Re: [qmailtoaster] Future Distros - RHEL/CentOS ONLY
You know, Nigel, this whole discussion is not FOR or AGAINST any specific distro, but about how to best move the project forward with the resources and knowledge we have. Since it is way easier to focus on one distribution when about to change things (switch from srpm to rpm, etc.), it just makes sense to (initially at least) trim down the number of supported platforms. There are no hard feelings (or there should not be any, really) invested in this... Whatever your trouble compiling the packages, please just ask on the list and we'll try to help as best we can. Just be patient as it is no one's full time job to support or develop this project. Best, Martin Von meinem iPhone gesendet Am 20.02.2012 um 04:08 schrieb Nigel Reed nel...@yahoo.com: You're right, it's probably about time to migrate away from qmailtoaster. Mandriva is very much alive and kicking, thank you very much. The reason a lot of people are not using qmail, I'm sure, is because Mandriva comes with postfix installed and as you've seen by my experience trying to get this damn thing compiled, it's a pain in the ass. There's too many bits to bolt together for most people. A binary packages would be very welcome, I'm sure...As we speak, I'm having trouble getting the latest clamav to compile. According to this website, Mandriva is more popular then CentOS. Maybe you just don't hear from from Mandriva people because they actually have a clue. I bet most people running CentOS or Ubuntu are just tinkering around with it. http://geektrio.net/?p=1404 - Original Message - Mandriva is on the ropes, struggling to survive. If you presently have a QMT running on Mandy, I would seriously consider a migration in the near future. - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Problem with Clamav-toaster on Centos6
Hi Amir,Am 26.12.2011 um 11:55 schrieb Amir Abbasi:+ echo 'Patch #0 (clamav-0.9x-qmailtoaster.patch.bz2):'Patch #0 (clamav-0.9x-qmailtoaster.patch.bz2):+ /usr/bin/bzip2 -dc /root/rpmbuild/SOURCES/clamav-0.9x-qmailtoaster.patch.bz2+ /usr/bin/patch -s -p1 --fuzz=01 out of 7 hunks FAILED -- saving rejects to file etc/clamd.conf.rejerror: Bad exit status from /var/tmp/rpm-tmp.nI9zZQ (%prep)RPM build errors: Bad exit status from /var/tmp/rpm-tmp.nI9zZQ (%prep)Have you ever faced this error message?Thank you for your assistance.The problem is that the included patch is not 100% rediffed against version 0.97.3 of clamav… e.g. some lines are off.This causes the patch utility to fail, as the allowed amount of 'fuzz' (e.g. allow patches to apply to be a couple lines off the expected place) on CentOS 6 is zero.Anyway,use the attached patch instead of the old one (replace the clamav patch file in the SOURCES folder within your rpm build directory) and try again…Martin --Martin WaschbüschIT-DienstleistungenSchumacherring 2981737 MünchenTelefon: +49 89 57005708Fax: +49 89 57868023Mobil: +49 170 2189794serv...@waschbuesch.ithttp://www.waschbuesch.it clamav-0.9x-qmailtoaster.patch.bz2 Description: BZip2 compressed data signature.asc Description: Message signed with OpenPGP using GPGMail
Re: [qmailtoaster] Problem with Clamav-toaster on Centos6
Hi Anderson, Am 26.12.2011 um 15:27 schrieb Anderson Alves de Albuquerque: I want go out to this list. How can I do? To remove your address from the list, just send a message to the address in the ``List-Unsubscribe'' header of any list message. If you haven't changed addresses since subscribing, you can also send a message to: qmailtoaster-list-unsubscr...@qmailtoaster.com Cheers, Martin signature.asc Description: Message signed with OpenPGP using GPGMail
Re: [qmailtoaster] sa-learn-attach
Hi Eric, Am 21.12.2011 um 19:48 schrieb Eric Shubert: Here's the script I use with a shared folder to learn ham and spam, fwiw: #!/bin/sh # # learn and remove spam and ham in shared folders # # shubes 3/26/08 - created # learndir=/home/vpopmail/domains/shubes.net/sa-learn hambox=.Ham spambox=.Spam do_the_learning(){ learnas=$1 maildir=$2 shopt -s extglob for spamfile in `find $maildir/+(cur|new)/* 2/dev/null`; do sudo -u vpopmail -H sa-learn --$learnas $spamfile rc=$? if [ $? != 0 ]; then echo sa-learn failed, rc=$rc, spamfile=$spamfile exit $rc fi rm $spamfile done } do_the_learning ham $learndir/$hambox do_the_learning spam $learndir/$spambox exit 0 I am using a version of something I found on the wiki (or as part of qtp?). It adds the following things: - loop through all domains and users - do not touch/learn special files (e.g. dovecot cache, etc.). - move ham back to inbox (which is safe with dovecot - I asked the author.) - learn items without syncing *before* making spamassassin sync the database (if you host several domains with users actively using the ham/spam feature, you'll be glad to do that, as perl / spam assassin is no lightweight) # Let's define our folder conventions: SPAMDIR=.Spam.Lernen HAMDIR=.Spam.Korrektur # find and process each SPAMDIR for directory in $( find /home/vpopmail/domains -type d -name $SPAMDIR ); do # then find and process each file in SPAMDIR that is not a dovecot special file for file in $( find $directory -type f -not \( -name dovecot.index -o -name dovecot.index.log -o -name dovecot.index.cache -o -name dovecot-keywords -o -name dovecot-uidlist -o -name maildirfolder \) ); do # learn the file with sa-learn as Spam (use the vpopmail user so it ends up in the correct database) sudo -u vpopmail -H sa-learn --no-sync --spam ${file} /dev/null 21 # Spam belongs to nirvana! rm -f ${file} /dev/null 21 done done # find and process each HAMDIR for directory in $( find /home/vpopmail/domains -type d -name $HAMDIR ); do # then find and process each file in HAMDIR that is not a dovecot special file for file in $( find $directory -type f -not \( -name dovecot.index -o -name dovecot.index.log -o -name dovecot.index.cache -o -name dovecot-keywords -o -name dovecot-uidlist -o -name maildirfolder \) ); do # learn the file with sa-learn as HAM (use the vpopmail user so it ends up in the correct database) sudo -u vpopmail -H sa-learn --no-sync --ham ${file} /dev/null 21 # move the file back to the the INBOX. mv ${file} ${directory}/../cur /dev/null 21 done done # to speed up learning, we only sync the journal with the database at the end. sudo -u vpopmail -H sa-learn --sync /dev/null 21 signature.asc Description: Message signed with OpenPGP using GPGMail
Re: [qmailtoaster] 553 sorry, invalid HELO hostname
Hi there, Am 12.11.2011 um 10:30 schrieb siva kumar: Dear List, While sending mail to other domains like rediffmail.com, i am receiving error as follows. Please help me to fix it. Hi. This is the qmail-send program at . I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. please ensure that your FQDN is identical to what you announce in /var/qmail/control/me (and possibly /var/qmail/control/smtpgreeting) also, make sure that a reverse lookup of your IP resolves to that very FQDN if not, chances are that mails from your system will be taken for phishing attempts (e.g. pretending to be someone you are not). Cheers, Martin -- Martin Waschbüsch IT-Dienstleistungen Schumacherring 29 81737 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 serv...@waschbuesch.it http://www.waschbuesch.it signature.asc Description: Message signed with OpenPGP using GPGMail
Re: [qmailtoaster] DENIED_OTHER, no clue - spf still a little buggy?
Hi all, Am 03.11.2011 um 03:27 schrieb Eric Shubert: I thought qmail-smtp had been patched to show a message when spf failed, but I just found an instance when it doesn't. The sending domain had no TXT record at all, and the smtp log simply showed DENIED_OTHER with no other message. After I changed spfbehavior from 3 to 1, the message came through ok. Anyone notice anything like this? I have stopped using the SPF feature in qmail altogether. I set the value to 0. As an alternative, I enabled spamassassin's SPF checker which seems to work much better (and in anyway, just adds to the spam probability instead of outright blocking things. This has worked quite well for me. Martin -- Martin Waschbüsch IT-Dienstleistungen Schumacherring 29 81737 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 serv...@waschbuesch.it http://www.waschbuesch.it signature.asc Description: Message signed with OpenPGP using GPGMail
Re: [qmailtoaster] env LANG=C /usr/bin/mrtg /usr/share/toaster/mrtg/qmailmrtg.cfg 21
Hi there, Am 11.11.2011 um 18:01 schrieb Javid Freeman: I just simply updated using yum update. I went back and looked at the list of packages updated and found this: perl-IO-Socket-INET6-2.67-1.el5.art.noarch The rest of the email server features are working without issue. However the error is emailed to the catchall every 5 min. If necessary I can provide the entire list of packages updated. I have been running qmail-toaster for several years and I can't remember if I used CPAN or RPM. Javid The package name you gave here is from a 3rd party repository, Atomic. Perhaps you could try to uninstall / reinstall this from another repo (reforge) or downgrade to the original version from CentOS repo (if available there). In any case, I recommend setting all 3rd party repos to enabled=0 in their .repo file (/etc/yum.repos.d/WHATEVER.repo) and only enable on demand by supplying '--enablerepo=reponame' to yum. Cheers, Martin -- Martin Waschbüsch IT-Dienstleistungen Schumacherring 29 81737 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 serv...@waschbuesch.it http://www.waschbuesch.it signature.asc Description: Message signed with OpenPGP using GPGMail
Re: [qmailtoaster] 553 sorry, invalid HELO hostname
Am 12.11.2011 um 11:05 schrieb siva kumar: Dear Martin, Thanks for you quick support. i can able to send mail to rediffmail. but mail goes to junk mail. In gmail it goes to spam. Please help me to fix it. Let's try this: please send a mail from the server in question to my email address and I'll start by analyzing that. Also, did you verify the settings I mentioned? Martin -- Martin Waschbüsch IT-Dienstleistungen Schumacherring 29 81737 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 serv...@waschbuesch.it http://www.waschbuesch.it signature.asc Description: Message signed with OpenPGP using GPGMail
Re: [qmailtoaster] How to sign emails with dkim for only some domains?
Hi there, this is rather easy! :-) All you have to do is use the following kind of syntax: dkimsign global types id=none / /global domain1.tld algorithm=rsa-sha1 domain=domain1.tld keyfile=/var/qmail/control/dkim/domain1.tld/keyfile.key method=simple selector=dkim types id=dkim / types id=domainkey method=nofws / /domain1.tld domain2.tld algorithm=rsa-sha1 domain=domain2.tld keyfile=/var/qmail/control/dkim/domain2.tld/keyfile.key method=simple selector=dkim types id=dkim / types id=domainkey method=nofws / /domain2.tld /dkimsign This way, only the individual domains will use signing (and you can have different options and keys per domain, etc.) Everything not mentioned in the file will not be signed. Also note that this config also takes care of domainkeys. so, using this setup you can remove qmail-dk (or whatever the binary was called) and put qmail-queue.orig back as the qmail-queue binary file. Cheers, Martin -- Martin Waschbüsch IT-Dienstleistungen Schumacherring 29 81737 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 serv...@waschbuesch.it http://www.waschbuesch.it Am 25.09.2011 um 06:48 schrieb P.V.Anthony: Hi, Install dkim according to, http://wiki.qmailtoaster.com/index.php/How_to_Setup_DKIM_with_Qmail_Toaster It works well. I was wondering how to only do dkim for some domains and not all domains. Is there some configuration that needs to be done so that only the required domains will be signed by dkim? P.V.Anthony - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] dropped mails..
Hey there, I cannot seem to remember how to do this, but perhaps someone can remind me? From smtp log (/var/log/qmail/smtpd/current), I have mails from a recipient that get just dropped after determining that the sender is valid. e.g. i have lines such as: @40004e6ba8531a65aae4 tcpserver: ok 4396 krabat.waschbuesch.de:80.254.129.249:25 mx.someserver.org:123.123.123.123::36787 @40004e6ba8542f1fe954 CHKUSER accepted sender: from i...@somedomain.org:: remote :mx.someserver.org:123.123.123.123 rcpt : sender accepted But there it just drops. The next line will only be: @40004e6ba8562398a9cc tcpserver: end 4396 status 0 Since I cannot seem to find any additional info on why this mail was dropped, how can I enable additional debugging? E.g. for simscan or chkuser? If anyone has any pointers on how to debug this one... Thanks, Martin -- Martin Waschbüsch IT-Dienstleistungen Schumacherring 29 81737 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 serv...@waschbuesch.it http://www.waschbuesch.it - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] dropped mails..
Hi Eric, - That sounds familiar to me too, but I don't recall what was going on. Something TLS related perhaps. I'd use spamdyke's detailed logging to see what's happening. -- -Eric 'shubes' Thanks for the quick reply, I think I isolated the issue (and to me, it looks like a bug!) I got to testing this thoroughly when I noticed that all amazon.de notifications were dropped for some time now. What I found is this: Disabling spf-checking by setting /var/qmail/control/spfbehaviour to 0 all emails pass. When left on the default (3) I have the problem. Now, amazon plays by the rules: checking amazon.de (! important that this is the German one!) for SPF records yields: v=spf1 include:amazon.com ~all spf2.0/pra include:amazon.com ~all And this is where I think the problem lies. The system is able to interpret the SPF policy, but does not seem to look up the 'include' part... For in amazon.com records, I found The TXT records found for your domain are: v=spf1 ip4:207.171.160.0/19 ip4:87.238.80.0/21 ip4:72.21.192.0/19 ip4:194.154.193.192/27 ip4:194.7.41.152/28 ip4:212.123.28.40/32 ip4:203.81.17.0/24 ip4:72.21.212.0/25 ip4:199.255.192.0/22 ~all spf2.0/pra ip4:207.171.160.0/19 ip4:87.238.80.0/21 ip4:72.21.192.0/19 ip4:194.154.193.192/27 ip4:194.7.41.152/28 ip4:212.123.28.40/32 ip4:203.81.17.0/24 ip4:72.21.212.0/25 ip4:199.255.192.0/22 ~all and the matching IP address is part of the ones listed above. So, where would I look for the SPF-related code in qmail? Or should I disable it and enable in spamassassin instead? (which could be an interim work-around, I guess).. What do you think? Martin - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] CentOS 6 / RHEL 6
Hi there, some of the problems with the admin-pages are due to short open tags in php, which no longer work in php53 (and they are bad style anyway). I also tried to get a toaster running on CentOS 6, but some of the dependencies were tricky. Btw, qtp works, too. But you have to manually install rpmforge for CentOS 6, so that things like qtp-dependencies will run. I decided to wait for QMTv2 for any OS upgrades. Who knows, maybee that'll be out before you get around to looking at the php sources. ;-) - One can always hope. Cheers, Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 serv...@waschbuesch.it http://www.waschbuesch.it Am 18.07.2011 um 20:17 schrieb Dan McAllister: Just an FYI -- I have successfully installed QMT (although not QTP) onto CentOS 6 64-bit. However, I did have to manually build the ezmlm package because the gcc-compat-32 package isn't available for CentOS 6 (only compat-34)... never the less, with a little tweaking of the dependencies, I think the toaster is already reasonably compatible. One other issue -- the toaster-admin web pages (which are all php scripted) don't work correctly under php 5.3.3 ... I've not yet looked into this (because I personally prefer to use the vpopmail binaries), but I'll look into the php sources once I get a free weekend... I'm thinking August... 2032! :-) Dan IT4SOHO -- IT4SOHO, LLC PO Box 507 St. Petersburg, FL 33731-0507 CALL TOLL FREE: 877-IT4SOHO 877-484-7646 Phone 727-490-4394 Fax We make IT work for small business! - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] php upgrade and qmail dependancies
Am 06.07.2011 um 16:28 schrieb Jake Vickers: On 07/06/2011 09:50 AM, Digital Instruments wrote: Anyone have an idea about how could I remove php without removing the qmail dependencies? rpm -e --nodeps php.x86_64 You will run into an issue with short open tags on 5.3 as well. Martin rolled some new packages to change the web page coding to work with the full open tag, but I have not posted them to the web page as of yet. I can supply them if you email me offline - I'll post them but it will take some time to replicate to the mirrors. Sadly, they do not fix all the issues involved. I will add detailed descriptions to mantis later, Jake. Martin - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] vpopmail --disable-many-domains option
Hi Jake, Am 28.05.2011 um 17:19 schrieb Jake Vickers: So I'm still curious as to what you think the benefits are. Segregating your data into multiple tables was always the way I learned to obtain performance. The nature of the requests from QMT are probably not those that would require any performance tuning - the only one I've ever run into is the default number of connections. So I'm willing to table that point if there are other mitigating factors. So what are the advantages/benefits you are thinking will be gained from a single table? I agree with Eric that it probably will not make much of a difference with regards to performance. However, a lot of applications that might want to have access to the email user database are not all that flexible and do not support having different domains in different tables. E.g. using courier-auth with mysql or SOGo with mysql-backend, etc. There are other examples. For my own use, I have written an accounting backend that also cycles through domains and users, etc. to produce detail-information to be attached to invoices and that, too, is just way easier when having all in one table. Granted, that may be simplistic design on the parts of those programs, but hey, it works and it is way easier to recompile vpopmail to achieve compatibility than patch those programs. Also, whenever there is any database schema change in order for vpopmail to be upgraded, it is much easier to upgrade that one table than to find all the tables that hold domains and path those. Last but not least, mysql (and other databases) have length-limitations for domain names. I always wondered, but never tried, what would happen if I added a domain with a name longer than 'max-table-name-length' to the database? I think the current limit for mysql is 32 chars and domain names can be longer. Best, Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 serv...@waschbuesch.it http://www.waschbuesch.it - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] vpopmail --disable-many-domains option
Hi all! Am 27.05.2011 um 06:10 schrieb Eric Shubert: Apologies for the hijack. I just seem to recall this being discussed a bit, some time ago, and concluding (perhaps with no consensus) that having all domains in a single table made more sense. This was discussed here some time ago in this thread: http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg22035.html It appears that chkuser might need multiple tables? I don't see why. I'm guessing that this person simply didn't rebuild qmail-toaster after rebuilding and reinstalling vpopmail-toaster, which would be required (and qtp-newmodel would do automatically). Perhaps Tonino could confirm this. Then on the development list last October: http://comments.gmane.org/gmane.mail.qmail.toaster.devel/638 Here's a reference that indicates performance can be poor with --disable-many-domains (as well as speculation that it may be removed at some point) http://bowe.id.au/michael/isp/webmail-server.htm I have used a version of vpopmail with all domains in one table as this has a number of advantages for me. This works very well and Eric is right in saying that you have to rebuild qmail-toaster after changing this in vpopmail. I have not seen any adverse effects after switching to this model (I use two toasters like this). Though I do not have a system with a huge number of domains, yet there was no performance difference between the two (for what that is worth). Cheers, Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 serv...@waschbuesch.it http://www.waschbuesch.it - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Regex for fail2ban - SMTP DDos
That is not true. fail2ban understands tai64n timestamps as used below. Btw., for fail2ban specific questions, it makes more sense to ask on the fail2ban mailing list. :-) Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 serv...@waschbuesch.it http://www.waschbuesch.it Am 06.05.2011 um 08:58 schrieb Finn Buhelt: Hi. Just out of the head I think it's tricky because fail2ban needs a known timestamp to check against, and I cannot recall fail2ban having this timestamp listed as valid. But as said -just out of the head. Regards, Finn On 06-05-2011 08:10, Délsio Cabá wrote: Hi all I am getting a lot of DDOS on smtp connection logs: @40004dc390330ffb50f4 CHKUSER accepted sender: from r...@mydomain.com:: remote demagnify:unknown:173.212.197.14 rcpt : sender accepted @40004dc390340c9e201c CHKUSER rejected rcpt: from r...@mydomain.com:: remote demagnify:unknown:173.212.197.14 rcpt m...@zicel.ru : invalid rcpt MX domain .. @40004dc3905511aba4bc CHKUSER accepted sender: from r...@ns.mozdesigners.com:: remote byte:unknown:173.212.197.14 rcpt : sender accepted @40004dc390562cb394a4 CHKUSER rejected relaying: from r...@ns.mozdesigners.com:: remote byte:unknown:173.212.197.14 rcpt mad...@usc.es : client not allowed to relay I need to block this using fail2ban but the regex is quite complex. I have tried this: HOST\ rcpt \S+ : client not allowed to relay$ But it doesn't seam to be working as expected: fail2ban-regex /var/log/qmail/smtp/current HOST\ rcpt \S+ : client not allowed to relay ... Date template hits: 0 hit(s): MONTH Day Hour:Minute:Second 0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second Year 0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second 0 hit(s): Year/Month/Day Hour:Minute:Second 0 hit(s): Day/Month/Year Hour:Minute:Second 0 hit(s): Day/MONTH/Year:Hour:Minute:Second 0 hit(s): Month/Day/Year:Hour:Minute:Second 0 hit(s): Year-Month-Day Hour:Minute:Second 0 hit(s): Day-MONTH-Year Hour:Minute:Second[.Millisecond] 0 hit(s): Day-Month-Year Hour:Minute:Second 1184 hit(s): TAI64N 0 hit(s): Epoch 0 hit(s): ISO 8601 0 hit(s): Hour:Minute:Second 0 hit(s): Month/Day/Year@Hour:Minute:Second Any help would be very appreciated Thanks! - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Regex for fail2ban - SMTP DDos
You might try: failregex: CHKUSER rejected relaying: from .*: remote .*:.*:HOST rcpt .* : client not allowed to relay when I did fail2ban-regex /var/log/qmail/smtp/current CHKUSER rejected relaying: from .*: remote .*:.*:HOST rcpt .* : client not allowed to relay I got 35 hits. Martin PS: All I did was to replace variable strings in the log line with wildcard .* -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 serv...@waschbuesch.it http://www.waschbuesch.it Am 06.05.2011 um 09:07 schrieb Délsio Cabá: Hi all, I agree, but, fail2ban is being used with qmailtoaster as seen on this guide: http://wiki.qmailtoaster.com/index.php?title=Fail2Banredirect=noprintable=yes But that guide and many others I have found on the net don't include a regex for my case: client not allowed to relay My problem is really to get a valid regex. I will post it on fail2ban mailing list also. But it's important to post this here also Thanks 2011/5/6 Martin Waschbüsch IT-Dienstleistungen serv...@waschbuesch.it That is not true. fail2ban understands tai64n timestamps as used below. Btw., for fail2ban specific questions, it makes more sense to ask on the fail2ban mailing list. :-) Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 serv...@waschbuesch.it http://www.waschbuesch.it Am 06.05.2011 um 08:58 schrieb Finn Buhelt: Hi. Just out of the head I think it's tricky because fail2ban needs a known timestamp to check against, and I cannot recall fail2ban having this timestamp listed as valid. But as said -just out of the head. Regards, Finn On 06-05-2011 08:10, Délsio Cabá wrote: Hi all I am getting a lot of DDOS on smtp connection logs: @40004dc390330ffb50f4 CHKUSER accepted sender: from r...@mydomain.com:: remote demagnify:unknown:173.212.197.14 rcpt : sender accepted @40004dc390340c9e201c CHKUSER rejected rcpt: from r...@mydomain.com:: remote demagnify:unknown:173.212.197.14 rcpt m...@zicel.ru : invalid rcpt MX domain .. @40004dc3905511aba4bc CHKUSER accepted sender: from r...@ns.mozdesigners.com:: remote byte:unknown:173.212.197.14 rcpt : sender accepted @40004dc390562cb394a4 CHKUSER rejected relaying: from r...@ns.mozdesigners.com:: remote byte:unknown:173.212.197.14 rcpt mad...@usc.es : client not allowed to relay I need to block this using fail2ban but the regex is quite complex. I have tried this: HOST\ rcpt \S+ : client not allowed to relay$ But it doesn't seam to be working as expected: fail2ban-regex /var/log/qmail/smtp/current HOST\ rcpt \S+ : client not allowed to relay ... Date template hits: 0 hit(s): MONTH Day Hour:Minute:Second 0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second Year 0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second 0 hit(s): Year/Month/Day Hour:Minute:Second 0 hit(s): Day/Month/Year Hour:Minute:Second 0 hit(s): Day/MONTH/Year:Hour:Minute:Second 0 hit(s): Month/Day/Year:Hour:Minute:Second 0 hit(s): Year-Month-Day Hour:Minute:Second 0 hit(s): Day-MONTH-Year Hour:Minute:Second[.Millisecond] 0 hit(s): Day-Month-Year Hour:Minute:Second 1184 hit(s): TAI64N 0 hit(s): Epoch 0 hit(s): ISO 8601 0 hit(s): Hour:Minute:Second 0 hit(s): Month/Day/Year@Hour:Minute:Second Any help would be very appreciated Thanks! - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Regex for fail2ban - SMTP DDos
Hi, you should get different output. Note that you have 5796 hits for tai64n which means that it recognized that many lines starting with a date / time stamp. There should be a section where it identifies IPs. The important part is a section that looks like this: Results === Failregex |- Regular expressions: | [1] CHKUSER rejected relaying: from .*: remote .*:.*:HOST rcpt .* : client not allowed to relay | `- Number of matches: [1] 35 match(es) If this has matches, then it is matches against your failregex. (35 in my case) my complete output looks like this: snip fail2ban-regex /var/log/qmail/smtp/current CHKUSER rejected relaying: from .*: remote .*:.*:HOST rcpt .* : client not allowed to relay Running tests = Use regex line : CHKUSER rejected relaying: from .*: remote .*: Use log file : /var/log/qmail/smtp/current Results === Failregex |- Regular expressions: | [1] CHKUSER rejected relaying: from .*: remote .*:.*:HOST rcpt .* : client not allowed to relay | `- Number of matches: [1] 35 match(es) Ignoreregex |- Regular expressions: | `- Number of matches: Summary === Addresses found: [1] 186.129.200.133 (Sat Apr 30 02:37:49 2011) 186.129.200.133 (Sat Apr 30 02:38:28 2011) 186.129.200.133 (Sat Apr 30 02:38:49 2011) 186.129.200.133 (Sat Apr 30 02:39:11 2011) 190.149.150.115 (Sat Apr 30 04:44:06 2011) 221.5.15.185 (Sat Apr 30 07:39:00 2011) 173.212.197.14 (Sat Apr 30 21:34:53 2011) 2.89.80.14 (Sun May 01 02:38:23 2011) 221.5.15.185 (Sun May 01 02:38:42 2011) 221.5.15.185 (Sun May 01 22:02:30 2011) 178.187.135.228 (Mon May 02 11:26:18 2011) 178.187.135.228 (Mon May 02 11:26:41 2011) 178.187.135.228 (Mon May 02 11:26:58 2011) 178.187.135.228 (Mon May 02 11:27:15 2011) 180.180.236.216 (Mon May 02 14:39:32 2011) 180.180.236.216 (Mon May 02 14:40:08 2011) 180.180.236.216 (Mon May 02 14:40:45 2011) 180.180.236.216 (Mon May 02 14:41:14 2011) 221.5.15.185 (Mon May 02 17:53:03 2011) 123.19.174.69 (Tue May 03 02:02:36 2011) 190.234.85.198 (Tue May 03 02:12:38 2011) 221.5.13.193 (Tue May 03 16:02:05 2011) 178.95.2.102 (Tue May 03 22:30:23 2011) 178.95.2.102 (Tue May 03 22:31:24 2011) 178.95.2.102 (Tue May 03 22:31:55 2011) 178.95.2.102 (Tue May 03 22:32:59 2011) 190.233.69.51 (Wed May 04 01:16:13 2011) 117.2.140.171 (Wed May 04 02:34:00 2011) 88.185.226.159 (Wed May 04 23:42:27 2011) 88.185.226.159 (Wed May 04 23:43:11 2011) 88.185.226.159 (Wed May 04 23:43:37 2011) 88.185.226.159 (Wed May 04 23:44:01 2011) 186.2.3.244 (Thu May 05 03:13:41 2011) 221.5.14.62 (Thu May 05 17:33:45 2011) 190.239.206.8 (Fri May 06 01:24:38 2011) Date template hits: 0 hit(s): Month Day Hour:Minute:Second 0 hit(s): Weekday Month Day Hour:Minute:Second Year 0 hit(s): Weekday Month Day Hour:Minute:Second 0 hit(s): Year/Month/Day Hour:Minute:Second 0 hit(s): Day/Month/Year:Hour:Minute:Second 0 hit(s): Year-Month-Day Hour:Minute:Second 0 hit(s): Day-Month-Year Hour:Minute:Second[.Millisecond] 8502 hit(s): TAI64N 0 hit(s): Epoch Success, the total number of match is 35 However, look at the above section 'Running tests' which could contain important information. snip Hope this helps? Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 serv...@waschbuesch.it http://www.waschbuesch.it Am 06.05.2011 um 10:08 schrieb Délsio Cabá: Hi, I also do get hits: Date template hits: 0 hit(s): MONTH Day Hour:Minute:Second 0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second Year 0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second 0 hit(s): Year/Month/Day Hour:Minute:Second 0 hit(s): Day/Month/Year Hour:Minute:Second 0 hit(s): Day/MONTH/Year:Hour:Minute:Second 0 hit(s): Month/Day/Year:Hour:Minute:Second 0 hit(s): Year-Month-Day Hour:Minute:Second 0 hit(s): Day-MONTH-Year Hour:Minute:Second[.Millisecond] 0 hit(s): Day-Month-Year Hour:Minute:Second 5796 hit(s): TAI64N 0 hit(s): Epoch 0 hit(s): ISO 8601 0 hit(s): Hour:Minute:Second 0 hit(s): Month/Day/Year@Hour:Minute:Second Success, the total number of match is 134 But they are in TAI64N, isn't that a problem? Will fail2ban be able to get the time from that? 2011/5/6 Martin Waschbüsch IT-Dienstleistungen serv...@waschbuesch.it You might try: failregex: CHKUSER rejected relaying: from .*: remote .*:.*:HOST rcpt .* : client not allowed to relay when I did fail2ban-regex /var/log/qmail/smtp/current CHKUSER rejected relaying: from .*: remote .*:.*:HOST rcpt .* : client not allowed to relay I got 35 hits. Martin PS: All I did was to replace variable strings in the log line with wildcard .* -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 serv
Re: [qmailtoaster] Regex for fail2ban - SMTP DDos
So, the regex shows matches when you use fail2ban-regex, but it never takes action? please try the attached patch for fail2ban just in case your version does not already incorporate this... Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 serv...@waschbuesch.it http://www.waschbuesch.it 0002-Tai64N-stores-time-in-GMT-we-need-to-convert-to-loca.patch Description: Binary data Am 06.05.2011 um 10:15 schrieb Délsio Cabá: Hi, I have even tried with: timepattern = tai64n and fail2ban simply fails to ban. My Configuration is: qmail-smtp.conf [Definition] failregex = CHKUSER rejected relaying: from .*: remote .*:.*:HOST rcpt .* : client not allowed to relay jail.conf [qmail-smtp] enabled = true filter = qmail action = iptables[name=SMTP, port=smtp, protocol=tcp] logpath = /var/log/qmail/smtp/current maxretry = 5 bantime = 3600 ignoreip = 127.0.0.1 timepattern = tai64n 2011/5/6 Martin Waschbüsch IT-Dienstleistungen serv...@waschbuesch.it You might try: failregex: CHKUSER rejected relaying: from .*: remote .*:.*:HOST rcpt .* : client not allowed to relay when I did fail2ban-regex /var/log/qmail/smtp/current CHKUSER rejected relaying: from .*: remote .*:.*:HOST rcpt .* : client not allowed to relay I got 35 hits. Martin PS: All I did was to replace variable strings in the log line with wildcard .* -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 serv...@waschbuesch.it http://www.waschbuesch.it Am 06.05.2011 um 09:07 schrieb Délsio Cabá: Hi all, I agree, but, fail2ban is being used with qmailtoaster as seen on this guide: http://wiki.qmailtoaster.com/index.php?title=Fail2Banredirect=noprintable=yes But that guide and many others I have found on the net don't include a regex for my case: client not allowed to relay My problem is really to get a valid regex. I will post it on fail2ban mailing list also. But it's important to post this here also Thanks 2011/5/6 Martin Waschbüsch IT-Dienstleistungen serv...@waschbuesch.it That is not true. fail2ban understands tai64n timestamps as used below. Btw., for fail2ban specific questions, it makes more sense to ask on the fail2ban mailing list. :-) Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 serv...@waschbuesch.it http://www.waschbuesch.it Am 06.05.2011 um 08:58 schrieb Finn Buhelt: Hi. Just out of the head I think it's tricky because fail2ban needs a known timestamp to check against, and I cannot recall fail2ban having this timestamp listed as valid. But as said -just out of the head. Regards, Finn On 06-05-2011 08:10, Délsio Cabá wrote: Hi all I am getting a lot of DDOS on smtp connection logs: @40004dc390330ffb50f4 CHKUSER accepted sender: from r...@mydomain.com:: remote demagnify:unknown:173.212.197.14 rcpt : sender accepted @40004dc390340c9e201c CHKUSER rejected rcpt: from r...@mydomain.com:: remote demagnify:unknown:173.212.197.14 rcpt m...@zicel.ru : invalid rcpt MX domain .. @40004dc3905511aba4bc CHKUSER accepted sender: from r...@ns.mozdesigners.com:: remote byte:unknown:173.212.197.14 rcpt : sender accepted @40004dc390562cb394a4 CHKUSER rejected relaying: from r...@ns.mozdesigners.com:: remote byte:unknown:173.212.197.14 rcpt mad...@usc.es : client not allowed to relay I need to block this using fail2ban but the regex is quite complex. I have tried this: HOST\ rcpt \S+ : client not allowed to relay$ But it doesn't seam to be working as expected: fail2ban-regex /var/log/qmail/smtp/current HOST\ rcpt \S+ : client not allowed to relay ... Date template hits: 0 hit(s): MONTH Day Hour:Minute:Second 0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second Year 0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second 0 hit(s): Year/Month/Day Hour:Minute:Second 0 hit(s): Day/Month/Year Hour:Minute:Second 0 hit(s): Day/MONTH/Year:Hour:Minute:Second 0 hit(s): Month/Day/Year:Hour:Minute:Second 0 hit(s): Year-Month-Day Hour:Minute:Second 0 hit(s): Day-MONTH-Year Hour:Minute:Second[.Millisecond] 0 hit(s): Day-Month-Year Hour:Minute:Second 1184 hit(s): TAI64N 0 hit(s): Epoch 0 hit(s): ISO 8601 0 hit(s): Hour:Minute:Second 0 hit(s): Month/Day/Year@Hour:Minute:Second Any help would be very appreciated Thanks! - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support
Re: [qmailtoaster] Regex for fail2ban - SMTP DDos
Delsio, perhaps we can take this off the list - email me your qmail-smtp.conf from filters.d and your jail.conf. Once we find what was up, we can still let everyone on the list know the problem solution Also, if you could add a sample of your /var/log/qmail/smtp/current for me to test with? Thanks, Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 serv...@waschbuesch.it http://www.waschbuesch.it Am 06.05.2011 um 14:10 schrieb Délsio Cabá: Hi Martin, Instead of applying your patch i just downloaded the latest snapshop, which already has that patch and the behavior is exactly the same: the regex gets the hit but it never blocks the IP. [delsio@ns fail2ban-0.8.4-SVN]# tail -f /var/log/fail2ban.log 2011-05-06 14:07:43,587 fail2ban.actions: INFO Set banTime = 6 2011-05-06 14:07:43,597 fail2ban.jail : INFO Jail 'qmail' started 2011-05-06 14:07:43,602 fail2ban.jail : INFO Jail 'ssh-iptables' started 2011-05-06 14:07:43,607 fail2ban.jail : INFO Jail 'password-fail' started 2011-05-06 14:07:43,616 fail2ban.jail : INFO Jail 'username-notfound' started 2011-05-06 14:07:43,629 fail2ban.jail : INFO Jail 'qmail-smtp' started 2011-05-06 14:07:43,627 fail2ban.actions.action: ERROR iptables -N fail2ban-SSH iptables -A fail2ban-SSH -j RETURN iptables -I INPUT -p tcp --dport ssh -j fail2ban-SSH returned 200 2011-05-06 14:07:43,653 fail2ban.jail : INFO Jail 'named-refused-tcp' started 2011-05-06 14:08:05,672 fail2ban.actions: WARNING [named-refused-tcp] Ban 200.184.124.226 2011-05-06 14:08:05,682 fail2ban.actions: WARNING [named-refused-tcp] Ban 76.76.11.241 2011-05-06 14:08:05,693 fail2ban.actions: WARNING [named-refused-tcp] Ban 67.228.118.3 [delsio@ns etc]# fail2ban-client status qmail-smtp Status for the jail: qmail-smtp |- filter | |- File list:/var/log/qmail/smtp/current | |- Currently failed: 0 | `- Total failed: 0 `- action |- Currently banned: 0 | `- IP list: `- Total banned: 0 Any other recommendation? 2011/5/6 Martin Waschbüsch IT-Dienstleistungen serv...@waschbuesch.it OK, it definitely is the patch I sent - fail2ban fails to recognize the local time zone you use. This causes times to never fall into the specified period you use for checking if the attempt occurs multiple times. Once you replace date = list(time.gmtime(int(seconds_since_epoch, 16))) with date = list(time.localtime(int(seconds_since_epoch, 16))) in /usr/share/fail2ban/server/datetemplate.py (near end of file), all should be fine. Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 serv...@waschbuesch.it http://www.waschbuesch.it Am 06.05.2011 um 10:17 schrieb Délsio Cabá: Hi, Same behavior, it does get some hits, but it doesn't ban. Other fail2ban filters are working except the one from qmail. fail2ban-regex /var/log/qmail/smtp/current /etc/fail2ban/filter.d/qmail-smtp.conf Date template hits: 0 hit(s): MONTH Day Hour:Minute:Second 0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second Year 0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second 0 hit(s): Year/Month/Day Hour:Minute:Second 0 hit(s): Day/Month/Year Hour:Minute:Second 0 hit(s): Day/MONTH/Year:Hour:Minute:Second 0 hit(s): Month/Day/Year:Hour:Minute:Second 0 hit(s): Year-Month-Day Hour:Minute:Second 0 hit(s): Day-MONTH-Year Hour:Minute:Second[.Millisecond] 0 hit(s): Day-Month-Year Hour:Minute:Second 6347 hit(s): TAI64N 0 hit(s): Epoch 0 hit(s): ISO 8601 0 hit(s): Hour:Minute:Second 0 hit(s): Month/Day/Year@Hour:Minute:Second Success, the total number of match is 168 [delsio@ns ~]# fail2ban-client status qmail-smtp Status for the jail: qmail-smtp |- filter | |- File list:/var/log/qmail/smtp/current | |- Currently failed: 0 | `- Total failed: 0 `- action |- Currently banned: 0 | `- IP list: `- Total banned: 0 2011/5/6 Toma Bogdan tbog...@direkt.ro On 5/6/2011 9:10 AM, Délsio Cabá wrote: Hi all I am getting a lot of DDOS on smtp connection logs: @40004dc390330ffb50f4 CHKUSER accepted sender: from r...@mydomain.com:: remote demagnify:unknown:173.212.197.14 rcpt : sender accepted @40004dc390340c9e201c CHKUSER rejected rcpt: from r...@mydomain.com:: remote demagnify:unknown:173.212.197.14 rcpt m...@zicel.ru : invalid rcpt MX domain .. @40004dc3905511aba4bc CHKUSER accepted sender: from r...@ns.mozdesigners.com:: remote byte:unknown:173.212.197.14 rcpt : sender accepted @40004dc390562cb394a4 CHKUSER rejected relaying: from r...@ns.mozdesigners.com:: remote byte:unknown:173.212.197.14 rcpt mad...@usc.es : client not allowed to relay I need to block this using fail2ban but the regex
Re: [qmailtoaster] Re: SpamAssassin Version
Am 30.04.2011 um 05:40 schrieb David Bray: Thanks for the Feedback Understand about the Fedora Lifetime etc. I use VM's and Fedora 13 is the current Fedora. Tried Ubuntu, CentOS and keep coming back to Fedora - mainly because the php is more up to date The driving line is not so much SA - SpamAssassin as Clam, on my last server - Fedora 12 based, there was an issue with spam and the update to SA 3.3 did get me into later rule sets (via sa-update) You can - in the Fedora 13 case, substitute in yum install spamassassin with little difficulty, basically install the package, it pulls in what it needs, then create the scripts to run under daemontools. The clamav is harder, but I have it running, though untested. The end aim is just to let the rpm system update clam, rather than having to recompile to src rpm so why is that so bad ? well the toaster works fine on a VM with 20Gb HDD and 512k ram but to recompile the clam package you have to stop the services to free up memory ... so having a recipe for utilizing then yum package is nice ... which brings you back to your argument, Fedora 13 will only have a short life for clamav updates via yum David Bray http://www.brayworth.com.au da...@brayworth.com.au Not everything is perfect with QMT, I would agree, but at the same time: it works! And as Eric pointed out, CentOS / RHEL 5.x is the most current version of the recommended OS for QMT. Jake is working on QMTv2 which will incorporate some changes and it will actually address some of the things you mention (like an option to just install binary packages instead of compile from source). That being said, if you'd like to help with QMT, please join the qmailtoaster-devel list as well! Cheers, Martin - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: patch utility under Fedora 13
Am 15.04.2011 um 02:17 schrieb David Bray: Did Jake have some thoughts on this - or should I just unpack, adjust the patch switch and compile ? - any shortcuts ? David Bray http://www.brayworth.com.au da...@brayworth.com.au On 12/04/2011 12:59 AM, Eric Shubert wrote: Jake can answer you question best. He manages the patch files. I gotta ask though, why F13? F14 is current, and F15 release is right around the corner (scheduled for 2011-05-24), which means that F13 will no longer be maintained in only a couple months (2011-06-24). See http://fedoraproject.org/wiki/Fedora_Release_Life_Cycle#Maintenance_Schedule Fedora is generally not a good choice for a production server, due to its relatively short lifetime. CentOS is a more stable platform, and is recommended for production QMT use. CentOS5.6 just came out this past weekend, and will not reach end of life for another 3 years (2014-03-31). By then, Fedora will be up to release 20. I think you get the picture. At the same time, we do appreciate people who install QMT on Fedora, so we can get things like this worked out well in advance of them arriving in CentOS. Thanks. Hi, The problem is not the patch utility itself, but the patch included in the package. It likely includes some fuzziness and the patch utility in Fedora is not tolerant when it comes to this. Personally, I think this is a good idea. The problem happens when you apply a patch that was calculated against e.g. software version 2 and is now applied to software version 2.1. If the file to patch has the lines to patch on different line numbers, some systems allow (by default) applying the patch with the offset (=fuzziness) while others do not. Hope that helps, Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 serv...@waschbuesch.it http://www.waschbuesch.it - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Checking you DKIM/DomainKeys/SPF/ etc
Another useful link is this: http://www.brandonchecketts.com/ Martin Von meinem iPhone gesendet Am 11.04.2011 um 21:05 schrieb Scott Hughes sc...@renshawauto.net: Just for everyone's general knowledge, you can send an email to: check-a...@verifier.port25.com and it will email you back with a lot of valuable information. This is a free and fast service. The reply was back within 10 seconds of my clicking the send button. Scott - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Automatic Account Expirations
The command posted in your mail needs to be in one line. Apparently, you have a line feed character in the script which causes the mysql command to fail. Martin Von meinem iPhone gesendet Am 11.04.2011 um 20:48 schrieb Gilbert T. Gutierrez, Jr. mailing-li...@phoenixinternet.net: I was looking at the script in the qmailtoaster wiki for Automatic account expirations. The script is not working for me and I am not all that great with bash scripts. Has anyone run this script on the list? When I modify the script with my server info and run the script, it logs me into mysql and then stops. when I press ctrl-c I get the following notice. mysql Aborted ./autodelete.sh: line 128: syntax error near unexpected token `newline' ./autodelete.sh: line 128: `$MYSQL_DATABASE -E -e $SQL_QUERY | $GREP email | $GAWK -F' ' '{print $2}' ' Can someone help me please or push me an alternative direction? Thank you, Gilbert Gutierrez - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: RES: [qmailtoaster] Re: Qmail-inject issue
Hi all, I sometimes have the same kind of entry in the logs: grep -R -i 'inject' /var/log/qmail/send/* comes up with entries such as this: /var/log/qmail/send/@40004cac830228d80ff4.s:@40004ca982cb35955a94 delivery 291: failure: qmail-inject:_fatal:_unable_to_parse_this_line:/Cc:_cdshummar...@waschbuesch.de,/_mar...@waschbuesch.de;_Mon,_4_Oct_2010_09:31:12_+0200/system_error_calling_qmail-inject/ The interesting thing is that I always have that when mails seem to have multiple recipients and one of them is clearly fake: cdshummar...@waschbuesch.de is not one of my users while mar...@waschbuesch.de is. I also attached an error message that goes with such errors. Please note that I have never yet seen this if it was not a spam mail anyway, so I never investigated further. Perhaps that helps? Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 serv...@waschbuesch.it http://www.waschbuesch.it ---BeginMessage--- Hi. This is the qmail-send program at hydra.waschbuesch.de. I tried to deliver a bounce message to this address, but the bounce bounced! er...@mailfrom.com: Sorry, I wasn't able to establish an SMTP connection. (#4.4.1) I'm not going to try again; this message has been in the queue too long. --- Below this line is the original bounce. Return-Path: Received: (qmail 2830 invoked for bounce); 4 Oct 2010 07:31:13 - Date: 4 Oct 2010 07:31:13 - From: mailer-dae...@hydra.waschbuesch.de To: er...@mailfrom.com Subject: failure notice Hi. This is the qmail-send program at hydra.waschbuesch.de. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. i...@waschbuesch.de: qmail-inject: fatal: unable to parse this line: Cc: cdshummar...@waschbuesch.de, mar...@waschbuesch.de; Mon, 4 Oct 2010 09:31:12 +0200 system error calling qmail-inject --- Below this line is a copy of the message. Return-Path: er...@mailfrom.com Received: (qmail 2806 invoked by uid 89); 4 Oct 2010 07:31:13 - Received: by simscan 1.4.0 ppid: 2799, pid: 2800, t: 23.6234s scanners: attach: 1.4.0 clamav: 0.96.3/m:52/d:12005 spam: 3.2.5 X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on serv01.waschbuesch.de X-Spam-Level: *** X-Spam-Status: Yes, score=3.6 required=2.0 tests=BAYES_99,HTML_MESSAGE, RDNS_NONE autolearn=no version=3.2.5 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 1.] * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS Received: from unknown (HELO ?95.86.101.2?) (95.86.101.2) by hydra.waschbuesch.de with SMTP; 4 Oct 2010 07:30:50 - Received-SPF: none (hydra.waschbuesch.de: domain at mailfrom.com does not designate permitted sender hosts) Received: from [132.51.125.15] (helo=ybqmocxuyk.jmznfn.va) by with esmtpa (Exim 4.69) (envelope-from ) id 1MMNII-6917ai-41 for andre...@waschbuesch.de, andrea...@waschbuesch.de, andr...@waschbuesch.de, i...@waschbuesch.de Cc: cdshummar...@waschbuesch.de, mar...@waschbuesch.de; Mon, 4 Oct 2010 09:31:12 +0200 From: Benjamin Lay carterzotyv...@imperial-software.de To: andre...@waschbuesch.de, andrea...@waschbuesch.de, andr...@waschbuesch.de, i...@waschbuesch.de Cc: cdshummar...@waschbuesch.de, mar...@waschbuesch.de Subject: Die Armbanduhren sind viel billiger online! Date: Mon, 4 Oct 2010 09:31:12 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_fxxoamnvl_49_47_27 X-Priority: 3 X-Mailer: rmhuzwmu.96 Message-ID: 2033986661.weil69lr106...@pvurl.pbmgh.va --=_fxxoamnvl_49_47_27 Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: quoted-printable Die Brand Original Chronometer aus der Schweiz sind zu teuer geldfressend= , aber Menschen respektieren achten deren Besitzer. erwerben Sie eine Kop= ie von einer Brand und kriegen Sie alle Privilegien der Elite ohne ein ga= nzes Vermoegen zu bezahlen.http://bit.ly/95d0yz --=_fxxoamnvl_49_47_27 Content-Type: text/html; charset=iso-8859-2 Content-Transfer-Encoding: quoted-printable !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN HTMLHEAD META http-equiv=3DContent-Type content=3Dtext/html; charset=3Diso-8859-= 2 STYLE/STYLE /HEAD BODY html body bgcolor=3D#FF link=3Dgreen font face=3DVerdana size=3D2Die Brand Original Chronometer aus der = Schweiz sind zu teuer geldfressend, aber Menschen respektieren achten der= en Besitzer. erwerben Sie eine Kopie von einer Brand und kriegen Sie alle= Privilegien der Elite ohne ein ganzes Vermoegen zu bezahlen./fontbr= br font face=3DVerdana size=3D2a href=3Dhttp://bit.ly/95d0yz; target= =3D_blankbhttp