/home/vpopmail/domains/xxx.com/noc/sdbox, rwx): failed: No such file >> or directory >> Sep 04 00:01:28 lda(n...@xxx.com): Debug: sdbox: couldn't find root dir >> Sep 04 00:01:28 lda(n...@xxx.com): Debug: maildir: root exists >> (/home/vpopmail/domains/xxx.com/noc/Maildir) >> Sep 04 00:01:28 lda(n...@xxx.com): Debug: maildir++: >> root=/home/vpopmail/domains/xxx.com/noc/Maildir, index=, indexpvt=, >> control=, inbox=/home/v$ >> Sep 04 00:01:28 lda(n...@xxx.com): Debug: Quota root: name=ignore=Trash >> bac
Re: [qmailtoaster] using dovecot seive
eric could you please let me know where you specified the mail_location i am using the configurations as specified by remo, excepting that i have added the debugging for lda if you could send me your dovecot -n it would be great. thanks rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Sun, 3 Sep 2017 16:14:59 -0600 Subject: It worked for me, and ended the sdbox and mdbox failed access errors. On 9/3/2017 1:40 PM, Rajesh M wrote: > eric > > i got the dovecot lda working in production. i saw this in the log files > > as per the dovecot docs dovecot searchs in a sequence mdbox, sdbox and then > Maildir (as per lda logs below) > > so should i specify the mail_location ? > mail_location = maildir:~/Maildir > > https://wiki2.dovecot.org/MailLocation/Maildir > > Sep 04 00:01:28 lda(n...@xxx.com): Debug: Quota grace: root=ignore=Trash > bytes=0 (10%) > Sep 04 00:01:28 lda(n...@xxx.com): Debug: Namespace : type=private, prefix=, > sep=., inbox=yes, hidden=no, list=yes, subscriptions=yes location= > Sep 04 00:01:28 lda(n...@xxx.com): Debug: mdbox: > access(/home/vpopmail/domains/xxx.com/noc/mdbox, rwx): failed: No such file > or directory > Sep 04 00:01:28 lda(n...@xxx.com): Debug: mdbox: couldn't find root dir > Sep 04 00:01:28 lda(n...@xxx.com): Debug: sdbox: > access(/home/vpopmail/domains/xxx.com/noc/sdbox, rwx): failed: No such file > or directory > Sep 04 00:01:28 lda(n...@xxx.com): Debug: sdbox: couldn't find root dir > Sep 04 00:01:28 lda(n...@xxx.com): Debug: maildir: root exists > (/home/vpopmail/domains/xxx.com/noc/Maildir) > Sep 04 00:01:28 lda(n...@xxx.com): Debug: maildir++: > root=/home/vpopmail/domains/xxx.com/noc/Maildir, index=, indexpvt=, control=, > inbox=/home/v$ > Sep 04 00:01:28 lda(n...@xxx.com): Debug: Quota root: name=ignore=Trash > backend=maildir args= > Sep 04 00:01:28 lda(n...@xxx.com): Debug: Quota rule: root=ignore=Trash > mailbox=? bytes=0 messages=0 > Sep 04 00:01:28 lda(n...@xxx.com): Debug: Quota grace: root=ignore=Trash > bytes=0 (10%) > > rajesh > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Thu, 31 Aug 2017 19:35:30 -0600 > Subject: > > Hi Rajesh, > > I'm not sure if you've gotten this working yet. I tried some > experimentation and I got this working on my host albeit that roundcube > created my files and directories under the user. > > Notice especially the 'tmp' directory under ~/.sieve, you may need > it...not sure. Anyway here's everything I did. > > # ls -la /home/vpopmail/domains/mydomain.com/user/ > total 24 > drwx-- 4 vpopmail vchkpw 4096 Aug 31 19:11 . > drwx-- 5 vpopmail vchkpw 4096 Aug 31 19:06 .. > -rw--- 1 vpopmail vchkpw 300 Aug 31 19:11 .dovecot.lda-dupes > lrwxrwxrwx 1 vpopmail vchkpw  22 Aug 31 07:16 .dovecot.sieve -> > .sieve/roundcube.sieve > -rw--- 1 vpopmail vchkpw 278 Aug 31 19:09 .dovecot.svbin > drwx-- 14 vpopmail vchkpw 4096 Aug 31 19:13 Maildir > drwx-- 3 vpopmail vchkpw 4096 Aug 31 19:08 .sieve > > -- > > # ls -la /home/vpopmail/domains/mydomain.com/user/.sieve > total 16 > drwx-- 3 vpopmail vchkpw 4096 Aug 31 19:08 . > drwx-- 4 vpopmail vchkpw 4096 Aug 31 19:11 .. > -rw--- 1 vpopmail vchkpw 120 Aug 31 19:08 roundcube.sieve > drwx-- 2 vpopmail vchkpw 4096 Aug 31 19:08 tmp > > -- > > # cat /home/vpopmail/domains/mydomain.com/user/.dovecot.sieve > # rule:[ToUserOtherDomain] > if header :contains "from" "u...@mydomain2.com" > { >        redirect "u...@myotherdomain.com"; > } > > -- > > It all came out in the log file /var/log/dovecot-lda/lda.log correctly > > ------ > > Dovecot settings: /etc/dovecot/local.conf : > > protocol lda { >  mail_debug=yes >  mail_plugins = $mail_plugins sieve >  deliver_log_format = From:<%f>-<%e> :: Subject:<%s> :: Status:<%$> :: > MsgID:<%m> :: Size<%p> :: vSize<%w> >  log_path = /var/log/dovecot-lda/lda-err.log >  info_log_path = /var/log/dovecot-lda/lda.log >  #postmaster_address = postmaster@ > } > plugin { >      sieve = ~/.dovecot.sieve >      sieve_dir = ~/.sieve > } > >
Re: [qmailtoaster] qq soft reject errors on high load
eric the logs are not in that simscan directory.. they re in the /var/log which is also in the same partition. the files in the ls -l /var/qmail/simscan are temp ones which keep coming and going rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Sun, 3 Sep 2017 13:13:47 -0600 Subject: Rajesh, Those shouldn't be log files in that directory, but directories of this form... [root@mail ~]# ls -l /var/qmail/simscan total 7 drwxr-x--- 2 clamav vchkpw 4096 Apr 12 2016 1460525628.43125.19212 drwxr-x--- 2 clamav vchkpw 4096 Apr 12 2016 1460525917.767516.19248 drwxr-x--- 2 clamav vchkpw 131 Apr 12 2016 1460525934.725762.19262 drwxr-x--- 2 clamav vchkpw 131 Apr 12 2016 1460525934.728000.19263 drwxr-x--- 2 clamav vchkpw 131 Apr 12 2016 1460525934.730011.19264 drwxr-x--- 2 clamav vchkpw 4096 Apr 12 2016 1460525959.679164.19279 drwxr-x--- 2 clamav vchkpw 131 Apr 12 2016 1460525972.624759.19287 in which messages are broken into their respective parts (below)... /var/qmail/simscan/1493074576.527224.5829: total 1472 -rw-r- 1 clamav vchkpw    37 Apr 24 16:56 addr.1493074576.527224.5829 -rw-r- 1 clamav vchkpw 20719 Apr 24 16:56 __If_ -rw-r- 1 clamav vchkpw 846597 Apr 24 16:56 msg.1493074576.527224.5829 -rw-r- 1 clamav vchkpw     0 Apr 24 16:56 textfile0 -rw--- 1 clamav vchkpw  9090 Apr 24 16:56 textfile1 -rw--- 1 clamav vchkpw 47495 Apr 24 16:56 textfile2 -rw--- 1 clamav vchkpw 362496 Apr 24 16:56 WGS-VRV Indoor Units.doc -rw--- 1 clamav vchkpw 203264 Apr 24 16:56 WGS-VRV IV 208-230V Heat Pump.doc for examination. There should be no log files in /var/qmail/simscan and their should be no old files there either. Eric On 9/3/2017 12:54 PM, Rajesh M wrote: > eric > > around 1 gb spare. > > there are a lot of log files. > > rajesh > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Sun, 3 Sep 2017 11:21:24 -0600 > Subject: > > Rajesh, > > How much available space is on the /var/qmail/simscan directory? > > Eric > On 9/3/2017 12:19 AM, Rajesh M wrote: >> eric >> >> i would like to conduct more load intensive tests. >> >> is it possible to provide me the shell script that you use for this purpose. >> >> rajesh > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > > > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] qq soft reject errors on high load
i have over 50 gb of log files which can be deleted rajesh - Original Message - From: Remo Mattei [mailto:r...@mattei.org] To: qmailtoaster-list@qmailtoaster.com Sent: Sun, 3 Sep 2017 12:13:28 -0700 Subject: 1gb is not very much! Il giorno 03 set 2017, alle ore 11:54, Rajesh M <24x7ser...@24x7server.net> ha scritto: eric around 1 gb spare. there are a lot of log files. rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Sun, 3 Sep 2017 11:21:24 -0600 Subject: Rajesh, How much available space is on the /var/qmail/simscan directory? Eric > On 9/3/2017 12:19 AM, Rajesh M wrote: > eric > > i would like to conduct more load intensive tests. > > is it possible to provide me the shell script that you use for this purpose. > > rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] qq soft reject errors on high load
eric around 1 gb spare. there are a lot of log files. rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Sun, 3 Sep 2017 11:21:24 -0600 Subject: Rajesh, How much available space is on the /var/qmail/simscan directory? Eric On 9/3/2017 12:19 AM, Rajesh M wrote: > eric > > i would like to conduct more load intensive tests. > > is it possible to provide me the shell script that you use for this purpose. > > rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] qq soft reject errors on high load
eric i would like to conduct more load intensive tests. is it possible to provide me the shell script that you use for this purpose. rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Sat, 2 Sep 2017 14:04:36 -0600 Subject: My testing was at about 1/2 that rate with 320K attachments, almost double that rate with 1/2 email 320K attachments, and 1/2 email with no attachments. No soft rejects. Ugh!...difficult to troubleshoot if not repeatable. On 9/2/2017 1:36 PM, Rajesh M wrote: > eric > > thanks for the info. the script you sent works > > the server processes roughly around 8 emails per day during week days and > around 80 percent of it comes during around 12 hours. So during peak hours it > is around 8000 emails per hour. > > i will test this out monday morning peak hours and revert. > > thanks > rajesh > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Sat, 2 Sep 2017 12:35:14 -0600 > Subject: > > Rajesh, > > I'm still not sure the process limit is being reached. > > I'm testing a COS6/QMT server now and haven't been able to bring about > 'qq soft reject' or failure of any sort. I'm hitting it with email using > a delivery script from two servers with attachment size of 320KB. > > try the script below (psmem) to monitor: > > > > #!/bin/bash > ps -C $1 -O rss | gawk '{ count ++; sum += $2 }; END {count --; print > "Number of processes =",count; print "Memory usage per process > =",sum/1024/count, "MB"; print "Total memory usage =", sum/1024, "MB" ;};' > > > > # chmod 755 psmem > > # watch -n 1 ./psmem simscan > > > Not sure I should change anything until we figure out what's going on. > > Eric > > > > On 9/2/2017 12:03 PM, Rajesh M wrote: >> eric >> >> i could not get the bash script working with either of the two options. >> still gives error >>line 23: `return-limits': not a valid identifier. >> >> >> >> can the limits issue in simscan be fixed ? >> >> thanks, >> rajesh >> >> - Original Message - >> From: Eric Broch [mailto:ebr...@whitehorsetc.com] >> To:qmailtoaster-list@qmailtoaster.com >> Sent: Fri, 1 Sep 2017 23:46:15 -0600 >> Subject: >> >> Rajesh, >> >> It has something to do with #!/bin/bash or #!/bin/sh. >> >> At top of script, when I use #!/bin/sh I get the same error you do, but >> when I use #!/bin/bash script works fine. >> >> >> Eric >> >> >> On 9/1/2017 11:07 PM, Rajesh M wrote: >>> eric >>> >>> 1) is their any resolution for this issue ? >>> >>> 2) if i run the script it throws error as such >>> . >>> /limits.sh: line 23: `return-limits': not a valid identifier >>> >>> #!/bin/bash >>> if [ "$#" -ne "1" ]; then >>> echo "" >>> echo -e "\033[01;32mLimit checker\033[00m" >>> echo -e "\033[01;37mUsage:\033[01;33m $0 process_name\033[00m" >>> echo "" >>> exit 0 >>> fi >>> >>> return-limits(){ >>> for process in $@; do >>> process_pids=`ps -C $process -o pid --no-headers | cut -d " " -f 2` >>> >>> if [ -z $@ ]; then >>> echo "[no $process running]" >>> else >>> for pid in $process_pids; do >>>echo "[$process #$pid -- limits]" >>>cat /proc/$pid/limits >>> done >>> fi >>> done >>> } >>> return-limits $1 >>> >>> rajesh >>> >>> >>> >>> - Original Message - >>> From: Eric Broch [mailto:ebr...@whitehorsetc.com] >>> To:qmailtoaster-list@qmailtoaster.com >>> Sent: Fri, 1 Sep 2017 17:28:40 -0600 >>> Subject: >>> >>> I sent myself a large file so that I could examine simscan with the >>> below script (limits.sh). Here's the output: >>> >>> [root@pet105 simscan-1.4.0]# ./limits simscan >>> [simscan #31535 -- limits] >>> Limit   >>>    >>>    >>>  ÃÃ
RE: Fwd: Re: [qmailtoaster] qq soft reject errors on high load
eric thanks for the info. the script you sent works the server processes roughly around 8 emails per day during week days and around 80 percent of it comes during around 12 hours. So during peak hours it is around 8000 emails per hour. i will test this out monday morning peak hours and revert. thanks rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Sat, 2 Sep 2017 12:35:14 -0600 Subject: Rajesh, I'm still not sure the process limit is being reached. I'm testing a COS6/QMT server now and haven't been able to bring about 'qq soft reject' or failure of any sort. I'm hitting it with email using a delivery script from two servers with attachment size of 320KB. try the script below (psmem) to monitor: #!/bin/bash ps -C $1 -O rss | gawk '{ count ++; sum += $2 }; END {count --; print "Number of processes =",count; print "Memory usage per process =",sum/1024/count, "MB"; print "Total memory usage =", sum/1024, "MB" ;};' # chmod 755 psmem # watch -n 1 ./psmem simscan Not sure I should change anything until we figure out what's going on. Eric On 9/2/2017 12:03 PM, Rajesh M wrote: > eric > > i could not get the bash script working with either of the two options. still > gives error > line 23: `return-limits': not a valid identifier. > > > > can the limits issue in simscan be fixed ? > > thanks, > rajesh > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To:qmailtoaster-list@qmailtoaster.com > Sent: Fri, 1 Sep 2017 23:46:15 -0600 > Subject: > > Rajesh, > > It has something to do with #!/bin/bash or #!/bin/sh. > > At top of script, when I use #!/bin/sh I get the same error you do, but > when I use #!/bin/bash script works fine. > > > Eric > > > On 9/1/2017 11:07 PM, Rajesh M wrote: >> eric >> >> 1) is their any resolution for this issue ? >> >> 2) if i run the script it throws error as such >> . >> /limits.sh: line 23: `return-limits': not a valid identifier >> >> #!/bin/bash >> if [ "$#" -ne "1" ]; then >> echo "" >> echo -e "\033[01;32mLimit checker\033[00m" >> echo -e "\033[01;37mUsage:\033[01;33m $0 process_name\033[00m" >> echo "" >> exit 0 >> fi >> >> return-limits(){ >> for process in $@; do >> process_pids=`ps -C $process -o pid --no-headers | cut -d " " -f 2` >> >> if [ -z $@ ]; then >>echo "[no $process running]" >> else >>for pid in $process_pids; do >> echo "[$process #$pid -- limits]" >> cat /proc/$pid/limits >> done >> fi >> done >> } >> return-limits $1 >> >> rajesh >> >> >> >> - Original Message - >> From: Eric Broch [mailto:ebr...@whitehorsetc.com] >> To:qmailtoaster-list@qmailtoaster.com >> Sent: Fri, 1 Sep 2017 17:28:40 -0600 >> Subject: >> >> I sent myself a large file so that I could examine simscan with the >> below script (limits.sh). Here's the output: >> >> [root@pet105 simscan-1.4.0]# ./limits simscan >> [simscan #31535 -- limits] >> Limit        >>         >>     Soft Limit   >>        Hard >> Limit        >>   Units >> Max cpu time       >>       unlimited >> unlimited       >>     seconds >> Max file size       >>      unlimited unlimited >>         >>   bytes >> Max data size       >>      unlimited unlimited >>         >>   bytes >> Max stack size 10485760 unlimited   ÂÂ
Re: [qmailtoaster] qq soft reject errors on high load
eric i could not get the bash script working with either of the two options. still gives error line 23: `return-limits': not a valid identifier. can the limits issue in simscan be fixed ? thanks, rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Fri, 1 Sep 2017 23:46:15 -0600 Subject: Rajesh, It has something to do with #!/bin/bash or #!/bin/sh. At top of script, when I use #!/bin/sh I get the same error you do, but when I use #!/bin/bash script works fine. Eric On 9/1/2017 11:07 PM, Rajesh M wrote: > eric > > 1) is their any resolution for this issue ? > > 2) if i run the script it throws error as such > . > /limits.sh: line 23: `return-limits': not a valid identifier > > #!/bin/bash > if [ "$#" -ne "1" ]; then > echo "" > echo -e "\033[01;32mLimit checker\033[00m" > echo -e "\033[01;37mUsage:\033[01;33m $0 process_name\033[00m" > echo "" > exit 0 > fi > > return-limits(){ > for process in $@; do >process_pids=`ps -C $process -o pid --no-headers | cut -d " " -f 2` > >if [ -z $@ ]; then > echo "[no $process running]" >else > for pid in $process_pids; do > echo "[$process #$pid -- limits]" > cat /proc/$pid/limits >done >fi > done > } > return-limits $1 > > rajesh > > > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Fri, 1 Sep 2017 17:28:40 -0600 > Subject: > > I sent myself a large file so that I could examine simscan with the > below script (limits.sh). Here's the output: > > [root@pet105 simscan-1.4.0]# ./limits simscan > [simscan #31535 -- limits] > Limit                  >   Soft Limit          Hard Limit  >         Units > Max cpu time             unlimited > unlimited           seconds > Max file size            unlimited > unlimited           bytes > Max data size            unlimited > unlimited           bytes > Max stack size 10485760 unlimited           > bytes > Max core file size       0 unlimited     >       bytes > Max resident set         unlimited unlimited >           bytes > Max processes 1024 31121             >   processes > Max open files           1024 4096  >               files > Max locked memory        65536 65536    >            bytes > Max address space        unlimited unlimited  >          bytes > Max file locks           unlimited > unlimited           locks > Max pending signals      31121 31121     >           signals > Max msgqueue size        819200 819200   >            bytes > Max nice priority        0      >              0 > Max realtime priority    0         >           0 > Max realtime timeout     unlimited unlimited    >        us > > Notice the 'Max processes' and 'Max stack size', this could very well be > the issue for our simscan failures. > > Eric > > On 9/1/2017 5:20 PM, Eric Broch wrote: >> This looks like a decent script: >> >> >> #!/bin/bash >> if [ "$#" -ne "1" ]; then >> echo "" >> echo -e "\033[01;32mLimit checker\033[00m" >> echo -e "\033[01;37mUsage:\033[01;33m $0 process_name\033[00m" >> echo "" >> exit 0 >> fi >> >> return-limits(){ >> for process in $@; do >>    process_pids=`ps -C $pro
Re: [qmailtoaster] qq soft reject errors on high load
eric 1) is their any resolution for this issue ? 2) if i run the script it throws error as such . /limits.sh: line 23: `return-limits': not a valid identifier #!/bin/bash if [ "$#" -ne "1" ]; then echo "" echo -e "\033[01;32mLimit checker\033[00m" echo -e "\033[01;37mUsage:\033[01;33m $0 process_name\033[00m" echo "" exit 0 fi return-limits(){ for process in $@; do process_pids=`ps -C $process -o pid --no-headers | cut -d " " -f 2` if [ -z $@ ]; then echo "[no $process running]" else for pid in $process_pids; do echo "[$process #$pid -- limits]" cat /proc/$pid/limits done fi done } return-limits $1 rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Fri, 1 Sep 2017 17:28:40 -0600 Subject: I sent myself a large file so that I could examine simscan with the below script (limits.sh). Here's the output: [root@pet105 simscan-1.4.0]# ./limits simscan [simscan #31535 -- limits] Limit                    Soft Limit          Hard Limit          Units Max cpu time             unlimited unlimited           seconds Max file size            unlimited unlimited           bytes Max data size            unlimited unlimited           bytes Max stack size 10485760 unlimited           bytes Max core file size       0 unlimited           bytes Max resident set         unlimited unlimited           bytes Max processes 1024 31121               processes Max open files           1024 4096                files Max locked memory        65536 65536               bytes Max address space        unlimited unlimited           bytes Max file locks           unlimited unlimited           locks Max pending signals      31121 31121               signals Max msgqueue size        819200 819200              bytes Max nice priority        0                   0 Max realtime priority    0                   0 Max realtime timeout     unlimited unlimited           us Notice the 'Max processes' and 'Max stack size', this could very well be the issue for our simscan failures. Eric On 9/1/2017 5:20 PM, Eric Broch wrote: > > This looks like a decent script: > > > #!/bin/bash > if [ "$#" -ne "1" ]; then > echo "" > echo -e "\033[01;32mLimit checker\033[00m" > echo -e "\033[01;37mUsage:\033[01;33m $0 process_name\033[00m" > echo "" > exit 0 > fi > > return-limits(){ > for process in $@; do >    process_pids=`ps -C $process -o pid --no-headers | cut -d " " -f 2` > > if [ -z $@ ]; then > echo "[no $process running]" > else > for pid in $process_pids; do > echo "[$process #$pid -- limits]" >       cat /proc/$pid/limits >    done >    fi >   done > } > > return-limits $1 > > > Example: > # ./limits.sh tcpserver > or > # ./limits.sh simscan > > Eric > > > On 9/1/2017 2:51 PM, Rajesh M wrote: >> eric >> >> how do i check the number of user processes being consumed and by which user >> >> rajesh >> >> - Original Message - >> From: Eric Broch [mailto:ebr...@whitehorsetc.com] >> To:qmailtoaster-list@qmailtoaster.com >> Sent: Fri, 1 Sep 2017 14:25:36 -0600 >> Subject: >> >> Number of user processes. >> >> >> On 9/1/2017 1:57 PM, Rajesh M wrote: >>> eric >>> >>> what is RLIMIT ? is it related to memory ? >>> >>> rajesh >>> >>> - Original Message - >>> From: Eric Broch [mailto:ebr...@whitehorsetc.com] >>> To:qmailtoaster-list@qmailtoaster.com >>> Sent: Fri, 1 Sep 2017 13:25:49 -0600 >>> Subject: >>> >>> Here's a section of code in simscan.c that controls the number of processes. >>> >>> #ifdef HAS_ULIMIT_NPROC >>> /* Set ulimits to prevent hangs if it forks too many processes >>> */ >>> getrlimit(RLIMIT_NPROC, ); >>> limits.rlim_cur = 1024; >>> setrlimit(RLIMIT_NPROC, ); >>> #endif >>> >>> The RLIMIT is set to 1024. >>> >>> I think this may
Re: [qmailtoaster] qq soft reject errors on high load
eric how do i check the number of user processes being consumed and by which user rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Fri, 1 Sep 2017 14:25:36 -0600 Subject: Number of user processes. On 9/1/2017 1:57 PM, Rajesh M wrote: > eric > > what is RLIMIT ? is it related to memory ? > > rajesh > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Fri, 1 Sep 2017 13:25:49 -0600 > Subject: > > Here's a section of code in simscan.c that controls the number of processes. > > #ifdef HAS_ULIMIT_NPROC >  /* Set ulimits to prevent hangs if it forks too many processes */ >  getrlimit(RLIMIT_NPROC, ); >  limits.rlim_cur = 1024; >  setrlimit(RLIMIT_NPROC, ); > #endif > > The RLIMIT is set to 1024. > > I think this may be the issue and would explain why there would be > forking issues with qmail-queue, ripmime, and others. This is in place > to prevent hangs...could be a good thing. > > > On 9/1/2017 1:04 PM, Remo Mattei wrote: >> interesting... >> >> mine was an easy fix by changing the owner and permissions so >> underline has some other triggering to the kernel and how it reads >> those layers. >> >> On 9/1/17 11:18 AM, Eric Broch wrote: >>> 1) Problem forking >>> >>> vfork() is used to execute qmail-queue >>> >>> The error 'simscan: error forking qmail-queue' will happen for either >>> of the following reasons: >>> >>> a) [EAGAIN] >>> The system-wide limit on the total number of processes under >>> execution would be exceeded, or the system-imposed limit on the >>> total number of processes under execution by a single user would >>> be exceeded. >>> b) [ENOMEM] >>> There is insufficient swap space for the new process. >>> >>> >>> On 9/1/2017 11:53 AM, Eric Broch wrote: >>>> Are there any errors in /var/log/messages that correspond? >>>> >>>> >>>> On 9/1/2017 11:39 AM, Jeff Koch wrote: >>>>> Eric / Remo / Rajesh - we reported this same problem a number of >>>>> months ago and thought we had fixed it. But alas, it's still with >>>>> us. The good news is that we haven't had any customer complaints. >>>>> I'll be very interested if it can be resolved. >>>>> >>>>> Jeff Koch >>>>> >>>>> >>>>> On 9/1/2017 12:01 PM, Eric Broch wrote: >>>>>> I'm not sure what's going on here. Is this a relatively new >>>>>> phenomenon? >>>>>> >>>>>> I wonder if it's a memory, or even a disk speed, issue since it >>>>>> only happens at peak hours? >>>>>> >>>>>> I think I'll appy Johannes Weberhofer's patch and put it out there >>>>>> for you...and cross or fingers. >>>>>> >>>>>> >>>>>> On 9/1/2017 6:28 AM, Rajesh M wrote: >>>>>>> remo / eric >>>>>>> >>>>>>> i have still not being able to resolve the qq soft reject error. >>>>>>> >>>>>>> these are my findings >>>>>>> >>>>>>> 1) the errors i see are "error forking qmail-queue" and "ripmime error" >>>>>>> which causes the qq soft reject. >>>>>>> >>>>>>> 2) the max concurrent connections in the logs is around 35. >>>>>>> >>>>>>> 3) These errors come up during peak working hours when the server is >>>>>>> under a load of 4 - 8, and they increase the load even more to over >>>>>>> 10-15. >>>>>>> >>>>>>> 4) i came across this link (not sure if this is related) >>>>>>> https://github.com/qmail/simscan/blob/master/simscan.c >>>>>>> >>>>>>> 5) i can share with you my live smtp logs with simscan debug. >>>>>>> >>>>>>> have extracted some lines below >>>>>>> >>>>>>> >>>>>>> Error forking qmail-queue >>>>>>> >>>>>>> @400059a8fa7b0a2ed1b4 tcpserver: status: 31/200 >>>>>>> @400059a8fa7b13162584 simscan: cdb looking up version spam >>
Re: [qmailtoaster] qq soft reject errors on high load
eric what is RLIMIT ? is it related to memory ? rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Fri, 1 Sep 2017 13:25:49 -0600 Subject: Here's a section of code in simscan.c that controls the number of processes. #ifdef HAS_ULIMIT_NPROC Â /* Set ulimits to prevent hangs if it forks too many processes */ Â getrlimit(RLIMIT_NPROC, ); Â limits.rlim_cur = 1024; Â setrlimit(RLIMIT_NPROC, ); #endif The RLIMIT is set to 1024. I think this may be the issue and would explain why there would be forking issues with qmail-queue, ripmime, and others. This is in place to prevent hangs...could be a good thing. On 9/1/2017 1:04 PM, Remo Mattei wrote: > interesting... > > mine was an easy fix by changing the owner and permissions so > underline has some other triggering to the kernel and how it reads > those layers. > > On 9/1/17 11:18 AM, Eric Broch wrote: >> >> 1)Â Problem forking >> >> vfork() is used to execute qmail-queue >> >> The error 'simscan: error forking qmail-queue' will happen for either >> of the following reasons: >> >> a) [EAGAIN] >> The system-wide limit on the total number of processes under >> execution would be exceeded, or the system-imposed limit on the >> total number of processes under execution by a single user would >> be exceeded. >> b) [ENOMEM] >> There is insufficient swap space for the new process. >> >> >> On 9/1/2017 11:53 AM, Eric Broch wrote: >>> >>> Are there any errors in /var/log/messages that correspond? >>> >>> >>> On 9/1/2017 11:39 AM, Jeff Koch wrote: >>>> >>>> Eric / Remo / Rajesh - we reported this same problem a number of >>>> months ago and thought we had fixed it. But alas, it's still with >>>> us. The good news is that we haven't had any customer complaints. >>>> I'll be very interested if it can be resolved. >>>> >>>> Jeff Koch >>>> >>>> >>>> On 9/1/2017 12:01 PM, Eric Broch wrote: >>>>> >>>>> I'm not sure what's going on here. Is this a relatively new >>>>> phenomenon? >>>>> >>>>> I wonder if it's a memory, or even a disk speed, issue since it >>>>> only happens at peak hours? >>>>> >>>>> I think I'll appy Johannes Weberhofer's patch and put it out there >>>>> for you...and cross or fingers. >>>>> >>>>> >>>>> On 9/1/2017 6:28 AM, Rajesh M wrote: >>>>>> remo / eric >>>>>> >>>>>> i have still not being able to resolve the qq soft reject error. >>>>>> >>>>>> these are my findings >>>>>> >>>>>> 1) the errors i see are "error forking qmail-queue" and "ripmime error" >>>>>> which causes the qq soft reject. >>>>>> >>>>>> 2) the max concurrent connections in the logs is around 35. >>>>>> >>>>>> 3) These errors come up during peak working hours when the server is >>>>>> under a load of 4 - 8, and they increase the load even more to over >>>>>> 10-15. >>>>>> >>>>>> 4) i came across this link (not sure if this is related) >>>>>> https://github.com/qmail/simscan/blob/master/simscan.c >>>>>> >>>>>> 5) i can share with you my live smtp logs with simscan debug. >>>>>> >>>>>> have extracted some lines below >>>>>> >>>>>> >>>>>> Error forking qmail-queue >>>>>> >>>>>> @400059a8fa7b0a2ed1b4 tcpserver: status: 31/200 >>>>>> @400059a8fa7b13162584 simscan: cdb looking up version spam >>>>>> @400059a8fa7b13166bd4 simscan: runned_scanners is attach: 1.4.0 >>>>>> clamav: 0.98.6/m: spam: 3.3.2 >>>>>> @400059a8fa7b13166fbc simscan: found 3.3.2 >>>>>> @400059a8fa7b13168efc simscan:[10757]:CLEAN >>>>>> (5.00/30.00):9.7712s:-Possible Spam- RE_ REQUIRE BOOKING // 1X20 // >>>>>> ICD TKD TO >>>>>> BANDARABASS:103.241.181.228:cs@atlasdecargo.com:rathe...@radiant-india.net >>>>>> @400059a8fa7b1316cd7c simscan: done, execing qmail-queue >>>>>> @400059a8fa7b1316fc5c simscan: error forking qmail-queue >>>>>> @40
Re: [qmailtoaster] qq soft reject errors on high load
jeff could you please let me know the cpu details of your machine is it a dell machine or some other with intel E5 processor ? rajesh - Original Message - From: Jeff Koch [mailto:jeffk...@intersessions.com] To: qmailtoaster-list@qmailtoaster.com Sent: Fri, 1 Sep 2017 13:39:37 -0400 Subject: Eric / Remo / Rajesh - we reported this same problem a number of months ago and thought we had fixed it. But alas, it's still with us. The good news is that we haven't had any customer complaints. I'll be very interested if it can be resolved. Jeff Koch On 9/1/2017 12:01 PM, Eric Broch wrote: > > I'm not sure what's going on here. Is this a relatively new phenomenon? > > I wonder if it's a memory, or even a disk speed, issue since it only > happens at peak hours? > > I think I'll appy Johannes Weberhofer's patch and put it out there for > you...and cross or fingers. > > > On 9/1/2017 6:28 AM, Rajesh M wrote: >> remo / eric >> >> i have still not being able to resolve the qq soft reject error. >> >> these are my findings >> >> 1) the errors i see are "error forking qmail-queue" and "ripmime error" >> which causes the qq soft reject. >> >> 2) the max concurrent connections in the logs is around 35. >> >> 3) These errors come up during peak working hours when the server is under >> a load of 4 - 8, and they increase the load even more to over 10-15. >> >> 4) i came across this link (not sure if this is related) >> https://github.com/qmail/simscan/blob/master/simscan.c >> >> 5) i can share with you my live smtp logs with simscan debug. >> >> have extracted some lines below >> >> >> Error forking qmail-queue >> >> @400059a8fa7b0a2ed1b4 tcpserver: status: 31/200 >> @400059a8fa7b13162584 simscan: cdb looking up version spam >> @400059a8fa7b13166bd4 simscan: runned_scanners is attach: 1.4.0 clamav: >> 0.98.6/m: spam: 3.3.2 >> @400059a8fa7b13166fbc simscan: found 3.3.2 >> @400059a8fa7b13168efc simscan:[10757]:CLEAN >> (5.00/30.00):9.7712s:-Possible Spam- RE_ REQUIRE BOOKING // 1X20 // >> ICD TKD TO >> BANDARABASS:103.241.181.228:cs@atlasdecargo.com:rathe...@radiant-india.net >> @400059a8fa7b1316cd7c simscan: done, execing qmail-queue >> @400059a8fa7b1316fc5c simscan: error forking qmail-queue >> @400059a8fa7b13199854 simscan: exit error code: 71 >> @400059a8fa7b131c4004 qmail-smtpd: qq soft reject (mail server >> temporarily rejected message (#4.3.0)): MAILFROM:<cs@x.com> >> RCPTTO:rathe...@y.net >> >> >> Error in ripmime >> >> @400059a8fa98045a4bc4 simscan: pelookup: domain is aissamaritime.in >> @400059a8fa98045a4bc4 simscan: cdb looking up aissamaritime.in >> @400059a8fa98045a4fac simscan: pelookup: local part is shailesh_k_bom >> @400059a8fa98045a4fac simscan: lpart: local part is ** >> @400059a8fa98045a5394 simscan: cdb looking >> upshailesh_k_...@aissamaritime.in >> @400059a8fa98045a5394 simscan: ripmime error >> @400059a8fa98045a6334 simscan: exit error code: 71 >> @400059a8fa98045a95fc qmail-smtpd: qq soft reject (mail server >> temporarily rejected message (#4.3.0)): >> MAILFROM:<imp...@xxx.in> RCPTTO:shailesh_k_...@yy.in >> >> >> Wierd error logs >> >> @400059a9032f3aa79a24 simscan: clamdscan: --- SCAN SUMMARY >> --- >> @400059a9032f3aa7b964 simscan: clamdscan: >> /var/qmail/simscan/1504248613.321653.5221: OK >> @400059a9032f3aa86d14 simscan: clamdscan: >> @400059a9032f3aa870fc simscan: clamdscan: ---simscan: cdb looking up >> version clamav >> @400059a9032f3aa8a3c4 SCAN simscan: clamdscan: SIUnMfMeAcRtYe >> d- -fsimscan: runned_scanners is attach: 1.4.0 clamav: 0.98.6/m: >> @400059a9032f3aa8c304 -isimscan: found 0.98.6/m: >> @400059a9032f3aa8c6ec -l-e-s-:- -0 >> @400059a9032f3aa8f1e4 --simscan: normal clamdscan return code: 0 >> @400059a9032f3aa8f1e4 >> @400059a9032f3aa8f5cc simscan: clamdscan: Infected fsimscan: clamdscan: >> iTliemes:: 00 >> @400059a9032f3aa93834 .simscan: clamdscan: 1T1i8m es:e c0 .1(002 ms >> e0simscan: calling spamc >> @400059a9032f3aa96ee4 c s(0)simscan: calling /usr/bin/spamc simscan: >> clamdscan: >> @400059a9032f3aa999dc spamcm >> @400059a9032f3aa999dc 0 s) >> @400059a9032f3aa9ad64 /var/qmail/simscan/1simscan: check_spam had an >> error ret: -1 >> @400059a9032f3aa9e02c 504248613.307311.5215: OK >
Re: [qmailtoaster] qq soft reject errors on high load
eric the machine i have is a dell, hex core with hyperthreading, 16 gb ram -- hardly 4 gb being used, 600 gb 15krpm drive, 2 drives of 2000 gb each separately handling data. rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Fri, 1 Sep 2017 10:01:01 -0600 Subject: I'm not sure what's going on here. Is this a relatively new phenomenon? I wonder if it's a memory, or even a disk speed, issue since it only happens at peak hours? I think I'll appy Johannes Weberhofer's patch and put it out there for you...and cross or fingers. On 9/1/2017 6:28 AM, Rajesh M wrote: > remo / eric > > i have still not being able to resolve the qq soft reject error. > > these are my findings > > 1) the errors i see are "error forking qmail-queue" and "ripmime error" which > causes the qq soft reject. > > 2) the max concurrent connections in the logs is around 35. > > 3) These errors come up during peak working hours when the server is under a > load of 4 - 8, and they increase the load even more to over 10-15. > > 4) i came across this link (not sure if this is related) > https://github.com/qmail/simscan/blob/master/simscan.c > > 5) i can share with you my live smtp logs with simscan debug. > > have extracted some lines below > > > Error forking qmail-queue > > @400059a8fa7b0a2ed1b4 tcpserver: status: 31/200 > @400059a8fa7b13162584 simscan: cdb looking up version spam > @400059a8fa7b13166bd4 simscan: runned_scanners is attach: 1.4.0 clamav: > 0.98.6/m: spam: 3.3.2 > @400059a8fa7b13166fbc simscan: found 3.3.2 > @400059a8fa7b13168efc simscan:[10757]:CLEAN > (5.00/30.00):9.7712s:-Possible Spam- RE_ REQUIRE BOOKING // 1X20 // > ICD TKD TO > BANDARABASS:103.241.181.228:cs@atlasdecargo.com:rathe...@radiant-india.net > @400059a8fa7b1316cd7c simscan: done, execing qmail-queue > @400059a8fa7b1316fc5c simscan: error forking qmail-queue > @400059a8fa7b13199854 simscan: exit error code: 71 > @400059a8fa7b131c4004 qmail-smtpd: qq soft reject (mail server > temporarily rejected message (#4.3.0)): MAILFROM:<cs@x.com> > RCPTTO:rathe...@y.net > > > Error in ripmime > > @400059a8fa98045a4bc4 simscan: pelookup: domain is aissamaritime.in > @400059a8fa98045a4bc4 simscan: cdb looking up aissamaritime.in > @400059a8fa98045a4fac simscan: pelookup: local part is shailesh_k_bom > @400059a8fa98045a4fac simscan: lpart: local part is ** > @400059a8fa98045a5394 simscan: cdb looking > upshailesh_k_...@aissamaritime.in > @400059a8fa98045a5394 simscan: ripmime error > @400059a8fa98045a6334 simscan: exit error code: 71 > @400059a8fa98045a95fc qmail-smtpd: qq soft reject (mail server > temporarily rejected message (#4.3.0)): > MAILFROM:<imp...@xxx.in> RCPTTO:shailesh_k_...@yy.in > > > Wierd error logs > > @400059a9032f3aa79a24 simscan: clamdscan: --- SCAN SUMMARY > --- > @400059a9032f3aa7b964 simscan: clamdscan: > /var/qmail/simscan/1504248613.321653.5221: OK > @400059a9032f3aa86d14 simscan: clamdscan: > @400059a9032f3aa870fc simscan: clamdscan: ---simscan: cdb looking up > version clamav > @400059a9032f3aa8a3c4 SCAN simscan: clamdscan: SIUnMfMeAcRtYe d- > -fsimscan: runned_scanners is attach: 1.4.0 clamav: 0.98.6/m: > @400059a9032f3aa8c304 -isimscan: found 0.98.6/m: > @400059a9032f3aa8c6ec -l-e-s-:- -0 > @400059a9032f3aa8f1e4 --simscan: normal clamdscan return code: 0 > @400059a9032f3aa8f1e4 > @400059a9032f3aa8f5cc simscan: clamdscan: Infected fsimscan: clamdscan: > iTliemes:: 00 > @400059a9032f3aa93834 .simscan: clamdscan: 1T1i8m es:e c0 .1(002 ms > e0simscan: calling spamc > @400059a9032f3aa96ee4 c s(0)simscan: calling /usr/bin/spamc simscan: > clamdscan: > @400059a9032f3aa999dc spamcm > @400059a9032f3aa999dc 0 s) > @400059a9032f3aa9ad64 /var/qmail/simscan/1simscan: check_spam had an > error ret: -1 > @400059a9032f3aa9e02c 504248613.307311.5215: OK > @400059a9032f337c simscan: clamdscan: > @400059a9032f3764 simscan: clamdscan: --- SCAN SUMMARY > --- > @400059a9032f3aab3fbc simscan: clamdscan: Infected files: 0 > @400059a9032f3aaba164 simscan: clamdscan: Time: 0.135 sec (0 m 0 s) > @400059a9032f3aac39bc simscan: clamdscan: /var/qmail/simscan/15simscan: > exit error code: 71 > @400059a9032f3aaca334 04248613.308469.5216: OK > @400059a9032f3aacddcc simscan: clamdscan: > @400059a9032f3aace984 simscan: clamdscan: --- SCAN SUMMARY > --- > @400059a9 > > > > >
Re: [qmailtoaster] using dovecot seive
eric, i followed the instructions you gave below and it worked perfectly. the syntax error was in my dovecot.sieve file once i used your setting the logs gave me the error, which i could fix and get it working. dovecot created the following [root@ns1 rajesh]# ls -la total 24 drwx-- 4 vpopmail vchkpw 4096 Sep 1 21:01 . drwx-- 5 vpopmail vchkpw 4096 Aug 30 23:37 .. -rw--- 1 vpopmail vchkpw 265 Sep 1 21:01 .dovecot.lda-dupes --- created by dovecot lrwxrwxrwx 1 vpopmail vchkpw 20 Aug 31 21:45 .dovecot.sieve -> .sieve/dovecot.sieve drwx-- 8 vpopmail vchkpw 4096 Sep 1 20:55 Maildir -rw--- 1 vpopmail vchkpw 74 Aug 31 23:21 .qmail drwx-- 2 vpopmail vchkpw 4096 Sep 1 21:01 .sieve [root@ns1 .sieve]# ls -la total 20 drwx-- 2 vpopmail vchkpw 4096 Sep 1 21:01 . drwx-- 4 vpopmail vchkpw 4096 Sep 1 21:01 .. -rw--- 1 vpopmail vchkpw 261 Sep 1 21:00 dovecot.sieve -rw--- 1 vpopmail vchkpw 203 Sep 1 20:55 dovecot.sieve.log --- created by dovecot -rw--- 1 vpopmail vchkpw 273 Sep 1 21:01 dovecot.svbin --- created by dovecot -- compiled version of dovecot.sieve btw it gave me a message as such in the /var/log/dovecot-lda/dovecot-lda.log nothing in the /var/log/dovecot-lda/dovecot-lda-errors.log Sep 01 20:55:29 lda(raj...@aaaonlinux.com): Info: sieve: Failed to compile script `/home/vpopmail/domains/x.com/rajesh/.sieve/dovecot.sieve' (view user logfile `/home/vpopmail/domains/x.com/rajesh/.sieve/dovecot.sieve.log' for more information) i have placed all the configurations in dovecot.conf file (am not using any of the files in conf.d) arranged sequentially as per the conf.d numbering regds rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Thu, 31 Aug 2017 19:35:30 -0600 Subject: Hi Rajesh, I'm not sure if you've gotten this working yet. I tried some experimentation and I got this working on my host albeit that roundcube created my files and directories under the user. Notice especially the 'tmp' directory under ~/.sieve, you may need it...not sure. Anyway here's everything I did. # ls -la /home/vpopmail/domains/mydomain.com/user/ total 24 drwx-- 4 vpopmail vchkpw 4096 Aug 31 19:11 . drwx-- 5 vpopmail vchkpw 4096 Aug 31 19:06 .. -rw--- 1 vpopmail vchkpw 300 Aug 31 19:11 .dovecot.lda-dupes lrwxrwxrwx 1 vpopmail vchkpw  22 Aug 31 07:16 .dovecot.sieve -> .sieve/roundcube.sieve -rw--- 1 vpopmail vchkpw 278 Aug 31 19:09 .dovecot.svbin drwx-- 14 vpopmail vchkpw 4096 Aug 31 19:13 Maildir drwx-- 3 vpopmail vchkpw 4096 Aug 31 19:08 .sieve -- # ls -la /home/vpopmail/domains/mydomain.com/user/.sieve total 16 drwx-- 3 vpopmail vchkpw 4096 Aug 31 19:08 . drwx-- 4 vpopmail vchkpw 4096 Aug 31 19:11 .. -rw--- 1 vpopmail vchkpw 120 Aug 31 19:08 roundcube.sieve drwx-- 2 vpopmail vchkpw 4096 Aug 31 19:08 tmp -- # cat /home/vpopmail/domains/mydomain.com/user/.dovecot.sieve # rule:[ToUserOtherDomain] if header :contains "from" "u...@mydomain2.com" {        redirect "u...@myotherdomain.com"; } -- It all came out in the log file /var/log/dovecot-lda/lda.log correctly -- Dovecot settings: /etc/dovecot/local.conf : protocol lda {  mail_debug=yes  mail_plugins = $mail_plugins sieve  deliver_log_format = From:<%f>-<%e> :: Subject:<%s> :: Status:<%$> :: MsgID:<%m> :: Size<%p> :: vSize<%w>  log_path = /var/log/dovecot-lda/lda-err.log  info_log_path = /var/log/dovecot-lda/lda.log  #postmaster_address = postmaster@ } plugin {      sieve = ~/.dovecot.sieve      sieve_dir = ~/.sieve } -- Dovecot settings: /etc/dovecot/toaster.conf protocols = imap pop3 sieve service managesieve-login {   inet_listener sieve {   port = 4190   } } -- # ls -ld /var/log/dov*lda* drwxrwx--- 2 vpopmail vchkpw 4096 Nov 10 2016 /var/log/dovecot-lda -- # ls -l /var/log/dov*lda* total 136 -rw--- 1 vpopmail vchkpw   418 Nov 12 2016 lda-err.log -rw--- 1 vpopmail vchkpw 129882 Aug 31 19:12 lda.log -- # cat /home/vpopmail/domains/mydomain.com/.qmail-default |/var/qmail/bin/preline -f /usr/libex
Re: [qmailtoaster] qq soft reject errors on high load
remo / eric i have still not being able to resolve the qq soft reject error. these are my findings 1) the errors i see are "error forking qmail-queue" and "ripmime error" which causes the qq soft reject. 2) the max concurrent connections in the logs is around 35. 3) These errors come up during peak working hours when the server is under a load of 4 - 8, and they increase the load even more to over 10-15. 4) i came across this link (not sure if this is related) https://github.com/qmail/simscan/blob/master/simscan.c 5) i can share with you my live smtp logs with simscan debug. have extracted some lines below Error forking qmail-queue @400059a8fa7b0a2ed1b4 tcpserver: status: 31/200 @400059a8fa7b13162584 simscan: cdb looking up version spam @400059a8fa7b13166bd4 simscan: runned_scanners is attach: 1.4.0 clamav: 0.98.6/m: spam: 3.3.2 @400059a8fa7b13166fbc simscan: found 3.3.2 @400059a8fa7b13168efc simscan:[10757]:CLEAN (5.00/30.00):9.7712s:-Possible Spam- RE_ REQUIRE BOOKING // 1X20 // ICD TKD TO BANDAR ABASS:103.241.181.228:cs@atlasdecargo.com:rathe...@radiant-india.net @400059a8fa7b1316cd7c simscan: done, execing qmail-queue @400059a8fa7b1316fc5c simscan: error forking qmail-queue @400059a8fa7b13199854 simscan: exit error code: 71 @400059a8fa7b131c4004 qmail-smtpd: qq soft reject (mail server temporarily rejected message (#4.3.0)): MAILFROM:<cs@x.com> RCPTTO:rathe...@y.net Error in ripmime @400059a8fa98045a4bc4 simscan: pelookup: domain is aissamaritime.in @400059a8fa98045a4bc4 simscan: cdb looking up aissamaritime.in @400059a8fa98045a4fac simscan: pelookup: local part is shailesh_k_bom @400059a8fa98045a4fac simscan: lpart: local part is ** @400059a8fa98045a5394 simscan: cdb looking up shailesh_k_...@aissamaritime.in @400059a8fa98045a5394 simscan: ripmime error @400059a8fa98045a6334 simscan: exit error code: 71 @400059a8fa98045a95fc qmail-smtpd: qq soft reject (mail server temporarily rejected message (#4.3.0)): MAILFROM:<imp...@xxx.in> RCPTTO:shailesh_k_...@yy.in Wierd error logs @400059a9032f3aa79a24 simscan: clamdscan: --- SCAN SUMMARY --- @400059a9032f3aa7b964 simscan: clamdscan: /var/qmail/simscan/1504248613.321653.5221: OK @400059a9032f3aa86d14 simscan: clamdscan: @400059a9032f3aa870fc simscan: clamdscan: ---simscan: cdb looking up version clamav @400059a9032f3aa8a3c4 SCAN simscan: clamdscan: SIUnMfMeAcRtYe d- -fsimscan: runned_scanners is attach: 1.4.0 clamav: 0.98.6/m: @400059a9032f3aa8c304 -isimscan: found 0.98.6/m: @400059a9032f3aa8c6ec -l-e-s-:- -0 @400059a9032f3aa8f1e4 --simscan: normal clamdscan return code: 0 @400059a9032f3aa8f1e4 @400059a9032f3aa8f5cc simscan: clamdscan: Infected fsimscan: clamdscan: iTliemes:: 00 @400059a9032f3aa93834 .simscan: clamdscan: 1T1i8m es:e c0 .1(002 ms e0simscan: calling spamc @400059a9032f3aa96ee4 c s(0)simscan: calling /usr/bin/spamc simscan: clamdscan: @400059a9032f3aa999dc spamcm @400059a9032f3aa999dc 0 s) @400059a9032f3aa9ad64 /var/qmail/simscan/1simscan: check_spam had an error ret: -1 @400059a9032f3aa9e02c 504248613.307311.5215: OK @400059a9032f337c simscan: clamdscan: @400059a9032f3764 simscan: clamdscan: --- SCAN SUMMARY --- @400059a9032f3aab3fbc simscan: clamdscan: Infected files: 0 @400059a9032f3aaba164 simscan: clamdscan: Time: 0.135 sec (0 m 0 s) @400059a9032f3aac39bc simscan: clamdscan: /var/qmail/simscan/15simscan: exit error code: 71 @400059a9032f3aaca334 04248613.308469.5216: OK @400059a9032f3aacddcc simscan: clamdscan: @400059a9032f3aace984 simscan: clamdscan: --- SCAN SUMMARY --- @400059a9 @400059a9032f3aa86d14 simscan: clamdscan: @400059a9032f3aa870fc simscan: clamdscan: ---simscan: cdb looking up version clamav @400059a9032f3aa8a3c4 SCAN simscan: clamdscan: SIUnMfMeAcRtYe d- -fsimscan: runned_scanners is attach: 1.4.0 clamav: 0.98.6/m: @400059a9032f3aa8c304 -isimscan: found 0.98.6/m: @400059a9032f3aa8c6ec -l-e-s-:- -0 @400059a9032f3aa8f1e4 --simscan: normal clamdscan return code: 0 @400059a9032f3aa8f1e4 @400059a9032f3aa8f5cc simscan: clamdscan: Infected fsimscan: clamdscan: iTliemes:: 00 @400059a9032f3aa93834 .simscan: clamdscan: 1T1i8m es:e c0 .1(002 ms e0simscan: calling spamc @400059a9032f3aa96ee4 c s(0)simscan: calling /usr/bin/spamc simscan: clamdscan: @400059a9032f3aa999dc spamcm @400059a9032f3aa999dc 0 s) @400059a9032f3aa9ad64 /var/qmail/simscan/1simscan: check_spam had an error ret: -1 @400059a9032f3aa9e02c 504248613.307311.5215: OK @400059a9032f337c simscan: clamdscan: @400059a9032f3764 simscan: clamdscan: --- SCAN SUMMARY --- @400059a9032f3aab3fbc simsc
Re: [qmailtoaster] using dovecot seive
eric / remo will be working on remo's config over the weekend and will definitely revert with the step by step process rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Thu, 31 Aug 2017 19:35:30 -0600 Subject: Hi Rajesh, I'm not sure if you've gotten this working yet. I tried some experimentation and I got this working on my host albeit that roundcube created my files and directories under the user. Notice especially the 'tmp' directory under ~/.sieve, you may need it...not sure. Anyway here's everything I did. # ls -la /home/vpopmail/domains/mydomain.com/user/ total 24 drwx-- 4 vpopmail vchkpw 4096 Aug 31 19:11 . drwx-- 5 vpopmail vchkpw 4096 Aug 31 19:06 .. -rw--- 1 vpopmail vchkpw 300 Aug 31 19:11 .dovecot.lda-dupes lrwxrwxrwx 1 vpopmail vchkpw  22 Aug 31 07:16 .dovecot.sieve -> .sieve/roundcube.sieve -rw--- 1 vpopmail vchkpw 278 Aug 31 19:09 .dovecot.svbin drwx-- 14 vpopmail vchkpw 4096 Aug 31 19:13 Maildir drwx-- 3 vpopmail vchkpw 4096 Aug 31 19:08 .sieve -- # ls -la /home/vpopmail/domains/mydomain.com/user/.sieve total 16 drwx-- 3 vpopmail vchkpw 4096 Aug 31 19:08 . drwx-- 4 vpopmail vchkpw 4096 Aug 31 19:11 .. -rw--- 1 vpopmail vchkpw 120 Aug 31 19:08 roundcube.sieve drwx-- 2 vpopmail vchkpw 4096 Aug 31 19:08 tmp -- # cat /home/vpopmail/domains/mydomain.com/user/.dovecot.sieve # rule:[ToUserOtherDomain] if header :contains "from" "u...@mydomain2.com" {        redirect "u...@myotherdomain.com"; } -- It all came out in the log file /var/log/dovecot-lda/lda.log correctly -- Dovecot settings: /etc/dovecot/local.conf : protocol lda {  mail_debug=yes  mail_plugins = $mail_plugins sieve  deliver_log_format = From:<%f>-<%e> :: Subject:<%s> :: Status:<%$> :: MsgID:<%m> :: Size<%p> :: vSize<%w>  log_path = /var/log/dovecot-lda/lda-err.log  info_log_path = /var/log/dovecot-lda/lda.log  #postmaster_address = postmaster@ } plugin {      sieve = ~/.dovecot.sieve      sieve_dir = ~/.sieve } -- Dovecot settings: /etc/dovecot/toaster.conf protocols = imap pop3 sieve service managesieve-login {   inet_listener sieve {   port = 4190   } } -- # ls -ld /var/log/dov*lda* drwxrwx--- 2 vpopmail vchkpw 4096 Nov 10 2016 /var/log/dovecot-lda -- # ls -l /var/log/dov*lda* total 136 -rw--- 1 vpopmail vchkpw   418 Nov 12 2016 lda-err.log -rw--- 1 vpopmail vchkpw 129882 Aug 31 19:12 lda.log -- # cat /home/vpopmail/domains/mydomain.com/.qmail-default |/var/qmail/bin/preline -f /usr/libexec/dovecot/deliver -d $EXT@$USER -o postmaster_address=postmas...@mydomain.com -- Hope this helps! Eric On 8/31/2017 12:12 PM, Rajesh M wrote: > eric / remo > > do we need to make any changes to the files inside conf.d ? > > rajesh > > - Original Message - > From: Rajesh M [mailto:24x7ser...@24x7server.net] > To: qmailtoaster-list@qmailtoaster.com > Sent: Thu, 31 Aug 2017 23:33:59 +0530 > Subject: > > nothing at all in /var/log/dovecot-lda/dovecot-lda.log > > looks like i am missing something crucial. > > rajesh > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Thu, 31 Aug 2017 11:55:28 -0600 > Subject: > > Nothing/Anything in /var/log/dovecot-lda/dovecot-lda-errors.log ??? > > > On 8/31/2017 11:50 AM, Rajesh M wrote: >> this is what i have done >> >> 2a) Add the following lines to /etc/dovecot/local.conf: >> protocol lda { >> log_path = /var/log/dovecot-lda/dovecot-lda-errors.log >> info_log_path = /var/log/dovecot-lda/dovecot-lda.log >> } >> Create and change the permissions on the directory /var/log/dovecot-lda >> # mkdir /var/log/dovecot-lda >> # chmod 770 /var/log/dovecot-lda >> # chown vpopmail.vchkpw /var/log/dovecot-lda >> Add /etc/logrotate.d/dovecot-lda and settings appropriate >> >> i am sending email from host
Re: [qmailtoaster] using dovecot seive
eric / remo do we need to make any changes to the files inside conf.d ? rajesh - Original Message - From: Rajesh M [mailto:24x7ser...@24x7server.net] To: qmailtoaster-list@qmailtoaster.com Sent: Thu, 31 Aug 2017 23:33:59 +0530 Subject: nothing at all in /var/log/dovecot-lda/dovecot-lda.log looks like i am missing something crucial. rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Thu, 31 Aug 2017 11:55:28 -0600 Subject: Nothing/Anything in /var/log/dovecot-lda/dovecot-lda-errors.log ??? On 8/31/2017 11:50 AM, Rajesh M wrote: > this is what i have done > > 2a) Add the following lines to /etc/dovecot/local.conf: > protocol lda { >log_path = /var/log/dovecot-lda/dovecot-lda-errors.log >info_log_path = /var/log/dovecot-lda/dovecot-lda.log > } > Create and change the permissions on the directory /var/log/dovecot-lda > # mkdir /var/log/dovecot-lda > # chmod 770 /var/log/dovecot-lda > # chown vpopmail.vchkpw /var/log/dovecot-lda > Add /etc/logrotate.d/dovecot-lda and settings appropriate > > i am sending email from host...@.com to raj...@.com and a there is a > sieve rule to forward the email to ad...@.com > email is being correctly delivered to raj...@.com but not being forwarded > to ad...@.com > > [root@ns1 rajesh]# tail -f /var/log/dovecot-lda/dovecot-lda.log > Aug 31 21:46:56 lda(raj...@.com): Info: > msgid=<8d066ea0-cea3-c45d-1899-39e36e6a4...@.com>: saved mail to INBOX > Aug 31 21:50:54 lda(raj...@.com): Info: > msgid=<cd64dca6-f5f9-b6c2-4d0e-5ebb04eee...@.com>: saved mail to INBOX > Aug 31 22:19:26 lda(raj...@.com): Info: > msgid=<e1805e35-5fcb-bfd6-5ca2-c1d673a32...@.com>: saved mail to INBOX > Aug 31 22:22:59 lda(raj...@.com): Info: > msgid=<356e1818-2a24-6402-0e20-ddcf03325...@.com>: saved mail to INBOX > Aug 31 23:03:15 lda(raj...@.com): Info: > msgid=<83df1f93-fe93-fbd4-c079-1dd319a98...@.com>: saved mail to INBOX > > rajesh > > > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Thu, 31 Aug 2017 11:41:00 -0600 > Subject: > > Rajesh, > > Have a look at my notes, are you looking in the correct log file and/or > how do you have logging set up for Dovecot LDA > > http://www.qmailtoaster.org/notes.html > > Eric > > > On 8/31/2017 11:37 AM, Rajesh M wrote: >> eric >> >> what is puzzling is that there is nothing in the dovecot error log >> >> [root@ns1 rajesh]# doveconf -n | grep sieve >> managesieve_notify_capability = mailto >> managesieve_sieve_capability = fileinto reject envelope encoded-character >> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags >> copy include variables body enotify environment mailbox date index ihave >> duplicate mime foreverypart extracttext spamtest spamtestplus imapflags >> notify vnd.dovecot.duplicate >> sieve = ~/.sieve/dovecot.sieve >> sieve_before = /etc/dovecot/sieve/ >> sieve_dir = ~/.sieve >> sieve_extensions = +notify +imapflags +vnd.dovecot.duplicate +spamtest >> +spamtestplus +relational +comparator-i;ascii-numeric >> protocols = imap pop3 sieve >> service managesieve-login { >> inet_listener sieve { >> >> rajesh >> >> - Original Message - >> From: Eric Broch [mailto:ebr...@whitehorsetc.com] >> To: qmailtoaster-list@qmailtoaster.com >> Sent: Thu, 31 Aug 2017 11:33:45 -0600 >> Subject: >> >> Can you dump dovecot >> >> # doveconf -n | grep sieve >> >> And post? >> >> >> On 8/31/2017 11:16 AM, Rajesh M wrote: >>> eric / remo >>> >>> still not getting dovecot lda to forward emails based on rules. have copied >>> below my configurations. >>> >>> /home/vpopmail/domains/x.com/rajesh >>> [root@ns1 rajesh]# ls -la >>> total 20 >>> drwx-- 4 vpopmail vchkpw 4096 Aug 31 21:45 . >>> drwx-- 5 vpopmail vchkpw 4096 Aug 30 23:37 .. >>> lrwxrwxrwx 1 vpopmail vchkpw 20 Aug 31 21:45 .dovecot.sieve -> >>> .sieve/dovecot.sieve >>> drwx-- 8 vpopmail vchkpw 4096 Aug 31 22:23 Maildir >>> -rw--- 1 vpopmail vchkpw 85 Aug 30 23:47 .qmail >>> drwx-- 2 vpopmail vchkpw 4096 Aug 30 17:38 .sieve >>> >>> >>> [root@ns1 rajesh]# ls -la .sieve >>> total 12 >>> drwx-- 2 vpopmail vchkpw 4096 Aug 30 17:38 . >>> drwx-- 4 vpopma
Re: [qmailtoaster] using dovecot seive
nothing at all in /var/log/dovecot-lda/dovecot-lda.log looks like i am missing something crucial. rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Thu, 31 Aug 2017 11:55:28 -0600 Subject: Nothing/Anything in /var/log/dovecot-lda/dovecot-lda-errors.log ??? On 8/31/2017 11:50 AM, Rajesh M wrote: > this is what i have done > > 2a) Add the following lines to /etc/dovecot/local.conf: > protocol lda { >log_path = /var/log/dovecot-lda/dovecot-lda-errors.log >info_log_path = /var/log/dovecot-lda/dovecot-lda.log > } > Create and change the permissions on the directory /var/log/dovecot-lda > # mkdir /var/log/dovecot-lda > # chmod 770 /var/log/dovecot-lda > # chown vpopmail.vchkpw /var/log/dovecot-lda > Add /etc/logrotate.d/dovecot-lda and settings appropriate > > i am sending email from host...@.com to raj...@.com and a there is a > sieve rule to forward the email to ad...@.com > email is being correctly delivered to raj...@.com but not being forwarded > to ad...@.com > > [root@ns1 rajesh]# tail -f /var/log/dovecot-lda/dovecot-lda.log > Aug 31 21:46:56 lda(raj...@.com): Info: > msgid=<8d066ea0-cea3-c45d-1899-39e36e6a4...@.com>: saved mail to INBOX > Aug 31 21:50:54 lda(raj...@.com): Info: > msgid=<cd64dca6-f5f9-b6c2-4d0e-5ebb04eee...@.com>: saved mail to INBOX > Aug 31 22:19:26 lda(raj...@.com): Info: > msgid=<e1805e35-5fcb-bfd6-5ca2-c1d673a32...@.com>: saved mail to INBOX > Aug 31 22:22:59 lda(raj...@.com): Info: > msgid=<356e1818-2a24-6402-0e20-ddcf03325...@.com>: saved mail to INBOX > Aug 31 23:03:15 lda(raj...@.com): Info: > msgid=<83df1f93-fe93-fbd4-c079-1dd319a98...@.com>: saved mail to INBOX > > rajesh > > > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Thu, 31 Aug 2017 11:41:00 -0600 > Subject: > > Rajesh, > > Have a look at my notes, are you looking in the correct log file and/or > how do you have logging set up for Dovecot LDA > > http://www.qmailtoaster.org/notes.html > > Eric > > > On 8/31/2017 11:37 AM, Rajesh M wrote: >> eric >> >> what is puzzling is that there is nothing in the dovecot error log >> >> [root@ns1 rajesh]# doveconf -n | grep sieve >> managesieve_notify_capability = mailto >> managesieve_sieve_capability = fileinto reject envelope encoded-character >> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags >> copy include variables body enotify environment mailbox date index ihave >> duplicate mime foreverypart extracttext spamtest spamtestplus imapflags >> notify vnd.dovecot.duplicate >> sieve = ~/.sieve/dovecot.sieve >> sieve_before = /etc/dovecot/sieve/ >> sieve_dir = ~/.sieve >> sieve_extensions = +notify +imapflags +vnd.dovecot.duplicate +spamtest >> +spamtestplus +relational +comparator-i;ascii-numeric >> protocols = imap pop3 sieve >> service managesieve-login { >> inet_listener sieve { >> >> rajesh >> >> - Original Message - >> From: Eric Broch [mailto:ebr...@whitehorsetc.com] >> To: qmailtoaster-list@qmailtoaster.com >> Sent: Thu, 31 Aug 2017 11:33:45 -0600 >> Subject: >> >> Can you dump dovecot >> >> # doveconf -n | grep sieve >> >> And post? >> >> >> On 8/31/2017 11:16 AM, Rajesh M wrote: >>> eric / remo >>> >>> still not getting dovecot lda to forward emails based on rules. have copied >>> below my configurations. >>> >>> /home/vpopmail/domains/x.com/rajesh >>> [root@ns1 rajesh]# ls -la >>> total 20 >>> drwx-- 4 vpopmail vchkpw 4096 Aug 31 21:45 . >>> drwx-- 5 vpopmail vchkpw 4096 Aug 30 23:37 .. >>> lrwxrwxrwx 1 vpopmail vchkpw 20 Aug 31 21:45 .dovecot.sieve -> >>> .sieve/dovecot.sieve >>> drwx-- 8 vpopmail vchkpw 4096 Aug 31 22:23 Maildir >>> -rw--- 1 vpopmail vchkpw 85 Aug 30 23:47 .qmail >>> drwx-- 2 vpopmail vchkpw 4096 Aug 30 17:38 .sieve >>> >>> >>> [root@ns1 rajesh]# ls -la .sieve >>> total 12 >>> drwx-- 2 vpopmail vchkpw 4096 Aug 30 17:38 . >>> drwx-- 4 vpopmail vchkpw 4096 Aug 31 21:45 .. >>> -rw--- 1 vpopmail vchkpw 160 Aug 30 17:38 dovecot.sieve >>> >>> >>> .dovecot.sieve >>> >>> # rule:[globalpay-forwarder - move] >>> if anyof (head
Re: [qmailtoaster] using dovecot seive
this is what i have done 2a) Add the following lines to /etc/dovecot/local.conf: protocol lda { log_path = /var/log/dovecot-lda/dovecot-lda-errors.log info_log_path = /var/log/dovecot-lda/dovecot-lda.log } Create and change the permissions on the directory /var/log/dovecot-lda # mkdir /var/log/dovecot-lda # chmod 770 /var/log/dovecot-lda # chown vpopmail.vchkpw /var/log/dovecot-lda Add /etc/logrotate.d/dovecot-lda and settings appropriate i am sending email from host...@.com to raj...@.com and a there is a sieve rule to forward the email to ad...@.com email is being correctly delivered to raj...@.com but not being forwarded to ad...@.com [root@ns1 rajesh]# tail -f /var/log/dovecot-lda/dovecot-lda.log Aug 31 21:46:56 lda(raj...@.com): Info: msgid=<8d066ea0-cea3-c45d-1899-39e36e6a4...@.com>: saved mail to INBOX Aug 31 21:50:54 lda(raj...@.com): Info: msgid=<cd64dca6-f5f9-b6c2-4d0e-5ebb04eee...@.com>: saved mail to INBOX Aug 31 22:19:26 lda(raj...@.com): Info: msgid=<e1805e35-5fcb-bfd6-5ca2-c1d673a32...@.com>: saved mail to INBOX Aug 31 22:22:59 lda(raj...@.com): Info: msgid=<356e1818-2a24-6402-0e20-ddcf03325...@.com>: saved mail to INBOX Aug 31 23:03:15 lda(raj...@.com): Info: msgid=<83df1f93-fe93-fbd4-c079-1dd319a98...@.com>: saved mail to INBOX rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Thu, 31 Aug 2017 11:41:00 -0600 Subject: Rajesh, Have a look at my notes, are you looking in the correct log file and/or how do you have logging set up for Dovecot LDA http://www.qmailtoaster.org/notes.html Eric On 8/31/2017 11:37 AM, Rajesh M wrote: > eric > > what is puzzling is that there is nothing in the dovecot error log > > [root@ns1 rajesh]# doveconf -n | grep sieve > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character > vacation subaddress comparator-i;ascii-numeric relational regex imap4flags > copy include variables body enotify environment mailbox date index ihave > duplicate mime foreverypart extracttext spamtest spamtestplus imapflags > notify vnd.dovecot.duplicate >sieve = ~/.sieve/dovecot.sieve >sieve_before = /etc/dovecot/sieve/ >sieve_dir = ~/.sieve >sieve_extensions = +notify +imapflags +vnd.dovecot.duplicate +spamtest > +spamtestplus +relational +comparator-i;ascii-numeric > protocols = imap pop3 sieve > service managesieve-login { >inet_listener sieve { > > rajesh > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Thu, 31 Aug 2017 11:33:45 -0600 > Subject: > > Can you dump dovecot > > # doveconf -n | grep sieve > > And post? > > > On 8/31/2017 11:16 AM, Rajesh M wrote: >> eric / remo >> >> still not getting dovecot lda to forward emails based on rules. have copied >> below my configurations. >> >> /home/vpopmail/domains/x.com/rajesh >> [root@ns1 rajesh]# ls -la >> total 20 >> drwx-- 4 vpopmail vchkpw 4096 Aug 31 21:45 . >> drwx-- 5 vpopmail vchkpw 4096 Aug 30 23:37 .. >> lrwxrwxrwx 1 vpopmail vchkpw 20 Aug 31 21:45 .dovecot.sieve -> >> .sieve/dovecot.sieve >> drwx-- 8 vpopmail vchkpw 4096 Aug 31 22:23 Maildir >> -rw--- 1 vpopmail vchkpw 85 Aug 30 23:47 .qmail >> drwx-- 2 vpopmail vchkpw 4096 Aug 30 17:38 .sieve >> >> >> [root@ns1 rajesh]# ls -la .sieve >> total 12 >> drwx-- 2 vpopmail vchkpw 4096 Aug 30 17:38 . >> drwx-- 4 vpopmail vchkpw 4096 Aug 31 21:45 .. >> -rw--- 1 vpopmail vchkpw 160 Aug 30 17:38 dovecot.sieve >> >> >> .dovecot.sieve >> >> # rule:[globalpay-forwarder - move] >> if anyof (header :contains "From" "host...@x.com") { >> redirect :copy "ad...@yy.com"; >> stop; >> } >> >> >> i have not created any global sieve script, only personal. >> >> # A path to a global sieve script file, which gets executed ONLY >> # if user's private Sieve script doesn't exist. Be sure to >> # pre-compile this script manually using the sievec command line >> # tool. >> #sieve_global_path = /var/lib/dovecot/sieve/default.sieve >> #sieve_global_path = /etc/dovecot/globalsieverc >> >> >> ### in the toaster.conf file under plugin >> >> plugin { >> quota = maildir:ignore=Trash >> quota_rule = ?:storage=0 >> sieve_global_path = /etc/dovecot/globalsieverc >> # Directory for :personal include scripts f
Re: [qmailtoaster] using dovecot seive
eric / remo still not getting dovecot lda to forward emails based on rules. have copied below my configurations. /home/vpopmail/domains/x.com/rajesh [root@ns1 rajesh]# ls -la total 20 drwx-- 4 vpopmail vchkpw 4096 Aug 31 21:45 . drwx-- 5 vpopmail vchkpw 4096 Aug 30 23:37 .. lrwxrwxrwx 1 vpopmail vchkpw 20 Aug 31 21:45 .dovecot.sieve -> .sieve/dovecot.sieve drwx-- 8 vpopmail vchkpw 4096 Aug 31 22:23 Maildir -rw--- 1 vpopmail vchkpw 85 Aug 30 23:47 .qmail drwx-- 2 vpopmail vchkpw 4096 Aug 30 17:38 .sieve [root@ns1 rajesh]# ls -la .sieve total 12 drwx-- 2 vpopmail vchkpw 4096 Aug 30 17:38 . drwx-- 4 vpopmail vchkpw 4096 Aug 31 21:45 .. -rw--- 1 vpopmail vchkpw 160 Aug 30 17:38 dovecot.sieve .dovecot.sieve # rule:[globalpay-forwarder - move] if anyof (header :contains "From" "host...@x.com") { redirect :copy "ad...@yy.com"; stop; } i have not created any global sieve script, only personal. # A path to a global sieve script file, which gets executed ONLY # if user's private Sieve script doesn't exist. Be sure to # pre-compile this script manually using the sievec command line # tool. #sieve_global_path = /var/lib/dovecot/sieve/default.sieve #sieve_global_path = /etc/dovecot/globalsieverc ### in the toaster.conf file under plugin plugin { quota = maildir:ignore=Trash quota_rule = ?:storage=0 sieve_global_path = /etc/dovecot/globalsieverc # Directory for :personal include scripts for the include extension. sieve = ~/.sieve/dovecot.sieve sieve_before = /etc/dovecot/sieve/ sieve_dir = ~/.sieve sieve_extensions = +notify +imapflags +vnd.dovecot.duplicate +spamtest +spamtestplus +relational +comparator-i;ascii-numeric } had a question -- how does dovecot know that ~/.sieve is the /home/vpopmail/domains/x.com/rajesh directory thanks rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Thu, 31 Aug 2017 07:25:50 -0600 Subject: Hi Rajesh, I use roundcube and it automatically creates the stuff, hopefully correctly, when you open the Settings->Filters in the same with a roundcube filter file. Here's what it looks like permissions and all: # ls -la /home/vpopmail/domains/domain.tld/user total 16 drwx-- 4 vpopmail vchkpw 4096 Aug 31 07:16 . drwx-- 5 vpopmail vchkpw 4096 Feb 8 2017 .. lrwxrwxrwx 1 vpopmail vchkpw  22 Aug 31 07:16 .dovecot.sieve -> .sieve/roundcube.sieve drwx-- 14 vpopmail vchkpw 4096 Aug 31 07:14 Maildir drwx-- 3 vpopmail vchkpw 4096 Aug 31 07:16 .sieve # ls -la /home/vpopmail/domains/domain.tld/user/.sieve total 16 drwx-- 3 vpopmail vchkpw 4096 Aug 31 07:16 . drwx-- 4 vpopmail vchkpw 4096 Aug 31 07:16 .. -rw--- 1 vpopmail vchkpw  18 Aug 31 07:16 roundcube.sieve drwx-- 2 vpopmail vchkpw 4096 Aug 31 07:16 tmp I imagine you could rename the filter file whatever you wanted (other than .sieve/roundcube.sieve) and change the symlink (.dovecot.sieve) to point to the same. Hopefully this works for you else you'll need to experiment or invoke Remo for help. Eric On 8/31/2017 6:52 AM, Rajesh M wrote: > eric > > yes, that is correct. that is how i set up. sorry typo in my email ... ie > basically along with the .qmail file > > /home/vpopmail/domains/domain.tld/user/.sieve/ > /home/vpopmail/domains/domain.tld/user/.sieve/dovecot.sieve > > rajesh > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: 24x7ser...@24x7server.net > Sent: Thu, 31 Aug 2017 06:45:59 -0600 > Subject: > > Rajesh, > > shouldn't the folder and file be > > /home/vpopmail/domains/domain.tld/user/.sieve/ > /home/vpopmail/domains/domain.tld/user/.sieve/dovecot.sieve > > not > > > /home/vpopmail/domains/domain.tld/user/Maildir/.sieve/ > /home/vpopmail/domains/domain.tld/user/Maildir/.sieve/dovecot.sieve > > Eric > > > > On 8/31/2017 5:12 AM, Rajesh M wrote: >> eric / >> >> still not able to get the routing done >> >> i don't use roundcube >> >> i manually create the .sieve folder and the dovecot.sieve in >> >> domain.com/user/Maildir folder >> >> what should the permissions be ? >> >> I receive no errors in the lda log file >> >> thanks >> rajesh >> >> my dovecot file. >> >> [root@ns1 dovecot]# dovecot -n >> # 2.2.25 (7be1766): /etc/dovecot/dovecot.conf >> # Pigeonhole version 0.4.15 (97b3da0) >> # OS: Linux 2.6.32-642.13.1.el6.x86_64 x86_64 CentOS release 6.7 (Final) >> auth_cache_negative_ttl = 0 >> auth_cache_ttl = 0 >> auth_mechanisms = plain login digest-md5 cram-md5 >> default_login_user = vpopmail >> disable_plaintext_auth = no >> first_valid_gid = 89 >> fir
Re: [qmailtoaster] qq soft reject errors on high load
thank for sharing your experience remo, so would the following be correct ? chmod 2750 simscan chown clamav.clamav simscan do i need to stop qmail while applying this ? rajesh - Original Message - From: Remo Mattei [mailto:r...@mattei.org] To: qmailtoaster-list@qmailtoaster.com,24x7ser...@24x7server.net Sent: Thu, 31 Aug 2017 07:23:20 -0700 Subject: I had the same issue with qq. I changed the permissions and all good. I also raised the value of the softlimits exec /usr/bin/softlimit -m 104000 and my permissions are drwxr-s---Â Â 2 clamav clamav 4096 Aug 31 07:19 simscan So hopefully this helps. Remo On 8/31/17 6:51 AM, Rajesh M wrote: > eric > > on my qmailtoaster server (centos 6 64 bit) there are several domains --- > high traffic > > about 80 percent of them are routed via the sophos antispam filter and then > passed on to the mailserver with spamassassin/clam disabled by adding the ip > of the sophos server to the tcp.smtp file to exclude the line > /var/qmail/bin/simscan > > the balance 20 are directly reaching the mailserver ie mx pointed to > mailserver instead of sophos server and are scanned with clam / spamassassin. > > today i turned on the spamassassin / clam for the above 80 percent domains > too and this started throwing qq reject errors on a large scale but randomly. > > spamassassin child-processes was set to 20 to handle the load > > i checked the log files for the last 30 days till yesterday and found that > the same qq reject errors were present but very rarely ie 3 to 4 times on a > single day (occasional high load ??) > so it seems that this error comes up only when the load on the server is > high, all take place when there are attachments. > > reading the thread you sent me, i am not sure whether it applies to my case > but i can try out. > > # > drwxr-x--- 2 clamav root 6 May 6 17:57 simscan/ > > changing this to the following fixed the problem: > drwxr-s--- 2 clamav clamav 6 May 6 17:57 simscan/ > ### > > should i just > chown clamav.clamav simscan > > > thanks > rajesh > > > > > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: 24x7ser...@24x7server.net > Sent: Thu, 31 Aug 2017 06:42:08 -0600 > Subject: > > Have a look here, Rajesh, I'm not sure if it will help: > > https://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg40456.html > > > On 8/31/2017 4:51 AM, Rajesh M wrote: >> hi >> >> centos 6 64 bit >> SpamAssassin version 3.3.2 >> ClamAV 0.98.6/23745/Thu Aug 31 14:07:08 2017 >> >> we have a sophos antispam firewall which receives our emails and then routes >> them to our mail server (qmailtoaster, dovecot, spamassassin, clam) >> >> in the mail server we had stopped spamassassin >> >> however due to some custom requirements by our clients we enabled the same >> >> however we get the following error when the load on the server is high on a >> random basis. >> >> 2017-08-31 14:48:05.753994500 simscan: calling spamc >> 2017-08-31 14:48:05.754001500 simscan: calling /usr/bin/spamc spamc >> 2017-08-31 14:48:05.754010500 simscan: check_spam had an error ret: -1 >> 2017-08-31 14:48:05.754101500 simscan: exit error code: 71 >> 2017-08-31 14:48:05.754220500 qmail-smtpd: qq soft reject (mail server >> temporarily rejected message (#4.3.0)): MAILFROM:<sunil.saharan@@.com> >> RCPTTO:c...@.com >> >> >> 2017-08-31 14:48:05.956137500 simscan: ripmime error >> qmail-smtpd: qq soft reject (mail server temporarily rejected message >> >> >> >> if i disable simscan in tcp.smtp then errors do not take place. >> >> i enabled simscan debug and this is the result. >> >> 2017-08-31 14:48:05.956144500 qmail-smtpd: qq soft reject (mail server >> temporarily rejected message (#4.3.0)): MAILFROM:<sunil.saha...@.com> >> RCPTTO:inv1...@.net >> >> >> clam=yes,spam=yes,spam_hits=30,spam_passthru=yes,attach=.ace:.arc:.arj:.b64:.bat:.bhx:.cab:.chm:.com:.cpl:.dll:.exe:.gz:.hqx:.hta:.inf:.ins:.iso:.isp:.jse:.lib:.lnk:.lzh:.mim:.msp:.mst:.pif:.reg:.scf:.scr:.sct:.shb:.shs:.sys:.taz:.tgz:.tz:.url:.uu:.uue:.vb:.vbe:.vbs:.wsc:.wsf:.wsh:.xxe:.docm:.z:.jar >> 2017-08-31 14:48:05.746592500 simscan: pelookup clam = yes >> 2017-08-31 14:48:05.746593500 simscan: pelookup spam = yes >> 2017-08-31 14:48:05.746593500 simscan: pelookup spam_hits = 30 >> 2017-08-31 14:48:05.746595500 simscan: Per Domain Hits set to : 30.00 >> 2017-08-31 14:48:05.746595500 simscan: pelookup spam_passthru = yes >> 2017-08-31 14:48:05.746596500 sim
Re: [qmailtoaster] qq soft reject errors on high load
eric on my qmailtoaster server (centos 6 64 bit) there are several domains --- high traffic about 80 percent of them are routed via the sophos antispam filter and then passed on to the mailserver with spamassassin/clam disabled by adding the ip of the sophos server to the tcp.smtp file to exclude the line /var/qmail/bin/simscan the balance 20 are directly reaching the mailserver ie mx pointed to mailserver instead of sophos server and are scanned with clam / spamassassin. today i turned on the spamassassin / clam for the above 80 percent domains too and this started throwing qq reject errors on a large scale but randomly. spamassassin child-processes was set to 20 to handle the load i checked the log files for the last 30 days till yesterday and found that the same qq reject errors were present but very rarely ie 3 to 4 times on a single day (occasional high load ??) so it seems that this error comes up only when the load on the server is high, all take place when there are attachments. reading the thread you sent me, i am not sure whether it applies to my case but i can try out. # drwxr-x--- 2 clamav root 6 May 6 17:57 simscan/ changing this to the following fixed the problem: drwxr-s--- 2 clamav clamav 6 May 6 17:57 simscan/ ### should i just chown clamav.clamav simscan thanks rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: 24x7ser...@24x7server.net Sent: Thu, 31 Aug 2017 06:42:08 -0600 Subject: Have a look here, Rajesh, I'm not sure if it will help: https://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg40456.html On 8/31/2017 4:51 AM, Rajesh M wrote: > hi > > centos 6 64 bit > SpamAssassin version 3.3.2 > ClamAV 0.98.6/23745/Thu Aug 31 14:07:08 2017 > > we have a sophos antispam firewall which receives our emails and then routes > them to our mail server (qmailtoaster, dovecot, spamassassin, clam) > > in the mail server we had stopped spamassassin > > however due to some custom requirements by our clients we enabled the same > > however we get the following error when the load on the server is high on a > random basis. > > 2017-08-31 14:48:05.753994500 simscan: calling spamc > 2017-08-31 14:48:05.754001500 simscan: calling /usr/bin/spamc spamc > 2017-08-31 14:48:05.754010500 simscan: check_spam had an error ret: -1 > 2017-08-31 14:48:05.754101500 simscan: exit error code: 71 > 2017-08-31 14:48:05.754220500 qmail-smtpd: qq soft reject (mail server > temporarily rejected message (#4.3.0)): MAILFROM:<sunil.saharan@@.com> > RCPTTO:c...@.com > > > 2017-08-31 14:48:05.956137500 simscan: ripmime error > qmail-smtpd: qq soft reject (mail server temporarily rejected message > > > > if i disable simscan in tcp.smtp then errors do not take place. > > i enabled simscan debug and this is the result. > > 2017-08-31 14:48:05.956144500 qmail-smtpd: qq soft reject (mail server > temporarily rejected message (#4.3.0)): MAILFROM:<sunil.saha...@.com> > RCPTTO:inv1...@.net > > > clam=yes,spam=yes,spam_hits=30,spam_passthru=yes,attach=.ace:.arc:.arj:.b64:.bat:.bhx:.cab:.chm:.com:.cpl:.dll:.exe:.gz:.hqx:.hta:.inf:.ins:.iso:.isp:.jse:.lib:.lnk:.lzh:.mim:.msp:.mst:.pif:.reg:.scf:.scr:.sct:.shb:.shs:.sys:.taz:.tgz:.tz:.url:.uu:.uue:.vb:.vbe:.vbs:.wsc:.wsf:.wsh:.xxe:.docm:.z:.jar > 2017-08-31 14:48:05.746592500 simscan: pelookup clam = yes > 2017-08-31 14:48:05.746593500 simscan: pelookup spam = yes > 2017-08-31 14:48:05.746593500 simscan: pelookup spam_hits = 30 > 2017-08-31 14:48:05.746595500 simscan: Per Domain Hits set to : 30.00 > 2017-08-31 14:48:05.746595500 simscan: pelookup spam_passthru = yes > 2017-08-31 14:48:05.746596500 simscan: unimplemented flag spam_passthru = yes > 2017-08-31 14:48:05.746596500 simscan: pelookup attach = > .ace:.arc:.arj:.b64:.bat:.bhx:.cab:.chm:.com:.cpl:.dll:.exe:.gz:.hqx:.hta:.inf:.ins:.iso:.isp:.jse:.lib:.lnk:.lzh:.mim:.msp:.mst:.pif:.reg:.scf:.scr:.sct:.shb:.shs:.sys:.taz:.tgz:.tz:.url:.uu:.uue:.vb:.vbe:.vbs:.wsc:.wsf:.wsh:.xxe:.docm:.z:.jar > 2017-08-31 14:48:05.746599500 simscan: attachment flag attach = > .ace:.arc:.arj:.b64:.bat:.bhx:.cab:.chm:.com:.cpl:.dll:.exe:.gz:.hqx:.hta:.inf:.ins:.iso:.isp:.jse:.lib:.lnk:.lzh:.mim:.msp:.mst:.pif:.reg:.scf:.scr:.sct:.shb:.shs:.sys:.taz:.tgz:.tz:.url:.uu:.uue:.vb:.vbe:.vbs:.wsc:.wsf:.wsh:.xxe:.docm:.z:.jar > 2017-08-31 14:48:05.746602500 simscan: add_attach called with > .ace:.arc:.arj:.b64:.bat:.bhx:.cab:.chm:.com:.cpl:.dll:.exe:.gz:.hqx:.hta:.inf:.ins:.iso:.isp:.jse:.lib:.lnk:.lzh:.mim:.msp:.mst:.pif:.reg:.scf:.scr:.sct:.shb:.shs:.sys:.taz:.tgz:.tz:.url:.uu:.uue:.vb:.vbe:.vbs:.wsc:.wsf:.wsh:.xxe:.docm:.z:.jar > 2017-08-31 14:48:05.746606500 simscan: .ace is attachment number 0 > 2017-08-31 14:48:05.746607500 simscan: .arc is at
RE: Fwd: Re: [qmailtoaster] using dovecot seive
eric / still not able to get the routing done i don't use roundcube i manually create the .sieve folder and the dovecot.sieve in domain.com/user/Maildir folder what should the permissions be ? I receive no errors in the lda log file thanks rajesh my dovecot file. [root@ns1 dovecot]# dovecot -n # 2.2.25 (7be1766): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.15 (97b3da0) # OS: Linux 2.6.32-642.13.1.el6.x86_64 x86_64 CentOS release 6.7 (Final) auth_cache_negative_ttl = 0 auth_cache_ttl = 0 auth_mechanisms = plain login digest-md5 cram-md5 default_login_user = vpopmail disable_plaintext_auth = no first_valid_gid = 89 first_valid_uid = 89 log_path = /var/log/dovecot.log login_greeting = ready. mail_plugins = " quota" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext spamtest spamtestplus imapflags notify vnd.dovecot.duplicate namespace { inbox = yes location = prefix = separator = . type = private } passdb { args = cache_key=%u webmail=127.0.0.1 driver = vpopmail } plugin { quota = maildir:ignore=Trash quota_rule = ?:storage=0 sieve = ~/.sieve/dovecot.sieve sieve_before = /etc/dovecot/sieve/ sieve_dir = ~/.sieve sieve_extensions = +notify +imapflags +vnd.dovecot.duplicate +spamtest +spamtestplus +relational +comparator-i;ascii-numeric } protocols = imap pop3 sieve sendmail_path = /var/qmail/bin/sendmail service imap-login { process_min_avail = 12 service_count = 0 vsz_limit = 512 M } service imap { process_limit = 2048 process_min_avail = 50 service_count = 1 vsz_limit = 512 M } service managesieve-login { inet_listener sieve { port = 4190 } service_count = 1 vsz_limit = 64 M } service pop3-login { process_min_avail = 12 service_count = 0 vsz_limit = 512 M } service pop3 { process_limit = 256 process_min_avail = 25 service_count = 1 } ssl_cert = mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Wed, 30 Aug 2017 15:39:42 -0600 Subject: Rajesh, Not to but in, but it looks like with Remo's configuration  sieve = ~/.sieve/dovecot.sieve  sieve_dir = ~/.sieve you'll put your rule in /home/vpopmail/domains/your.domain/your.user/.sieve/dovecot.sieve Please correct if mistaken Eric On 8/30/2017 1:09 PM, Rajesh M wrote: > Hi remo > > i have dovecot lda working. i could see from the log files that email is > being delivered. > > now the next step is configuring custom delivery rules per user ie if email > is from a specific email id then copy to another email id. > > i have the following in the dovecot.sieve file. > > # rule:[globalpay-forwarder - move] > if anyof (header :contains "From""u...@xyz.com") { > redirect :copy"ad...@pqr.com"; > stop; > } > > question is where do i copy this file for every user who requires custom > rules. > > i read thru thehttps://wiki1.dovecot.org/LDA/Sieve/Dovecot > but found a bit confusing > > what changes do i need to make in the dovecot,conf file > > what should the permissions be for the per user script file > > thanks > rajesh > > > > > > - Original Message - > From: Remo Mattei [mailto:r...@mattei.org] > To:24x7ser...@24x7server.net > Sent: Tue, 29 Aug 2017 10:37:43 -0700 > Subject: > > # 2.2.24 (a82c823): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.4.14 (099a97c) > # OS: Linux 3.10.0-514.26.2.el7.x86_64 x86_64 CentOS Linux release > 7.3.1611 (Core) > auth_cache_size = 64 M > auth_mechanisms = plain login digest-md5 cram-md5 > default_client_limit = 100 > first_valid_gid = 89 > first_valid_uid = 89 > hostname = qmail7.italy1.com > log_path = /var/log/dovecot.log > login_greeting = Italy1 Mail ready. > mail_plugins = " quota" > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope > encoded-character vacation subaddress comparator-i;ascii-numeric > relational regex imap4flags copy include variables body enotify > environment mailbox date index ihave duplicate mime foreverypart > extracttext spamtest spamtestplus imapflags notify vnd.dovecot.duplicate > namespace { >  inbox = yes >  location = >  prefix = >  separator = . >  type = private > } > passdb { >  args = cache_key=%u webmail=127.0.0.1 >  driver = vpopmail > } > plugin { >  quota = maildir:ignore=Trash >  quota_rule = ?:storage=0 >  sieve = ~/.sieve/dovecot.sieve >  sieve_before = /etc/dovecot/sieve/ >  sieve_dir = ~/.sieve >  sieve_extensions = +notify +imapflag
[qmailtoaster] qq soft reject errors on high load
ile1 against .ace 2017-08-31 14:48:05.747446500 simscan: checking attachment textfile1 against .arc 2017-08-31 14:48:05.747446500 simscan: checking attachment textfile1 against .arj 2017-08-31 14:48:05.747447500 simscan: checking attachment textfile1 against .b64 2017-08-31 14:48:05.747447500 simscan: checking attachment textfile1 against .bat 2017-08-31 14:48:05.747448500 simscan: checking attachment textfile1 against .bhx 2017-08-31 14:48:05.747449500 simscan: checking attachment textfile1 against .cab 2017-08-31 14:48:05.747452500 simscan: checking attachment textfile1 against .chm 2017-08-31 14:48:05.747458500 simscan: checking attachment textfile1 against .com 2017-08-31 14:48:05.747459500 simscan: checking attachment textfile1 against .cpl 2017-08-31 14:48:05.747460500 simscan: checking attachment textfile1 against .dll 2017-08-31 14:48:05.747460500 simscan: checking attachment textfile1 against .exe 2017-08-31 14:48:05.747461500 simscan: checking attachment textfile1 against .gz 2017-08-31 14:48:05.747461500 simscan: checking attachment textfile1 against .hqx 2017-08-31 14:48:05.747465500 simscan: checking attachment textfile1 against .hta 2017-08-31 14:48:05.747466500 simscan: checking attachment textfile1 against .inf 2017-08-31 14:48:05.747467500 simscan: checking attachment textfile1 against .ins 2017-08-31 14:48:05.747467500 simscan: checking attachment textfile1 against .iso 2017-08-31 14:48:05.747468500 simscan: checking attachment textfile1 against .isp 2017-08-31 14:48:05.747469500 simscan: checking attachment textfile1 against .jse 2017-08-31 14:48:05.747477500 simscan: checking attachment textfile1 against .lib 2017-08-31 14:48:05.747477500 simscan: checking attachment textfile1 against .lnk 2017-08-31 14:48:05.747478500 simscan: checking attachment textfile1 against .lzh 2017-08-31 14:48:05.747478500 simscan: checking attachment textfile1 against .mim 2017-08-31 14:48:05.747478500 simscan: checking attachment textfile1 against .msp 2017-08-31 14:48:05.747479500 simscan: checking attachment textfile1 against .mst 2017-08-31 14:48:05.747481500 simscan: checking attachment textfile1 against .pif 2017-08-31 14:48:05.747482500 simscan: checking attachment textfile1 against .reg 2017-08-31 14:48:05.747485500 simscan: checking attachment textfile1 against .scf 2017-08-31 14:48:05.747486500 simscan: checking attachment textfile1 against .scr 2017-08-31 14:48:05.747486500 simscan: checking attachment textfile1 against .sct 2017-08-31 14:48:05.747487500 simscan: checking attachment textfile1 against .shb 2017-08-31 14:48:05.747487500 simscan: checking attachment textfile1 against .shs 2017-08-31 14:48:05.747487500 simscan: checking attachment textfile1 against .sys 2017-08-31 14:48:05.747489500 simscan: checking attachment textfile1 against .taz 2017-08-31 14:48:05.747490500 simscan: checking attachment textfile1 against .tgz 2017-08-31 14:48:05.747490500 simscan: checking attachment textfile1 against .tz 2017-08-31 14:48:05.747491500 simscan: checking attachment textfile1 against .url 2017-08-31 14:48:05.747491500 simscan: checking attachment textfile1 against .uu 2017-08-31 14:48:05.747491500 simscan: checking attachment textfile1 against .uue 2017-08-31 14:48:05.747493500 simscan: checking attachment textfile1 against .vb 2017-08-31 14:48:05.747494500 simscan: checking attachment textfile1 against .vbe 2017-08-31 14:48:05.747494500 simscan: checking attachment textfile1 against .vbs 2017-08-31 14:48:05.747495500 simscan: checking attachment textfile1 against .wsc 2017-08-31 14:48:05.747495500 simscan: checking attachment textfile1 against .wsf 2017-08-31 14:48:05.747495500 simscan: checking attachment textfile1 against .wsh 2017-08-31 14:48:05.747497500 simscan: checking attachment textfile1 against .xxe 2017-08-31 14:48:05.747501500 simscan: checking attachment textfile1 against .docm 2017-08-31 14:48:05.747502500 simscan: checking attachment textfile1 against .z 2017-08-31 14:48:05.747502500 simscan: checking attachment textfile1 against .jar 2017-08-31 14:48:05.747502500 simscan: cdb looking up version attach 2017-08-31 14:48:05.747503500 simscan: runned_scanners is attach: 1.4.0 2017-08-31 14:48:05.747503500 simscan: found 1.4.0 2017-08-31 14:48:05.747503500 simscan: calling clamdscan 2017-08-31 14:48:05.753721500 simscan: clamdscan: /var/qmail/simscan/1504171085.205836.36767: OK 2017-08-31 14:48:05.753754500 simscan: clamdscan: 2017-08-31 14:48:05.753754500 simscan: clamdscan: --- SCAN SUMMARY --- 2017-08-31 14:48:05.753768500 simscan: clamdscan: Infected files: 0 2017-08-31 14:48:05.753771500 simscan: clamdscan: Time: 0.004 sec (0 m 0 s) 2017-08-31 14:48:05.753957500 simscan: cdb looking up version clamav 2017-08-31 14:48:05.753968500 simscan: runned_scanners is attach: 1.4.0 clamav: 0.98.6/m: 2017-08-31 14:48:05.753969500 simscan: found 0.98.6/m: 2017-08-31 14:48:05.753974500 simscan: normal clamdscan return code: 0 2017
Re: [qmailtoaster] using dovecot seive
could you please share the dovecot -n rajesh - Original Message - From: Remo Mattei [mailto:r...@mattei.org] To: qmailtoaster-list@qmailtoaster.com,24x7ser...@24x7server.net Sent: Tue, 29 Aug 2017 09:42:37 -0700 Subject: Hello Rajesh, I have it running and it works fine. let me know if you have questions. I am swamped but I will try to help. Remo On 8/29/17 9:38 AM, Rajesh M wrote: > hi > > are there any step by step instructions for using dovecot sieve. > > i require this for conditional forwarding rules like if email is from user > a...@domain.com then forward email to specific email id. > > i checked out a few messages on the forum and also followed instructions here > https://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg40536.html > > but am still not successful. > > rajesh > > > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Change Default folder vpopmail
one more point in your rc.local #!/bin/sh # # This script will be executed *after* all the other init scripts. # You can put your own initialization stuff in here if you don't # want to do the full Sys V style init stuff. touch /var/lock/subsys/local ## to be added /etc/rc.d/init.d/dovecot stop /etc/rc.d/init.d/qmail stop /etc/rc.d/init.d/mysqld stop /bin/mount --bind /highcapacity /home/vpopmail/domains /etc/rc.d/init.d/mysqld start /etc/rc.d/init.d/qmail start /etc/rc.d/init.d/dovecot start ## rajesh - Original Message - From: Rajesh M [mailto:24x7ser...@24x7server.net] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 29 Aug 2017 21:51:00 +0530 Subject: stop qmail mysql dovecot spamassassin clam etc /bin/mount --bind/highcapacity/home/vpopmail/domains restart the above services create a sample domain ; testdomain.com and then check if folder is correctly created by dir /highcapacity dir /home/vpopmail/domains will also show the same folder. this is how we use you can even mount a one or more domain to another drive by /bin/mount --bind /highcapacity/largesizedomain.com /home/vpopmail/domains/largesizedomain.com we use in the above manner rajesh - Original Message - From: Agni Isador H [mailto:agniisa...@gmail.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 29 Aug 2017 23:10:37 +0700 Subject: Dear All, Need your help, how to change default folder vpopmail to the other folder, because i want to use the other centos with high capacity disk. Thanks. regards, Agni Isador H - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] using dovecot seive
hi are there any step by step instructions for using dovecot sieve. i require this for conditional forwarding rules like if email is from user a...@domain.com then forward email to specific email id. i checked out a few messages on the forum and also followed instructions here https://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg40536.html but am still not successful. rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] blocking phishing spam
hi we are constantly getting spam which has the following in the body of the email dear u...@domain.com where u...@domain.com is the mailto email id ie our customer's email id is there a way to mark emails containing the mailto email id in the body of the email as spam ? normal email communications never has such a scenario. rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] spamming on server
thanks all figured this out. i had recently updated qmail and it reinstalled sendmail binary. i have removed this and also taken necessary precautions for tracking the culprits rajesh - Original Message - From: Jaime Lerner [mailto:jaimeler...@geekgoddess.com] To: qmailtoaster-list@qmailtoaster.com Sent: Wed, 16 Aug 2017 09:25:09 -0400 Subject: My guess is the spammer is using php's mail() function and you have your server set up so the mail function goes into qmail rather than something else. As long as you have your localhost allowed (as you do), any script using the local mail() function will have full access. From: Rajesh M <24x7ser...@24x7server.net> Reply-To: <qmailtoaster-list@qmailtoaster.com> Date: Wednesday, August 16, 2017 at 9:22 AM To: <qmailtoaster-list@qmailtoaster.com> Subject: [qmailtoaster] spamming on server hi i have a few websites along with qmailtoaster i noted that one of the websites with wordpress was hacked and using a php script the spammer was injecting emails into the qmail queue ie there is nothing in the smtp logs, but the send logs contained 1000s of remote delivery entries. i use squirrelmail but with smtp authentication only, ie email sent to external domains from my server has to smtp authenticate first. my tcp.smtp is as follows 127.0.0.1:allow :allow,BADMIMETYPE="",QMAILQUEUE="/var/qmail/bin/simscan",BADLOADERTYPE="M", CHKUSER_START="ALWAYS", CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1", DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/q mail/control/domainkeys/%/private" how could the spammer directly inject email to the qmail queue ? what am i missing here ? thanks rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] spamming on server
hi i have a few websites along with qmailtoaster i noted that one of the websites with wordpress was hacked and using a php script the spammer was injecting emails into the qmail queue ie there is nothing in the smtp logs, but the send logs contained 1000s of remote delivery entries. i use squirrelmail but with smtp authentication only, ie email sent to external domains from my server has to smtp authenticate first. my tcp.smtp is as follows 127.0.0.1:allow :allow,BADMIMETYPE="",QMAILQUEUE="/var/qmail/bin/simscan",BADLOADERTYPE="M",CHKUSER_START="ALWAYS", CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1", DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private" how could the spammer directly inject email to the qmail queue ? what am i missing here ? thanks rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] statistics for qmailtoaster
eric i need to generate stats for emails rejected by rbl, antivirus and spamassassin i am starting out with spamassassin. is there any ready script to process /var/log/spamd.log rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] message sending fails in outlook
eric i have a specific scenario which is relevant only when outlook is used outlook, in some rare cases, adds quotes and arrow brackets to the beginning and end of email ids while saving to the local address book . Please see example below. When the sender sends an email to accou...@abc.net, there is a single quote at the end which is also considered as a part of the email id by qmail and hence is rejected <'accou...@abc.net'>: Sorry, I couldn't find any host named abc.net'. (#5.1.2) how do i resolve this, ie qmail should trim arrow brackets and single quotes from both ends. thanks rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: Re[2]: [qmailtoaster] detect macros in ms documents
hi, i have implemented this plugin in all my production machines and it works smoothly with no noticeable cpu overhead. anything document that downloads from a third partly location or calls the shell command is automatically detected as a virus whether a malware/virus is involved or not ... which is exactly what is required. i created a "safe" macro word document which downloads a harmless file and the same was detected and rejected by the plugin. many many thanks to person who developed this plugin. rajesh - Original Message - From: Rajesh M [mailto:24x7ser...@24x7server.net] To: ebr...@whitehorsetc.com,qmailtoaster-list@qmailtoaster.com Sent: Sun, 6 Aug 2017 10:24:50 +0530 Subject: eric have implemented this in my production machines. it seems to be working correctly. will revert after a few days. thank you, rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Sat, 05 Aug 2017 07:21:41 + Subject: Sorry, didn't see the other files # yum install perl-Archive-Zip # yum install perl-IO-String # cd /etc/spamassassin (or your spamassassin directory) # wget -O ./OLEMacro.pm https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pm # wget -O ./OLEMacro.cf https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.cf # wget -O ./OLEMacro.pre https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pre # vi local.cf Add: include OLEMacro.cf Save # spamassassin --lint -D Look for OLE -- Original Message -- From: "Eric Broch" <ebr...@whitehorsetc.com> To: qmailtoaster-list@qmailtoaster.com Sent: 8/5/2017 12:44:12 AM Subject: Re: [qmailtoaster] detect macros in ms documents >Rajesh, > >I don't use it but wouldn't it be easy to apply? > ># wget -O >/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm >https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pm > ># chmod 444 >/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm > >Add the below line to /etc/spamassassin/local.cf > >loadplugin Mail::SpamAssassin::Plugin::OLEMacro > ># spamassassin --lint -D &> sadump.txt > >search sadump.txt for OLEMacro > >Eric > > >-- Original Message -- >From: "Rajesh M" <24x7ser...@24x7server.net> >To: qmailtoaster-list@qmailtoaster.com >Sent: 8/4/2017 10:57:35 PM >Subject: [qmailtoaster] detect macros in ms documents > >>hi >> >>there are rising number of incidences with ms .doc and .xls being >>transmitted with embedded macro virus >> >>i found a tool here which will detect such files containing macro >>virus and mark them as spam >>https://github.com/fmbla/spamassassin-olemacro/blob/master/OLEMacro.pm >> >>i dont wish rely on antivirus -- in the last incident sophos, >>kaspersky (i am seeing it fail for the first time) and clam did not >>detect it. >> >>does anybody use the above spamassassin module or something equivalent >>? >> >>rajesh >> >> - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: Re[2]: [qmailtoaster] detect macros in ms documents
eric have implemented this in my production machines. it seems to be working correctly. will revert after a few days. thank you, rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Sat, 05 Aug 2017 07:21:41 + Subject: Sorry, didn't see the other files # yum install perl-Archive-Zip # yum install perl-IO-String # cd /etc/spamassassin (or your spamassassin directory) # wget -O ./OLEMacro.pm https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pm # wget -O ./OLEMacro.cf https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.cf # wget -O ./OLEMacro.pre https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pre # vi local.cf Add: include OLEMacro.cf Save # spamassassin --lint -D Look for OLE -- Original Message -- From: "Eric Broch" <ebr...@whitehorsetc.com> To: qmailtoaster-list@qmailtoaster.com Sent: 8/5/2017 12:44:12 AM Subject: Re: [qmailtoaster] detect macros in ms documents >Rajesh, > >I don't use it but wouldn't it be easy to apply? > ># wget -O >/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm >https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pm > ># chmod 444 >/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm > >Add the below line to /etc/spamassassin/local.cf > >loadplugin Mail::SpamAssassin::Plugin::OLEMacro > ># spamassassin --lint -D &> sadump.txt > >search sadump.txt for OLEMacro > >Eric > > >-- Original Message -- >From: "Rajesh M" <24x7ser...@24x7server.net> >To: qmailtoaster-list@qmailtoaster.com >Sent: 8/4/2017 10:57:35 PM >Subject: [qmailtoaster] detect macros in ms documents > >>hi >> >>there are rising number of incidences with ms .doc and .xls being >>transmitted with embedded macro virus >> >>i found a tool here which will detect such files containing macro >>virus and mark them as spam >>https://github.com/fmbla/spamassassin-olemacro/blob/master/OLEMacro.pm >> >>i dont wish rely on antivirus -- in the last incident sophos, >>kaspersky (i am seeing it fail for the first time) and clam did not >>detect it. >> >>does anybody use the above spamassassin module or something equivalent >>? >> >>rajesh >> >> - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] detect macros in ms documents
hi there are rising number of incidences with ms .doc and .xls being transmitted with embedded macro virus i found a tool here which will detect such files containing macro virus and mark them as spam https://github.com/fmbla/spamassassin-olemacro/blob/master/OLEMacro.pm i dont wish rely on antivirus -- in the last incident sophos, kaspersky (i am seeing it fail for the first time) and clam did not detect it. does anybody use the above spamassassin module or something equivalent ? rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] lot of cname lookup failed
eric thanks a lot yes i am running qmailtoaster on centos6 now the next question is how do i patch ? would need detailed steps please so that i don't go wrong anywhere regds rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Thu, 20 Apr 2017 09:27:25 -0600 Subject: Hi Rajesh, I think you're still running QMT/CentOS 6, correct? If so, I've uploaded a qmail update <ftp://ftp.qmailtoaster.com/pub/repo/qmt/CentOS/6/testing/x86_64/qmail-1.03-1.qt.el6.x86_64.rpm> to the QMT/CentOS 6 repository that incorporates the DNS patch you referenced (any-to-cname.patch) and the starttls flush io patch <http://www.kb.cert.org/vuls/id/555316> which I've been derelict in implementing. It has not been tested. If you do install it and something goes wrong, it most likely won't, you can always downgrade which I've been doing regularly with success (of late) on CentOS 7 with qmail while testing other patches. Be mindful that I haven't downgraded on CentOS 6 The patch (below) has relatively minor, yet very helpful, coding changes. Eric diff -uNr qmtqmail-1.03/dns.c qmtqmail-1.03-new/dns.c --- qmtqmail-1.03/dns.c 2017-04-20 08:54:53.142832827 -0600 +++ qmtqmail-1.03-new/dns.c 2017-04-20 08:59:46.309633810 -0600 @@ -256,7 +256,7 @@ if (!sa->len) return loop; if (sa->s[sa->len - 1] == ']') return loop; if (sa->s[sa->len - 1] == '.') { --sa->len; continue; } - switch(resolve(sa,T_ANY)) + switch(resolve(sa,T_CNAME)) { case DNS_MEM: return DNS_MEM; case DNS_SOFT: return DNS_SOFT; diff -uNr qmtqmail-1.03/qmail-smtpd.c qmtqmail-1.03-new/qmail-smtpd.c --- qmtqmail-1.03/qmail-smtpd.c 2017-04-20 08:54:52.848840048 -0600 +++ qmtqmail-1.03-new/qmail-smtpd.c 2017-04-20 08:58:23.299671749 -0600 @@ -723,7 +723,9 @@ char ssinbuf[1024]; substdio ssin = SUBSTDIO_FDBUF(saferead,0,ssinbuf,sizeof ssinbuf); - +#ifdef TLS +void flush_io() { ssin.p = 0; flush(); } +#endif stralloc line = {0}; stralloc base64types = {0}; @@ -1398,7 +1400,7 @@ , { "rset", smtp_rset, 0 } , { "help", smtp_help, flush } #ifdef TLS -, { "starttls", smtp_tls, flush } +, { "starttls", smtp_tls, flush_io } #endif , { "noop", err_noop, flush } , { "vrfy", err_vrfy, flush } On 4/20/2017 1:12 AM, Rajesh M wrote: > hi eric > > we are receiving a lot of cname lookup failed. > > this happens on a random basis on all our qmailtoaster servers. > > our resolv.conf contains > > 127.0.0.1 > 8.8.8.8 > 8.8.4.4 > > we use bind locally within the mail server and google's dns which is also set > as cache records and allow lookups from local ips only. > > Had a quick question > > there are supposedly two different patches. > > https://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg35981.html > > is qmailtoaster on whitehorse patched with both these two patches related to > dns.? > > DNS-related Patches by Jonathan de Boyne Pollard > http://www.memoryhole.net/qmail/any-to-cname.patch > > thanks > rajesh > > > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Eric Broch, IMSO, DAM, NGOO, DITH, URTS White Horse Technical Consulting (WHTC) - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] lot of cname lookup failed
hi eric we are receiving a lot of cname lookup failed. this happens on a random basis on all our qmailtoaster servers. our resolv.conf contains 127.0.0.1 8.8.8.8 8.8.4.4 we use bind locally within the mail server and google's dns which is also set as cache records and allow lookups from local ips only. Had a quick question there are supposedly two different patches. https://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg35981.html is qmailtoaster on whitehorse patched with both these two patches related to dns.? DNS-related Patches by Jonathan de Boyne Pollard http://www.memoryhole.net/qmail/any-to-cname.patch thanks rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] ssl/tls for iphones and mac
hi we recently purchased wildcard ssl for our mailserver and updated our servercert.pem file with rsa key and the certificates (domain certs and the chain) *.myhostname.com problem installing the ssl, iphones and macbooks are giving message that : certificate cannot be verified. found out that iphones and mac use ssl/tls only and not starttls. i configured slsl/tls using the following steps http://wiki.qmailtoaster.com/index.php/SSL 1) Stop qmail: # service qmail stop 2) Create the supervise directories for smtps # mkdir -p /var/qmail/supervise/smtp-ssl/supervise /var/qmail/supervise/smtp-ssl/log/supervise" 3) Create a file named /var/qmail/supervise/smtp-ssl/run containing: #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` SMTPD="/var/qmail/bin/qmail-smtpd" TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb" HOSTNAME=`hostname` VCHKPW="/home/vpopmail/bin/vchkpw" export SMTPS=1 exec /usr/bin/softlimit -m 1200 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 465 \ $SMTPD $VCHKPW /bin/true 2>&1 4) Create a file named /var/qmail/supervise/smtp-ssl/log/run containing: #!/bin/sh LOGSIZE=`cat /var/qmail/control/logsize` LOGCOUNT=`cat /var/qmail/control/logcount` exec /usr/bin/setuidgid qmaill /usr/bin/multilog \ t s$LOGSIZE n$LOGCOUNT /var/log/qmail/smtp-ssl 2>&1 5) Execute the following commands: # chmod +x /var/qmail/supervise/smtp-ssl/run /var/qmail/supervise/smtp-ssl/log/run # chown -R qmaill:qmail /var/qmail/supervise/smtp-ssl 6) Start qmail: # service qmail start 7) Open port tcp/465 in firewall if necessary. 8) Configure the client to use smtp-ssl via port 465. now my worry is that i need to provide for smtp authentication also for outgoing messages i tried adding export REQUIRE_AUTH=1 after export SMTPS=1, in the run file but it does not work. help required please thanks rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] notlshosts
eric purchased a digital cert on my hostname still does not work. so it does not seem a ssl cert related issue. surprisingly --- 2 of the domains (smtp.hp.com and smtp.hpe.com) have started working from all the servers. however mx02.emas.dbschenker.com still does not work (dbschenker.com) something really weird. rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 4 Apr 2017 22:29:35 -0600 Subject: Rajesh, Do you think the remote servers require a certificate signed by a certificate authority (rather than self-signed)? I had to get one so that some client's phones could connect to my qmailtoasters. Eric On 4/4/2017 9:16 PM, Rajesh M wrote: > hi > > i am getting problems sending emails to specific domains > > i wish to enable notlshosts for such domain > > saw the wiki but not much use > http://wiki.qmailtoaster.com/index.php/Notlshosts/FQDN > > saw a few examples in qmail forum but am not clear on the instructions. > > i require the detailed steps please. > > thanks > rajesh > > > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Eric Broch, IMSO, DAM, NGOO, DITH, URTS White Horse Technical Consulting (WHTC) - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] notlshosts
eric i will give this a try and revert these servers were accepting emails perfectly just 10 days ago and all of a sudden issues cropped up. rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 4 Apr 2017 22:29:35 -0600 Subject: Rajesh, Do you think the remote servers require a certificate signed by a certificate authority (rather than self-signed)? I had to get one so that some client's phones could connect to my qmailtoasters. Eric On 4/4/2017 9:16 PM, Rajesh M wrote: > hi > > i am getting problems sending emails to specific domains > > i wish to enable notlshosts for such domain > > saw the wiki but not much use > http://wiki.qmailtoaster.com/index.php/Notlshosts/FQDN > > saw a few examples in qmail forum but am not clear on the instructions. > > i require the detailed steps please. > > thanks > rajesh > > > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Eric Broch, IMSO, DAM, NGOO, DITH, URTS White Horse Technical Consulting (WHTC) - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] notlshosts
eric i followed these instructions and it worked. the only problem is permissions. it works only if give 777 permissions. thanks for your timely help. however need to find out exact user/group and permissions. tried giving ownership as root:qmail and rw-r-r permissions like other control files but did not work. any clues ? rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 4 Apr 2017 22:02:16 -0600 Subject: Good documentation here as well https://talk.plesk.com/threads/plesk-12-odin-script-to-disable-sslv3-problems.333574/ On 4/4/2017 9:16 PM, Rajesh M wrote: > hi > > i am getting problems sending emails to specific domains > > i wish to enable notlshosts for such domain > > saw the wiki but not much use > http://wiki.qmailtoaster.com/index.php/Notlshosts/FQDN > > saw a few examples in qmail forum but am not clear on the instructions. > > i require the detailed steps please. > > thanks > rajesh > > > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Eric Broch, IMSO, DAM, NGOO, DITH, URTS White Horse Technical Consulting (WHTC) - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] notlshosts
hi i am getting problems sending emails to specific domains i wish to enable notlshosts for such domain saw the wiki but not much use http://wiki.qmailtoaster.com/index.php/Notlshosts/FQDN saw a few examples in qmail forum but am not clear on the instructions. i require the detailed steps please. thanks rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] TLS connect failed: timed out
eric that is what is did. first stop wait for a minute and then start. rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 4 Apr 2017 08:35:13 -0600 Subject: There is a difference between restart and stop/start. Try a stop/start. On 4/4/2017 8:33 AM, Rajesh M wrote: > eric > > yes, i restarted qmail. > > rajesh > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Tue, 4 Apr 2017 06:14:59 -0600 > Subject: > > Rajesh, > > Did you (restart) > > # qmailctl restart > > or > > (stop/start) > > # qmailctl stop > > # qmailctl start > > ? > > Eric > > > On 4/4/2017 12:13 AM, Rajesh M wrote: >> eric >> >> here are the details >> >> [root@ns1 control]# openssl version >> OpenSSL 1.0.1e-fips 11 Feb 2013 >> >> [root@ns1 control]# openssl s_client -starttls smtp -no_ssl3 -no_ssl2 >> -cipher "AES256-SHA" -debug -msg -connect mx01.emas.dbschenker.com:25 >> CONNECTED(0003) >> read from 0x1777e10 [0x17b9ae0] (4096 bytes => 75 (0x4B)) >> - 32 32 30 20 6d 74 61 31-31 2e 65 6d 61 73 2e 64 220 mta11.emas.d >> 0010 - 62 73 63 68 65 6e 6b 65-72 2e 63 6f 6d 20 45 53 bschenker.com ES >> 0020 - 4d 54 50 20 53 6d 74 70-64 3b 20 54 75 65 2c 20 MTP Smtpd; Tue, >> 0030 - 34 20 41 70 72 20 32 30-31 37 20 30 38 3a 31 32 4 Apr 2017 08:12 >> 0040 - 3a 33 30 20 2b 30 32 30-30 0d 0a :30 +0200.. >> write to 0x1777e10 [0x17baaf0] (25 bytes => 25 (0x19)) >> - 45 48 4c 4f 20 6f 70 65-6e 73 73 6c 2e 63 6c 69 EHLO openssl.cli >> 0010 - 65 6e 74 2e 6e 65 74 0d-0aent.net.. >> read from 0x1777e10 [0x17b9ae0] (4096 bytes => 230 (0xE6)) >> - 32 35 30 2d 6d 74 61 31-31 2e 65 6d 61 73 2e 64 250-mta11.emas.d >> 0010 - 62 73 63 68 65 6e 6b 65-72 2e 63 6f 6d 20 48 65 bschenker.com He >> 0020 - 6c 6c 6f 20 6e 73 31 2e-61 61 61 6f 6e 6c 69 6e llo ns1.aaaonlin >> 0030 - 75 78 2e 63 6f 6d 20 5b-31 30 33 2e 32 34 31 2e ux.com [103.241. >> 0040 - 31 38 31 2e 31 33 37 5d-2c 20 70 6c 65 61 73 65 181.137], please >> 0050 - 64 20 74 6f 20 6d 65 65-74 20 79 6f 75 0d 0a 32 d to meet you..2 >> 0060 - 35 30 2d 45 4e 48 41 4e-43 45 44 53 54 41 54 55 50-ENHANCEDSTATU >> 0070 - 53 43 4f 44 45 53 0d 0a-32 35 30 2d 50 49 50 45 SCODES..250-PIPE >> 0080 - 4c 49 4e 49 4e 47 0d 0a-32 35 30 2d 38 42 49 54 LINING..250-8BIT >> 0090 - 4d 49 4d 45 0d 0a 32 35-30 2d 53 49 5a 45 20 32 MIME..250-SIZE 2 >> 00a0 - 36 32 31 34 34 30 30 0d-0a 32 35 30 2d 41 55 54 6214400..250-AUT >> 00b0 - 48 20 4c 4f 47 49 4e 20-50 4c 41 49 4e 0d 0a 32 H LOGIN PLAIN..2 >> 00c0 - 35 30 2d 53 54 41 52 54-54 4c 53 0d 0a 32 35 30 50-STARTTLS..250 >> 00d0 - 2d 44 45 4c 49 56 45 52-42 59 0d 0a 32 35 30 20 -DELIVERBY..250 >> 00e0 - 48 45 4c 50 0d 0a HELP.. >> write to 0x1777e10 [0x7ffd0b0c4880] (10 bytes => 10 (0xA)) >> - 53 54 41 52 54 54 4c 53-0d 0a STARTTLS.. >> read from 0x1777e10 [0x16aad00] (8192 bytes => 30 (0x1E)) >> - 32 32 30 20 32 2e 30 2e-30 20 52 65 61 64 79 20 220 2.0.0 Ready >> 0010 - 74 6f 20 73 74 61 72 74-20 54 4c 53 0d 0a to start TLS.. >> write to 0x1777e10 [0x17b9ae0] (99 bytes => 99 (0x63)) >> - 16 03 01 00 5e 01 00 00-5a 03 03 58 e3 38 52 5c ^...Z..X.8R\ >> 0010 - d3 37 8b 23 86 92 e6 63-2f e7 dd f9 ed 42 df 2b .7.#...c/B.+ >> 0020 - 45 51 06 1e f2 f3 38 b1-36 c7 d4 00 00 04 00 35 EQ8.6..5 >> 0030 - 00 ff 01 00 00 2d 00 23-00 00 00 0d 00 20 00 1e .-.#. .. >> 0040 - 06 01 06 02 06 03 05 01-05 02 05 03 04 01 04 02 >> 0050 - 04 03 03 01 03 02 03 03-02 01 02 02 02 03 00 0f >> 0060 - 00 01 01 ... >>>>> TLS 1.2 Handshake [length 005e], ClientHello >> 01 00 00 5a 03 03 58 e3 38 52 5c d3 37 8b 23 86 >> 92 e6 63 2f e7 dd f9 ed 42 df 2b 45 51 06 1e f2 >> f3 38 b1 36 c7 d4 00 00 04 00 35 00 ff 01 00 00 >> 2d 00 23 00 00 00 0d 00 20 00 1e 06 01 06 02 06 >> 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 >> 02 03 03 02 01 02 02 02 03 00 0f 00 01 01 >> >> >> thank you, >> rajesh >> >> - Original Message - >> From: Eric Broch [mailto:ebr...@whitehorsetc.com] >> To: qmailtoaster-list@qmailtoaster.com >> Sent: Tue, 4 Apr 2017 00:09:04 -0600 >> Subject: >> >> Also run command with -de
Re: [qmailtoaster] TLS connect failed: timed out
eric yes, i restarted qmail. rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 4 Apr 2017 06:14:59 -0600 Subject: Rajesh, Did you (restart) # qmailctl restart or (stop/start) # qmailctl stop # qmailctl start ? Eric On 4/4/2017 12:13 AM, Rajesh M wrote: > eric > > here are the details > > [root@ns1 control]# openssl version > OpenSSL 1.0.1e-fips 11 Feb 2013 > > [root@ns1 control]# openssl s_client -starttls smtp -no_ssl3 -no_ssl2 > -cipher "AES256-SHA" -debug -msg -connect mx01.emas.dbschenker.com:25 > CONNECTED(0003) > read from 0x1777e10 [0x17b9ae0] (4096 bytes => 75 (0x4B)) > - 32 32 30 20 6d 74 61 31-31 2e 65 6d 61 73 2e 64 220 mta11.emas.d > 0010 - 62 73 63 68 65 6e 6b 65-72 2e 63 6f 6d 20 45 53 bschenker.com ES > 0020 - 4d 54 50 20 53 6d 74 70-64 3b 20 54 75 65 2c 20 MTP Smtpd; Tue, > 0030 - 34 20 41 70 72 20 32 30-31 37 20 30 38 3a 31 32 4 Apr 2017 08:12 > 0040 - 3a 33 30 20 2b 30 32 30-30 0d 0a :30 +0200.. > write to 0x1777e10 [0x17baaf0] (25 bytes => 25 (0x19)) > - 45 48 4c 4f 20 6f 70 65-6e 73 73 6c 2e 63 6c 69 EHLO openssl.cli > 0010 - 65 6e 74 2e 6e 65 74 0d-0aent.net.. > read from 0x1777e10 [0x17b9ae0] (4096 bytes => 230 (0xE6)) > - 32 35 30 2d 6d 74 61 31-31 2e 65 6d 61 73 2e 64 250-mta11.emas.d > 0010 - 62 73 63 68 65 6e 6b 65-72 2e 63 6f 6d 20 48 65 bschenker.com He > 0020 - 6c 6c 6f 20 6e 73 31 2e-61 61 61 6f 6e 6c 69 6e llo ns1.aaaonlin > 0030 - 75 78 2e 63 6f 6d 20 5b-31 30 33 2e 32 34 31 2e ux.com [103.241. > 0040 - 31 38 31 2e 31 33 37 5d-2c 20 70 6c 65 61 73 65 181.137], please > 0050 - 64 20 74 6f 20 6d 65 65-74 20 79 6f 75 0d 0a 32 d to meet you..2 > 0060 - 35 30 2d 45 4e 48 41 4e-43 45 44 53 54 41 54 55 50-ENHANCEDSTATU > 0070 - 53 43 4f 44 45 53 0d 0a-32 35 30 2d 50 49 50 45 SCODES..250-PIPE > 0080 - 4c 49 4e 49 4e 47 0d 0a-32 35 30 2d 38 42 49 54 LINING..250-8BIT > 0090 - 4d 49 4d 45 0d 0a 32 35-30 2d 53 49 5a 45 20 32 MIME..250-SIZE 2 > 00a0 - 36 32 31 34 34 30 30 0d-0a 32 35 30 2d 41 55 54 6214400..250-AUT > 00b0 - 48 20 4c 4f 47 49 4e 20-50 4c 41 49 4e 0d 0a 32 H LOGIN PLAIN..2 > 00c0 - 35 30 2d 53 54 41 52 54-54 4c 53 0d 0a 32 35 30 50-STARTTLS..250 > 00d0 - 2d 44 45 4c 49 56 45 52-42 59 0d 0a 32 35 30 20 -DELIVERBY..250 > 00e0 - 48 45 4c 50 0d 0a HELP.. > write to 0x1777e10 [0x7ffd0b0c4880] (10 bytes => 10 (0xA)) > - 53 54 41 52 54 54 4c 53-0d 0a STARTTLS.. > read from 0x1777e10 [0x16aad00] (8192 bytes => 30 (0x1E)) > - 32 32 30 20 32 2e 30 2e-30 20 52 65 61 64 79 20 220 2.0.0 Ready > 0010 - 74 6f 20 73 74 61 72 74-20 54 4c 53 0d 0a to start TLS.. > write to 0x1777e10 [0x17b9ae0] (99 bytes => 99 (0x63)) > - 16 03 01 00 5e 01 00 00-5a 03 03 58 e3 38 52 5c ^...Z..X.8R\ > 0010 - d3 37 8b 23 86 92 e6 63-2f e7 dd f9 ed 42 df 2b .7.#...c/B.+ > 0020 - 45 51 06 1e f2 f3 38 b1-36 c7 d4 00 00 04 00 35 EQ8.6..5 > 0030 - 00 ff 01 00 00 2d 00 23-00 00 00 0d 00 20 00 1e .-.#. .. > 0040 - 06 01 06 02 06 03 05 01-05 02 05 03 04 01 04 02 > 0050 - 04 03 03 01 03 02 03 03-02 01 02 02 02 03 00 0f > 0060 - 00 01 01 ... >>>> TLS 1.2 Handshake [length 005e], ClientHello > 01 00 00 5a 03 03 58 e3 38 52 5c d3 37 8b 23 86 > 92 e6 63 2f e7 dd f9 ed 42 df 2b 45 51 06 1e f2 > f3 38 b1 36 c7 d4 00 00 04 00 35 00 ff 01 00 00 > 2d 00 23 00 00 00 0d 00 20 00 1e 06 01 06 02 06 > 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 > 02 03 03 02 01 02 02 02 03 00 0f 00 01 01 > > > thank you, > rajesh > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Tue, 4 Apr 2017 00:09:04 -0600 > Subject: > > Also run command with -debug and -msg options in red below. > > # openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher > "AES256-SHA" -debug -msg -connect mx01.emas.dbschenker.com:25 > > > On 4/4/2017 12:03 AM, Eric Broch wrote: >> Rajesh, >> >> Please disregard my last question (Does it connect and get full cert >> details if you use IP address?). >> >> "here too, the issue is server side. My mail server is not able to >> connect to the mail server of hpe.com and send the emails of my clients" >> >> Your server is acting as a client in this case by initiating a TLS >> connection to the domains in question...to deliver mail, correct? Do >> you have settings in one
Re: [qmailtoaster] TLS connect failed: timed out
eric here are the details [root@ns1 control]# openssl version OpenSSL 1.0.1e-fips 11 Feb 2013 [root@ns1 control]# openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher "AES256-SHA" -debug -msg -connect mx01.emas.dbschenker.com:25 CONNECTED(0003) read from 0x1777e10 [0x17b9ae0] (4096 bytes => 75 (0x4B)) - 32 32 30 20 6d 74 61 31-31 2e 65 6d 61 73 2e 64 220 mta11.emas.d 0010 - 62 73 63 68 65 6e 6b 65-72 2e 63 6f 6d 20 45 53 bschenker.com ES 0020 - 4d 54 50 20 53 6d 74 70-64 3b 20 54 75 65 2c 20 MTP Smtpd; Tue, 0030 - 34 20 41 70 72 20 32 30-31 37 20 30 38 3a 31 32 4 Apr 2017 08:12 0040 - 3a 33 30 20 2b 30 32 30-30 0d 0a :30 +0200.. write to 0x1777e10 [0x17baaf0] (25 bytes => 25 (0x19)) - 45 48 4c 4f 20 6f 70 65-6e 73 73 6c 2e 63 6c 69 EHLO openssl.cli 0010 - 65 6e 74 2e 6e 65 74 0d-0aent.net.. read from 0x1777e10 [0x17b9ae0] (4096 bytes => 230 (0xE6)) - 32 35 30 2d 6d 74 61 31-31 2e 65 6d 61 73 2e 64 250-mta11.emas.d 0010 - 62 73 63 68 65 6e 6b 65-72 2e 63 6f 6d 20 48 65 bschenker.com He 0020 - 6c 6c 6f 20 6e 73 31 2e-61 61 61 6f 6e 6c 69 6e llo ns1.aaaonlin 0030 - 75 78 2e 63 6f 6d 20 5b-31 30 33 2e 32 34 31 2e ux.com [103.241. 0040 - 31 38 31 2e 31 33 37 5d-2c 20 70 6c 65 61 73 65 181.137], please 0050 - 64 20 74 6f 20 6d 65 65-74 20 79 6f 75 0d 0a 32 d to meet you..2 0060 - 35 30 2d 45 4e 48 41 4e-43 45 44 53 54 41 54 55 50-ENHANCEDSTATU 0070 - 53 43 4f 44 45 53 0d 0a-32 35 30 2d 50 49 50 45 SCODES..250-PIPE 0080 - 4c 49 4e 49 4e 47 0d 0a-32 35 30 2d 38 42 49 54 LINING..250-8BIT 0090 - 4d 49 4d 45 0d 0a 32 35-30 2d 53 49 5a 45 20 32 MIME..250-SIZE 2 00a0 - 36 32 31 34 34 30 30 0d-0a 32 35 30 2d 41 55 54 6214400..250-AUT 00b0 - 48 20 4c 4f 47 49 4e 20-50 4c 41 49 4e 0d 0a 32 H LOGIN PLAIN..2 00c0 - 35 30 2d 53 54 41 52 54-54 4c 53 0d 0a 32 35 30 50-STARTTLS..250 00d0 - 2d 44 45 4c 49 56 45 52-42 59 0d 0a 32 35 30 20 -DELIVERBY..250 00e0 - 48 45 4c 50 0d 0a HELP.. write to 0x1777e10 [0x7ffd0b0c4880] (10 bytes => 10 (0xA)) - 53 54 41 52 54 54 4c 53-0d 0a STARTTLS.. read from 0x1777e10 [0x16aad00] (8192 bytes => 30 (0x1E)) - 32 32 30 20 32 2e 30 2e-30 20 52 65 61 64 79 20 220 2.0.0 Ready 0010 - 74 6f 20 73 74 61 72 74-20 54 4c 53 0d 0a to start TLS.. write to 0x1777e10 [0x17b9ae0] (99 bytes => 99 (0x63)) - 16 03 01 00 5e 01 00 00-5a 03 03 58 e3 38 52 5c ^...Z..X.8R\ 0010 - d3 37 8b 23 86 92 e6 63-2f e7 dd f9 ed 42 df 2b .7.#...c/B.+ 0020 - 45 51 06 1e f2 f3 38 b1-36 c7 d4 00 00 04 00 35 EQ8.6..5 0030 - 00 ff 01 00 00 2d 00 23-00 00 00 0d 00 20 00 1e .-.#. .. 0040 - 06 01 06 02 06 03 05 01-05 02 05 03 04 01 04 02 0050 - 04 03 03 01 03 02 03 03-02 01 02 02 02 03 00 0f 0060 - 00 01 01 ... >>> TLS 1.2 Handshake [length 005e], ClientHello 01 00 00 5a 03 03 58 e3 38 52 5c d3 37 8b 23 86 92 e6 63 2f e7 dd f9 ed 42 df 2b 45 51 06 1e f2 f3 38 b1 36 c7 d4 00 00 04 00 35 00 ff 01 00 00 2d 00 23 00 00 00 0d 00 20 00 1e 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 00 0f 00 01 01 thank you, rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 4 Apr 2017 00:09:04 -0600 Subject: Also run command with -debug and -msg options in red below. # openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher "AES256-SHA" -debug -msg -connect mx01.emas.dbschenker.com:25 On 4/4/2017 12:03 AM, Eric Broch wrote: > Rajesh, > > Please disregard my last question (Does it connect and get full cert > details if you use IP address?). > > "here too, the issue is server side. My mail server is not able to > connect to the mail server of hpe.com and send the emails of my clients" > > Your server is acting as a client in this case by initiating a TLS > connection to the domains in question...to deliver mail, correct? Do > you have settings in one of your control files to initiate TLS > connections with certain domains? > > "openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher > "AES256-SHA" -connect mx01.emas.dbschenker.com:25" > > This command works from my COS6 and COS7 hosts. So I don't think it's > on their end. > > which openssl version are you running? > > Eric > -- Eric Broch, IMSO, DAM, NGOO, DITH, URTS White Horse Technical Consulting (WHTC) - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] TLS connect failed: timed out
eric here too, the issue is server side. My mail server is not able to connect to the mail server of hpe.com and send the emails of my clients i changed the certificates and use your ciphers (restarted qmail), however it still does not connect. it says CONNECTED but no further response. [root@ns1 control]# openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher "AES256-SHA" -connect mx01.emas.dbschenker.com:25 CONNECTED(0003) [root@ns1 control]# openssl s_client -connect mx01.emas.dbschenker.com:25 -starttls smtp CONNECTED(0003) if i connect to localhost openssl s_client -connect localhost:25 -starttls smtp i get the full cert details and 250 AUTH LOGIN PLAIN CRAM-MD5 rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Mon, 3 Apr 2017 22:20:42 -0600 Subject: Yes, test with your certificate and ciphers. Also use the domain name NOT the IP address. There was a problem several months back that I thought was a TLS issue but ended up being a dns/edns issue. Check the below thread out. It was a server, not client, side issue but might be the problem in your case, just the same: https://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg40185.html On 4/3/2017 10:15 PM, Rajesh M wrote: > eric > > thanks for your reply > > these the responses > > to the mx of hpe.com > [root@ns1 domains]# openssl s_client -starttls smtp -no_ssl3 -no_ssl2 > -cipher "AES256-SHA" -connect 15.233.44.29:25 > CONNECTED(0003) > > to the mx of dbschenker.com > [root@ns1 domains]# openssl s_client -starttls smtp -no_ssl3 -no_ssl2 > -cipher "AES256-SHA" -connect 62.180.229.52:25 > CONNECTED(0003) > > > shall i replace the tlsciphers and check out ? > > rajesh > > > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Mon, 3 Apr 2017 21:49:05 -0600 > Subject: > > Hi Rajesh, > > Could you test something like this from qmail host: > > openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher "AES256-SHA" > -connect a...@domain.com:25 > > BTW these are the ciphers on my my COS 6 host: > > DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:ADH-SEED-SHA:SEED-SHA:IDEA-CBC-SHA:KRB5-IDEA-CBC-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:AECDH-AES256-SHA:ADH-AES256-GCM-SHA384:ADH-AES256-SHA256:ADH-AES256-SHA:ADH-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:AECDH-AES128-SHA:ADH-AES128-GCM-SHA256:ADH-AES128-SHA256:ADH-AES128-SHA:ADH-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA > > > Eric > > > On 4/3/2017 8:23 PM, Rajesh M wrote: >> hi >> >> os ; centos 6 >> qmailtoaster, spamassassin, mysql, dovecot, clam >> >> we are suddenly receiving TLS connect failed: timed out error on all our >> servers running qmail >> >> when emails are sent by our customer to the following domains hp.com, >> hpe.com, dbschenker.com, kamyn.co.ke >> >> the authentication by the customer is done correctly, email gets sent from >> the email client of the customer and emails recd by the server. however the >> mail lies in the queue till finally it bounces back to the sender with the >> message TLS connect failed. >> >> 2017-04-03 15:21:40.916522500 bounce msg 4468196 qp 33696 >> 2017-04-03 15:21:40.916589500 end msg 4468196 >> 2017-04-03 15:01:34.006986500 starting delivery 56232: msg 4468196 to remote >> a...@hpe.com >> 2017-04-03 15:21:40.869716500 delivery 56232: failure: >> TLS_connect_failed:_timed_out;_connected_to_15.241.48.71./I'm_not_going_to_try_again; >> _this_message_has_been_in_the_queue_too_long./ >> 2017-04-03 15:01:34.007035500 starting delivery 56233:
Re: [qmailtoaster] TLS connect failed: timed out
eric thanks for your reply these the responses to the mx of hpe.com [root@ns1 domains]# openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher "AES256-SHA" -connect 15.233.44.29:25 CONNECTED(0003) to the mx of dbschenker.com [root@ns1 domains]# openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher "AES256-SHA" -connect 62.180.229.52:25 CONNECTED(0003) shall i replace the tlsciphers and check out ? rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Mon, 3 Apr 2017 21:49:05 -0600 Subject: Hi Rajesh, Could you test something like this from qmail host: openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher "AES256-SHA" -connect a...@domain.com:25 BTW these are the ciphers on my my COS 6 host: DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:ADH-SEED-SHA:SEED-SHA:IDEA-CBC-SHA:KRB5-IDEA-CBC-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:AECDH-AES256-SHA:ADH-AES256-GCM-SHA384:ADH-AES256-SHA256:ADH-AES256-SHA:ADH-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:AECDH-AES128-SHA:ADH-AES128-GCM-SHA256:ADH-AES128-SHA256:ADH-AES128-SHA:ADH-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA Eric On 4/3/2017 8:23 PM, Rajesh M wrote: > hi > > os ; centos 6 > qmailtoaster, spamassassin, mysql, dovecot, clam > > we are suddenly receiving TLS connect failed: timed out error on all our > servers running qmail > > when emails are sent by our customer to the following domains hp.com, > hpe.com, dbschenker.com, kamyn.co.ke > > the authentication by the customer is done correctly, email gets sent from > the email client of the customer and emails recd by the server. however the > mail lies in the queue till finally it bounces back to the sender with the > message TLS connect failed. > > 2017-04-03 15:21:40.916522500 bounce msg 4468196 qp 33696 > 2017-04-03 15:21:40.916589500 end msg 4468196 > 2017-04-03 15:01:34.006986500 starting delivery 56232: msg 4468196 to remote > a...@hpe.com > 2017-04-03 15:21:40.869716500 delivery 56232: failure: > TLS_connect_failed:_timed_out;_connected_to_15.241.48.71./I'm_not_going_to_try_again; > _this_message_has_been_in_the_queue_too_long./ > 2017-04-03 15:01:34.007035500 starting delivery 56233: msg 4468196 to remote > xxx...@hpe.com > 2017-04-03 15:21:40.851782500 delivery 56233: failure: > TLS_connect_failed:_timed_out;_connected_to_15.241.48.71./I'm_not_going_to_try_again; > _this_message_has_been_in_the_queue_too_long./ > 2017-04-03 15:01:34.007150500 starting delivery 56234: msg 4468196 to remote > dfdf...@hpe.com > 2017-04-03 15:21:40.876609500 delivery 56234: failure: > TLS_connect_failed:_timed_out;_connected_to_15.241.48.71./I'm_not_going_to_try_again; > _this_message_has_been_in_the_queue_too_long./ > > > this is happening since the last 10 days. There are no error details in the > qmail logs. > > however emails sent from two of our window servers using mailenable, go > through correctly to these domains. > > we have not changed anything on our qmail servers and all servers are > identical in config. > > so it seems that there is common issue between all our qmail servers. > > our ssl certificates are the self signed ones (validity 10 years) created > > openssl genrsa -out x.key 2048 > openssl req -new -key x.key -out x.csr > openssl x509 -req -days 36500 -in x.csr -signkey x.key -out x.crt > cat x.crt x.key > fqdn.crt > > tlsciphers file > > DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:KRB5-DES-CBC3-MD5:KRB5-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC2-CBC-MD5:KRB5-RC4-MD5:KRB5-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:KRB5-DES-CBC-MD5:KRB5-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CB
[qmailtoaster] TLS connect failed: timed out
hi os ; centos 6 qmailtoaster, spamassassin, mysql, dovecot, clam we are suddenly receiving TLS connect failed: timed out error on all our servers running qmail when emails are sent by our customer to the following domains hp.com, hpe.com, dbschenker.com, kamyn.co.ke the authentication by the customer is done correctly, email gets sent from the email client of the customer and emails recd by the server. however the mail lies in the queue till finally it bounces back to the sender with the message TLS connect failed. 2017-04-03 15:21:40.916522500 bounce msg 4468196 qp 33696 2017-04-03 15:21:40.916589500 end msg 4468196 2017-04-03 15:01:34.006986500 starting delivery 56232: msg 4468196 to remote a...@hpe.com 2017-04-03 15:21:40.869716500 delivery 56232: failure: TLS_connect_failed:_timed_out;_connected_to_15.241.48.71./I'm_not_going_to_try_again; _this_message_has_been_in_the_queue_too_long./ 2017-04-03 15:01:34.007035500 starting delivery 56233: msg 4468196 to remote xxx...@hpe.com 2017-04-03 15:21:40.851782500 delivery 56233: failure: TLS_connect_failed:_timed_out;_connected_to_15.241.48.71./I'm_not_going_to_try_again; _this_message_has_been_in_the_queue_too_long./ 2017-04-03 15:01:34.007150500 starting delivery 56234: msg 4468196 to remote dfdf...@hpe.com 2017-04-03 15:21:40.876609500 delivery 56234: failure: TLS_connect_failed:_timed_out;_connected_to_15.241.48.71./I'm_not_going_to_try_again; _this_message_has_been_in_the_queue_too_long./ this is happening since the last 10 days. There are no error details in the qmail logs. however emails sent from two of our window servers using mailenable, go through correctly to these domains. we have not changed anything on our qmail servers and all servers are identical in config. so it seems that there is common issue between all our qmail servers. our ssl certificates are the self signed ones (validity 10 years) created openssl genrsa -out x.key 2048 openssl req -new -key x.key -out x.csr openssl x509 -req -days 36500 -in x.csr -signkey x.key -out x.crt cat x.crt x.key > fqdn.crt tlsciphers file DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:KRB5-DES-CBC3-MD5:KRB5-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC2-CBC-MD5:KRB5-RC4-MD5:KRB5-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:KRB5-DES-CBC-MD5:KRB5-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP-KRB5-RC2-CBC-MD5:EXP-KRB5-DES-CBC-MD5:EXP-KRB5-RC2-CBC-SHA:EXP-KRB5-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-KRB5-RC4-MD5:EXP-KRB5-RC4-SHA:EXP-RC4-MD5:EXP-RC4-MD5 could somebody help please rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] strange and puzzling occurance
eric am giving it a try now by commenting. concerning the routing of emails... is getting routed to the Junk folder created on the server outlook and thunderbird is not involved because the entire night, while testing we had changed the password so that no email client could access it. We were using webmail to access the mailbox and check if anything has been routed the Junk folder. So what remains is the MDA which is qmail / vdelivermail so that is the second puzzling part because even mails from within the same domain were being routed to the junk folder on the server no logic at all. rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Wed, 9 Nov 2016 10:10:29 -0700 Subject: Also, The routing of mail to the Junk folder should be addressed in Outlook, as it is in Thunderbird for other folders, or in your MDA. On 11/9/2016 10:04 AM, Eric Broch wrote: > > I would think so, caveat being that 'inbox' is defined (and it is). > I'd try commenting it and see what happens. > > This is the comment in the file 15-mailboxes.conf : "These mailboxes > are widely used and could perhaps be created automatically" > > I'm not sure what "perhaps" means. In my mind, they/it WILL or WILL > NOT be created. "Perhaps" instills a vagueness in my mind. > > > On 11/9/2016 9:46 AM, Rajesh M wrote: >> eric >> >> i happened to grep for Junk in /etc folder and found the term in >> >> /etc/dovecot/conf.d/15-mailboxes.conf >> >> would this have any part to play in the creation of the .Junk folder ? >> >> thanks >> rajesh >> >> - Original Message - >> From: Eric Broch [mailto:ebr...@whitehorsetc.com] >> To:qmailtoaster-list@qmailtoaster.com >> Sent: Wed, 9 Nov 2016 08:49:51 -0700 >> Subject: >> >> CentOS 6.8? >> >> >> On 11/9/2016 5:36 AM, Rajesh M wrote: >>> hi >>> >>> centos 8 >>> qmailtoaster, spamassassin, clam, dovecot >>> >>> we are facing a weird and puzzling scenario, occurring on all 4 of our >>> servers >>> >>> out of several thousands of mailboxes around 10 to 33 mailboxes on each >>> server has a folder called .Junk created (for different email users of >>> different domains) in the same level as Inbox along with Sent, Draft and >>> Trash >>> >>> ./aaa.in/sunil/Maildir/.Junk >>> ./.com/ani/Maildir/.Junk >>> ./.com/rishiraj.sethi/Maildir/.Junk >>> ./.com/kumar/Maildir/.Junk >>> ./.com/kamlakar/Maildir/.Junk >>> >>> we are unable to figure out how exactly these were created >>> >>> further on in case of one email id genuine emails, from both external and >>> sometimes even internal domains from within the same domain are getting >>> moved to the .Junk folder >>> >>> the user uses outlook pop3, but the creation of the .Junk is not done by >>> outlook since this happens automatically even the night when the user does >>> not use outlook and we had changed the password of the account >>> >>> even if we delete the .Junk folder the same gets automatically recreated. >>> >>> this is not done by maildrop since these email are not checked for spam at >>> all and they are internal emails. >>> >>> there is no .qmail file under the user's mailbox >>> >>> this is not done by webmail since mailbox is not access over webmail >>> >>> so my question is what could be causing this ? >>> >>> rajesh >>> >>> >>> >>> >>> - >>> To unsubscribe, e-mail:qmailtoaster-list-unsubscr...@qmailtoaster.com >>> For additional commands, e-mail:qmailtoaster-list-h...@qmailtoaster.com >> >> >> - >> To unsubscribe, e-mail:qmailtoaster-list-unsubscr...@qmailtoaster.com >> For additional commands, e-mail:qmailtoaster-list-h...@qmailtoaster.com > - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] strange and puzzling occurance
eric i happened to grep for Junk in /etc folder and found the term in /etc/dovecot/conf.d/15-mailboxes.conf would this have any part to play in the creation of the .Junk folder ? thanks rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Wed, 9 Nov 2016 08:49:51 -0700 Subject: CentOS 6.8? On 11/9/2016 5:36 AM, Rajesh M wrote: > hi > > centos 8 > qmailtoaster, spamassassin, clam, dovecot > > we are facing a weird and puzzling scenario, occurring on all 4 of our servers > > out of several thousands of mailboxes around 10 to 33 mailboxes on each > server has a folder called .Junk created (for different email users of > different domains) in the same level as Inbox along with Sent, Draft and Trash > > ./aaa.in/sunil/Maildir/.Junk > ./.com/ani/Maildir/.Junk > ./.com/rishiraj.sethi/Maildir/.Junk > ./.com/kumar/Maildir/.Junk > ./.com/kamlakar/Maildir/.Junk > > we are unable to figure out how exactly these were created > > further on in case of one email id genuine emails, from both external and > sometimes even internal domains from within the same domain are getting moved > to the .Junk folder > > the user uses outlook pop3, but the creation of the .Junk is not done by > outlook since this happens automatically even the night when the user does > not use outlook and we had changed the password of the account > > even if we delete the .Junk folder the same gets automatically recreated. > > this is not done by maildrop since these email are not checked for spam at > all and they are internal emails. > > there is no .qmail file under the user's mailbox > > this is not done by webmail since mailbox is not access over webmail > > so my question is what could be causing this ? > > rajesh > > > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] strange and puzzling occurance
centos 6.5 on 3 servers and centos 6.6 on one server rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Wed, 9 Nov 2016 08:49:51 -0700 Subject: CentOS 6.8? On 11/9/2016 5:36 AM, Rajesh M wrote: > hi > > centos 8 > qmailtoaster, spamassassin, clam, dovecot > > we are facing a weird and puzzling scenario, occurring on all 4 of our servers > > out of several thousands of mailboxes around 10 to 33 mailboxes on each > server has a folder called .Junk created (for different email users of > different domains) in the same level as Inbox along with Sent, Draft and Trash > > ./aaa.in/sunil/Maildir/.Junk > ./.com/ani/Maildir/.Junk > ./.com/rishiraj.sethi/Maildir/.Junk > ./.com/kumar/Maildir/.Junk > ./.com/kamlakar/Maildir/.Junk > > we are unable to figure out how exactly these were created > > further on in case of one email id genuine emails, from both external and > sometimes even internal domains from within the same domain are getting moved > to the .Junk folder > > the user uses outlook pop3, but the creation of the .Junk is not done by > outlook since this happens automatically even the night when the user does > not use outlook and we had changed the password of the account > > even if we delete the .Junk folder the same gets automatically recreated. > > this is not done by maildrop since these email are not checked for spam at > all and they are internal emails. > > there is no .qmail file under the user's mailbox > > this is not done by webmail since mailbox is not access over webmail > > so my question is what could be causing this ? > > rajesh > > > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] strange and puzzling occurance
CentOS Linux 6.5 thanks rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Wed, 9 Nov 2016 08:49:51 -0700 Subject: CentOS 6.8? On 11/9/2016 5:36 AM, Rajesh M wrote: > hi > > centos 8 > qmailtoaster, spamassassin, clam, dovecot > > we are facing a weird and puzzling scenario, occurring on all 4 of our servers > > out of several thousands of mailboxes around 10 to 33 mailboxes on each > server has a folder called .Junk created (for different email users of > different domains) in the same level as Inbox along with Sent, Draft and Trash > > ./aaa.in/sunil/Maildir/.Junk > ./.com/ani/Maildir/.Junk > ./.com/rishiraj.sethi/Maildir/.Junk > ./.com/kumar/Maildir/.Junk > ./.com/kamlakar/Maildir/.Junk > > we are unable to figure out how exactly these were created > > further on in case of one email id genuine emails, from both external and > sometimes even internal domains from within the same domain are getting moved > to the .Junk folder > > the user uses outlook pop3, but the creation of the .Junk is not done by > outlook since this happens automatically even the night when the user does > not use outlook and we had changed the password of the account > > even if we delete the .Junk folder the same gets automatically recreated. > > this is not done by maildrop since these email are not checked for spam at > all and they are internal emails. > > there is no .qmail file under the user's mailbox > > this is not done by webmail since mailbox is not access over webmail > > so my question is what could be causing this ? > > rajesh > > > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] strange and puzzling occurance
hi centos 8 qmailtoaster, spamassassin, clam, dovecot we are facing a weird and puzzling scenario, occurring on all 4 of our servers out of several thousands of mailboxes around 10 to 33 mailboxes on each server has a folder called .Junk created (for different email users of different domains) in the same level as Inbox along with Sent, Draft and Trash ./aaa.in/sunil/Maildir/.Junk ./.com/ani/Maildir/.Junk ./.com/rishiraj.sethi/Maildir/.Junk ./.com/kumar/Maildir/.Junk ./.com/kamlakar/Maildir/.Junk we are unable to figure out how exactly these were created further on in case of one email id genuine emails, from both external and sometimes even internal domains from within the same domain are getting moved to the .Junk folder the user uses outlook pop3, but the creation of the .Junk is not done by outlook since this happens automatically even the night when the user does not use outlook and we had changed the password of the account even if we delete the .Junk folder the same gets automatically recreated. this is not done by maildrop since these email are not checked for spam at all and they are internal emails. there is no .qmail file under the user's mailbox this is not done by webmail since mailbox is not access over webmail so my question is what could be causing this ? rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] error while installing dovecot-2.2.25-12.qt.src.rpm
eric this got resolved after i updated openssl. thanks rajesh - Original Message - From: Rajesh M [mailto:24x7ser...@24x7server.net] To: qmailtoaster-list@qmailtoaster.com Sent: Sun, 6 Nov 2016 08:45:36 +0530 Subject: hi eric i am getting an error while installing the latest version dovecot i am receiving the same error on 3 of my servers this is what i am doing wget ftp://ftp.whitehorsetc.com/pub/qmail/CentOS6/qmt/srpms/updates/dovecot-2.2.25-12.qt.src.rpm rpmbuild --rebuild --define "dist .qt.el6" dovecot-2.2.25-12.qt.src.rpm during make i get the error make check-am make[3]: Entering directory `/root/rpmbuild/BUILD/dovecot-2.2.25/src/lib' make[3]: Nothing to be done for `check-am'. make[3]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.25/src/lib' make[2]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.25/src/lib' Making check in lib-settings make[2]: Entering directory `/root/rpmbuild/BUILD/dovecot-2.2.25/src/lib-settings' make[2]: Nothing to be done for `check'. make[2]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.25/src/lib-settings' Making check in lib-auth make[2]: Entering directory `/root/rpmbuild/BUILD/dovecot-2.2.25/src/lib-auth' make[2]: Nothing to be done for `check'. make[2]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.25/src/lib-auth' Making check in lib-master make[2]: Entering directory `/root/rpmbuild/BUILD/dovecot-2.2.25/src/lib-master' for bin in test-master-service-settings-cache; do \ if ! /bin/sh ../../run-test.sh ../.. ./$bin; then exit 1; fi; \ done 0 / 0 tests failed make[2]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.25/src/lib-master' Making check in lib-charset make[2]: Entering directory `/root/rpmbuild/BUILD/dovecot-2.2.25/src/lib-charset' for bin in test-charset; do \ if ! /bin/sh ../../run-test.sh ../.. ./$bin; then exit 1; fi; \ done charset_is_utf8 .. : ok charset utf8 . : ok charset iconv : ok charset iconv crashes : ok charset iconv utf7 state . : ok 0 / 5 tests failed make[2]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.25/src/lib-charset' Making check in lib-ssl-iostream make[2]: Entering directory `/root/rpmbuild/BUILD/dovecot-2.2.25/src/lib-ssl-iostream' make[2]: Nothing to be done for `check'. make[2]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.25/src/lib-ssl-iostream' Making check in lib-dcrypt make[2]: Entering directory `/root/rpmbuild/BUILD/dovecot-2.2.25/src/lib-dcrypt' for bin in test-crypto test-stream; do \ if ! /bin/sh ../../run-test.sh ../.. ./$bin; then exit 1; fi; \ done test_cipher_test_vectors . : ok test_cipher_aead_test_vectors : ok test_hmac_test_vectors ... : ok test-crypto.c:269: Assert failed: ret == TRUE test-crypto.c:270: Assert failed: error == NULL Panic: file dcrypt-openssl.c: line 880 (dcrypt_openssl_load_private_key_dovecot_v1): assertion failed: (dec_key != NULL) test: random seed #2 was 1478388283 Error: Raw backtrace: ./test-crypto() [0x412e7a] -> ./test-crypto(default_fatal_handler+0x32) [0x4136b2] -> ./test-crypto() [0x40a90a] -> .libs/libdcrypt_openssl.so(+0x1ca0b) [0x503ca0b] -> .libs/libdcrypt_openssl.so(+0x1ccf7) [0x503ccf7] -> ./test-crypto() [0x40ebee] -> ./test-crypto() [0x4102b1] -> ./test-crypto(test_run+0x11) [0x4103b1] -> ./test-crypto(main+0x1e) [0x40e24e] -> /lib64/libc.so.6(__libc_start_main+0xfd) [0x342001ed5d] -> ./test-crypto() [0x40a935] ../../run-test.sh: line 21: 22465 Aborted (core dumped) valgrind -q --trace-children=yes --leak-check=full --suppressions="$supp_path" --log-file=test.out.$$ $* ==22465== 96 (24 direct, 72 indirect) bytes in 1 blocks are definitely lost in loss record 541 of 611 ==22465==at 0x4A069EE: malloc (vg_replace_malloc.c:270) ==22465==by 0x503DA78: dovecot_openssl_malloc (dovecot-openssl-common.c:17) ==22465==by 0x3428068B2D: CRYPTO_malloc (in /usr/lib64/libcrypto.so.1.0.1e) ==22465==by 0x34280A5229: BN_new (in /usr/lib64/libcrypto.so.1.0.1e) ==22465==by 0x503C684: dcrypt_openssl_load_private_key_dovecot_v1 (dcrypt-openssl.c:864) ==22465==by 0x503CCF6: dcrypt_openssl_load_private_key (dcrypt-openssl.c:1212) ==22465==by 0x40EBA9: test_load_v1_keys (test-crypto.c:268) ==22465==by 0x4102B0: test_run_funcs (test-common.c:354) ==22465==by 0x4103B0: test_run (test-common.c:404) ==22465==by 0x40E24D: main (test-crypto.c:554) ==22465== Failed to run: ./test-crypto make[2]: *** [check-test] Error 1 make[2]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.25/src/lib-dcrypt' make[1]: *** [check-recursive]
[qmailtoaster] error while installing dovecot-2.2.25-12.qt.src.rpm
hi eric i am getting an error while installing the latest version dovecot i am receiving the same error on 3 of my servers this is what i am doing wget ftp://ftp.whitehorsetc.com/pub/qmail/CentOS6/qmt/srpms/updates/dovecot-2.2.25-12.qt.src.rpm rpmbuild --rebuild --define "dist .qt.el6" dovecot-2.2.25-12.qt.src.rpm during make i get the error make check-am make[3]: Entering directory `/root/rpmbuild/BUILD/dovecot-2.2.25/src/lib' make[3]: Nothing to be done for `check-am'. make[3]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.25/src/lib' make[2]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.25/src/lib' Making check in lib-settings make[2]: Entering directory `/root/rpmbuild/BUILD/dovecot-2.2.25/src/lib-settings' make[2]: Nothing to be done for `check'. make[2]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.25/src/lib-settings' Making check in lib-auth make[2]: Entering directory `/root/rpmbuild/BUILD/dovecot-2.2.25/src/lib-auth' make[2]: Nothing to be done for `check'. make[2]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.25/src/lib-auth' Making check in lib-master make[2]: Entering directory `/root/rpmbuild/BUILD/dovecot-2.2.25/src/lib-master' for bin in test-master-service-settings-cache; do \ if ! /bin/sh ../../run-test.sh ../.. ./$bin; then exit 1; fi; \ done 0 / 0 tests failed make[2]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.25/src/lib-master' Making check in lib-charset make[2]: Entering directory `/root/rpmbuild/BUILD/dovecot-2.2.25/src/lib-charset' for bin in test-charset; do \ if ! /bin/sh ../../run-test.sh ../.. ./$bin; then exit 1; fi; \ done charset_is_utf8 .. : ok charset utf8 . : ok charset iconv : ok charset iconv crashes : ok charset iconv utf7 state . : ok 0 / 5 tests failed make[2]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.25/src/lib-charset' Making check in lib-ssl-iostream make[2]: Entering directory `/root/rpmbuild/BUILD/dovecot-2.2.25/src/lib-ssl-iostream' make[2]: Nothing to be done for `check'. make[2]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.25/src/lib-ssl-iostream' Making check in lib-dcrypt make[2]: Entering directory `/root/rpmbuild/BUILD/dovecot-2.2.25/src/lib-dcrypt' for bin in test-crypto test-stream; do \ if ! /bin/sh ../../run-test.sh ../.. ./$bin; then exit 1; fi; \ done test_cipher_test_vectors . : ok test_cipher_aead_test_vectors : ok test_hmac_test_vectors ... : ok test-crypto.c:269: Assert failed: ret == TRUE test-crypto.c:270: Assert failed: error == NULL Panic: file dcrypt-openssl.c: line 880 (dcrypt_openssl_load_private_key_dovecot_v1): assertion failed: (dec_key != NULL) test: random seed #2 was 1478388283 Error: Raw backtrace: ./test-crypto() [0x412e7a] -> ./test-crypto(default_fatal_handler+0x32) [0x4136b2] -> ./test-crypto() [0x40a90a] -> .libs/libdcrypt_openssl.so(+0x1ca0b) [0x503ca0b] -> .libs/libdcrypt_openssl.so(+0x1ccf7) [0x503ccf7] -> ./test-crypto() [0x40ebee] -> ./test-crypto() [0x4102b1] -> ./test-crypto(test_run+0x11) [0x4103b1] -> ./test-crypto(main+0x1e) [0x40e24e] -> /lib64/libc.so.6(__libc_start_main+0xfd) [0x342001ed5d] -> ./test-crypto() [0x40a935] ../../run-test.sh: line 21: 22465 Aborted (core dumped) valgrind -q --trace-children=yes --leak-check=full --suppressions="$supp_path" --log-file=test.out.$$ $* ==22465== 96 (24 direct, 72 indirect) bytes in 1 blocks are definitely lost in loss record 541 of 611 ==22465==at 0x4A069EE: malloc (vg_replace_malloc.c:270) ==22465==by 0x503DA78: dovecot_openssl_malloc (dovecot-openssl-common.c:17) ==22465==by 0x3428068B2D: CRYPTO_malloc (in /usr/lib64/libcrypto.so.1.0.1e) ==22465==by 0x34280A5229: BN_new (in /usr/lib64/libcrypto.so.1.0.1e) ==22465==by 0x503C684: dcrypt_openssl_load_private_key_dovecot_v1 (dcrypt-openssl.c:864) ==22465==by 0x503CCF6: dcrypt_openssl_load_private_key (dcrypt-openssl.c:1212) ==22465==by 0x40EBA9: test_load_v1_keys (test-crypto.c:268) ==22465==by 0x4102B0: test_run_funcs (test-common.c:354) ==22465==by 0x4103B0: test_run (test-common.c:404) ==22465==by 0x40E24D: main (test-crypto.c:554) ==22465== Failed to run: ./test-crypto make[2]: *** [check-test] Error 1 make[2]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.25/src/lib-dcrypt' make[1]: *** [check-recursive] Error 1 make[1]: Leaving directory `/root/rpmbuild/BUILD/dovecot-2.2.25/src' make: *** [check-recursive] Error 1 error: Bad exit status from /var/tmp/rpm-tmp.esEALP (%check) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.esEALP (%check) thanks rajesh
Re: [qmailtoaster] how to block a complete tld
hi eric thanks, that worked for the same in qmail's badmailfrom i used @.*\.land\> rajesh - Original Message - From: Eric [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Wed, 31 Aug 2016 20:58:13 -0600 Subject: Rajesh, You could try @.tld or @tld I'm not sure. You could test it out, or ask on the spamdyke mailing list. Eric On 8/31/2016 8:39 PM, Rajesh M wrote: > eric > > i need to block an entire tld > > ie .link or .land or .cf .ml etc. > > not just on a per domain basis since spammers keep changing their domain. > > is there any solution for this ? > > thanks, > rajesh > > - Original Message - > From: Eric [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Wed, 31 Aug 2016 12:27:11 -0600 > Subject: > > I'd use spamdyke > > From spamdyke.org: > > One form of wildcard address is supported. All usernames within a domain > (and its subdomains) may be blocked by a line starting with @. For > example, if the file contained the following entry: > > @example.com > > spamdyke will block mail to f...@example.com, f...@mail.example.com, > bar...@mail.internal.example.com, etc. > > > > On 8/31/2016 11:17 AM, Rajesh M wrote: >> hi >> >> we are getting a lot of spam from tlds like : .link, .cricket, .land etc and >> wish to block these tlds using wildcard. >> >> i tried to use the qmail badmailfrom and put a sample >> >> @*.land >> >> but this started blocking a customer : landsmartconsultants.com >> >> i was also thinking of using spamdyke blacklists. >> >> what would be the correct syntax to block such tlds. >> >> and whether to use spamdyke or qmail badmailfrom. >> >> thanks >> rajesh >> >> >> >> >> >> >> - >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com >> > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > > > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] how to block a complete tld
eric i need to block an entire tld ie .link or .land or .cf .ml etc. not just on a per domain basis since spammers keep changing their domain. is there any solution for this ? thanks, rajesh - Original Message - From: Eric [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Wed, 31 Aug 2016 12:27:11 -0600 Subject: I'd use spamdyke From spamdyke.org: One form of wildcard address is supported. All usernames within a domain (and its subdomains) may be blocked by a line starting with @. For example, if the file contained the following entry: @example.com spamdyke will block mail to f...@example.com, f...@mail.example.com, bar...@mail.internal.example.com, etc. On 8/31/2016 11:17 AM, Rajesh M wrote: > hi > > we are getting a lot of spam from tlds like : .link, .cricket, .land etc and > wish to block these tlds using wildcard. > > i tried to use the qmail badmailfrom and put a sample > > @*.land > > but this started blocking a customer : landsmartconsultants.com > > i was also thinking of using spamdyke blacklists. > > what would be the correct syntax to block such tlds. > > and whether to use spamdyke or qmail badmailfrom. > > thanks > rajesh > > > > > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] how to block a complete tld
hi we are getting a lot of spam from tlds like : .link, .cricket, .land etc and wish to block these tlds using wildcard. i tried to use the qmail badmailfrom and put a sample @*.land but this started blocking a customer : landsmartconsultants.com i was also thinking of using spamdyke blacklists. what would be the correct syntax to block such tlds. and whether to use spamdyke or qmail badmailfrom. thanks rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] handling email spoofing
eric spf checks the envelope sender (reply to) and not the "mailfrom" email id the spammer is sending an email with "mail from" as some user on my server example c...@mycustomer.com to emplo...@mycustomer.com but email is sent not from within my server but from some other external server. the scammer however has the envelope-sender / reply to as his legitimate email id and correctly configured. the qmailtoaster spf check is done not on the mailfrom but on the reply-to and the email gets delivered safely to the inbox of the employee. now what happens is that the employee sees that the email is from the ceo and immediately takes action which leads to a phishing scam. i wish to block emails where the mailfrom domain is on my server but the scam email is sent by a spammer from an external server posing as c...@mycustomer.com ... in other words email spoofing. thanks, rajesh - Original Message - From: Eric [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Sun, 28 Aug 2016 13:03:16 -0600 Subject: Do you have an spf text record set up for domain_on_my_server.com? SPF should check the 'a' and 'mx' record for the domain, domain_on_my_server.com, against the sender IP address (the one that actually connected to you server). Are you saying that the spam sender is spoofing the originating IP address? On 8/28/2016 7:14 AM, Rajesh M wrote: > hi > > facing issue with email spoofing > > example spammer sends an email with "mailfrom" as : > user@domain_on_my_server.com > > and the envelope sender is the spammer's email id which has spf records > correctly in place > > and hence spf is not able to catch such spammers. > > how do i handle this ? > > thanks > rajesh > > > > > > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] handling email spoofing
hi facing issue with email spoofing example spammer sends an email with "mailfrom" as : user@domain_on_my_server.com and the envelope sender is the spammer's email id which has spf records correctly in place and hence spf is not able to catch such spammers. how do i handle this ? thanks rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] concerning updates to qmailtoaster
eric i am using spamdyke5 a new spamdyke.conf was generated which i am using and the qmail services are working like normal my idea was to block email ids where the reply-to (envelope sender) were different from authentication domain. so in my config file i have this since as per spamdyke config it will go through all the aspects reject-sender=not-local reject-sender=authentication-domain-mismatch reject-sender=no-mx however in my thunderbird when using a different reply-to email id it does not work. in whitelist_ip i have only one ip : 127.0.0.0.1 in my whitelist_senders i do not have the sending domain listed rajesh - Original Message - From: Eric [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Sun, 24 Jul 2016 11:57:17 -0600 Subject: Rajesh, It would be just like any other RPM update. The RPM install will stop and start services. With Spamdyke, if you're upgrading to 5, you'll have to run a script (below) I provided, but until you run it you're toaster will be rejecting email (it only takes a second to run). Remember if you have special settings in spamdyke.conf backup! #!/bin/sh sed -i \ -e 's/reject-missing-sender-mx/reject-sender=no-mx/g' \ -e 's/rejection-text-missing-sender-mx/rejection-text-sender-no-mx/g' \ -e 's/reject-identical-sender-recipient/reject-recipient=same-as-sender/g' \ -e 's/rejection-text-identical-sender-recipient/rejection-text-recipient-same-as-sender/g' \ -e 's/local-domains-file/qmail-rcpthosts-file/g' \ -e 's/local-domains-entry=/#local-domains-entry=(Add these entries to qmail-rcpthosts-file)/g' \ -e 's/morercpthosts/qmail-morercpthosts-cdb/'g /etc/spamdyke/spamdyke.conf Eric On 7/24/2016 5:32 AM, Rajesh M wrote: > hi > > i am using qmailtoaster on centos 6 > > the SRPMS i have are from the old qmail site and a few from ftp.whitehorse > > my question was whether i can update dovecot, spamassassin and spamdyke > without causing intereference with existing working qmailtoaster, similar to > the manner in which i update clam. > > i would be shutting down the qmailserver during the updates > > > thanks > rajesh > > > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] concerning updates to qmailtoaster
hi i am using qmailtoaster on centos 6 the SRPMS i have are from the old qmail site and a few from ftp.whitehorse my question was whether i can update dovecot, spamassassin and spamdyke without causing intereference with existing working qmailtoaster, similar to the manner in which i update clam. i would be shutting down the qmailserver during the updates thanks rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] qmailtoaster perl modules
eric is it possible to add outgoing spam check ie number of emails per hour etc .. to qmail i am currently running a script that analyses smtp and submission log file files and blocks the email id which sends more than x number of emails per day. but unfortunately it is not very effective because it checks the mailfrom (instead of authentication email id) and also if one email contains multiple recipients the same is not handled correctly. rajesh - Original Message - From: Eric [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Sun, 8 May 2016 05:08:16 -0600 Subject: Re: [qmailtoaster] qmailtoaster perl modules Good to hear!! On 5/8/2016 2:28 AM, Rajesh M wrote: > thanks > > this worked > > rajesh > > - Original Message - > From: Eric [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Sun, 1 May 2016 23:13:43 -0600 > Subject: Re: [qmailtoaster] qmailtoaster perl modules > > Hi Rajesh, > > Try it now > (ftp://ftp.whitehorsetc.com/pub/qmail/CentOS6/qmt/srpms/updates/dovecot-2.2.24-11.qt.src.rpm). > > Eric > > On 5/1/2016 8:42 AM, Rajesh M wrote: >> hi eric >> >> that worked correctly >> >> had another question >> >> while installing dovecot (fresh new install of qmailtoaster) >> >> the package from this link >> ftp://ftp.whitehorsetc.com/pub/qmail/CentOS6/qmt/srpms/updates/dovecot-2.2.24-11.qt.src.rpm >> throws error >> qmailtoaster error while loading shared libraries: libdovecot.so.0: cannot >> open shared object file: No such file or directory >> >> while this works >> ftp://ftp.whitehorsetc.com/pub/qmail/CentOS6/qmt/srpms/dovecot-2.2.22-7.qt.src.rpm >> >> could you please help me >> >> rajesh >> >> >> - Original Message - >> From: Eric [mailto:ebr...@whitehorsetc.com] >> To: qmailtoaster-list@qmailtoaster.com >> Sent: Mon, 25 Apr 2016 08:37:16 -0600 >> Subject: Re: [qmailtoaster] qmailtoaster perl modules >> >> Hi Rajesh, >> >> These modules should have been installed initially (when you first >> installed QMT/COS6). >> >> They are, at least on my QMT/COS6, from the following repos. >> >> perl-Mail-SPF-Query: rpmforge >> perl-Mail-DomainKeys:rpmforge >> perl-Sys-Hostname-Long: epel >> >> Eric >> >> >> On 4/25/2016 7:49 AM, Rajesh M wrote: >>> hi >>> >>> i need to install perl modules on centos 6. >>> >>> where do i find the following perl modules (the ones below are from >>> ftp://ftp.whitehorsetc.com/pub/qmail/CentOS7/qmt/srpms/ for CENTOS 7) >>> >>> perl-Sys-Hostname-Long-1.4-1.2.el7.centos.noarch.rpm >>> perl-Mail-DomainKeys-1.0-1.el7.centos.noarch.rpm >>> perl-Mail-SPF-Query-1.999.1-2.el7.centos.noarch.rpm >>> >>> thanks >>> rajesh >>> >>> >>> >>> >>> - >>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com >> >> >> >> >> - >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com >> > > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > -- Eric C. Broch White Horse Technical Consulting ebr...@whitehorsetc.com 406-214-6802 _ ASCII ribbon campaign ( ) against HTML e-mail X / \ - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] qmailtoaster perl modules
thanks this worked rajesh - Original Message - From: Eric [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Sun, 1 May 2016 23:13:43 -0600 Subject: Re: [qmailtoaster] qmailtoaster perl modules Hi Rajesh, Try it now (ftp://ftp.whitehorsetc.com/pub/qmail/CentOS6/qmt/srpms/updates/dovecot-2.2.24-11.qt.src.rpm). Eric On 5/1/2016 8:42 AM, Rajesh M wrote: > hi eric > > that worked correctly > > had another question > > while installing dovecot (fresh new install of qmailtoaster) > > the package from this link > ftp://ftp.whitehorsetc.com/pub/qmail/CentOS6/qmt/srpms/updates/dovecot-2.2.24-11.qt.src.rpm > throws error > qmailtoaster error while loading shared libraries: libdovecot.so.0: cannot > open shared object file: No such file or directory > > while this works > ftp://ftp.whitehorsetc.com/pub/qmail/CentOS6/qmt/srpms/dovecot-2.2.22-7.qt.src.rpm > > could you please help me > > rajesh > > > - Original Message - > From: Eric [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Mon, 25 Apr 2016 08:37:16 -0600 > Subject: Re: [qmailtoaster] qmailtoaster perl modules > > Hi Rajesh, > > These modules should have been installed initially (when you first > installed QMT/COS6). > > They are, at least on my QMT/COS6, from the following repos. > > perl-Mail-SPF-Query: rpmforge > perl-Mail-DomainKeys:rpmforge > perl-Sys-Hostname-Long: epel > > Eric > > > On 4/25/2016 7:49 AM, Rajesh M wrote: >> hi >> >> i need to install perl modules on centos 6. >> >> where do i find the following perl modules (the ones below are from >> ftp://ftp.whitehorsetc.com/pub/qmail/CentOS7/qmt/srpms/ for CENTOS 7) >> >> perl-Sys-Hostname-Long-1.4-1.2.el7.centos.noarch.rpm >> perl-Mail-DomainKeys-1.0-1.el7.centos.noarch.rpm >> perl-Mail-SPF-Query-1.999.1-2.el7.centos.noarch.rpm >> >> thanks >> rajesh >> >> >> >> >> - >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > > > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > -- Eric C. Broch White Horse Technical Consulting ebr...@whitehorsetc.com 406-214-6802 _ ASCII ribbon campaign ( ) against HTML e-mail X / \ - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] qmailtoaster perl modules
hi eric that worked correctly had another question while installing dovecot (fresh new install of qmailtoaster) the package from this link ftp://ftp.whitehorsetc.com/pub/qmail/CentOS6/qmt/srpms/updates/dovecot-2.2.24-11.qt.src.rpm throws error qmailtoaster error while loading shared libraries: libdovecot.so.0: cannot open shared object file: No such file or directory while this works ftp://ftp.whitehorsetc.com/pub/qmail/CentOS6/qmt/srpms/dovecot-2.2.22-7.qt.src.rpm could you please help me rajesh - Original Message - From: Eric [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Mon, 25 Apr 2016 08:37:16 -0600 Subject: Re: [qmailtoaster] qmailtoaster perl modules Hi Rajesh, These modules should have been installed initially (when you first installed QMT/COS6). They are, at least on my QMT/COS6, from the following repos. perl-Mail-SPF-Query: rpmforge perl-Mail-DomainKeys:rpmforge perl-Sys-Hostname-Long: epel Eric On 4/25/2016 7:49 AM, Rajesh M wrote: > hi > > i need to install perl modules on centos 6. > > where do i find the following perl modules (the ones below are from > ftp://ftp.whitehorsetc.com/pub/qmail/CentOS7/qmt/srpms/ for CENTOS 7) > > perl-Sys-Hostname-Long-1.4-1.2.el7.centos.noarch.rpm > perl-Mail-DomainKeys-1.0-1.el7.centos.noarch.rpm > perl-Mail-SPF-Query-1.999.1-2.el7.centos.noarch.rpm > > thanks > rajesh > > > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] qmailtoaster perl modules
hi i need to install perl modules on centos 6. where do i find the following perl modules (the ones below are from ftp://ftp.whitehorsetc.com/pub/qmail/CentOS7/qmt/srpms/ for CENTOS 7) perl-Sys-Hostname-Long-1.4-1.2.el7.centos.noarch.rpm perl-Mail-DomainKeys-1.0-1.el7.centos.noarch.rpm perl-Mail-SPF-Query-1.999.1-2.el7.centos.noarch.rpm thanks rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] failed installing spamassassin
hi centos 6 - 64 bit qmailtoaster latest version i downloaded spamassassin-3.4.1-0.qt.el6.x86_64.rpm from ftp://ftp.whitehorsetc.com/pub/qmail/CentOS6/qmt/srpms/spamassassin-3.4.1-0.qt.src.rpm rpm -Uvh /root/rpmbuild/RPMS/x86_64/spamassassin-3.4.1-0.qt.el6.x86_64.rpm error: Failed dependencies: perl(Mail::DomainKeys) is needed by spamassassin-3.4.1-0.qt.el6.x86_64 perl(Mail::SPF::Query) is needed by spamassassin-3.4.1-0.qt.el6.x86_64 i downloaded these modules from cpan and tried to install these but make test fails in both cases i went ahead with a "make install" which however i am still getting error concerning Failed dependencies: when i try to run rpm -Uvh /root/rpmbuild/RPMS/x86_64/spamassassin-3.4.1-0.qt.el6.x86_64.rpm help required please thanks rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com