from:"Tim Pleiman"

Re: Re: [qmailtoaster] queue is flooding user

2015-10-09 Thread Tim Pleiman

xlogicmx.net)
>>>> (187.234.134.4)
>>>>by ns1.bizmailserver.net with SMTP; 8 Oct 2015 17:19:26 -
>>>> Received-SPF: unknown (ns1.bizmailserver.net: domain at listrak does
>>>> not designate permitted sender hosts)
>>>> Received: from redbrokerage.com.inbound10.mxlogicmx.net
>>>> (redbrokerage.com.inbound10.mxlogicmx.net [208.65.144.3])
>>>>  by redbrokerage.com (Outbound Mail Relay) with ESMTP id
>>>> yZSt49AdKNeARht0
>>>>  for<bandu_p-...@poseidonship.com>; Thu, 08 Oct 2015 13:19:29
>>>> -0400 (EDT)
>>>> MIME-Version: 1.0
>>>> Message-ID:<5616a5a1.3ff1f...@redbrokerage.com.inbound10.mxlogicmx.net>
>>>> Date: Thu, 08 Oct 2015 13:15:29 -0400
>>>> From: "Noemie Considine"<agulle...@redbrokerage.com>
>>>> To:bandu_p-...@poseidonship.com
>>>> Subject: contract
>>>> Content-Type: multipart/mixed;
>>>>   boundary="070709070301020805080405"
>>>> --070709070301020805080405
>>>> Content-Type: text/plain; charset=utf-8; format=flowed
>>>> Content-Transfer-Encoding: 7bit
>>>>
>>>> Dear customer,
>>>>
>>>> I'm sending you a new contract of the project (Private collateral
>>>> statement of account)
>>>>
>>>> --070709070301020805080405
>>>> Content-Type: application/zip; name="Private collateral statement of
>>>> account.zip"
>>>> Content-Description: "Private collateral statement of account.doc"
>>>> Content-Disposition: attachment; filename="Private collateral
>>>> statement of account.zip"; size=43024;
>>>>  creation-date="Thu, 08 Oct 2015 13:16:29 -0400";
>>>>  modification-date="Thu, 08 Oct 2015 13:17:29 -0400"
>>>> Content-Transfer-Encoding: base64
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> -
>>>> To unsubscribe, e-mail:qmailtoaster-list-unsubscr...@qmailtoaster.com
>>>> For additional commands,
>>>> e-mail:qmailtoaster-list-h...@qmailtoaster.com
>>>
>>
>
>
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


-- 
Tim Pleiman
http://support.bravosystemstech.net
Bravo Systems Technologies
"Advanced Open Source Solutions for Business"
Chicago, IL USA

**No trees were killed in the sending of this message, but a large number
of electrons were terribly inconvenienced.



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] Helping Out, e.g. >>Re: [qmailtoaster] RE: Shubes

2015-10-06 Thread Tim Pleiman

Hi,

I've been watching closely the developments with respect to the missing
site personnel for Qmailtoaster. I keep copies of all regular list
meesages from the toaster list for reference as needed and have gotten
involved in the list from time to time, dating back to 2009. At one point
I even offered Shubes to make a regular donation, but he was never able to
identify how I could do that.

I've got several qmail servers installed for my small business clients,
and upgraded most of them late last year, when everything was still
working. However, even then I was noting that everything was looking
pretty old. I've been working with Qmail for over a decade, having come
over to Qmailtoaster from Qmailrocks long ago. I have tended to pop in and
out of paying attention over time, as all seemed to generally be under
control. And, I just don't have issues with the toaster at all, so I get
busy with other matters. But, these latest events are troublesome.

At this point, in terms of where Eric Shubert is, has anyone been able to
get in touch with him? This project, IMO, is too valuable to let fade.
And,
I'm willing to help out in any way I can. I do note that Vickers
Consulting Group appears to be fully closed at this point, Jake having
pursued setting up a photography business: http://jakev.com? Is there a
way to get through to anyone so that full control of this project can be
transferred into appropriate, capable hands?

I'm not on the Qmail-devel list, where I suspect more is happening
concerning this. Again, am willing to help out here.

Again, very concerned. Please advise. And, how do I get on the devel list?

Thanks,
Tim Pleiman
--
Tim Pleiman
http://support.bravosystemstech.net
Bravo Systems Technologies
"Advanced Open Source Solutions for Business"
Chicago, IL USA
773-852-4408
On Thu, September 17, 2015 3:36 pm, Dan McAllister wrote:
> NOTE: I have not only sent emails, but I have also called on the
> telephone to speak to Eric -- all to no avail.
>
> As hesitant as I am to "steal" a project from anyone, I am prepared to
> move on redirecting the DNS to other servers that can be more actively
> maintained. (Remember, I have control of the DNS servers -- at least as
> defined at the registrar. So, so long as the entries at the registrar
> still point to my servers, we have significant control over the domain).
>
> However, I think a more appropriate location to hold this discussion
> would be the qmailtoaster-devel list (which I have copied).
>
> If you are on the qmailtoaster-devel mail list, please continue the
> discussion there.
>
> Thanks
>
> Dan McAllister
> IT4SOHO
> QMT DNS/Mirror Admin
>
>
>
>
> On 9/17/2015 10:23 AM, Edwin C wrote:
>>
>> In the spirit of volunteering, i can provide a vps to the community.
>> I have hosting skills.
>>
>> I also do wordpress websites via my company www.filipinowebservices.com
>>
>> Let me know how i can help.
>>
>> On Sep 17, 2015 13:32, "L.A." <pc...@yandex.ru> wrote:
>> Same here.
>> Making copy of centos6 for local use now :(
>> Looks like we need at least two leaders with all access, that will not
>> disappear simultaneously.
>> 10.09.2015, 01:32, "Havrla" <hav...@lhotkanet.cz>:
>>> Hello
>>>
>>> I'm sorry my English is not good.
>>>
>>> I have QMT since 2003, actually 2015 - 2003 = 12 years. That's a long
>>> time.
>>>
>>> I would be very unhappy if the project did not continue
>>>
>>> Website of the project seem dead. the only living thing is
>>> email-list. I was so unhappy after new information on the
>>> continuation and CentOS7, so I volunteered email-list. Information
>>> gained and QMT on CentOS7 comfortably installed, without compiling,
>>> without complications. I configured a pÅemigroval old QMT. It works.
>>> I'm happy.
>>> Plenty of other administrators would be happy if the project and
>>> website relaunched and updated.
>>>
>>> I can provide mirror web hosting for the web. I fear the end of QMT
>>> several years, so I have a backup
>>> http://www.lhotkanet.cz/mirror/www.qmailtoaster.com/
>>>
>>> Good luck finding Eric "Shubes", please choose a successor to
>>> continue the project. I do not end up project.
>>>
>>> History "authors" from website QMT:
>>> 2003 - first Miguel Beccari <mailto:miguel.becc...@clikka.com> - web
>>> live
>>> 2004 - Miguel Beccari <mailto:miguel.becc...@clikka.com> and Nick
>>> Hemmesch <mailto:n...@ndhsoft.com>  - web live
>>> 2005 - Nick Hemmesch - web live <mailto:n...@ndhsoft.com>
>

[qmailtoaster] Is Qmailtoaster patched to be able to use these Qmail Control Files?

2011-10-06 Thread Tim Pleiman

I now have a toaster server with multiple ip addresses bound to the WAN
Nic. Qmail-smtpd automatically listens on both ip addresses inbound (eth0
and eth0:0), but by default qmail-remote binds to only the first (eth0)
outbound.

In a situation where eth0 is down (with only eth0:0 available), this
causes qmail-remote to hold messages in queue until eth0 becomes available
again. Are the following qmail control options available for
qmail-remote--e.g. patched into the toaster distribution? If so, what
would be the best configuration utilizing these control options--e.g. to
always have qmail-remote bind to the IP address on eth0 when available,
but to automatically fail to the IP address on eth0:0 when eth0 is not
available? Or would I need a script to update one of these control files
that executes automatically during a failover to the IP on eth0:0 when the
IP on eth0 is not available?

bindroutes (qmail-remote)
Any mail sent from an specific source IP address will be sent from the
given IP address.
The entry in bindroutes looks like this:

source ip:ip

Example for bindroutes:

# network 10.x.x.x
10.:1.2.3.4
# network 10.10.x.x
10.10.:1.2.3.4
# network 10.10.10.x
10.10.10.:1.2.3.4
# host 10.10.10.10
10.10.10.10:1.2.3.4
# rest
:1.2.3.4
# don't send any mail to this
1.2.3.4:

If qmail-remote is not able to bind to that IP address then the message
will stay in the queue until the problem has been corrected.
senderip overwrites bindroutes.

and/or

senderip (qmail-remote)
Any mail sent from an email address in the given domain will be sent from
the given IP address.

The entry in senderip looks like this:

domain:ip

If qmail-remote is not able to bind to that IP address then the message
will stay in the queue until the problem has been corrected.




-- 
Tim Pleiman
Bravo Systems Technologies
Advanced Open Source Solutions for Business
Chicago, IL USA


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] Is Qmailtoaster patched to be able to use these Qmail Control Files?

2011-10-06 Thread Tim Pleiman

eth0:0 is a child of the parent, eth0. If the physical interface itself
dies, they both go down. You also cannot manually take down (ifdown
interface) eth0 without also taking down eth0:0. They function together
as eth0. However, when you have a multi-wan setup in this situation (which
is a real life setup in this case), the interface is binding to two ip
addresses with two different network routes. iproute2 routing entries are
utilized to direct in/out traffic to the correct network gateway,
depending on origination, and a failover script changes the default
outbound gateway from the parent's to the child's if a particular server
beyond the parent's gateway cannot be detected via the parent.

This is not an issue with the actual interface going down, but with the
route becoming unavailable on the parent (eth0) when the service
provider's network goes down on the parent. What I've discovered is that
Qmail remote natively binds to the ip address of the parent here unless
otherwise instructed, disregarding the default outbound gateway no matter
what. Hence the need for bindroutes or senderip, which I do believe can be
utilized to solve my problem.

So, the original question, I do believe, applies. There may be other
solutions, e.g. additional routing entries placed in failover script as
well to route traffic from one network to the other network, but either
way, I need to get qmail traffic to go out the child interface ip address
here instead of getting stuck in the queue on the parent interface ip
address. bindroutes and/or senderip should work as one solution though,
perhaps the simplest, unless I have to re-patch to use them.

Thanks!
Tim


On Thu, October 6, 2011 2:52 pm, Michael J. Colvin wrote:
 Maybe I'm missing something, but other than administratively taking eth0
 down, and leaving eth0:0 up, how would eth 0 go down and NOT take eth0:0
 with it?

 IE, a cable being bad, or the switch port that patch cable is plugged into
 going bad, is going to take eth0 AND eth0:0 down.  They're both part of
 the
 same physical port, no?

 Now, if you had eth0 and eth1, both different physical ports, with
 different
 physical connections, I could see what you're trying to accomplish...
 Two
 ip addresses doesn't necessarily mean two separate connections, just
 because
 you've bound them to a physical Ethernet interface and a virtual/sub
 interface...

 Mike

 -Original Message-
 From: Tim Pleiman [mailto:tplei...@bravosystemstech.net]
 Sent: Thursday, October 06, 2011 10:13 AM
 To: qmailtoaster-list@qmailtoaster.com
 Subject: [qmailtoaster] Is Qmailtoaster patched to be able to use these
 Qmail Control Files?

 I now have a toaster server with multiple ip addresses bound to the WAN
 Nic. Qmail-smtpd automatically listens on both ip addresses inbound (eth0
 and eth0:0), but by default qmail-remote binds to only the first (eth0)
 outbound.

 In a situation where eth0 is down (with only eth0:0 available), this
 causes qmail-remote to hold messages in queue until eth0 becomes available
 again. Are the following qmail control options available for
 qmail-remote--e.g. patched into the toaster distribution? If so, what
 would be the best configuration utilizing these control options--e.g. to
 always have qmail-remote bind to the IP address on eth0 when available,
 but to automatically fail to the IP address on eth0:0 when eth0 is not
 available? Or would I need a script to update one of these control files
 that executes automatically during a failover to the IP on eth0:0 when the
 IP on eth0 is not available?

 bindroutes (qmail-remote)
 Any mail sent from an specific source IP address will be sent from the
 given IP address.
 The entry in bindroutes looks like this:

 source ip:ip

 Example for bindroutes:

 # network 10.x.x.x
 10.:1.2.3.4
 # network 10.10.x.x
 10.10.:1.2.3.4
 # network 10.10.10.x
 10.10.10.:1.2.3.4
 # host 10.10.10.10
 10.10.10.10:1.2.3.4
 # rest
 :1.2.3.4
 # don't send any mail to this
 1.2.3.4:

 If qmail-remote is not able to bind to that IP address then the message
 will stay in the queue until the problem has been corrected.
 senderip overwrites bindroutes.

 and/or

 senderip (qmail-remote)
 Any mail sent from an email address in the given domain will be sent from
 the given IP address.

 The entry in senderip looks like this:

 domain:ip

 If qmail-remote is not able to bind to that IP address then the message
 will stay in the queue until the problem has been corrected.




 --
 Tim Pleiman
 Bravo Systems Technologies
 Advanced Open Source Solutions for Business
 Chicago, IL USA


 
 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
 Vickers Consulting Group offers Qmailtoaster support and
 installations.
   If you need professional help with your setup, contact them today

RE: [qmailtoaster] Is Qmailtoaster patched to be able to use these Qmail Control Files?

2011-10-06 Thread Tim Pleiman

More...

This question has actually been asked similarly before (in 2008), but not
recently from what I can tell:

http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg20024.html

So, perhaps just an update answer as to whether I need to patch
qmail-remote manually or whether these features are now included in the
toaster.

Any other suggestions also appreciated.

Thanks!
Tim

On Thu, October 6, 2011 10:52 pm, Tim Pleiman wrote:
 eth0:0 is a child of the parent, eth0. If the physical interface itself
 dies, they both go down. You also cannot manually take down (ifdown
 interface) eth0 without also taking down eth0:0. They function together
 as eth0. However, when you have a multi-wan setup in this situation (which
 is a real life setup in this case), the interface is binding to two ip
 addresses with two different network routes. iproute2 routing entries are
 utilized to direct in/out traffic to the correct network gateway,
 depending on origination, and a failover script changes the default
 outbound gateway from the parent's to the child's if a particular server
 beyond the parent's gateway cannot be detected via the parent.

 This is not an issue with the actual interface going down, but with the
 route becoming unavailable on the parent (eth0) when the service
 provider's network goes down on the parent. What I've discovered is that
 Qmail remote natively binds to the ip address of the parent here unless
 otherwise instructed, disregarding the default outbound gateway no matter
 what. Hence the need for bindroutes or senderip, which I do believe can be
 utilized to solve my problem.

 So, the original question, I do believe, applies. There may be other
 solutions, e.g. additional routing entries placed in failover script as
 well to route traffic from one network to the other network, but either
 way, I need to get qmail traffic to go out the child interface ip address
 here instead of getting stuck in the queue on the parent interface ip
 address. bindroutes and/or senderip should work as one solution though,
 perhaps the simplest, unless I have to re-patch to use them.

 Thanks!
 Tim


 On Thu, October 6, 2011 2:52 pm, Michael J. Colvin wrote:
 Maybe I'm missing something, but other than administratively taking eth0
 down, and leaving eth0:0 up, how would eth 0 go down and NOT take eth0:0
 with it?

 IE, a cable being bad, or the switch port that patch cable is plugged
 into
 going bad, is going to take eth0 AND eth0:0 down.  They're both part of
 the
 same physical port, no?

 Now, if you had eth0 and eth1, both different physical ports, with
 different
 physical connections, I could see what you're trying to accomplish...
 Two
 ip addresses doesn't necessarily mean two separate connections, just
 because
 you've bound them to a physical Ethernet interface and a virtual/sub
 interface...

 Mike

 -Original Message-
 From: Tim Pleiman [mailto:tplei...@bravosystemstech.net]
 Sent: Thursday, October 06, 2011 10:13 AM
 To: qmailtoaster-list@qmailtoaster.com
 Subject: [qmailtoaster] Is Qmailtoaster patched to be able to use these
 Qmail Control Files?

 I now have a toaster server with multiple ip addresses bound to the WAN
 Nic. Qmail-smtpd automatically listens on both ip addresses inbound
 (eth0
 and eth0:0), but by default qmail-remote binds to only the first (eth0)
 outbound.

 In a situation where eth0 is down (with only eth0:0 available), this
 causes qmail-remote to hold messages in queue until eth0 becomes
 available
 again. Are the following qmail control options available for
 qmail-remote--e.g. patched into the toaster distribution? If so, what
 would be the best configuration utilizing these control options--e.g. to
 always have qmail-remote bind to the IP address on eth0 when available,
 but to automatically fail to the IP address on eth0:0 when eth0 is not
 available? Or would I need a script to update one of these control files
 that executes automatically during a failover to the IP on eth0:0 when
 the
 IP on eth0 is not available?

 bindroutes (qmail-remote)
 Any mail sent from an specific source IP address will be sent from the
 given IP address.
 The entry in bindroutes looks like this:

 source ip:ip

 Example for bindroutes:

 # network 10.x.x.x
 10.:1.2.3.4
 # network 10.10.x.x
 10.10.:1.2.3.4
 # network 10.10.10.x
 10.10.10.:1.2.3.4
 # host 10.10.10.10
 10.10.10.10:1.2.3.4
 # rest
 :1.2.3.4
 # don't send any mail to this
 1.2.3.4:

 If qmail-remote is not able to bind to that IP address then the message
 will stay in the queue until the problem has been corrected.
 senderip overwrites bindroutes.

 and/or

 senderip (qmail-remote)
 Any mail sent from an email address in the given domain will be sent
 from
 the given IP address.

 The entry in senderip looks like this:

 domain:ip

 If qmail-remote is not able to bind to that IP address then the message
 will stay in the queue until the problem has been corrected.




 --
 Tim Pleiman
 Bravo Systems

[qmailtoaster] Qmail control smtphosts...is this true?

2011-09-29 Thread Tim Pleiman

To anyone who might know,

I find various online references to a qmail control file:

/var/qmail/control/smtphosts

that is not generally used in all qmail installations, whereby:

If the file

/var/qmail/control/smtphosts

exists and contains an entry for hisdomain.com, qmail will not perform a
DNS MX-lookup to figure out the mail server for hisdomain.com; it will use
the one specified there, such as:

.hisdomain.com:pop2.hisdomain.com

Otherwise, qmail will perform a DNS/MX lookup.

The reason I ask has to do with something I mentioned earlier concerning
mail client lookups of mx records returning 451--DNS temporary failure
and stubbornly refusing to place such messages in the queue even though I
know the message will be delivered.

I'm having periodic trouble with a couple of Chinese DNS mx lookups (as
they fool around with their DNS servers over there), and if the above is
working in qmailtoaster, then that will alleviate this problem on specific
domains entirely without having to disable the CHKUSER feature that
prevents such messages from being queued.

Thanks!
Tim
-- 
Tim Pleiman
Bravo Systems Technologies
Advanced Open Source Solutions for Business
Chicago, IL USA


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: Qmail control smtphosts...is this true?

2011-09-29 Thread Tim Pleiman

Yes, the smtphosts file seems to be some sort of mistake that's
published in places.

So then with smtproutes, it can serve two purposes:

1. To relay all outbound mail through a trusted host, via:

:mail.somedomain.com

or

2. To relay/send selected mail to a specific domain, bypassing an MX
lookup via:

somedomain.com:mx-static-record-for-somedomain.com

Correct?

Just wanting to confirm because I've never needed to use the second option.

Thanks,
Tim

On Thu, September 29, 2011 11:58 am, Eric Shubert wrote:
 On 09/29/2011 09:48 AM, Tim Pleiman wrote:
 To anyone who might know,

 I find various online references to a qmail control file:

 /var/qmail/control/smtphosts

 that is not generally used in all qmail installations, whereby:

 If the file

 /var/qmail/control/smtphosts

 exists and contains an entry for hisdomain.com, qmail will not perform a
 DNS MX-lookup to figure out the mail server for hisdomain.com; it will
 use
 the one specified there, such as:

 .hisdomain.com:pop2.hisdomain.com

 Otherwise, qmail will perform a DNS/MX lookup.

 The reason I ask has to do with something I mentioned earlier concerning
 mail client lookups of mx records returning 451--DNS temporary failure
 and stubbornly refusing to place such messages in the queue even though
 I
 know the message will be delivered.

 I'm having periodic trouble with a couple of Chinese DNS mx lookups (as
 they fool around with their DNS servers over there), and if the above is
 working in qmailtoaster, then that will alleviate this problem on
 specific
 domains entirely without having to disable the CHKUSER feature that
 prevents such messages from being queued.

 Thanks!
 Tim

 This sounds like the /var/qmail/control/smtproutes file in QMT:
 http://wiki.qmailtoaster.com/index.php/Smtproutes

 --
 -Eric 'shubes'


 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
 Vickers Consulting Group offers Qmailtoaster support and
 installations.
   If you need professional help with your setup, contact them today!
 -
  Please visit qmailtoaster.com for the latest news, updates, and
 packages.

   To unsubscribe, e-mail:
 qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
 qmailtoaster-list-h...@qmailtoaster.com





-- 
Tim Pleiman
Bravo Systems Technologies
Advanced Open Source Solutions for Business
Chicago, IL USA


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] 451 DNS Temporary Failure: Issue that should be addressed in CHKUSER

2011-08-31 Thread Tim Pleiman

Eric,

Over the last couple of years working with qmailtoaster, I've come to both
love and hate this particular CHKUSER check.

I keep copies of all the messages from the qmt list, and searching for the
string 451 DNS Temporary Problem, it seems to me that people have many
problems with it that could be addressed with some simple fixes to the
CHKUSR code--e.g. more detailed error responses from CHKUSER that better
define the nature of the problem.

Unlike the posts I've read over the last year or so, I'm not having any
trouble with my caching nameserver, DJBDNS. It's working properly, has
always been working properly. I love DJBDNS. However, here's the problem
that I have with this particular CHKUSER check:

When a sender tries to send a message to a single u...@domain.com, if
the domain MX is unresolveable in DNS as follows:

2011-08-31 12:56:25.14400 servfail nc-mail.nchicago.org. input/output
error

CHKUSR will return the 451 DNS Temporary Failure error indicative of the
issue. In this case today, the above particular domain has no MX record
for it's e-mail--their problem, not mine.

So, this immediately prevents queuing of messages in QMail that cannot
currently be delivered immediately to that one particular domain. This is
a good thing as it alerts the sender that the message cannot be delivered
now--e.g. QMail is not going to queue the message now because it would
just sit there, either waiting for the MX to become available or, if it
does not, bouncing the message after the queuelifetime expires.

Now, aside from the fact that the average person doesn't know what this
means, I can deal with it, albeit it is not ideal (the average user-sender
does not know what the heck 451 DNS Temporary Failure is).

However, when sending out a multi-recipient message, this is when the
issue gets really dicey. CHKUSR stubbornly refuses to queue the message at
all for any of the recipients, even the ones that have valid MXes, as it
simply also returns the 451 DNS Temporary Failure error with no other
information at all.

What this means is that the sender of the multi-recipient message has to
figure out on his/her own which e-mail domain can currently not accept a
delivery. The only way to determine this is to send the message to each of
the recipients individually until you hit the one with the
invalid/unavailable MX.

Now, I think the ultimate resolution of this issue would be for CHKUSER to
be updated to provide better error responses on this particular check. For
single-recipient messages, it should respond with something like 451 DNS
temporary failure: mail server for domain 'somedomain.com' is currently
unavailable. In the case of multi-recipient messages, it should go ahead
and queue the message for the valid domains, while returning a similar
error for the MX domain(s) that is not available.

Meanwhile, from what I can tell from the list archives, there is currently
no way to disable this CHKUSER check entirely without manually recompiling
CHKUSER.

If there is already a simple fix/adjustment for this, let me know (and
I'll apologize in advance for missing this). Otherwise, it would be great
in future QMT releases to have this CHKUSER check disabled entirely,
pending an adjustment to CHKUSER, as it results in lots of puzzled user
inquiries. With this disabled, such messages would go into the queue for
QMail to bounce on its own. I understand that the feature also alerts
admins to their own DNS server issues as well. However, those should be
issues that server admins can resolve on their own anyway. It's the
user-related problems that this check causes that, to me, are most
troublesome.

Thanks!
Tim
-- 
Tim Pleiman
Bravo Systems Technologies
Advanced Open Source Solutions for Business
Chicago, IL USA


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] Updated more info[Fwd: [qmailtoaster] 451 DNS Temporary Failure: Issue that should be addressed in CHKUSER]

2011-08-31 Thread Tim Pleiman

Here's the troublesome feature:

CHKUSER_RCPTMX_TMP_STRING   2.0.7   defined 451 DNS temporary 
failure
(#4.5.1 - chkuser)\r\n
String emitted if there is a soft DNS error on recipient domain.

 Original Message 
Subject: [qmailtoaster] 451 DNS Temporary Failure: Issue that should be
addressed in  CHKUSER
From:Tim Pleiman tplei...@bravosystemstech.net
Date:Wed, August 31, 2011 2:00 pm
To:  qmailtoaster-list@qmailtoaster.com
--

Eric,

Over the last couple of years working with qmailtoaster, I've come to both
love and hate this particular CHKUSER check.

I keep copies of all the messages from the qmt list, and searching for the
string 451 DNS Temporary Problem, it seems to me that people have many
problems with it that could be addressed with some simple fixes to the
CHKUSR code--e.g. more detailed error responses from CHKUSER that better
define the nature of the problem.

Unlike the posts I've read over the last year or so, I'm not having any
trouble with my caching nameserver, DJBDNS. It's working properly, has
always been working properly. I love DJBDNS. However, here's the problem
that I have with this particular CHKUSER check:

When a sender tries to send a message to a single u...@domain.com, if
the domain MX is unresolveable in DNS as follows:

2011-08-31 12:56:25.14400 servfail nc-mail.nchicago.org. input/output
error

CHKUSR will return the 451 DNS Temporary Failure error indicative of the
issue. In this case today, the above particular domain has no MX record
for it's e-mail--their problem, not mine.

So, this immediately prevents queuing of messages in QMail that cannot
currently be delivered immediately to that one particular domain. This is
a good thing as it alerts the sender that the message cannot be delivered
now--e.g. QMail is not going to queue the message now because it would
just sit there, either waiting for the MX to become available or, if it
does not, bouncing the message after the queuelifetime expires.

Now, aside from the fact that the average person doesn't know what this
means, I can deal with it, albeit it is not ideal (the average user-sender
does not know what the heck 451 DNS Temporary Failure is).

However, when sending out a multi-recipient message, this is when the
issue gets really dicey. CHKUSR stubbornly refuses to queue the message at
all for any of the recipients, even the ones that have valid MXes, as it
simply also returns the 451 DNS Temporary Failure error with no other
information at all.

What this means is that the sender of the multi-recipient message has to
figure out on his/her own which e-mail domain can currently not accept a
delivery. The only way to determine this is to send the message to each of
the recipients individually until you hit the one with the
invalid/unavailable MX.

Now, I think the ultimate resolution of this issue would be for CHKUSER to
be updated to provide better error responses on this particular check. For
single-recipient messages, it should respond with something like 451 DNS
temporary failure: mail server for domain 'somedomain.com' is currently
unavailable. In the case of multi-recipient messages, it should go ahead
and queue the message for the valid domains, while returning a similar
error for the MX domain(s) that is not available.

Meanwhile, from what I can tell from the list archives, there is currently
no way to disable this CHKUSER check entirely without manually recompiling
CHKUSER.

If there is already a simple fix/adjustment for this, let me know (and
I'll apologize in advance for missing this). Otherwise, it would be great
in future QMT releases to have this CHKUSER check disabled entirely,
pending an adjustment to CHKUSER, as it results in lots of puzzled user
inquiries. With this disabled, such messages would go into the queue for
QMail to bounce on its own. I understand that the feature also alerts
admins to their own DNS server issues as well. However, those should be
issues that server admins can resolve on their own anyway. It's the
user-related problems that this check causes that, to me, are most
troublesome.

Thanks!
Tim
-- 
Tim Pleiman
Bravo Systems Technologies
Advanced Open Source Solutions for Business
Chicago, IL USA


-
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and
packages.

  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




-- 
Tim

Re: [qmailtoaster] Re: Updated more info[Fwd: [qmailtoaster] 451 DNS Temporary Failure: Issue that should be addressed in CHKUSER]

2011-08-31 Thread Tim Pleiman

Is that this tcp.smtp rule?

SENDER_NOCHECK=1

It's possible that I may have dealt with this before on a different server
and have simply forgotten. I implemented the above setting on another
system due to some other similar issue as I recall. I'm thinking that the
above disables a bunch of different MX checks by CHKUSER, possibly
including this one.

However, is this the more specific rule?

CHKUSER_RCPT_MX=0

I can't seem to find a list over at interazioni.it for all the tcp.smtp
rule settings.

These servers are all at CHKUSER 2.0.8, so I'm thinking I should be able
to turn this off then in tcp.smtp provided I choose the right rule
setting.

However, in 2.0.8, according to interazioni.it, the CHKUSER_RCPT_MX
setting is undefined which should mean that it's off by default, correct?
So, that's confusing me as to why the check is happening at all.

Ideas?

Thanks,
Tim


On Wed, August 31, 2011 3:42 pm, Eric Shubert wrote:
 I believe that the default chkuser settings will be used in QMTv2.
 According to
 http://www.interazioni.it/opensource/chkuser/documentation/chkuser_settings.html
 the MX checks are now off by default. I believe that they can be turned
 on with an environment variable set in the tcp.smtp or run file if
 desired, so no rebuilding will be needed.

 On 08/31/2011 12:19 PM, Tim Pleiman wrote:
 Here's the troublesome feature:

 CHKUSER_RCPTMX_TMP_STRING2.0.7   defined 451 DNS temporary 
 failure
 (#4.5.1 - chkuser)\r\n
 String emitted if there is a soft DNS error on recipient domain.

  Original Message
 
 Subject: [qmailtoaster] 451 DNS Temporary Failure: Issue that should be
 addressed in  CHKUSER
 From:Tim Pleimantplei...@bravosystemstech.net
 Date:Wed, August 31, 2011 2:00 pm
 To:  qmailtoaster-list@qmailtoaster.com
 --

 Eric,

 Over the last couple of years working with qmailtoaster, I've come to
 both
 love and hate this particular CHKUSER check.

 I keep copies of all the messages from the qmt list, and searching for
 the
 string 451 DNS Temporary Problem, it seems to me that people have many
 problems with it that could be addressed with some simple fixes to the
 CHKUSR code--e.g. more detailed error responses from CHKUSER that better
 define the nature of the problem.

 Unlike the posts I've read over the last year or so, I'm not having any
 trouble with my caching nameserver, DJBDNS. It's working properly, has
 always been working properly. I love DJBDNS. However, here's the problem
 that I have with this particular CHKUSER check:

 When a sender tries to send a message to a single u...@domain.com, if
 the domain MX is unresolveable in DNS as follows:

 2011-08-31 12:56:25.14400 servfail nc-mail.nchicago.org.
 input/output
 error

 CHKUSR will return the 451 DNS Temporary Failure error indicative of
 the
 issue. In this case today, the above particular domain has no MX record
 for it's e-mail--their problem, not mine.

 So, this immediately prevents queuing of messages in QMail that cannot
 currently be delivered immediately to that one particular domain. This
 is
 a good thing as it alerts the sender that the message cannot be
 delivered
 now--e.g. QMail is not going to queue the message now because it would
 just sit there, either waiting for the MX to become available or, if it
 does not, bouncing the message after the queuelifetime expires.

 Now, aside from the fact that the average person doesn't know what this
 means, I can deal with it, albeit it is not ideal (the average
 user-sender
 does not know what the heck 451 DNS Temporary Failure is).

 However, when sending out a multi-recipient message, this is when the
 issue gets really dicey. CHKUSR stubbornly refuses to queue the message
 at
 all for any of the recipients, even the ones that have valid MXes, as it
 simply also returns the 451 DNS Temporary Failure error with no other
 information at all.

 What this means is that the sender of the multi-recipient message has to
 figure out on his/her own which e-mail domain can currently not accept a
 delivery. The only way to determine this is to send the message to each
 of
 the recipients individually until you hit the one with the
 invalid/unavailable MX.

 Now, I think the ultimate resolution of this issue would be for CHKUSER
 to
 be updated to provide better error responses on this particular check.
 For
 single-recipient messages, it should respond with something like 451
 DNS
 temporary failure: mail server for domain 'somedomain.com' is currently
 unavailable. In the case of multi-recipient messages, it should go
 ahead
 and queue the message for the valid domains, while returning a similar
 error for the MX domain(s) that is not available.

 Meanwhile, from what I can tell from the list archives, there is
 currently
 no way to disable this CHKUSER check entirely without manually
 recompiling
 CHKUSER

[qmailtoaster] OK, I think I get youRe: [qmailtoaster] Re: Updated more info[Fwd: [qmailtoaster] 451 DNS Temporary Failure: Issue that should be addressed in CHKUSER]

2011-08-31 Thread Tim Pleiman

So, what you're saying is that all of these:

CHKUSER_RCPT_FORMAT
CHKUSER_RCPT_MX
CHKUSER_SENDER_FORMAT
CHKUSER_SENDER_MX

are still set active during the default QMT installation even though 2.0.8
of CHKUSER is present in current QMT installs and 2.0.8 of CHKUSER is
supposed to have them already off by default?

So then, the above are going to be default disabled in QMTv2? And there
will be the ability to change an environment variable setting in tcp.smtp
to turn these on individually as desired in QMTv2?

Let me know if I've got that right.

;)

Thanks!
Tim


On Wed, August 31, 2011 3:42 pm, Eric Shubert wrote:
 I believe that the default chkuser settings will be used in QMTv2.
 According to
 http://www.interazioni.it/opensource/chkuser/documentation/chkuser_settings.html
 the MX checks are now off by default. I believe that they can be turned
 on with an environment variable set in the tcp.smtp or run file if
 desired, so no rebuilding will be needed.

 On 08/31/2011 12:19 PM, Tim Pleiman wrote:
 Here's the troublesome feature:

 CHKUSER_RCPTMX_TMP_STRING2.0.7   defined 451 DNS temporary 
 failure
 (#4.5.1 - chkuser)\r\n
 String emitted if there is a soft DNS error on recipient domain.

  Original Message
 
 Subject: [qmailtoaster] 451 DNS Temporary Failure: Issue that should be
 addressed in  CHKUSER
 From:Tim Pleimantplei...@bravosystemstech.net
 Date:Wed, August 31, 2011 2:00 pm
 To:  qmailtoaster-list@qmailtoaster.com
 --

 Eric,

 Over the last couple of years working with qmailtoaster, I've come to
 both
 love and hate this particular CHKUSER check.

 I keep copies of all the messages from the qmt list, and searching for
 the
 string 451 DNS Temporary Problem, it seems to me that people have many
 problems with it that could be addressed with some simple fixes to the
 CHKUSR code--e.g. more detailed error responses from CHKUSER that better
 define the nature of the problem.

 Unlike the posts I've read over the last year or so, I'm not having any
 trouble with my caching nameserver, DJBDNS. It's working properly, has
 always been working properly. I love DJBDNS. However, here's the problem
 that I have with this particular CHKUSER check:

 When a sender tries to send a message to a single u...@domain.com, if
 the domain MX is unresolveable in DNS as follows:

 2011-08-31 12:56:25.14400 servfail nc-mail.nchicago.org.
 input/output
 error

 CHKUSR will return the 451 DNS Temporary Failure error indicative of
 the
 issue. In this case today, the above particular domain has no MX record
 for it's e-mail--their problem, not mine.

 So, this immediately prevents queuing of messages in QMail that cannot
 currently be delivered immediately to that one particular domain. This
 is
 a good thing as it alerts the sender that the message cannot be
 delivered
 now--e.g. QMail is not going to queue the message now because it would
 just sit there, either waiting for the MX to become available or, if it
 does not, bouncing the message after the queuelifetime expires.

 Now, aside from the fact that the average person doesn't know what this
 means, I can deal with it, albeit it is not ideal (the average
 user-sender
 does not know what the heck 451 DNS Temporary Failure is).

 However, when sending out a multi-recipient message, this is when the
 issue gets really dicey. CHKUSR stubbornly refuses to queue the message
 at
 all for any of the recipients, even the ones that have valid MXes, as it
 simply also returns the 451 DNS Temporary Failure error with no other
 information at all.

 What this means is that the sender of the multi-recipient message has to
 figure out on his/her own which e-mail domain can currently not accept a
 delivery. The only way to determine this is to send the message to each
 of
 the recipients individually until you hit the one with the
 invalid/unavailable MX.

 Now, I think the ultimate resolution of this issue would be for CHKUSER
 to
 be updated to provide better error responses on this particular check.
 For
 single-recipient messages, it should respond with something like 451
 DNS
 temporary failure: mail server for domain 'somedomain.com' is currently
 unavailable. In the case of multi-recipient messages, it should go
 ahead
 and queue the message for the valid domains, while returning a similar
 error for the MX domain(s) that is not available.

 Meanwhile, from what I can tell from the list archives, there is
 currently
 no way to disable this CHKUSER check entirely without manually
 recompiling
 CHKUSER.

 If there is already a simple fix/adjustment for this, let me know (and
 I'll apologize in advance for missing this). Otherwise, it would be
 great
 in future QMT releases to have this CHKUSER check disabled entirely,
 pending an adjustment to CHKUSER, as it results in lots of puzzled user
 inquiries

Re: [qmailtoaster] 451 DNS Temporary Failure: Issue that should be addressed in CHKUSER

2011-08-31 Thread Tim Pleiman

* 2.0.9   undefined   
 CHKUSER_MUSTAUTH


 for having a server accepting only authenticated users (any port or
 submission port).


 For version 2.0.8 you may use (recompiling)  both:

 *CHKUSER_SENDER_NOCHECK_VARIABLE *2.0.5   commented   SENDER_NOCHECK


 *CHKUSER_STARTING_VARIABLE*   2.0.5   commented   CHKUSER_START


 Playing with those settings, you may enable or disable chkuser
 accordingly to variable settings.

 For such scopes, I sugges not to put variables inside tcp.smtp, but
 directly within running command, because behaviour is per server and not
 per IP.

 Regards,

 Tonino



 Il 31/08/2011 21:00, Tim Pleiman ha scritto:
 Eric,

 Over the last couple of years working with qmailtoaster, I've come to
 both
 love and hate this particular CHKUSER check.

 I keep copies of all the messages from the qmt list, and searching for
 the
 string 451 DNS Temporary Problem, it seems to me that people have many
 problems with it that could be addressed with some simple fixes to the
 CHKUSR code--e.g. more detailed error responses from CHKUSER that better
 define the nature of the problem.

 Unlike the posts I've read over the last year or so, I'm not having any
 trouble with my caching nameserver, DJBDNS. It's working properly, has
 always been working properly. I love DJBDNS. However, here's the problem
 that I have with this particular CHKUSER check:

 When a sender tries to send a message to a single u...@domain.com, if
 the domain MX is unresolveable in DNS as follows:

 2011-08-31 12:56:25.14400 servfail nc-mail.nchicago.org.
 input/output
 error

 CHKUSR will return the 451 DNS Temporary Failure error indicative of
 the
 issue. In this case today, the above particular domain has no MX record
 for it's e-mail--their problem, not mine.

 So, this immediately prevents queuing of messages in QMail that cannot
 currently be delivered immediately to that one particular domain. This
 is
 a good thing as it alerts the sender that the message cannot be
 delivered
 now--e.g. QMail is not going to queue the message now because it would
 just sit there, either waiting for the MX to become available or, if it
 does not, bouncing the message after the queuelifetime expires.

 Now, aside from the fact that the average person doesn't know what this
 means, I can deal with it, albeit it is not ideal (the average
 user-sender
 does not know what the heck 451 DNS Temporary Failure is).

 However, when sending out a multi-recipient message, this is when the
 issue gets really dicey. CHKUSR stubbornly refuses to queue the message
 at
 all for any of the recipients, even the ones that have valid MXes, as it
 simply also returns the 451 DNS Temporary Failure error with no other
 information at all.

 What this means is that the sender of the multi-recipient message has to
 figure out on his/her own which e-mail domain can currently not accept a
 delivery. The only way to determine this is to send the message to each
 of
 the recipients individually until you hit the one with the
 invalid/unavailable MX.

 Now, I think the ultimate resolution of this issue would be for CHKUSER
 to
 be updated to provide better error responses on this particular check.
 For
 single-recipient messages, it should respond with something like 451
 DNS
 temporary failure: mail server for domain 'somedomain.com' is currently
 unavailable. In the case of multi-recipient messages, it should go
 ahead
 and queue the message for the valid domains, while returning a similar
 error for the MX domain(s) that is not available.

 Meanwhile, from what I can tell from the list archives, there is
 currently
 no way to disable this CHKUSER check entirely without manually
 recompiling
 CHKUSER.

 If there is already a simple fix/adjustment for this, let me know (and
 I'll apologize in advance for missing this). Otherwise, it would be
 great
 in future QMT releases to have this CHKUSER check disabled entirely,
 pending an adjustment to CHKUSER, as it results in lots of puzzled user
 inquiries. With this disabled, such messages would go into the queue for
 QMail to bounce on its own. I understand that the feature also alerts
 admins to their own DNS server issues as well. However, those should be
 issues that server admins can resolve on their own anyway. It's the
 user-related problems that this check causes that, to me, are most
 troublesome.

 Thanks!
 Tim


 --
 
  Inter@zioniInterazioni di Antonio Nati
 http://www.interazioni.it  to...@interazioni.it
 




-- 
Tim Pleiman
Bravo Systems Technologies
Advanced Open Source Solutions for Business
Chicago, IL USA


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations

[qmailtoaster] qmail-remote/qmail-smtpd and multiple WAN IP addresses on same box

2011-07-14 Thread Tim Pleiman

I'm in the process of upgrading a system with load balacing/failover from
2 different ISPs on a single box, e.g.:

http://www.xenocafe.com/tutorials/linux/redhat/bind_multiple_ip_addresses_to_single_nic/index.php

What I wish to be able to do is have qmail-smtpd listening on both IP
addresses for inbound mail traffic at all times. Then have qmail-remote
select the first available address to send outbound traffic--e.g. either
IP that is available, so that if one goes down, qmail-remote will
automatically determine to send on the other.

Is this possible with the current qmailtoaster distribution? I've seen
posts in other forums with similar questions, some indicate that a patch
is required or to have the services bound to specific IPs. None of the
information I can find gives information specific as to what I'm trying to
accomplish.

Many thanks in advance!

Tim
-- 
Tim Pleiman
Bravo Systems Technologies
Advanced Open Source Solutions for Business
Chicago, IL USA


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] qmail-remote/qmail-smtpd and multiple WAN IP addresses on same box

2011-07-14 Thread Tim Pleiman

Thanks Dan,

Thanks for confirming what would occur with outbound mail. However, what
about inbound mail, whereby one connection handles mail for mx
mail1..com and another for mail2..com? Will tcpserver/qmail-smtpd
open whatever connections it needs there as well?:

vpopmail 2706 0.0 0.0 3824 416 ?SJul01 0:00
/usr/bin/tcpserver -v -R -H -l mail.dmsystems.com -x
/etc/tcprules.d/tcp.smtp.cdb -c 100 -u 89 -g 89 0 587
/var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true

tcp0 0 xx.xxx.xxx.xxx:25 74.84.128.73:47345
ESTABLISHED
tcp0 0 xx.xxx.xxx.xxx:25 69.199.67.164:4478
TIME_WAIT

Obviously it opens multiple listening connections on the same single IP as
indicated above.

Thanks,
Tim

On Thu, July 14, 2011 11:20 am, Dan McAllister wrote:
Tim,

I think your problem is different from what you've read on the other
forums... specifically, I suspect that they wanted to have the system
attached to both IP addresses (both ISPs), but have QMail use only
one THAT requires a patch.

What you're proposing is that you have 2 IP addresses (whether on a pair
(or more) of NICs, or shared on one NIC won't matter) and that you let
whatever internal load balancing is in effect control the outbound
message flow. This is the DEFAULT behavior of QMail, so no patches are
necessary.

One brief caveat -- if you're using SPF, make sure BOTH of your public
IP addresses are valid -- and make sure BOTH of your public IP addresses
have appropriate reverse-DNS entries.

Good Luck!

Dan
IT4SOHO

On 7/14/2011 11:31 AM, Tim Pleiman wrote:
I'm in the process of upgrading a system with load balacing/failover
from
2 different ISPs on a single box, e.g.:

http://www.xenocafe.com/tutorials/linux/redhat/bind_multiple_ip_addresses_to_single_nic/index.php

What I wish to be able to do is have qmail-smtpd listening on both IP
addresses for inbound mail traffic at all times. Then have qmail-remote
select the first available address to send outbound traffic--e.g. either
IP that is available, so that if one goes down, qmail-remote will
automatically determine to send on the other.

Is this possible with the current qmailtoaster distribution? I've seen
posts in other forums with similar questions, some indicate that a patch
is required or to have the services bound to specific IPs. None of the
information I can find gives information specific as to what I'm trying
to
accomplish.

Many thanks in advance!

Tim

-
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and
packages.

To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com

--
Tim Pleiman
Bravo Systems Technologies
Advanced Open Source Solutions for Business
Chicago, IL USA

-
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] SpamdykeFalse DENIED_SENDER_NO_MX error?

2011-04-28 Thread Tim Pleiman


It appears that I may be, at least on occasion, having the following
problem that Eric discovered here:

http://comments.gmane.org/gmane.mail.spam.spamdyke.user/3106

Today it is affecting google's gmail servers:

2011-04-28 12:23:13.290273500 spamdyke[11358]: ERROR: DNS response for
adaxa.com: expected type MX, A, CNAME but received type (unknown)
2011-04-28 12:23:13.290860500 spamdyke[11358]: FILTER_SENDER_NO_MX domain:
adaxa.com
2011-04-28 12:23:13.826486500 spamdyke[11358]: DENIED_SENDER_NO_MX from:
...@adaxa.com to: ...@bravosystemstech.net origin_ip:
209.85.212.43 origin_rdns: mail-vw0-f43.google.com auth: (unknown)
encryption: TLS
2011-04-28 12:24:15.335562500 spamdyke[11358]: TIMEOUT from:
...@adaxa.com to: ...@bravosystemstech.net origin_ip:
209.85.212.43 origin_rdns: mail-vw0-f43.google.com auth: (unknown)
encryption: TLS reason: TIMEOUT


On the particular server that's having this trouble, I'm running spamdyke
4.1.0.

It appears from the above that this trouble was discovered after the
release of the current 4.2.0 version (release Feb 11) of spamdyke.

Does anyone know if this also affects version 4.1.0, and if so, how to
bypass this without compromising security until a corrective update is
released?

It's definitely not affecting the 4.0.10 version of spamdyke that I have
running on another qmailtoaster server as the mx lookups for the above
domain are having no trouble there.

Thanks,
-- 
Tim Pleiman
Bravo Systems Technologies
Advanced Open Source Solutions for Business
Chicago, IL USA


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: SpamdykeFalse DENIED_SENDER_NO_MX error?

2011-04-28 Thread Tim Pleiman


On Thu, April 28, 2011 3:43 pm, Eric Shubert wrote:
 On 04/28/2011 11:26 AM, Tim Pleiman wrote:

 It appears that I may be, at least on occasion, having the following
 problem that Eric discovered here:

 http://comments.gmane.org/gmane.mail.spam.spamdyke.user/3106

 Today it is affecting google's gmail servers:

 2011-04-28 12:23:13.290273500 spamdyke[11358]: ERROR: DNS response for
 adaxa.com: expected type MX, A, CNAME but received type (unknown)
 2011-04-28 12:23:13.290860500 spamdyke[11358]: FILTER_SENDER_NO_MX
 domain:
 adaxa.com
 2011-04-28 12:23:13.826486500 spamdyke[11358]: DENIED_SENDER_NO_MX from:
 ...@adaxa.com to: ...@bravosystemstech.net origin_ip:
 209.85.212.43 origin_rdns: mail-vw0-f43.google.com auth: (unknown)
 encryption: TLS
 2011-04-28 12:24:15.335562500 spamdyke[11358]: TIMEOUT from:
 ...@adaxa.com to: ...@bravosystemstech.net origin_ip:
 209.85.212.43 origin_rdns: mail-vw0-f43.google.com auth: (unknown)
 encryption: TLS reason: TIMEOUT


 On the particular server that's having this trouble, I'm running
 spamdyke
 4.1.0.

 It appears from the above that this trouble was discovered after the
 release of the current 4.2.0 version (release Feb 11) of spamdyke.

 Does anyone know if this also affects version 4.1.0, and if so, how to
 bypass this without compromising security until a corrective update is
 released?

 It's definitely not affecting the 4.0.10 version of spamdyke that I have
 running on another qmailtoaster server as the mx lookups for the above
 domain are having no trouble there.

 Thanks,

 I've commented out that rule for the time being. I think that chkuser
 checks this as well, so it's not really a concern.

 --
 -Eric 'shubes'



Eric,

Yes, I did that on the server running Spamdyke 4.1.0, and then I started
getting the error only on gmail multihomed mx hosts (probably others too,
although I saw them only from gmail connections while tailing the log):

spamdyke[28535]: ERROR: unable to read from SSL/TLS stream: The operation
failed due to an I/O error, Unexpected EOF found

There was supposedly a fix in 4.1.0 to correct for the above message NOT
being generated in the logs:

http://permalink.gmane.org/gmane.mail.spam.spamdyke.user/2918

Now, since my server platforms are all the same, I reverted the 4.1.0
binary on this particular server to 4.0.10 (copied from another server)
with reject-missing-sender-mx enabled, and then the process does seem to
properly resolve these mxes, and also does seem to exit fine on it's own,
despite what's indicated above. Hard to tell, as there is delay in the
process exiting, which may indicate that there is an error message not
being displayed. 

At any rate, it seems that there are multiple overlapping problems with
the both the 4.2.0 and 4.1.0 releases that may also be dependent on what
features one has turned on or off, although I can't quite pin down exactly
what's going on. Hopefully this will all get cleared up in the next
release.

Will stick with 4.0.10 for now.

Thanks!
Tim



-- 
Tim Pleiman
Bravo Systems Technologies
Advanced Open Source Solutions for Business
Chicago, IL USA


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] SpamAssassin Y2K10 bug

2010-01-03 Thread Tim Pleiman

The offending rule:

FH_DATE_PAST_20XX

is in:

/usr/share/spamassassin/72_active.cf

and is scored by:

/usr/share/spamassassin/50_scores.cf

I would just remove the the rules and scores in these files, in addition
to modifying your local.cf file to prevent future incarnations.

There is some bit of controversy as to the rule existing at all and the
fact that even though it was supposedly corrected 5 months ago, it was not
pushed out to the installations or most update processes.

Based on the fact that it wasn't killed ages ago, who knows whether or not
it'll slip back in again?

Tim

On Mon, January 4, 2010 12:50 am, Helmut Fritz wrote:
 What was the offending rule, and was it removed by the update or just
 changed?  I ran sa-update, but am not sure what it changed.  Thx.

 Helmut

 -Original Message-
 From: Lucian Cristian [mailto:l...@createc.ro]
 Sent: Sunday, January 03, 2010 10:36 PM
 To: qmailtoaster-list@qmailtoaster.com
 Subject: Re: [qmailtoaster] SpamAssassin Y2K10 bug

 Jake Vickers wrote:
 Eric Shubert wrote:
 This was posted this afternoon on the vpopmail list:

 Tom Collins wrote:
 If you're running SpamAssassin, be aware that it has a rule that's
 adding points to all mail with a 2010 date.

 You can fix it by adding the following to your local.cf and
 restarting spamassassin.

 scoreFH_DATE_PAST_20XX0.0

 See https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6269
 for details.

 -Tom

 Can we perhaps come up with a better fix?

 In the meantime, I'd suggest making this change, then running #
 qmail-spam restart


 Thanks for posting that Eric. I didn't see the announcement until
 today - I actually saw your post first.
 Anyway, as an FYI, updating your rules via sa-update should resolve
 this (can anyone confirm?):

 Subject: Apache SpamAssassin Y2K10 Rule Bug - Update Your Rules Now!
 From: Daryl C. W. O'Shea spamassas...@dostech.ca
 Date: Sat, 02 Jan 2010 02:38:13 -0500

 I've posted the following note on the Apache SpamAssassin website [1]
 about an issue with a rule that may cause wanted email to be
 classified as spam by SpamAssassin.  If you're running SpamAssassin
 3.2.x you are encouraged to update you rules (updates were released on
 sa-update around 1900 UTC Jan 1, 2010).

 Y2K10 Rule Bug - Update Your Rules Now!



 --
 ---

 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
 installations.
  If you need professional help with your setup, contact them today!
 --
 ---

 Please visit qmailtoaster.com for the latest news, updates, and
 packages.
  To unsubscribe, e-mail:
 qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail:
 qmailtoaster-list-h...@qmailtoaster.com


 sa-update should work, for me it did

 Happy new year !
 Lucian

 
 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
 Vickers Consulting Group offers Qmailtoaster support and
 installations.
   If you need professional help with your setup, contact them today!
 
 -
  Please visit qmailtoaster.com for the latest news, updates, and
 packages.

   To unsubscribe, e-mail:
 qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
 qmailtoaster-list-h...@qmailtoaster.com




 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
 Vickers Consulting Group offers Qmailtoaster support and
 installations.
   If you need professional help with your setup, contact them today!
 -
  Please visit qmailtoaster.com for the latest news, updates, and
 packages.

   To unsubscribe, e-mail:
 qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
 qmailtoaster-list-h...@qmailtoaster.com





-- 
Tim Pleiman
Bravo Systems Technologies
Advanced Open Source Solutions for Business
Chicago, IL USA


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

[qmailtoaster] The Brilliant SA Y210K bugfix...NOT!

2010-01-03 Thread Tim Pleiman

This is the fix that was pushed out...

From this:

##{ FH_DATE_PAST_20XX
header   FH_DATE_PAST_20XX  Date =~ /20[1-9][0-9]/ [if-unset: 2006]
describe FH_DATE_PAST_20XX  The date is grossly in the future.
##} FH_DATE_PAST_20XX

To this:

##{ FH_DATE_PAST_20XX
header   FH_DATE_PAST_20XX  Date =~ /20[2-9][0-9]/ [if-unset: 2006]
describe FH_DATE_PAST_20XX  The date is grossly in the future.
##} FH_DATE_PAST_20XX

It's a very badly written rule.

Tim
-- 
Tim Pleiman
Bravo Systems Technologies
Advanced Open Source Solutions for Business
Chicago, IL USA


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] Thank You!

2009-08-19 Thread Tim Pleiman

Jake, Eric,

I just want to offer a big round of thanks for such an excellent Qmail
compilation. I've got it up and running now on two production servers and
it has been flawless.

Also, Jake, is there a not-for-profit Open Source project that you would
like me to donate to on your behalf? As a measure of my gratitude for the
excellence of compiling and maintaining this qmail distribution, I would
like to send a donation to them. My consulting practice services many
non-profit organizations at discount as well as donated capacities, so I
like to support those things which do good for community. Contact me
directly, please.

Aditionally, is the EZMLM digest option for this list turned on? I'm
finding it difficult to keep up with all the individual e-mail posts in my
inbox.

Thanks!
Tim
-- 
Tim Pleiman
Bravo Systems Technologies
Advanced Open Source Solutions for Business
Chicago, IL USA


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] Spamdyke logging with QMT integration

2009-07-27 Thread Tim Pleiman

Hi all,

Presumably, if I want to capture a spamdyke log, I would modify the
following in the /var/run/qmail/supervise/run file (which with spamdyke
installed with QMT is a symlink to run.spamdyke, so I would modify
run.spamdyke):

SPAMDYKE=/usr/local/bin/spamdyke

to be

SPAMDYKE=/usr/local/bin/spamdyke -lverbose

or SPAMDYKE=/usr/local/bin/spamdyke --log-level=verbose

Is this correct?

If so, where do the logs go? Do they go to a default location? Or must
that be specified? If it must be specified, is the log location to be
added after -lverbose or --log-level=verbose as in:

SPAMDYKE=/usr/local/bin/spamdyke -lverbose /var/log/spamdyke.log

I'm not clear from the documentation at spamdyke.org as they simply
indicate the following:

/usr/local/bin/spamdyke --log-level=verbose ...

The 3 dots being something that I'm not clear on as to what else should
be placed there.

Thanks,
Tim

-- 
Tim Pleiman
Bravo Systems Technologies
Advanced Open Source Solutions for Business
Chicago, IL USA


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Spamdyke logging with QMT integration

2009-07-27 Thread Tim Pleiman

Actually,

I missed it. It's earlier in the documentation at spamdyke.org where the
logs typically go:

When spamdyke logs to syslog, it uses the LOG_MAIL facility, which
typically puts the messages in /var/log/maillog.

So, presuming this is true, so I presume that adding the logging options
to the SPAMDYKE line in run.spamdyke file will then log spamdyke
messages to /var/log/maillog?

Everything correct? Will try.

Thanks,
Tim

On Mon, July 27, 2009 11:35 am, Tim Pleiman wrote:
 Hi all,

 Presumably, if I want to capture a spamdyke log, I would modify the
 following in the /var/run/qmail/supervise/run file (which with spamdyke
 installed with QMT is a symlink to run.spamdyke, so I would modify
 run.spamdyke):

 SPAMDYKE=/usr/local/bin/spamdyke

 to be

 SPAMDYKE=/usr/local/bin/spamdyke -lverbose

 or SPAMDYKE=/usr/local/bin/spamdyke --log-level=verbose

 Is this correct?

 If so, where do the logs go? Do they go to a default location? Or must
 that be specified? If it must be specified, is the log location to be
 added after -lverbose or --log-level=verbose as in:

 SPAMDYKE=/usr/local/bin/spamdyke -lverbose /var/log/spamdyke.log

 I'm not clear from the documentation at spamdyke.org as they simply
 indicate the following:

 /usr/local/bin/spamdyke --log-level=verbose ...

 The 3 dots being something that I'm not clear on as to what else should
 be placed there.

 Thanks,
 Tim

 --
 Tim Pleiman
 Bravo Systems Technologies
 Advanced Open Source Solutions for Business
 Chicago, IL USA


 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
 Vickers Consulting Group offers Qmailtoaster support and
 installations.
   If you need professional help with your setup, contact them today!
 -
  Please visit qmailtoaster.com for the latest news, updates, and
 packages.

   To unsubscribe, e-mail:
 qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
 qmailtoaster-list-h...@qmailtoaster.com





-- 
Tim Pleiman
Bravo Systems Technologies
Advanced Open Source Solutions for Business
Chicago, IL USA


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] Does not default to maillog Re: [qmailtoaster] Spamdyke logging with QMT integration

2009-07-27 Thread Tim Pleiman

Ok,

So, tested and cannot get spamdyke logs to work (or they're going some
other place that I can't find or into nothing):

SPAMDYKE=/usr/local/bin/spamdyke -lverbose
SPAMDYKE=/usr/local/bin/spamdyke --log-level=verbose
SPAMDYKE=/usr/local/bin/spamdyke -ldebug
SPAMDYKE=/usr/local/bin/spamdyke --log-level=debug

Should be going into maillog as the default.

Must be something I'm missing. Must something be done differently/peculiar
to the QMT integration to get these logs?

There are spamdyke entries being captured in the
/var/log/qmail/send/current file, but no matter what I do with the
loglevel specifcation on the spamdyke line, it doesn't output them to
maillog on its own and it doesn't increase the level of logging in
/var/log/qmail/send/current

Would like to get those more detailed logs from spamdyke.

Any ideas?

Thanks,
Tim


On Mon, July 27, 2009 11:55 am, Tim Pleiman wrote:
 Actually,

 I missed it. It's earlier in the documentation at spamdyke.org where the
 logs typically go:

 When spamdyke logs to syslog, it uses the LOG_MAIL facility, which
 typically puts the messages in /var/log/maillog.

 So, presuming this is true, so I presume that adding the logging options
 to the SPAMDYKE line in run.spamdyke file will then log spamdyke
 messages to /var/log/maillog?

 Everything correct? Will try.

 Thanks,
 Tim

 On Mon, July 27, 2009 11:35 am, Tim Pleiman wrote:
 Hi all,

 Presumably, if I want to capture a spamdyke log, I would modify the
 following in the /var/run/qmail/supervise/run file (which with spamdyke
 installed with QMT is a symlink to run.spamdyke, so I would modify
 run.spamdyke):

 SPAMDYKE=/usr/local/bin/spamdyke

 to be

 SPAMDYKE=/usr/local/bin/spamdyke -lverbose

 or SPAMDYKE=/usr/local/bin/spamdyke --log-level=verbose

 Is this correct?

 If so, where do the logs go? Do they go to a default location? Or must
 that be specified? If it must be specified, is the log location to be
 added after -lverbose or --log-level=verbose as in:

 SPAMDYKE=/usr/local/bin/spamdyke -lverbose /var/log/spamdyke.log

 I'm not clear from the documentation at spamdyke.org as they simply
 indicate the following:

 /usr/local/bin/spamdyke --log-level=verbose ...

 The 3 dots being something that I'm not clear on as to what else
 should
 be placed there.

 Thanks,
 Tim

 --
 Tim Pleiman
 Bravo Systems Technologies
 Advanced Open Source Solutions for Business
 Chicago, IL USA


 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
 Vickers Consulting Group offers Qmailtoaster support and
 installations.
   If you need professional help with your setup, contact them today!
 -
  Please visit qmailtoaster.com for the latest news, updates, and
 packages.

   To unsubscribe, e-mail:
 qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
 qmailtoaster-list-h...@qmailtoaster.com





 --
 Tim Pleiman
 Bravo Systems Technologies
 Advanced Open Source Solutions for Business
 Chicago, IL USA


 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
 Vickers Consulting Group offers Qmailtoaster support and
 installations.
   If you need professional help with your setup, contact them today!
 -
  Please visit qmailtoaster.com for the latest news, updates, and
 packages.

   To unsubscribe, e-mail:
 qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
 qmailtoaster-list-h...@qmailtoaster.com





-- 
Tim Pleiman
Bravo Systems Technologies
Advanced Open Source Solutions for Business
Chicago, IL USA


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Does not default to maillog Re: [qmailtoaster] Spamdyke logging with QMT integration

2009-07-27 Thread Tim Pleiman

Sorry,

Correction to typo on my previous notes:

There are spamdyke entries being captured in the
/var/log/qmail/send/current

to

There are spamdyke entries being capture in the
/var/log/qmail/smtp/current file.


tim

On Mon, July 27, 2009 12:15 pm, Tim Pleiman wrote:
 Ok,

 So, tested and cannot get spamdyke logs to work (or they're going some
 other place that I can't find or into nothing):

 SPAMDYKE=/usr/local/bin/spamdyke -lverbose
 SPAMDYKE=/usr/local/bin/spamdyke --log-level=verbose
 SPAMDYKE=/usr/local/bin/spamdyke -ldebug
 SPAMDYKE=/usr/local/bin/spamdyke --log-level=debug

 Should be going into maillog as the default.

 Must be something I'm missing. Must something be done differently/peculiar
 to the QMT integration to get these logs?

 There are spamdyke entries being captured in the
 /var/log/qmail/send/current file, but no matter what I do with the
 loglevel specifcation on the spamdyke line, it doesn't output them to
 maillog on its own and it doesn't increase the level of logging in
 /var/log/qmail/send/current

 Would like to get those more detailed logs from spamdyke.

 Any ideas?

 Thanks,
 Tim


 On Mon, July 27, 2009 11:55 am, Tim Pleiman wrote:
 Actually,

 I missed it. It's earlier in the documentation at spamdyke.org where the
 logs typically go:

 When spamdyke logs to syslog, it uses the LOG_MAIL facility, which
 typically puts the messages in /var/log/maillog.

 So, presuming this is true, so I presume that adding the logging options
 to the SPAMDYKE line in run.spamdyke file will then log spamdyke
 messages to /var/log/maillog?

 Everything correct? Will try.

 Thanks,
 Tim

 On Mon, July 27, 2009 11:35 am, Tim Pleiman wrote:
 Hi all,

 Presumably, if I want to capture a spamdyke log, I would modify the
 following in the /var/run/qmail/supervise/run file (which with spamdyke
 installed with QMT is a symlink to run.spamdyke, so I would modify
 run.spamdyke):

 SPAMDYKE=/usr/local/bin/spamdyke

 to be

 SPAMDYKE=/usr/local/bin/spamdyke -lverbose

 or SPAMDYKE=/usr/local/bin/spamdyke --log-level=verbose

 Is this correct?

 If so, where do the logs go? Do they go to a default location? Or must
 that be specified? If it must be specified, is the log location to be
 added after -lverbose or --log-level=verbose as in:

 SPAMDYKE=/usr/local/bin/spamdyke -lverbose /var/log/spamdyke.log

 I'm not clear from the documentation at spamdyke.org as they simply
 indicate the following:

 /usr/local/bin/spamdyke --log-level=verbose ...

 The 3 dots being something that I'm not clear on as to what else
 should
 be placed there.

 Thanks,
 Tim

 --
 Tim Pleiman
 Bravo Systems Technologies
 Advanced Open Source Solutions for Business
 Chicago, IL USA


 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
 Vickers Consulting Group offers Qmailtoaster support and
 installations.
   If you need professional help with your setup, contact them
 today!
 -
  Please visit qmailtoaster.com for the latest news, updates, and
 packages.

   To unsubscribe, e-mail:
 qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
 qmailtoaster-list-h...@qmailtoaster.com





 --
 Tim Pleiman
 Bravo Systems Technologies
 Advanced Open Source Solutions for Business
 Chicago, IL USA


 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
 Vickers Consulting Group offers Qmailtoaster support and
 installations.
   If you need professional help with your setup, contact them today!
 -
  Please visit qmailtoaster.com for the latest news, updates, and
 packages.

   To unsubscribe, e-mail:
 qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
 qmailtoaster-list-h...@qmailtoaster.com





 --
 Tim Pleiman
 Bravo Systems Technologies
 Advanced Open Source Solutions for Business
 Chicago, IL USA


 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
 Vickers Consulting Group offers Qmailtoaster support and
 installations.
   If you need professional help with your setup, contact them today!
 -
  Please visit qmailtoaster.com for the latest news, updates, and
 packages.

   To unsubscribe, e-mail:
 qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
 qmailtoaster-list-h...@qmailtoaster.com





-- 
Tim Pleiman
Bravo Systems Technologies
Advanced Open Source Solutions for Business
Chicago, IL USA

[qmailtoaster] Never mindRe: [qmailtoaster] Does not default to maillog Re: [qmailtoaster] Spamdyke logging with QMT integration

2009-07-27 Thread Tim Pleiman

Log levels increase in the /var/log/qmail/smtp/ logs when you modify the
setting in the spamdyke.conf file:

log-level=verbose

and then

log-target=stderr

stderr being the /var/log/qmail/smtp/ default in QMT

So, I've answered my own question.

So, I guess that means that if there is any entry for the log level and
location in spamdyke.conf, then that overrides any entry on the spamdyke
command line in the run file.

Thanks,
Tim


On Mon, July 27, 2009 12:19 pm, Tim Pleiman wrote:
 Sorry,

 Correction to typo on my previous notes:

 There are spamdyke entries being captured in the
 /var/log/qmail/send/current

 to

 There are spamdyke entries being capture in the
 /var/log/qmail/smtp/current file.


 tim

 On Mon, July 27, 2009 12:15 pm, Tim Pleiman wrote:
 Ok,

 So, tested and cannot get spamdyke logs to work (or they're going some
 other place that I can't find or into nothing):

 SPAMDYKE=/usr/local/bin/spamdyke -lverbose
 SPAMDYKE=/usr/local/bin/spamdyke --log-level=verbose
 SPAMDYKE=/usr/local/bin/spamdyke -ldebug
 SPAMDYKE=/usr/local/bin/spamdyke --log-level=debug

 Should be going into maillog as the default.

 Must be something I'm missing. Must something be done
 differently/peculiar
 to the QMT integration to get these logs?

 There are spamdyke entries being captured in the
 /var/log/qmail/send/current file, but no matter what I do with the
 loglevel specifcation on the spamdyke line, it doesn't output them to
 maillog on its own and it doesn't increase the level of logging in
 /var/log/qmail/send/current

 Would like to get those more detailed logs from spamdyke.

 Any ideas?

 Thanks,
 Tim


 On Mon, July 27, 2009 11:55 am, Tim Pleiman wrote:
 Actually,

 I missed it. It's earlier in the documentation at spamdyke.org where
 the
 logs typically go:

 When spamdyke logs to syslog, it uses the LOG_MAIL facility, which
 typically puts the messages in /var/log/maillog.

 So, presuming this is true, so I presume that adding the logging
 options
 to the SPAMDYKE line in run.spamdyke file will then log spamdyke
 messages to /var/log/maillog?

 Everything correct? Will try.

 Thanks,
 Tim

 On Mon, July 27, 2009 11:35 am, Tim Pleiman wrote:
 Hi all,

 Presumably, if I want to capture a spamdyke log, I would modify the
 following in the /var/run/qmail/supervise/run file (which with
 spamdyke
 installed with QMT is a symlink to run.spamdyke, so I would modify
 run.spamdyke):

 SPAMDYKE=/usr/local/bin/spamdyke

 to be

 SPAMDYKE=/usr/local/bin/spamdyke -lverbose

 or SPAMDYKE=/usr/local/bin/spamdyke --log-level=verbose

 Is this correct?

 If so, where do the logs go? Do they go to a default location? Or must
 that be specified? If it must be specified, is the log location to be
 added after -lverbose or --log-level=verbose as in:

 SPAMDYKE=/usr/local/bin/spamdyke -lverbose /var/log/spamdyke.log

 I'm not clear from the documentation at spamdyke.org as they simply
 indicate the following:

 /usr/local/bin/spamdyke --log-level=verbose ...

 The 3 dots being something that I'm not clear on as to what else
 should
 be placed there.

 Thanks,
 Tim

 --
 Tim Pleiman
 Bravo Systems Technologies
 Advanced Open Source Solutions for Business
 Chicago, IL USA


 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
 Vickers Consulting Group offers Qmailtoaster support and
 installations.
   If you need professional help with your setup, contact them
 today!
 -
  Please visit qmailtoaster.com for the latest news, updates, and
 packages.

   To unsubscribe, e-mail:
 qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
 qmailtoaster-list-h...@qmailtoaster.com





 --
 Tim Pleiman
 Bravo Systems Technologies
 Advanced Open Source Solutions for Business
 Chicago, IL USA


 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
 Vickers Consulting Group offers Qmailtoaster support and
 installations.
   If you need professional help with your setup, contact them
 today!
 -
  Please visit qmailtoaster.com for the latest news, updates, and
 packages.

   To unsubscribe, e-mail:
 qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
 qmailtoaster-list-h...@qmailtoaster.com





 --
 Tim Pleiman
 Bravo Systems Technologies
 Advanced Open Source Solutions for Business
 Chicago, IL USA


 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
 Vickers Consulting Group offers Qmailtoaster support and
 installations.
   If you need

[qmailtoaster] Squirrelmail plugins page down...anyone heard how long?

2009-07-15 Thread Tim Pleiman

Hi all,

I've checked for the past several days now at Squirrelmail.org so I can
get the latest versions of plugins that I want, and this is what is on the
plugins page:

http://www.squirrelmail.org/plugins.php

Plugins

The plugin system is currently unavailable whilst we investigate a
possible server compromise.

Driving me nuts. Anyone heard anything about when this might be back up?
I'm thinking there must be a mirror somewhere else. Anyone have that URL?

Thanks,
Tim
-- 
Tim Pleiman
Bravo Systems Technologies
Advanced Open Source Solutions for Business
Chicago, IL USA


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Squirrelmail plugins page down...anyone heard how long?

2009-07-15 Thread Tim Pleiman


On Wed, July 15, 2009 6:50 pm, Jake Vickers wrote:
 Tim Pleiman wrote:
 Hi all,

 I've checked for the past several days now at Squirrelmail.org so I can
 get the latest versions of plugins that I want, and this is what is on
 the
 plugins page:

 http://www.squirrelmail.org/plugins.php

 Plugins

 The plugin system is currently unavailable whilst we investigate a
 possible server compromise.

 Driving me nuts. Anyone heard anything about when this might be back up?
 I'm thinking there must be a mirror somewhere else. Anyone have that
 URL?

 Thanks,
 Tim


 They have no announced date other than when it's done before it will
 be back. The major plugins are also located on the SF page
 (http://sourceforge.net/projects/sm-plugins/files/) and the rest can be
 found by googling (usually source from BSD ports).

Yeah, I found some of the BSD listings and checked the sourceforge page.
But, I was hoping to find some of the descriptive information without
downloading everything just to read the readmes, maybe add some new ones
that weren't easily installable/compatible on my old servers.

Couldn't find everything. But, I migrated the ones from my old QMR
installs and they are almost all working, including html_mail (which I
hate, but certain users insist upon). I'll just have to wait to add
additionals and update the versions on existings later.

The plugin page at squirrelmail.org has been down since June 19th
though--a bit disconcerting.

Thanks again,
Tim


-- 
Tim Pleiman
Bravo Systems Technologies
Advanced Open Source Solutions for Business
Chicago, IL USA


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Missing HELO identifier--Resolved

2009-07-14 Thread Tim Pleiman


On Tue, July 14, 2009 11:07 am, Eric Shubert wrote:
 Tim Pleiman wrote:
 On Mon, July 13, 2009 6:12 pm, Eric Shubert wrote:
 Aleksander Podsiadly wrote:
 W dniu 13.07.2009 22:16, Tim Pleiman pisze:
 /var/qmail/control/me contains the primary server mail domain name,
 e.g:
 mail.servername.org

 Tim

 It should be the same as result of `hostname`, just the servername.
 Not
 ,,mail.servername.org'' but FQDN servername with all dots. Not the
 value of CNAME, but the name from record A, the same as the name from
 PTR record. IMO it's the best, clear and proper configuration.

 My toaster has the fqdn value in there, but I can't say for sure where
 it comes from.

 I can say that it does not come from `hostname --fqdn` (although I
 agree
 with Alex that this is the value it should reflect).

 Oh, here it is. Looks like it comes from the
 /var/qmail/control/helohost
 file. (Duh) http://wiki.qmailtoaster.com/index.php/Helohost

 --
 -Eric 'shubes'

 Yes it does. However, helohost defaults to me if not specified in
 the
 control files. And, it should pick up me as I have it specified, but
 it
 does not (I also tried specifying helohost in addition to the correct
 me--everything with the same name). In the case of localhost sends (as
 in
 this case from Squirrelmail), I believe it should ideally pick up the
 virtual domain that it is sent from in vpopmail, which would be
 testdomain.com at this stage.

 Again, it only happens in the second stage of the header during a
 localhost send process. All the other HELOs are correct. Upon endless
 adjustments, I think it may be coming from the CHKUSER patch. I did
 manage
 to get the unknown portion of the HELO changed to say localhost
 instead by removing the -H option from tcpserver. So now I get:

 from localhost (HELO ?xx.xxx.xxx.xxx?) (127.0.0.1)

 from unknown (HELO ?xx.xxx.xxx.xxx?) (127.0.0.1)

 The unknown goes away, and once this is changed, the smtp daemon logs
 also reflect the change, referring also to localhost instead of
 unknown:

 2009-07-13 22:17:19.156287500 tcpserver: pid 6969 from 127.0.0.1
 2009-07-13 22:17:19.156819500 tcpserver: ok 6969
 mail.servername.org:127.0.0.1:25 localhost:127.0.0.1::43932
 2009-07-13 22:17:19.162423500 CHKUSER accepted sender: from
 postmas...@testdomain.com:: remote
 [xx.xxx.xxx.xxx]:localhost:127.0.0.1 rcpt  : sender accepted
 2009-07-13 22:17:19.234600500 CHKUSER relaying rcpt: from
 postmas...@testdomain.com:: remote
 [xx.xxx.xxx.xxx]:localhost:127.0.0.1 rcpt tpleiman@domainname.net
 :
 client allowed to relay

 INSTEAD OF:

 2009-07-10 17:18:30.502954500 tcpserver: pid 32023 from 127.0.0.1
 2009-07-10 17:18:30.503012500 tcpserver: ok 32023
 mail.servername.org:127.0.0.1:25 :127.0.0.1::41168
 2009-07-10 17:18:30.638742500 CHKUSER accepted sender: from
 postmas...@testdomain.com:: remote
 [xx.xxx.xxx.xxx]:unknown:127.0.0.1
 rcpt  : sender accepted
 2009-07-10 17:18:30.679559500 CHKUSER relaying rcpt: from
 postmas...@testdomain.com:: remote
 [xx.xxx.xxx.xxx]:unknown:127.0.0.1
 rcpt tpleiman@domainname.net : client allowed to relay

 I believe HELOs typically should be picked up from the static
 configuration files in /var/qmail/control and I can't figure out for the
 life of me where (chkuser?) is pulling this HELO name from when it is a
 simple localhost send from the same box--e.g. remote and localhost are
 the SAME machine, and why it won't at least just pick up the helohost
 or
 me from the control files.

 At any rate, everything else is working fine. Incomings are are all
 processing great, and I don't think this is that big of a deal as server
 to server communications and HELOs are correct, but it would be nice to
 clean this up so the headers on outbound sends are correct during this
 internal localhost transaction process for localhost sends from
 SquirrelMail.

 Am I just missing something really stupid here?

 Thanks again!

 You're all over the solution. The only ones that are messed up are the
 ones from squirrelmail, so don't you think it's likely that squirrelmail
 is where the solution lies? ;)

 I don't have your solution, but I can point you in the right direction.

 I just ran a test, and on my system it appears that the (HELO
 mail.shubes.net) is indeed coming from squirrelmail somehow. The only
 place I have mail.shubes.net specified is in the url I used for
 accessing squirrelmail. So I tried accessing squirrelmail with
 test.shubes.net, and indeed I get (HELO test.shubes.net).

 Now I admit that I've tweaked my config_local.php file from the stock
 values, mainly because I'm running dovecot in place of courier. I didn't
 see anything there that I thought would effect this behavior though.

 So do some digging into SM, and I think you'll find the solution.

 --
 -Eric 'shubes'

Eric,

Indeed, that's exactly what's going on here. It seems that particular HELO
is being picked up from the actual URL domain that you use for login. So,
if you login via IP address, that's what you get in the HELO

[qmailtoaster] rhost-check in conjunction with rblsmtpd?

2009-07-14 Thread Tim Pleiman

Hi all,

Is/has anyone here used rhost_check in conjunction rblsmtpd and QMT to do
rDNS lookups on remote hosts for spam filtering?

http://www.zentus.com/rhost-check.html

I've always compiled this useful tool into my QMR installs in the past to
do non-paranoid (-p) tcpserver lookups of the rDNS status of connecting
hosts. I always place this lookup immediately prior to all other checks to
verify that the connecting server at least HAS some sort of PTR record. It
cuts off spam immediately without any other conditions first and avoids
hammering the RBLs unnecessarily.

It's worked fine with RH9 and EL3. Was wondering if anyone has compiled
and installed it on more recent versions of EL--specifically CentOS
5.3-x64. Does the code works with more recent linux releases and x64
versions?

Also, in case I'm missing something here and wasting my time, the current
CHKUSER isn't doing any rDNS PTR lookups for connection
verification/rejection, is it?

Thanks!
-- 
Tim Pleiman
Bravo Systems Technologies
Advanced Open Source Solutions for Business
Chicago, IL USA


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] and on Spamdyke (Missing HELO identifier--Resolved)

2009-07-14 Thread Tim Pleiman


On Tue, July 14, 2009 5:25 pm, Eric Shubert wrote:
 Tim Pleiman wrote:
 On Tue, July 14, 2009 11:07 am, Eric Shubert wrote:
 Tim Pleiman wrote:
 On Mon, July 13, 2009 6:12 pm, Eric Shubert wrote:
 Aleksander Podsiadly wrote:
 W dniu 13.07.2009 22:16, Tim Pleiman pisze:
 /var/qmail/control/me contains the primary server mail domain name,
 e.g:
 mail.servername.org

 Tim

 It should be the same as result of `hostname`, just the servername.
 Not
 ,,mail.servername.org'' but FQDN servername with all dots. Not the
 value of CNAME, but the name from record A, the same as the name
 from
 PTR record. IMO it's the best, clear and proper configuration.

 My toaster has the fqdn value in there, but I can't say for sure
 where
 it comes from.

 I can say that it does not come from `hostname --fqdn` (although I
 agree
 with Alex that this is the value it should reflect).

 Oh, here it is. Looks like it comes from the
 /var/qmail/control/helohost
 file. (Duh) http://wiki.qmailtoaster.com/index.php/Helohost

 --
 -Eric 'shubes'
 Yes it does. However, helohost defaults to me if not specified in
 the
 control files. And, it should pick up me as I have it specified, but
 it
 does not (I also tried specifying helohost in addition to the correct
 me--everything with the same name). In the case of localhost sends (as
 in
 this case from Squirrelmail), I believe it should ideally pick up the
 virtual domain that it is sent from in vpopmail, which would be
 testdomain.com at this stage.

 Again, it only happens in the second stage of the header during a
 localhost send process. All the other HELOs are correct. Upon endless
 adjustments, I think it may be coming from the CHKUSER patch. I did
 manage
 to get the unknown portion of the HELO changed to say localhost
 instead by removing the -H option from tcpserver. So now I get:

 from localhost (HELO ?xx.xxx.xxx.xxx?) (127.0.0.1)

 from unknown (HELO ?xx.xxx.xxx.xxx?) (127.0.0.1)

 The unknown goes away, and once this is changed, the smtp daemon
 logs
 also reflect the change, referring also to localhost instead of
 unknown:

 2009-07-13 22:17:19.156287500 tcpserver: pid 6969 from 127.0.0.1
 2009-07-13 22:17:19.156819500 tcpserver: ok 6969
 mail.servername.org:127.0.0.1:25 localhost:127.0.0.1::43932
 2009-07-13 22:17:19.162423500 CHKUSER accepted sender: from
 postmas...@testdomain.com:: remote
 [xx.xxx.xxx.xxx]:localhost:127.0.0.1 rcpt  : sender accepted
 2009-07-13 22:17:19.234600500 CHKUSER relaying rcpt: from
 postmas...@testdomain.com:: remote
 [xx.xxx.xxx.xxx]:localhost:127.0.0.1 rcpt
 tpleiman@domainname.net
 :
 client allowed to relay

 INSTEAD OF:

 2009-07-10 17:18:30.502954500 tcpserver: pid 32023 from 127.0.0.1
 2009-07-10 17:18:30.503012500 tcpserver: ok 32023
 mail.servername.org:127.0.0.1:25 :127.0.0.1::41168
 2009-07-10 17:18:30.638742500 CHKUSER accepted sender: from
 postmas...@testdomain.com:: remote
 [xx.xxx.xxx.xxx]:unknown:127.0.0.1
 rcpt  : sender accepted
 2009-07-10 17:18:30.679559500 CHKUSER relaying rcpt: from
 postmas...@testdomain.com:: remote
 [xx.xxx.xxx.xxx]:unknown:127.0.0.1
 rcpt tpleiman@domainname.net : client allowed to relay

 I believe HELOs typically should be picked up from the static
 configuration files in /var/qmail/control and I can't figure out for
 the
 life of me where (chkuser?) is pulling this HELO name from when it is
 a
 simple localhost send from the same box--e.g. remote and localhost
 are
 the SAME machine, and why it won't at least just pick up the
 helohost
 or
 me from the control files.

 At any rate, everything else is working fine. Incomings are are all
 processing great, and I don't think this is that big of a deal as
 server
 to server communications and HELOs are correct, but it would be nice
 to
 clean this up so the headers on outbound sends are correct during this
 internal localhost transaction process for localhost sends from
 SquirrelMail.

 Am I just missing something really stupid here?

 Thanks again!
 You're all over the solution. The only ones that are messed up are the
 ones from squirrelmail, so don't you think it's likely that
 squirrelmail
 is where the solution lies? ;)

 I don't have your solution, but I can point you in the right direction.

 I just ran a test, and on my system it appears that the (HELO
 mail.shubes.net) is indeed coming from squirrelmail somehow. The only
 place I have mail.shubes.net specified is in the url I used for
 accessing squirrelmail. So I tried accessing squirrelmail with
 test.shubes.net, and indeed I get (HELO test.shubes.net).

 Now I admit that I've tweaked my config_local.php file from the stock
 values, mainly because I'm running dovecot in place of courier. I
 didn't
 see anything there that I thought would effect this behavior though.

 So do some digging into SM, and I think you'll find the solution.

 --
 -Eric 'shubes'

 Eric,

 Indeed, that's exactly what's going on here. It seems that particular
 HELO
 is being picked up from the actual URL domain that you

Re: [qmailtoaster] how to control infected users

2009-07-14 Thread Tim Pleiman


On Tue, July 14, 2009 7:21 am, Lucian Cristian wrote:
 Karpaha Vinayaham wrote:
 Dear All

  One of my user machine was infected by a virus and it start
 sending lots of spam mails.  As the user was using smtp-auth my server
 accepted the mail.
  Because of this my server IP is blacklisted, after diagnosing i
 have blocked the infected machine IP through iptable and scanned for
 virus.

 Now the problem is solved, but i wanted to know how to control this
 behaviour.

 With Regards
  Vinay


 
 Love Cricket? Check out live scores, photos, video highlights and
 more. Click here
 http://in.rd.yahoo.com/tagline_cricket_2/*http://cricket.yahoo.com.
 I don't know any trojan that can use auth sistem to send emails,
 classical way is to send mails using it's own server, so blocking
 destination port 25 for the inside clients should solve the problem, but
 if there is an aplication that sends mails using auth sistem then we are
 all doomed :D

 Regards
 Lucian


Sounds from your description here like you were routing forwarding LAN
traffic through the same IP address (same server perhaps) that is hosting
your mail. The spam zombie probably wasn't routing via your mail server
itself, rather just your IP address interface (on the same machine or
otherwise). Spam zombied machines generally send spam directly. In this
case, you can either do as Lucian suggests and ban outbound port 25 to
forwarding in IPTABLES, or, better yet if possible, route your LAN traffic
through a different IP address/interface/server.

Also, as I presume the machines on your LAN are Windows machines. Make
sure to lock down your client workstations tightly in a controlled manner.
If running in a Windows Workgroup, make sure users only have Restricted
User (User Group) accounts on a machine by machine basis. If on a Samba
domain or Active Directory Domain, also make sure all users are granted
only User Group permissions on the Domain. This will help to ensure that
users are are not as easily infected in the first place. Unfortunately, in
some cases, users must be granted certain slightly elevated permissions on
machines for certain software applications to run properly (e.g. Standard
User (Power Group). Quickbooks is a notable example of such a
badly-designed application. Users in the Power Group can get infected.

Also, make sure you are continually educating/informing your users as to
network policies/procedures. Users should not open e-mails from untrusted
sources, and should never follow links in such emails, and should never
follow links in casual e-mails from friends that they receive at the
workplace. Use of 3rd party e-mail providers (webmail, et.al), over which
you have no control should be discouraged. If a machine shows signs of
infection (XP antivirus or other similar bots), users should be educated
to unplug the network cable immediately from the wall and contact support.
Leave the machine running, and rebooting can cause the infection to become
more deeply embedded in the windows registry and/or system32 directory.

Anti-virus software on individual machines is proving less and less
effective in stopping infection, as the time from virus reporting to AV
definition update at the AV vendors can only happen so fast. Zero-hour
exploits have exploded, and often the only prevention for these are wise,
well-educated users.

These are headaches that can't always be prevented by the network admin.
I've had two zombie infected machines within the past year, after seeing
no infections of any type on my networks for around 8 years. One was a
year ago this week and one 2 weeks ago. Both were on machines with
elevated permissions. Both were in the same office. The first was a user
who was designated as a local office admin. At that point a year ago, I
eliminated all users with full admin privileges of any kind. The most
recent, however, was on a user's machine with Power Group permissions.
Unfortunately, that machine cannot be locked down any further, and that
infection slipped by local AV filters. However, in order to get infected,
the user had to have followed a malicious link or visit an infected
website (probably running IIS).

However, you can mitigate these things as above, and I hope this is of
some help to you. I know how incredibly painful cleaning up these types of
things can be.

Good luck!
Tim

-- 
Tim Pleiman
Bravo Systems Technologies
Advanced Open Source Solutions for Business
Chicago, IL USA


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates

[qmailtoaster] Missing HELO identifier

2009-07-13 Thread Tim Pleiman

Hi,

I'm new to QMT and I'm migrating several servers from old hardware with
QMR installations to new hardware running QMT, as QMR just isn't being
kept up well anymore, and I'm tired of patching everything up on my own.
So far, everything has been running quite well with the new install and
subsdquent newmodel updates in the pre-prod testing. But, I can't seem to
find where to fix a problem with one of the header HELOs on the localhost
with SquirrelMail (or perhaps any virtual domain).

I did find reference to this problem in the toaster list archives from
this past November here:

http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg20877.html

However, that does not seem to solve the problem (and in a virtual domain
environment, wouldn't make sense, as this HELO would always be fixed), and
I can't find other references in the archives that lead me to a solution.

Here's a more definitive display of where the problem lies sequentially in
the header:

Received: from mail.rDNSname.org (HELO mail.servername.org)
(xx.xxx.xxx.xxx)
 by mail.servername.com with AES256-SHA encrypted SMTP; 13 Jul 2009
14:27:14 -0500
Received: (qmail 28786 invoked by uid 89); 13 Jul 2009 19:27:14 -
Received: from unknown (HELO ?xx.xxx.xxx.xxx?) (127.0.0.1)
 by mail.servername.org with SMTP; 13 Jul 2009 19:27:14 -
Received: from xx.xx.xx.xx
 (SquirrelMail authenticated user postmas...@testdomain.com)
 by xx.xxx.xxx.xxx with HTTP;
 Mon, 13 Jul 2009 14:27:14 -0500
Message-ID: 4cd812cb08d79de095811e229fff7d1a.squir...@xx.xxx.xxx.xxx
Date: Mon, 13 Jul 2009 14:27:14 -0500


Specifically, this being the problem:

Received: from unknown (HELO ?xx.xxx.xxx.xxx?) (127.0.0.1)

Typically, I would expect to see this instead:

localhost (HELO mail.virtualservername.org) (127.0.0.1)

Typically in QMR, this gets picked up from the appropriate virtual
domain==e.g testdomain.com in this case, but with a different method
that I can locate in QMT. I've tried adjusting all the Qmail control
files, among other things, and I can't seem to figure out why I can't fix
this/where to fix this.

Probably something simple that I'm just missing vis a vis differences
between the installation/deployments of Qmail here (QMR vs. QMT) that I
can't figure out.

Your help appreciated.

Thanks!
-- 
Tim Pleiman
Bravo Systems Technologies
Advanced Open Source Solutions for Business
Chicago, IL USA





-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Missing HELO identifier

2009-07-13 Thread Tim Pleiman


On Mon, July 13, 2009 3:11 pm, Eric Shubert wrote:
 Tim Pleiman wrote:
 Hi,

 I'm new to QMT and I'm migrating several servers from old hardware with
 QMR installations to new hardware running QMT, as QMR just isn't being
 kept up well anymore, and I'm tired of patching everything up on my own.
 So far, everything has been running quite well with the new install and
 subsdquent newmodel updates in the pre-prod testing. But, I can't seem
 to
 find where to fix a problem with one of the header HELOs on the
 localhost
 with SquirrelMail (or perhaps any virtual domain).

 I did find reference to this problem in the toaster list archives from
 this past November here:

 http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg20877.html

 However, that does not seem to solve the problem (and in a virtual
 domain
 environment, wouldn't make sense, as this HELO would always be fixed),
 and
 I can't find other references in the archives that lead me to a
 solution.

 Here's a more definitive display of where the problem lies sequentially
 in
 the header:

 Received: from mail.rDNSname.org (HELO mail.servername.org)
 (xx.xxx.xxx.xxx)
  by mail.servername.com with AES256-SHA encrypted SMTP; 13 Jul
 2009
 14:27:14 -0500
 Received: (qmail 28786 invoked by uid 89); 13 Jul 2009 19:27:14 -
 Received: from unknown (HELO ?xx.xxx.xxx.xxx?) (127.0.0.1)
  by mail.servername.org with SMTP; 13 Jul 2009 19:27:14 -
 Received: from xx.xx.xx.xx
  (SquirrelMail authenticated user postmas...@testdomain.com)
  by xx.xxx.xxx.xxx with HTTP;
  Mon, 13 Jul 2009 14:27:14 -0500
 Message-ID: 4cd812cb08d79de095811e229fff7d1a.squir...@xx.xxx.xxx.xxx
 Date: Mon, 13 Jul 2009 14:27:14 -0500


 Specifically, this being the problem:

 Received: from unknown (HELO ?xx.xxx.xxx.xxx?) (127.0.0.1)

 Typically, I would expect to see this instead:

 localhost (HELO mail.virtualservername.org) (127.0.0.1)

 Typically in QMR, this gets picked up from the appropriate virtual
 domain==e.g testdomain.com in this case, but with a different method
 that I can locate in QMT. I've tried adjusting all the Qmail control
 files, among other things, and I can't seem to figure out why I can't
 fix
 this/where to fix this.

 Probably something simple that I'm just missing vis a vis differences
 between the installation/deployments of Qmail here (QMR vs. QMT) that I
 can't figure out.

 Your help appreciated.

 Thanks!

 What's in your /var/qmail/control/me file?

 --
 -Eric 'shubes'

/var/qmail/control/me contains the primary server mail domain name, e.g:

mail.servername.org

Tim
-- 
Tim Pleiman
Bravo Systems Technologies
Advanced Open Source Solutions for Business
Chicago, IL USA


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Missing HELO identifier

2009-07-13 Thread Tim Pleiman


On Mon, July 13, 2009 3:46 pm, Aleksander Podsiadly wrote:
 W dniu 13.07.2009 22:16, Tim Pleiman pisze:
 /var/qmail/control/me contains the primary server mail domain name, e.g:
 mail.servername.org

 Tim

 It should be the same as result of `hostname`, just the servername. Not
 ,,mail.servername.org'' but FQDN servername with all dots. Not the
 value of CNAME, but the name from record A, the same as the name from
 PTR record. IMO it's the best, clear and proper configuration.

Yes, but that's not the problem I'm having in testing here. The mailserver
HELOS themselves are identifying properly at every other point. The
problem here is related to only one particular HELO--where I would expect
the name of the particular virtual domain to be injected into the HELO
identifier at that point in the process.

It seems to be a problem referenced elsewhere with respect to QMT too
(unknowns, but hard to tell from the various archive questions), something
I never saw in QMR, as that injected the virtual domain into this HELO
identifier position.

Thanks,
Tim
-- 
Tim Pleiman
Bravo Systems Technologies
Advanced Open Source Solutions for Business
Chicago, IL USA


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Missing HELO identifier

2009-07-13 Thread Tim Pleiman


On Mon, July 13, 2009 6:12 pm, Eric Shubert wrote:
 Aleksander Podsiadly wrote:
 W dniu 13.07.2009 22:16, Tim Pleiman pisze:
 /var/qmail/control/me contains the primary server mail domain name,
 e.g:
 mail.servername.org

 Tim

 It should be the same as result of `hostname`, just the servername. Not
 ,,mail.servername.org'' but FQDN servername with all dots. Not the
 value of CNAME, but the name from record A, the same as the name from
 PTR record. IMO it's the best, clear and proper configuration.


 My toaster has the fqdn value in there, but I can't say for sure where
 it comes from.

 I can say that it does not come from `hostname --fqdn` (although I agree
 with Alex that this is the value it should reflect).

 Oh, here it is. Looks like it comes from the /var/qmail/control/helohost
 file. (Duh) http://wiki.qmailtoaster.com/index.php/Helohost

 --
 -Eric 'shubes'

Yes it does. However, helohost defaults to me if not specified in the
control files. And, it should pick up me as I have it specified, but it
does not (I also tried specifying helohost in addition to the correct
me--everything with the same name). In the case of localhost sends (as in
this case from Squirrelmail), I believe it should ideally pick up the
virtual domain that it is sent from in vpopmail, which would be
testdomain.com at this stage.

Again, it only happens in the second stage of the header during a
localhost send process. All the other HELOs are correct. Upon endless
adjustments, I think it may be coming from the CHKUSER patch. I did manage
to get the unknown portion of the HELO changed to say localhost
instead by removing the -H option from tcpserver. So now I get:

from localhost (HELO ?xx.xxx.xxx.xxx?) (127.0.0.1)

from unknown (HELO ?xx.xxx.xxx.xxx?) (127.0.0.1)

The unknown goes away, and once this is changed, the smtp daemon logs
also reflect the change, referring also to localhost instead of
unknown:

2009-07-13 22:17:19.156287500 tcpserver: pid 6969 from 127.0.0.1
2009-07-13 22:17:19.156819500 tcpserver: ok 6969
mail.servername.org:127.0.0.1:25 localhost:127.0.0.1::43932
2009-07-13 22:17:19.162423500 CHKUSER accepted sender: from
postmas...@testdomain.com:: remote
[xx.xxx.xxx.xxx]:localhost:127.0.0.1 rcpt  : sender accepted
2009-07-13 22:17:19.234600500 CHKUSER relaying rcpt: from
postmas...@testdomain.com:: remote
[xx.xxx.xxx.xxx]:localhost:127.0.0.1 rcpt tpleiman@domainname.net :
client allowed to relay

INSTEAD OF:

2009-07-10 17:18:30.502954500 tcpserver: pid 32023 from 127.0.0.1
2009-07-10 17:18:30.503012500 tcpserver: ok 32023
mail.servername.org:127.0.0.1:25 :127.0.0.1::41168
2009-07-10 17:18:30.638742500 CHKUSER accepted sender: from
postmas...@testdomain.com:: remote [xx.xxx.xxx.xxx]:unknown:127.0.0.1
rcpt  : sender accepted
2009-07-10 17:18:30.679559500 CHKUSER relaying rcpt: from
postmas...@testdomain.com:: remote [xx.xxx.xxx.xxx]:unknown:127.0.0.1
rcpt tpleiman@domainname.net : client allowed to relay

I believe HELOs typically should be picked up from the static
configuration files in /var/qmail/control and I can't figure out for the
life of me where (chkuser?) is pulling this HELO name from when it is a
simple localhost send from the same box--e.g. remote and localhost are
the SAME machine, and why it won't at least just pick up the helohost or
me from the control files.

At any rate, everything else is working fine. Incomings are are all
processing great, and I don't think this is that big of a deal as server
to server communications and HELOs are correct, but it would be nice to
clean this up so the headers on outbound sends are correct during this
internal localhost transaction process for localhost sends from
SquirrelMail.

Am I just missing something really stupid here?

Thanks again!
-- 
Tim Pleiman
Bravo Systems Technologies
Advanced Open Source Solutions for Business
Chicago, IL USA


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: Re: [qmailtoaster] queue is flooding user

[qmailtoaster] Helping Out, e.g. >>Re: [qmailtoaster] RE: Shubes

[qmailtoaster] Is Qmailtoaster patched to be able to use these Qmail Control Files?

RE: [qmailtoaster] Is Qmailtoaster patched to be able to use these Qmail Control Files?

RE: [qmailtoaster] Is Qmailtoaster patched to be able to use these Qmail Control Files?

[qmailtoaster] Qmail control smtphosts...is this true?

Re: [qmailtoaster] Re: Qmail control smtphosts...is this true?

[qmailtoaster] 451 DNS Temporary Failure: Issue that should be addressed in CHKUSER

[qmailtoaster] Updated more info[Fwd: [qmailtoaster] 451 DNS Temporary Failure: Issue that should be addressed in CHKUSER]

Re: [qmailtoaster] Re: Updated more info[Fwd: [qmailtoaster] 451 DNS Temporary Failure: Issue that should be addressed in CHKUSER]

[qmailtoaster] OK, I think I get youRe: [qmailtoaster] Re: Updated more info[Fwd: [qmailtoaster] 451 DNS Temporary Failure: Issue that should be addressed in CHKUSER]

Re: [qmailtoaster] 451 DNS Temporary Failure: Issue that should be addressed in CHKUSER

[qmailtoaster] qmail-remote/qmail-smtpd and multiple WAN IP addresses on same box

Re: [qmailtoaster] qmail-remote/qmail-smtpd and multiple WAN IP addresses on same box

[qmailtoaster] SpamdykeFalse DENIED_SENDER_NO_MX error?

Re: [qmailtoaster] Re: SpamdykeFalse DENIED_SENDER_NO_MX error?

RE: [qmailtoaster] SpamAssassin Y2K10 bug

[qmailtoaster] The Brilliant SA Y210K bugfix...NOT!

[qmailtoaster] Thank You!

[qmailtoaster] Spamdyke logging with QMT integration

Re: [qmailtoaster] Spamdyke logging with QMT integration

[qmailtoaster] Does not default to maillog Re: [qmailtoaster] Spamdyke logging with QMT integration

Re: [qmailtoaster] Does not default to maillog Re: [qmailtoaster] Spamdyke logging with QMT integration

[qmailtoaster] Never mindRe: [qmailtoaster] Does not default to maillog Re: [qmailtoaster] Spamdyke logging with QMT integration

[qmailtoaster] Squirrelmail plugins page down...anyone heard how long?

Re: [qmailtoaster] Squirrelmail plugins page down...anyone heard how long?

Re: [qmailtoaster] Missing HELO identifier--Resolved

[qmailtoaster] rhost-check in conjunction with rblsmtpd?

Re: [qmailtoaster] and on Spamdyke (Missing HELO identifier--Resolved)

Re: [qmailtoaster] how to control infected users

[qmailtoaster] Missing HELO identifier

Re: [qmailtoaster] Missing HELO identifier

Re: [qmailtoaster] Missing HELO identifier

Re: [qmailtoaster] Missing HELO identifier

34 matches

Site Navigation

Mail list logo

Footer information