Re: [qmailtoaster] TDMA
Yes you can. I have a CentOS 5.2 64 bit QmailToaster and I installed TMDA on it. It took me some doing, because the TMDA instructions weren't very obvious for the special features I wanted, but I now have it and it does work. But for the $100 question, can I help you configure it? Maybe not. Not that I'm against helping, but because it's highly dependant on how you want to configure your Toaster and then the TMDA. There are different options available and I think you should get into the TMDA and read up first. One of the problems is that there isn't a document on how to install and configure it as with the Toaster. So I would suggest following their instructions the best way you can, and see then if you need some help. Maybe even on the TMDA list. Thanks John 2008/12/18 Noel Rivera nriv...@borderless.com.mx: Can I confige TMDA (tagged message delivery agent) on Qmailtoaster for Centos 5, and how it configure this? Noel Alban Rivera Rivera - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] enable simscan to local users
nightduke, I'm sure those who are helping you will continue, and I just recently installed CentOS5 toaster which is probably a different version than yours, and when I run that command here is what I get, so yours is either old, or you are missing parts. daemontools-toaster-0.76-1.3.3 courier-imap-toaster-4.1.2-1.3.7 maildrop-toaster-devel-2.0.3-1.3.5 libdomainkeys-toaster-0.68-1.3.3 ezmlm-toaster-0.53.324-1.3.3 squirrelmail-toaster-1.4.15-1.3.10 qmailtoaster-plus-0.3.0-1.4.5 vpopmail-toaster-5.4.17-1.3.4 qmail-pop3d-toaster-1.03-1.3.15 control-panel-toaster-0.5-1.3.4 qmailmrtg-toaster-4.2-1.3.3 vqadmin-toaster-2.3.4-1.3.3 ripmime-toaster-1.4.0.6-1.3.3 ucspi-tcp-toaster-0.88-1.3.5 qmail-toaster-1.03-1.3.15 autorespond-toaster-2.0.4-1.3.3 qmailadmin-toaster-1.2.11-1.3.4 isoqlog-toaster-2.1-1.3.4 clamav-toaster-0.93.3-1.3.20 libsrs2-toaster-1.0.18-1.3.3 ezmlm-cgi-toaster-0.53.324-1.3.3 spamassassin-toaster-3.2.5-1.3.14 qmailtoaster-plus.repo-0.1-1 courier-authlib-toaster-0.59.2-1.3.6 maildrop-toaster-2.0.3-1.3.5 simscan-toaster-1.3.1-1.3.6 Thanks John On Wed, Sep 24, 2008 at 7:34 AM, nightduke [EMAIL PROTECTED] wrote: rpm -qa | grep toaster ucspi-tcp-toaster-0.88-1.3.5 libsrs2-toaster-1.0.18-1.3.3 daemontools-toaster-0.76-1.3.3 courier-authlib-toaster-0.59.2-1.3.6 autorespond-toaster-2.0.4-1.3.3 ezmlm-toaster-0.53.324-1.3.3 maildrop-toaster-2.0.3-1.3.5 ripmime-toaster-1.4.0.6-1.3.3 clamav-toaster-0.94-1.3.21 simscan-toaster-1.3.1-1.3.6 courier-imap-toaster-4.1.2-1.3.7 2008/9/24 Eric Shubert [EMAIL PROTECTED]: Apparently not qmail-toaster. What do you get from # rpm -qa | grep toaster ? nightduke wrote: It's a hostinabox based in lxadmin When i do telnet to my server at port 25 220 vserver - Welcome to Qmail ESMTP I asked people of lxlabs and they told it was based on qmail toaster. Nightduke 2008/9/23 Eric Shubert [EMAIL PROTECTED]: It appears that you're not running a qmail-toaster. :( How did you build your qmail server? nightduke wrote: service qmail cdb Usage: Qmail {start|stop|restart|condrestart|reload|status|fullstatus|graceful|help|configtest} That's is what appears when i do qmailctl cdb or service qmail cdb. Nightduke 2008/9/23 Natalio Gatti [EMAIL PROTECTED]: On Tue, Sep 23, 2008 at 9:59 AM, nightduke [EMAIL PROTECTED] wrote: Hi i have enabled it, i do tcp.smtp reload, i restart qmail, i send an email on horde to a local email and the antivirus dosen't found virus... Did you run service qmail cdb ? - QmailToaster hosted by: VR Hosted http://www.vr.org -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] : Keep a copy of send and received email for whole domain
Jake, I'll try changing it to bounce and I'll get back to you. But doesn't the bounce create more traffic? What I've thought happens is that we get the original spam for a non-valid account, we send out a bounce, and then that bounce gets bounced back to us because the sender didn't really exist. I know that somewhere the bounce gets stopped, but is it after I've sent mine, or is it after they've sent their bounce? Kind of seems like a waste of bandwidth and resources if 2 bounces get sent, or even if I'm bouncing to a non-valid original sender. As for the wiki instructions - I have mis-understood them. It says to use [EMAIL PROTECTED]:[EMAIL PROTECTED] ([EMAIL PROTECTED]) as the recipient. It seemed to me that this meant I could send it to anyone even a user on the same domain. It might be helpful to say what you told me here, do not use a valid domain for the recipient or something like that as I never would have understood that from just the example. And are there any instructions or suggestions on viewing this new non-valid Inbox from sqmail or some other reader - so I can validate whats going on since the [EMAIL PROTECTED] domain doesn't really exist? Perhaps sqmail will let me login as that user since it has the domain and user in vpopmail? I'll try that too. Thanks John On Mon, Sep 22, 2008 at 4:35 AM, Jake Vickers [EMAIL PROTECTED] wrote: Tek Support wrote: I have a few questions in answering your suggestions. 1) In qmailadmin there is such a thing as a catchall, but I don't have any catchall setup as such. 2) My .qmail-default covers this account and it says delete. --.qmail-default-- | /home/vpopmail/bin/vdelivermail '' delete --end-- It will accept email for [EMAIL PROTECTED] and delete messages to unknown users this way. Try changing it to bounce and see if that eliminates your problem. 3) You said don't do this: [EMAIL PROTECTED]:[EMAIL PROTECTED] But in the instructions it says to do exactly that. If I don't do that, then what am I supposed to do? Then the instructions are wrong. If you're talking about the wiki, I'll change them. You need to create a new domain on the machine - it does not have to be a real domain. It could be a fake domain called tap.mydomain.com, and you send the emails to an address at the fake domain. This will stop the circular loop you've got. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] : Keep a copy of send and received email for whole domain
I've setup the bounce-no-mailbox and also created an 'example.com' domain on my box. The email is going to my box at '[EMAIL PROTECTED]', and it also appears that only email destined for a valid user is getting put in the taps mailbox. I also tried logging into my sqmail with that user, and it worked fine. Thanks John On Mon, Sep 22, 2008 at 4:35 AM, Jake Vickers [EMAIL PROTECTED] wrote: Tek Support wrote: I have a few questions in answering your suggestions. 1) In qmailadmin there is such a thing as a catchall, but I don't have any catchall setup as such. 2) My .qmail-default covers this account and it says delete. --.qmail-default-- | /home/vpopmail/bin/vdelivermail '' delete --end-- It will accept email for [EMAIL PROTECTED] and delete messages to unknown users this way. Try changing it to bounce and see if that eliminates your problem. 3) You said don't do this: [EMAIL PROTECTED]:[EMAIL PROTECTED] But in the instructions it says to do exactly that. If I don't do that, then what am I supposed to do? Then the instructions are wrong. If you're talking about the wiki, I'll change them. You need to create a new domain on the machine - it does not have to be a real domain. It could be a fake domain called tap.mydomain.com, and you send the emails to an address at the fake domain. This will stop the circular loop you've got. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] : Keep a copy of send and received email for whole domain
On Mon, Sep 22, 2008 at 4:34 AM, Johannes Weberhofer, Weberhofer GmbH [EMAIL PROTECTED] wrote: In many European countries it is also an legal issues not to delete received (E-)Mails: Mails accepted for delivery must be delivered (except when infected by viruses). Does this legal issue mean that for archiving purposes you have to keep all mail destined for a valid user? I would think for an archiving purpose you could at least delete the spam. Thanks John - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] : Keep a copy of send and received email for whole domain
Thanks, that opens my eyes to what others have to do. Thanks John On Mon, Sep 22, 2008 at 7:01 AM, Johannes Weberhofer, Weberhofer GmbH [EMAIL PROTECTED] wrote: The situation in Germany/Austria is, that you have too keep all messages for legal users except when you refuse the messages on SMTP level. When you want to delete some messages after accepting them, the owner of the mailbox must explicitly agree to that. I'm not completely sure on archiving. In Germany (and I think in Austria, too), you have to store Mails which are relevant for your business-cases in arevision-safe, digitally signed form between six and ten years (an not-free Article describing the situation in Germany can be ordered at http://www.heise.de/kiosk/archiv/ix/2005/2/96_kiosk ). As it is very hard to decide what is business-relevant, I would try to filter out as much as possible on SMTP-layer and archive the rest of the mails. Johannes Tek Support schrieb: On Mon, Sep 22, 2008 at 4:34 AM, Johannes Weberhofer, Weberhofer GmbH [EMAIL PROTECTED] wrote: In many European countries it is also an legal issues not to delete received (E-)Mails: Mails accepted for delivery must be delivered (except when infected by viruses). Does this legal issue mean that for archiving purposes you have to keep all mail destined for a valid user? I would think for an archiving purpose you could at least delete the spam. Thanks John - QmailToaster hosted by: VR Hostedhttp://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- |- | weberhofer GmbH | Johannes Weberhofer | information technologies | Austria, 1080 Wien, Blindengasse 52/3 |--- - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] : Keep a copy of send and received email for whole domain
I hadn't realized that it blocks them at the smtp level. That's a great place to do it. But as you noted, I was having the problem for non-valid recipients so I had figured it was best to just delete them. However now that Jake has told me otherwise I've set it to bounce. Thanks John On Mon, Sep 22, 2008 at 6:43 AM, Johannes Weberhofer, Weberhofer GmbH [EMAIL PROTECTED] wrote: Bounce setting on qmt actually rejects accepting mails at SMTP level instead of bouncing the message. You are right, bouncing messages (esp. for non-existing recipients) can cause backscatters: it can make your server to a spam-relay which bounces spams or viruses back to faked senders who are the final messages' receipients. Johannes Tek Support schrieb: Jake, I'll try changing it to bounce and I'll get back to you. But doesn't the bounce create more traffic? What I've thought happens is that we get the original spam for a non-valid account, we send out a bounce, and then that bounce gets bounced back to us because the sender didn't really exist. I know that somewhere the bounce gets stopped, but is it after I've sent mine, or is it after they've sent their bounce? Kind of seems like a waste of bandwidth and resources if 2 bounces get sent, or even if I'm bouncing to a non-valid original sender. As for the wiki instructions - I have mis-understood them. It says to use [EMAIL PROTECTED]:[EMAIL PROTECTED] ([EMAIL PROTECTED]) as the recipient. It seemed to me that this meant I could send it to anyone even a user on the same domain. It might be helpful to say what you told me here, do not use a valid domain for the recipient or something like that as I never would have understood that from just the example. And are there any instructions or suggestions on viewing this new non-valid Inbox from sqmail or some other reader - so I can validate whats going on since the [EMAIL PROTECTED] domain doesn't really exist? Perhaps sqmail will let me login as that user since it has the domain and user in vpopmail? I'll try that too. Thanks John On Mon, Sep 22, 2008 at 4:35 AM, Jake Vickers[EMAIL PROTECTED] wrote: Tek Support wrote: I have a few questions in answering your suggestions. 1) In qmailadmin there is such a thing as a catchall, but I don't have any catchall setup as such. 2) My .qmail-default covers this account and it says delete. --.qmail-default-- | /home/vpopmail/bin/vdelivermail '' delete --end-- It will accept email for [EMAIL PROTECTED] and delete messages to unknown users this way. Try changing it to bounce and see if that eliminates your problem. 3) You said don't do this: [EMAIL PROTECTED]:[EMAIL PROTECTED] But in the instructions it says to do exactly that. If I don't do that, then what am I supposed to do? Then the instructions are wrong. If you're talking about the wiki, I'll change them. You need to create a new domain on the machine - it does not have to be a real domain. It could be a fake domain called tap.mydomain.com, and you send the emails to an address at the fake domain. This will stop the circular loop you've got. - QmailToaster hosted by: VR Hostedhttp://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hostedhttp://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- |- | weberhofer GmbH | Johannes Weberhofer | information technologies | Austria, 1080 Wien, Blindengasse 52/3 |--- - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] : Keep a copy of send and received email for whole domain
Hi all, I've installed the taps logging into my system and it's obvious to me that we are getting a copy of every email that comes to our server even though the recipient doesn't exist. I've viewed the information on the toaster and inter7, but I don't see any way to either block spam or log emails only for valid recipients. -- Example header of non-valid local recipient stored into TAPS -- Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: (qmail 4886 invoked by uid 89); 16 Sep 2008 15:01:16 - Received: from unknown (HELO 20129159020.user.veloxzone.com.br) (201.29.159.20) by mail.mydomain.com with SMTP; 16 Sep 2008 15:01:10 - Message-ID: [EMAIL PROTECTED] From: =?windows-1251?B?QWRhbiBCYW5rcw==?= [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: =?windows-1251?B?Q2FuYWRpYW4gUGhhcm1hY3k6IFZpYWdyYSwgQ2lhbGlzIGFuZCBtb3JlLi4u?= Date: Tue, 16 Sep 3609 12:05:24 -0300 MIME-Version: 1.0 -- End Header -- 'kirkjh' does not exist, anyone have any ideas how to only log for valid recipients? I realize I could enter each unique email address into my taps control file and maybe that would solve it, but I would prefer to keep my control/taps file set for the whole domain instead of entering each user seperately - as I know I'll forget to add one or remove somone as they get hired or fired. So is there a way to keep the control file as is and only log valid recipients? -- Current Taps Control File -- [EMAIL PROTECTED]:[EMAIL PROTECTED] -- End-- Thanks John - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] : Keep a copy of send and received email for whole domain
I have a few questions in answering your suggestions. 1) In qmailadmin there is such a thing as a catchall, but I don't have any catchall setup as such. 2) My .qmail-default covers this account and it says delete. --.qmail-default-- | /home/vpopmail/bin/vdelivermail '' delete --end-- 3) You said don't do this: [EMAIL PROTECTED]:[EMAIL PROTECTED] But in the instructions it says to do exactly that. If I don't do that, then what am I supposed to do? Thanks John On Sun, Sep 21, 2008 at 5:41 PM, Jake Vickers [EMAIL PROTECTED] wrote: Tek Support wrote: Hi all, I've installed the taps logging into my system and it's obvious to me that we are getting a copy of every email that comes to our server even though the recipient doesn't exist. I've viewed the information on the toaster and inter7, but I don't see any way to either block spam or log emails only for valid recipients. Do you have it set to bounce/delete for your catchall, or is there an account that is set as the catchall? -- Current Taps Control File -- [EMAIL PROTECTED]:[EMAIL PROTECTED] -- End-- Don't do this - it creates an endless loop for the tap - it taps everything for mydomain.com, so when it sends the message to [EMAIL PROTECTED] it then has to tap that, so that tap gets a tap, and then that tap gets a tap, etc. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Courier IMAP slowdown
You didn't tell what kind of server and resources your machine has. One of my suggestions could be to look at your memory and CPU and decide if you need to upgrade. Thanks John - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] preline failure - UPDATE - resolved
Well I decided to copy the preline file from a (CentOS 5) i386 machine which the preline was giving the correct messges on, and put it onto my (CentOS 5) x86_64 machine and it worked. My assumption was that preline would not work coming for a different architecture, but it did and I re-setup a test TMDA account and it too worked correctly. So, it was preline and this is now solved. Thank you for your help, John On Wed, Sep 3, 2008 at 7:02 PM, Tek Support [EMAIL PROTECTED] wrote: Hi Eric, I can contact you off list but I want to be clear, the problem isn't with TMDA, it's with preline. And preline is part of the qmail-1.03 package. I need some help understanding if preline is compatable with the 64bit OS and if (and how) I can recompile it to work. We are in the situation where TMDA is going to be required. We were using it on our last server in our qmailrocks setup. Now that I've switched us over to qmailtoaster the install worked fine, but it wouldn't run. I've narrowed it down to preline giving a weird error, and it must be either incompatable with 64 bit or corrupted. In addition I have tried using TMDA without the preline and it worked for the initial incoming email. But after the sender gets the confirmation, and returns the comfirmation, preline is required - (per the TMDA website). If preline cannot do what I need, I'll have to find another option to do what preline did. By the way, the currently installed spam filters do seem to block emails to us that we would consider 'valid'. They also seem to let through spam that we would not like to get. TMDA resolves both of these issues. With TMDA we didn't have this problem, and the owner wants it back. And as far as I know, there are no technical issues with compatability or anything like that from installing TMDA. So I'm looking for some instructions on rebuiding preline? Or does anyone know if preline is incompatable with CentOS 5 64bit? If it is, I'll have to try something else. Thanks John On Wed, Sep 3, 2008 at 8:43 AM, Eric Shubert [EMAIL PROTECTED] wrote: I generally recommend not using TMDA for several reasons, but I realize that it can be useful in some circumstances. That being said, I have installed and configured TMDA on a toaster on a contract basis. Please contact me off list if you're interested. FWIW, I don't recall having to use preline at all. That might have been due to the way TMDA was implemented though. Tek Support wrote: Hi all, I'm trying to run TMDA on my fresh (for a few months) x86_64 CentOS 5 install. I have had nothing but trouble and after many hours I have finally tracked it down to '/var/qmail/bin/preline'. Or at least it's part of the problem if not the whole thing. TMDA requires the usage of 'preline' in the .qmail-user file like such. | preline tmda-filter...blah blah... At first I thought the problem was in TMDA, but after much testing, what's happening is that preline is spitting out this error: /var/qmail/bin/preline: line 1: hello: command not found I have received a bounce email from the intented recipient with this error shown, and I have tried to run preline from the shell and got the exact same error. So in trying to be diligent I have looked at the preline.c source to see if I could figure out what might cause the above error. I couldn't find anything related. So I greped the full source tree for qmail-1.03 and still nothing came up. The source for preline has nothing in it with 'line 1:', nor for 'hello, nor for command not found'. So that's why I greped the tree and no files seemed to have those. The documentation for preline is very slim, but it appears that there are 3 possible arguments (f, r, d). But those don't do anything different for me, using them all produce the same error. Can anyone help me? Preline add's some headers to the email and then forwards it onto the tmda-filter program. So I can't live without it. Could preline be corrupt? Can I rebuild it by itself, and if so, what would be the shell commands to use? I can read 'C' and even mess around a bit with it, but I'm not a full blown C programmer. Or, is this something someone has seen before? I have searched the toaster documention and googled for it but I'm not finding anything, which is odd, as I'm rarely the first person to ever encounter a problem. Thanks John - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED
Re: [qmailtoaster] Qmail IP bind in Qmailtoaster?
Well now that you've let the cat out of the bag, do tell... :) Really, I'll wait. Thanks John On Wed, Sep 3, 2008 at 7:49 PM, Eric Shubert [EMAIL PROTECTED] wrote: Oops. That was supposed to go to Jake, not the list. Sorry 'bout that. Tagcose is a project we're working on. You'll know more of it when the time comes. Don't hold your breath. ;) Tek Support wrote: I did a google search for tagcose and couldn't find anything. What is it? Thanks John On Wed, Sep 3, 2008 at 8:34 AM, Eric Shubert [EMAIL PROTECTED] wrote: Just a note, this should be a capability in tagcose, configurable by domain. I sorta hope that EE doesn't get around to including it in the toaster. I'm a little surprised that one of the toaster's ISP users doesn't go ahead and do this themselves. Some probably have. I seem to remember this coming up before on the list. Tek Support wrote: Ditto, I actually host several domains on one machine (5 dedicated ips) and I'm getting rejected for lack of RDNS - because my server is using the 2nd IP for all domains outbound emails. If this will work for my scenerio I too would like to see this used in the Toaster. Thanks John On Tue, Sep 2, 2008 at 10:58 AM, fbc [EMAIL PROTECTED] wrote: Any chance on getting one of these patches included in qmail toaster, from the jms1 page: http://qmail.jms1.net/patches/combined-details.shtml qmail-1.03-bind-interface.patch lets you control the source IP from which outgoing connections appear from a machine with multiple IP addresses. This file on qmail.org (local copy) describes the patch more clearly, as well as the format of the /var/qmail/control/bindroutes file which it uses. I have since updated this patch- see the newbind.patch information below, under version 7.05. I'm having problems sending to some hosts, getting this error message: User and password not set, continuing without authentication. 2xx.xxx.144.xx does not like recipient. Remote host said: 554 Client host rejected: cannot find your hostname, [my.1st.ip.addr] Giving up on 2xx.xxx.144.xx. It seems to be because mail.myserver.net resolves to my.2nd.ip.addr (also on the same machine) and the default interface is my.1st.ip.addr. my.2nd.ip.addr is my mailserver's real IP address, but I can't get it to send from anything but my.1st.ip.addr. This seems like a common problem as most dedicated servers you get these days will come with 5 IPs so we run different services on each one. This seems like it would be a useful feature for QmailToaster.. or is there already a way to do it? Thanks -- -Eric 'shubes' -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] preline failure - UPDATE - resolved
I did keep the preline binary - I can send it to you here or off list. But from what I've seen during the install, the rpmbuild stuff seems to clean up all of the source files, so wouldn't it also clean up the build messages? If you can tell me where to look or what file(s) you need I would be happy to send them along. Thanks John On Thu, Sep 4, 2008 at 9:03 AM, Eric Shubert [EMAIL PROTECTED] wrote: Glad you got it working. You didn't happen to keep the bogus preline file around, did you? I'd be curious to know if it was actually a binary or not. I'd also want to have a look at the build messages for preline. Unfortunately, I don't have a 64-bit machine to do any testing on. Tek Support wrote: Well I decided to copy the preline file from a (CentOS 5) i386 machine which the preline was giving the correct messges on, and put it onto my (CentOS 5) x86_64 machine and it worked. My assumption was that preline would not work coming for a different architecture, but it did and I re-setup a test TMDA account and it too worked correctly. So, it was preline and this is now solved. Thank you for your help, John On Wed, Sep 3, 2008 at 7:02 PM, Tek Support [EMAIL PROTECTED] wrote: Hi Eric, I can contact you off list but I want to be clear, the problem isn't with TMDA, it's with preline. And preline is part of the qmail-1.03 package. I need some help understanding if preline is compatable with the 64bit OS and if (and how) I can recompile it to work. We are in the situation where TMDA is going to be required. We were using it on our last server in our qmailrocks setup. Now that I've switched us over to qmailtoaster the install worked fine, but it wouldn't run. I've narrowed it down to preline giving a weird error, and it must be either incompatable with 64 bit or corrupted. In addition I have tried using TMDA without the preline and it worked for the initial incoming email. But after the sender gets the confirmation, and returns the comfirmation, preline is required - (per the TMDA website). If preline cannot do what I need, I'll have to find another option to do what preline did. By the way, the currently installed spam filters do seem to block emails to us that we would consider 'valid'. They also seem to let through spam that we would not like to get. TMDA resolves both of these issues. With TMDA we didn't have this problem, and the owner wants it back. And as far as I know, there are no technical issues with compatability or anything like that from installing TMDA. So I'm looking for some instructions on rebuiding preline? Or does anyone know if preline is incompatable with CentOS 5 64bit? If it is, I'll have to try something else. Thanks John On Wed, Sep 3, 2008 at 8:43 AM, Eric Shubert [EMAIL PROTECTED] wrote: I generally recommend not using TMDA for several reasons, but I realize that it can be useful in some circumstances. That being said, I have installed and configured TMDA on a toaster on a contract basis. Please contact me off list if you're interested. FWIW, I don't recall having to use preline at all. That might have been due to the way TMDA was implemented though. Tek Support wrote: Hi all, I'm trying to run TMDA on my fresh (for a few months) x86_64 CentOS 5 install. I have had nothing but trouble and after many hours I have finally tracked it down to '/var/qmail/bin/preline'. Or at least it's part of the problem if not the whole thing. TMDA requires the usage of 'preline' in the .qmail-user file like such. | preline tmda-filter...blah blah... At first I thought the problem was in TMDA, but after much testing, what's happening is that preline is spitting out this error: /var/qmail/bin/preline: line 1: hello: command not found I have received a bounce email from the intented recipient with this error shown, and I have tried to run preline from the shell and got the exact same error. So in trying to be diligent I have looked at the preline.c source to see if I could figure out what might cause the above error. I couldn't find anything related. So I greped the full source tree for qmail-1.03 and still nothing came up. The source for preline has nothing in it with 'line 1:', nor for 'hello, nor for command not found'. So that's why I greped the tree and no files seemed to have those. The documentation for preline is very slim, but it appears that there are 3 possible arguments (f, r, d). But those don't do anything different for me, using them all produce the same error. Can anyone help me? Preline add's some headers to the email and then forwards it onto the tmda-filter program. So I can't live without it. Could preline be corrupt? Can I rebuild it by itself, and if so, what would be the shell commands to use? I can read 'C' and even mess around a bit with it, but I'm not a full blown C programmer. Or, is this something someone has seen before? I have searched the toaster
Re: [qmailtoaster] preline failure
That would be a nice to have it there and ready to go if one wanted it. Like you mentioned, at first the staff at my company were completely doing the knee-jerk reaction. They did not want it and they didn't like the idea of forcing their customers to have to confirm. I told them all that it was just a one time confirmation, but they thought they would loose customers over it. I explained that if they did, they weren't really customers, because all it does is ask for the confirmation one time and then they are good forever. But they didn't want it. But they want something. I need to fill you all in, in that before I worked for them, they had all of their individual email addresses listed on their website. DUH, now every Tom,Dick,Harry,Jane,Jo,Billy,Mary and every other spammer has their email addess. They are removed now, but most of the damage has been done. So we receive thousands upon thousands of spam per day - and we are a small company, less than 20 email addresses. So after about 6 months from when I told them we had it, I had my first staff person ask if they could try it. After a few weeks, they were all sold on it, and it worked and they never missed any emails, and they only got a few spam compared to all of those previously. So for this company, TMDA (as you said) setup properly is a good option in my opinion. Thanks John On Thu, Sep 4, 2008 at 1:46 AM, Harry Zink [EMAIL PROTECTED] wrote: On Sep 4, 2008, at 3:02 AM, Tek Support wrote: By the way, the currently installed spam filters do seem to block emails to us that we would consider 'valid'. They also seem to let through spam that we would not like to get. TMDA resolves both of these issues. With TMDA we didn't have this problem, and the owner wants it back. And as far as I know, there are no technical issues with compatability or anything like that from installing TMDA. I would agree - despite some knee-jerk reaction against a whitelisting approach like TMDA, when properly implemented (which TMDA is), it does a wonderful job in terms of protecting a user from nearly 99.99% of SPAM, with a minimum of errors, or false positives. The key with the TMDA implementation is the combination of TMDA.cgi and the ofmipd based 'automatic whitelisting' of outgoing mail (i.e. mail you *send*, automatically gets the recipient added to the whitelist - hence, if they reply, or send you mail, they never get bothered). Devoid of tmad.cgi, and the ofmipd solution, I would agree in not being too keen on TMDA - in combination, as it is presented, TMDA is a winner. I really wish TMDA were to be included in QmailToaster for those reasons. Harry - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Qmail IP bind in Qmailtoaster?
I for one do not work for an ISP, nor am I a C/C++ (or whatever you are using) programmer. I am a PHP. But because of the great support, and because of the wonderful package, great documentation and other things, I'm willing to do anything I can for you guys to help out. Like everyone I lead a busy life, but this list has helped me. So I've been trying to help answer others also. Thanks for all of the hard work - everyone involved. John On Thu, Sep 4, 2008 at 12:15 PM, Eric Shubert [EMAIL PROTECTED] wrote: fbc wrote: Any reason why you hope it's not included in the toaster? No, and that's not what I said. I'll elaborate. EE has already contributed an awful lot to the toaster, and his time for doing enhancements is limited. I think he's done far more than his share, and I'd like to see other competent SAs, particularly those working for ISPs, make contributions such as this enhancement. This would be most appropriate for two reasons: 1) ISPs are the types of users who tend to benefit from this enhancement. 2) ISPs typically generate revenue directly from the toaster. This just seems fair to me. It seems like it would only help people out and not be a determent to anyone who still uses the default way. On Thu, Sep 4, 2008 at 12:46 AM, Tek Support [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Well now that you've let the cat out of the bag, do tell... :) Really, I'll wait. Thanks John On Wed, Sep 3, 2008 at 7:49 PM, Eric Shubert [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Oops. That was supposed to go to Jake, not the list. Sorry 'bout that. Tagcose is a project we're working on. You'll know more of it when the time comes. Don't hold your breath. ;) Tek Support wrote: I did a google search for tagcose and couldn't find anything. What is it? Thanks John On Wed, Sep 3, 2008 at 8:34 AM, Eric Shubert [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Just a note, this should be a capability in tagcose, configurable by domain. I sorta hope that EE doesn't get around to including it in the toaster. I'm a little surprised that one of the toaster's ISP users doesn't go ahead and do this themselves. Some probably have. I seem to remember this coming up before on the list. Tek Support wrote: Ditto, I actually host several domains on one machine (5 dedicated ips) and I'm getting rejected for lack of RDNS - because my server is using the 2nd IP for all domains outbound emails. If this will work for my scenerio I too would like to see this used in the Toaster. Thanks John On Tue, Sep 2, 2008 at 10:58 AM, fbc [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Any chance on getting one of these patches included in qmail toaster, from the jms1 page: http://qmail.jms1.net/patches/combined-details.shtml qmail-1.03-bind-interface.patch lets you control the source IP from which outgoing connections appear from a machine with multiple IP addresses. This file on qmail.org http://qmail.org (local copy) describes the patch more clearly, as well as the format of the /var/qmail/control/bindroutes file which it uses. I have since updated this patch- see the newbind.patch information below, under version 7.05. I'm having problems sending to some hosts, getting this error message: User and password not set, continuing without authentication. 2xx.xxx.144.xx does not like recipient. Remote host said: 554 Client host rejected: cannot find your hostname, [my.1st.ip.addr] Giving up on 2xx.xxx.144.xx. It seems to be because mail.myserver.net http://mail.myserver.net resolves to my.2nd.ip.addr (also on the same machine) and the default interface is my.1st.ip.addr. my.2nd.ip.addr is my mailserver's real IP address, but I can't get it to send from anything but my.1st.ip.addr. This seems like a common problem as most dedicated servers you get these days will come with 5 IPs so we run different services on each one. This seems like it would be a useful feature for QmailToaster.. or is there already a way to do it? Thanks -- -Eric 'shubes' -- -Eric 'shubes' -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED
Re: [qmailtoaster] preline failure - UPDATE - resolved
Wow, that's a good eye you have. I first tried to view the new preline (copied over) in vi and it's a binary. So then I tried to view the 'orig.preline' and it is a script. What is odd, is that it contains a hello string at first, and then it shows the same kind of thing I needed in my .qmail-user file. Here are the contents. --All one line--- hello /home/vpopmail/tmda-1.1.12/bin/tmda-filter -c /home/vpopmail/domains/mydomain.com/.tmdarc-myuser I think it would be obvious that this file got overwritten - by me somehow? But I don't know how or why. So I'm claiming ignorance. ;-) But to have mydomain.com and myuser is odd enough - which was also the first user I created with qmailadmin - I don't know how it got there. And I'm 99.9% sure that I didn't do it manually. For one, the hello at position 1 is not included in the .qmail-user file. So how did that get there? If I had copied (by accident) my .qmail-user file ontop of this, it wouldn't have the hello there. Is there anything in qmailadmin/admin-toaster that would/could do this? Maybe something in the TMDA install? I know that this version of TMDA I installed is a newer version than what I used previously. I am now wishing I had a clean box to re-test this all on and see at what step it happend. But I might have a window into what might have happened and it would suggest TMDA. I have my own server which I share with a friend. He has been complaining about my original OS and website and wanted to do some newer things (Slackware, qmail-rocks, TMDA, apache 1, PHP 4, mysql 3), etc. So after finding that CentOS 5 was going to be the new standard for qmailtoaster I decided to upgrade mine as well. So I got a new server for work and it's a 64bit and installed the Toaster and TMDA. And then re-installed my own but without TMDA. My own is a (32bit) and is also running qmail-toaster CentOS 5 just fine, but since work comes first, I haven't yet installed TMDA on my own. So either something is different in the 32bit to 64bit (not too likely) or something in TMDA might have overwritten preline. Thanks John On Thu, Sep 4, 2008 at 3:39 PM, Eric Shubert [EMAIL PROTECTED] wrote: Tek Support wrote: I did keep the preline binary - I can send it to you here or off list. I'm just curious to know if it's really a binary or not. The error message appears as though it's some sort of script, but that's not necessarily the case. If it's a script I'd like to see it. If it's binary, no need. But from what I've seen during the install, the rpmbuild stuff seems to clean up all of the source files, so wouldn't it also clean up the build messages? If you can tell me where to look or what file(s) you need I would be happy to send them along. The build messages simply go to the screen (and are lost) unless you redirect them somewhere. If you were to use qtp-newmodel, the messages are logged in the /usr/src/qtp-upgrade/log/ directory. Thanks John On Thu, Sep 4, 2008 at 9:03 AM, Eric Shubert [EMAIL PROTECTED] wrote: Glad you got it working. You didn't happen to keep the bogus preline file around, did you? I'd be curious to know if it was actually a binary or not. I'd also want to have a look at the build messages for preline. Unfortunately, I don't have a 64-bit machine to do any testing on. Tek Support wrote: Well I decided to copy the preline file from a (CentOS 5) i386 machine which the preline was giving the correct messges on, and put it onto my (CentOS 5) x86_64 machine and it worked. My assumption was that preline would not work coming for a different architecture, but it did and I re-setup a test TMDA account and it too worked correctly. So, it was preline and this is now solved. Thank you for your help, John On Wed, Sep 3, 2008 at 7:02 PM, Tek Support [EMAIL PROTECTED] wrote: Hi Eric, I can contact you off list but I want to be clear, the problem isn't with TMDA, it's with preline. And preline is part of the qmail-1.03 package. I need some help understanding if preline is compatable with the 64bit OS and if (and how) I can recompile it to work. We are in the situation where TMDA is going to be required. We were using it on our last server in our qmailrocks setup. Now that I've switched us over to qmailtoaster the install worked fine, but it wouldn't run. I've narrowed it down to preline giving a weird error, and it must be either incompatable with 64 bit or corrupted. In addition I have tried using TMDA without the preline and it worked for the initial incoming email. But after the sender gets the confirmation, and returns the comfirmation, preline is required - (per the TMDA website). If preline cannot do what I need, I'll have to find another option to do what preline did. By the way, the currently installed spam filters do seem to block emails to us that we would consider 'valid'. They also seem to let through spam that we would not like to get. TMDA resolves both
Re: [qmailtoaster] preline failure - UPDATE - resolved
Oh PS... I installed from scratch and so I didn't use qtp-newmodel and I didn't redirect any output from the build. Thanks John On Thu, Sep 4, 2008 at 3:39 PM, Eric Shubert [EMAIL PROTECTED] wrote: Tek Support wrote: I did keep the preline binary - I can send it to you here or off list. I'm just curious to know if it's really a binary or not. The error message appears as though it's some sort of script, but that's not necessarily the case. If it's a script I'd like to see it. If it's binary, no need. But from what I've seen during the install, the rpmbuild stuff seems to clean up all of the source files, so wouldn't it also clean up the build messages? If you can tell me where to look or what file(s) you need I would be happy to send them along. The build messages simply go to the screen (and are lost) unless you redirect them somewhere. If you were to use qtp-newmodel, the messages are logged in the /usr/src/qtp-upgrade/log/ directory. Thanks John On Thu, Sep 4, 2008 at 9:03 AM, Eric Shubert [EMAIL PROTECTED] wrote: Glad you got it working. You didn't happen to keep the bogus preline file around, did you? I'd be curious to know if it was actually a binary or not. I'd also want to have a look at the build messages for preline. Unfortunately, I don't have a 64-bit machine to do any testing on. Tek Support wrote: Well I decided to copy the preline file from a (CentOS 5) i386 machine which the preline was giving the correct messges on, and put it onto my (CentOS 5) x86_64 machine and it worked. My assumption was that preline would not work coming for a different architecture, but it did and I re-setup a test TMDA account and it too worked correctly. So, it was preline and this is now solved. Thank you for your help, John On Wed, Sep 3, 2008 at 7:02 PM, Tek Support [EMAIL PROTECTED] wrote: Hi Eric, I can contact you off list but I want to be clear, the problem isn't with TMDA, it's with preline. And preline is part of the qmail-1.03 package. I need some help understanding if preline is compatable with the 64bit OS and if (and how) I can recompile it to work. We are in the situation where TMDA is going to be required. We were using it on our last server in our qmailrocks setup. Now that I've switched us over to qmailtoaster the install worked fine, but it wouldn't run. I've narrowed it down to preline giving a weird error, and it must be either incompatable with 64 bit or corrupted. In addition I have tried using TMDA without the preline and it worked for the initial incoming email. But after the sender gets the confirmation, and returns the comfirmation, preline is required - (per the TMDA website). If preline cannot do what I need, I'll have to find another option to do what preline did. By the way, the currently installed spam filters do seem to block emails to us that we would consider 'valid'. They also seem to let through spam that we would not like to get. TMDA resolves both of these issues. With TMDA we didn't have this problem, and the owner wants it back. And as far as I know, there are no technical issues with compatability or anything like that from installing TMDA. So I'm looking for some instructions on rebuiding preline? Or does anyone know if preline is incompatable with CentOS 5 64bit? If it is, I'll have to try something else. Thanks John On Wed, Sep 3, 2008 at 8:43 AM, Eric Shubert [EMAIL PROTECTED] wrote: I generally recommend not using TMDA for several reasons, but I realize that it can be useful in some circumstances. That being said, I have installed and configured TMDA on a toaster on a contract basis. Please contact me off list if you're interested. FWIW, I don't recall having to use preline at all. That might have been due to the way TMDA was implemented though. Tek Support wrote: Hi all, I'm trying to run TMDA on my fresh (for a few months) x86_64 CentOS 5 install. I have had nothing but trouble and after many hours I have finally tracked it down to '/var/qmail/bin/preline'. Or at least it's part of the problem if not the whole thing. TMDA requires the usage of 'preline' in the .qmail-user file like such. | preline tmda-filter...blah blah... At first I thought the problem was in TMDA, but after much testing, what's happening is that preline is spitting out this error: /var/qmail/bin/preline: line 1: hello: command not found I have received a bounce email from the intented recipient with this error shown, and I have tried to run preline from the shell and got the exact same error. So in trying to be diligent I have looked at the preline.c source to see if I could figure out what might cause the above error. I couldn't find anything related. So I greped the full source tree for qmail-1.03 and still nothing came up. The source for preline has nothing in it with 'line 1:', nor for 'hello, nor for command not found'. So that's why I greped the tree
[qmailtoaster] preline failure - UPDATE
I have a second server (different customer), again fairlly fresh CentOS5 qmail-toaster install, but on 32bit. I just checked to see if preline would run from the shell, or fail, and it ran, and worked as I would expect. # /var/qmail/bin/preline preline: usage: preline cmd [ arg ... ] So the preline on the 64bit machine must be corrupted somehow, or something is wrong with the coding for 64bit.??? Thanks John On Tue, Sep 2, 2008 at 10:50 PM, Tek Support [EMAIL PROTECTED] wrote: Hi all, I'm trying to run TMDA on my fresh (for a few months) x86_64 CentOS 5 install. I have had nothing but trouble and after many hours I have finally tracked it down to '/var/qmail/bin/preline'. Or at least it's part of the problem if not the whole thing. TMDA requires the usage of 'preline' in the .qmail-user file like such. | preline tmda-filter...blah blah... At first I thought the problem was in TMDA, but after much testing, what's happening is that preline is spitting out this error: /var/qmail/bin/preline: line 1: hello: command not found I have received a bounce email from the intented recipient with this error shown, and I have tried to run preline from the shell and got the exact same error. So in trying to be diligent I have looked at the preline.c source to see if I could figure out what might cause the above error. I couldn't find anything related. So I greped the full source tree for qmail-1.03 and still nothing came up. The source for preline has nothing in it with 'line 1:', nor for 'hello, nor for command not found'. So that's why I greped the tree and no files seemed to have those. The documentation for preline is very slim, but it appears that there are 3 possible arguments (f, r, d). But those don't do anything different for me, using them all produce the same error. Can anyone help me? Preline add's some headers to the email and then forwards it onto the tmda-filter program. So I can't live without it. Could preline be corrupt? Can I rebuild it by itself, and if so, what would be the shell commands to use? I can read 'C' and even mess around a bit with it, but I'm not a full blown C programmer. Or, is this something someone has seen before? I have searched the toaster documention and googled for it but I'm not finding anything, which is odd, as I'm rarely the first person to ever encounter a problem. Thanks John - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Qmail IP bind in Qmailtoaster?
Ditto, I actually host several domains on one machine (5 dedicated ips) and I'm getting rejected for lack of RDNS - because my server is using the 2nd IP for all domains outbound emails. If this will work for my scenerio I too would like to see this used in the Toaster. Thanks John On Tue, Sep 2, 2008 at 10:58 AM, fbc [EMAIL PROTECTED] wrote: Any chance on getting one of these patches included in qmail toaster, from the jms1 page: http://qmail.jms1.net/patches/combined-details.shtml qmail-1.03-bind-interface.patch lets you control the source IP from which outgoing connections appear from a machine with multiple IP addresses. This file on qmail.org (local copy) describes the patch more clearly, as well as the format of the /var/qmail/control/bindroutes file which it uses. I have since updated this patch- see the newbind.patch information below, under version 7.05. I'm having problems sending to some hosts, getting this error message: User and password not set, continuing without authentication. 2xx.xxx.144.xx does not like recipient. Remote host said: 554 Client host rejected: cannot find your hostname, [my.1st.ip.addr] Giving up on 2xx.xxx.144.xx. It seems to be because mail.myserver.net resolves to my.2nd.ip.addr (also on the same machine) and the default interface is my.1st.ip.addr. my.2nd.ip.addr is my mailserver's real IP address, but I can't get it to send from anything but my.1st.ip.addr. This seems like a common problem as most dedicated servers you get these days will come with 5 IPs so we run different services on each one. This seems like it would be a useful feature for QmailToaster.. or is there already a way to do it? Thanks - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] BCC to Boss Function
Ho, I guess you missed the recent comment made about TAPS by Eric. I believe it will do what you want. See the wiki: http://wiki.qmailtoaster.com/index.php/Taps Thanks John On Tue, Sep 2, 2008 at 11:42 PM, Ho Ho [EMAIL PROTECTED] wrote: My manager want to monitor some user send box to know what they send outside. How can I grap some user send mail to my boss account? Is it easy to manage it? Thanks!! Ho - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] preline failure
Hi Eric, I can contact you off list but I want to be clear, the problem isn't with TMDA, it's with preline. And preline is part of the qmail-1.03 package. I need some help understanding if preline is compatable with the 64bit OS and if (and how) I can recompile it to work. We are in the situation where TMDA is going to be required. We were using it on our last server in our qmailrocks setup. Now that I've switched us over to qmailtoaster the install worked fine, but it wouldn't run. I've narrowed it down to preline giving a weird error, and it must be either incompatable with 64 bit or corrupted. In addition I have tried using TMDA without the preline and it worked for the initial incoming email. But after the sender gets the confirmation, and returns the comfirmation, preline is required - (per the TMDA website). If preline cannot do what I need, I'll have to find another option to do what preline did. By the way, the currently installed spam filters do seem to block emails to us that we would consider 'valid'. They also seem to let through spam that we would not like to get. TMDA resolves both of these issues. With TMDA we didn't have this problem, and the owner wants it back. And as far as I know, there are no technical issues with compatability or anything like that from installing TMDA. So I'm looking for some instructions on rebuiding preline? Or does anyone know if preline is incompatable with CentOS 5 64bit? If it is, I'll have to try something else. Thanks John On Wed, Sep 3, 2008 at 8:43 AM, Eric Shubert [EMAIL PROTECTED] wrote: I generally recommend not using TMDA for several reasons, but I realize that it can be useful in some circumstances. That being said, I have installed and configured TMDA on a toaster on a contract basis. Please contact me off list if you're interested. FWIW, I don't recall having to use preline at all. That might have been due to the way TMDA was implemented though. Tek Support wrote: Hi all, I'm trying to run TMDA on my fresh (for a few months) x86_64 CentOS 5 install. I have had nothing but trouble and after many hours I have finally tracked it down to '/var/qmail/bin/preline'. Or at least it's part of the problem if not the whole thing. TMDA requires the usage of 'preline' in the .qmail-user file like such. | preline tmda-filter...blah blah... At first I thought the problem was in TMDA, but after much testing, what's happening is that preline is spitting out this error: /var/qmail/bin/preline: line 1: hello: command not found I have received a bounce email from the intented recipient with this error shown, and I have tried to run preline from the shell and got the exact same error. So in trying to be diligent I have looked at the preline.c source to see if I could figure out what might cause the above error. I couldn't find anything related. So I greped the full source tree for qmail-1.03 and still nothing came up. The source for preline has nothing in it with 'line 1:', nor for 'hello, nor for command not found'. So that's why I greped the tree and no files seemed to have those. The documentation for preline is very slim, but it appears that there are 3 possible arguments (f, r, d). But those don't do anything different for me, using them all produce the same error. Can anyone help me? Preline add's some headers to the email and then forwards it onto the tmda-filter program. So I can't live without it. Could preline be corrupt? Can I rebuild it by itself, and if so, what would be the shell commands to use? I can read 'C' and even mess around a bit with it, but I'm not a full blown C programmer. Or, is this something someone has seen before? I have searched the toaster documention and googled for it but I'm not finding anything, which is odd, as I'm rarely the first person to ever encounter a problem. Thanks John - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Qmail IP bind in Qmailtoaster?
I did a google search for tagcose and couldn't find anything. What is it? Thanks John On Wed, Sep 3, 2008 at 8:34 AM, Eric Shubert [EMAIL PROTECTED] wrote: Just a note, this should be a capability in tagcose, configurable by domain. I sorta hope that EE doesn't get around to including it in the toaster. I'm a little surprised that one of the toaster's ISP users doesn't go ahead and do this themselves. Some probably have. I seem to remember this coming up before on the list. Tek Support wrote: Ditto, I actually host several domains on one machine (5 dedicated ips) and I'm getting rejected for lack of RDNS - because my server is using the 2nd IP for all domains outbound emails. If this will work for my scenerio I too would like to see this used in the Toaster. Thanks John On Tue, Sep 2, 2008 at 10:58 AM, fbc [EMAIL PROTECTED] wrote: Any chance on getting one of these patches included in qmail toaster, from the jms1 page: http://qmail.jms1.net/patches/combined-details.shtml qmail-1.03-bind-interface.patch lets you control the source IP from which outgoing connections appear from a machine with multiple IP addresses. This file on qmail.org (local copy) describes the patch more clearly, as well as the format of the /var/qmail/control/bindroutes file which it uses. I have since updated this patch- see the newbind.patch information below, under version 7.05. I'm having problems sending to some hosts, getting this error message: User and password not set, continuing without authentication. 2xx.xxx.144.xx does not like recipient. Remote host said: 554 Client host rejected: cannot find your hostname, [my.1st.ip.addr] Giving up on 2xx.xxx.144.xx. It seems to be because mail.myserver.net resolves to my.2nd.ip.addr (also on the same machine) and the default interface is my.1st.ip.addr. my.2nd.ip.addr is my mailserver's real IP address, but I can't get it to send from anything but my.1st.ip.addr. This seems like a common problem as most dedicated servers you get these days will come with 5 IPs so we run different services on each one. This seems like it would be a useful feature for QmailToaster.. or is there already a way to do it? Thanks -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Re: closed email lists (aliases)
I told you there were smarter people than I. :) For problem #1, I manually enter each of my [EMAIL PROTECTED] as a subscriber. Again, with a small company this works. For problem #2 What if you changed the bounce setting to Only subscribers can post, all others go to moderators for approval,and thus it wouldn't bounce nor be used for spam. If these are not going to work for you, perhaps there is someone else with better ideas. Thanks John On Wed, Sep 3, 2008 at 9:14 AM, Hristo Chernev [EMAIL PROTECTED] wrote: You are talking for Ezmlm based groups right? I was testing the ezmlm groups features but I find two major problems with them: 1. Only subscribed senders can send to the group but what I need is the whole domain to be able to send to the group. 2. Ezmlm bounces an answer when he receive mail from unsubscribed email. Spammers may use the list to spam third party by fake sender address. Thats why I want to skip bounces at all. Is it possible to workaround these problems and is there another solution not based on ezmlm? I'm sure there is someone smarter than I, but in my company I simply close off the email group to any incoming subscription requests (closed list), and then I manually enter each subscriber - each email address in my company. Mine is small enough that's not a problem, but if you have a large company or lots of turn over, this might not work as well. If you were needing specifics I can give that, but if you know how to use your qmailtoaster admin area, you don't need me to walk you through it. Thanks John On Mon, Sep 1, 2008 at 9:34 AM, Hristo Chernev [EMAIL PROTECTED] wrote: Hello, I successfully installed the last toaster on CentOS 5 ( on AMD 64bit dual core platform). It works like charm - thanks to all of you who work on qmailtoaster project! I have one organizational problem - I want to create email group which distribute the mail received to couple of email addresses but only if the incoming email is from the same domain (or from the group). For example - [EMAIL PROTECTED] is the group email and it should only accept and deliver mail if it comes from [EMAIL PROTECTED] How can this be done? -- Hristo Chernev - ICN.Bg ñ ��é-���à ���à �ò ��ã �è �à �ÿ ð VPS ��è - 42 �â. | è ��è - 149 �â. ñ ��Ñ ��ã �ò 2.60 �â. | ��è (info, eu, bg) �ò 6.90 �â. ñ ��Ñ http://icn.bg/ - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] closed email lists (aliases)
I'm sure there is someone smarter than I, but in my company I simply close off the email group to any incoming subscription requests (closed list), and then I manually enter each subscriber - each email address in my company. Mine is small enough that's not a problem, but if you have a large company or lots of turn over, this might not work as well. If you were needing specifics I can give that, but if you know how to use your qmailtoaster admin area, you don't need me to walk you through it. Thanks John On Mon, Sep 1, 2008 at 9:34 AM, Hristo Chernev [EMAIL PROTECTED] wrote: Hello, I successfully installed the last toaster on CentOS 5 ( on AMD 64bit dual core platform). It works like charm - thanks to all of you who work on qmailtoaster project! I have one organizational problem - I want to create email group which distribute the mail received to couple of email addresses but only if the incoming email is from the same domain (or from the group). For example - [EMAIL PROTECTED] is the group email and it should only accept and deliver mail if it comes from [EMAIL PROTECTED] How can this be done? -- Hristo Chernev - ��ã �ò 2.60 �â/ì | ��è �ò 6.90 �â. | ��è, VPS �ò 42.00 �â/ì ñ ��Ñ 12 GB î, ��à �ê, à �à – 5.70 �â./ì ñ ��Ñ! 17 GB î, 700 GB �ê, à �à – 11.46 �â./ì ñ ��Ñ! http://icn.bg/ - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] some problems
I appreciate you doing a test to yahoo, it gives me one more piece to the puzzle. I've never seriously considered the Mac to be any part of the real problem. But it's where I am in the process of elimination. I would like to turn off DKIM but Yahoo is so strange, the sometimes will block emails that are not spam, have the correct RDNS and also have a good DKIM signature. So I've been hopeful that as I implement each new little thing like DKIM, that yahoo will stop being so retarted on what they block/deffer and put into the spam folder. I've had valid emails from someone for months, and then all of a sudden they are put into my spam folder. But I can't expect yahoo to accept my emails if I'm using DKIM and my HASH doesn't work right. So like you've suggested, maybe I'll just turn it off. Thanks John On Thu, Aug 28, 2008 at 11:08 AM, Eric Shubert [EMAIL PROTECTED] wrote: FWIW, I just had my Mac user send a test to yahoo, and it came through just fine: Authentication-Results: mta230.mail.re4.yahoo.com from=shubes.net; domainkeys=pass (ok) ... DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; d=shubes.net; b=UncEkJWJcam4+5rGNSbusen0silI486Nm9KxTZRLuJoA5qQ55efjifjFRc6VKxQX; Received: by simscan 1.3.1 ppid: 26131, pid: 26134, t: 0.0166s scanners: clamav: 0.93.3 Eric Shubert wrote: I'd look very carefully at the Mac's configuration. I have a Mac user on a toaster signing with DKs, and haven't heard of any undeliverables. Not sure there's much if anything going to yahoo from there though. Then I'd consider turning off DK signatures. Not many servers actively use them. Even google groups (google 'invented' DKs) only uses DKs in test mode (last I checked, several months ago). Tek Support wrote: Yes that's correct, both are in the same domain. Thanks John On Wed, Aug 27, 2008 at 10:24 PM, Eric Shubert [EMAIL PROTECTED] wrote: That's an odd one, all right. And I think you've described the situation pretty well (at least I think I understand what's happening). Both instances are sending from exactly the same domain, right? Tek Support wrote: You know, I don't think it has anything to do with simscan. A staff member in the office using a Mac laptop is sending mail to port 587 (no TLS option available in her Mac - only SSL, but she is in the local office and the Mail Server is in the local office, and she is not sending her password over the internet, so it's probably fine to go without TLS in her case). Anyway, when she sends an email to port 587 into our mail server to yahoo, it fails with domainkey failed error header. When I send via PC and Thuderbird into our external firewall port forwarded into Mail Server port 587 with or without TLS to yahoo (I've tried both ways), it works perfectly and the domainkey header suceeded. In both instances (Mac internal office, PC external - internet), simscan is listed below the Domainkey header. So since mine works and her's does not, I don't think it is simscan/clamav. It's happening to both of our emails, so that would not appear to be a problem. But, what in the world could it be? I'm obviously going to have to go into the office and try sending from my Thunderbird out to yahoo and see if that still works. But no matter if it does or does not, how could Mac Mail or PC Thunderbird have anything to do with the headers and HASH that would cause domainkeys to fail or suceed since they are only calculated and added after the message has been handed off to port 587 on the Mail Server? For referrence, the external firewall only does a packet forwarding into our mail server for traffic on port 587, and does not rewrite anything. Thanks John On Wed, Aug 27, 2008 at 9:06 PM, Tek Support [EMAIL PROTECTED] wrote: Well, we probably don't need it that bad that then. Thanks John On Wed, Aug 27, 2008 at 10:37 AM, Eric Shubert [EMAIL PROTECTED] wrote: I don't know, short of looking at the code. That would be in the (heavily patched) source code for the qmail-smtp program. Looking that up would not be a trivial exercise. Tek Support wrote: As you said (would have to), how do I determine the order they are run? Is it simply that the DKIM header is added on top of the simscan, thus simscan first and dkim 2nd? Thanks John On Tue, Aug 26, 2008 at 2:14 PM, Eric Shubert [EMAIL PROTECTED] wrote: Simscan does scan outbound mail, but scans only for viruses (clamav), not spam (spamassassin). This is consistent with the message you're seeing. Adding the DK signature would (have to) happen after this scan. Tek Support wrote: Hi Eric, thanks for the quick reply. The reason I think it's doing outbound scanning is a specific line in the header, maybe you can shed some light on it. In an email sent from mydomain to my yahoo accout these are in the headers. The line I'm interrested in, is possibly added by yahoo, but I think it's from me. Received
Re: [qmailtoaster] some problems
Ok, now I'm confused. A long time ago I added an SPF TXT record to our company's DNS. I thought that was DK. Now with the newly installed CentOS 5 QmailToaster near the bottom of the instructions (10. Add domainkeys:), I thought this was DKIM since I had already had the SPF. What is the difference between the SPF and DK? And then what is the difference between DK and DKIM? Thanks John On Thu, Aug 28, 2008 at 2:56 PM, Eric Shubert [EMAIL PROTECTED] wrote: As I understand it, a yahoo customer can mark an email coming from you as spam, and whammy, just like that your server gets deferred. Kinda suks if you ask me. I think you can contact them and go through some sort of process to get un-deferred. I wouldn't want to try to go that route unless it was absolutely necessary though (I've heard horror stories). And one more thing, it's DK we're talking about, *not* DKIM. DKIM is different, sort of a successor to DK. DKIM is *not* implemented in the toaster in any fashion (and probably won't be any time soon). Tek Support wrote: I appreciate you doing a test to yahoo, it gives me one more piece to the puzzle. I've never seriously considered the Mac to be any part of the real problem. But it's where I am in the process of elimination. I would like to turn off DKIM but Yahoo is so strange, the sometimes will block emails that are not spam, have the correct RDNS and also have a good DKIM signature. So I've been hopeful that as I implement each new little thing like DKIM, that yahoo will stop being so retarted on what they block/deffer and put into the spam folder. I've had valid emails from someone for months, and then all of a sudden they are put into my spam folder. But I can't expect yahoo to accept my emails if I'm using DKIM and my HASH doesn't work right. So like you've suggested, maybe I'll just turn it off. Thanks John On Thu, Aug 28, 2008 at 11:08 AM, Eric Shubert [EMAIL PROTECTED] wrote: FWIW, I just had my Mac user send a test to yahoo, and it came through just fine: Authentication-Results: mta230.mail.re4.yahoo.com from=shubes.net; domainkeys=pass (ok) ... DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; d=shubes.net; b=UncEkJWJcam4+5rGNSbusen0silI486Nm9KxTZRLuJoA5qQ55efjifjFRc6VKxQX; Received: by simscan 1.3.1 ppid: 26131, pid: 26134, t: 0.0166s scanners: clamav: 0.93.3 Eric Shubert wrote: I'd look very carefully at the Mac's configuration. I have a Mac user on a toaster signing with DKs, and haven't heard of any undeliverables. Not sure there's much if anything going to yahoo from there though. Then I'd consider turning off DK signatures. Not many servers actively use them. Even google groups (google 'invented' DKs) only uses DKs in test mode (last I checked, several months ago). Tek Support wrote: Yes that's correct, both are in the same domain. Thanks John On Wed, Aug 27, 2008 at 10:24 PM, Eric Shubert [EMAIL PROTECTED] wrote: That's an odd one, all right. And I think you've described the situation pretty well (at least I think I understand what's happening). Both instances are sending from exactly the same domain, right? Tek Support wrote: You know, I don't think it has anything to do with simscan. A staff member in the office using a Mac laptop is sending mail to port 587 (no TLS option available in her Mac - only SSL, but she is in the local office and the Mail Server is in the local office, and she is not sending her password over the internet, so it's probably fine to go without TLS in her case). Anyway, when she sends an email to port 587 into our mail server to yahoo, it fails with domainkey failed error header. When I send via PC and Thuderbird into our external firewall port forwarded into Mail Server port 587 with or without TLS to yahoo (I've tried both ways), it works perfectly and the domainkey header suceeded. In both instances (Mac internal office, PC external - internet), simscan is listed below the Domainkey header. So since mine works and her's does not, I don't think it is simscan/clamav. It's happening to both of our emails, so that would not appear to be a problem. But, what in the world could it be? I'm obviously going to have to go into the office and try sending from my Thunderbird out to yahoo and see if that still works. But no matter if it does or does not, how could Mac Mail or PC Thunderbird have anything to do with the headers and HASH that would cause domainkeys to fail or suceed since they are only calculated and added after the message has been handed off to port 587 on the Mail Server? For referrence, the external firewall only does a packet forwarding into our mail server for traffic on port 587, and does not rewrite anything. Thanks John On Wed, Aug 27, 2008 at 9:06 PM, Tek Support [EMAIL PROTECTED] wrote: Well, we probably don't need it that bad that then. Thanks John On Wed, Aug 27, 2008 at 10:37 AM, Eric Shubert [EMAIL
Re: [qmailtoaster] some problems
Another question I have is what is this header for? /m:47/d: 7860 Thanks John On Thu, Aug 28, 2008 at 7:47 PM, Tek Support [EMAIL PROTECTED] wrote: Ok, now I'm confused. A long time ago I added an SPF TXT record to our company's DNS. I thought that was DK. Now with the newly installed CentOS 5 QmailToaster near the bottom of the instructions (10. Add domainkeys:), I thought this was DKIM since I had already had the SPF. What is the difference between the SPF and DK? And then what is the difference between DK and DKIM? Thanks John On Thu, Aug 28, 2008 at 2:56 PM, Eric Shubert [EMAIL PROTECTED] wrote: As I understand it, a yahoo customer can mark an email coming from you as spam, and whammy, just like that your server gets deferred. Kinda suks if you ask me. I think you can contact them and go through some sort of process to get un-deferred. I wouldn't want to try to go that route unless it was absolutely necessary though (I've heard horror stories). And one more thing, it's DK we're talking about, *not* DKIM. DKIM is different, sort of a successor to DK. DKIM is *not* implemented in the toaster in any fashion (and probably won't be any time soon). Tek Support wrote: I appreciate you doing a test to yahoo, it gives me one more piece to the puzzle. I've never seriously considered the Mac to be any part of the real problem. But it's where I am in the process of elimination. I would like to turn off DKIM but Yahoo is so strange, the sometimes will block emails that are not spam, have the correct RDNS and also have a good DKIM signature. So I've been hopeful that as I implement each new little thing like DKIM, that yahoo will stop being so retarted on what they block/deffer and put into the spam folder. I've had valid emails from someone for months, and then all of a sudden they are put into my spam folder. But I can't expect yahoo to accept my emails if I'm using DKIM and my HASH doesn't work right. So like you've suggested, maybe I'll just turn it off. Thanks John On Thu, Aug 28, 2008 at 11:08 AM, Eric Shubert [EMAIL PROTECTED] wrote: FWIW, I just had my Mac user send a test to yahoo, and it came through just fine: Authentication-Results: mta230.mail.re4.yahoo.com from=shubes.net; domainkeys=pass (ok) ... DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; d=shubes.net; b=UncEkJWJcam4+5rGNSbusen0silI486Nm9KxTZRLuJoA5qQ55efjifjFRc6VKxQX; Received: by simscan 1.3.1 ppid: 26131, pid: 26134, t: 0.0166s scanners: clamav: 0.93.3 Eric Shubert wrote: I'd look very carefully at the Mac's configuration. I have a Mac user on a toaster signing with DKs, and haven't heard of any undeliverables. Not sure there's much if anything going to yahoo from there though. Then I'd consider turning off DK signatures. Not many servers actively use them. Even google groups (google 'invented' DKs) only uses DKs in test mode (last I checked, several months ago). Tek Support wrote: Yes that's correct, both are in the same domain. Thanks John On Wed, Aug 27, 2008 at 10:24 PM, Eric Shubert [EMAIL PROTECTED] wrote: That's an odd one, all right. And I think you've described the situation pretty well (at least I think I understand what's happening). Both instances are sending from exactly the same domain, right? Tek Support wrote: You know, I don't think it has anything to do with simscan. A staff member in the office using a Mac laptop is sending mail to port 587 (no TLS option available in her Mac - only SSL, but she is in the local office and the Mail Server is in the local office, and she is not sending her password over the internet, so it's probably fine to go without TLS in her case). Anyway, when she sends an email to port 587 into our mail server to yahoo, it fails with domainkey failed error header. When I send via PC and Thuderbird into our external firewall port forwarded into Mail Server port 587 with or without TLS to yahoo (I've tried both ways), it works perfectly and the domainkey header suceeded. In both instances (Mac internal office, PC external - internet), simscan is listed below the Domainkey header. So since mine works and her's does not, I don't think it is simscan/clamav. It's happening to both of our emails, so that would not appear to be a problem. But, what in the world could it be? I'm obviously going to have to go into the office and try sending from my Thunderbird out to yahoo and see if that still works. But no matter if it does or does not, how could Mac Mail or PC Thunderbird have anything to do with the headers and HASH that would cause domainkeys to fail or suceed since they are only calculated and added after the message has been handed off to port 587 on the Mail Server? For referrence, the external firewall only does a packet forwarding into our mail server for traffic on port 587, and does not rewrite anything. Thanks John On Wed, Aug 27, 2008 at 9
Re: [qmailtoaster] some problems
Well, keep programming and I'll stop asking silly questions. I could have looked that up myself, but didn't. I am going to turn off domainkey and leave my spf. If domainkey becomes more of a requirement then I and everyone else will have to deal with it more then. Thanks for your help, good luck getting your programming done. John On Thu, Aug 28, 2008 at 8:49 PM, Eric Shubert [EMAIL PROTECTED] wrote: Ok, but this is going to be a bit terse. You're cutting into my programming time. :( (I'm working on qtp-install-rpmforge script, in case anyone's wondering) SPF was dreamed up by yahoo (IIRC). The configuration for this is contained in the domain's TXT record. See http://www.openspf.org/ DK was dreamed up by google. The configuration for consists of the private key used for signing and stored on the server, as well as some public information. The public information is published in 2 DNS TXT records. One is named _domainkey.yourdomain.com, and contains o=- (and some other optional fields). The second is named somekeyname._domainkey.yourdomain.com, and contains 2 fields - the key type and the public key value. I'm guessing you've already seen the wiki, or you probably wouldn't be this far along. See http://en.wikipedia.org/wiki/DomainKeys for (much) more. P.S. Google is your friend. Tek Support wrote: Ok, now I'm confused. A long time ago I added an SPF TXT record to our company's DNS. I thought that was DK. Now with the newly installed CentOS 5 QmailToaster near the bottom of the instructions (10. Add domainkeys:), I thought this was DKIM since I had already had the SPF. What is the difference between the SPF and DK? And then what is the difference between DK and DKIM? Thanks John On Thu, Aug 28, 2008 at 2:56 PM, Eric Shubert [EMAIL PROTECTED] wrote: As I understand it, a yahoo customer can mark an email coming from you as spam, and whammy, just like that your server gets deferred. Kinda suks if you ask me. I think you can contact them and go through some sort of process to get un-deferred. I wouldn't want to try to go that route unless it was absolutely necessary though (I've heard horror stories). And one more thing, it's DK we're talking about, *not* DKIM. DKIM is different, sort of a successor to DK. DKIM is *not* implemented in the toaster in any fashion (and probably won't be any time soon). Tek Support wrote: I appreciate you doing a test to yahoo, it gives me one more piece to the puzzle. I've never seriously considered the Mac to be any part of the real problem. But it's where I am in the process of elimination. I would like to turn off DKIM but Yahoo is so strange, the sometimes will block emails that are not spam, have the correct RDNS and also have a good DKIM signature. So I've been hopeful that as I implement each new little thing like DKIM, that yahoo will stop being so retarted on what they block/deffer and put into the spam folder. I've had valid emails from someone for months, and then all of a sudden they are put into my spam folder. But I can't expect yahoo to accept my emails if I'm using DKIM and my HASH doesn't work right. So like you've suggested, maybe I'll just turn it off. Thanks John On Thu, Aug 28, 2008 at 11:08 AM, Eric Shubert [EMAIL PROTECTED] wrote: FWIW, I just had my Mac user send a test to yahoo, and it came through just fine: Authentication-Results: mta230.mail.re4.yahoo.com from=shubes.net; domainkeys=pass (ok) ... DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; d=shubes.net; b=UncEkJWJcam4+5rGNSbusen0silI486Nm9KxTZRLuJoA5qQ55efjifjFRc6VKxQX; Received: by simscan 1.3.1 ppid: 26131, pid: 26134, t: 0.0166s scanners: clamav: 0.93.3 Eric Shubert wrote: I'd look very carefully at the Mac's configuration. I have a Mac user on a toaster signing with DKs, and haven't heard of any undeliverables. Not sure there's much if anything going to yahoo from there though. Then I'd consider turning off DK signatures. Not many servers actively use them. Even google groups (google 'invented' DKs) only uses DKs in test mode (last I checked, several months ago). Tek Support wrote: Yes that's correct, both are in the same domain. Thanks John On Wed, Aug 27, 2008 at 10:24 PM, Eric Shubert [EMAIL PROTECTED] wrote: That's an odd one, all right. And I think you've described the situation pretty well (at least I think I understand what's happening). Both instances are sending from exactly the same domain, right? Tek Support wrote: You know, I don't think it has anything to do with simscan. A staff member in the office using a Mac laptop is sending mail to port 587 (no TLS option available in her Mac - only SSL, but she is in the local office and the Mail Server is in the local office, and she is not sending her password over the internet, so it's probably fine to go without TLS in her case). Anyway, when she sends an email to port 587 into our
Re: [qmailtoaster] some problems
Well, we probably don't need it that bad that then. Thanks John On Wed, Aug 27, 2008 at 10:37 AM, Eric Shubert [EMAIL PROTECTED] wrote: I don't know, short of looking at the code. That would be in the (heavily patched) source code for the qmail-smtp program. Looking that up would not be a trivial exercise. Tek Support wrote: As you said (would have to), how do I determine the order they are run? Is it simply that the DKIM header is added on top of the simscan, thus simscan first and dkim 2nd? Thanks John On Tue, Aug 26, 2008 at 2:14 PM, Eric Shubert [EMAIL PROTECTED] wrote: Simscan does scan outbound mail, but scans only for viruses (clamav), not spam (spamassassin). This is consistent with the message you're seeing. Adding the DK signature would (have to) happen after this scan. Tek Support wrote: Hi Eric, thanks for the quick reply. The reason I think it's doing outbound scanning is a specific line in the header, maybe you can shed some light on it. In an email sent from mydomain to my yahoo accout these are in the headers. The line I'm interrested in, is possibly added by yahoo, but I think it's from me. Received: by simscan 1.3.1 ppid: 4768, pid: 4895, t: 0.0658s scanners: attach: 1.3.1 clamav: 0.93.3 Wouldn't simscan be run on my box, and if so, would it be done before DKIM or after? Thanks John On Tue, Aug 26, 2008 at 9:42 AM, Eric Shubert [EMAIL PROTECTED] wrote: Tek Support wrote: Hi all, recently I had asked if there was a reason to use the port 587 if I installed spamdyke (because spamdyke authenticated my dynamic users and ignored the rbls). Well, maybe I've found something that would still require me to use 587 instead of port 25. I would appreciate any info. As of right now, my staff are using port 25 for outbound - I just didn't see the need to have another port open to the outside when after installing spamdyke, they were able to send and were not blocked as dynamic. But the staff have been having trouble sending to yahoo.com, and in looking at the headers on a message that finally arrived into yahoo (and gmail) the headers show this: Authentication-Results: mta553.mail.mud.yahoo.com from=mydomain.com; domainkeys=fail (bad sig) But I had gone through the process step by step and tested my DKIM with the sourceforge.net sites, and those showed that my dkim seemed accurate. So, anyway in a brilliant flash of light I decided to try port 587, and on my first try I got these headers in an email sent to yahoo and gmail: Received-SPF: pass DomainKey-Status: good Authentication-Results: mx.google.com; spf=pass ... So, I guess my question would be, does something in the spam checking on outbound emails from pop3/smtp users (not imap and squirrelmail) with spamdyke, rewrite the headers after the dkim has processed the email which would cause my DKIM hash to be invalid when yahoo and gmail check it? I don't believe that spam checking is enabled on outgoing mail, at least not in the 'stock' toaster. So the answer is, not that I'm aware of. Note, squirrelmail gets a 'free pass' (open relay), due to the localhost line in the /etc/tcprules/tcp.smtp file. Also, be aware that DK and DKIM are 2 different things. The toaster has a (somewhat broken, at least on the incoming side) DK implementation. The toaster has no DKIM capability. I suppose that DK might work (better) with the port 587 configuration than with port 25. I wouldn't know why though, as I'm not familiar with the problem(s) that DK has. We had a fellow in Russia on the list a while back who fixed some things with it, but we haven't heard from him in quite a while. CentOS 5 x86_64bit Thanks John -- -Eric 'shubes' -- -Eric 'shubes' -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] some problems
You know, I don't think it has anything to do with simscan. A staff member in the office using a Mac laptop is sending mail to port 587 (no TLS option available in her Mac - only SSL, but she is in the local office and the Mail Server is in the local office, and she is not sending her password over the internet, so it's probably fine to go without TLS in her case). Anyway, when she sends an email to port 587 into our mail server to yahoo, it fails with domainkey failed error header. When I send via PC and Thuderbird into our external firewall port forwarded into Mail Server port 587 with or without TLS to yahoo (I've tried both ways), it works perfectly and the domainkey header suceeded. In both instances (Mac internal office, PC external - internet), simscan is listed below the Domainkey header. So since mine works and her's does not, I don't think it is simscan/clamav. It's happening to both of our emails, so that would not appear to be a problem. But, what in the world could it be? I'm obviously going to have to go into the office and try sending from my Thunderbird out to yahoo and see if that still works. But no matter if it does or does not, how could Mac Mail or PC Thunderbird have anything to do with the headers and HASH that would cause domainkeys to fail or suceed since they are only calculated and added after the message has been handed off to port 587 on the Mail Server? For referrence, the external firewall only does a packet forwarding into our mail server for traffic on port 587, and does not rewrite anything. Thanks John On Wed, Aug 27, 2008 at 9:06 PM, Tek Support [EMAIL PROTECTED] wrote: Well, we probably don't need it that bad that then. Thanks John On Wed, Aug 27, 2008 at 10:37 AM, Eric Shubert [EMAIL PROTECTED] wrote: I don't know, short of looking at the code. That would be in the (heavily patched) source code for the qmail-smtp program. Looking that up would not be a trivial exercise. Tek Support wrote: As you said (would have to), how do I determine the order they are run? Is it simply that the DKIM header is added on top of the simscan, thus simscan first and dkim 2nd? Thanks John On Tue, Aug 26, 2008 at 2:14 PM, Eric Shubert [EMAIL PROTECTED] wrote: Simscan does scan outbound mail, but scans only for viruses (clamav), not spam (spamassassin). This is consistent with the message you're seeing. Adding the DK signature would (have to) happen after this scan. Tek Support wrote: Hi Eric, thanks for the quick reply. The reason I think it's doing outbound scanning is a specific line in the header, maybe you can shed some light on it. In an email sent from mydomain to my yahoo accout these are in the headers. The line I'm interrested in, is possibly added by yahoo, but I think it's from me. Received: by simscan 1.3.1 ppid: 4768, pid: 4895, t: 0.0658s scanners: attach: 1.3.1 clamav: 0.93.3 Wouldn't simscan be run on my box, and if so, would it be done before DKIM or after? Thanks John On Tue, Aug 26, 2008 at 9:42 AM, Eric Shubert [EMAIL PROTECTED] wrote: Tek Support wrote: Hi all, recently I had asked if there was a reason to use the port 587 if I installed spamdyke (because spamdyke authenticated my dynamic users and ignored the rbls). Well, maybe I've found something that would still require me to use 587 instead of port 25. I would appreciate any info. As of right now, my staff are using port 25 for outbound - I just didn't see the need to have another port open to the outside when after installing spamdyke, they were able to send and were not blocked as dynamic. But the staff have been having trouble sending to yahoo.com, and in looking at the headers on a message that finally arrived into yahoo (and gmail) the headers show this: Authentication-Results: mta553.mail.mud.yahoo.com from=mydomain.com; domainkeys=fail (bad sig) But I had gone through the process step by step and tested my DKIM with the sourceforge.net sites, and those showed that my dkim seemed accurate. So, anyway in a brilliant flash of light I decided to try port 587, and on my first try I got these headers in an email sent to yahoo and gmail: Received-SPF: pass DomainKey-Status: good Authentication-Results: mx.google.com; spf=pass ... So, I guess my question would be, does something in the spam checking on outbound emails from pop3/smtp users (not imap and squirrelmail) with spamdyke, rewrite the headers after the dkim has processed the email which would cause my DKIM hash to be invalid when yahoo and gmail check it? I don't believe that spam checking is enabled on outgoing mail, at least not in the 'stock' toaster. So the answer is, not that I'm aware of. Note, squirrelmail gets a 'free pass' (open relay), due to the localhost line in the /etc/tcprules/tcp.smtp file. Also, be aware that DK and DKIM are 2 different things. The toaster has a (somewhat broken, at least on the incoming side) DK
Re: [qmailtoaster] some problems
Yes that's correct, both are in the same domain. Thanks John On Wed, Aug 27, 2008 at 10:24 PM, Eric Shubert [EMAIL PROTECTED] wrote: That's an odd one, all right. And I think you've described the situation pretty well (at least I think I understand what's happening). Both instances are sending from exactly the same domain, right? Tek Support wrote: You know, I don't think it has anything to do with simscan. A staff member in the office using a Mac laptop is sending mail to port 587 (no TLS option available in her Mac - only SSL, but she is in the local office and the Mail Server is in the local office, and she is not sending her password over the internet, so it's probably fine to go without TLS in her case). Anyway, when she sends an email to port 587 into our mail server to yahoo, it fails with domainkey failed error header. When I send via PC and Thuderbird into our external firewall port forwarded into Mail Server port 587 with or without TLS to yahoo (I've tried both ways), it works perfectly and the domainkey header suceeded. In both instances (Mac internal office, PC external - internet), simscan is listed below the Domainkey header. So since mine works and her's does not, I don't think it is simscan/clamav. It's happening to both of our emails, so that would not appear to be a problem. But, what in the world could it be? I'm obviously going to have to go into the office and try sending from my Thunderbird out to yahoo and see if that still works. But no matter if it does or does not, how could Mac Mail or PC Thunderbird have anything to do with the headers and HASH that would cause domainkeys to fail or suceed since they are only calculated and added after the message has been handed off to port 587 on the Mail Server? For referrence, the external firewall only does a packet forwarding into our mail server for traffic on port 587, and does not rewrite anything. Thanks John On Wed, Aug 27, 2008 at 9:06 PM, Tek Support [EMAIL PROTECTED] wrote: Well, we probably don't need it that bad that then. Thanks John On Wed, Aug 27, 2008 at 10:37 AM, Eric Shubert [EMAIL PROTECTED] wrote: I don't know, short of looking at the code. That would be in the (heavily patched) source code for the qmail-smtp program. Looking that up would not be a trivial exercise. Tek Support wrote: As you said (would have to), how do I determine the order they are run? Is it simply that the DKIM header is added on top of the simscan, thus simscan first and dkim 2nd? Thanks John On Tue, Aug 26, 2008 at 2:14 PM, Eric Shubert [EMAIL PROTECTED] wrote: Simscan does scan outbound mail, but scans only for viruses (clamav), not spam (spamassassin). This is consistent with the message you're seeing. Adding the DK signature would (have to) happen after this scan. Tek Support wrote: Hi Eric, thanks for the quick reply. The reason I think it's doing outbound scanning is a specific line in the header, maybe you can shed some light on it. In an email sent from mydomain to my yahoo accout these are in the headers. The line I'm interrested in, is possibly added by yahoo, but I think it's from me. Received: by simscan 1.3.1 ppid: 4768, pid: 4895, t: 0.0658s scanners: attach: 1.3.1 clamav: 0.93.3 Wouldn't simscan be run on my box, and if so, would it be done before DKIM or after? Thanks John On Tue, Aug 26, 2008 at 9:42 AM, Eric Shubert [EMAIL PROTECTED] wrote: Tek Support wrote: Hi all, recently I had asked if there was a reason to use the port 587 if I installed spamdyke (because spamdyke authenticated my dynamic users and ignored the rbls). Well, maybe I've found something that would still require me to use 587 instead of port 25. I would appreciate any info. As of right now, my staff are using port 25 for outbound - I just didn't see the need to have another port open to the outside when after installing spamdyke, they were able to send and were not blocked as dynamic. But the staff have been having trouble sending to yahoo.com, and in looking at the headers on a message that finally arrived into yahoo (and gmail) the headers show this: Authentication-Results: mta553.mail.mud.yahoo.com from=mydomain.com; domainkeys=fail (bad sig) But I had gone through the process step by step and tested my DKIM with the sourceforge.net sites, and those showed that my dkim seemed accurate. So, anyway in a brilliant flash of light I decided to try port 587, and on my first try I got these headers in an email sent to yahoo and gmail: Received-SPF: pass DomainKey-Status: good Authentication-Results: mx.google.com; spf=pass ... So, I guess my question would be, does something in the spam checking on outbound emails from pop3/smtp users (not imap and squirrelmail) with spamdyke, rewrite the headers after the dkim has processed the email which would cause my DKIM hash to be invalid when yahoo and gmail check it? I don't
Re: [qmailtoaster] TLS
Thanks, I'll do that, and do I need a 3party signed cert (like HTTPS)? Thanks John On Tue, Aug 26, 2008 at 1:41 AM, Johannes Weberhofer, Weberhofer GmbH [EMAIL PROTECTED] wrote: Hello John, just replace /var/qmail/control/servercert.pem with your certificate and restart qmail-toaster. Certificates for IMAPS/POP3S and SMTP/TLS are using this certificate. Johannes Tek Support schrieb: Hi, now that I'm strongly considering using port 587 for my staff, I thought it also a wise choice to make them use TLS. I am in my thunderbird and tested it myself and I get an error message that the certificate is owned by localhost, and when I view the cert, it actually says cn=qmailtoaster. Of course I would like to install my own certificate so the error doesn't come up. I have searched the wiki for TLS and for other relevant items and only in CentOS 4 install do I find instructions on setting up my own TLS. But they are somewhat wrong as the directory it shows does not exist. Can someone point me to the correct instructions for setting up TLS with my own name so the error no longer comes up. CentOS 5 x86_64 bit Thanks John - QmailToaster hosted by: VR Hostedhttp://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- |- | weberhofer GmbH | Johannes Weberhofer | information technologies | Austria, 1080 Wien, Blindengasse 52/3 | | Firmenbuch: 225566s, Handelsgericht Wien | UID: ATU55277701 | | phone : +43 (0)1 5454421 0| email: [EMAIL PROTECTED] | fax : +43 (0)1 5454421 19 | web : http://weberhofer.at | mobile: +43 (0)699 11998315 |--- - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] TLS
Ok, I'll see if importing will work also. But initially it said I needed to import it, and I did that, the error I get now is that the name doesn't match. So if I create a new cert with the correct name, then obviously import, that should be the end of the errors. So once I get my staff's computers to import a correctly named cert and the error doesn't come back, I can live with that. Thanks John On Tue, Aug 26, 2008 at 1:51 AM, Jake Vickers [EMAIL PROTECTED] wrote: Tek Support wrote: Thanks, I'll do that, and do I need a 3party signed cert (like HTTPS)? The reason you're getting the other error is because the cert is not signed by a trusted authority. If you don't have it signed by a trusted authority, you'll be getting the same error unless you import the certificate (in which case you might as well import the current one - it's a self signed cert is all). - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] some problems
Hi Eric, thanks for the quick reply. The reason I think it's doing outbound scanning is a specific line in the header, maybe you can shed some light on it. In an email sent from mydomain to my yahoo accout these are in the headers. The line I'm interrested in, is possibly added by yahoo, but I think it's from me. Received: by simscan 1.3.1 ppid: 4768, pid: 4895, t: 0.0658s scanners: attach: 1.3.1 clamav: 0.93.3 Wouldn't simscan be run on my box, and if so, would it be done before DKIM or after? Thanks John On Tue, Aug 26, 2008 at 9:42 AM, Eric Shubert [EMAIL PROTECTED] wrote: Tek Support wrote: Hi all, recently I had asked if there was a reason to use the port 587 if I installed spamdyke (because spamdyke authenticated my dynamic users and ignored the rbls). Well, maybe I've found something that would still require me to use 587 instead of port 25. I would appreciate any info. As of right now, my staff are using port 25 for outbound - I just didn't see the need to have another port open to the outside when after installing spamdyke, they were able to send and were not blocked as dynamic. But the staff have been having trouble sending to yahoo.com, and in looking at the headers on a message that finally arrived into yahoo (and gmail) the headers show this: Authentication-Results: mta553.mail.mud.yahoo.com from=mydomain.com; domainkeys=fail (bad sig) But I had gone through the process step by step and tested my DKIM with the sourceforge.net sites, and those showed that my dkim seemed accurate. So, anyway in a brilliant flash of light I decided to try port 587, and on my first try I got these headers in an email sent to yahoo and gmail: Received-SPF: pass DomainKey-Status: good Authentication-Results: mx.google.com; spf=pass ... So, I guess my question would be, does something in the spam checking on outbound emails from pop3/smtp users (not imap and squirrelmail) with spamdyke, rewrite the headers after the dkim has processed the email which would cause my DKIM hash to be invalid when yahoo and gmail check it? I don't believe that spam checking is enabled on outgoing mail, at least not in the 'stock' toaster. So the answer is, not that I'm aware of. Note, squirrelmail gets a 'free pass' (open relay), due to the localhost line in the /etc/tcprules/tcp.smtp file. Also, be aware that DK and DKIM are 2 different things. The toaster has a (somewhat broken, at least on the incoming side) DK implementation. The toaster has no DKIM capability. I suppose that DK might work (better) with the port 587 configuration than with port 25. I wouldn't know why though, as I'm not familiar with the problem(s) that DK has. We had a fellow in Russia on the list a while back who fixed some things with it, but we haven't heard from him in quite a while. CentOS 5 x86_64bit Thanks John -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] TLS
That's great, that's exactly what I was looking for, thank you for the link. Thanks John On Tue, Aug 26, 2008 at 9:07 AM, dnk [EMAIL PROTECTED] wrote: There are some more detailed instructions here: http://wiki.qmailtoaster.com/index.php/Certificate On 25-Aug-08, at 10:39 PM, Tek Support wrote: Hi, now that I'm strongly considering using port 587 for my staff, I thought it also a wise choice to make them use TLS. I am in my thunderbird and tested it myself and I get an error message that the certificate is owned by localhost, and when I view the cert, it actually says cn=qmailtoaster. Of course I would like to install my own certificate so the error doesn't come up. I have searched the wiki for TLS and for other relevant items and only in CentOS 4 install do I find instructions on setting up my own TLS. But they are somewhat wrong as the directory it shows does not exist. Can someone point me to the correct instructions for setting up TLS with my own name so the error no longer comes up. CentOS 5 x86_64 bit Thanks John - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] some problems
As you said (would have to), how do I determine the order they are run? Is it simply that the DKIM header is added on top of the simscan, thus simscan first and dkim 2nd? Thanks John On Tue, Aug 26, 2008 at 2:14 PM, Eric Shubert [EMAIL PROTECTED] wrote: Simscan does scan outbound mail, but scans only for viruses (clamav), not spam (spamassassin). This is consistent with the message you're seeing. Adding the DK signature would (have to) happen after this scan. Tek Support wrote: Hi Eric, thanks for the quick reply. The reason I think it's doing outbound scanning is a specific line in the header, maybe you can shed some light on it. In an email sent from mydomain to my yahoo accout these are in the headers. The line I'm interrested in, is possibly added by yahoo, but I think it's from me. Received: by simscan 1.3.1 ppid: 4768, pid: 4895, t: 0.0658s scanners: attach: 1.3.1 clamav: 0.93.3 Wouldn't simscan be run on my box, and if so, would it be done before DKIM or after? Thanks John On Tue, Aug 26, 2008 at 9:42 AM, Eric Shubert [EMAIL PROTECTED] wrote: Tek Support wrote: Hi all, recently I had asked if there was a reason to use the port 587 if I installed spamdyke (because spamdyke authenticated my dynamic users and ignored the rbls). Well, maybe I've found something that would still require me to use 587 instead of port 25. I would appreciate any info. As of right now, my staff are using port 25 for outbound - I just didn't see the need to have another port open to the outside when after installing spamdyke, they were able to send and were not blocked as dynamic. But the staff have been having trouble sending to yahoo.com, and in looking at the headers on a message that finally arrived into yahoo (and gmail) the headers show this: Authentication-Results: mta553.mail.mud.yahoo.com from=mydomain.com; domainkeys=fail (bad sig) But I had gone through the process step by step and tested my DKIM with the sourceforge.net sites, and those showed that my dkim seemed accurate. So, anyway in a brilliant flash of light I decided to try port 587, and on my first try I got these headers in an email sent to yahoo and gmail: Received-SPF: pass DomainKey-Status: good Authentication-Results: mx.google.com; spf=pass ... So, I guess my question would be, does something in the spam checking on outbound emails from pop3/smtp users (not imap and squirrelmail) with spamdyke, rewrite the headers after the dkim has processed the email which would cause my DKIM hash to be invalid when yahoo and gmail check it? I don't believe that spam checking is enabled on outgoing mail, at least not in the 'stock' toaster. So the answer is, not that I'm aware of. Note, squirrelmail gets a 'free pass' (open relay), due to the localhost line in the /etc/tcprules/tcp.smtp file. Also, be aware that DK and DKIM are 2 different things. The toaster has a (somewhat broken, at least on the incoming side) DK implementation. The toaster has no DKIM capability. I suppose that DK might work (better) with the port 587 configuration than with port 25. I wouldn't know why though, as I'm not familiar with the problem(s) that DK has. We had a fellow in Russia on the list a while back who fixed some things with it, but we haven't heard from him in quite a while. CentOS 5 x86_64bit Thanks John -- -Eric 'shubes' -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] TLS
Good plan, I'll see if the Mac program (Mail) will accept cacert.org root cert and see what we get. Thanks a lot, John On Tue, Aug 26, 2008 at 12:58 PM, Eric Shubert [EMAIL PROTECTED] wrote: Yes, that should do it. FWIW, you can use cacert.org to sign certificates for free. Unfortunately, cacert.org isn't generally recognized (yet) at an authoritative CA. You can, however, have your uses import cacert's root certificate, then any certificate that you have cacert sign will be recognized by your users. This saves your users from having to import more than one certificate, or re-importing a certificate that has changed (in the case a host name changes or a certificate expires). Tek Support wrote: Ok, I'll see if importing will work also. But initially it said I needed to import it, and I did that, the error I get now is that the name doesn't match. So if I create a new cert with the correct name, then obviously import, that should be the end of the errors. So once I get my staff's computers to import a correctly named cert and the error doesn't come back, I can live with that. Thanks John On Tue, Aug 26, 2008 at 1:51 AM, Jake Vickers [EMAIL PROTECTED] wrote: Tek Support wrote: Thanks, I'll do that, and do I need a 3party signed cert (like HTTPS)? The reason you're getting the other error is because the cert is not signed by a trusted authority. If you don't have it signed by a trusted authority, you'll be getting the same error unless you import the certificate (in which case you might as well import the current one - it's a self signed cert is all). -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] about received same email many times
So for a 64bit system is qtp-newmodel worth trying? I'm a bit scared Thanks John On Sat, Aug 23, 2008 at 11:35 AM, Harry Zink [EMAIL PROTECTED] wrote: On Aug 23, 2008, at 8:45 AM, Eric Shubert wrote: qtp-newmodel, which is part of the qmailtoaster-plus package, is the most reliable way to upgrade. Unless you're on a 64-bit system... It is very simple to use, and does the upgrade with absolute minimum down time (typically just a minute or so). See http://wiki.qmailtoaster.com/index.php/Upgrading for details. It *IS* conceptually the very best way to upgrade, just make sure you meet all the plain vanilla requirements. Honestly, I would love for it to work flawlessly on my end -- and I hope that now that I fixed (with Eric's help) all the weird Perl dependencies and other issues (duplicate zlib - wtf?), that the next update will work flawlessly Either way, highly recommended, as it also simplifies the installation of other tools, newer and better spam rules, and housekeeping... Harry gum trolium wrote: What method I should use to update the toaster packages? Recently, I also find yahoo related email are bounced or delay. On Tue, Aug 19, 2008 at 2:36 AM, Eric Shubert [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: You should definitely update to the lastest toaster packages. Running a yum update to update the OS packages beforehand would be a good idea too. gum trolium wrote: I am using: ucspi-tcp-toaster-0.88-1.3.5 qmail-toaster-1.03-1.3.15 autorespond-toaster-2.0.4-1.3.3 qmailadmin-toaster-1.2.11-1.3.4 isoqlog-toaster-2.1-1.3.4 clamav-toaster-0.90.1-1.3.13 qmailtoaster-plus-0.3.0-1.4.0 squirrelmail-toaster-1.4.13-1.3.9 daemontools-toaster-0.76-1.3.3 vpopmail-toaster-5.4.17-1.3.4 libsrs2-toaster-1.0.18-1.3.3 qmail-pop3d-toaster-1.03-1.3.15 courier-imap-toaster-4.1.2-1.3.7 control-panel-toaster-0.5-1.3.4 ezmlm-cgi-toaster-0.53.324-1.3.3 qmailmrtg-toaster-4.2-1.3.3 maildrop-toaster-devel-2.0.3-1.3.5 vqadmin-toaster-2.3.4-1.3.3 spamassassin-toaster-3.1.8-1.3.8 ripmime-toaster-1.4.0.6-1.3.3 qmailtoaster-plus.repo-0.1-1 libdomainkeys-toaster-0.68-1.3.3 courier-authlib-toaster-0.59.2-1.3.6 ezmlm-toaster-0.53.324-1.3.3 maildrop-toaster-2.0.3-1.3.5 simscan-toaster-1.3.1-1.3.6 On Mon, Aug 4, 2008 at 11:44 PM, Eric Shubert [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: I'd like to know versions of all toaster packages, clamav-toaster in particular. gum trolium wrote: it is qmail-toaster-1.03-1.3.15 On 8/4/08, Eric Shubert [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: gum trolium wrote: I have problem in the received many same emails. I used qmailiso 1.4 to setup my box. I can't find queue jam in qmailctl queue Will simscan make this problem? What should I check? Thank you~ What versions of toaster packages? # rpm -qa | grep toaster How long has your toaster been operational? If it's been more than several days, autoexpire could be kicking in. To rememdy this, turn off autoexpire in /etc/mail/spamassassin/local.cf http://local.cf http://local.cf (bayes_auto_expire 0) and restart spamassassin. You should then add a cron job to do the expiration daily or so. Check the list archive for an example, and be sure to always run spamassassin as user vpopmail. -- -Eric 'shubes' -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] some problems
Hi all, recently I had asked if there was a reason to use the port 587 if I installed spamdyke (because spamdyke authenticated my dynamic users and ignored the rbls). Well, maybe I've found something that would still require me to use 587 instead of port 25. I would appreciate any info. As of right now, my staff are using port 25 for outbound - I just didn't see the need to have another port open to the outside when after installing spamdyke, they were able to send and were not blocked as dynamic. But the staff have been having trouble sending to yahoo.com, and in looking at the headers on a message that finally arrived into yahoo (and gmail) the headers show this: Authentication-Results: mta553.mail.mud.yahoo.com from=mydomain.com; domainkeys=fail (bad sig) But I had gone through the process step by step and tested my DKIM with the sourceforge.net sites, and those showed that my dkim seemed accurate. So, anyway in a brilliant flash of light I decided to try port 587, and on my first try I got these headers in an email sent to yahoo and gmail: Received-SPF: pass DomainKey-Status: good Authentication-Results: mx.google.com; spf=pass ... So, I guess my question would be, does something in the spam checking on outbound emails from pop3/smtp users (not imap and squirrelmail) with spamdyke, rewrite the headers after the dkim has processed the email which would cause my DKIM hash to be invalid when yahoo and gmail check it? CentOS 5 x86_64bit Thanks John - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] TLS
Hi, now that I'm strongly considering using port 587 for my staff, I thought it also a wise choice to make them use TLS. I am in my thunderbird and tested it myself and I get an error message that the certificate is owned by localhost, and when I view the cert, it actually says cn=qmailtoaster. Of course I would like to install my own certificate so the error doesn't come up. I have searched the wiki for TLS and for other relevant items and only in CentOS 4 install do I find instructions on setting up my own TLS. But they are somewhat wrong as the directory it shows does not exist. Can someone point me to the correct instructions for setting up TLS with my own name so the error no longer comes up. CentOS 5 x86_64 bit Thanks John - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Mail Delivery Problem
It sounds similar to something I was going through. If you are using spamdyke, add the 127.0.0.1 to your /etc/spamdyke/whitelist_ip file. Thanks John On Tue, Aug 19, 2008 at 11:59 AM, Benedict Claver [EMAIL PROTECTED] wrote: Hi Team, Am having a big trouble here that: -I have a main domain and the alias domain -mails are delivered when sent from alias domain to itself and other domains in the internet -mails are not delivered to main domain when sent from alias domain. -mails are silently sent(without any error message) to main domain but never gets delivered. -mails are not seen in the ~/Maildir/cur or new nor tmp in main domain but delivered in alias domain. -adding another domain and alias in same server seems to work perfectly I will appreciate an immediate response as the domain is serving more that 1000 users. Regards, Benedict. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] Yum updates?
Hi all, I'm new to the toaster install and infact to YUM. I have received notice from yum-updater that there are new updates. Since I am new to the toaster I'm wondering if installing updates might hurt or even cripple anything with my CentOS 5 Qmail-Toaster? Might it only depend on what packages need updating? Or should I just accept all updates regardless? Thanks John - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Yum updates?
Thank you, I'll go ahead then. John On Mon, Aug 18, 2008 at 12:34 PM, Eric Shubert [EMAIL PROTECTED] wrote: Tek Support wrote: Hi all, I'm new to the toaster install and infact to YUM. I have received notice from yum-updater that there are new updates. Since I am new to the toaster I'm wondering if installing updates might hurt or even cripple anything with my CentOS 5 Qmail-Toaster? Might it only depend on what packages need updating? Or should I just accept all updates regardless? Thanks John Updating all COS5 packages via yum should always be safe. I just did a couple toasters over the weekend and had no problem. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Ticketing System
Hi, I need to let you know up front that I'm not one of the qmail masters on here, nor do I know your phpsupport program. But, a file called '.qmail-support' suggests that you have or need to create an email user called [EMAIL PROTECTED]. Then you'll have or need to create the file called .qmail-support. In my installations, there are no .qmail-username files created automatically. When you create it, put it in the same directory as your .qmail-default. A .qmail-username file is used to process other commands for that one email account only. And not for everyone. So with some users, they may not have a .qmail-username. But for this program, you would create .qmail-support and put the lines into it as suggested by that program. Also, their instructions you listed, presume that your ticketing support program is installed on the same server as your qmail. Thanks John On Sat, Aug 9, 2008 at 11:18 AM, senthil vel [EMAIL PROTECTED] wrote: Hi list, I have planned to implement a ticket tracking system. While searching in google i got the following link. http://phpsupport.jynx.net It will also support qmail also it seems. The installation manual tells like following Last step is setting up your email gateway. If your using qmail, simply edit your .qmail-support for the domain you wish to be your gateway. Add this line to your dot-qmail. | /your/path/to/openticket.pl What exactly we should do in our QMT? Or is there any other ticket tracking softwares which are more compatible to QMT? Thanks a lot in advance . Thanks and Regards, S.Senthilvel, - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Authentication to bypass spam checks
Eric, thank you that helps and I understand the process better - at least for my implementation. I also appreciate you and others here which have helped with my questions. I know you and Eric Espinoza work hard to help everyone and keep the qmailtoaster upgraded - thank you. And with that job comes answering questions, and so I just wanted to make sure I said Thank you. John On Sat, Aug 9, 2008 at 8:57 AM, Eric Shubert [EMAIL PROTECTED] wrote: Tek Support wrote: Thanks Eric, I realize I don't need 587 at all with spamdyke, I was trying to ask if I needed 587 if spamdyke was using spamhaus. Since spamhaus used by itself was causing rejections to my at home dynamic users it seemed strange that spamhaus was blocking my dynamic users but it was not blocking them when run with spamdyke. Since I don't fully understand the internals, I was asking about that specifically so I don't screw up my at home users. Let me see if I can explain this. You don't need port 587 with spamdyke because spamdyke turns off all of its filtering if the connection (sender) authenticates successfully. On the other hand, rblsmtpd is oblivious to authentication, so it rejects connections which might otherwise be able to authenticate. It's simply a weakness in the rblsmtpd program. And I believe it is true, that if I have dynamic IP users, and I'm using spamhaus by itself, then I do require port 587. Isn't that true? Not exactly. It's the combination of rblsmtpd and spamhaus which requires you to use port 587. spamhaus with spamdyke is ok on port 25. So it's more the case of the use of rblsmtpd (with certain blocklists which block dynamic addresses) which requires the use of port 587. And again if I have dynamic IP users, and I'm using spamdyke which includes spamhaus, then I don't need to use 587. Is that right? Yes, for the most part. I hate to split hairs, but in this case it might be appropriate. Regarding for the most part, spamdyke doesn't necessarily (or really) include spamhaus. If you'd have said I'm using spamdyke *with* spamhaus, that would be (slightly) clearer. You can use spamdyke with or without spamhaus (or any other RBL). Using spamhaus (and a few others) is highly recommended though. Thanks again, I'm just trying to be clear. No problem. I hope I can help you understand how it works. John On Fri, Aug 8, 2008 at 1:33 PM, Eric Shubert [EMAIL PROTECTED] wrote: Tek Support wrote: So if I understand correctly, spamdyke can use spamhaus, and I do see it in my /etc/spamdyke/spamdyke.conf file (uncommented). Which means I don't need the BLACKLIST= in my run file, is this correct? Yes. Spamdyke does everything that rblsmtpd used to do (and a lot more). And if I might ask a followup question, it was said in another post that spamdyke allows authenticated users in past spamhaus. Ok, but if spamdyke allows authenticated users in, while using spamhaus, then why do I need port 587? You don't need port 587 if you're using spamdyke. You do need port 587 if you're not using spamdyke. And just out of curiosity, if spamdyke is a more versitile product, allowing my dynamic users to authenticate and send mail on port 25 while also using spamhaus dynamic blocking, why isn't spamdyke installed by default? spamdyke is fairly new to the toaster. I expect that it will become part of the stock toaster at some point, but that's up to Erik Espinoza, who is the toaster maintainer. Thanks John On Fri, Aug 8, 2008 at 10:02 AM, Eric Shubert [EMAIL PROTECTED] wrote: Sam Clippinger wrote: To answer #1, spamdyke will definitely use Spamhaus' DNS RBLs. The default configuration of spamdyke (as installed by QTP) does not include Spamhaus, however. I beg your pardon. ;) Here are the default RBLs as installed by QTP: check-dnsrbl=zen.spamhaus.org check-dnsrbl=bl.spamcop.net check-dnsrbl=list.dsbl.org If you are using spamdyke version 3.1.x, edit the configuration file /etc/spamdyke/spamdyke.conf and add the following line: check-dnsrbl=zen.spamhaus.org If you are using spamdyke version 4.x, edit the configuration file /etc/spamdyke/spamdyke.conf and add the following line: dns-blacklist-entry=zen.spamhaus.org To add multiple DNS RBLs, simply repeat the line with different values. -- Sam Clippinger QTP only installs/upgrades spamdyke 3.1.x at this time. I hope to add 4.x capability soon. It'll likely be a couple weeks before I get to it though. Anil Aliyan wrote: pretty smart question John, I also would like to hear the answer for it from the experts. - Original Message - From: Tek Support [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Friday, August 08, 2008 8:37 AM Subject: Re: [qmailtoaster] Authentication to bypass spam checks Hi all, I have a few question. Before I learned of this port 587, my only option was to disable spamhaus. And all I did to disable it was to remove it from my /var/qmail/control
Re: [qmailtoaster] Authentication to bypass spam checks
So if I understand correctly, spamdyke can use spamhaus, and I do see it in my /etc/spamdyke/spamdyke.conf file (uncommented). Which means I don't need the BLACKLIST= in my run file, is this correct? And if I might ask a followup question, it was said in another post that spamdyke allows authenticated users in past spamhaus. Ok, but if spamdyke allows authenticated users in, while using spamhaus, then why do I need port 587? And just out of curiosity, if spamdyke is a more versitile product, allowing my dynamic users to authenticate and send mail on port 25 while also using spamhaus dynamic blocking, why isn't spamdyke installed by default? Thanks John On Fri, Aug 8, 2008 at 10:02 AM, Eric Shubert [EMAIL PROTECTED] wrote: Sam Clippinger wrote: To answer #1, spamdyke will definitely use Spamhaus' DNS RBLs. The default configuration of spamdyke (as installed by QTP) does not include Spamhaus, however. I beg your pardon. ;) Here are the default RBLs as installed by QTP: check-dnsrbl=zen.spamhaus.org check-dnsrbl=bl.spamcop.net check-dnsrbl=list.dsbl.org If you are using spamdyke version 3.1.x, edit the configuration file /etc/spamdyke/spamdyke.conf and add the following line: check-dnsrbl=zen.spamhaus.org If you are using spamdyke version 4.x, edit the configuration file /etc/spamdyke/spamdyke.conf and add the following line: dns-blacklist-entry=zen.spamhaus.org To add multiple DNS RBLs, simply repeat the line with different values. -- Sam Clippinger QTP only installs/upgrades spamdyke 3.1.x at this time. I hope to add 4.x capability soon. It'll likely be a couple weeks before I get to it though. Anil Aliyan wrote: pretty smart question John, I also would like to hear the answer for it from the experts. - Original Message - From: Tek Support [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Friday, August 08, 2008 8:37 AM Subject: Re: [qmailtoaster] Authentication to bypass spam checks Hi all, I have a few question. Before I learned of this port 587, my only option was to disable spamhaus. And all I did to disable it was to remove it from my /var/qmail/control/blacklists file. So, the other day I needed some addition reporting and I remembered the toaster plus, so I downloaded the Repo and ran the yum install for it. I then also decided to run the spamdyke filter. So, now that I've realized that port 587 is available for my users to send on, I went back to add the spamhaus. However, it's no longer in the /var/qmail/supervise/smtp/run file. It would appear that spamdyke has removed it. So I have 2 questions: 1) Are spamdyke and spamhaus compatible? Why would or why does spamdyke remove blacklist from the run file. Here are the before and after. ---Begin--- ---End--- 2) Since I've just found out that port 587 is available, and 587 does not run spamhaus the dynamic ip checker, then what is keeping a spammer from trying to use this 587? I mean I'm a little confused. If my port 25 won't allow any non-authenticated users to send smtp (presuming it's not an open relay), then why would I even need port 587? I understand the need to have 587 if I'm using spamhaus on port 25, and 25 is now blocked to my dynamic users (workers from home). So it seems a bit unnecessary to have both ports. And why couldn't a spammer start sending spam to my users on 587 - if it even works that way, which I'm not sure yet if it can? Qmailtoaster is a pretty popular thing, so someone, somewhere would certainly try port 587 in order to get around spamhaus wouldn't they? Thanks for your time on this, I'm not trying to be difficult, only trying to understand how and why. Thanks John -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Authentication to bypass spam checks
Thanks Eric, I realize I don't need 587 at all with spamdyke, I was trying to ask if I needed 587 if spamdyke was using spamhaus. Since spamhaus used by itself was causing rejections to my at home dynamic users it seemed strange that spamhaus was blocking my dynamic users but it was not blocking them when run with spamdyke. Since I don't fully understand the internals, I was asking about that specifically so I don't screw up my at home users. And I believe it is true, that if I have dynamic IP users, and I'm using spamhaus by itself, then I do require port 587. Isn't that true? And again if I have dynamic IP users, and I'm using spamdyke which includes spamhaus, then I don't need to use 587. Is that right? Thanks again, I'm just trying to be clear. John On Fri, Aug 8, 2008 at 1:33 PM, Eric Shubert [EMAIL PROTECTED] wrote: Tek Support wrote: So if I understand correctly, spamdyke can use spamhaus, and I do see it in my /etc/spamdyke/spamdyke.conf file (uncommented). Which means I don't need the BLACKLIST= in my run file, is this correct? Yes. Spamdyke does everything that rblsmtpd used to do (and a lot more). And if I might ask a followup question, it was said in another post that spamdyke allows authenticated users in past spamhaus. Ok, but if spamdyke allows authenticated users in, while using spamhaus, then why do I need port 587? You don't need port 587 if you're using spamdyke. You do need port 587 if you're not using spamdyke. And just out of curiosity, if spamdyke is a more versitile product, allowing my dynamic users to authenticate and send mail on port 25 while also using spamhaus dynamic blocking, why isn't spamdyke installed by default? spamdyke is fairly new to the toaster. I expect that it will become part of the stock toaster at some point, but that's up to Erik Espinoza, who is the toaster maintainer. Thanks John On Fri, Aug 8, 2008 at 10:02 AM, Eric Shubert [EMAIL PROTECTED] wrote: Sam Clippinger wrote: To answer #1, spamdyke will definitely use Spamhaus' DNS RBLs. The default configuration of spamdyke (as installed by QTP) does not include Spamhaus, however. I beg your pardon. ;) Here are the default RBLs as installed by QTP: check-dnsrbl=zen.spamhaus.org check-dnsrbl=bl.spamcop.net check-dnsrbl=list.dsbl.org If you are using spamdyke version 3.1.x, edit the configuration file /etc/spamdyke/spamdyke.conf and add the following line: check-dnsrbl=zen.spamhaus.org If you are using spamdyke version 4.x, edit the configuration file /etc/spamdyke/spamdyke.conf and add the following line: dns-blacklist-entry=zen.spamhaus.org To add multiple DNS RBLs, simply repeat the line with different values. -- Sam Clippinger QTP only installs/upgrades spamdyke 3.1.x at this time. I hope to add 4.x capability soon. It'll likely be a couple weeks before I get to it though. Anil Aliyan wrote: pretty smart question John, I also would like to hear the answer for it from the experts. - Original Message - From: Tek Support [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Friday, August 08, 2008 8:37 AM Subject: Re: [qmailtoaster] Authentication to bypass spam checks Hi all, I have a few question. Before I learned of this port 587, my only option was to disable spamhaus. And all I did to disable it was to remove it from my /var/qmail/control/blacklists file. So, the other day I needed some addition reporting and I remembered the toaster plus, so I downloaded the Repo and ran the yum install for it. I then also decided to run the spamdyke filter. So, now that I've realized that port 587 is available for my users to send on, I went back to add the spamhaus. However, it's no longer in the /var/qmail/supervise/smtp/run file. It would appear that spamdyke has removed it. So I have 2 questions: 1) Are spamdyke and spamhaus compatible? Why would or why does spamdyke remove blacklist from the run file. Here are the before and after. ---Begin--- ---End--- 2) Since I've just found out that port 587 is available, and 587 does not run spamhaus the dynamic ip checker, then what is keeping a spammer from trying to use this 587? I mean I'm a little confused. If my port 25 won't allow any non-authenticated users to send smtp (presuming it's not an open relay), then why would I even need port 587? I understand the need to have 587 if I'm using spamhaus on port 25, and 25 is now blocked to my dynamic users (workers from home). So it seems a bit unnecessary to have both ports. And why couldn't a spammer start sending spam to my users on 587 - if it even works that way, which I'm not sure yet if it can? Qmailtoaster is a pretty popular thing, so someone, somewhere would certainly try port 587 in order to get around spamhaus wouldn't they? Thanks for your time on this, I'm not trying to be difficult, only trying to understand how and why. Thanks John -- -Eric 'shubes
Re: [qmailtoaster] Authentication to bypass spam checks
Hi all, I have a few question. Before I learned of this port 587, my only option was to disable spamhaus. And all I did to disable it was to remove it from my /var/qmail/control/blacklists file. So, the other day I needed some addition reporting and I remembered the toaster plus, so I downloaded the Repo and ran the yum install for it. I then also decided to run the spamdyke filter. So, now that I've realized that port 587 is available for my users to send on, I went back to add the spamhaus. However, it's no longer in the /var/qmail/supervise/smtp/run file. It would appear that spamdyke has removed it. So I have 2 questions: 1) Are spamdyke and spamhaus compatible? Why would or why does spamdyke remove blacklist from the run file. Here are the before and after. ---Begin--- ---End--- 2) Since I've just found out that port 587 is available, and 587 does not run spamhaus the dynamic ip checker, then what is keeping a spammer from trying to use this 587? I mean I'm a little confused. If my port 25 won't allow any non-authenticated users to send smtp (presuming it's not an open relay), then why would I even need port 587? I understand the need to have 587 if I'm using spamhaus on port 25, and 25 is now blocked to my dynamic users (workers from home). So it seems a bit unnecessary to have both ports. And why couldn't a spammer start sending spam to my users on 587 - if it even works that way, which I'm not sure yet if it can? Qmailtoaster is a pretty popular thing, so someone, somewhere would certainly try port 587 in order to get around spamhaus wouldn't they? Thanks for your time on this, I'm not trying to be difficult, only trying to understand how and why. Thanks John - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Authentication to bypass spam checks
Opps, I forgot to add the before and after /var/qmail/supervise/smtp/run file. ---Before Begin--- #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` BLACKLIST=`cat /var/qmail/control/blacklists` SMTPD=/var/qmail/bin/qmail-smtpd TCP_CDB=/etc/tcprules.d/tcp.smtp.cdb RBLSMTPD=/usr/bin/rblsmtpd HOSTNAME=`hostname` VCHKPW=/home/vpopmail/bin/vchkpw REQUIRE_AUTH=0 exec /usr/bin/softlimit -m 8500 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ $RBLSMTPD $BLACKLIST $SMTPD $VCHKPW /bin/true 21 ---Before End--- ---After Begin--- #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` SPAMDYKE=/usr/local/bin/spamdyke SPAMDYKE_CONF=/etc/spamdyke/spamdyke.conf SMTPD=/var/qmail/bin/qmail-smtpd TCP_CDB=/etc/tcprules.d/tcp.smtp.cdb HOSTNAME=`hostname` VCHKPW=/home/vpopmail/bin/vchkpw REQUIRE_AUTH=0 exec /usr/bin/softlimit -m 8500 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ $SPAMDYKE --config-file $SPAMDYKE_CONF \ $SMTPD $VCHKPW /bin/true 21 ---After End--- You can see the BLACKLIST=`cat /var/qmail/control/blacklists` is no longer listed. Thanks John On Thu, Aug 7, 2008 at 9:07 PM, Tek Support [EMAIL PROTECTED] wrote: Hi all, I have a few question. Before I learned of this port 587, my only option was to disable spamhaus. And all I did to disable it was to remove it from my /var/qmail/control/blacklists file. So, the other day I needed some addition reporting and I remembered the toaster plus, so I downloaded the Repo and ran the yum install for it. I then also decided to run the spamdyke filter. So, now that I've realized that port 587 is available for my users to send on, I went back to add the spamhaus. However, it's no longer in the /var/qmail/supervise/smtp/run file. It would appear that spamdyke has removed it. So I have 2 questions: 1) Are spamdyke and spamhaus compatible? Why would or why does spamdyke remove blacklist from the run file. Here are the before and after. ---Begin--- ---End--- 2) Since I've just found out that port 587 is available, and 587 does not run spamhaus the dynamic ip checker, then what is keeping a spammer from trying to use this 587? I mean I'm a little confused. If my port 25 won't allow any non-authenticated users to send smtp (presuming it's not an open relay), then why would I even need port 587? I understand the need to have 587 if I'm using spamhaus on port 25, and 25 is now blocked to my dynamic users (workers from home). So it seems a bit unnecessary to have both ports. And why couldn't a spammer start sending spam to my users on 587 - if it even works that way, which I'm not sure yet if it can? Qmailtoaster is a pretty popular thing, so someone, somewhere would certainly try port 587 in order to get around spamhaus wouldn't they? Thanks for your time on this, I'm not trying to be difficult, only trying to understand how and why. Thanks John - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] RE: Please help to fix my problem - me too....
Eric, you told me to contact you off list about this and I did. Did you get that message, from this account? Essentially I had installed the new version of squirrelmail and that didn't fix it. I'll look into this that you've suggested, but do you want to see the error? Since there was someone else who had this error, and we are both running x86_64, maybe there is something about it. In that original posters comments, he didn't give you much info, and you really couldn't help him, so I was trying to be more helpful. I can give you complete access if you want to probe around. Thanks John On Thu, Jul 17, 2008 at 6:27 PM, Eric Shubert [EMAIL PROTECTED] wrote: Did you get this fixed? The part about not being able to telnet to localhost smtp would be a problem. I seem to recall that the stock toaster doesn't use smtp auth, which is why localhost is allowed to relay in the tcp.smtp file. You'll need to check the SM config file for specifics on that. Tek Support wrote: Dear Eric, I too have just installed CentOS 5/QmailToaster from the directions at (http://wiki.qmailtoaster.com/index.php/CentOS_5_QmailToaster_Install). By the way, it went very smooth, thank you - except this one error. I have previously installed qmail-rocks on several slackware machines (this is my first CentOS/QmailToaster install ever) and this was a ton easier. I was going to use Fedora 8, but saw a note from you that it wasn't really supported, so I changed to CentOS 5. However I am also getting this ambigious error when trying to send email from squirrelmail. I didn't see any lengthy discussions about this, so let me try to fill in any blanks the original poster forgot. As I said, I ran through the directions and scripts just as stated, in the order stated in your documentation, down to the area where we qmailctl stat. I noticed 2 others in there that you didn't mention (submission and submission/log). I don't know if that means anything but I'm trying to be very clear. I also added on the djbdns and removed bind. It appears to be working fine and does dns lookups, and my /etc/resolve.conf is set like this: ---snip--- search mydomain.com- really my domain nameserver 127.0.0.1 ---end--- So I've added a domain (my actual domain) and a real user. However, this server is not yet in production. It has a private IP (and it will remain that way), and I have added the appropriate Firewall line mentioned in your docs for private IP's, and so my real DNS does not yet know anything about this machine. But that should not matter when using squirrelmail to send out an email - should it? Either it will deliver it locally to the user I have setup, or it will deliver the message to the real (production) MX server (right?). I can change this if you feel it's a good test, but that will of course shut down any real emails coming in to the rest of my real users on the production box. So finally, I successfully logged into squirelmail and tried to send myself an email and I get the same error as this original poster. ERROR: Message not sent. Server replied: , and I mean there is no error or server response shown. I can attach a screen shot if desired, but on a mailing list I don't know if that's appropriate or if it will even accept attachments. So let me know about that. When doing a View Source, the html shows this (I hope html comes through ok in the email): ---snip--- table width=100% cellpadding=1 cellspacing=0 align=center border=0 bgcolor=#abababtrtdtable width=100% cellpadding=0 cellspacing=0 align=center border=0 bgcolor=#fftrtd align=center bgcolor=#dcdcdcfont color=#ccbERROR:/b/font/td/trtrtdtable cellpadding=1 cellspacing=5 align=center border=0trtd align=leftMessage not sent. Server replied: blockquote br / /blockquote ---end--- Essentially there is no error. So while trying to figure this out, I flushed all of the firewall rules iptables -F and then I set each policy to ACCEPT iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT and tried to send an email again, but no luck, I got the same message again. It would appear not to be a firewall problem. But I also have a copy of my firewall rules at the bottom. I've setup and used qmail and squirrelmail several times on different machines and they all worked, and I'm not sure what else is going on here. It would appear that squirrelmail is either not communicating with the qmail (oh by the way, yes it is running - see below), or something is wrong with the squirrelmail version I have, or something I don't yet understand. [EMAIL PROTECTED] etc]# qmailctl stat authlib: up (pid 6111) 870 seconds clamd: up (pid 6106) 870 seconds imap4: up (pid 6113) 870 seconds imap4-ssl: up (pid 6117) 870 seconds pop3: up (pid 6099) 870 seconds pop3-ssl: up (pid 6108) 870 seconds send: up (pid 6102) 870 seconds smtp: up (pid 6109) 870 seconds spamd: up (pid
Re: [qmailtoaster] Updated SpamAssassin, ClamAV, SquirrelMail Packages
Hi Erik, I have not seen a response to my error about sqmail, where when I try to send an outbound email, it says Error: Server said but it's blank. Well I was hoping that this update of sqmail 1.4.15 was the fix. So I edited the cnt5064-install.sh script and commented out the original line and put the exact file name in there. I did this so it wouldn't bother with the older version. After installing it by itself (none of the other install script items were reinstalled-but were previously, and are still running), I went into sqmail, it logged me in again just fine. I tried to send 2 outbound emails, one to myself and one to yahoo, and both times I got the blank Error again. I am running CentOS 5, x86_64. A pretty basic install and nothing installed on it except for what the qmailtoaster instructions say. If you would like to see the error yourself, I can set that up. Just let me know. Thanks John On Sat, Jul 12, 2008 at 12:07 AM, Erik A. Espinoza [EMAIL PROTECTED] wrote: Greetings, I have made available a few packages on the main site. Please check them out. squirrelmail-toaster-1.4.15 spamassassin-toaster-3.2.5 clamav-toaster-0.93.3 Thanks, Erik - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] RE: Please help to fix my problem - me too....
Dear Eric, I too have just installed CentOS 5/QmailToaster from the directions at (http://wiki.qmailtoaster.com/index.php/CentOS_5_QmailToaster_Install). By the way, it went very smooth, thank you - except this one error. I have previously installed qmail-rocks on several slackware machines (this is my first CentOS/QmailToaster install ever) and this was a ton easier. I was going to use Fedora 8, but saw a note from you that it wasn't really supported, so I changed to CentOS 5. However I am also getting this ambigious error when trying to send email from squirrelmail. I didn't see any lengthy discussions about this, so let me try to fill in any blanks the original poster forgot. As I said, I ran through the directions and scripts just as stated, in the order stated in your documentation, down to the area where we qmailctl stat. I noticed 2 others in there that you didn't mention (submission and submission/log). I don't know if that means anything but I'm trying to be very clear. I also added on the djbdns and removed bind. It appears to be working fine and does dns lookups, and my /etc/resolve.conf is set like this: ---snip--- search mydomain.com- really my domain nameserver 127.0.0.1 ---end--- So I've added a domain (my actual domain) and a real user. However, this server is not yet in production. It has a private IP (and it will remain that way), and I have added the appropriate Firewall line mentioned in your docs for private IP's, and so my real DNS does not yet know anything about this machine. But that should not matter when using squirrelmail to send out an email - should it? Either it will deliver it locally to the user I have setup, or it will deliver the message to the real (production) MX server (right?). I can change this if you feel it's a good test, but that will of course shut down any real emails coming in to the rest of my real users on the production box. So finally, I successfully logged into squirelmail and tried to send myself an email and I get the same error as this original poster. ERROR: Message not sent. Server replied: , and I mean there is no error or server response shown. I can attach a screen shot if desired, but on a mailing list I don't know if that's appropriate or if it will even accept attachments. So let me know about that. When doing a View Source, the html shows this (I hope html comes through ok in the email): ---snip--- table width=100% cellpadding=1 cellspacing=0 align=center border=0 bgcolor=#abababtrtdtable width=100% cellpadding=0 cellspacing=0 align=center border=0 bgcolor=#fftrtd align=center bgcolor=#dcdcdcfont color=#ccbERROR:/b/font/td/trtrtdtable cellpadding=1 cellspacing=5 align=center border=0trtd align=leftMessage not sent. Server replied: blockquote br / /blockquote ---end--- Essentially there is no error. So while trying to figure this out, I flushed all of the firewall rules iptables -F and then I set each policy to ACCEPT iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT and tried to send an email again, but no luck, I got the same message again. It would appear not to be a firewall problem. But I also have a copy of my firewall rules at the bottom. I've setup and used qmail and squirrelmail several times on different machines and they all worked, and I'm not sure what else is going on here. It would appear that squirrelmail is either not communicating with the qmail (oh by the way, yes it is running - see below), or something is wrong with the squirrelmail version I have, or something I don't yet understand. [EMAIL PROTECTED] etc]# qmailctl stat authlib: up (pid 6111) 870 seconds clamd: up (pid 6106) 870 seconds imap4: up (pid 6113) 870 seconds imap4-ssl: up (pid 6117) 870 seconds pop3: up (pid 6099) 870 seconds pop3-ssl: up (pid 6108) 870 seconds send: up (pid 6102) 870 seconds smtp: up (pid 6109) 870 seconds spamd: up (pid 6115) 870 seconds submission: up (pid 6104) 870 seconds authlib/log: up (pid 6112) 870 seconds clamd/log: up (pid 6107) 870 seconds imap4/log: up (pid 6114) 870 seconds imap4-ssl/log: up (pid 6098) 870 seconds pop3/log: up (pid 6105) 870 seconds pop3-ssl/log: up (pid 6110) 870 seconds send/log: up (pid 6103) 870 seconds smtp/log: up (pid 6101) 870 seconds spamd/log: up (pid 6116) 870 seconds submission/log: up (pid 6100) 870 seconds Also, I have not yet done the Add domain keys portion. This should not affect my sqmail and sending, but just so you know. And to try several different things, I changed my local workstation (xp) hosts file to reflect the mail.mydomain.com and logged out of sqmail, and relogged in and tried sending an email to myself (the user I created earlier) and again I got the blank Error. I have also tried to telnet into the imap and imapssl ports and also into the smtp port from the localhost, and imap works, but smtp is refussed a connection. I'm unclear on the IMAP commands to use in telnet so I haven't done anything other than