[qmailtoaster] Issue with qtp-ami-up2date
Hi all, Just noticed a problem on one of my virtualized xen QMT boxes when running qtp-ami-up2date Received the following error: /usr/sbin/qtp-config: line 168: 1.el5: syntax error: invalid arithmetic operator (error token is .el5) I'm running CentOS 5.8 i386. Any ideas? Thanks, -- Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] Re: Issue with qtp-ami-up2date
On 6/18/12 8:13 AM, Cecil Yother, Jr. wrote: On 06/18/2012 07:58 AM, Eric Shubert wrote: On 06/17/2012 11:33 PM, Casey Price wrote: Hi all, Just noticed a problem on one of my virtualized xen QMT boxes when running qtp-ami-up2date Received the following error: /usr/sbin/qtp-config: line 168: 1.el5: syntax error: invalid arithmetic operator (error token is ".el5") I'm running CentOS 5.8 i386. Any ideas? Thanks, -- Casey Price Leave it to CJ to break something. ;) Please post: # rpm -q | grep toaster | sort That part of the code is comparing the installed version of a package to the version listed as current. It's a little tricky to do, at least in a shell script. Given that it's choking on "1.el5", where it appears to need simply "1", I'm guessing that a package that is installed on your system which has "el5" in it at the end, where the stock QMT packages do not. The result of the command above may show us this. That definitely makes sense... Here is the output (BTW, rpm -q |grep toaster |sort throws back the following error: rpmq: no arguments given for query) However, running this seems to do the trick: rpm -qa |grep toaster |sort autorespond-toaster-2.0.4-1.3.6 clamav-toaster-0.97.4-1.4.0 control-panel-toaster-0.5-1.3.7 courier-authlib-toaster-0.59.2-1.3.10 courier-imap-toaster-4.1.2-1.3.10 daemontools-toaster-0.76-1.3.6 isoqlog-toaster-2.1-1.3.7 libdomainkeys-toaster-0.68-1.3.6 libsrs2-toaster-1.0.18-1.3.6 maildrop-toaster-2.0.3-1.3.8 maildrop-toaster-devel-2.0.3-1.3.8 qmailmrtg-toaster-4.2-1.3.6 qmail-pop3d-toaster-1.03-1.3.22 qmail-toaster-1.03-1.3.22 qmailtoaster-plus-0.3.2-1.4.18 qmailtoaster-plus.repo-0.2-2 ripmime-toaster-1.4.0.6-1.3.6 simscan-toaster-1.4.0-1.3.8 spamassassin-toaster-3.2.5-1.3.17 ucspi-tcp-toaster-0.88-1.3.9 vpopmail-toaster-5.4.17-1.3.7 As far as I can recall, no - I haven't built any customized version of any of the packages (its possible, but I'm pretty darn sure everything is stock, as I just recently built this host. Any other ideas? Thanks, Casey James Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com Follow us on Twitter Find us on Facebook Have you built your own customized version of any packages? Hey, wait a minute, what did I do? I think he meant me...although, technically I'm a CJ as well -- Casey James Price. --
Re: [qmailtoaster] Re: Mail archival
On 4/19/12 7:10 AM, Eric Shubert wrote: On 04/18/2012 10:27 PM, Casey Price wrote: Eric, are you running 32bit or 64bit CentOS on your system that has mailboxes larger than 6G? 32bit. 512M ram. Not a lot of users though (30). Anyhow, long story short...everything went according to plan, but one of my users had some issues this morning accessing the mail on his smartphone (I'm pretty sure I got this one sorted out), but the new issue was that he started getting quota warning messages even though that account has been set with the NOQUOTA flag. His mailbox is currently 2.7GB, and I'm running on a 32bit install of QMT. Quotas are broken in the present QMT. We hope they'll be fixed in the upcoming vpopmail-toaster release, which is presently being tested. I expect it will be released as stable in a couple months. (Finally. This has been broken for 6+ years). I don't know the exact nature of the bug. I use NOQUOTA with no problem. Are So, I'm wondering if I missed something in the switch from Courier's IMAP to Dovecot (followed the wiki and made the appropriate config changes to the best of my knowledge). I doubt that. The customer said that he had also received a few complaints about mail being rejected when being sent to him, and I'm wondering if that may have been due to the system thinking he was over his quota. Likely the case. The other odd thing I noticed was that in qmailadmin under Email Accounts, his account shows the following: *Used/Quota (MB)* -1464.89 / unlimited that account is also configured as a catchall. I wouldn't think this would matter. Ideas Find the field in the database that contains this used value, and zero it out. I think that'll get things going for you. Any idea where that would be? I was looking through the tables in the vpopmail database and haven't come across anything yet. Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] Re: Mail archival
On 4/19/12 9:08 PM, Bharath Chari wrote: On Friday 20 April 2012 08:08 AM, Eric Shubert wrote: Find the field in the database that contains this used value, and zero it out. I think that'll get things going for you. Any idea where that would be? I was looking through the tables in the vpopmail database and haven't come across anything yet. If I knew where (which table/field) that is off hand, I would have said so. Anyone else care to identify this? It isn't in the database at all, so you are unlikely to find it there :). If you delete the maildirsize file from /home/vpopmail/yourdomain/youruser/ directory, you will force vpopmail to regenerate the size of the mailbox. Try that - copy your maildirsize file to something else first though. Ahh, that would make sense. Yeah - I tried deleting the maildirsize file and letting it be re-generated. Also, qmailadmin may report mailboxes over 2048 MB as -ve. I think it's because of a wrongly cast variable. I'll see if I can fix it for the next release. Bharath Cool beans! - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] Re: Mail archival
That is pretty cool. I'd sure like to be involved in a project like that. Which provider is this - that sure is alot of accounts and quite a mailstore! Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal On 4/18/12 4:30 PM, Jake Vickers wrote: On 04/16/2012 08:56 PM, Casey Price wrote: Wow! That is an impressive sounding project to say the least. Just out of curiosity, what are you using for your host system or systems? I'm wondering how powerful the servers would need to be to handle that kind of load. I don't have all the specs on the boxes handy - I'm more involved with the storage tuning side versus the front end side, but they'd be quad core boxes with 32G of RAM, with maybe 6-10 of them pointed at NFS shares over dedicated 1G and some 10G network links. The services are split out a fair amount - there's machines dedicated to nothing but incoming SMTP. others for spam scanning, others for client access, etc. There are a couple of each type of these setups as well - two separate data centers have a setup like the above each for the free email accounts, and there is a paid service as well, where similar setups are running for the paid customers. Obviously density of the paid versus free accounts on the boxes has a large disparity - you want the paid customers to have better service than the free ones :) All said and done between the two data centers, adding everything up, somewhere in the neighborhood of 700TB of email store with the ability to double that capacity in an hour or less. Fun stuff! - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: Mail archival
On 4/16/12 10:15 AM, Eric Shubert wrote: On 04/13/2012 07:20 PM, Casey Price wrote: Eric, Thanks for pointing this out. So while this give you the ability to effectively cc every message sent/received by an individual user or domain, it doesn't really appear to go above and beyond that. To be honest, I really don't have any experience with archival solutions so maybe my expectations are in the wrong place - however it seems like you would need another component to be able to offer an archival solution, doesn't it? Some form of management system for one - and then a way to designate what you wanted archived. For example, when I hear the word archive a few different things come to mind: 1) Individuals or companies that need to keep an absolute record of everything - TAPS is probably ideal for this (especially because it is transparent to the user) 2) People that want to save certain things for a long period of time, but don't need everything saved. Right now I have some customers with mailboxes right around 2GB on a server using Courier (I've installed Dovecot and got everything ready to migrate, just reluctant to do so in the event that it screws up all of the client subscriptions and causes mail to be re-downloaded). This server has plenty of room to grow, but eventually people will get to the point that either their mailboxes are so large that they become slow to access, or I will end up with a very very full server (both of which are likely to happen down the road some time from now, but it is something I'd like to address before it becomes a problem). So I suppose my true question here is, what are my best options to consider when trying to build a system that needs to be robust and meet the needs of the customer as technology changes? Casey Price I think your concerns about large mailboxes will become unfounded once you get dovecot implemented. I've seen mailboxes in excess of 6G with no problems. Eric, are you running 32bit or 64bit CentOS on your system that has mailboxes larger than 6G? I finally decided to tough it out and do the migration yesterday. Went quick and easy. Well...super easy, seeing how I had already done everything short of running the convert script, stopping the Courier IMAP daemons, and enabling the timekeeping script in cron. Anyhow, long story short...everything went according to plan, but one of my users had some issues this morning accessing the mail on his smartphone (I'm pretty sure I got this one sorted out), but the new issue was that he started getting quota warning messages even though that account has been set with the NOQUOTA flag. His mailbox is currently 2.7GB, and I'm running on a 32bit install of QMT. So, I'm wondering if I missed something in the switch from Courier's IMAP to Dovecot (followed the wiki and made the appropriate config changes to the best of my knowledge). The customer said that he had also received a few complaints about mail being rejected when being sent to him, and I'm wondering if that may have been due to the system thinking he was over his quota. The other odd thing I noticed was that in qmailadmin under Email Accounts, his account shows the following: *Used/Quota (MB)* -1464.89 / unlimited that account is also configured as a catchall. Ideas When it comes to managing email, I don't think there's a one size fits all solution. If you can define what your requirements are, I expect that it wouldn't be very difficult to implement a solution. I think you're right, each provider will likely have a different set of requirements and constraints. I'm still in the process of determining what exactly my customer's needs are, but MailArchiva looks the most promising at this point. That being said, I've not seen MailArchiva at all. It might make a nice addition to QMT at some point. I agree! I'll have a bit more input once I've implemented it and given it a bit of use. Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] Re: Mail archival
Wow! That is an impressive sounding project to say the least. Just out of curiosity, what are you using for your host system or systems? I'm wondering how powerful the servers would need to be to handle that kind of load. Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal On 4/16/12 5:34 PM, Jake Vickers wrote: On 04/16/2012 01:15 PM, Eric Shubert wrote: On 04/13/2012 07:20 PM, Casey Price wrote: Eric, Thanks for pointing this out. So while this give you the ability to effectively cc every message sent/received by an individual user or domain, it doesn't really appear to go above and beyond that. To be honest, I really don't have any experience with archival solutions so maybe my expectations are in the wrong place - however it seems like you would need another component to be able to offer an archival solution, doesn't it? Some form of management system for one - and then a way to designate what you wanted archived. For example, when I hear the word archive a few different things come to mind: 1) Individuals or companies that need to keep an absolute record of everything - TAPS is probably ideal for this (especially because it is transparent to the user) 2) People that want to save certain things for a long period of time, but don't need everything saved. Right now I have some customers with mailboxes right around 2GB on a server using Courier (I've installed Dovecot and got everything ready to migrate, just reluctant to do so in the event that it screws up all of the client subscriptions and causes mail to be re-downloaded). This server has plenty of room to grow, but eventually people will get to the point that either their mailboxes are so large that they become slow to access, or I will end up with a very very full server (both of which are likely to happen down the road some time from now, but it is something I'd like to address before it becomes a problem). So I suppose my true question here is, what are my best options to consider when trying to build a system that needs to be robust and meet the needs of the customer as technology changes? Casey Price I think your concerns about large mailboxes will become unfounded once you get dovecot implemented. I've seen mailboxes in excess of 6G with no problems. When it comes to managing email, I don't think there's a one size fits all solution. If you can define what your requirements are, I expect that it wouldn't be very difficult to implement a solution. That being said, I've not seen MailArchiva at all. It might make a nice addition to QMT at some point. Just scanning real quick and wanted to drop a note for the archives - if you get into large mail stores (I'm talking 5TB of mail on the small side), you'll be looking at some type of storage array to store the mail on, and access using NFS or similar. In these cases, you'll want to use the mbox format versus maildir. mbox's large file method is more manageable by back end storage arrays versus maildir (NFS getattrs, lookups, etc. are expensive in resources for the backend system/array). Depending on what solution you use for your backend storage will determine when/if you need to make that change. And for those interested, I'm currently working on a 8 million user Qmail installation, with 90TB of email stored. Performance is interesting on this setup, and the smallest change affects exponentially. - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Mail archival
Does anyone have any recommendations for an email archival system that could be used in conjunction with QMT? Once of my customers is interested in an archiving system, but we currently don't have anything in place. Thanks, -- Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] Re: Mail archival
Eric, Thanks for pointing this out. So while this give you the ability to effectively cc every message sent/received by an individual user or domain, it doesn't really appear to go above and beyond that. To be honest, I really don't have any experience with archival solutions so maybe my expectations are in the wrong place - however it seems like you would need another component to be able to offer an archival solution, doesn't it? Some form of management system for one - and then a way to designate what you wanted archived. For example, when I hear the word archive a few different things come to mind: 1) Individuals or companies that need to keep an absolute record of everything - TAPS is probably ideal for this (especially because it is transparent to the user) 2) People that want to save certain things for a long period of time, but don't need everything saved. Right now I have some customers with mailboxes right around 2GB on a server using Courier (I've installed Dovecot and got everything ready to migrate, just reluctant to do so in the event that it screws up all of the client subscriptions and causes mail to be re-downloaded). This server has plenty of room to grow, but eventually people will get to the point that either their mailboxes are so large that they become slow to access, or I will end up with a very very full server (both of which are likely to happen down the road some time from now, but it is something I'd like to address before it becomes a problem). So I suppose my true question here is, what are my best options to consider when trying to build a system that needs to be robust and meet the needs of the customer as technology changes? Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal On 4/13/12 6:50 PM, Eric Shubert wrote: On 04/13/2012 06:44 PM, Casey Price wrote: Does anyone have any recommendations for an email archival system that could be used in conjunction with QMT? Once of my customers is interested in an archiving system, but we currently don't have anything in place. Thanks, -- http://wiki.qmailtoaster.com/index.php/Taps
Re: [qmailtoaster] Mail archival
Thanks Carlos. Before I posted on here I did a quick search on Google and pulled up a few of the prominent open source solutions, and am reading up on them now. Just wanted to see what others on the list were doing and if anyone has had more luck with one rather than another. Cheers, Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal On 4/13/12 7:01 PM, Carlos Herrera Polo wrote: Mail archiva, es open source 2012/4/13, Eric Shuberte...@shubes.net: On 04/13/2012 06:44 PM, Casey Price wrote: Does anyone have any recommendations for an email archival system that could be used in conjunction with QMT? Once of my customers is interested in an archiving system, but we currently don't have anything in place. Thanks, -- http://wiki.qmailtoaster.com/index.php/Taps -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Mail archival
Carlos, Which version of MailArchiva are you using? Open-source or Enterprise? Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal On 4/13/12 8:51 PM, Carlos Herrera Polo wrote: Hi Casey.. I'm using qmailtoaster like SMTP Gateway for MS Exchange Server, and mail archiva for archiving Mail archiva have 785,000 mails aprox and I can search by content very fast 2012/4/13, Casey Priceca...@smileglobal.com: Thanks Carlos. Before I posted on here I did a quick search on Google and pulled up a few of the prominent open source solutions, and am reading up on them now. Just wanted to see what others on the list were doing and if anyone has had more luck with one rather than another. Cheers, Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.comhttp://www.smileglobal.com Follow us on Twitterhttps://twitter.com/#%21/SmileInternet Find us on Facebookhttps://www.facebook.com/smileglobal On 4/13/12 7:01 PM, Carlos Herrera Polo wrote: Mail archiva, es open source 2012/4/13, Eric Shuberte...@shubes.net: On 04/13/2012 06:44 PM, Casey Price wrote: Does anyone have any recommendations for an email archival system that could be used in conjunction with QMT? Once of my customers is interested in an archiving system, but we currently don't have anything in place. Thanks, -- http://wiki.qmailtoaster.com/index.php/Taps -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Exporting mail
One of our customers was recently purchased by another company, and their new parent company would like us to export all of the mail for the domain and get them a copy for their records...what would be the best way to go about doing this? I'd figure they want something as simple as possible so they can easily open messages and view correspondence. Thanks, -- Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] Re: Exporting mail
On 4/4/12 2:43 PM, Eric Shubert wrote: On 04/04/2012 02:31 PM, Casey Price wrote: One of our customers was recently purchased by another company, and their new parent company would like us to export all of the mail for the domain and get them a copy for their records...what would be the best way to go about doing this? I'd figure they want something as simple as possible so they can easily open messages and view correspondence. Thanks, -- I presume your customer has been using imap. If they've been using pop3, there likely isn't much mail there. Yep, IMAP. How many accounts are there? Looks like there are 10 accounts with a half a gig of mail between all of them. Does the new company have a mail server? Not sure what they are using, but I'll find out. Which email client program do they use? I'm not positive on this, but I'm pretty sure they are using Outlook. Perhaps the simplest way for them to access the email is for you to show them how to access the email on your server via imap with whatever client program they like. From there they can do with it whatever they like, including using a client program to move the email either to local folders or another server. They cancelled their account back in February, but just want a copy of their mail for archival purposes. Is there an easy way I could export the mailboxes into a useable format from the server-end? Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] Re: Spamdyke/SpamAssassin blacklisting
On 3/25/12 3:26 PM, Eric Shubert wrote: On 03/25/2012 02:54 PM, Casey Price wrote: On 3/15/12 10:44 PM, Eric Shubert wrote: On 03/15/2012 03:23 PM, Casey Price wrote: _*SPAMDYKE -- Gateway1: *_ #dns-blacklist-entry=zombie.dnsbl.sorbs.net #dns-blacklist-entry=dul.dnsbl.sorbs.net #dns-blacklist-entry=bogons.cymru.com #dns-blacklist-entry=zen.spamhaus.org I have zen.spamhaus.org enabled. That's the best RBL in my experience. Eric is zen.spamhaus.org the only RBL you are using? I also use bl.spamcop.net. I'm using spamcop as well as zen and am getting some complaints from customers overseas ever since adding the zen list. What sort of complaints? I don't have overseas customers, so if their location comes into play I wouldn't know about that. You'll need to see if perhaps a different spamhaus list is more appropriate for your situation. zen is a combination of several other lists. You may need to use a different combination for best results. Basically from what I can see in the logs, zen is blocking quite a bit - however, it appears that a number of legitimate senders are also being blocked with the following: *DENIED_RBL_MATCH reason: zen.spamhaus.org * It doesn't seem like whitelisting each and every one of these problematic senders is the most efficient. I only whitelist misconfigured senders (rDNS doesn't exist or is unresolvable). Blacklists are a whole different scenario. Is there any way I could set things up so that for specific recipient domains it would use just the spamcop RBL, and then for everyone else it would use both? Sure. spamdyke can have unique configurations for specific domains. It's a little tricky, but not bad once you get the hang of it. Check the spamdyke documentation (readme). I'll investigate. I remember seeing a section in the spamdyke documentation pertaining to creating a folder structure for the domain and/or user. It also seems that they are having some significant delays (sometimes half a day) in receiving mail from certain senders...could this just be an issue with graylisting, or do you think the additional RBL might be causing trouble? The only way RBLs would create delays is if your DNS resolver is having issues. It's likely a result of graylisting. Some sending servers aren't 'smart' enough to try sending again in a short interval. If you're getting complaints of delays, I would disable graylisting for those domains. That can be done using the graylist-level=always setting, and only have graylist directories for the domains you want to graylist (remove the directories that you don't want to graylist). That is along the lines of what I was beginning to think...the sending servers either aren't 'smart' enough, or have a longer wait time for resending. Just curious, with spamdyke do any of the settings actually define when the sending server should try again? Right now I'm setup using graylist-level=always-create-dir...so if I were to change this setting to graylist-level=always, what would the effect be on my server? What would it do with the current folder structure, and do you foresee any major disadvantages or problematic situations in doing so? Thanks! Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
[qmailtoaster] IMAP issue
Hi all, One of my customers is having some issues accessing his mail on his Verizon Palm Pixi Plus which runs Palm webOS 1.4.5.1 The problem is that he will occasionally (seems to be once or twice per day, although, so far this weekend he hasn't had the issue) lose a connection to the imap server, and then his phone will stop receiving mail. The only way he is able to begin sending/receiving mail again is to reboot the phone. I've had him send over a list of his account settings, and nothing stuck out. I also had him try to manually synch or check mail on the phone to no avail. The only thing I've noticed in the server logs is a timeout for his device when the problem begins, and then a reconnect with a different IP after he has rebooted the device. His mail is being hosted on an up-to-date QMT server, and is still using Courier for the IMAP server. I noticed his mailbox is quite large (2.5G or so)...but I'm not sure if that is contributing to the current problem. Any ideas on this one? I'm thinking it might be more of an issue with the phone than with the server, as I've never had any issues getting any other devices to reconnect to the server and check mail. It is almost as if the phone is losing the connection and then forgetting to try to re-establish the connection. Not much of a *smart* phone, eh? ;-) -- Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] Re: IMAP issue
I've done a few conversions in the past on development machines..pretty straightforward when following the guide on the wiki. Do you think that could be the cause of this issue? I've heard from numerous sources that Courier has issues with large mailboxes, but this issue just strikes me as very odd...I'll post a little snippet of the imap log for further details - however I don't get why the phone wouldn't initiate a new connection when the original connection was lost. After all...its not like the device is maintaining a constant connection with the server - it should just be connecting at a specified interval to check for new mail...although, now that I'm said that I'm wondering how often he has it set to check for messages. I think I overlooked that one. Wonder if: As items arrive get email could be causing some issues. Anyways, take a look and see if I'm missing something here: 2012-03-22 16:28:28.363847500 INFO: LOGIN, user=m...@gatof.net, ip=[97.2.78.209], protocol=IMAP 2012-03-22 16:29:41.798428500 INFO: DISCONNECTED, user=m...@gatof.net, ip=[97.2.78.209], headers=0, body=83133, rcvd=970, sent=102267, time=73 2012-03-22 16:31:46.727932500 INFO: DISCONNECTED, user=m...@gatof.net, ip=[97.2.78.209], headers=0, body=609203, rcvd=1341, sent=640760, time=198 2012-03-22 17:21:01.895961500 INFO: TIMEOUT, user=m...@gatof.net, ip=[97.2.78.209], headers=0, body=177089, rcvd=2103, sent=200534, time=10572 2012-03-22 17:49:17.330010500 INFO: LOGIN, user=m...@gatof.net, ip=[97.33.103.230], protocol=IMAP Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal On 3/24/12 6:51 PM, Eric Shubert wrote: Courier imap does have problems with larger mailboxes in that size range. I would suspect courier more than imap of being the problem. You really should be using dovecot with mailboxes that large. It is s much more efficient than courier. See the wiki for instructions for converting to dovecot. It's really pretty simple.
Re: [qmailtoaster] Re: IMAP issue
On 3/24/12 8:01 PM, Eric Shubert wrote: On 03/24/2012 07:36 PM, Casey Price wrote: I've done a few conversions in the past on development machines..pretty straightforward when following the guide on the wiki. Do you think that could be the cause of this issue? I think the probability is very high. I'd bet on it. I've heard from numerous sources that Courier has issues with large mailboxes, but this issue just strikes me as very odd...I'll post a little snippet of the imap log for further details - however I don't get why the phone wouldn't initiate a new connection when the original connection was lost. Some email client programs on 'smart' phones are not what I'd call robust. I can't say exactly why, but this doesn't surprise me. After all...its not like the device is maintaining a constant connection with the server - it should just be connecting at a specified interval to check for new mail... Not exactly. The imap protocol allows the server to notify the client immediately when a message arrives (see http://en.wikipedia.org/wiki/IMAP_IDLE), which negates the need for the client to poll the server like pop3 does (and imap can). Hard to say if this is coming into play at all or not. although, now that I'm said that I'm wondering how often he has it set to check for messages. I think I overlooked that one. Wonder if: As items arrive get email could be causing some issues. Possibly, especially if the device is polling again before courier realizes that the previous poll has timed out. Anyways, take a look and see if I'm missing something here: 2012-03-22 16:28:28.363847500 INFO: LOGIN, user=m...@gatof.net, ip=[97.2.78.209], protocol=IMAP 2012-03-22 16:29:41.798428500 INFO: DISCONNECTED, user=m...@gatof.net, ip=[97.2.78.209], headers=0, body=83133, rcvd=970, sent=102267, time=73 2012-03-22 16:31:46.727932500 INFO: DISCONNECTED, user=m...@gatof.net, ip=[97.2.78.209], headers=0, body=609203, rcvd=1341, sent=640760, time=198 2012-03-22 17:21:01.895961500 INFO: TIMEOUT, user=m...@gatof.net, ip=[97.2.78.209], headers=0, body=177089, rcvd=2103, sent=200534, time=10572 2012-03-22 17:49:17.330010500 INFO: LOGIN, user=m...@gatof.net, ip=[97.33.103.230], protocol=IMAP The fact that it's timing out indicates a problem of some sort. I'm not positive, but I would guess that the phone isn't configured to wait long enough for courier to do its thing (which it's very poor at doing with mailboxes that large). It might need to wait quite some time. I don't know enough of the details to hazard a guess as to why things are locking up. I suspect though that either the client or server (or both) aren't recovering from the timeout properly. Even if it's the phone that's not doing what it should in this situation, I expect that dovecot would solve the problem, as it's so efficient that the timeout would never occur. Alrighty...dovecot it is! Can't hurt, right? Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] Re: Spamdyke/SpamAssassin blacklisting
On 3/15/12 10:44 PM, Eric Shubert wrote: On 03/15/2012 03:23 PM, Casey Price wrote: _*SPAMDYKE -- Gateway1: *_ #dns-blacklist-entry=zombie.dnsbl.sorbs.net #dns-blacklist-entry=dul.dnsbl.sorbs.net #dns-blacklist-entry=bogons.cymru.com #dns-blacklist-entry=zen.spamhaus.org I have zen.spamhaus.org enabled. That's the best RBL in my experience. I just enabled this one my primary gateway, so we'll see how it does. I have immediately begun to notice alot of RBL entries the the logs after turning this on, so I'll see if anyone starts complaining. dns-blacklist-entry=bl.spamcop.net #Graylist settings graylist-dir=/var/spamdyke/graylist graylist-level=always-create-dir graylist-max-secs=2678400 graylist-min-secs=120 greeting-delay-secs=5 idle-timeout-secs=60 ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords ip-whitelist-file=/etc/spamdyke/whitelist_ip local-domains-file=/var/qmail/control/rcpthosts log-level=info log-target=stderr max-recipients=50 #policy-url=http://my.policy.explanation.url/ rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns recipient-blacklist-file=/etc/spamdyke/blacklist_recipients recipient-whitelist-file=/etc/spamdyke/whitelist_recipients reject-empty-rdns #reject-ip-in-cc-rdns You should enable reject-ip-in-cc-rdns unless you have a lot of email outside of the US. I use the setting, and don't seem to have any problem receiving from legit senders in other countries. I do have several customers in Europe, and a few in South America - so I need to ensure that they won't have any issues. Do you think it would still be safe to enable this one? reject-missing-sender-mx #reject-unresolvable-rdns This is a big one to enable. This stops a lot of spam, and you'll rarely find a legit domain with unconfigured rDNS. When that happens, you can whitelist the domain as an interim measure, while you contact the mail admin for the domain and the problem is resolved. A legit sender who is blocked as a result of this rule won't get through to gmail and many others either. They'll be glad to get it fixed. I'll enable this one after a day or two of testing with zen.spamhaus.org enabled and see how things go. I know you'll be right about this one...several months back when I briefly enabled this option it was helping to block 90% of all mail, but I received complaints, and now that I've gotten a bit more experience under my belt, I'll just whitelist the domains in question and contact their admins like you suggested. sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders tls-certificate-file=/var/qmail/control/servercert.pem --- _*SPAMASSASSIN -- vCluster1: *_ ok_locales all skip_rbl_checks 1 required_score 5 I use 3.7, which seems to rarely get a false positive. report_safe 0 rewrite_header Subject ***SPAM*** use_pyzor 1 use_razor2 1 use_dcc 1 use_auto_whitelist 1 bayes_path /home/vpopmail/.spamassassin/bayes use_bayes 1 use_bayes_rules 1 bayes_auto_learn 1 bayes_auto_learn_threshold_spam 6.5 I use 5.5. bayes_auto_learn_threshold_nonspam 0.1 bayes_auto_expire 1 loadplugin Mail::SpamAssassin::Plugin::URIDNSBL score FH_DATE_PAST_20XX 0.0 score DATE_IN_FUTURE_96_XX 3.9 score UNWANTED_LANGUAGE_BODY 6.0 score SORTED_RECIPS 2.0 score RCVD_ILLEGAL_IP 1.3 score NO_DNS_FOR_FROM 1.0 score RAZOR2_CHECK 3.0 score RAZOR2_CF_RANGE_51_100 3.5 score RAZOR2_CF_RANGE_E4_51_100 3.5 score RAZOR2_CF_RANGE_E8_51_100 3.5 score PYZOR_CHECK 2.0 score DCC_CHECK 3.5 score RCVD_IN_SBL 2.6 score RCVD_IN_DSBL 2.6 score RCVD_IN_NJABL_PROXY 1.000 score RCVD_IN_SORBS_HTTP 2.6 score RCVD_IN_SORBS_MISC 2.6 score RCVD_IN_BL_SPAMCOP_NET 0 score RCVD_IN_MAPS_RBL 0 score RCVD_IN_MAPS_DUL 0 score RCVD_IN_MAPS_RSS 0 score RCVD_IN_MAPS_NML 0 score URIBL_AB_SURBL 3.3 score URIBL_JP_SURBL 3.3 score URIBL_OB_SURBL 3.6 score URIBL_PH_SURBL 3.2 score URIBL_SBL 2.0 score URIBL_SC_SURBL 3.6 score URIBL_WS_SURBL 2.5 ### Custom Rules ## ### header LOCAL_DEMONSTRATION_FROM From =~ /rolex\.com/i score LOCAL_DEMONSTRATION_FROM 1.1 -- My dad is using Outlook 2010 with IMAP, so it created a .Junk E-mail folder, and I symlinked this to .Junk. I ran the qtp-clean-spam script, and modified the cron job to use .Junk instead of .Spam, but I'm not so sure that it is actually doing anything. _*Here is the output from sa-stats: *_ [root@vcluster1 spamassassin]# sa-stats Email: 1048 Autolearn: 302 AvgScore: 4.50 AvgScanTime: 6.41 sec Spam: 404 Autolearn: 302 AvgScore: 8.27 AvgScanTime: 6.15 sec Ham: 644
Re: [qmailtoaster] Re: Spamdyke/SpamAssassin blacklisting
On 3/13/12 7:36 PM, Eric Shubert wrote: On 03/13/2012 07:22 PM, Casey Price wrote: I've got one user that keeps getting tons of spam (it also happens to be my dad...go figure, the one customer I'm not charging is the biggest PITA). All of the spam is coming from a wide range of sources, but a majority of the messages are formatted the exact same way, and they are all being sent to his address in caps. I've got simscan setup with a medium-grade score for his entire domain, but I've been noticing messages are being accepted that are way above the max score of 8 I've set. Sounds like you may have neglected to run #service qmail cdb after changing the simcontrol file. (?) qmailctl cdb should have the same effect, right? Since it is all coming from random domains I don't want to just blacklist them all, as I don't think that will help. SpamAssassin is flagging some of them as spam, but quite a few are receiving low scores. Most of the messages even have spf dkim setup in them, so I'm at a loss of how to stop them. There is only 1 email address on his domain and I could swear that as soon as he clicked an unsubscribe link in one of the messages he started getting waves and waves of spam. That can happen. Need to be very careful about unsubscribing. I'm kicking myself for not giving my dad a better walkthrough on what phishing and spam tend to look like... It's sorta hard to come up with suggestions w/out seeing what your configuration settings are. It'd be nice to see spamdyke.conf for starters. Also SA's local.cf would be helpful. Do you have any sort of training with sa-learn set up? _*SPAMDYKE -- Gateway1: *_ #dns-blacklist-entry=zombie.dnsbl.sorbs.net #dns-blacklist-entry=dul.dnsbl.sorbs.net #dns-blacklist-entry=bogons.cymru.com #dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=bl.spamcop.net #Graylist settings graylist-dir=/var/spamdyke/graylist graylist-level=always-create-dir graylist-max-secs=2678400 graylist-min-secs=120 greeting-delay-secs=5 idle-timeout-secs=60 ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords ip-whitelist-file=/etc/spamdyke/whitelist_ip local-domains-file=/var/qmail/control/rcpthosts log-level=info log-target=stderr max-recipients=50 #policy-url=http://my.policy.explanation.url/ rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns recipient-blacklist-file=/etc/spamdyke/blacklist_recipients recipient-whitelist-file=/etc/spamdyke/whitelist_recipients reject-empty-rdns #reject-ip-in-cc-rdns reject-missing-sender-mx #reject-unresolvable-rdns sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders tls-certificate-file=/var/qmail/control/servercert.pem --- _*SPAMASSASSIN -- vCluster1: *_ ok_locales all skip_rbl_checks 1 required_score 5 report_safe 0 rewrite_header Subject ***SPAM*** use_pyzor 1 use_razor2 1 use_dcc 1 use_auto_whitelist 1 bayes_path /home/vpopmail/.spamassassin/bayes use_bayes 1 use_bayes_rules 1 bayes_auto_learn 1 bayes_auto_learn_threshold_spam 6.5 bayes_auto_learn_threshold_nonspam 0.1 bayes_auto_expire 1 loadplugin Mail::SpamAssassin::Plugin::URIDNSBL score FH_DATE_PAST_20XX 0.0 score DATE_IN_FUTURE_96_XX 3.9 score UNWANTED_LANGUAGE_BODY 6.0 score SORTED_RECIPS 2.0 score RCVD_ILLEGAL_IP 1.3 score NO_DNS_FOR_FROM 1.0 score RAZOR2_CHECK 3.0 score RAZOR2_CF_RANGE_51_100 3.5 score RAZOR2_CF_RANGE_E4_51_100 3.5 score RAZOR2_CF_RANGE_E8_51_100 3.5 score PYZOR_CHECK 2.0 score DCC_CHECK 3.5 score RCVD_IN_SBL 2.6 score RCVD_IN_DSBL 2.6 score RCVD_IN_NJABL_PROXY 1.000 score RCVD_IN_SORBS_HTTP 2.6 score RCVD_IN_SORBS_MISC 2.6 score RCVD_IN_BL_SPAMCOP_NET 0 score RCVD_IN_MAPS_RBL 0 score RCVD_IN_MAPS_DUL 0 score RCVD_IN_MAPS_RSS 0 score RCVD_IN_MAPS_NML 0 score URIBL_AB_SURBL 3.3 score URIBL_JP_SURBL 3.3 score URIBL_OB_SURBL 3.6 score URIBL_PH_SURBL 3.2 score URIBL_SBL 2.0 score URIBL_SC_SURBL 3.6 score URIBL_WS_SURBL 2.5 ### Custom Rules ## ### header LOCAL_DEMONSTRATION_FROM From =~ /rolex\.com/i score LOCAL_DEMONSTRATION_FROM 1.1 -- My dad is using Outlook 2010 with IMAP, so it created a .Junk E-mail folder, and I symlinked this to .Junk. I ran the qtp-clean-spam script, and modified the cron job to use .Junk instead of .Spam, but I'm not so sure that it is actually doing anything. _*Here is the output from sa-stats: *_ [root@vcluster1 spamassassin]# sa-stats Email: 1048 Autolearn: 302 AvgScore: 4.50 AvgScanTime: 6.41 sec Spam: 404 Autolearn: 302 AvgScore: 8.27 AvgScanTime: 6.15 sec Ham
[qmailtoaster] Spamdyke/SpamAssassin blacklisting
Is the blacklisting function used by spamdyke spamassassin case sensitive? For example, would blacklisting j...@domain.com effectively blacklist j...@domain.com as well? Thanks, -- Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] Re: Spamdyke/SpamAssassin blacklisting
I've got one user that keeps getting tons of spam (it also happens to be my dad...go figure, the one customer I'm not charging is the biggest PITA). All of the spam is coming from a wide range of sources, but a majority of the messages are formatted the exact same way, and they are all being sent to his address in caps. I've got simscan setup with a medium-grade score for his entire domain, but I've been noticing messages are being accepted that are way above the max score of 8 I've set. Since it is all coming from random domains I don't want to just blacklist them all, as I don't think that will help. SpamAssassin is flagging some of them as spam, but quite a few are receiving low scores. Most of the messages even have spf dkim setup in them, so I'm at a loss of how to stop them. There is only 1 email address on his domain and I could swear that as soon as he clicked an unsubscribe link in one of the messages he started getting waves and waves of spam. Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal On 3/13/12 5:39 PM, Eric Shubert wrote: On 03/13/2012 04:54 PM, Casey Price wrote: Is the blacklisting function used by spamdyke spamassassin case sensitive? For example, would blacklisting j...@domain.com effectively blacklist j...@domain.com as well? Thanks, -- I don't know for sure. The spamdyke documentation doesn't appear to say. I would expect it be insensitive. http://email.about.com/od/emailbehindthescenes/f/email_case_sens.htm
Re: [qmailtoaster] Re: QMT DSPAM
On 3/5/12 9:36 AM, Eric Shubert wrote: On 03/04/2012 05:00 PM, Casey Price wrote: Also, it looks like there are DSPAM RPMs (looks like they are on track with the latest version) on the EPEL repo or the extra packages portion of rpmforge. Should I try using these RPMs and reconfiguring/repackaging them or just install from source? Generally speaking, EPEL and rpmforge have decent builds. I would use them first, in that order, before trying to build anything from source. Thanks Eric. I downloaded the source RPM for DSPAM from EPEL and did some modifications to the spec file to comply with a couple of the recommendations I found in these howto guides: http://www.geekmax.org/articles/dspam-qmail-vpopmail.php http://dspamwiki.expass.de/Installation/Qmail http://mail.michscimfd.com/dspam/ http://www.productionmonkeys.net/guides/qmail-server/content-filtering/spam/dspam I need some help with this though, because I'm not sure about how to go about integrating this with QMT. One of the guides recommends using vpopmail vchkpw as the user/group, while another says to use simscan. From my research it appears that simscan supports DSPAM, but they don't really provide any documentation on how to go about implementing it. Who wants to help me figure this out? :-) Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] QMT DSPAM
Thanks P.V. We've moved this one to the QMT-devel list, but I think we're on the right track. Your configuration options look similar to those that I've built my RPMs - with the exception of using mysql, and putting everything under /var/lib/dspam Are you hosting more than 1 domain name? Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal On 3/5/12 8:44 PM, P.V.Anthony wrote: On 03/05/2012 10:54 PM, Steve Sills wrote: I Use qmail as a forwarder for one of my domains right now, could I use any of the domains currently on the server for training, or does it have to be the domain its sent to? I am not an expert. Every email will be tagged with something like this, !DSPAM:1,4f54d3fe88891591019197! in the body or header. DSPAM then uses this identifier when the email is forwarded to nots...@yourdomain.com or s...@yourdomain.com to learn if it is spam or notspam for that user. It can be configured as learn per domain by everyone in the domain taking the learned data from one already learned user. Hope you understand my english. Best is to read the documentation at dspam. P.V.Anthony - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] QMT DSPAM
Just to add to my previous post, has anyone tried using DSPAM in client/server mode? I'm wondering if in my situation I could setup DSPAM on my gateway servers alongside of spamdyke and then use the DSPAM client from the QMT box that actually contains the mailboxes. I haven't found a whole lot about client/server mode aside from the short blurb in the readme file so I thought I'd check with everyone on here. Also, it looks like there are DSPAM RPMs (looks like they are on track with the latest version) on the EPEL repo or the extra packages portion of rpmforge. Should I try using these RPMs and reconfiguring/repackaging them or just install from source? Thanks guys. Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal On 3/3/12 8:05 PM, Casey Price wrote: I know there has been some talk in the past about integrating Qmail Toaster with DSPAM, and just wanted to follow up on this. A quick Google search brought up several guides to using DSPAM with Qmail, and it doesn't sound incredibly difficult. I think this might be the answer for the spam filtering portion of what I've been trying to figure out for my company. Is anyone on the list using DSPAM with QMT? If so, do you have any comments regarding how well it works/how difficult it was to setup? Thanks, -- Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] QMT DSPAM
On 3/4/12 5:29 PM, P.V.Anthony wrote: On 03/04/2012 12:05 PM, Casey Price wrote: Is anyone on the list using DSPAM with QMT? If so, do you have any comments regarding how well it works/how difficult it was to setup? I am using DSPAM and it is giving me about 98% accuracy. Please note that I using it only with about 4 users now. Not sure how it will work with many users. According to the website it can handle many many users. Nice! Did you build it from source, or use the RPMs from EPEL? I just downloaded the source RPM and have been taking a look at the specfile and looking at what options I might need to change to get it to work with QMT. Which configuration options is your dspam built with? A couple of the options I'm not completely clear on are --enable-domain-scale, --enable-large-scale, and --enable-homedir Any details you can provide are much appreciated! Currently I am using the TOE and with group feature because we cannot expect the users to teach DSPAM. So the users use my teaching for their anti-spam. I would be even more accurate when the users teach the DSPAM by themselves. What I like is the teaching method. Just forward the spam email to s...@yourdomainname.com. It is great. Just that I have not personally done anything with many users. P.V.Anthony - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] qmailmrtg
I actually briefly tried Maia some time ago when I was just running a single Postfix server at home. Any recommendations on the best way to handle anti-spam/content filtering for a provider hosting hundreds of domains? Between the three gateway servers running spamdyke, were looking at upwards of half a million inbound messages per day, of which spamdyke does a great job at blocking 80-90% and sometimes more. The tough part is being able to provide different settings for different domains with the current structure of our mail system. Man, I got way off track on this thread...sorry guys! Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal On 3/2/12 10:23 PM, Martin Waschbüsch wrote: Casey, Am 03.03.2012 um 02:32 schrieb Casey Price: I'm basically just looking for an effective way to improve my spam filtering, and allow different configs for different users/domains without having to restructure my whole system. How are other large hosts or ISPs doing things? Any ISP users out here that have an opinion about this? Casey Price If you're looking for a per-user spam filter, you might want to consider something like this: http://www.maiamailguard.com/maia/wiki Although, I guess the best thing would be to separate the filter from the mail server and have it act as a security / ant-spam / anti-malware gateway. Martin
[qmailtoaster] QMT DSPAM
I know there has been some talk in the past about integrating Qmail Toaster with DSPAM, and just wanted to follow up on this. A quick Google search brought up several guides to using DSPAM with Qmail, and it doesn't sound incredibly difficult. I think this might be the answer for the spam filtering portion of what I've been trying to figure out for my company. Is anyone on the list using DSPAM with QMT? If so, do you have any comments regarding how well it works/how difficult it was to setup? Thanks, -- Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] qmail-toaster-1.03-1.3.21 now available
Should all packages be rebuilt when upgrading with qtp-newmodel? Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal On 2/29/12 9:26 AM, Délsio Cabá wrote: Hi Jake Eric, Thanks for all the work. I believe you guys deserve more than a just words. I can't contribute more than just sending to this project a donation. Where can I do that? Regards On 29 February 2012 04:31, Eric Shubert e...@shubes.net mailto:e...@shubes.net wrote: This is the latest stable release. The changes are ones which Jake made some time ago, and have been in the testing directory on the main site. I've been running this version in production since last May, so I think it's pretty stable. Here are the changes noted in the spec file: * Thu Feb 24 2011 Jake Vickers j...@qmailtoaster.com mailto:j...@qmailtoaster.com 1.03-1.3.21 - Updated chkuser to 2.0.9 - Re-diff'ed the patch file - enabled ALL extra allow chars in addresses - Disabled rcpt MX address checking If you like the changes, the credit goes to Jake. If you don't, you can blame me. ;) You're encouraged to upgrade to this version as soon as it's convenient (within a week or two). There will be a 1.3.22 release available soon which will disable cram-md5 functionality. This will be the only change in that release, so this 1.3.21 release will provide a fallback should you run into difficulty with having cram-md5 removed. This is in preparation for the upcoming upgrades to vpopmail. If you have any questions, don't hesitate to ask. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com http://www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com http://qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com mailto:qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] qmailmrtg
Martin, I'm just using the dovecot RPM provided with the instructions on the QMT wiki. What exactly is necessary to get qmailmrtg to work with dovecot? Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal On 3/1/12 11:07 PM, Martin Waschbüsch wrote: Am 02.03.2012 um 08:04 schrieb Casey Price: Martin, If you want to hook me up with the package, I could help test it out. Casey Price Casey, it all depends on how you set up dovecot. I had mine done by compiling from source and I am using daemontools to run it. Now, if you run it in a similar environment, it will probably work well. If not, I might have to adapt it to properly recognize the log files, etc. Martin
Re: [qmailtoaster] qmailmrtg
On 3/2/12 1:32 PM, Martin Waschbüsch wrote: Am 02.03.2012 um 22:12 schrieb Casey Price: Martin, I'm just using the dovecot RPM provided with the instructions on the QMT wiki. What exactly is necessary to get qmailmrtg to work with dovecot? qmailmrtg is a c program that scans the log files and creates the mrtg data files from it. It can be called with command line options. Basically it comes down to adding routines that can be used to scan dovecot log files. Is this very difficult to do Martin? Do you have any specifics? Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] qmailmrtg
Great! Thanks Martin! I'll take a look at it and see what I need to do. Eric - do we have any plans to be using supervise and multilog/daemontools log format for dovecot in the future? It sure is nice when all (or at least many) of your components are using the same logging mechanism/format, and storing them in a standardized location. Not to get too far off track here, but while we are on the topic of dovecot...has anyone had any experience setting up shared/public namespaces in dovecot for global spam/ham folders? I'm trying to figure out the best way to train spamassassin, and the issue at hand is that the mailboxes are actually stored on a separate QMT machine, and my SA boxes simply do the scanning/filtering before passing the mail to the next hop using smtproutes. Just fishing for some ideas. Thanks everyone. Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal On 3/2/12 2:17 PM, Martin Waschbüsch wrote: Am 02.03.2012 um 22:12 schrieb Casey Price: Martin, I'm just using the dovecot RPM provided with the instructions on the QMT wiki. What exactly is necessary to get qmailmrtg to work with dovecot? Casey Price This is nowhere near complete, but it gives you a first idea what needs to be done. Please note that the mrtg.conf file (I think for some reason that's contained in the .spec in this package), needs to be adapted as well and the c program of course. The package here was my first attempt to convert things to dovecot - it assumes logs are multilog/daemontools format and located in /var/log/qmail/dovecot/ Also, I did not use dovecot for pop3 back then, so that has also not been taken care of. If you give me some more time, I can easily adapt things so it will work with dovecot using syslog and in standard dovecot location and perfect the config files, etc. As it is, I'd consider this very much beta. Martin
Re: [qmailtoaster] Re: qmailmrtg
On 3/2/12 4:24 PM, Eric Shubert wrote:
On 03/02/2012 04:47 PM, Casey Price wrote:
Eric - do we have any plans to be using supervise and
multilog/daemontools log format for dovecot in the future? It sure is
nice when all (or at least many) of your components are using the same
logging mechanism/format, and storing them in a standardized location.
No. In fact, I expect QMT will be migrating to systemd and rsyslog at
some point in the future. I think it'll be best in the long run if we
use dovecot in the same way as it's packaged for the distro, in this
case using init scripts and syslog.
That makes total sense. I just wanted to figure out the gameplan.
Note, dovecot is very sensitive to time. This can be a little
problematic on VMs, as timekeeping is trickier there. A simple
solution is to run this script as a cron job every minute or so:
service dovecot status /dev/null 21 || \
service dovecot start /dev/null 21
I believe this is mentioned on the wiki as well, and I'm fairly certain
I'm using the exact same script if not something very close.
Not to get too far off track here, but while we are on the topic of
dovecot...has anyone had any experience setting up shared/public
namespaces in dovecot for global spam/ham folders?
I do that. Here's part of the dovecot config:
# This namespace can be used for people to dump their spam/ham into.
# A cron job can then use them as input to sa-learn.
# See qmailtoaster-plus for a sample script.
namespace {
location = maildir:/home/vpopmail/domains/mydomain.com/sa-learn
prefix = sa-learn.
separator = .
type = public
}
I'm trying to figure
out the best way to train spamassassin, and the issue at hand is that
the mailboxes are actually stored on a separate QMT machine, and my SA
boxes simply do the scanning/filtering before passing the mail to the
next hop using smtproutes. Just fishing for some ideas.
The sa-learn program updates the bayes database, using the shared
mailboxes as input. Exporting the shared mailboxes via nfs seems
suitable to me.
I think the trickier part is having multiple scanners. You'll need
some way of replicating the bayes databases between the two. I don't
know if a bayes database can be shared at all.
This shouldn't be an issue for me, as I'm not running spamd on the QMT
box which contains the users. Instead I'm currently using the following
hierarchy:
-- POP
GW1 -- SA1 -- Q2
-- vCluster1
(I'm currently building a new server that will eventually take the place
of GW1 SA1 and consolidate them into one host). My real problem here
is that the GW SA boxes don't actually know which users exist...they
simply have all of our domains listed in rcphosts goodrptto, and then
smtproutes is setup accordingly to pass mail from GW1 to SA1, and then
SA1 passes it on to one of the 3 servers listed above. Obviously this
isn't the ideal configuration, and I'd like to change it...but that is a
major overhaul, and I'm trying to gradually improve my infrastructure.
Ideally I would like to follow Bill Schupp's Qmail ISP Array model that
Eric posted a link to awhile back...but it will be a little while before
that can happen. So in the meantime, I'm trying to at least find ways to
automate the learning of spam/ham from a remote mailbox to my SA boxes -
if that makes sense?
So the question is do I create a namespace for each domain on each of
the 3 servers, or can I share one for all domains on each server, or
finally - can I create a shared namespace somewhere that all 3 servers
could access?
Sorry to complicate things :-P
Casey Price
Smile Global Technical Support
Submit or check trouble tickets http://billing.smileglobal.com
www.smileglobal.com http://www.smileglobal.com
Follow us on Twitter https://twitter.com/#%21/SmileInternet
Find us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] Re: qmailmrtg
On 3/2/12 5:12 PM, Eric Shubert wrote: On 03/02/2012 04:47 PM, Casey Price wrote: Not to get too far off track here, but while we are on the topic of dovecot...has anyone had any experience setting up shared/public namespaces in dovecot for global spam/ham folders? I'm trying to figure out the best way to train spamassassin, and the issue at hand is that the mailboxes are actually stored on a separate QMT machine, and my SA boxes simply do the scanning/filtering before passing the mail to the next hop using smtproutes. Just fishing for some ideas. Let me try this again. ;) Thanks :-) I think you're asking for trouble by setting up a mechanism where by users can train your bayes database, at least in an ISP setting with multiple domains. What's spam to one person could be ham to another. With so many users, this could easily get out of hand. That is a very good point. I guess I wasn't necessarily thinking I'd be allowing the users to do the training, but that spam would be put somewhere, and I could periodically run sa-learn against said spam, although from what you wrote below it sounds like that is even a recipe for trouble. To begin with, SA is not intended nor geared for global learning. At best it can handle relatively small domains. Certainly not cross-domain learning. When it comes to global learning, DSpam is better at that. Unfortunately, QMT doesn't do DSpam yet, and don't expect it soon. What problem is it that you're trying to address? I think setting up SA with training in an ISP setting is perhaps a solution that'll end up being worse than the problem it's intended to solve. I'm not running an ISP setting though, so I could be wrong. The problem is that some of my customers are complaining about increased levels of spam. Some domains get a ton of spam, while others hardly any at all. I really want to make use of spamdyke as much as I can, as it really reduces the load on the server and prevents mail from being accepted and processed that doesn't need to be. Some of the spam is being tagged by spamassassin, while some is not. Ultimately, allowing per-domain or even per-user spamassassin configs would be ideal, but therein lies my problem...spamassassin is running on a separate server (a server that just knows about each domain it serves, not which users belong to the domain). So...perhaps my answer is to run the spamc client on my servers at the last hop, and have them connect to the spamassassin box. I'm basically just looking for an effective way to improve my spam filtering, and allow different configs for different users/domains without having to restructure my whole system. How are other large hosts or ISPs doing things? Any ISP users out here that have an opinion about this? Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
[qmailtoaster] qmailmrtg
Just noticed today that my graphs for IMAP POP3 in qmailmrtg are blank for the past few months, right about the time I switched to dovecot for both POP3 IMAP. Does anyone know of configuration settings that would need to be changed to get the stats to report for dovecot? -- Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] qmailmrtg
Martin, If you want to hook me up with the package, I could help test it out. Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal On 3/1/12 10:04 PM, Martin Waschbüsch wrote: I have a replacement package that I can put out there after some more testing.. ;-) Martin Am 02.03.2012 um 00:47 schrieb Casey Price: Just noticed today that my graphs for IMAP POP3 in qmailmrtg are blank for the past few months, right about the time I switched to dovecot for both POP3 IMAP. Does anyone know of configuration settings that would need to be changed to get the stats to report for dovecot? -- Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com Follow us on Twitter Find us on Facebook
Re: [qmailtoaster] migration from ms exchange to qmailtoaster
One option is to create PST's of your mailboxes, and then on the clients using Outlook you can just import the PST. Also, I know there are some imap copying scripts/utils floating around out there that sound fairly easy to use. Do you have Admin access to your Exchange server? If so, you could use exmerge to dump PST's of all of the mailboxes (this can be scripted as well), and then re-import them on the client side from within Outlook. Are you just going to be using squirrelmail, or roundcube, for your webmail client? You could just use the one machine that has Outlook and setup a profile for each user (could be a PITA depending upon how many mailboxes you are talking about...), and then import the PSTs. Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal On 2/21/12 12:55 PM, Peter Peltonen wrote: Hi, On Tue, Feb 21, 2012 at 10:36 PM, Dan McAllisterq...@it4soho.com wrote: 1) If you have a cleartext copy of the user (e-mail addresses of their mailbox) and password information, that can easily be scripted into the vpopmail/bin/vadduser command to automagically (via script) add the usernames and passwords. This is no problem... 2) Getting the old messages and folders may be more difficult -- but in the past, I've just told individual users to copy over what they wanted (thus, giving them a chance to clean out some messages) -- in fact, I use a little human engineering here lie -- telling them that we pay extra for all the storage, so only copy what they really need! But this is: AFAIK only one user has Outlook configured and others are using Remote Outlook webmail, which of course does not offer the chance to copy messages to remote IMAP server. Best, Peter - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: QMT Domain Aliases
Thanks Dan. That is what I was hoping to hear! Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal On 2/20/12 12:26 PM, Dan McAllister wrote: Domain Aliasing will indeed result in the messages for domainA and its alias, domainB, being placed in the same mailbox... But nothing in the message handling affects the TO: field, so it will be very east to see which address the message was sent to -- look in the header! Sometimes we over-think things... Dan IT4SOHO On 2/18/2012 7:33 PM, Eric Shubert wrote: On 02/18/2012 04:17 PM, Casey Price wrote: Hi all, Quick question regarding domain aliases in QMT. If I understand them correctly, they basically just link an additional domain name to each mailbox (i.e.; Original Domain: domain.com, New domain: domain1.com -- j...@domain.com == j...@domain1.com). This would mean there is a single mailbox (j...@domain.com), which also receives mail from j...@domain1.com. First, I'd like to make sure I am understanding this correctly, but assuming I am...if email is sent to j...@domain1.com, when the user j...@domain.com checks his mail, will he have any way of knowing whether or not the mail he receives was being sent to j...@domain.com vs. j...@domain1.com? My first thought was that something should show up in the headers, but I'd like to get confirmation and see if there is any other way to differentiate? Thanks, -- I'm not certain off hand (I do know about forwards, but that's not exactly the same). I could guess. You could test. ;)
[qmailtoaster] QMT Domain Aliases
Hi all, Quick question regarding domain aliases in QMT. If I understand them correctly, they basically just link an additional domain name to each mailbox (i.e.; Original Domain: domain.com, New domain: domain1.com -- j...@domain.com == j...@domain1.com). This would mean there is a single mailbox (j...@domain.com), which also receives mail from j...@domain1.com. First, I'd like to make sure I am understanding this correctly, but assuming I am...if email is sent to j...@domain1.com, when the user j...@domain.com checks his mail, will he have any way of knowing whether or not the mail he receives was being sent to j...@domain.com vs. j...@domain1.com? My first thought was that something should show up in the headers, but I'd like to get confirmation and see if there is any other way to differentiate? Thanks, -- Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
[qmailtoaster] Tracking qmailadmin logins?
One of my customers was asking if we had any way of tracking logins to qmailadmin for their domain... The only thing I could think of is checking the access logs for httpd. If I remember correctly, vuserinfo only shows the last IP, time date a user authenticated, but that doesn't necessarily imply they logged in via qmailadmin. Any way of tracking logins, or determining who has logged in via qmailadmin? Thanks, -- Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] Re: Tracking qmailadmin logins?
On 2/7/12 3:41 PM, Eric Shubert wrote: On 02/07/2012 02:56 PM, Casey Price wrote: One of my customers was asking if we had any way of tracking logins to qmailadmin for their domain... The only thing I could think of is checking the access logs for httpd. If I remember correctly, vuserinfo only shows the last IP, time date a user authenticated, but that doesn't necessarily imply they logged in via qmailadmin. Any way of tracking logins, or determining who has logged in via qmailadmin? Thanks, apache logs show access, but not which domain or user. I think you're pretty much correct about vuserinfo too, but that shows various things depending on which service was authenticating, and doesn't appear to update when authenticating for qmailadmin. Short answer: no. Damn. I figured that was the case, but was hoping someone might know of a way. The customer is wanting to know if we can track who logs in, date/time, ip, and changes made...from the sounds of it, there isn't a mechanism for doing this as of yet - however it does seem to me that this could be a useful functionality (debugging, security-related, etc). Granted, tracking all the changes qmailadmin makes and logging it could lead to some huge logs, but it would be nice to have the ability to do so. Going even further, it would be cool if somewhere in the admin toaster you could turn on accounting or domain logging on a per domain-basis, and maybe have a few configuration parameters, such as the size of logs, how long to keep them, etc. Maybe that is reaching too far, but its an idea at that. Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
[qmailtoaster] selectively blocking email
Hi all, Got an interesting one here... Recently was asked to whitelist the domain change.org for one of my customers, however I was asked to blacklist the domain by one of our largest customers several months, as they had been receiving obscene animal-rights emails from change.org. I blacklisted it by adding the domain to the blacklist_senders file for spamdyke...so now the question is, how can I allow mail sent from change.org to domain1.com, but continue to block mail from change.org sent to domain2.com? Is it possible? Thanks, -- Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] Re: selectively blocking email
On 2/2/12 6:14 PM, Eric Shubert wrote: On 02/02/2012 05:38 PM, Casey Price wrote: Hi all, Got an interesting one here... Recently was asked to whitelist the domain change.org for one of my customers, however I was asked to blacklist the domain by one of our largest customers several months, as they had been receiving obscene animal-rights emails from change.org. I blacklisted it by adding the domain to the blacklist_senders file for spamdyke...so now the question is, how can I allow mail sent from change.org to domain1.com, but continue to block mail from change.org sent to domain2.com? Is it possible? Thanks, Yes. It's not exactly trivial to do, but it can be done using spamdyke configuration directories. See http://www.spamdyke.org/documentation/README.html#CONFIGURATION_DIR Basically, you would set up separate configuration directories for each domain. Thanks Eric. So essentially could I set it up so that there was a config directory for domain1.com, which had a blacklist_senders file for change.org? If that is the case, would I need a config directory for every domain? Looks like I'd either want to user the ../_sender_/ or ../_recipient_/ directory. The examples on spamdyke's site look like they are for individual email addresses. How would I apply it to the whole domain? For example... To create a file using the sender's email address, first create a directory structure that begins with|_sender_|and contains directories using the domain portion of the sender's email address with its words reversed and ending in|_at_|. For example, if the sender's email address is|m...@home.example.com|, the directory structure should look like this: |.../_sender_/com/example/home/_at_| The sender's username is used as the name of the configuration file. For example: |.../_sender_/com/example/home/_at_/mom| So using the example above, how would I create a rule that applied to the entire @home.example.com domain? Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] Re: Sanesecurity, spamassassin spamdyke
Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal On 1/26/12 10:06 AM, Eric Shubert wrote: On 01/25/2012 09:50 PM, Casey Price wrote: On another note...that link that Eric previously shared from Bill Schupp's site shows spamd running on a separate host with the spamc client running on the inbound boxes. How might one go about setting up something like this, and is it recommended? I believe the reason we had separated out the GW boxes from the SA boxes was because there were times that the GW boxes would get overloaded trying to process messages using spamassassin and we'd end up with a huge queue. So if I'm interpreting this correctly, if we made the SA1 box purely a spamassassin box (which it pretty much is now, but all the mail is being passed from GW1 via smtproutes) and then had spamc running on GW1, that would probably solved some of my problems don't you think? At least the ones I had been having from SaneSecurity and it sending bounces back to my GW box. Having spamd running on a separate host *might* be appropriate with 2 or more gateways, but not with just one. The main reason being that with a separate host, there's no potential performance gain due to i/o caching, which can be substantial. Well, I have 3 different gateways and two SA boxes. Gateway2 is a QMT xen guest running on a Dell PowerEdge 2650. (I believe this machine has 4 or 5G of RAM with dual Xeon 2.6 or 2.8GHz processors). Gateway3 is a VPS I am leasing from ThrustVPS (damnVPS). Nothing spectacular...but it does the job. I will have to double check on GW1. I know that one of the SA boxes should definitely replace it, because they are more powerful machine. I would wait and see how the single box performs. The stock QMT isn't really tuned at all for major ISP type installations. With a little tuning, QMT can operate at peak capacity while not becoming overloaded. Tuning parameters such as the number of connections and spamc children can do wonders. You might also consider making the /var/qmail/simscan folder a tmpfs, but if the system has ample ram then linux i/o caching can achieve the same result. You can also consider compiling the spamassassin code, although I expect the gains from that aren't significant unless your host is CPU bound. We really need to do some work on documenting tuning best practices, and get this on the wiki. Would someone care to tackle this? In any case, I expect that a single host could handle your load. Besides which, what's so bad about deferring some connections occasionally? So the message sits in the sender's queue a little longer and the message doesn't arrive quite as quickly. I think this is reasonable to expect during peak times. As long as this happens just occasionally and not continually, I doubt your customers would even notice. Did I miss (or forget) it, or have you posted what your hardware is? ;)
Re: [qmailtoaster] Hypervisor recommendations for virtualizing QMT
On 1/26/12 1:12 AM, Peter Peltonen wrote: Hi, On Thu, Jan 26, 2012 at 8:44 AM, Casey Priceca...@smileglobal.com wrote: I'm curious to hear which hypervisors some of you guys are using for virtualizing QMT or just VMs in general. I played around with Citrix XenServer for a good 6-8 months last year, very very briefly checked out Hyper-V, and currently am running Xen on CentOS 5.7 on a few of my PowerEdge 2650's. I also briefly tried out VMware's free one...ESXi? From what I've been hearing, KVM is supposed to be the new up and coming standard. I haven't used it at all and don't know much about it, but I was hoping to get some recommendations from others on here. Someone mentioned Proxmox on here a few weeks back, so I downloaded Proxmox VE 1.9 and installed it on a server I just recently bought the other night. That's about as far as I've gotten with it at this point, so maybe someone can provide some insight? I've ran my toaster in a centos5 + xen combination and been quite happy with it. No stability or perfomance issuses whatsoever. Xen is not officially supported in rhel/centos version 6, but there is a 3rd party repository for the kernel/xen packages and those have been working with ok for my dom0 and web server domUs. As qmailtoaster does not support centos6 yet, I havent tried installing a toaster on centos6 domU though. That is a good point Peter...Xen is working great on the systems I'm currently using it on at the moment. Even Amazon is using Xen for their EC2. The one thing I really want is some type of snapshot or backup system for Xen that would allow me to backup guests while they are running. Also, some form of migration capabilities...maybe not quite as far as vMotion (although I wouldn't complain if it were free...but it is way out of my price range). I would be interested in trying out KVM, but for me it has seemed still a bit immature, so I went with 3rd party Xen. And as time resources are limited I don't want to waste time learning another technology as I have a working solution with Xen. I'm curious about KVM as well, and will probably test with it a little bit and see what I think. I don't really get why RedHat decided to stop supporting xen. Does anyone have anything to say about RHEV or oVirt? Is there any type of CentOS-based RHEV? What type of virtualization is VMware doing with ESX? Is it KVM, Xen, or something else? Anyone try using Cloudmin to manage your virtual servers? Regards, Peter - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] Re: Sanesecurity, spamassassin spamdyke
Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal On 1/26/12 6:31 PM, Eric Shubert wrote: On 01/26/2012 06:34 PM, Casey Price wrote: Well, I have 3 different gateways and two SA boxes. Gateway2 is a QMT xen guest running on a Dell PowerEdge 2650. (I believe this machine has 4 or 5G of RAM with dual Xeon 2.6 or 2.8GHz processors). Gateway3 is a VPS I am leasing from ThrustVPS (damnVPS). Nothing spectacular...but it does the job. I will have to double check on GW1. I know that one of the SA boxes should definitely replace it, because they are more powerful machine. Are there any other guests running along side of GW2? I'm running one other guest, which is a front-end QMT host that belongs to my QMT Cluster - basically the QMT ISP Array setup that Jake documented in his videos. So this front-end host is mounting the mailstore and QMT files over an NFS share, and then running Dovecot, Roundcube, and Squirrelmail. At the moment there are only 3 domains on the Cluster, and I'm still in the process of testing things. The long and the short of it, is...the only real load on the host which runs GW2 is the GW2 guest. I should think you could get rid of GW3 eventually. Yeah, that will probably happen in the not-so-distant future. The only reason I've kept it up, is for redundancy and since it is at a geographically different location than the other two GW's. What are the specs on the SA boxes? SA1 - Dell PowerEdge 2650: Dual Xeon 3.4GHz 64bit processors, 4GB RAM, 1x 73GB hdd (I need to add another and setup a RAID1) SA2 - Dell E-521: AMD Athlon 64 X2 Dual Core 3800+ processor, 4GB RAM, 1x 80GB hdd (I'd like to add another and mirror this one as well) The challenge as I see it will be getting from where you're at to where you want to be with little to no disruption. Do you have domains spread across all 3 GWs presently, or is there some redundancy? Likewise for the SA boxes? GW1-3 are all configured as closely as possible. They contain all the same domains. The main differences are that GW1 is setup to pass all mail to SA1 using smtproutes, while GW2 3 are passing mail to SA2. It might be simpler to drop off a gateway entirely and put an SA box on the edge, rather than trying to put SA functionality into a GW. Especially if you're going to end up with things on the present SA hosts anyhow. Do you have anything else virtual besides GW1? The only other things I've virtualized are my virtualmin webserver, and a couple of XMX servers which are legacy boxes from when I took over the company, and are simply CentOS installs with Sendmail configured for high volume outbound mail.
Re: [qmailtoaster] Re: Sanesecurity, spamassassin spamdyke
On 1/25/12 10:40 AM, Eric Shubert wrote: On 01/24/2012 11:15 PM, Casey Price wrote: No worries Eric...I appreciate the insight! We have a few hundred domains with several thousand users. You should be able to get by with a single host in that case. Might need to beef it up a little though depending on what it's got. I believe our SA boxes are a bit beefier than the GW boxes, so I might just rebuild one of the SA boxes over the weekend and turn it into the new GW1 box and run spamdyke as well as spamassassin on it. My real need here is to consolidate a few of these front-end hosts. I meant to comment on your spamdyke config too. I'd really try to keep using the reject-unresolvable-rdns option, as it does catch a lot of spam. I've found very few legit senders that don't have this right. Typically it only happens when a server's IP address is changed and the admin overlooks this aspect. If you really need an interim fix (while the sending admin fixes their config), you can simply whitelist the domains that have a problem. This is better than disabling the filter entirely. Your scanning load will likely be reduced as a result. I definitely agree with you on that one Eric...I remember a few months ago when I turned that option on, and would check my spamdyke-stats script...it blocked literally like 90% of the mail. I started getting too many complaints about emails not being received, or senders getting errors when attempting to send mail to my customers. You are probably right though, just doing the whitelisting would probably remedy the issue. At the time I was trying to keep everyone happy and already had several customers that were giving me grief. I will have to look into it again though, because that would drastically reduce the load. Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] Re: Sanesecurity, spamassassin spamdyke
Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal On 1/25/12 8:14 PM, Casey Price wrote: On 1/25/12 10:40 AM, Eric Shubert wrote: On 01/24/2012 11:15 PM, Casey Price wrote: No worries Eric...I appreciate the insight! We have a few hundred domains with several thousand users. You should be able to get by with a single host in that case. Might need to beef it up a little though depending on what it's got. I believe our SA boxes are a bit beefier than the GW boxes, so I might just rebuild one of the SA boxes over the weekend and turn it into the new GW1 box and run spamdyke as well as spamassassin on it. My real need here is to consolidate a few of these front-end hosts. On another note...that link that Eric previously shared from Bill Schupp's site shows spamd running on a separate host with the spamc client running on the inbound boxes. How might one go about setting up something like this, and is it recommended? I believe the reason we had separated out the GW boxes from the SA boxes was because there were times that the GW boxes would get overloaded trying to process messages using spamassassin and we'd end up with a huge queue. So if I'm interpreting this correctly, if we made the SA1 box purely a spamassassin box (which it pretty much is now, but all the mail is being passed from GW1 via smtproutes) and then had spamc running on GW1, that would probably solved some of my problems don't you think? At least the ones I had been having from SaneSecurity and it sending bounces back to my GW box. I meant to comment on your spamdyke config too. I'd really try to keep using the reject-unresolvable-rdns option, as it does catch a lot of spam. I've found very few legit senders that don't have this right. Typically it only happens when a server's IP address is changed and the admin overlooks this aspect. If you really need an interim fix (while the sending admin fixes their config), you can simply whitelist the domains that have a problem. This is better than disabling the filter entirely. Your scanning load will likely be reduced as a result. I definitely agree with you on that one Eric...I remember a few months ago when I turned that option on, and would check my spamdyke-stats script...it blocked literally like 90% of the mail. I started getting too many complaints about emails not being received, or senders getting errors when attempting to send mail to my customers. You are probably right though, just doing the whitelisting would probably remedy the issue. At the time I was trying to keep everyone happy and already had several customers that were giving me grief. I will have to look into it again though, because that would drastically reduce the load. Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
[qmailtoaster] Hypervisor recommendations for virtualizing QMT
Hi all, I'm curious to hear which hypervisors some of you guys are using for virtualizing QMT or just VMs in general. I played around with Citrix XenServer for a good 6-8 months last year, very very briefly checked out Hyper-V, and currently am running Xen on CentOS 5.7 on a few of my PowerEdge 2650's. I also briefly tried out VMware's free one...ESXi? From what I've been hearing, KVM is supposed to be the new up and coming standard. I haven't used it at all and don't know much about it, but I was hoping to get some recommendations from others on here. Someone mentioned Proxmox on here a few weeks back, so I downloaded Proxmox VE 1.9 and installed it on a server I just recently bought the other night. That's about as far as I've gotten with it at this point, so maybe someone can provide some insight? -- Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] Sanesecurity, spamassassin spamdyke
Any takers on this one? The problem is definitely on my SA1 box (you can see spamd start hogging memory and eating up the processor and notice a constant heavy load when you view the stats with htop, or w. There isn't really much on the wiki regarding SaneSecurity, so I was hoping for some insight in configuring it and tuning it for better performance. So, while this is one piece to the problem, the other issue is that when messages are flagged by SaneSecurity, they are rejected by SA1 (primary spamassassin box) when GW1 (primary spamdyke box - all mail hits this server, then is passed to SA1 using smtproutes) attempts to pass the mail to the next hop. What this means is that I end up with several thousand messages in my queue every day on GW1, and they end up being something like this: 15107007 (9, L) Return-path: #@[] From: mailer-dae...@gateway1.smileglobal.com To: postmas...@gateway1.smileglobal.com Subject: failure notice Date: 25 Jan 2012 00:50:42 - Size: 23018 bytes -- Hi. This is the qmail-send program at gateway1.smileglobal.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. r...@some-domain.com: User and password not set, continuing without authentication. r...@some-domain.com 69.7.35.24 failed after I sent the message. Remote host said: 554 Your email was rejected because it contains the Sanesecurity.Jurlbl.5049.UNOFFICIAL virus Hoping someone can shed some light on this for me and help me figure out a better solution. Thanks, Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal On 1/19/12 6:12 PM, Casey Price wrote: Hi guys, Lately I've been noticing the queue on one of my gateway servers (running QMT with spamdyke) has been growing quite large on a daily basis. Once mail hits this server it is passed on to my SA box which also runs QMT with clamav spamassassin. I recently used the qtp-install-sanesecurity script, and while it appears to be properly identifying mail, it ends up rejecting the mail as it is being passed on from the gateway server. So it ends up back in the gateway queue and just sits there. Is there a way I can prevent the SA box from rejecting and sending the mail back to the gateway box? It would be nice if it just deleted the mail. I'm using simscan on the SA box as well. Any recommendations? I previously had the following options enabled in spamdyke, but ended up turning them off because many of my customers were complaining about not receiving their mail... reject-ip-in-cc-rdns reject-unresolvable-rdns Thanks -- Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] Re: Sanesecurity, spamassassin spamdyke
On 1/24/12 6:43 PM, Eric Shubert wrote: The stock QMT configuration scans the message while the perimeter smtp session is still active, which allows it to simply reject the message (not accepting it), because it's coming directly from the sender's server. In this case, the sender's server is responsible for creating a bounce message to the sender. I don't know why GW1 is bouncing the message to the postmaster@gw1 instead of the original sender, but perhaps it tried and cannot. The way you have things set up, the SA1 host needs to go ahead and accept the message from GW1, and then generate a bounce to the original sender. This is not a very good way of handling things, as it contributes to backscatter (bounces with forged return addresses). That being said, I think there may be a way to configure qmail and simscan such that a message gets bounced (returned to sender) instead of refused (leaving the sending server (GW1) to deal with it), but I don't know about how to do, and would recommend against this configuration. I agree with you on this one...I don't really like the way things are setup up at the moment. This is how things were setup when I took over, so I'm thinking I'd like to do away with my SA1 SA2 boxes and just beef up the two GW boxes and run spamassassin on them. Right now it is inefficient, because the bounces end up back in the GW queues and just waste resources. When the message is denied at the perimeter, there is no bounced message (from you), and a good chance there will be less backscatter. If you really have more traffic than a single host can deal with (which is quite a lot), then there's probably a better way to distribute the load. I would let the scanning be done on (or from) the gateway server, which handles the smtp sessions, and find another way to divvy up the load if required. Yeah, the method you are suggesting makes much more sense and seems like it would be much more effective and less-resource intensive overall compared to our current config. Sorry I can't be of more help than this. If you gave us some idea of how many domains and accounts and messages you're talking about, we might get some better idea. No worries Eric...I appreciate the insight! We have a few hundred domains with several thousand users. Oh and thanks for sending that link...I've been to that page before, but not in awhile. Anyone come across good documentation on setting up spamd on a separate machine and then using the spamc client? Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
[qmailtoaster] Sanesecurity, spamassassin spamdyke
Hi guys, Lately I've been noticing the queue on one of my gateway servers (running QMT with spamdyke) has been growing quite large on a daily basis. Once mail hits this server it is passed on to my SA box which also runs QMT with clamav spamassassin. I recently used the qtp-install-sanesecurity script, and while it appears to be properly identifying mail, it ends up rejecting the mail as it is being passed on from the gateway server. So it ends up back in the gateway queue and just sits there. Is there a way I can prevent the SA box from rejecting and sending the mail back to the gateway box? It would be nice if it just deleted the mail. I'm using simscan on the SA box as well. Any recommendations? I previously had the following options enabled in spamdyke, but ended up turning them off because many of my customers were complaining about not receiving their mail... reject-ip-in-cc-rdns reject-unresolvable-rdns Thanks -- Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] Lots of false positives from SpamAssassin lately
That might work. Any recommendations on adjustments on the rules? Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal On 1/16/12 11:41 AM, Helmut Fritz wrote: For SA, maybe you can use one as the primary and copy/rsync the .spamassassin files to the other? *From:*Casey Price [mailto:ca...@smileglobal.com] *Sent:* Sunday, January 15, 2012 10:10 PM *To:* qmailtoaster-list@qmailtoaster.com *Subject:* Re: [qmailtoaster] Lots of false positives from SpamAssassin lately Here is the tricky part...I have a bit of a unique setup. I have 3 Gateway servers running QMT with Spamdyke, they pass the mail to one of our 2 SpamAssassin servers which also run QMT. Then the SA boxes finally pass the mail to the corresponding server which holds the users and mailstore. So...what is the best way to accomplish spam learning on our SA boxes? I'm still a bit confused as to why the whitelist_from email addresses are only being assigned an AWL score of something smaller than -100. Also, recently I've added our logo to WHMCS, so invoices, support tickets, etc include a png image in the email, which is stored on the billing server and I'm pretty sure this image is triggering a few of the rules...but I don't want it to. What do you guys recommend having the required_score value set to? What about these two: /bayes_auto_learn_threshold_spam bayes_auto_learn_threshold_nonspam/ Thanks I appreciate any help you can provide. Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal On 1/15/12 9:33 PM, Helmut Fritz wrote: Are you able to feed the false positives back into the system and process/classify them as ham? I have an imap account setup that is on the server, drag unidentified spams and those that are ham to the proper account inbox, and run a script to bayes train the server pulling the emails from those two accounts (one for spam, one for ham) using the vpopmail spamassasin files. *From:*Casey Price [mailto:ca...@smileglobal.com] *Sent:* Sunday, January 15, 2012 9:09 PM *To:* qmailtoaster-list@qmailtoaster.com mailto:qmailtoaster-list@qmailtoaster.com *Subject:* [qmailtoaster] Lots of false positives from SpamAssassin lately Several of my customers have complained recently of legitimate email being flagged as spam lately, and I've also noticed even mail sent from my billing system being incorrectly labelled. I've even added the IP address of my billing server and whitelisted the email address, yet I'm still getting loads of false positives. Here is a snippet from one of the emails sent by my billing sys: X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on sa1.smileglobal.com X-Spam-Level: X-Spam-Status: Yes, score=4.9 required=4.5 tests=AWL,BAYES_99, HTML_IMAGE_ONLY_12,HTML_MESSAGE,HTML_SHORT_LINK_IMG_1,RDNS_NONE autolearn=no version=3.2.5 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 0.] * 2.5 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS * 0.0 HTML_SHORT_LINK_IMG_1 HTML is very short with a linked image * -1.1 AWL AWL: From: address is in the auto white-list Here is a portion of my local.cf config file for SpamAssassin: ok_locales all skip_rbl_checks 1 required_score 4.5 report_safe 0 rewrite_header Subject [SPAM] SA1 use_pyzor 1 use_auto_whitelist 1 bayes_path /home/vpopmail/.spamassassin/bayes use_bayes 1 use_bayes_rules 1 bayes_auto_learn 1 bayes_auto_learn_threshold_spam 6.5 bayes_auto_learn_threshold_nonspam 0.1 bayes_auto_expire 1 #loadplugin Mail::SpamAssassin::Plugin::URIDNSBL # Rule2XSBody - speedup by compilation of rulseset to native code loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody trusted_networks 69.7.35.11 69.7.35.25 69.7.35.131 69.7.35.42 Anyone have any recommendations? Should I increase the required score, or is there a better way to accomplish it? Also, I thought that whitelisting an address/domain automatically subtracts 100 from the score? My logs are showing AWL tests being scored at -0.5 to -1.1 or so. HELP Thanks, -- Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http
Re: [qmailtoaster] Re: Lots of false positives from SpamAssassin lately
Eric, Could you explain the score BAYES_XX section a little bit? What about the bayes_auto_expire 0 option - does that mean to keep things in the bayes database indefinitely? Thanks, Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal On 1/16/12 12:29 PM, Eric Shubert wrote: On 01/16/2012 01:02 PM, Helmut Fritz wrote: Not from me, unfortunately. I am hoping someone else much more experienced with SA replies. Personally, I am kinda getting opposite results. I am not getting a lot of SPAMs with a drop score of 12 (spam_hits=12 in simcontrol) and spam scoring of 4.5 (required_score 4.5 in local.cf). I feel we should be seeing more emails marked ***SPAM***. I am feeding the bayes database with the method I mentioned, just wondering why I am not seeing more email between 4.5 and 12 and marked ***SPAM***. I guess it is going to be a dig through logs unless anyone has other ideas. *From:*Casey Price [mailto:ca...@smileglobal.com] *Sent:* Monday, January 16, 2012 11:53 AM *To:* qmailtoaster-list@qmailtoaster.com *Subject:* Re: [qmailtoaster] Lots of false positives from SpamAssassin lately That might work. Any recommendations on adjustments on the rules? Casey Price The stock SA scoring doesn't give bayes enough weight to make much difference. FWIW, I use spam_hits=5.1 in simcontrol, and the following in local.cf: ok_locales all skip_rbl_checks 1 required_score 3.7 report_safe 0 rewrite_header Subject [SPAM] use_pyzor 1 use_auto_whitelist 1 bayes_path /home/vpopmail/.spamassassin/bayes use_bayes 1 use_bayes_rules 1 bayes_auto_learn 1 bayes_auto_learn_threshold_spam 5.5 bayes_auto_learn_threshold_nonspam 0.1 bayes_auto_expire 0 loadplugin Mail::SpamAssassin::Plugin::URIDNSBL trusted_networks 192.168/16 # temporary fix for this rule score FH_DATE_PAST_20XX 0.0 # Rule2XSBody - speedup by compilation of ruleset to native code loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody # adjusting these scores gives bayes more weight # commented values are the defaults # score BAYES_00 0 0 -2.312 -2.599 # score BAYES_05 0 0 -1.110 -1.110 # score BAYES_20 0 0 -0.740 -0.740 # score BAYES_40 0 0 -0.185 -0.185 # score BAYES_50 0 0 0.001 0.001 # score BAYES_60 0 0 1.0 1.0 # score BAYES_80 0 0 2.0 2.0 # score BAYES_95 0 0 3.0 3.0 # score BAYES_99 0 0 3.5 3.5 score BAYES_00 0 0 -2.612 -2.899 score BAYES_05 0 0 -1.110 -1.110 score BAYES_20 0 0 -0.740 -0.740 score BAYES_40 0 0 -0.185 -0.185 score BAYES_50 0 0 0.001 0.001 score BAYES_60 0 0 1.5 1.5 score BAYES_80 0 0 3.0 3.0 score BAYES_95 0 0 4.0 4.0 score BAYES_99 0 0 5.1 5.1 # end local.cf We should have a SpamAssassin page, perhaps in a Tuning section, on the wiki that includes stuff like this. Would someone like to see that this is done?
Re: [qmailtoaster] Renaming an email account?
Thanks Peter. That sounds like it should work. I'll give it a shot and let you guys know how things work. Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal On 1/16/12 3:29 PM, Peter Peltonen wrote: Hi, On Mon, Jan 16, 2012 at 11:00 PM, Casey Priceca...@smileglobal.com wrote: Does anyone know if it is possible to rename a user's email account within QMT? We have a customer that recently changed their last name and would like to rename their account and retain all of the old mail. Is this possible? Why don't you just create a forward with the new name to the old account? Probably people will sometimes accidentally send email to the old account name anyway... But if you want to rename the account I think you could try the following: * create a new account (so that the information gets inserted in mysql) * then just copy all files from the /home/vpopmail/domains/your domain/old account/ to /home/vpopmail/domains/your domain/new account/ * try logging in with the new account and check if you see the old email? if everything is ok, delete the old account if you want to Best, Peter - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Lots of false positives from SpamAssassin lately
That is a good point. The thought hadn't occurred to me, but now that I'm reviewing some of the other messages I'm noticing they too are showing Bayes_99. I did however stumble upon an old thread on the qmailtoaster list that had similar symptoms and Eric had a solution of changing a line in /var/qmail/supervise/smtp/run - basically changing the -H to -h. The biggest problem I've been noticing is that whitelisting doesn't appear to be subtracting 100 from the score. However, after making the change listed above, it looks like whitelisting is working again, and I'm hopeful that this problem is resolved. If not, then I'll try flushing the bayes DB. Thanks all. Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal On 1/16/12 8:18 PM, MagicWISP wrote: I would be worried that this email shows a Bayes probability of 99%, have all of your false positives been showing high Bayes results? It could be your database has been poisoned, and needs to be flushed. I have had that happen before - I had a customer that was sending non spam emails to his spam bin. After a few months of thinking that is how he deleted emails - the database was unusable. Quoting Casey Price ca...@smileglobal.com: Several of my customers have complained recently of legitimate email being flagged as spam lately, and I've also noticed even mail sent from my billing system being incorrectly labelled. I've even added the IP address of my billing server and whitelisted the email address, yet I'm still getting loads of false positives. Here is a snippet from one of the emails sent by my billing sys: X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on sa1.smileglobal.com X-Spam-Level: X-Spam-Status: Yes, score=4.9 required=4.5 tests=AWL,BAYES_99, HTML_IMAGE_ONLY_12,HTML_MESSAGE,HTML_SHORT_LINK_IMG_1,RDNS_NONE autolearn=no version=3.2.5 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 0.] * 2.5 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS * 0.0 HTML_SHORT_LINK_IMG_1 HTML is very short with a linked image * -1.1 AWL AWL: From: address is in the auto white-list Here is a portion of my local.cf config file for SpamAssassin: ok_locales all skip_rbl_checks 1 required_score 4.5 report_safe 0 rewrite_header Subject [SPAM] SA1 use_pyzor 1 use_auto_whitelist 1 bayes_path /home/vpopmail/.spamassassin/bayes use_bayes 1 use_bayes_rules 1 bayes_auto_learn 1 bayes_auto_learn_threshold_spam 6.5 bayes_auto_learn_threshold_nonspam 0.1 bayes_auto_expire 1 #loadplugin Mail::SpamAssassin::Plugin::URIDNSBL # Rule2XSBody - speedup by compilation of rulseset to native code loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody trusted_networks 69.7.35.11 69.7.35.25 69.7.35.131 69.7.35.42 Anyone have any recommendations? Should I increase the required score, or is there a better way to accomplish it? Also, I thought that whitelisting an address/domain automatically subtracts 100 from the score? My logs are showing AWL tests being scored at -0.5 to -1.1 or so. HELP Thanks, -- Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal This message was sent using IMP, the Internet Messaging Program. - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Lots of false positives from SpamAssassin lately
Several of my customers have complained recently of legitimate email being flagged as spam lately, and I've also noticed even mail sent from my billing system being incorrectly labelled. I've even added the IP address of my billing server and whitelisted the email address, yet I'm still getting loads of false positives. Here is a snippet from one of the emails sent by my billing sys: X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on sa1.smileglobal.com X-Spam-Level: X-Spam-Status: Yes, score=4.9 required=4.5 tests=AWL,BAYES_99, HTML_IMAGE_ONLY_12,HTML_MESSAGE,HTML_SHORT_LINK_IMG_1,RDNS_NONE autolearn=no version=3.2.5 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 0.] * 2.5 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS * 0.0 HTML_SHORT_LINK_IMG_1 HTML is very short with a linked image * -1.1 AWL AWL: From: address is in the auto white-list Here is a portion of my local.cf config file for SpamAssassin: ok_locales all skip_rbl_checks 1 required_score 4.5 report_safe 0 rewrite_header Subject [SPAM] SA1 use_pyzor 1 use_auto_whitelist 1 bayes_path /home/vpopmail/.spamassassin/bayes use_bayes 1 use_bayes_rules 1 bayes_auto_learn 1 bayes_auto_learn_threshold_spam 6.5 bayes_auto_learn_threshold_nonspam 0.1 bayes_auto_expire 1 #loadplugin Mail::SpamAssassin::Plugin::URIDNSBL # Rule2XSBody - speedup by compilation of rulseset to native code loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody trusted_networks 69.7.35.11 69.7.35.25 69.7.35.131 69.7.35.42 Anyone have any recommendations? Should I increase the required score, or is there a better way to accomplish it? Also, I thought that whitelisting an address/domain automatically subtracts 100 from the score? My logs are showing AWL tests being scored at -0.5 to -1.1 or so. HELP Thanks, -- Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] Lots of false positives from SpamAssassin lately
Here is the tricky part...I have a bit of a unique setup. I have 3 Gateway servers running QMT with Spamdyke, they pass the mail to one of our 2 SpamAssassin servers which also run QMT. Then the SA boxes finally pass the mail to the corresponding server which holds the users and mailstore. So...what is the best way to accomplish spam learning on our SA boxes? I'm still a bit confused as to why the whitelist_from email addresses are only being assigned an AWL score of something smaller than -100. Also, recently I've added our logo to WHMCS, so invoices, support tickets, etc include a png image in the email, which is stored on the billing server and I'm pretty sure this image is triggering a few of the rules...but I don't want it to. What do you guys recommend having the required_score value set to? What about these two: /bayes_auto_learn_threshold_spam bayes_auto_learn_threshold_nonspam/ Thanks I appreciate any help you can provide. Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal On 1/15/12 9:33 PM, Helmut Fritz wrote: Are you able to feed the false positives back into the system and process/classify them as ham? I have an imap account setup that is on the server, drag unidentified spams and those that are ham to the proper account inbox, and run a script to bayes train the server pulling the emails from those two accounts (one for spam, one for ham) using the vpopmail spamassasin files. *From:*Casey Price [mailto:ca...@smileglobal.com] *Sent:* Sunday, January 15, 2012 9:09 PM *To:* qmailtoaster-list@qmailtoaster.com *Subject:* [qmailtoaster] Lots of false positives from SpamAssassin lately Several of my customers have complained recently of legitimate email being flagged as spam lately, and I've also noticed even mail sent from my billing system being incorrectly labelled. I've even added the IP address of my billing server and whitelisted the email address, yet I'm still getting loads of false positives. Here is a snippet from one of the emails sent by my billing sys: X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on sa1.smileglobal.com X-Spam-Level: X-Spam-Status: Yes, score=4.9 required=4.5 tests=AWL,BAYES_99, HTML_IMAGE_ONLY_12,HTML_MESSAGE,HTML_SHORT_LINK_IMG_1,RDNS_NONE autolearn=no version=3.2.5 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 0.] * 2.5 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS * 0.0 HTML_SHORT_LINK_IMG_1 HTML is very short with a linked image * -1.1 AWL AWL: From: address is in the auto white-list Here is a portion of my local.cf config file for SpamAssassin: ok_locales all skip_rbl_checks 1 required_score 4.5 report_safe 0 rewrite_header Subject [SPAM] SA1 use_pyzor 1 use_auto_whitelist 1 bayes_path /home/vpopmail/.spamassassin/bayes use_bayes 1 use_bayes_rules 1 bayes_auto_learn 1 bayes_auto_learn_threshold_spam 6.5 bayes_auto_learn_threshold_nonspam 0.1 bayes_auto_expire 1 #loadplugin Mail::SpamAssassin::Plugin::URIDNSBL # Rule2XSBody - speedup by compilation of rulseset to native code loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody trusted_networks 69.7.35.11 69.7.35.25 69.7.35.131 69.7.35.42 Anyone have any recommendations? Should I increase the required score, or is there a better way to accomplish it? Also, I thought that whitelisting an address/domain automatically subtracts 100 from the score? My logs are showing AWL tests being scored at -0.5 to -1.1 or so. HELP Thanks, -- Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
RE: [qmailtoaster] Re: vchkpw-pop3: vpopmail user not found
Have any of you guys take a look at Jake's QMT ISP Array video series? I followed those and found them very useful. I actually went through the process several times (for various reasons...everything from trying different hardware, to making minor adjustments) and in the end I make a few additional modifications and substitutions of my own. Right now I have two Dell PowerEdge 2650's running Cent5.7 and acting as the backend - I have a multi-master mysql replication setup to allow bi-directional replication between the two hosts and then I'm using OCFS2 - a cluster-aware filesystem on top of DRBD which is then exported as...wait for it...an NFS4 share - which is then mounted on on my 2 front-end xen hosts. On that NFS share I've set it up like so: /data -domains +test.com +abc.com + ... -qmail +alias +control +users -roundcube +config +plugins +skins -squirrelmail +attach +prefs -vpopmail +etc Then of course, the corresponding directories are symlinked to the NFS share. So far things are working well, although I must admit I haven't done a full-scale deployment yet, and only have a few domains setup on the cluster to do initial testing. Things look good so far though. I was thinking once I'm completely done, have had everything in production for a bit I'd like to write a howto article for the wiki. Jake's video was extremely helpful, but the one thing I realized in the process of going through it, was that it would be nice to have a transcript or a written guide to refer back to. The videos are great, but it makes some of the steps take longer if you need to go back and double check one of the steps. The only other thing I noticed about the clustered approach, is that some work will need to be done to the qtp-up2date process in order for it to work on the front-end hosts (the problems I ran into were at compile-time, some of the scripts didn't like the symlinked directories. I'm sure this wouldn't be too difficult to fix though). I think I just hijacked this thread a bit...sorry guys. I had a point when I first started writing, but it looks like I went well beyond that. Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal On 1/12/12 4:22 PM, Kalil Costa - Brasilsite wrote: Domnick thanks for help. I forgot to put, but I have a backup storage too and one LVS-NAT balancing the connections. The big problem is spamassasin over 100% cpu. Qmail is OK, the load wasn't with him. Do you have one example of yours my.cnf ? Thanks again. Kalz *(sorry for my bad English...lol) Just to put some notes out there, that doesn't seem like it would solve any problems. Your still stuck with a single point of failure, if your backend decides to crap out your stuck with two dead front end boxes. Did you ever figure out what was causing the 100% load ? What I would recommend is looking at your my.cnf for mysql, and see if you have it can squeeze some performance by adjusting the query cache, waittime out, and other things. Just some info on what we did, here what we have working and it been working fine for over a year now. What we have is pretty straight forward, and might help you in your situation. QMAIL1 (APACHE) - QMAIL2 (APACHE) | | LB (Virtual IP) - For Both Gluster and MySQL. --- | | MYSQL (MASTER) MYSQL (MASTER) | | NFS (Gluster) NFS (Gluster) A single QMAIL server alone even with crappy hardware cant host a few hundred domains and a few thousand accounts. From: Kalil Costa - Brasilsite [mailto:ka...@brasilsite.com.br] Sent: Thursday, January 12, 2012 2:03 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: vchkpw-pop3: vpopmail user not found So I have two servers where are balanced connections and a storage with mysql and messages. The two hosts are with qmailtoaster and NFS to storage, I need do this because the cpu load of one server was 100%, balance the connections was my solution for both cpu and redundancy. My NFS is simple, directories shared with (rw,sync,no_root_squash) only this. Topology Server1 Server2 | | |--| | | Storage (Mysql / NFS) Some like this. thk Em 12-01-2012 17:57, Eric Shubert escreveu: On 01/12/2012 12:25 PM, Kalil Costa - Brasilsite wrote: the mysql is in the same server with NFS server. I have one storage for NFS and Mysql Please give us more information
[qmailtoaster] All Mail Deleted option not working in qmailadmin
Hi all, Got a user that is having trouble with the All Mail Deleted routing option in qmailadmin. Any mail sent to that address is still being delivered to the user's mailbox. I've tried changing back from standard and then to all mail deleted again, in addition to deleting the .qmail file and recreating. Even gone as far as removing the account and re-adding it. Running an older version of vpopmail (5.4.10) on Solaris. The .qmail file contains: # delete I've tried changing it to just the '#', but that doesn't help either. Permissions are -rw-- vpopmail vchkpw Any ideas? -- Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] Re: All Mail Deleted option not working in qmailadmin
On 12/29/11 4:33 PM, Eric Shubert wrote: On 12/29/2011 05:00 PM, Casey Price wrote: Hi all, Got a user that is having trouble with the All Mail Deleted routing option in qmailadmin. Any mail sent to that address is still being delivered to the user's mailbox. I've tried changing back from standard and then to all mail deleted again, in addition to deleting the .qmail file and recreating. Even gone as far as removing the account and re-adding it. Running an older version of vpopmail (5.4.10) on Solaris. The .qmail file contains: # delete I've tried changing it to just the '#', but that doesn't help either. Permissions are -rw-- vpopmail vchkpw Any ideas? -- Hmmm. Haven't used that option myself. Looks as though # delete is simply a comment line, according to man dot-qmail. The man page doesn't appear to have an option for delete, but it does let you pipe it to a program. Thus, if you put |cat /dev/null I expect that would do what you want. You'll need to do that manually though, and not via qmailadmin. Thanks Eric. I did some playing around with it and got it to work by simply using |/dev/null in my .qmail file for that user. Wouldn't be surprised if that was just a bug or an issue with Solaris. qmailadmin is upstream software, so would you care to post this problem on the qmailadmin list? (qmailad...@inter7.com is the list address, and you can access it via gmane.org) Thanks Casey. Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
[qmailtoaster] Problems with forwards
One of our users has been having difficulty with a couple of forwards they are trying to create. They simply do not work. I'm wondering if anyone else has had trouble with forwarding to a domain that has a dash - in the domain name after the at @ sign? i.e.; verizonw_alerts == vzwm...@some-where.domain.com All of the other forwards seem to work, just not that this sub-domain that is hosted elsewhere on a non-QMT platform. Keep in mind this is an old Solaris box running an older version of vpopmail and qmailadmin, etc. Are the forwards storage in the SQL DB? If not, where the heck are they?!? Thanks!! -- Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Find us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] Spamdyke-Stats-Report script no longer working
Thanks Brent. Looks like its working now. Not exactly sure what it was I did that fixed it...but somewhere along the lines of rebuilding all the QMT packages and reinstalling Perl modules seems to have done the trick. Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Like us on Facebook https://www.facebook.com/smileglobal On 12/16/11 10:25 AM, Brent Gardner wrote: Casey Price wrote: I'm having a problems on one of my toasters...just updated with qtp-newmodel and now I'm having trouble with the Spamdyke-Stats-Report.pl script. It runs without error, but the email that it sends out an email without any stats: Summary Allowed:00.00% Timeout:00.00% Errors :00.00% Denied :00.00% Total :00.00% However, when I run the following command: cat /var/log/qmail/smtp/current | ./spamdyke-stats I get the following: 6998 46.77% DENIED_GRAYLISTED 5780 38.63% DENIED_RDNS_MISSING 11867.92% ALLOWED 6904.61% DENIED_RBL_MATCH --- Breakdown --- - 1541.02% DENIED_SENDER_NO_MX 1511.00% TIMEOUT 10.00% DENIED_OTHER Summary Allowed: 11867.92% Timeout: 1511.00% Errors :00.00% Denied :13623 91.06% Total :14960 100.00% Any idea why? I was having a few issues with perl modules installed from CPAN, so I went through and made sure everything was up to date. It was working fine up until a few days ago, and I'm fairly certain the only the I've changed on my end was updating QMT. Any ideas? Thanks! Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Like us on Facebook https://www.facebook.com/smileglobal In the Spamdyke-Stats-Report.pl script, there's $ScriptRoot, $TempFile and $SMTPLogRoot. Check the rights on these to make sure they weren't changed. I updated clam the other day using qtp-newmodel and I had to fix rights on /var/log/qmail/smtp. Some of my scripts I was running interactively weren't working right because of this. I fixed the rights issue before the daily report jobs ran, so I don't know if they would have been affected. Brent Gardner - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Spamdyke-Stats-Report script no longer working
I'm having a problems on one of my toasters...just updated with qtp-newmodel and now I'm having trouble with the Spamdyke-Stats-Report.pl script. It runs without error, but the email that it sends out an email without any stats: Summary Allowed:00.00% Timeout:00.00% Errors :00.00% Denied :00.00% Total :00.00% However, when I run the following command: cat /var/log/qmail/smtp/current | ./spamdyke-stats I get the following: 6998 46.77% DENIED_GRAYLISTED 5780 38.63% DENIED_RDNS_MISSING 11867.92% ALLOWED 6904.61% DENIED_RBL_MATCH --- Breakdown --- - 1541.02% DENIED_SENDER_NO_MX 1511.00% TIMEOUT 10.00% DENIED_OTHER Summary Allowed: 11867.92% Timeout: 1511.00% Errors :00.00% Denied :13623 91.06% Total :14960 100.00% Any idea why? I was having a few issues with perl modules installed from CPAN, so I went through and made sure everything was up to date. It was working fine up until a few days ago, and I'm fairly certain the only the I've changed on my end was updating QMT. Any ideas? Thanks! Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Like us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] smtp with droid motorola x phone problem
On 12/14/11 11:45 AM, Gilbert T. Gutierrez, Jr. wrote: I have no issues sending with my Motorola Photon. Gilbert - Original Message - From: apow...@st-tel.net To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, December 14, 2011 9:10 AM Subject: [qmailtoaster] smtp with droid motorola x phone problem Has anyone had any issues with sending email with motorola x cell phones? Thanks -- Aaron Powell IT Manager ST Communications Office: 785-460-7300 Fax: 785-460-7301 I'm using a Motorola Droid X without any issues using the stock mail client. - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Like us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] Account Break-in Attempts
Great work guys. I just implemented this on a few of my servers (just
using the dos-hosts, sshd, vpopmail, and username-notfound rules at the
moment).
One quick question though, by default the SSH rule sends an email alert
when an IP address is blocked and it runs a whois query against that IP
(kind of a nice little feature, especially if you want to get in touch
with the network admins for the network to alert them of malicious
activity) - while this is a nice feature, it can lead to quite a few
emails throughout the day (especially if you are running it on multiple
servers)...anyone know if a way to setup some sort of digest that
would send an email once per day per server (or for all servers for that
matter) that would have a summary of the IPs that were blocked, and how
to get in touch with the owners?
On a side note, one thing I also noticed is that throughout the day I'll
get a few emails stating that the pop3 ssh jails were stopped and then
another that they were started. I know this happens when you start and
stop the fail2ban-client or iptables, but why would it be stopping those
jails on its own? Its not really hurting anything (that I'm aware of),
but its more of an annoyance.
Thanks,
Casey Price
Smile Global Technical Support
Submit or check trouble tickets http://billing.smileglobal.com
www.smileglobal.com http://www.smileglobal.com
Follow us on Twitter https://twitter.com/#%21/SmileInternet
Like us on Facebook https://www.facebook.com/smileglobal
On 12/9/11 1:01 AM, Pak Ogah wrote:
On 12/09/11 14:44, Domenico Fortunato wrote:
You can configure fail2ban for Squirrelmail login attempts if you
install the squirrel_logger plugin into Squirrelmail.
Tune up the configuration files:
in my /etc/fail2ban/jail.conf
[squirrelmail-iptables]
enabled = true
filter = squirrelmail
action = iptables[name=SquirrelMail, port=http, protocol=tcp]
sendmail-whois[name=SquirrelMail,dest=root,
sender=fail2...@example.it]
logpath = /var/log/squirrelmail.log
maxretry = 5
Also, the squirrelmail.conf:
# Fail2Ban configuration file
#
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the
logfile. The
# host must be matched by a group named host. The tag
HOST can
# be used for standard IP/hostname matching and is only an
alias for
# (?:::f{4,6}:)?(?Phost[\w\-.^_]+)
# Values: TEXT
#
failregex = \[LOGIN_ERROR\].*from HOST: Utente sconosciuto o
password errata
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
*Warning:* the failregex value must match the line written in
squirrelmail.log (it's in italian language for me :-) )
For more info search for squirrelmail fail2ban in your preferred
search engine.
I hope it help.
Domenico Fortunato.
added to http://wiki.qmailtoaster.com/index.php/Fail2Ban
while tidying it up,
please check it again to make sure your rule is correctly written
Re: [qmailtoaster] Account Break-in Attempts
Yep
Casey Price
Smile Global Technical Support
Submit or check trouble tickets http://billing.smileglobal.com
www.smileglobal.com http://www.smileglobal.com
Follow us on Twitter https://twitter.com/#%21/SmileInternet
Like us on Facebook https://www.facebook.com/smileglobal
On 12/14/11 1:28 PM, Cecil Yother, Jr. wrote:
Is you SSH on a standard port?
On 12/14/2011 12:23 PM, Casey Price wrote:
Great work guys. I just implemented this on a few of my servers (just
using the dos-hosts, sshd, vpopmail, and username-notfound rules at
the moment).
One quick question though, by default the SSH rule sends an email
alert when an IP address is blocked and it runs a whois query against
that IP (kind of a nice little feature, especially if you want to get
in touch with the network admins for the network to alert them of
malicious activity) - while this is a nice feature, it can lead to
quite a few emails throughout the day (especially if you are running
it on multiple servers)...anyone know if a way to setup some sort of
digest that would send an email once per day per server (or for all
servers for that matter) that would have a summary of the IPs that
were blocked, and how to get in touch with the owners?
On a side note, one thing I also noticed is that throughout the day
I'll get a few emails stating that the pop3 ssh jails were stopped
and then another that they were started. I know this happens when you
start and stop the fail2ban-client or iptables, but why would it be
stopping those jails on its own? Its not really hurting anything
(that I'm aware of), but its more of an annoyance.
Thanks,
Casey Price
Smile Global Technical Support
Submit or check trouble tickets http://billing.smileglobal.com
www.smileglobal.com http://www.smileglobal.com
Follow us on Twitter https://twitter.com/#%21/SmileInternet
Like us on Facebook https://www.facebook.com/smileglobal
On 12/9/11 1:01 AM, Pak Ogah wrote:
On 12/09/11 14:44, Domenico Fortunato wrote:
You can configure fail2ban for Squirrelmail login attempts if you
install the squirrel_logger plugin into Squirrelmail.
Tune up the configuration files:
in my /etc/fail2ban/jail.conf
[squirrelmail-iptables]
enabled = true
filter = squirrelmail
action = iptables[name=SquirrelMail, port=http, protocol=tcp]
sendmail-whois[name=SquirrelMail,dest=root,
sender=fail2...@example.it]
logpath = /var/log/squirrelmail.log
maxretry = 5
Also, the squirrelmail.conf:
# Fail2Ban configuration file
#
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the
logfile. The
# host must be matched by a group named host. The tag
HOST can
# be used for standard IP/hostname matching and is only an
alias for
# (?:::f{4,6}:)?(?Phost[\w\-.^_]+)
# Values: TEXT
#
failregex = \[LOGIN_ERROR\].*from HOST: Utente sconosciuto o
password errata
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
*Warning:* the failregex value must match the line written in
squirrelmail.log (it's in italian language for me :-) )
For more info search for squirrelmail fail2ban in your preferred
search engine.
I hope it help.
Domenico Fortunato.
added to http://wiki.qmailtoaster.com/index.php/Fail2Ban
while tidying it up,
please check it again to make sure your rule is correctly written
--
Cecil Yother, Jr. cj
cj's
2318 Clement Ave
Alameda, CA 94501
tel 510.865.2787 |http://yother.com
Check out the new Volvo classified resourcehttp://www.volvoclassified.com
Re: [qmailtoaster] New Install
On 12/13/11 12:18 PM, Gilbert T. Gutierrez, Jr. wrote: Another thing... I want to change the password used between the toaster and the MySQL server. Where is that password set in QMAIL? I have gotten through the other issues though I still need to work on restrictions that I have for IPs that I want to allow relay for. Gilbert /home/vpopmail/etc/vpopmail.mysql Make sure you also change the password in MySQL to match whatever you change it to for vpopmail. - Original Message - From: Gilbert T. Gutierrez, Jr. mailing-li...@phoenixinternet.net To: qmailtoaster-list@qmailtoaster.com Sent: Tuesday, December 13, 2011 11:17 AM Subject: [qmailtoaster] New Install As a veteran user of Qmail Toaster, I should know this answerBUT I DO NOT. I had multiple drives in my drive array fail within seconds of eachother causing my toaster to die so I am having to start from scratch on a new toaster (yea I know that I should have other backups). I have it rebuilt it for the most part but there are several issues that I have had. This is a Centos5 64 bit installation that I used the install scripts located on the qmailtoaster site. I did not use the plus package. 1. simscan was not being called by the toaster when I first installed it. I corrected it by editing the /etc/tcprules.d/tcp.smtp, adding QMAILQUEUE=/var/qmail/bin/simscan, and running qmailctl cdb. I think I maybe missing a few options in this file. Does anyone have an example that they can share with me for IPs that they relay for as well as IPs that they do not relay for? 2. The toaster is not creating the SPAM, LEARN SPAM or LEARN HAM folders. If I remember right, this is set in the mailfilter in /etc/mail folder. Does anyone have a copy of this file that does these things? - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Like us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] Re: Cleaning house
Casey Price
Smile Global Technical Support
Submit or check trouble tickets http://billing.smileglobal.com
www.smileglobal.com http://www.smileglobal.com
Follow us on Twitter https://twitter.com/#%21/SmileInternet
Like us on Facebook https://www.facebook.com/smileglobal
On 12/13/11 12:25 PM, Dave wrote:
Not a coder or scripter, but if anyone wanted to backup all but the
maildirs,
can they not just copy the qtp-backup,
rename it,
Then comment out the relevent lines:
#echo Backing up vpopmail domains
*#tar cfj $backupdest/$VPOPMAIL /home/vpopmail/domains /dev/null 21*
or any other items they dont want in a daily backup?
Dave
I'm with Dave on this one...I know enough scripting to get me into
trouble and before basic management/maintenance (and I can usually break
down a script and figure out how it works)...that being said, I think
Dave is right about this - granted its a quick and dirty way of doing it.
I think Eric has the right idea with using rsync, as that would be alot
more efficient and allow you to something more along the lines of
snapshots or incrementals versus full backups.
I do have a few scripts I found and did some modifications to that allow
you to backup your users on a domain-level, and I suppose if you had a
text file with all of that info you could pass that to the script.
Though it really depends on what your requirements are and what your
desired outcome is. Another one to look at (we currently use this to
backup our production mail servers) is rsnapshot.
On 12/13/2011 11:33 AM, Eric Shubert wrote:
On 12/13/2011 10:34 AM, Dave wrote:
Found this on the wiki:
http://wiki.qmailtoaster.com/index.php/Maintain_Trash_and_Spam_folder
maybe I should add my adjustments to the wiki?
Modified the qtp-clean-trash to add a clean up of old emails.
As recently our backups have been taking over 14 hours, and are around
30 Gb.
So I modified the script to delete any email in the users CUR
folder, older than 31 days .
If doing this, make sure you send a server wide email, to alert all
users what you are doing.
I gave then 2 weeks notice, and ran it last night.
Worked like a charm.
+++
#!/bin/bash
# 09/11/09 - Eric e...@shubes.net
# changed -ctime to -mtime
# refactored to simplify a bit
#
# 07/06/07 - Jake j...@v2gnu.com
# This is a modified version of Erik Espinoza's
espin...@forcenetworks.com
# #
# 23/10/2007 - Davide bu...@synhack.it
# Added the possibility to use an external file to configure the
deltrash value
# just put in DELTIME_FILE the path of the file which contain the value
# 12/12/11
# Modified again by Dave MacDonald d...@techyguru.com
# It has been modified to be used as an email cleaner.
# It will delete files in the users CUR folder that are older than 31
# days, and can be modified by adjusting the DELTIME variable.
# default DELTIME value
DELTIME=31
# config file for deltrash
DELTIME_FILE=/var/qmail/control/deltrash
# see if there is a configuration file for DELTIME
if [ -e $DELTIME_FILE ] ; then
DELTIME_TMP=`cat $DELTIME_FILE`
if [ $(echo $DELTIME_TMP | grep ^[[:digit:]]*$) ] ; then
DELTIME=$DELTIME_TMP
fi
fi
# find and process each Domain user accounts
# then find and process each file in the CUR directory
for directory in $(find /home/vpopmail/domains -type d -name cur); do
for file in $(find $directory -type f -mtime +$DELTIME); do
rm -f ${file} /dev/null 21
done
done
+++
-
FWIW, I prefer using rsync to back up maildirs, off site. Of course,
this does not include backing up domains and other non-mail user
data/settings. That needs to be done separately.
Using qtp-backup for daily backups is convenient, but not very
efficient. qtp-backup is intended more for migrations. I've had
thoughts of reworking qtp-backup to have various options for backing
up different portions of QMT data (everything except maildirs for
example), but haven't done so yet. Anyone interested in this?
Re: [qmailtoaster] Re: Trouble with qtp-newmodel
On 12/11/11 10:14 PM, Eric Shubert wrote: On 12/11/2011 09:38 PM, Casey Price wrote: Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Like us on Facebook https://www.facebook.com/smileglobal On 12/11/11 8:11 PM, Eric Shubert wrote: On 12/11/2011 08:12 PM, Casey Price wrote: On 12/11/11 6:29 PM, Eric Shubert wrote: On 12/11/2011 03:20 PM, Casey Price wrote: Having an issue updating clamav-toaster using qtp-newmodel... Basically it looks like it is having difficulty using fuse to mount the sandbox. *_See below for details:_* Shall we build a new sandbox at /mnt/qtp-sandbox? [y]/n: y Removing sandbox at /mnt/qtp-sandbox ... qtp-umount-sandbox v0.3.2 qtp-umount-sandbox: sandbox not mounted Would you like a unionfs/overlay sandbox? (recommended) [y]/n: y Using FUSE union filesystem ... qtp-mount-sandbox v0.3.3 qtp-mount-sandbox - installing dkms-fuse ... qtp-mount-sandbox - this could take a few moments - please be patient Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: pubmirrors.reflected.net * extras: mirror.wiredtree.com * rpmforge: apt.sw.be * updates: mirror.sanctuaryhost.com Setting up Install Process No package dkms-fuse available. Nothing to do *umount: /mnt/qtp-sandbox/tmp: not mounted fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied mount: mount point /mnt/qtp-sandbox/var/lib/rpm does not exist cp: target `/mnt/qtp-sandbox/var/lib/rpm' is not a directory qtp-mount-sandbox: sandbox was not mounted successfully qtp-newmodel - qtp-mount-sandbox failed, exiting * Any suggestions? I've checked the permissions on /dev/fuse, and they are as follows: [root@q2rep dev]# ls -ls fuse 0 crw-rw 1 root fuse 10, 229 Dec 12 00:48 fuse Using CentOS 5.7 i386. Thanks, -- Casey Price Which kernel version? [root@q2rep ~]# uname -a Linux q2rep.smileglobal.com 2.6.18-274.el5.028stab093.2 #1 SMP Tue Aug 23 16:46:17 MSD 2011 i686 i686 i386 GNU/Linux (this is an OpenVZ-based VPS), I did a bit of poking around, and it sounds like OpenVZ doesn't allow the end-user to have any control over modules (/lib/modules/) is empty. Its weird that everything else up to this point has worked, but maybe OpenVZ just isn't compatible? Which qmailtoaster-plus version? [root@q2rep ~]# qtp-whatami qtp-whatami v0.3.7 Mon Dec 12 06:09:55 MSK 2011 DISTRO=CentOS OSVER=5.7 QTARCH=i686 QTKERN=2.6.18-274.el5.028stab093.2 BUILD_DIST=cnt50 BUILD_DIR=/usr/src/redhat This machine's OS is supported and has been tested I think the latest kernels don't need fuse or dkms, or something like that. I don't recall exactly off hand. Let me know which versions above, and I'll get things fixed up. Might be fixed already in the source svn repo, but I'll need to check into it tomorrow. - OpenVZ might be the problem, but I'm not convinced (although I'm no expert with OpenVZ either). I'm running it ok with 2.6.18-274.3.1.el5 as a VM under VMware Server2. OpenVZ is admittedly quite a different beast though. I don't know if guests can run fuse kernel modules or not, but I would think they could since they run in user space. The big problem I see first is that you don't have dkms-fuse available, but I do: [root@tacs-mail modules]# rpm -q dkms-fuse dkms-fuse-2.7.4-1.nodist.rf [root@tacs-mail modules]# rpm -ql dkms-fuse /usr/src/fuse-2.7.4-1.nodist.rf /usr/src/fuse-2.7.4-1.nodist.rf/Makefile.in /usr/src/fuse-2.7.4-1.nodist.rf/config.h.in /usr/src/fuse-2.7.4-1.nodist.rf/configure /usr/src/fuse-2.7.4-1.nodist.rf/configure.ac /usr/src/fuse-2.7.4-1.nodist.rf/control.c /usr/src/fuse-2.7.4-1.nodist.rf/dev.c /usr/src/fuse-2.7.4-1.nodist.rf/dir.c /usr/src/fuse-2.7.4-1.nodist.rf/dkms.conf /usr/src/fuse-2.7.4-1.nodist.rf/file.c /usr/src/fuse-2.7.4-1.nodist.rf/fuse_i.h /usr/src/fuse-2.7.4-1.nodist.rf/fuse_kernel.h /usr/src/fuse-2.7.4-1.nodist.rf/inode.c /usr/src/fuse-2.7.4-1.nodist.rf/install-sh It came from the rpmforge repo. Is that package no longer available in RF repo? Please investigate. Note, qtp-newmodel (qtp-install-rpmforge actually) should have set that repo up for you. There have been some changes in that area, so please look to see what might be amiss in that area. I seem to remember RF changed some things
[qmailtoaster] Trouble with qtp-newmodel
Having an issue updating clamav-toaster using qtp-newmodel... Basically it looks like it is having difficulty using fuse to mount the sandbox. *_See below for details:_* Shall we build a new sandbox at /mnt/qtp-sandbox? [y]/n: y Removing sandbox at /mnt/qtp-sandbox ... qtp-umount-sandbox v0.3.2 qtp-umount-sandbox: sandbox not mounted Would you like a unionfs/overlay sandbox? (recommended) [y]/n: y Using FUSE union filesystem ... qtp-mount-sandbox v0.3.3 qtp-mount-sandbox - installing dkms-fuse ... qtp-mount-sandbox - this could take a few moments - please be patient Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: pubmirrors.reflected.net * extras: mirror.wiredtree.com * rpmforge: apt.sw.be * updates: mirror.sanctuaryhost.com Setting up Install Process No package dkms-fuse available. Nothing to do *umount: /mnt/qtp-sandbox/tmp: not mounted fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied mount: mount point /mnt/qtp-sandbox/var/lib/rpm does not exist cp: target `/mnt/qtp-sandbox/var/lib/rpm' is not a directory qtp-mount-sandbox: sandbox was not mounted successfully qtp-newmodel - qtp-mount-sandbox failed, exiting * Any suggestions? I've checked the permissions on /dev/fuse, and they are as follows: [root@q2rep dev]# ls -ls fuse 0 crw-rw 1 root fuse 10, 229 Dec 12 00:48 fuse Using CentOS 5.7 i386. Thanks, -- Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Like us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] Re: Trouble with qtp-newmodel
On 12/11/11 6:29 PM, Eric Shubert wrote: On 12/11/2011 03:20 PM, Casey Price wrote: Having an issue updating clamav-toaster using qtp-newmodel... Basically it looks like it is having difficulty using fuse to mount the sandbox. *_See below for details:_* Shall we build a new sandbox at /mnt/qtp-sandbox? [y]/n: y Removing sandbox at /mnt/qtp-sandbox ... qtp-umount-sandbox v0.3.2 qtp-umount-sandbox: sandbox not mounted Would you like a unionfs/overlay sandbox? (recommended) [y]/n: y Using FUSE union filesystem ... qtp-mount-sandbox v0.3.3 qtp-mount-sandbox - installing dkms-fuse ... qtp-mount-sandbox - this could take a few moments - please be patient Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: pubmirrors.reflected.net * extras: mirror.wiredtree.com * rpmforge: apt.sw.be * updates: mirror.sanctuaryhost.com Setting up Install Process No package dkms-fuse available. Nothing to do *umount: /mnt/qtp-sandbox/tmp: not mounted fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied mount: mount point /mnt/qtp-sandbox/var/lib/rpm does not exist cp: target `/mnt/qtp-sandbox/var/lib/rpm' is not a directory qtp-mount-sandbox: sandbox was not mounted successfully qtp-newmodel - qtp-mount-sandbox failed, exiting * Any suggestions? I've checked the permissions on /dev/fuse, and they are as follows: [root@q2rep dev]# ls -ls fuse 0 crw-rw 1 root fuse 10, 229 Dec 12 00:48 fuse Using CentOS 5.7 i386. Thanks, -- Casey Price Which kernel version? [root@q2rep ~]# uname -a Linux q2rep.smileglobal.com 2.6.18-274.el5.028stab093.2 #1 SMP Tue Aug 23 16:46:17 MSD 2011 i686 i686 i386 GNU/Linux (this is an OpenVZ-based VPS), I did a bit of poking around, and it sounds like OpenVZ doesn't allow the end-user to have any control over modules (/lib/modules/) is empty. Its weird that everything else up to this point has worked, but maybe OpenVZ just isn't compatible? Which qmailtoaster-plus version? [root@q2rep ~]# qtp-whatami qtp-whatami v0.3.7 Mon Dec 12 06:09:55 MSK 2011 DISTRO=CentOS OSVER=5.7 QTARCH=i686 QTKERN=2.6.18-274.el5.028stab093.2 BUILD_DIST=cnt50 BUILD_DIR=/usr/src/redhat This machine's OS is supported and has been tested I think the latest kernels don't need fuse or dkms, or something like that. I don't recall exactly off hand. Let me know which versions above, and I'll get things fixed up. Might be fixed already in the source svn repo, but I'll need to check into it tomorrow. - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: Trouble with qtp-newmodel
Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Like us on Facebook https://www.facebook.com/smileglobal On 12/11/11 8:11 PM, Eric Shubert wrote: On 12/11/2011 08:12 PM, Casey Price wrote: On 12/11/11 6:29 PM, Eric Shubert wrote: On 12/11/2011 03:20 PM, Casey Price wrote: Having an issue updating clamav-toaster using qtp-newmodel... Basically it looks like it is having difficulty using fuse to mount the sandbox. *_See below for details:_* Shall we build a new sandbox at /mnt/qtp-sandbox? [y]/n: y Removing sandbox at /mnt/qtp-sandbox ... qtp-umount-sandbox v0.3.2 qtp-umount-sandbox: sandbox not mounted Would you like a unionfs/overlay sandbox? (recommended) [y]/n: y Using FUSE union filesystem ... qtp-mount-sandbox v0.3.3 qtp-mount-sandbox - installing dkms-fuse ... qtp-mount-sandbox - this could take a few moments - please be patient Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: pubmirrors.reflected.net * extras: mirror.wiredtree.com * rpmforge: apt.sw.be * updates: mirror.sanctuaryhost.com Setting up Install Process No package dkms-fuse available. Nothing to do *umount: /mnt/qtp-sandbox/tmp: not mounted fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied fuse: failed to open /dev/fuse: Permission denied mount: mount point /mnt/qtp-sandbox/var/lib/rpm does not exist cp: target `/mnt/qtp-sandbox/var/lib/rpm' is not a directory qtp-mount-sandbox: sandbox was not mounted successfully qtp-newmodel - qtp-mount-sandbox failed, exiting * Any suggestions? I've checked the permissions on /dev/fuse, and they are as follows: [root@q2rep dev]# ls -ls fuse 0 crw-rw 1 root fuse 10, 229 Dec 12 00:48 fuse Using CentOS 5.7 i386. Thanks, -- Casey Price Which kernel version? [root@q2rep ~]# uname -a Linux q2rep.smileglobal.com 2.6.18-274.el5.028stab093.2 #1 SMP Tue Aug 23 16:46:17 MSD 2011 i686 i686 i386 GNU/Linux (this is an OpenVZ-based VPS), I did a bit of poking around, and it sounds like OpenVZ doesn't allow the end-user to have any control over modules (/lib/modules/) is empty. Its weird that everything else up to this point has worked, but maybe OpenVZ just isn't compatible? Which qmailtoaster-plus version? [root@q2rep ~]# qtp-whatami qtp-whatami v0.3.7 Mon Dec 12 06:09:55 MSK 2011 DISTRO=CentOS OSVER=5.7 QTARCH=i686 QTKERN=2.6.18-274.el5.028stab093.2 BUILD_DIST=cnt50 BUILD_DIR=/usr/src/redhat This machine's OS is supported and has been tested I think the latest kernels don't need fuse or dkms, or something like that. I don't recall exactly off hand. Let me know which versions above, and I'll get things fixed up. Might be fixed already in the source svn repo, but I'll need to check into it tomorrow. - OpenVZ might be the problem, but I'm not convinced (although I'm no expert with OpenVZ either). I'm running it ok with 2.6.18-274.3.1.el5 as a VM under VMware Server2. OpenVZ is admittedly quite a different beast though. I don't know if guests can run fuse kernel modules or not, but I would think they could since they run in user space. The big problem I see first is that you don't have dkms-fuse available, but I do: [root@tacs-mail modules]# rpm -q dkms-fuse dkms-fuse-2.7.4-1.nodist.rf [root@tacs-mail modules]# rpm -ql dkms-fuse /usr/src/fuse-2.7.4-1.nodist.rf /usr/src/fuse-2.7.4-1.nodist.rf/Makefile.in /usr/src/fuse-2.7.4-1.nodist.rf/config.h.in /usr/src/fuse-2.7.4-1.nodist.rf/configure /usr/src/fuse-2.7.4-1.nodist.rf/configure.ac /usr/src/fuse-2.7.4-1.nodist.rf/control.c /usr/src/fuse-2.7.4-1.nodist.rf/dev.c /usr/src/fuse-2.7.4-1.nodist.rf/dir.c /usr/src/fuse-2.7.4-1.nodist.rf/dkms.conf /usr/src/fuse-2.7.4-1.nodist.rf/file.c /usr/src/fuse-2.7.4-1.nodist.rf/fuse_i.h /usr/src/fuse-2.7.4-1.nodist.rf/fuse_kernel.h /usr/src/fuse-2.7.4-1.nodist.rf/inode.c /usr/src/fuse-2.7.4-1.nodist.rf/install-sh It came from the rpmforge repo. Is that package no longer available in RF repo? Please investigate. Note, qtp-newmodel (qtp-install-rpmforge actually) should have set that repo up for you. There have been some changes in that area, so please look to see what might be amiss in that area. I seem to remember RF changed some things around at one point. Perhaps we haven't rolled the changes
[qmailtoaster] QMT ISP Array -- almost ready to test!
Just wanted to post a quick update in regards to the QMT ISP Array I've been working on setting up for the past while. I initially followed Jake's video and got some tips from both and him and Schubes regarding a few questions I had...anyways, I've actually setup my back-end DB servers several times now, each time trying something a little bit different, and I'm liking the latest incarnation. Decided I'd venture into the unknown and try out a cluster-aware file system instead of using ext3/4 for my mailstore. Ended up checking out OCFS2, and I've liked what I've seen so far. Also decided to try out NFS4 (which didn't come without some initial issues, but alas its working). So I have 2 Cent 5.7 boxes running OCFS2 over DRBD8.3, which is then exported over NFS4 on both boxes, then I'm using heartbeat to control the IP address assignment. The vpopmail roundcubemail DB's are being replicated between the two, and I've setup a test front-end machine which accesses those databases and mounts the NFS4 export (which contains my qmail config, squirrelmail data, and I'm working on getting the rcm stuff on there as well). I'm just working on tightening the firewall a bit, then they should be ready to take down to the data center and get hooked up and begin testing. Well that's about it. I'm thinking if all goes well with testing I may do a little write up for the wiki in case any other have any interest in setting up a similar system. Thanks again for everyone that's answered my incredibly long emails and never-ending questions :-) -- Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Like us on Facebook https://www.facebook.com/smileglobal
Re: [qmailtoaster] Re: Client ISP IP is Listed on Spam Database
I think there are a couple people out there that have been able to get it to work, but as of late I don't think Cent6 is supported yet. I could be wrong though... Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Like us on Facebook https://www.facebook.com/smileglobal On 12/3/11 12:38 PM, Raja Mani wrote: I need install qmail on *centos6 32bi*t On Sun, Dec 4, 2011 at 1:50 AM, Eric Shubert e...@shubes.net mailto:e...@shubes.net wrote: On 12/03/2011 01:10 PM, Raja Mani wrote: Dear All, How to install qmail on cent0s32bit.I got the below error, warning: user shubes does not exist - using root warning: group shubes does not exist - using root warning: line 614: buildprereq is deprecated: BuildPreReq: shadow-utils, bzip2, net-tools error: Failed build dependencies: vpopmail-toaster = 5.4.17 is needed by qmail-toaster-1.03-1.3.20.i686 libdomainkeys-toaster = 0.68 is needed by qmail-toaster-1.03-1.3.20.i686 libsrs2-toaster = 1.0.18 is needed by qmail-toaster-1.03-1.3.20.i686 error: File not found by glob: /usr/src/redhat/RPMS/i386/qmail-toaster*.rpm error: File not found by glob: /usr/src/redhat/RPMS/i386/qmail-pop3d*.rpm -Rajamani Packages need to be installed in a certain sequence. Please follow directions here: http://wiki.qmailtoaster.com/index.php/CentOS_5_QmailToaster_Install -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com http://www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com http://qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com mailto:qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Spamd spamd/log won't stay down
Ok, maybe I'm missing something here, but I can't seem to keep spamd and spamd/log from restarting. Since we have our gateway servers separate from our spamassassin boxes, we don't usually run spamd on them since they are running spamdyke. I updated some QMT packages about a week or two ago, and it seems like ever since, spamd wants to run all the time. I tried a few different things: qmail-spam stop, and then I cd'd into /var/qmail/supervise and did a 'touch spamd/down' and 'touch spamd/log/down'. Everything works as it should, but then if I log into the server the next day, spamd spamd/log will be running again, and a quick qmailctl stat will show spamd up xxx seconds, normally down, and something to the same effect for spamd/log. What am I missing here? Running CentOS 5.7 -- Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Like us on Facebook https://www.facebook.com/smileglobal
