from:"Dan McAllister \- QMT DNS"

RE: [qmailtoaster] Upgrading openssl in an old Qmailtoaster install

2018-07-03 Thread Dan McAllister - QMT DNS

I'm normally just a lurker around here anymore -- Eric does such a GREAT job 
helping you guys! Before I forget, GREAT WORK on getting the updated OpenSSL 
package installation instructions out there!

So, I'm going to add my 2-cents worth in today as an EXPLANATION of WHY you 
need to update your QMail server... and I hope you'll see why.

People using OLD versions of Qmail, or any other mail server, are likely to 
have connectivity issues -- especially after June 30!
Why? Because the IEFT  and PCI councils have recommended the SHUTDOWN of SSL 
(all versions -- even SSLv3) by June 30, and moving to REQUIRE TLS v1.1 or 
higher. *MANY ISPs ARE ALREADY REQUIRING TLS 1.2 or HIGHER!*

So, if you're using an OpenSSL stack from CentOS 3, 4, or 5, that's going to be 
a problem unless you are able to upgrade your OpenSSL package.

Why are the old SSL versions being SHUTDOWN? Because they have known 
vulnerabilities and we (the server admin community) have had SEVERAL YEARS now 
to address them.

I just thought you (gentle readers) might want to know the reason WHY your 
15-year-old QMT installation is starting to fail! LOL

Dan McAllister

QMT DNS Admin

-Original Message-
From: Eric Broch [mailto:ebr...@whitehorsetc.com]
Sent: Wednesday, June 27, 2018 12:09 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Upgrading openssl in an old Qmailtoaster install

Have a look at this thread:

https://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg41029.html

IMHO, there were to many packages that were dependent on openssl-9.8 on the 
CentOS 5 box to make this practical.

On 6/26/2018 11:44 PM, Brian Ghidinelli wrote:
>
> I'm running into the same SMTP TLS connection errors as reported by
> Sean Murphy in this email here:
>
> https://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg41115.html
>
>
> Same scenario: old, reliable CentOS 5 box. We need a few more months
> to transition off this box and we're getting an increasing number of
> TLS failures that are hard to fix with notls FQDNs.
>
> I have upgraded our openssl so I'm wondering if it's possible, using
> the source rpm for my very old install, to recompile and provide a new
> SSL library path?
>
> I am not very experienced with rpmbuild and have toyed with the
> qmail-toaster.spec file but I believe I ran into a problem that
> openssl 1.0.2l does not pass the checks for openssl >= 0.9.8. Any
> suggestions for a short term fix?
>
> I believe I would need to recompile and then replace just qmail-smtpd
> and qmail-remote, yes?
>
>
> Brian
>
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>

--
Eric Broch
White Horse Technical Consulting (WHTC)

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] Rainloop removed squirrelmail

2018-08-21 Thread Dan McAllister - QMT DNS

Remo



Thanks for the heads up!



I will point out that there are MULTIPLE webmail interfaces that are compatible 
with QMail – SquirrelMail comes pre-packaged with QMToaster, and I always add 
RoundCube mail as an upgrade…



However, did you know that you can run ALL of them simultaneously?



If you want my roundcube client, just log into: https://mail.mydomain.com or 
https://mail.mydomain.com/webmail (I advertise the latter)

If you want my SquirrelMail client, just log into 
https://mail.mydomain.com/smail



You can easily add others – you just have to configure the virtualhosts in your 
apache config properly.



Best Regads,



Dan McAllister

QMT DNS & Mirror Admin



From: Remo Mattei 
Sent: Monday, August 20, 2018 11:13 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Rainloop removed squirrelmail




Hello guys, I installed rainloop and removed squirrelmail looks nice, =
fast, supports lots of options.

Remo



---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

RE: [qmailtoaster] COS 6.10 qmt build error.

2018-09-12 Thread Dan McAllister - QMT DNS

Tony:

One of our mirrors is apparently using SSL on their site and don't have a copy 
of OUR SSL Certificate (yes, I have one for qmailtoaster.com)... I'll have to 
research who it is, but I'll try to work with them. In the meantime, I suggest 
simply re-trying... there should be other mirrors that aren't using SSL... tho 
I am confused because your email shows the URL WITHOUT https... SSL should only 
be in play while the URL uses https (not http)...

Dan


-Original Message-
From: Tony White 
Sent: Tuesday, September 11, 2018 12:00 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] COS 6.10 qmt build error.

Hi folks,
   Trying to create a new COS6 server.

All ok up to qt-bootstrap-2
where i get this error

qt-bootstrap-2 - installing qmailtoaster-release-2.0-1.qt.nodist.noarch.rpm 
(repo) ...
Retrieving 
http://mirrors.qmailtoaster.com/current/nodist/qmailtoaster-release-2.0-1.qt.nodist.noarch.rpm


curl: (51) SSL: certificate subject name 'monk13.stakehouse.io' does not match 
target host name 'mirrors.qmailtoaster.com'
error: skipping 
http://mirrors.qmailtoaster.com/current/nodist/qmailtoaster-release-2.0-1.qt.nodist.noarch.rpm
 - transfer failed
qt-bootstrap-2 - installing qmailtoaster-util (scripts) ...

Any help appreciated please...

--
best wishes
   Tony White


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] COS 6.10 qmt build error.

2018-09-12 Thread Dan McAllister - QMT DNS

There are quite a few left -- mostly set and forgotten about, but still working 
😊

Dan

-Original Message-
From: Eric Broch 
Sent: Tuesday, September 11, 2018 5:33 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] COS 6.10 qmt build error.

Tony,

And replace

http://mirrors.qmailtoaster.com/current/nodist/qmailtoaster-release-2.0-1.qt.nodist.noarch.rpm


http://mirror2.qmailtoaster.com/current/nodist/qmailtoaster-release-2.0-1.qt.nodist.noarch.rpm



I'm not sure how many qmailtoaster mirrors are left...probably mine
(mirror2) and that's it.


On 9/11/2018 3:26 PM, Eric Broch wrote:
> Have a look here: https://www.qmailtoaster.org/ under CentOS 6
>
> -Eric
>
>
> On 9/11/2018 9:59 AM, Tony White wrote:
>> Hi folks,
>>   Trying to create a new COS6 server.
>>
>> All ok up to qt-bootstrap-2
>> where i get this error
>>
>> qt-bootstrap-2 - installing
>> qmailtoaster-release-2.0-1.qt.nodist.noarch.rpm (repo) ...
>> Retrieving
>> http://mirrors.qmailtoaster.com/current/nodist/qmailtoaster-release-2.0-1.qt.nodist.noarch.rpm
>>
>>
>> curl: (51) SSL: certificate subject name 'monk13.stakehouse.io' does
>> not match target host name 'mirrors.qmailtoaster.com'
>> error: skipping
>> http://mirrors.qmailtoaster.com/current/nodist/qmailtoaster-release-2.0-1.qt.nodist.noarch.rpm
>> - transfer failed
>> qt-bootstrap-2 - installing qmailtoaster-util (scripts) ...
>>
>> Any help appreciated please...
>>
>

--
Eric Broch
White Horse Technical Consulting (WHTC)


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] simscan - bad attachment: d

2018-09-25 Thread Dan McAllister - QMT DNS

Eric - I've been away - looks like an appropriate patch to me.

 

Dan

 

From: Eric Broch  
Sent: Friday, September 21, 2018 2:24 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] simscan - bad attachment: d

 

I'll ask again, is the qmailtoaster community in agreement that the
following patch
  (and here
 ) should be applied to simscan for qmailtoaster:



--- simscan-1.4.0/simscan.c 2011-02-08 16:00:43.579074836 -0200
+++ simscan-1.4.0-fixed/simscan.c 2011-02-08 16:04:24.931075207 -0200
@@ -1735,10 +1735,14 @@
for(i=0;i 2 ) fprintf(stderr, "simscan: checking
attachment %s against %s\n", mydirent->d_name, bk_attachments[i] );
lowerit(mydirent->d_name);
- if ( str_rstr(mydirent->d_name,bk_attachments[i]) == 0 ) {
- strncpy(AttachName, mydirent->d_name, sizeof(AttachName)-1);
- closedir(mydir);
- return(1);
+ if ( strlen(mydirent->d_name) >= strlen(bk_attachments[i]) ) {
+ if ( str_rstr(mydirent->d_name,bk_attachments[i]) == 0 ) {
+ strncpy(AttachName, mydirent->d_name, sizeof(AttachName)-1);
+ closedir(mydir);
+ return(1);
+ }
+ } else {
+ if ( DebugFlag > 2 ) fprintf(stderr, "simscan: attachment
name '%s' (%d) is shorter than '%s' (%d). IGNORED\n",
mydirent->d_name, strlen( mydirent->d_name ), bk_attachments[i],
strlen( bk_attachments[i] ) );
}
}
}



Eric

 

On 9/13/2018 10:02 AM, Michele Federici wrote:

Hi,
I have done various tests and can confirm the presence of the bug.

If the doc attachment created with word 2007 (or other?) is sent through
outlook 2003/2007 (or others?), sometimes ripmime wrong to extract the
various parts of the email by generating a file "d". 

# ripmime --disable-qmail-bounce -i test_outlook.eml -d out_dir_res
# ls -l ./out_dir_res/
-rw-r--r-- 1 root root  0 13 sep 13.32 d
-rw--- 1 root root 442368 13 sep 13.32 mydocument.doc
-rw-r--r-- 1 root root 48 13 sep 13.32 textfile0
-rw-r--r-- 1 root root121 13 sep 13.32 textfile1
-rw-r--r-- 1 root root167 13 sep 13.32 textfile2

The interesting thing is that: this does not happen with all the doc files
but only with some. 

Simscan 1.4.0 (1.qt.el7) analyzes these files and due to a bug blocks the
e-mail with the error "bad attachment: d"

I could not replicate the problem with thunderbird: all the emails sent
arrived without problems. 

Probably the correct solution is to compile simscan with the patch indicated
in the post by Gustavo Castro.

Thank you
Michele

Il 11/09/2018 12:44, Michele Federici ha scritto:

Hi,

I've found this error "Your email was rejected because it contains a bad
attachment: d" in the smtp log.

I read these old post

http://qmailtoaster-list.qmailtoaster.narkive.com/u9RF8MRE/your-email-was-re
jected-because-it-contains-a-bad-attachment-d

http://gcastrop.blogspot.com/2011/02/problemas-con-adjuntos-en-simscan-con.h
tml

but I did not understand if current simscan 1.4.0 (1.qt.el7) is compiled
with the patch.

Can you help me?

Thank you
Michele
- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional
commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  


- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional
commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  





-- 
Eric Broch
White Horse Technical Consulting (WHTC)


---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

RE: Fwd: Re: [qmailtoaster] centos 6

2018-10-02 Thread Dan McAllister - QMT DNS

I know I'm "Johnny-come-lately" on this topic, but I can explain the results 
you're seeing and have seen the same myself:

The QMT vpopmail default setup saves the hashed password, as well as the first 
16-characters of the clear-text password, in the MySQL database. That has 
already been established. What you probably don't know (or didn't think of) is 
how those fields are used!

Consider the following:
 - First, the length of the hashing algorithm is a fixed length. Different 
hashes, different lengths (for example: MD5 hashes are always 32 characters, 
SHA1 hashes have 40 characters, sha512 hashes 128, and so on...)
 - Second, ONLY the hashed password is used for validation. There is no NEED 
for the cleartext password in the database, it's there simply because the MySQL 
database was considered somewhat secure, and the original developers of the QMT 
realized that about 40% of user problems are caused by NOT KNOWING THEIR 
PASSWORDS, and being able to GIVE them their existing password was generally 
easier than resetting it (and hearing complaints that, although you "fixed" 
their desktop mail, now their phone's weren't getting email!)
 - Finally, the original designers of QMT assumed people would use long 
passwords -- it was suggested in the original documentation. Thus, saving only 
the first 16 characters of the password in cleartext meant you were only REALLY 
saving a "password hint" vs. the entire password.

So - when you enter a 75 character password (only slightly absurd these days), 
and if we assume a sha1 password hash, then the "set password" function hashes 
your 75 characters into a 40-character SHA1 hash and saves it into the database 
field that stores up to (magically) 40 characters. (FWIW: when you enter your 
2-character password of "ok", the sha1 algorithm ALSO generates a 40 character 
output!). After is stores the hashed password, it ALSO stores the first 16 
characters of the cleartext password -- because that's the length of the field 
in the database.

When you try to authenticate, the password you provided is re-hashed 
(regardless of its length -- although usually those fields have 64, 72, or 128 
character field limits - depending on the web-page designer/programmer), and 
those 40 characters (the output of the sha1 hash) are compared to your stored 
hash... there is no query of the cleartext password.

Unfortunately, when you attempt to restore your passwords using just the stored 
cleartext passwords, you will find (not surprisingly) that passwords that were 
longer than the 16 chars generate a totally different hash result! (Interesting 
side-note: you could have told your users that their passwords were unchanged, 
but that they had to stop after the 16th character -- and it would have worked!)

I hope this explains a few things!!

Dan

IT4SOHO, LLC
33 4th St N; STE 211
St. Petersburg, FL 33701
+1-877-IT4SOHO
+1-877-484-7646
For service requests, direct your email to serv...@it4soho.com

-Original Message-
From: Eric Broch 
Sent: Friday, September 28, 2018 1:35 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: Fwd: Re: [qmailtoaster] centos 6

Thanks, Andy. Plain text password have been a part of qt for as long as I've 
been using it. I understand you're concern. I'm not sure about the password 
length issue, I don't remember ever changing (patching) vpopmail like that, but 
I'll look into it.

On 9/27/2018 11:28 PM, Andrew Swartz wrote:
> I recently did the backup/restore and I have one hiccup to report.
>
> A few of the account passwords did not work after backup from centos5
> and restore to centos7.
>
> Took some time to troubleshoot, but I poked around in the vpopmail
> database and figured it out.  It was due to the vpopmail database
> schema, which stores a 16 character password AND its hash.  It allowed
> [and worked with] passwords longer than 16 characters (I'm unsure how).
> But after the backup/restore, all passwords longer than 16 characters
> failed.  Problem was fixed by resetting all of these passwords to new
> ones with the proper length.  Luckily there were not many like this.
> But for a large system, this could be a major pain.
>
> This seems like a bug.  If the max password length is 16 characters,
> then the set-password webpage should reject passwords that are too long.
>
> Also, I'm not sure why it stores a plaintext password in addition to
> its hash.  The modern standard is to store only the hash.  This is
> potentially a major security problem.
>
> -Andy
>
>
> On 9/27/2018 8:57 PM, Tony White wrote:
>> Eric,
>>I now have a working v6 COS qmt, thank you for you help an patience.
>> Now the backup and restore...
>>
>> best wishes
>>Tony White
>>
>> On 28/09/18 14:43, Eric Broch wrote:
>>
>>> changed now
>>>
>>>
>>> On 9/27/2018 10:41 PM, Tony White wrote:
 Eric,
Yes I did run that command.

At stage 3 after manually starting qmail at the end of qt-install.

 Stage 3

 rpm -Uvh
>

RE: Fwd: Re: [qmailtoaster] centos 6

2018-10-02 Thread Dan McAllister - QMT DNS

I hear ya Andrew! I have a very large QMT that hosts hundreds of domains. One 
of those tenants knows that this is a QMT install, and wanted to have access to 
the vqadmin program -- which WOULD have given them visibility to other domains' 
passwords -- but I deny access to that tool to anyone (I don't even use it)... 
they CAN use the admin role with the standard qmailadmin interface, because 
that is limited to one domain at a time.

I have a list of "superadmins" for that system that have access to the user 
passwords through the shell "vuserinfo" command -- and you have to be elevated 
(root) to run that, so anyone breaking in (hacking) the website (apache user), 
or qmail (qmail, qmaill, or qmailq users) or even vpopmail (vpopmail user) will 
NOT be able to run that command.

I also CHANGE the default passwords for the MySQL database... so if you CAN 
break in, you CANNOT just query the database (because the vpopmail password is 
well known).

So that's been my way to deal with it... your mileage may vary 😊

Dan

-Original Message-
From: Andrew Swartz  
Sent: Tuesday, October 2, 2018 11:24 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: Fwd: Re: [qmailtoaster] centos 6

Dan,

Excellent explanation. Thank you.

It explains something which I did not report in my email:  I solved this
by trying only the first 16 characters of the long passwords, and sure
enough they validated.  I did not put enough thought into it to realize
that the hashes had been regenerated from the shortened passwords.

This explanation implies that the problem is that the restore script
generates new hashes from the [stored] cleartext passwords.  Seems like
an easy fix would be to just backup/restore the hashes instead of
generating new hashes.

QUESTIONS:
1. What is the format of the stored hash?  Looks like concatenation of
two [atypical] base64 fields.

2. How difficult would it be to remove the cleartext passwords from
vpopmail?  I see the logic of storing the "hint".  But it means that for
systems with multiple admins, all of the admins can view (and therefore
use) most users' passwords.  That is problematic even without
considering the foreign intruder risk.

My security concern for QMT has always been that I've never trusted the
qmail accessories as much as qmail itself.  I remain fairly confident
that an intruder will not enter via port 25 (i.e. through qmail).  But
running the web server (for webmail) markedly increases the risk.

QUESTION: could a webserver SQL-injection retrieve the cleartext passwords?

-Andy

On 10/2/2018 5:02 AM, Dan McAllister - QMT DNS wrote:
> I know I'm "Johnny-come-lately" on this topic, but I can explain the results 
> you're seeing and have seen the same myself:
> 
> The QMT vpopmail default setup saves the hashed password, as well as the 
> first 16-characters of the clear-text password, in the MySQL database. That 
> has already been established. What you probably don't know (or didn't think 
> of) is how those fields are used!
> 
> Consider the following:
>  - First, the length of the hashing algorithm is a fixed length. Different 
> hashes, different lengths (for example: MD5 hashes are always 32 characters, 
> SHA1 hashes have 40 characters, sha512 hashes 128, and so on...)
>  - Second, ONLY the hashed password is used for validation. There is no NEED 
> for the cleartext password in the database, it's there simply because the 
> MySQL database was considered somewhat secure, and the original developers of 
> the QMT realized that about 40% of user problems are caused by NOT KNOWING 
> THEIR PASSWORDS, and being able to GIVE them their existing password was 
> generally easier than resetting it (and hearing complaints that, although you 
> "fixed" their desktop mail, now their phone's weren't getting email!)
>  - Finally, the original designers of QMT assumed people would use long 
> passwords -- it was suggested in the original documentation. Thus, saving 
> only the first 16 characters of the password in cleartext meant you were only 
> REALLY saving a "password hint" vs. the entire password.
> 
> So - when you enter a 75 character password (only slightly absurd these 
> days), and if we assume a sha1 password hash, then the "set password" 
> function hashes your 75 characters into a 40-character SHA1 hash and saves it 
> into the database field that stores up to (magically) 40 characters. (FWIW: 
> when you enter your 2-character password of "ok", the sha1 algorithm ALSO 
> generates a 40 character output!). After is stores the hashed password, it 
> ALSO stores the first 16 characters of the cleartext password -- because 
> that's the length of the field in the database.
> 
> When you try to authenticate, the passwo

RE: [qmailtoaster] rpcbind

2019-03-19 Thread Dan McAllister - QMT DNS

I personally disable portmap and all RPC services on my servers. Even NFS is 
now at v4 and uses TCP and well-known-ports, not the portmapper.

I have no issues with QMT working in that environment.

 

There are a HOST of other services that come in a startup CentOS 6 or CentOS 7 
install – I ALWAYS inventory my new builds to remove unneeded and unwanted 
services.

 

Best Regard,

 

Dan McAllister

 

 

From: Remo Mattei  
Sent: Tuesday, March 19, 2019 11:33 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] rpcbind

 

I agree. Eric will be the person to go. 

 

Remo

 

 

 

On Tuesday, Mar 19, 2019 at 08:21, Leonardo Porto mailto:leonardo.po...@iw.net.br> > wrote:

Right, but if Toaster doesn't really use it and I don't use NFS or anything 
rpcbind is need for, it's an unnecessary daemon I would uninstall.

 

Em 19/03/2019 12:03, Remo Mattei escreveu:

you can use firewalld to block it by default it should not be open.

 

Remo 

 

 

 

On Tuesday, Mar 19, 2019 at 08:00, Leonardo Porto mailto:leonardo.po...@iw.net.br> > wrote:

Hi everyone,

I received a security alert about Portmap service enabled on my server, I 
checked the daemon rpcbind was installed by Toaster, is it needed?
I am thinking to get rid of it.
Thanks.

Leonardo.

Error! Filename not specified.

[qmailtoaster] DNS services -- ATTN DNS MIRROR ADMINS!

2017-12-20 Thread Dan McAllister - QMT DNS Admin

NOTE: 

 

If you are a QMailToaster DNS mirror, we need for you to make a change to
your configuration:

 

The OLD IP address of the master DNS server has changed (no longer 71..28)

The new and correct IP address is 47.206.57.8

 

Please update ASAP and email me here ( 
q...@it4soho.com) when you do!

 

Thanks,

 

Dan McAllister

RE: [qmailtoaster] connection issues again.

2017-12-29 Thread Dan McAllister - QMT DNS Admin

Indeed: my systems use fail2ban on both smtp-auth and imap-auth (which is how 
both squirrelmail and roundcube authenticate) -- the only issue is that you 
have to whitelist/exclude from the test the SquirrelMail server itself 
(127.0.0.1 usually).

I am not aware of (and would love to get info on) detecting the SOURCE IP out 
of squirrelmail or roundcube so I can block the ORIGIN IP for systems attacking 
thru the webserver.

Thanks

Dan



-Original Message-
From: CarlC Internet Services Service Desk [mailto:ab...@carlc.com] 
Sent: Friday, December 29, 2017 10:57 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] connection issues again.

Would FAIL2BAN be an ideal setup here? I use it to control the attacks 
[example: more than 10 failed logins in 1 day, your banned for "X" hours].

Fail2ban also works with the SquirrelMail, Roundcube, etc... I have it setup on 
SMTP, SMTPS, SUBMISSION, POP3s and IMAPs. You can also use FAIL2BAN for SSH and 
ftp. The part I like, you can have fail2ban to send you an email that looks 
like this:

example

The IP 202.62.224.40 has just been banned by Fail2Ban after
10 attempts against pop3.


Lines containing IP:202.62.224.40 in /var/log/maillog

Dec 28 21:49:59 mail7 spamdyke[978]: DENIED_RELAYING from: x...@tea.com to: 
eax...@yahoo.com origin_ip: 202.62.224.40 origin_rdns: solar.ortel.net auth: 
(unknown) encryption: (none) reason: (empty) Dec 28 21:50:24 mail7 
vpopmail[1202]: vchkpw-smtp: null password given Newsletter:202.62.224.40 Dec 
28 21:51:11 mail7 vpopmail[1263]: vchkpw-smtp: null password given 
Company:202.62.224.40 Dec 28 21:51:46 mail7 vpopmail[1324]: vchkpw-smtp: null 
password given root:202.62.224.40 Dec 28 21:52:58 mail7 vpopmail[1451]: 
vchkpw-smtp: null password given temp:202.62.224.40 Dec 28 21:53:18 mail7 
vpopmail[1492]: vchkpw-smtp: null password given Test:202.62.224.40 Dec 28 
21:54:22 mail7 vpopmail[1577]: vchkpw-smtp: null password given 
abuse:202.62.224.40 Dec 28 21:54:42 mail7 vpopmail[1598]: vchkpw-smtp: null 
password given MYSQL:202.62.224.40 Dec 28 21:55:16 mail7 vpopmail[1804]: 
vchkpw-smtp: null password given office:202.62.224.40 Dec 28 21:55:44 mail7 
vpopmail[1844]: vchkpw-smtp: vpopmail user not found customer@:202.62.224.40 
Dec 28 21:56:07 mail7 vpopmail[1870]: vchkpw-smtp: vpopmail user not found 
company@:202.62.224.40 Dec 28 21:56:50 mail7 vpopmail[1920]: vchkpw-smtp: 
vpopmail user not found testing@:202.62.224.40 Dec 28 21:57:19 mail7 
vpopmail[1961]: vchkpw-smtp: vpopmail user not found temp@:202.62.224.40 Dec 28 
21:57:39 mail7 vpopmail[1991]: vchkpw-smtp: vpopmail user not found 
test@:202.62.224.40 Dec 28 21:59:11 mail7 vpopmail[2288]: vchkpw-smtp: vpopmail 
user not found newsletter@:202.62.224.40 Dec 28 21:59:37 mail7 vpopmail[2473]: 
vchkpw-smtp: vpopmail user not found customer@:202.62.224.40 Dec 28 22:00:05 
mail7 vpopmail[2826]: vchkpw-smtp: vpopmail user not found 
company@:202.62.224.40 Dec 28 22:00:49 mail7 vpopmail[2888]: vchkpw-smtp: 
vpopmail user not found testing@:202.62.224.40 Dec 28 22:01:05 mail7 
vpopmail[2919]: vchkpw-smtp: vpopmail user not found postmaster@:202.62.224.40

end example

If needed, I can post a few fail2ban scripts but I'm pretty sure they are 
available on the web for qmail if you search for them.

Carl

-Original Message-
From: A. Galatis [mailto:a...@unet.de]
Sent: Friday, December 29, 2017 10:25 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: AW: [qmailtoaster] connection issues again.

Hi Tony,

i have a script counting authentification errors from ip-addresses.
If an address appears more then my threshhold it is blocked vi iptables.
The log where I count ist he usual maillog.

Andreas

-Ursprüngliche Nachricht-
Von: jin&hitman&Barracuda [mailto:jinhit...@gmail.com]
Gesendet: Freitag, 29. Dezember 2017 15:59
An: qmailtoaster-list@qmailtoaster.com
Betreff: Re: [qmailtoaster] connection issues again.

Hi Remo
Are using some kind of autonomous app/scrpt to block them ? If  so, what kind 
of app/script are you using for drop them ?

On 29 Dec 2017 5:19 p.m., "Remo Mattei"  wrote:


Yes I created some rules based on connection time like 30 sec 5 min 30 
min etc. Dropped them.

Il giorno 29 dic 2017, alle ore 06:07, Solo  ha scritto:

Hi Tony.

Yes I see a lot - in my logs I think it's those spammers that tries to
connect to Your server using a lot of different names and end up getting
refused by vpopmail - se my logwatch file below (all ip addresses match
log entries in maillog and vpopmail)

- vpopmail Begin 


No Such User Found:
   4f3c5634.2010906@ - 1 Time(s)
   abc@ - 1 Time(s)
   ada@ - 1 Time(s)
   agenda@ - 1 Time(s)
   am@ - 1 Time(s)
   benson@ - 1 Time(s)
   biblioteca@

RE: [qmailtoaster] Fail2ban for Squirrelmail.

2017-12-29 Thread Dan McAllister - QMT DNS Admin

My understanding of SquirrelMail is old (limited) because so many of my users 
prefer the RoundCube (I offer both)... You get 1 if you go to mail.domain and 
the other if you go to webmail.domain

In any case, I will have to look but I thought SM didn't write system logs when 
users failed on auth... perhaps there is a way to turn that on?
Also, I will want/need a similar solution for RC

Thanks for sharing your config tho!

Dan

-Original Message-
From: CarlC Internet Services Service Desk [mailto:ab...@carlc.com] 
Sent: Friday, December 29, 2017 11:53 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Fail2ban for Squirrelmail.

Dan,

I have it working showing the IP address:

In /etc/fail2ban/jail.conf:

# squirrelmail
[squirrelmail-iptables]
enabled  = true
filter   = squirrelmail
action   = iptables[name=SquirrelMail, port=http, protocol=tcp]
   sendmail-squirrelmail[name=SquirrelMail,dest=ab...@carlc.com, 
sender=ab...@carlc.com] # adjust logpath with Squirrelmail's squirrel_logger 
plugin log logpath  = /var/log/squirrelmail.log maxretry = 5


-Then in /etc/fail2ban/filter.d/squirrelmail.conf


[Definition]

failregex = ^ \[LOGIN_ERROR\].*from : Unknown user or password 
incorrect\.$

ignoreregex =

[Init]

datepattern = ^%%m/%%d/%%Y %%H:%%M:%%S

# DEV NOTES:
#
# Author: Daniel Black

For sendmail-squirrelmail in /etc/fail2ban/action.d, I copied 
sendmail-whois-lines.conf to sendmail-squirrelmail.conf and changed the very 
last line to:

# Path to the log files which contain relevant lines for the abuser IP # 
logpath = /var/log/squirrelmail.log

I hope this helps...
Carl


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] dmarc implementation

2018-01-02 Thread Dan McAllister - QMT DNS Admin

A couple of things:

1) The QMail DKIM solution works well -- EXCEPT when connecting to other QMail 
DKIM enabled systems, at which point it tends to disallow messages. No one has 
found a fix for this, to the standard is to keep DKIM turned OFF.

2) DMARC is not a security implementation like SPF or DKIM, it is more of a 
reporting and admin tool, the former being the original intent. Your DMARC 
settings tell other servers that they should send reports about failed connects 
to an email address. That way, should you misconfigure your DKIM or SPF 
settings and someone starts blocking your messages, you don't have to wait for 
USERS to complain to know about it!

Thus, DMARC is a purely DNS setting -- there is nothing to do in QMail to 
manage DMARC. If you follow the project lead and leave DKIM turned off, you 
simply indicate as such in your DMARC setting for your domain.

Finally, to my knowledge, only the "Big Guns" have implemented the email-server 
side of DMARC (that is, the side that generates reports and sends them). 
Hotmail/MSN/Outlook.com, Gmail, and Yahoo being the ones I've received reports 
from.

I hope this helps

Dan

-Original Message-
From: Rajesh M [mailto:24x7ser...@24x7server.net] 
Sent: Tuesday, January 2, 2018 1:21 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] dmarc implementation

Eric

2 questions please

Question 1)

the default qmail install points the symlink for qmailqueue to qmail-dk

which i have changed to

qmail-queue -> qmail-queue.orig

Do keep the same setting which is

qmail-queue -> qmail-queue.orig

Question 2)

Could you please send me the corresponding settings required in the tcp.smtp 
file ?

thanks,
rajesh

- Original Message -
From: Eric Broch [mailto:ebr...@whitehorsetc.com]
To: qmailtoaster-list@qmailtoaster.com
Sent: Tue, 2 Jan 2018 08:51:07 -0700
Subject: 

Hi Rajesh,

Thank you! I appreciate your sentiments and hope your New Year brings blessings 
of health and happiness as well.

This is a better link:

http://qmailtoaster.org/dkim.html

which will show you how to implement per domain.

Remember this is only signing messages going out. As of yet there is no dkim 
checking coming in, I'm looking into that.

Eric

On 1/2/2018 7:50 AM, Rajesh M wrote:
> eric,
>
> Wish you a wonderful New Year, full of health and happiness.
>
> I wish to implement  dmarc on my qmailtoaster servers
>
> i am using centos6 64 bit with the latest versions of qmailtoaster
>
> SPF is already being used on my server
>
> Concerning dkim, currently my  qmail-queue is symlinked to 
> qmail-queue.orig and not pointing to qmail-dk
>
> qmail-queue -> qmail-queue.orig
>
> could you please guide me on the implementation of DMARC
>
> i am planning to implement this for all the domains in my server.
>
> I saw this link while searching for a solution.
>
> https://github.com/qmtoaster/dkim
>
> Should i follow these steps as per the above link or would you like recommend 
> some other document.
>
> thanks as always,
> rajesh
>
>
>
>
>
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: 
> qmailtoaster-list-h...@qmailtoaster.com

--
Eric Broch
White Horse Technical Consulting (WHTC)

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] Odd msg numbers in /var/log/qmail/send/current

2018-01-17 Thread Dan McAllister - QMT DNS Admin

There is nothing unusual about the message numbers: to essentially guarantee a 
unique number, Qmail uses the inode address (inode number) of the file as the 
message number.

Your inodes are being used and released as normal, and there are blocks the get 
reused over and over

 

Dan

 

From: Chris [mailto:boh...@gmail.com] 
Sent: Thursday, January 11, 2018 9:22 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Odd msg numbers in /var/log/qmail/send/current

 

While tracing a message today, I noticed something weird.  A strange 
distribution of message numbers.  running this command:

grep 'end msg' /var/log/qmail/send/current  | awk '{print $4}' | sort | uniq -c 
| sort -n

I got this result, which indicates that I'm not getting an even distribution of 
msg numbers.   I know this isn't a case of some messages getting stuck in the 
queue and having repeated delivery attempts, because I checked for that.  
Anyone else notice this before?

  1 1169605
  1 485974
  1 485993
  1 485994
  1 518835
  1 598620
  1 598621
  1 598622
  1 598623
  1 871911
  2 871910
  3 522872
  3 598618
  3 598619
  4 598617
  5 518834
  5 598612
  5 598615
  6 485973
  7 485972
  7 485991
  7 598614
  8 485971
 10 485970
 11 598608
 12 485990
 12 598611
 13 485968
 13 598600
 14 518833
 14 598613
 15 485989
 16 598606
 16 598610
 17 403440
 17 485969
 17 485988
 21 598609
 33 518832
 41 485987
 47 485965
 51 485975
 53 485983
 54 485967
 55 485986
 59 485977
 60 485966
 61 485985
 87 598607
107 522877
163 160176
168 485978
171 485976
188 485984
240 485981
255 485979
268 598599
280 485982
290 526373
406 485980
559 536520
627 485963
770 160177
   1356 485964

RE: [qmailtoaster] catch all account and the spam

2016-07-11 Thread Dan McAllister - QMT DNS Admin

The CORRECT way to do this is to create the .qmail-default file with an entry 
that says:

|   /home/vpopmail/bin/vdelivermail   ‘’   delete

 

NOTE: Extra spaces added for readability on “variable width font” readers :)

You will find the DEFAULT entry says “bounce-no-mailbox” where I have delete 
above.

 

I haven’t been following this thread, but I assume you were using an email 
address instead of “bounce-no-mailbox” to create your catchall account? 

If not, that would be the appropriate way to do so.

 

Now I can’t just reply to HOW without adding my 2-cents worth as to why I think 
“bounce-no-mailbox” is the WORST of the options:

-  It allows spammers to “mine” your domain for “good” email addresses 
(which then get sold!)… how? Send a note to a...@yourdomain.com 
 , b...@yourdomain.com  
, etc. For each one that does NOT get a bounceback, you have a good address! 
SPAM IT!

-  Once your domain is “mature” (been around a few years), your 
“catchall” account will get thousands of emails a day – from spammers trying to 
mine your domain!

 

That means (to me, anyway) that you should DEFAULT to a “delete” policy… if 
they send to a bad email address… oh well, I guess they won’t get a reply! When 
they CHECK with the recipient, they’ll be able to figure it out. But in the 
few, rare instances where there needs to be SOMETHING done with badly addressed 
messages, a catchall account is superior to a “bounce-no-mailbox” option.

 

Those opinions are MINE. Feel free to share in them or oppose them – but their 
only value is the time you have invested in reading them, so treat accordingly.

 

Have a great day all!

 

Dan McAllister

IT4SOHO

 

QMT DNS Admin (or at least I WAS!)

 

 

 

From: Angus McIntyre [mailto:an...@pobox.com] 
Sent: Friday, July 8, 2016 9:49 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] catch all account and the spam

 

On Jul 7, 2016, at 1:10 PM, Jim Shupert mailto:jshup...@pps-inc.com> > wrote:

I am wondering what a "wise" method of doing the catch all account regarding 
spam might be

To limit the amount of spam that a standard user who is catch all (me for 
example )

I have created a usr named d...@mydom.com  
this "usr" has a quota of 40 MB … so it goes over quota in a day or so...
It is ,for the sake of argument , ALL spam.
what are you wise folk doing?

 

Because spammers will spam anything and everything — I have seen spam targeting 
‘email addresses’ that were obviously created by some scraper program so dumb 
that it thought a message ID (something like 
“122324313109.1231...@somedomain.com 
 ”) was an email account — I would 
question whether there’s any value in having a catch-all. Better to set up 
.qmail files for the addresses you actually want, and then just send everything 
else to /dev/null.

 

To do that, create a ‘.qmail-default’ file for your domain, enter a ‘#’ 
character on the first line, and then add one blank line after it.

 

If you think that you might some day get useful mail sent to a catch-all 
address, then you’ll probably want to do two things. 

 

One is to set up a cron job that just throws away everything in the catch-all 
account at regular intervals, so that you don’t go over quota and start 
bouncing mail.

 

The other is to use something like procmail to filter the mail coming into the 
catch-all. You can write two kinds of filters. One filter will throw away stuff 
that’s known to be spam (to prevent the mailbox overflowing, and to reduce the 
amount of mail you need to review manually). The other should look for 
particular keywords that indicate something that might be interesting to you, 
and divert that to one of your active mailboxes.

 

Also consider making use of Spamdyke features — for example, rejecting messages 
from domains without valid RDNS — to reduce the amount of spam you need to 
process.

 

Angus

RE: [qmailtoaster] DMARC checking?

2016-07-20 Thread Dan McAllister - QMT DNS Admin

I'm not sure what you mean by DMARC checking?
Generally, SPF is triggered by the existence of an appropriate DNS entry, while 
a DKIM check would be triggered by a DKIM signature in the header of the 
message.
The point of DMARC isn't to trigger any checking, it is to provide a FEEDBACK 
mechanism to senders whose domains may be being attacked or otherwise abused.
AFIK, only a few MAJOR mail providers are actively providing that feedback -- 
but even so, it's been EXTREMELY valuable to me as an ESP admin! They have 
helped me capture abuse far faster than otherwise possible!

So again, I'm not sure what you're asking for with regards to DMARC

Dan McAllister
IT4SOHO

-Original Message-
From: Eric [mailto:ebr...@whitehorsetc.com] 
Sent: Wednesday, July 20, 2016 12:44 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] DMARC checking?

Jaime,

I'm not sure. It can be run from the command line so I'm wondering if it could 
not be put in a .qmail/.mailfilter file or even implemented with 
Dovecot...somehow?

Eric


On 7/20/2016 9:07 AM, Jaime Lerner wrote:
> Is it possible to set up inbound DMARC checking on a QMT setup?

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] DMARC checking?

2016-07-21 Thread Dan McAllister - QMT DNS Admin

LOL - Thanks for the "education" about DMARC :)

For the record, I depend heavily on DMARC records -- but 90% of mail servers 
that will even check for SPF, do so with the SPF record in mind, and not the 
DMARC one. As I asserted in my original message, only a few "big guns" are even 
looking at the DMARC records at all, much less providing the response 
mechanisms.

To my knowledge, the DMARC record cannot REPLACE the SPF record (they're both 
just TXT record lookups), but the DMARC record CAN tell a recipient server that 
you are interested in hearing about "bad mail" from your domain(s).
(Most SPF records end with a "~all" -- which is actually an indication that 
you're "just testing SPF" and creating a "soft fail" when it is violated. MY 
SPF records end with "-all" [that would be a DASH instead of a TILDE] -- which 
is an indication that we think we know what we're doing, and if It fails SPF, 
it should be considered a HARD FAIL... what you do with it after that is up to 
the recipient mail server. The supposition is that, someday, most will reject 
or discard HARD FAIL messages, but even in QMail, we have our own options (read 
up on SPF levels), so not everyone is playing by the same rules.)

Generally equivalent statements can be made about DKIM.

In NEITHER case have I seen any kind of documentation on what an organization 
is supposed to do if SPF says to HARD FAIL any disproven sender, but DMARC says 
not to... or the other way around!

So I repeat my assertion that the real VALUE of DMARC is in the back-reporting 
function which I will repeat has helped me numerous times to detect an 
issue BEFORE other mechanisms (like RBLs) have been triggered!

As you might expect, my servers & domains use SPF and DMARC -- and if we had 
better processing (long-standing bug) in QMAIL for DKIM, I would use it too!

Cheers!

Dan McAllister

PS: Perhaps when I retire in a few years I'll fix the DKIM processing and 
create DMARC processing for QMAIL :) 
Most on here don't know it, but I started in SW development tracking missiles 
at CCAFS!


-Original Message-
From: Eric [mailto:ebr...@whitehorsetc.com] 
Sent: Thursday, July 21, 2016 2:05 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] DMARC checking?

Dan,

This is from the DMARC website
(https://dmarc.org/wiki/FAQ#How_does_DMARC_work.2C_briefly.2C_and_in_non-technical_terms.3F):

"How does DMARC work, briefly, and in non-technical terms?"

"A DMARC policy allows a sender to indicate that their messages are protected 
by SPF and/or DKIM, and tells a receiver what to do if neither of those 
authentication methods passes – such as junk or reject the message. DMARC 
removes guesswork from the receiver’s handling of these failed messages, 
limiting or eliminating the user’s exposure to potentially fraudulent & harmful 
messages. DMARC also provides a way for the email receiver to report back to 
the sender about messages that pass and/or fail DMARC evaluation."

And:

"Why is DMARC needed?"

"End users and companies all suffer from the high volume of spam and phishing 
on the Internet. Over the years several methods have been introduced to try and 
identify when mail from (for example) IRS.GOV really is, or really isn’t coming 
from the IRS. However:

 These mechanisms all work in isolation from each other
 Each receiver makes unique decisions about how to evaluate the results
 The legitimate domain owner (e.g. IRS) never gets any feedback

DMARC attempts to address this by providing coordinated, tested methods for:

 Domain owners to:
 Signal that they are using email authentication (SPF, DKIM)
 Provide an email address to gather feedback about messages using their 
domain – legitimate or not
 A policy to apply to messages that fail authentication (report, 
quarantine, reject)

 Email receivers to:
 Be certain a given sending domain is using email authentication
 Consistently evaluate SPF and DKIM along with what the end user sees 
in their inbox
 Determine the domain owner’s preference (report, quarantine or
reject) for messages that do not pass authentication checks
 Provide the domain owner with feedback about messages using their 
domain

A domain owner who has deployed email authentication can begin using DMARC in 
“monitor mode” to collect data from participating receivers. As the data shows 
that their legitimate traffic is passing authentication checks, they can change 
their policy to request that failing messages be quarantined. As they grow 
confident that no legitimate messages are being incorrectly quarantined, they 
can move to a 'reject' policy."

It seems to me that the DMARC website indicates that not only is feedback 
provided for but a message policy (report, quarantine, reject) for

RE: [qmailtoaster] temporarily disable a domain

2016-07-21 Thread Dan McAllister - QMT DNS Admin

I never saw a reply to this, so I’ll pipe up here

 

When you “lose a domain” but need to keep “supporting” that domain (e.g. so 
users can still get to their old mail), the thing to do is to create a rule 
that forwards messages addressed to that domain to the correct server.

Step 1: Remove the domain from the list of LOCAL DOMAINS (see 
/var/qmail/control/[locals | rcpthosts | virtualdomains]

Step 2: Create a rule to forward mail for that domain to the correct server 
(entry in /var/qmail/control/smtproutes)

 

To explain:

In Step 1 we had to remove the local-delivery mechanism for .tv – that is, 
STOP processing mail received by SMTP as-if we were a valid server for that 
domain

In Step 2 we had to tell the server just what to do with mail from that domain. 
See our wiki (http://wiki.qmailtoaster.com/index.php/Smtproutes) for a full 
explanation of smtproutes, and know that QMT already includes the 
qmail-remote-auth patch mentioned

 

NOTES: 

-  If you still wish to receive mail for that domain, but just forward 
it to the other server, you can do so by restoring the entry in rcpthosts

-  If you are worried about SPF or other types of issues that this kind 
of forwarding can cause, create a “back channel” connection. This takes 
advantage of QMT’s allowing any authorized user to send mail as any user they 
want! To do this, just add account authentication on the end of the smtproutes 
entry.

 

I hope you find this useful

 

Dan McAllister

IT4SOHO

 

 

 

From: Jim Shupert [mailto:jshup...@pps-inc.com] 
Sent: Friday, July 15, 2016 5:21 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] temporarily disable a domain

 

Friends

I wish to temporarily disable or sever a domain on my qmailtoaster

I have 4 domains

.com
.com
.com
.tv   

and .tv is being moved ( maybe )

In truth
the folks who "are" .tv are having thier mail going to a 
rackspace mail providing service /server

so you could say i am losing them as a client ...
they have changed thier A record & the dns
But they are in the same bldging - the users are inside the same router / 
firewall.

( .tv  is a division of a master company that is .com )

my goal is to disable "my" .tv 
so that all the world sees the rackspace .tv 


I see under
Qmail Toaster Admin

http://mailhost..com/mail/vqadmin/toaster.vqadmin?nav=view_domain 

 &dname=.tv

6 check boxes

Disable pop access   
Disable imap access   
Disable dialup access   
Disable change password   
Disable web access   
Disable email relay 

if I check  

Disable pop access   
Disable imap access 
( or all six )

and click   Modify Domain

will "my" .tv  effectively be "turned OFF"

and I could then , if i wish to , unCheck & Modify Domain there by turn it "on"


thanks

sorry this is a wacky Q

RE: [qmailtoaster] concerning updates to qmailtoaster

2016-07-28 Thread Dan McAllister - QMT DNS Admin

Rajesh & Eric:

I find this thread particularly compelling -- I have 3 different "large" qmail 
servers, each of which hosts more than 20,000 users. One of the most difficult 
items to control is when one of my users gets infected with a "virus" (or other 
type of malware) that then abuses the fact that qmail itself (or, at least not 
QMT) doesn't validate the FROM header entry against the authentication 
credentials.

Years ago, when I spoke to Jake Vickers about it, he claimed it was essentially 
impossible, however since then I have to suspect it is very much possible -- 
because the CHKUSER log entries show (on a single line) the from and auth user 
data.

Not having the time to delve into CHKUSER arguments, I wrote a script that 
checks the CHKUSER entries in the log files and warns (and eventually suspends) 
users who send from different domains than what they logged in as. (I also use 
it to automatically throttle users who send too many emails -- SPAM! I allow 
only 250 SMTP connections a day. :)

It would be an AMAZING help to me if SpamDyke (or CHKUSER) would be able to 
DENY these fraudulent headers INSTANTLY... so let's keep looking at this, if 
you don't mind!

Thanks

Dan McAllister
IT4SOHO

PS: NOTE: It is NECESSARY for some users to be allowed to bypass this check 
(and SPF and other checks) -- in particular for backup mail servers who might 
queue up messages for a server while it is down and deliver them once back up.

-Original Message-
From: Rajesh M [mailto:24x7ser...@24x7server.net] 
Sent: Sunday, July 24, 2016 9:51 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] concerning updates to qmailtoaster

eric

i am using spamdyke5

a new spamdyke.conf was generated which i am using and the qmail services are 
working like normal

my idea was to block email ids where the reply-to (envelope sender) were 
different from authentication domain.

so in my config file i have this since as per spamdyke config it will go 
through all the aspects

reject-sender=not-local
reject-sender=authentication-domain-mismatch
reject-sender=no-mx

however in my thunderbird when using a different reply-to email id it does not 
work.

in whitelist_ip i have only one ip : 127.0.0.0.1

in my whitelist_senders i do  not have the sending domain listed

rajesh

- Original Message -
From: Eric [mailto:ebr...@whitehorsetc.com]
To: qmailtoaster-list@qmailtoaster.com
Sent: Sun, 24 Jul 2016 11:57:17 -0600
Subject: 

Rajesh,

It would be just like any other RPM update. The RPM install will stop and start 
services. With Spamdyke, if you're upgrading to 5, you'll have to run a script 
(below) I provided, but until you run it you're toaster will be rejecting email 
(it only takes a second to run).

Remember if you have special settings in spamdyke.conf backup!

#!/bin/sh
sed -i \
-e 's/reject-missing-sender-mx/reject-sender=no-mx/g' \ -e 
's/rejection-text-missing-sender-mx/rejection-text-sender-no-mx/g' \ -e 
's/reject-identical-sender-recipient/reject-recipient=same-as-sender/g' \ -e 
's/rejection-text-identical-sender-recipient/rejection-text-recipient-same-as-sender/g'

\
-e 's/local-domains-file/qmail-rcpthosts-file/g' \ -e 
's/local-domains-entry=/#local-domains-entry=(Add these entries to 
qmail-rcpthosts-file)/g' \ -e 's/morercpthosts/qmail-morercpthosts-cdb/'g 
/etc/spamdyke/spamdyke.conf 

Eric

On 7/24/2016 5:32 AM, Rajesh M wrote:
> hi
>
> i am using qmailtoaster on centos 6
>
> the SRPMS i have are from the old qmail site and a few from 
> ftp.whitehorse
>
> my question was whether i can update dovecot, spamassassin and 
> spamdyke without causing intereference with existing working qmailtoaster, 
> similar to the manner in which i update clam.
>
> i would be shutting down the qmailserver during the updates
>
>
> thanks
> rajesh
>
>
>
>
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: 
> qmailtoaster-list-h...@qmailtoaster.com
>

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] Fetchmail install and configure on qmailtoaster system

2016-11-08 Thread Dan McAllister - QMT DNS Admin

Eric:

 

I took a moment today and looked over your install scripts for QMT on COS 6 and 
noted you had a way to switch between BIND & Daniel’s DJBDNS… to that end, I 
have some thoughts. (I’m assuming you and I – and hopefully a 3rd – can start 
moving forward on re-setting this project in a forward motion!)

 

The use/presence of a DNS “server” in a QMT “server” was an issue Shubes and I 
went around and around on – the gist (from my perspective) being that we (as-in 
the QMT service) don’t need a DNS “server” so-to-speak, rather we need a fast 
and efficient DNS “resolver”. Along those lines, my default COS 6 install uses 
PowerDNS (pdns-recursor from EPEL), and I’ve found it to be REMARKABLY fast and 
light-weight.

 

I have a NUMBER of config settings I think you might agree make sense to be 
defaults. Here are some examples:

-  qmail-smtp on port 25 uses spamdyke to REMOVE SMTPAUTH (so users 
CANNOT submit mail on port 25)

-  qmail-smtp on port 587 is ENABLED by default, and ALLOWS encryption 
and REQUIRES login (SMTPAUTH)

-  qmail-smtp on port 465 is ENABLED by default, and REQUIRES both 
SMTPAUTH and encryption

-  POP and IMAP are enabled by default, but ONLY on the SSL ports (993 
& 993).

-  I install and enable BOTH squirrelmail (mail.domain.com) AND 
roundcube (webmail.domain.com) by default

 

NOTE: I still use COURIER IMAP – tho I’m trying to get into DoveCot on my next 
system.

 

 

More later

 

Dan

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Monday, November 7, 2016 12:52 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Fetchmail install and configure on qmailtoaster 
system

 

If I understand you correctly here are some examples (just a little googling): 

Maildrop: https://bbs.archlinux.org/viewtopic.php?id=147058

Dovecot LDA:

poll  with proto POP3
user u...@domain.tld   there with pass 
options fetchall
mda "/usr/libexec/dovecot/deliver -d u...@domain.tld  "
 
 
 
 

 

On 11/6/2016 10:16 PM, Chandran Manikandan wrote:

Dear Friends, 

 

I have running qmailtoaster in centos 6.6 system and kept in datacenter.

 

I am planning to keep one more server in our office with the same domain.

All the emails want to store both server with the same domain .

Is it possible to do fetchmail installation in my local office server to 
configure the same domain with the email accounts.

Anyone have the experience.

Could you help me to provide the installation and configuration steps.

-- 

Thanks, 

Manikandan.C

System Administrator

RE: [qmailtoaster] Fetchmail install and configure on qmailtoaster system

2016-11-08 Thread Dan McAllister - QMT DNS Admin

Apologies to the group – my outlook took eric’s email and applied the group 
address to it.

 

My bad (would belong on the developer group anyway!)

 

Dan

 

From: Dan McAllister - QMT DNS Admin [mailto:q...@it4soho.com] 
Sent: Tuesday, November 8, 2016 3:41 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Fetchmail install and configure on qmailtoaster 
system

 

Eric:

 

I took a moment today and looked over your install scripts for QMT on COS 6 and 
noted you had a way to switch between BIND & Daniel’s DJBDNS… to that end, I 
have some thoughts. (I’m assuming you and I – and hopefully a 3rd – can start 
moving forward on re-setting this project in a forward motion!)

 

The use/presence of a DNS “server” in a QMT “server” was an issue Shubes and I 
went around and around on – the gist (from my perspective) being that we (as-in 
the QMT service) don’t need a DNS “server” so-to-speak, rather we need a fast 
and efficient DNS “resolver”. Along those lines, my default COS 6 install uses 
PowerDNS (pdns-recursor from EPEL), and I’ve found it to be REMARKABLY fast and 
light-weight.

 

I have a NUMBER of config settings I think you might agree make sense to be 
defaults. Here are some examples:

-  qmail-smtp on port 25 uses spamdyke to REMOVE SMTPAUTH (so users 
CANNOT submit mail on port 25)

-  qmail-smtp on port 587 is ENABLED by default, and ALLOWS encryption 
and REQUIRES login (SMTPAUTH)

-  qmail-smtp on port 465 is ENABLED by default, and REQUIRES both 
SMTPAUTH and encryption

-  POP and IMAP are enabled by default, but ONLY on the SSL ports (993 
& 993).

-  I install and enable BOTH squirrelmail (mail.domain.com) AND 
roundcube (webmail.domain.com) by default

 

NOTE: I still use COURIER IMAP – tho I’m trying to get into DoveCot on my next 
system.

 

 

More later

 

Dan

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Monday, November 7, 2016 12:52 AM
To: qmailtoaster-list@qmailtoaster.com 
<mailto:qmailtoaster-list@qmailtoaster.com> 
Subject: Re: [qmailtoaster] Fetchmail install and configure on qmailtoaster 
system

 

If I understand you correctly here are some examples (just a little googling): 

Maildrop: https://bbs.archlinux.org/viewtopic.php?id=147058

Dovecot LDA:

poll  with proto POP3
user u...@domain.tld <mailto:u...@domain.tld>  there with pass 
options fetchall
mda "/usr/libexec/dovecot/deliver -d u...@domain.tld <mailto:u...@domain.tld> "
 
 
 
 

 

On 11/6/2016 10:16 PM, Chandran Manikandan wrote:

Dear Friends, 

 

I have running qmailtoaster in centos 6.6 system and kept in datacenter.

 

I am planning to keep one more server in our office with the same domain.

All the emails want to store both server with the same domain .

Is it possible to do fetchmail installation in my local office server to 
configure the same domain with the email accounts.

Anyone have the experience.

Could you help me to provide the installation and configuration steps.

-- 

Thanks, 

Manikandan.C

System Administrator

RE: [qmailtoaster] Been away for a long while...

2016-11-09 Thread Dan McAllister - QMT DNS Admin

Craig:

 

Yes on both counts – QMT utilizes the VPopMail add-on for virtual domains, and 
ezmlm is part of the default config.

 

Dan McAllister

 

 

From: Craig McLaughlin [mailto:craig.p.mclaugh...@gmail.com] 
Sent: Wednesday, November 9, 2016 3:10 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Been away for a long while...

 

 

... can someone point me to an up to date project status?



... or just answer this question:

Does qmt handle virtual domains & ezmlm for same?

Thanks,

--Craig

RE: [qmailtoaster] question about qmailtoaster and + as a delimiter instead of the default - option

2017-02-03 Thread Dan McAllister - QMT DNS Admin

Just catching up on emails in this box, and have 4 notes on this topic:

1.  The dash being a delimiter is embedded inside of qmail. It was done so 
primarily to help the likes of the ezmlm group management system, but it comes 
in handy in TONS of ways. (For example, I use dan=ms@mydomain as my email at 
live.com so that when SPAM shows up in my inbox having been addresses to 
dan-ms@mydomain, I know that Microsoft has sold my email address (or leaked it 
in a data breach!)).
2.  You cannot change the delimiter in qmail unless you recompile the code. 
It’s not a variable that is set somewhere (AFIK). It’s OLD qmail.
3.  The qmail-users file is designed for use in old-qmail – but we (qmt) 
use qmail with vpopmail – so the folders are located differently. Just an FYI 
for when you go out and read some of the documentation for the format of that 
file.
4.  You CAN accomplish using + as a delimiter by using vpopmail aliases…. 
But that’s not likely what you want at all.

 

Dan

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Friday, February 3, 2017 12:45 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] question about qmailtoaster and + as a delimiter 
instead of the default - option

 

Perhaps,

This may help, although, honestly, I wouldn't know now how to implement it.

http://www.lifewithqmail.org/lwq.html#qmail-users

Eric

 

On 2/3/2017 10:33 AM, Eric Broch wrote:

Okay, I understand.

I'm not sure how to use a + instead of a -, easily in qmail.

 

On 2/3/2017 9:58 AM, Michiel van Es wrote:

Hi Eric, 

 

I don't want to create a new user but it should be all sent to the same mailbox.
For example test+t...@domain.ltd   should go to 
the mailbox of user t...@domain.ltd  .

The good thing with the delimiter is that you can use 
user+websitewhereyouveboughtsomethin...@domain.ltd 
  and it is always 
sent to the u...@domain.ltd   mailbox where the user 
can filter the detail part and sent it to a subfolder and keep track on all 
those websites.

 

Cheers,

 

Michiel

 

2017-02-03 17:27 GMT+01:00 Eric Broch mailto:ebr...@whitehorsetc.com> >:

Hi Michiel

I have to admit that I know nothing about the delimiters in qmail, but as a 
test set up two accounts on my own server:

1) test+t...@mydomain.com  

2) test-t...@mydomain.com  

qmail accepted mail for both users.

Personally I use Maildrop, but have looked into using Sieve for Dovecot 
'triggered' by its own LDA, 'deliver' here:  
http://www.qmailtoaster.org/notes.html 

originally here: wiki: http://wiki.dovecot.org/LDA/Qmail

Eric

 

On 2/3/2017 9:04 AM, Michiel van Es wrote:

Hi Eric, 

 

Correct. I use sieve to filter on the detail part.

 

Cheers,

 

Michiel

 

2017-02-03 16:27 GMT+01:00 Eric Broch mailto:ebr...@whitehorsetc.com> >:

Hi Michiel,

Are you talking about an address like

test+t...@domain.tld  

as opposed to

test+t...@domain.tld  

?

Eric


On 2/3/2017 6:19 AM, Michiel van Es wrote:

Hi,

I am using Postfix/OpenSMTPD which use the + as delimiter which I can filter on 
with sieve (dovecot).
I know that the default delimiter in Qmail is - and if you want to change it, 
you have to recompile Qmail to use + as a delimiter.

My question is: is there an easy way to switch from the - delimiter to + so I 
can keep my current email addresses intact?

Cheers,

Michiel


-- 
Eric Broch, IMSO, DAM, NGOO, DITH, URTS
White Horse Technical Consulting (WHTC)
406.214.6802  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
 
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 
 

 





-- 
Eric Broch, IMSO, DAM, NGOO, DITH, URTS
White Horse Technical Consulting (WHTC)
406.214.6802  

 





-- 
Eric Broch, IMSO, DAM, NGOO, DITH, URTS
White Horse Technical Consulting (WHTC)
406.214.6802





-- 
Eric Broch, IMSO, DAM, NGOO, DITH, URTS
White Horse Technical Consulting (WHTC)
406.214.6802

RE: [qmailtoaster] question about qmailtoaster and + as a delimiter instead of the default - option

2017-02-03 Thread Dan McAllister - QMT DNS Admin

Eric:

 

I’m about at my wits end on this server. I’ve tested the RAM, I’ve checked 
EVERYTHING I can think of… and to no avail.

As it turns out, the ripmime error ONLY shows up when an email is submitted to 
the SUBMISSION port and ONLY when SSL is invoked.

Whats more, it fails the submit job, rendering outside clients UINABLE to send 
messages (though internal clients are sending without incident)

 

I’m about to the point of ripping this thing out and migrating the client to a 
new service., but I was wondering if you’d be willing to remote in and look 
things over – maybe I’m missing something simple. (NOTE: This is an OLD config 
– courier and all!)

 

I’d be willing to pay you for your time – but I’ve gotta do SOMETHING with it 
this weekend. My client’s about to pull their hair out over this!

 

Thanks

 

Dan

 

727-213-2280 (my follow-me number – I’m on Eastern time – Florida – and am 
usually up until midnight, and awaken at about 8AM)

 

 

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Friday, February 3, 2017 5:13 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] question about qmailtoaster and + as a delimiter 
instead of the default - option

 

Thanks for clearing it up Dan.

 

On 2/3/2017 3:11 PM, Dan McAllister - QMT DNS Admin wrote:

Just catching up on emails in this box, and have 4 notes on this topic:

1.  The dash being a delimiter is embedded inside of qmail. It was done so 
primarily to help the likes of the ezmlm group management system, but it comes 
in handy in TONS of ways. (For example, I use dan=ms@mydomain as my email at 
live.com so that when SPAM shows up in my inbox having been addresses to 
dan-ms@mydomain, I know that Microsoft has sold my email address (or leaked it 
in a data breach!)).
2.  You cannot change the delimiter in qmail unless you recompile the code. 
It’s not a variable that is set somewhere (AFIK). It’s OLD qmail.
3.  The qmail-users file is designed for use in old-qmail – but we (qmt) 
use qmail with vpopmail – so the folders are located differently. Just an FYI 
for when you go out and read some of the documentation for the format of that 
file.
4.  You CAN accomplish using + as a delimiter by using vpopmail aliases…. 
But that’s not likely what you want at all.

 

Dan

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Friday, February 3, 2017 12:45 PM
To: qmailtoaster-list@qmailtoaster.com 
<mailto:qmailtoaster-list@qmailtoaster.com> 
Subject: Re: [qmailtoaster] question about qmailtoaster and + as a delimiter 
instead of the default - option

 

Perhaps,

This may help, although, honestly, I wouldn't know now how to implement it.

http://www.lifewithqmail.org/lwq.html#qmail-users

Eric

 

On 2/3/2017 10:33 AM, Eric Broch wrote:

Okay, I understand.

I'm not sure how to use a + instead of a -, easily in qmail.

 

On 2/3/2017 9:58 AM, Michiel van Es wrote:

Hi Eric, 

 

I don't want to create a new user but it should be all sent to the same mailbox.
For example test+t...@domain.ltd <mailto:test+t...@domain.ltd>  should go to 
the mailbox of user t...@domain.ltd <mailto:t...@domain.ltd> .

The good thing with the delimiter is that you can use 
user+websitewhereyouveboughtsomethin...@domain.ltd 
<mailto:user+websitewhereyouveboughtsomethin...@domain.ltd>  and it is always 
sent to the u...@domain.ltd <mailto:u...@domain.ltd>  mailbox where the user 
can filter the detail part and sent it to a subfolder and keep track on all 
those websites.

 

Cheers,

 

Michiel

 

2017-02-03 17:27 GMT+01:00 Eric Broch mailto:ebr...@whitehorsetc.com> >:

Hi Michiel

I have to admit that I know nothing about the delimiters in qmail, but as a 
test set up two accounts on my own server:

1) test+t...@mydomain.com <mailto:test+t...@mydomain.com> 

2) test-t...@mydomain.com <mailto:test-t...@mydomain.com> 

qmail accepted mail for both users.

Personally I use Maildrop, but have looked into using Sieve for Dovecot 
'triggered' by its own LDA, 'deliver' here:  
http://www.qmailtoaster.org/notes.html 

originally here: wiki: http://wiki.dovecot.org/LDA/Qmail

Eric

 

On 2/3/2017 9:04 AM, Michiel van Es wrote:

Hi Eric, 

 

Correct. I use sieve to filter on the detail part.

 

Cheers,

 

Michiel

 

2017-02-03 16:27 GMT+01:00 Eric Broch mailto:ebr...@whitehorsetc.com> >:

Hi Michiel,

Are you talking about an address like

test+t...@domain.tld <mailto:test+t...@domain.tld> 

as opposed to

test+t...@domain.tld <mailto:test+t...@domain.tld> 

?

Eric


On 2/3/2017 6:19 AM, Michiel van Es wrote:

Hi,

I am using Postfix/OpenSMTPD which use the + as delimiter which I can filter on 
with sieve (dovecot).
I know that the default delimiter in Qmail is - and if you want to change it, 
you have to recompile Qmail to use + as a delimiter.

My question is: is there an easy way to switch from the - delimiter

RE: [qmailtoaster] SMTP run script

2017-02-10 Thread Dan McAllister - QMT DNS Admin

The RUN file for SMTP is (or should be) nearly identical to the one for
SUBMISSION (and, if you're using it, SMTP-SSL).
The differences will be:
 - change port 587 to port 25 (note, your files may show "smtp" or
"submission" in the command line -- I prefer NOT to make it lookup those
values every time!)
 - turn off auth required (note: this is the REQUIRE_AUTH command

One final note: in MY files, I use DIFFERENT SpamDyke settings for each
(smtp, submission, smtp-ssl) -- so in MY case, that would be different too.

Dan McAllister

-Original Message-
From: pe...@peterse-uithuizen.com [mailto:pe...@peterse-uithuizen.com] 
Sent: Friday, February 10, 2017 7:21 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] SMTP run script

Hello all,

does anyone knows where to find a right copy of the script
/var/qmail/supervise/smtp/run?

I screwed the file by accident.

Regards,
Peter

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] SQwebmail

2017-02-13 Thread Dan McAllister - QMT DNS Admin

Roundcube is the service most of my clients prefer.
It will work with either Courier or Dovecot
It can work side-by-side with other webmail options (that's how I determined
that my clients prefer RC -- I let them choose!

Dan

-Original Message-
From: CarlC Internet Services Service Desk [mailto:ab...@carlc.com] 
Sent: Sunday, February 12, 2017 10:42 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] SQwebmail

For our newer CentOS 7 qmail servers, does anyone have a recommended
procedure to build SQwebmail [and do we need to load Courier? I hope not].
We have squirrelmail working [thank you Eric], but wanted to see what other
webmail type applications we can load, and we have a few users who want to
stay with SQwebmail.

How about Roundcube?

Do these require rebuilding the qmail server [for example: Roundcube
requires --with-pdo-mysql]? Or is it as simple as "yum install roundcube"
and configure to your needs?

Again, Thanks in advance!
Carl




-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] Fwd: qmhandle

2017-02-17 Thread Dan McAllister - QMT DNS Admin

Qmtool and qmhandle are part of what used to be QmailToasterPlus -- and are not 
"standard".
They are just scripts (and actually in need of some cleaning up -- they can be 
buggy in some cases).

Never the less, you can fetch copies from my file server if you like
http://mirror0.qmailtoaster.com/

Dan

PS: I just put those files out there -- there is a possibility they'll go away 
when the mirrors synch, and it so I'll just put them someplace else.  Let me 
know if they disappear



-Original Message-
From: Todor Petrov [mailto:tpet...@vmobile.eu] 
Sent: Friday, February 17, 2017 9:33 AM
To: qmailtoaster-list 
Subject: [qmailtoaster] Fwd: qmhandle

Hi all,

Can someone tell me how you manage the queue in Centos 7 toaster. There are 
qmqtool and qmHandle tools missing.

Are there tools for queue management  integrated or should I install them 
manually? In toaster - Centos 6 are all of management tools integrated.

Best regards,

Todor


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] Fwd: qmhandle

2017-02-17 Thread Dan McAllister - QMT DNS Admin

I like Eric's collection there -- I couldn't do my job without qmlog! :)

Dan

-Original Message-
From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Friday, February 17, 2017 10:11 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Fwd: qmhandle

ftp://ftp.qmailtoaster.com/pub/qmail/CentOS7/qmt/plus/qmailtoaster-plus/bin/


On 2/17/2017 7:33 AM, Todor Petrov wrote:
> Hi all,
>
> Can someone tell me how you manage the queue in Centos 7 toaster. 
> There are qmqtool and qmHandle tools missing.
>
> Are there tools for queue management  integrated or should I install 
> them manually? In toaster - Centos 6 are all of management tools 
> integrated.
>
> Best regards,
>
> Todor
>
>
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: 
> qmailtoaster-list-h...@qmailtoaster.com
>

--
Eric Broch, IMSO, DAM, NGOO, DITH, URTS
White Horse Technical Consulting (WHTC)


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] Upgrading openssl in an old Qmailtoaster install

RE: [qmailtoaster] Rainloop removed squirrelmail

RE: [qmailtoaster] COS 6.10 qmt build error.

RE: [qmailtoaster] COS 6.10 qmt build error.

RE: [qmailtoaster] simscan - bad attachment: d

RE: Fwd: Re: [qmailtoaster] centos 6

RE: Fwd: Re: [qmailtoaster] centos 6

RE: [qmailtoaster] rpcbind

[qmailtoaster] DNS services -- ATTN DNS MIRROR ADMINS!

RE: [qmailtoaster] connection issues again.

RE: [qmailtoaster] Fail2ban for Squirrelmail.

RE: [qmailtoaster] dmarc implementation

RE: [qmailtoaster] Odd msg numbers in /var/log/qmail/send/current

RE: [qmailtoaster] catch all account and the spam

RE: [qmailtoaster] DMARC checking?

RE: [qmailtoaster] DMARC checking?

RE: [qmailtoaster] temporarily disable a domain

RE: [qmailtoaster] concerning updates to qmailtoaster

RE: [qmailtoaster] Fetchmail install and configure on qmailtoaster system

RE: [qmailtoaster] Fetchmail install and configure on qmailtoaster system

RE: [qmailtoaster] Been away for a long while...

RE: [qmailtoaster] question about qmailtoaster and + as a delimiter instead of the default - option

RE: [qmailtoaster] question about qmailtoaster and + as a delimiter instead of the default - option

RE: [qmailtoaster] SMTP run script

RE: [qmailtoaster] SQwebmail

RE: [qmailtoaster] Fwd: qmhandle

RE: [qmailtoaster] Fwd: qmhandle

27 matches

Site Navigation

Mail list logo

Footer information