Re: [qmailtoaster] SSL configuration
Hi, I try to implement this service, and start a submission SMTP Server on port 587. The service start normally, but when I was testing I realise that the service accept any message, like port 25. It’s supposed to just allow AUTH with TLS/SSL connections and nothing more. I’ve analyse the patch qregex-starttls-2way-auth-20060305, and qmail-tls-20060104 and I didn’t see any reference to FOCE_TLS and AUTH_REQUIRED. I’ve see another patch that implement this from http://qmail.jms1.net/smtp-service.shtml and a explanation on http://qmail.jms1.net/tls-auth.shtml. I have a problem with my dynamic ip clients. They sometimes get ip addresses that are blacklisted by RBLSMTP. I love RBLSMTP as it takes away a lot of the spam. It is working well. I understand that it is not possible for RBLSMTP to be deactivated for authenticated clients. So the only solution is to have another qmail-smtp running on another port with the RBLSMTP not activated. The submission SMTP Server port 587 is specified for an RFC so that’s perfect form me. Sérgio Costa Erik Espinoza wrote: Just ensure you stop qmail, extract the file, and restart qmail. If you extract as root, this will put the correct perms/owners. Erik On 10/7/06, Eric Shubes <[EMAIL PROTECTED]> wrote: Thanks EE. Got some painting to do this afternoon, so I'll get back to this when I can. I'll let you know how I make out. Erik Espinoza wrote: > Hey Eric, > > I'd recommend downloading > http://devel.qmailtoaster.com/download/submission.tar.gz and > extracting this in /var/qmail/supervise. This will start a submission > SMTP Server (port 587) with the following options: > > AUTH Required > TLS/SSL Required > Blacklists Disabled > > It's what should be used for outgoing smtp for home users when the isp > blocks port 25 outgoing. > > Port 25 w/ TLS does everything that port 465 SMTP-SSL does, and now > that SMTP-SSL is deprecated it is best not to use it. > > Thanks, > Erik > > On 10/7/06, Eric Shubes <[EMAIL PROTECTED]> wrote: >> I'm in the process of configuring a certificate on my server. TLS works >> fine, but I'm having the same old problem with SSL, namely that nothing's >> listening on port 465. >> >> I searched the archive, and found a procedure for setting up smtpd-ssl on >> port 465, and was wondering, is this still the right thing to do? I >> also see >> that SMTP over SSL on port 465 is depreciated. >> >> Is there any advantage to using SSL on 465, or does TLS do essentially >> the >> same thing? IOW, does TLS encrypt the password and the email content? >> >> Can someone give me a quick education? >> -- >> -Eric 'shubes' >> -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted <http://www.vr.org> - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted <http://www.vr.org> - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted <http://www.vr.org> - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] SSL configuration
Hi Erik, Sorry for my English! In my last post I try to say that: I just have tried the submission.tar.gz, but the result is the same, the service start normally, but when I was testing I realise that the service accept any message, like port 25. After that I've analysed the patch qregex-starttls-2way-auth-20060305, and qmail-tls-20060104 and I didn't see any reference to FOCE_TLS and AUTH_REQUIRED. Than I try to find an optional patch. What is wrong? I really need this port to work! You can try test that port on my server. Thanks in advanced, Sérgio Costa Erik Espinoza wrote: Get http://devel.qmailtoaster.com/download/submission.tar.gz and do the following: 1) service qmail stop 2) cd /var/qmail/supervise 3) tar -zxvf /path/to/submission.tar.gz 4) service qmail start On 10/25/06, Sérgio Costa <[EMAIL PROTECTED]> wrote: Hi, I try to implement this service, and start a submission SMTP Server on port 587. The service start normally, but when I was testing I realise that the service accept any message, like port 25. It's supposed to just allow AUTH with TLS/SSL connections and nothing more. I've analyse the patch qregex-starttls-2way-auth-20060305, and qmail-tls-20060104 and I didn't see any reference to FOCE_TLS and AUTH_REQUIRED. I've see another patch that implement this from http://qmail.jms1.net/smtp-service.shtml and a explanation on http://qmail.jms1.net/tls-auth.shtml. I have a problem with my dynamic ip clients. They sometimes get ip addresses that are blacklisted by RBLSMTP. I love RBLSMTP as it takes away a lot of the spam. It is working well. I understand that it is not possible for RBLSMTP to be deactivated for authenticated clients. So the only solution is to have another qmail-smtp running on another port with the RBLSMTP not activated. The submission SMTP Server port 587 is specified for an RFC so that's perfect form me. Sérgio Costa Erik Espinoza wrote: > Just ensure you stop qmail, extract the file, and restart qmail. If > you extract as root, this will put the correct perms/owners. > > Erik > > On 10/7/06, Eric Shubes <[EMAIL PROTECTED]> wrote: >> Thanks EE. >> Got some painting to do this afternoon, so I'll get back to this when >> I can. >> I'll let you know how I make out. >> >> Erik Espinoza wrote: >> > Hey Eric, >> > >> > I'd recommend downloading >> > http://devel.qmailtoaster.com/download/submission.tar.gz and >> > extracting this in /var/qmail/supervise. This will start a submission >> > SMTP Server (port 587) with the following options: >> > >> > AUTH Required >> > TLS/SSL Required >> > Blacklists Disabled >> > >> > It's what should be used for outgoing smtp for home users when the isp >> > blocks port 25 outgoing. >> > >> > Port 25 w/ TLS does everything that port 465 SMTP-SSL does, and now >> > that SMTP-SSL is deprecated it is best not to use it. >> > >> > Thanks, >> > Erik >> > >> > On 10/7/06, Eric Shubes <[EMAIL PROTECTED]> wrote: >> >> I'm in the process of configuring a certificate on my server. TLS >> works >> >> fine, but I'm having the same old problem with SSL, namely that >> nothing's >> >> listening on port 465. >> >> >> >> I searched the archive, and found a procedure for setting up >> smtpd-ssl on >> >> port 465, and was wondering, is this still the right thing to do? I >> >> also see >> >> that SMTP over SSL on port 465 is depreciated. >> >> >> >> Is there any advantage to using SSL on 465, or does TLS do >> essentially >> >> the >> >> same thing? IOW, does TLS encrypt the password and the email content? >> >> >> >> Can someone give me a quick education? >> >> -- >> >> -Eric 'shubes' >> >> >> >> >> -- >> -Eric 'shubes' >> >> - >> QmailToaster hosted by: VR Hosted <http://www.vr.org> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > - > QmailToaster hosted by: VR Hosted <http://www.vr.org> > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > ---
Re: [qmailtoaster] qmailtoaster-plus 0.2.4-1.3.5 released
Hi, theres a problem on new qtp-newmodel when select development packages Do you want to select libsrs2-toaster-1.0.18-1.4.1.src.rpm from Development? Shall we continue? (yes, no|skip, batch, quit) [y] / n|s / b / q : s qtp-newmodel - program bug - stable package libsrs2-toaster not found Thanks, Sérgio Erik Espinoza wrote: Hey ES, The reason that qmail-toaster requires a compile time option is because: 1) Not everyone is going to configure SRS 2) SRS can complicate things, thus I want to ensure admin's know they are turning it on. 3) The SRS patch can't be runtime disabled. This WILL cause unexpected issues if one doesn't configure SRS at all. Thanks, Erik On 1/9/07, Eric Shubes <[EMAIL PROTECTED]> wrote: Sounds good. Is there any reason why someone would want to disable srs? If so, can it be disabled even though qmail-toaster was compiled with it on and libsrs2-toaster is installed? What should the default (stock) toaster be? It seems to me that having srs enabled with libsrs2-toaster as a required dependency would be the simplest (and best) way to do it. Perhaps I'm missing something. Erik Espinoza wrote: > If qmail-toaster is compiled with srs enabled, it requires that > libsrs2-toaster be installed. > > I have updated the current.txt on the devel site to show > libsrs2-toaster before the the qmail-toaster package. > > Thanks, > Erik > > On 1/9/07, Eric Shubes <[EMAIL PROTECTED]> wrote: >> Sounds good. I'm guessing you can handle whatever dependencies in the >> spec >> file. Let me know when it's in there and I'll remove that code from >> newmodel >> (no big deal). >> >> I'll tackle working anything special for srs into newmodel at some >> point in >> the future. It'll handle installing the new package once it's in the >> current.txt list. I'm just not sure about any other requirements yet. >> >> Thanks! >> >> Erik Espinoza wrote: >> > Hi Eric, >> > >> > I left it optional, as it requires the maildrop-toaster be updated as >> > well. I think spambox can be made a default in a future release with >> > the ability to turn it off. >> > >> > Thanks, >> > Erik >> > >> > On 1/9/07, Eric Shubes <[EMAIL PROTECTED]> wrote: >> >> Nope. >> >> >> >> For spambox, it unconditionally adds that parameter for the >> >> qmailadmin-toaster package. I haven't added anything for srs yet. >> >> >> >> I kinda figured that it wouldn't hurt to have spambox as a default. Is >> >> there >> >> a reason why someone wouldn't want it? >> >> >> >> If these need to be optional (I can see where srs might need to be) >> >> let me >> >> know and I'll "make it so". >> >> >> >> BTW, neither qtp-newmodel nor qtp-ami-up2date will 'see' srs until you >> >> add >> >> it to the current.txt file. ;) >> >> >> >> Erik Espinoza wrote: >> >> > Hey Eric, >> >> > >> >> > Does it ask questions for spambox/srs when building/upgrading the >> >> > qmailadmin/qmail-toaster packages? >> >> > >> >> > >> >> > >> >> > On 1/9/07, Eric Shubes <[EMAIL PROTECTED]> wrote: >> >> >> qtp-ami-up2date now handles >< release numbers properly. I also >> added >> >> >> a "-d" >> >> >> (or -dev or -devel) flag for including checking the devel packages >> >> (in >> >> >> addition to checking the stable site). >> >> >> >> >> >> Documentation forthcoming. >> >> >> >> >> >> NJoy! >> >> >> -- >> >> >> -Eric 'shubes' >> >> >> >> >> >> >> >> >> -- >> >> -Eric 'shubes' >> >> >> >> - >> >> QmailToaster hosted by: VR Hosted <http://www.vr.org> >> >> - >> >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> >> For additional commands, e-mail: >> [EMAIL PROTECTED] >> >> >> >> >> > >> > - >> > QmailToaster hosted by: VR Hosted <http://www.vr.org> >> > ---
[qmailtoaster] IPv6 patch!
I search the list for IPv6 and found this question from [EMAIL PROTECTED] without an answer. [EMAIL PROTECTED] writes this: /"I look into qmail-toaster files ant it looks like there is no any ipv6 patch for qmail inside./ /So is there any plans to add patch for ipv6 into 1.3 branch (at least for testing purposes for future) or we can see this only in upcoming 1.4 branch?"/ So are there any plans for implementing this patch? -- Sérgio Costa <http://www.ci.ipca.pt>