Re: [qmailtoaster] Urgent help need for my issue of reload qmailtoaster

2014-08-22 Thread Toma Bogdan 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
On 22/08/2014 11:18 AM, Chandran Manikandan wrote:
> ladmin: CREATE DATABASE failed; error: 'Can't create database 'vpopmail'; 
> database exists'
this mean that you dint removed mysql server from the system...
and qt-install dint install nothing from what you show there...

- -- 
Bogdan T
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.19 (MingW32)
 
iQEcBAEBAgAGBQJT92FYAAoJEJQyDft8z6osX14H/2Bj0QAVRu2inHFl7OEjBnFL
b4xQdnPvYQc8XJp67RBn7eYgS+ZYr5wPHUAsVZwOpewcxb7c6afxYM+lx26qhO07
KodZ1AI2iDvSkb3K3ly1bXHnJIdPPWqK+8pee2g3U0xSWyYliD+PqYU03+PInM93
s2X2N5rIIMLyAn5kvULgalc3doRQ3+v8nlV6bRH3RYnnpLBpRus/J0514FVhTx2x
qNGSPv+XVCcdiGGakXNZOsvtDZ9oo9z0Nb9CeqUSKT9FnEDPT5g84CoWZyz5YuFa
LLZWTPHAAhKg5N7rMuImVuPKaG731XOKwNxHzgIAUIyfqaec9MtUKSuRWXbZV+c=
=110u
-END PGP SIGNATURE-


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Mail Relay Issue

2011-07-22 Thread Toma Bogdan 

On 7/22/2011 11:42 AM, mr...@cladding.com wrote:

I'm clueless. The code really don't work even trying Agni Isador code.


On 7/22/2011 4:34 PM, Agni Isador wrote:

This example from my server :

127.:allow,RELAYCLIENT="",DKSIGN="/var/qmail/control/domainkeys/%/private"
:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",DKSIGN="/var/qmail/control/domainkeys/%/private",SENDER_NOCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan"

Agni Isador


- Original Message -
From: mr...@cladding.com [mailto:mr...@cladding.com]
To: qmailtoaster-list@qmailtoaster.com
Sent: Fri, 22 Jul 2011 16:27:53 +0800
Subject: Re: [qmailtoaster] Mail Relay Issue

Well, I did that already but still parse error occurs.

Regards,
Malvin

On 7/22/2011 4:19 PM, Agni Isador wrote:
My be you must build tcp.smt before restart qmail
this command is : tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp<  /etc/tcp.smtp


Agni Isador


On 7/22/11, mr...@cladding.com  wrote:

Hi Toma,
I followed your advise, see sample code below:

127.:allow,RELAYCLIENT="",RBLSMTPD="",DKSIGN="/var/qmail/control/domainkeys/%/private"
1.2.3.4:allow,RBLSMTPD="",DKSIGN="/var/qmail/control/domainkeys/%/private"
.:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="200",CHKUSER_WRONGRCPTLIMIT="10",RBLSMTPD="",DKSIGN="/var/qmail/control/domainkeys/%/private"

when I run:
  qmailctl cdb

I got  tcprules: fatal: unable to parse this line...

Please help!
Thanks,
Malvin

On 7/22/2011 9:32 AM, James Beam wrote:

Why does this sound odd to me...why on earth would you want to bulk
download mail from another host - are you planning on redistributing the
email?

So what you are saying is your domain2.com server is refusing to accept
email from domain1.com due to its being flagged as a spammer?



James Beam | Pinnacle | Network Operations
Office: 214-640-2208 * Mobile: (214) 450-1711 * Fax: 214-450-2444 *
james.b...@pinnacle1.com
5501 Lyndon B Johnson Freeway * Dallas, TX * 75240
How Am I Doing? * Facebook * LinkedIn * Twitter


-Original Message-
From: mr...@cladding.com [mailto:mr...@cladding.com]
Sent: Friday, July 22, 2011 1:28 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Mail Relay Issue

Well, domain1.com is a Server being hosted by our Email Server provider in
HK which does not have a network behind it. Only HTTP, FTP, POP/IMAP/SMTP
are the services. domain2.com serves as a local mail Server hosted on our
own network here in Philippines, our purpose is just to speed up the
downloading of bulk emails coz if we are going to connect directly from
domain1.com it will took us too long on downloading bulk emails in MS
Outlook.

Regards,
Malvin

On 7/22/2011 2:18 PM, Toma Bogdan wrote:

On 7/22/2011 5:43 AM, mr...@cladding.com wrote:

Hi List,

Can anyone help me resolve a Mail Relay issue between 2 Mail Server? I
have domain1.com Mail Server which forward bulk emails everyday to
domain2.com Mail Server but my problem is domain1.com is frequently
listed on SPAM Database (e.g. SORBS) due to being suspected as SPAMMER.

FYI, domain1.com is running via MailEnable and domain2.com is running
qmailtoaster.

Any Advise please.

Regards,
Malvin

domain1.com server have a network behind it? what any other services you
have on that server?


The information contained in this email is intended only for the person or
entity to whom it is addressed and may contain confidential and/or
privileged material; unauthorized use of this information is prohibited.
If you have received this in error, please notify the sender and delete
the material immediately. Thank you.

First: if mail hosting server do not assign a private ip for your mail
domains hosted there , then you are on a shared ip and probably the problem
with listed as SPAM will persist

Second - on domain2 try to set domain1 ip in withelist see
http://wiki.qmailtoaster.com/index.php/RBLs

Hope this will help you

--
Bogdan T
Network/Systems Security
tbogdan . a . t . direkt.ro


-
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and
packages.
  To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com






-
Qmailtoaster is spo

Re: [qmailtoaster] Mail Relay Issue

2011-07-21 Thread Toma Bogdan 

On 7/22/2011 9:32 AM, James Beam wrote:

Why does this sound odd to me...why on earth would you want to bulk download 
mail from another host - are you planning on redistributing the email?

So what you are saying is your domain2.com server is refusing to accept email 
from domain1.com due to its being flagged as a spammer?



James Beam | Pinnacle | Network Operations
Office: 214-640-2208 * Mobile: (214) 450-1711 * Fax: 214-450-2444 * 
james.b...@pinnacle1.com
5501 Lyndon B Johnson Freeway * Dallas, TX * 75240
How Am I Doing? * Facebook * LinkedIn * Twitter


-Original Message-
From: mr...@cladding.com [mailto:mr...@cladding.com]
Sent: Friday, July 22, 2011 1:28 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Mail Relay Issue

Well, domain1.com is a Server being hosted by our Email Server provider in HK 
which does not have a network behind it. Only HTTP, FTP, POP/IMAP/SMTP are the 
services. domain2.com serves as a local mail Server hosted on our own network 
here in Philippines, our purpose is just to speed up the downloading of bulk 
emails coz if we are going to connect directly from domain1.com it will took us 
too long on downloading bulk emails in MS Outlook.

Regards,
Malvin

On 7/22/2011 2:18 PM, Toma Bogdan wrote:

On 7/22/2011 5:43 AM, mr...@cladding.com wrote:

Hi List,

Can anyone help me resolve a Mail Relay issue between 2 Mail Server? I have 
domain1.com Mail Server which forward bulk emails everyday to domain2.com Mail 
Server but my problem is domain1.com is frequently listed on SPAM Database 
(e.g. SORBS) due to being suspected as SPAMMER.

FYI, domain1.com is running via MailEnable and domain2.com is running 
qmailtoaster.

Any Advise please.

Regards,
Malvin

domain1.com server have a network behind it? what any other services you have 
on that server?



The information contained in this email is intended only for the person or 
entity to whom it is addressed and may contain confidential and/or privileged 
material; unauthorized use of this information is prohibited. If you have 
received this in error, please notify the sender and delete the material 
immediately. Thank you.
First: if mail hosting server do not assign a private ip for your mail 
domains hosted there , then you are on a shared ip and probably the 
problem with listed as SPAM will persist


Second - on domain2 try to set domain1 ip in withelist see 
http://wiki.qmailtoaster.com/index.php/RBLs


Hope this will help you

--
Bogdan T
Network/Systems Security
tbogdan . a . t . direkt.ro


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Mail Relay Issue

2011-07-21 Thread Toma Bogdan 

On 7/22/2011 5:43 AM, mr...@cladding.com wrote:

Hi List,

Can anyone help me resolve a Mail Relay issue between 2 Mail Server? I have 
domain1.com Mail Server which forward bulk emails everyday to domain2.com Mail 
Server but my problem is domain1.com is frequently listed on SPAM Database 
(e.g. SORBS) due to being suspected as SPAMMER.

FYI, domain1.com is running via MailEnable and domain2.com is running 
qmailtoaster.

Any Advise please.

Regards,
Malvin
domain1.com server have a network behind it? what any other services you 
have on that server?


--
Bogdan T
Network/Systems Security
tbogdan . a . t . direkt.ro


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] problem with dkim

2011-05-13 Thread Toma Bogdan 

On 5/12/2011 9:48 PM, apow...@st-tel.net wrote:

Here is the headers of a dkim=permerror (bad sig)

From apow...@st-tel.net Thu May 12 12:52:19 2011
X-Apparently-To: ae...@yahoo.com via 68.142.199.191; 
Thu, 12 May 2011 05:52:22 -0700

Return-Path: 
Received-SPF: pass (mta140.mail.sp2.yahoo.com: domain 
of apow...@st-tel.net designates 63.170.92.52 as permitted sender) 
bW11bmljYXRpb25zCk9mZmljZTogNzg1LTQ2MC03MzAwCkZheDogNzg1LTQ2 
MC03MzAxATABAQEB
X-YMailISG: 
BKczKe0cZAp_Kh4Pvn1OCHTN0GqUVYw0_NRMSykOs7JnEqjC 
lGzt5FZrLq40JE8u0IoDIJEJslXMatTuxXDy61bEN.CmuYFkMnIxivLThB56 
NY2Zmx_Tn5IqdrX2kQKtMGngmsjuVbNeOKRs9HjzW5xucV.4MpwRq1ElZAvD 
eWtKKHdyPQTtKfTs1T2cKchvgabQPHb2kHnjqZ0LT9_L9ok9yhbCGc8XcQ81 
WZmPFdrqkwSoEG9GLKSPOjKRo_vzLuSBK8Huw1rIlHJP79PnzNLEhyeUIuvg 
fFYAy.eJDkGDPZtUS1VF38ZnMGQuI1hs5IOuLqyyvIouHBOGvAIZuLvQFf1e 
c0bVvayQx4DZclN9QWZgwWKHOyeM8uRSXLvLSQTmtbZR9j4VqDZh0YSdxjqR 
9bUlPFWFOdgMr2WQXzipzX7e8k6pdiGP6xILHGCBPICd5kN6peqeC4PcJC_r 
HujN_T4M9K69ekAuLthlbeW.lqN_rZ1p5jxLf6T1cbIhov4MgFtNqiOAYqyy 
lGpw4dXg0wInHlHlLl9u5SZPNygqq1srxLmauGuIM5sz4uwj43iTgcrzUBsW 
L29RR8.RKxX4OKNKtcmAeYQFbnZsB7w1RXFK35zyjWDAcrxTpP9Ih350BqHY 
cXDXTnswoV3jpiDgBluaYLq_0UsgBXhN__zrhYXmus7Yz0Ar3QzyZePGAWhC 
pdZ54WeptgnfJbYbVvSvVsqLQwgEE4slabXwsgxtJOtADkJU7ZvcqkhR8it9 
YkJRIjW3pHACqumQFFZZEq7EpOZyCbsTA91Rzyr9kIZQwYYwOD1kzJKQEo.f 
9YkeRX52yFA8UhSm4VCDaB5vixH4PLFNGOwjlX6PWzrGJbrodmvjS1CI76x0 
7jt93FYw3tAWu13cgzhjbKmXCKEsjncIijTYTSw03u5ly_GpfWaaz2zPWzq_ 
c1jsXXZFId45z96M4rmWWI5RpgZ4DQ6Jt.39nWzNga.XPLDM6x4qwCHkTbkE 
V77Tl1fyf_MxANcZdMGg1gNFHPCZx5yee5vxqqha7Db8_pf_OsykAsgG1F9A 
ReFXG2OrHAILNjoHh35_jQEHSNmMhI2o5m.wWg_hcG8hmDD1pKXBR7yoJxt9 
4eX7pf5vQlK9IBCkLunc0CWbYiV6.OQ8fjBcwSvogtWz54tfIPOcpWbUJgtX 
jn9RllSceq0f3UzD_cZ4RRPibbeeZdeU3iiEX0i3h74Bu3F.N1FJBTwjnyJw 
goll1A.f79tJZvgTSeXgEgeTmecCnkKNIXAj0zfiVNFVJNF8xcqWo_zM0LVl 
Iwtj5dhpR4yG9GUF6kXf7Dkui4D3Yh8kc9d8k7BWVrX4ZaxmbTTZjkPjVoa9 
NnNdYusW3qh4sb53FDuxaFIqsk0hLJwYFUu6kJl91mYlP6BNadWFFN.GM2rb 5TQyr8MgI0w1

X-Originating-IP: [63.170.92.52]
Authentication-Results: mta140.mail.sp2.yahoo.com 
from=st-tel.net; domainkeys=neutral (no sig); 
from=stmail-nfs1.st-tel.net; dkim=permerror (bad sig)
Received: from 127.0.0.1 (EHLO mx2.st-tel.net) 
(63.170.92.52) by mta140.mail.sp2.yahoo.com with SMTP; Thu, 12 May 
2011 05:52:22 -0700
Received: from stmail-nfs1.st-tel.net 
(stmail-nfs1.st-tel.net [10.2.1.160]) by mx2.st-tel.net 
(8.13.8/8.13.8/Debian-3+etch1) with ESMTP id p4CCqKWl014236 for 
; Thu, 12 May 2011 07:52:21 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=simple; 
d=stmail-nfs1.st-tel.net; h= 
message-id:date:from:to:subject:mime-version:content-type 
:content-transfer-encoding; s=dkim1; bh=qWaYy1rzecELWi+MGj9iPd9l YlY=; 
b=fwOb2HLSZkZWZYkhB73PnzZr4nL2Vce3b8lxtgpt5GpoL+dTN8W68Xsw hHgLm+iM
Received: (qmail 9866 invoked by uid 89); 12 May 2011 
12:52:19 -
Received: by simscan 1.4.0 ppid: 9860, pid: 9861, t: 
0.0092s scanners: attach: 1.4.0 clamav: 0.97/m:53/d:13061
Received: from unknown (HELO localhost) (10.2.1.180) 
by stmail-nfs1.st-tel.net with SMTP; 12 May 2011 12:52:19 -
Received: from 10.2.4.63 ([10.2.4.63]) by 
stwebmail.st-tel.net (Horde Framework) with HTTP; Thu, 12 May 2011 
07:52:19 -0500

Message-ID: <20110512075219.12633e0b85qnc...@stwebmail.st-tel.net>
X-Priority: 3 (Normal)
Date: Thu, 12 May 2011 07:52:19 -0500
From:
apow...@st-tel.net
View contact details
To: Gmail test , Yahoo test 
, Aaron test 

Subject: test
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; 
DelSp="Yes"; format="flowed"

Content-Disposition: inline
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) H3 (4.3.6)
X-Bayes-Prob: 0.0001 (Score 0, tokens from: @@RPTN, 
outbound)

X-Spam-Score: 0.00 () [Hold at 13.00] SPF(pass:0)
X-CanIt-Geo: No geolocation information available for 
10.2.1.160

X-CanItPRO-Stream: outbound
X-Canit-Stats-ID: 03EGAQkXK - ade7763c5d5c - 20110512
X-Scanned-By: CanIt (www . roaringpenguin . com) on 
10.2.1.52

Content-Length: 97

Here is the headers of a dkim=pass (ok)

From apow...@st-tel.net Thu May 12 01:48:10 2011
X-Apparently-To: ae...@yahoo.com via 68.142.199.195; 
Wed, 11 May 2011 18:48:12 -0700

Return-Path: 
Received-SPF: pass (mta1221.mail.sk1.yahoo.com: domain 
of apow...@st-tel.net designates 63.170.92.52 as permitted sender) 
bW11bmljYXRpb25zCk9mZmljZTogNzg1LTQ2MC03MzAwCkZheDogNzg1LTQ2 
MC03MzAxATABAQEB
X-YMailISG: 
9ROR0XYcZAp4h_IaiVNuc6zi0qsAKWmEZJfFP0_jFAZxrJLR 
7fWW2ZaAOdzcnixD7ZkTkF0LPTOlo0c1d7GUkxaPyfsJmtsmdY8KL_tQXXyc 
lxrIplJkEsTY4_2PyEegIPD

Re: [qmailtoaster] Regex for fail2ban - SMTP DDos

2011-05-06 Thread Toma Bogdan 

On 5/6/2011 9:10 AM, Délsio Cabá wrote:

Hi all

I am getting a lot of DDOS on smtp connection logs:

@40004dc390330ffb50f4 CHKUSER accepted sender: from 
 remote  rcpt 
<> : sender accepted
@40004dc390340c9e201c CHKUSER rejected rcpt: from 
 remote  rcpt 
mailto:m...@zicel.ru>> : invalid rcpt MX domain

..
@40004dc3905511aba4bc CHKUSER accepted sender: from 
 remote  rcpt 
<> : sender accepted
@40004dc390562cb394a4 CHKUSER rejected relaying: from 
 remote  rcpt 
mailto:mad...@usc.es>> : client not allowed to relay


I need to block this using fail2ban but the regex is quite complex. I 
have tried this:

"\> rcpt \S+ : client not allowed to relay$"

But it doesn't seam to be working as expected:
fail2ban-regex /var/log/qmail/smtp/current "\> rcpt \S+ : client 
not allowed to relay"

...
Date template hits:
0 hit(s): MONTH Day Hour:Minute:Second
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second Year
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second
0 hit(s): Year/Month/Day Hour:Minute:Second
0 hit(s): Day/Month/Year Hour:Minute:Second
0 hit(s): Day/MONTH/Year:Hour:Minute:Second
0 hit(s): Month/Day/Year:Hour:Minute:Second
0 hit(s): Year-Month-Day Hour:Minute:Second
0 hit(s): Day-MONTH-Year Hour:Minute:Second[.Millisecond]
0 hit(s): Day-Month-Year Hour:Minute:Second
1184 hit(s): TAI64N
0 hit(s): Epoch
0 hit(s): ISO 8601
0 hit(s): Hour:Minute:Second
0 hit(s): 

Any help would be very appreciated
Thanks!

try this
failregex = CHKUSER .* <\w*:\w*:> .* : client not allowed to relay$

check it with :
fail2ban-regex /var/log/qmail/smtp/current 
/etc/fail2ban/filters/qmail-smtp-filter.conf



--
T. Bogdan
Network/Systems Security
www.direkt.ro

Re: [qmailtoaster] Fail2ban and Qmailtoaster

2011-03-12 Thread Toma Bogdan 

On 3/12/2011 4:26 PM, Finn Buhelt (kirstineslund) wrote:

Hi Peter.

I have extended vpopmail.conf  with this  :

failregex = vchkpw-pop3: vpopmail user not found .*:$
vchkpw-smtp: vpopmail user not found .*:$
vchkpw-submission: vpopmail user not found .*:$


you can do this if you add more log path`s in vpopmail.conf , pop3 regex 
will be found in /pop3/logfile ... etc


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: SMTP attack

2011-03-08 Thread Toma Bogdan 

On 3/8/2011 11:18 AM, Pak Ogah wrote:

On 07-Mar-11 21:49, Eric Shubert wrote:

Great job, Pak.
Thanks, Toma.
Pak, will you get this incorporated into the wiki?
TIA.
Ok Eric, it's done but since I just copy-paste as is and 
re-formatting, I didn't know what that fail2ban meaning (I haven't 
tried it also)
but, I saw something weird. So I would like to ask Sergio, Toma and 
other who understand fail2ban


@Sergio,
you create a filter named /etc/fail2ban/filter.d/vpopmail-fail.conf
but the regex is searching for vchkpw-smtp: password fail ([^)]*) 
[^@]*@[^:]*:

and how come on action you blocking smtp port rather then pop3 port
action   = iptables[name=SMTP, port=smtp, protocol=tcp]

@Toma,
I have change
 logpath = /your/path/to/pop3/logs
into
 logpath = /var/log/maillog

because that is the log where I can find error "vpopmail user not 
found" on qmt system


btw I have change
 action = shorewall
into
 action = iptables[name=SMTP, port=smtp, protocol=tcp]
and the question also same, why did you block smtp port for error in 
pop3 log


I think we need standardize fail2ban rules for QMT


- 

Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and 
installations.

 If you need professional help with your setup, contact them today!
- 

Please visit qmailtoaster.com for the latest news, updates, and 
packages.
 To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com




Hello,

If your system have shorewall as firewall solution management
we get 'action' statement from /etc/fail2ban/jail.conf
---
[qmail-pop3]
enable  = true
filter  = qmail-pop3
action  = shorewall
sendmail[name="Qmail Pop3 user fail", 
dest=y...@yourdomain.com]

logpath = /path/to/logfile
maxretry = 3
bantime = 600
---
now action refer to a file from
/etc/fail2ban/action.d
shorewall.conf ( as shorewall from action line above )
and
sendmail.conf ( as sendmail from action line above )
where we have:

shorewall.conf
---
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = shorewall drop 
actionunban = shorewall allow 
-

and

sendmail.conf
---
[Definition]
actionstart = printf %%b "Subject: [Fail2Ban] : started
   From: Fail2Ban <>
   To: \n
   Hi,\n
   The jail  has been started successfully.\n
   Regards,\n
   Fail2Ban" | /usr/sbin/sendmail -f  

actionstop = printf %%b "Subject: [Fail2Ban] : stopped
   From: Fail2Ban <>
   To: \n
Hi,\n
The jail  has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f  

actioncheck =

actionban = printf %%b "Subject: [Fail2Ban] : banned 
 From: Fail2Ban <>
 To: \n
  Hi,\n
  The IP  has just been banned by Fail2Ban after
 attempts against .\n
  Regards,\n
  Fail2Ban" | /usr/sbin/sendmail -f  

actionunban =   printf %%b "Subject: [Fail2Ban] : unbanned 
   From: Fail2Ban <>
   To: \n
   Hi,\n
   The IP  has just been unbanned by Fail2Ban
   Regards,\n
   Fail2Ban" | /usr/sbin/sendmail -f  



[Init]
name = default
dest = root
sender = fail2ban
-

when used with shorewall the  is passet to shorewall as "shorewall 
drop " and the ip will be droped ( there is no use of port or protocol )


i never user iptables action on fail2ban, sorry, i have to do some tests...

Re: [qmailtoaster] Re: SMTP attack

2011-03-07 Thread Toma Bogdan 

Used on Centos 5.5

>> /etc/fail2ban/filter.d/qmail-pop3.conf
--- start cut --
[Definition]

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#  host must be matched by a group named "host". The tag 
"" can
#  be used for standard IP/hostname matching and is only an 
alias for

#  (?:::f{4,6}:)?(?P\S+)
# Values:  TEXT
#

failregex = vchkpw-pop3: vpopmail user not found .*:

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =
--- end cut ---


>> jail.conf

[qmail-pop3]
enable  = true
filter  = qmail-pop3
action  = shorewall
  sendmail[name="Qmail Pop3 user fail", 
dest=changet...@yourdomain.com]

logpath = /your/path/to/pop3/logs
maxretry = 3
bantime = 600

=
T.Bogdan
Sys & Net Admin
Direkt Network
http://www.direkt.ro

-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] squirrelmail login username only question

2010-10-18 Thread Toma Bogdan 

 cd /path/to/squirrell-root-dir/plugins

wget 
"http://squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fvlogin-3.10.2-1.2.7.tar.gz";


tar xfvz vlogin-3.10.2-1.2.7.tar.gz
cd vlogin/data
cp config.php.sample config.php
vi config.php ( read the file, have explicit documentation )

-> simple add something like this at

-- cut --
$virtualDomains = array(
  'your-domain.com' => array(
  'domain' => 'your-domain.com',
  'org_name'   => 'Your ORG NAME',
  'org_title'  => '(isset($_SESSION["username"]) ? 
$_SESSION["username"] . " - ORG NAME Mail" : "Mail")',

  ),
);
-- end cut --

-> comment other examples from $virtualDomains
-> read the rest of the file

cd /path/to/squirrell-root-dir/config
./config.pl

type 8
type the number of vlogin plugin, from the "Available Plugins" section
type S
type Q

-> try to log on webmail with user and pass

--
T.Bogdan
http://www.direkt.ro



-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] squirrelmail login username only question

2010-10-18 Thread Toma Bogdan 

 On 18/10/2010 8:43 AM, Joselito Tapangan wrote:

Hi List,

We have currently done in setup our new squirrelmail server. And 
we did it with no issue. But I have a question regarding login in 
squirrelmail.


Our previous server in squirrelmail we usually login with our 
username only without the  domain name at the end of the user.
so insteadl of @http://domain-name.com>>  
and , we only login  and .


   In our new mail server it is now @> and . My problem is that I want 
 and  to be inputed in our loginpage of the 
squirrelmail. In other word, I want to eliminate the > during login in our mail.


  Anyone knows how to do that? Kindly please give me the steps how to 
do that.


 I will appreciate any help regarding this matter.



Respectfully Yours,

Joselito E. Tapangan
Network Administrator
Booom!! Interactive, Inc.
2F Tulips Center Bldg.
A.S. Fortuna St.
Mandaue City, Cebu
Philippines, 6014.


I use this:
Login Manager ("Vlogin")
http://squirrelmail.org/plugin_view.php?id=47

--
T.Bogdan
http://www.direkt.ro
--

Re: [qmailtoaster] antivirus question

2010-08-25 Thread Toma Bogdan 

 On 25/08/2010 10:23 AM, Rajesh M wrote:

hi

this is not a configuration issue

the actual file name is Xerox_doc.exe

if i use clamscan for scanning the file directly, even then clam does not
detect the virus

##

[r...@ns1 ~]# /usr/bin/clamscan Xerox_doc.exe
Xerox_doc.exe: OK

--- SCAN SUMMARY ---
Known viruses: 817679
Engine version: 0.96.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.05 MB
Data read: 0.05 MB (ratio 1.00:1)
Time: 8.089 sec (0 m 8 s)

##

your can download and chk it from here

http://24x7server.net/v.zip

thanks

rajesh




   On 25/08/2010 8:25 AM, Rajesh M wrote:

hi


one of our customers are getting virus email as an exe, zipped up

my clam on my mailserver is uptodate

this is not being detected by clam

to double check i uploaded the file to my mail server

/usr/bin/clamscan v.zip

where file.zip is the virus file

and clam reported as follows

v.zip: OK
--- SCAN SUMMARY ---
Known viruses: 817679
Engine version: 0.96.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.09 MB
Data read: 0.04 MB (ratio 2.44:1)
Time: 5.008 sec (0 m 5 s)

in my local office computer
Kaspersky detects this as
trojan win32.agent2.lnw

this is happening for the last 3 weeks

could somebody please guide me as to how i can resolve this problem

rajesh






-
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
  Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them
today!
-
   Please visit qmailtoaster.com for the latest news, updates, and
packages.

To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
   For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com



Check on clamd.conf

##
## Archives
##
# ClamAV can scan within archives and compressed files.
# Default: yes
#ScanArchive yes

If ScanArchive is set to 'no' comment the line or set it to 'yes'

then check 'Limits' section if the file is larger than your limits
settings no scan will be made.



--
T.Bogdan


-
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
 Vickers Consulting Group offers Qmailtoaster support and
installations.
   If you need professional help with your setup, contact them today!
-
  Please visit qmailtoaster.com for the latest news, updates, and
packages.

   To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com









-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
 Vickers Consulting Group offers Qmailtoaster support and installations.
   If you need professional help with your setup, contact them today!
-
  Please visit qmailtoaster.com for the latest news, updates, and packages.

   To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



you right it not detected

--
T.Bogdan



-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] antivirus question

2010-08-24 Thread Toma Bogdan 

 On 25/08/2010 8:25 AM, Rajesh M wrote:

hi


one of our customers are getting virus email as an exe, zipped up

my clam on my mailserver is uptodate

this is not being detected by clam

to double check i uploaded the file to my mail server

/usr/bin/clamscan v.zip

where file.zip is the virus file

and clam reported as follows

v.zip: OK
--- SCAN SUMMARY ---
Known viruses: 817679
Engine version: 0.96.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.09 MB
Data read: 0.04 MB (ratio 2.44:1)
Time: 5.008 sec (0 m 5 s)

in my local office computer
Kaspersky detects this as
trojan win32.agent2.lnw

this is happening for the last 3 weeks

could somebody please guide me as to how i can resolve this problem

rajesh






-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
 Vickers Consulting Group offers Qmailtoaster support and installations.
   If you need professional help with your setup, contact them today!
-
  Please visit qmailtoaster.com for the latest news, updates, and packages.

   To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



Check on clamd.conf

##
## Archives
##
# ClamAV can scan within archives and compressed files.
# Default: yes
#ScanArchive yes

If ScanArchive is set to 'no' comment the line or set it to 'yes'

then check 'Limits' section if the file is larger than your limits 
settings no scan will be made.




--
T.Bogdan


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Disk Partition

2010-08-20 Thread Toma Bogdan 

 On 20/08/2010 11:06 AM, Mushleh Azmy wrote:

Hi,

Please Help Me..

I want install Qmail Toaster as Mail Server.
My Server Spesification :

Hardisk : 100 Gb (Single Disk)
Memory : 2 Gb
Xeon Server


My Question Is, what is ideal partition for mail server ?

Thank's for answer for my question

Regad's

Mushleh Azmy


use LVM

/boot -> 250M
/ -> 10G
/usr -> 3 G minimal ( 3,5 optimal )
/var -> 15G
/home ( here will have vpopmail with domains and users , dependencies: 
nr. of users/domains/mail traffic - storage; you must decide how much 
space you need )


This is kinda informal and partition setup mostly depend of many 
factors, that's why i prefer LVM if i need to make changes
If you don't want to make partitions use simple format with /boot and 
the rest in / and if needed in time you can add more space ( new hdd? ) 
in / if you use LVM


Regards,

--
T.Bogdan

Re: [qmailtoaster] Firewall block

2010-07-27 Thread Toma Bogdan 

On 27/07/2010 4:51 PM, Maxwell Smart wrote:
 I use a non standard port and that stops 99.99% of it.  If you can't 
do that there is a list out in the ether of IP's by nation and you can 
put them in your iptables.  You'll use whole subnets and not just 
individual ips.


CJ

On 07/27/2010 05:31 AM, Scott Hughes wrote:

Is there a way to block all of the apnic IP address blocks at one time?

I am seeing a lot of ssh attempts from China. Since I don't send or 
receive email with China, I'd like to just block them at the firewall 
en mass (instead of one net block at a time).


Any ideas?

Thanks,
Scott




- 

Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
 Vickers Consulting Group offers Qmailtoaster support and 
installations.
   If you need professional help with your setup, contact them 
today!
- 

  Please visit qmailtoaster.com for the latest news, updates, and 
packages.


   To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com






Just change default port of ssh, 99% of attempts are from scripts kiddies



--
T.Bogdan
http://www.direkt.ro
--



-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Spambox troubles

2010-07-22 Thread Toma Bogdan 

On 23/07/2010 3:13 AM, Patrick Ring wrote:

OK.  I deleted the .qmail file from all accounts.
As well, I "reset" the spamassassin database using "sudo -H -u 
vpopmail sa-learn --clear"

I followed this with a "qmailctl restart"
I am still getting a huge amount of false positives, and it is still 
dropping the ***SPAM*** marked emails into the .Spam box.
Once messages are in there, it seems to be impossible to get them back 
into the inbox (and stay there).

Any advice?
Thank you,
Patrick M. Ring
P. Ring Technologies
Louisiana Web Host, LLC.
985-868-4200


*From:* Jake Vickers [mailto:j...@qmailtoaster.com]
*Sent:* Wednesday, July 21, 2010 1:34 AM
*To:* qmailtoaster-list@qmailtoaster.com
*Subject:* Re: [qmailtoaster] Spambox troubles

On 07/20/2010 05:54 PM, Patrick Ring wrote:
I've been running the Spambox on my qmt for quite some time now.  
However, lately I'm getting a huge amount of false positives, and 
it's a pain trying to educate the users about how to use the Spam (or 
.Spam) folder.

Is there any (simple) way to turn it off?
In the reading I've done, the only thing I can find is to 
recompile/rebuild a package or two with the spambox 0 defined.
I've also read it has something to do with the .qmail file found in 
each users' account.

Can anyone point me to some enlightenment about this?



If you are getting false positives, check the message headers. I'll 
bet your bayes DB has been tainted with legitimate messages that were 
marked as spam, which will have a snowball effect. You'll see 
legitimate messages hitting the bayes score categories.


Basically when the spambox is enabled for a user, after all the spam 
scans are done the message gets passed to the /etc/mail/mailfilter 
script (maildrop). If the message has a spam score in the headers that 
is greater than 7 (I think this is the default now) then it gets sent 
to the Spam folder and also sent to sa-learn so that spamassassin can 
analyze it and learn to identify messages like it as spam more 
efficiently. So if a legitimate message gets sent to sa-learn as spam, 
spamassassin will be tainted - this will have a snowball effect.


When you enable the spambox for users, it creates a .qmail file in the 
user's maildir. This tells it to pass the messages to the mailfilter 
script before delivery. You have a couple ways to fix this:


Delete the bayes DB and start over. You may see an increase in spam 
initially until spamassassin can learn again (brain-wipe it), but this 
is usually preferable to false-positives.


Disable the spambox by recompiling qmailadmin-toaster to disable the 
option - this will not REMOVE it for those that already have the 
.qmail file - it will only prevent people from turning the option on. 
You will then need to go and delete the .qmail files for the users to 
actually disable it for users.


Delete the bayes DB, starting over like before, and adjust the 
mailfilter script to fit your environment a little better.


Write a spamassassin rule that adds a negative score for things that 
you identify as legitimate message contents - eventually this will 
counter the tainted bayes, but it will take a LONG time.


After checking the headers and seeing the BAYES_99 category, change 
it's score. This can be used in conjunction with some of the options 
above.


Hope that helps some.

try sa-update then restart qmail

--
T.Bogdan
http://www.direkt.ro
--

Re: [qmailtoaster] Very strange and huge problem with port 25 and Qmailtoaster

2010-07-22 Thread Toma Bogdan 

you use spamdyke ?

contact pe on YM - linuxdefense for a fast talk

--
T.Bogdan
http://www.direkt.ro
--

Re: [qmailtoaster] Very strange and huge problem with port 25 and Qmailtoaster

2010-07-22 Thread Toma Bogdan 

On 22/07/2010 11:34 AM, Digital Instruments wrote:

w
USER TTY  FROM  LOGIN@   IDLE   JCPU   PCPU WHAT
root pts/0:7.0 Wed12   21:39m  0.01s  0.01s -bash
root pts/2192.168.200.80   10:200.00s  0.01s  0.00s w

free -m

total   used   free sharedbuffers cached
Mem:  1002958 43  0121293
-/+ buffers/cache:543459
Swap: 1983  0   1983

ps aux --sort -rss
clamav   29200  0.3 16.8 224624 173484 ?   Sl   09:39   0:10 
/usr/sbin/clamd
root 29247  0.0  4.0 127032 42080 ?S09:39   0:01 
/usr/bin/perl -T -w /usr/bin/spamd -x -u vpopmail -s stderr
vpopmail 29297  0.0  3.8 127032 39924 ?S09:39   0:00 spamd 
child
vpopmail 29298  0.0  3.8 127032 39844 ?S09:39   0:00 spamd 
child


probably clamav problem? 16% memory suage also vpopmail a bit high? 
4.0 and 3.8 [x2]. Also clamd has 21.4% cpu usage.





-- start logs ---
Escape character is '^]'. *---> (((waiting here about 1 min)))*
220 server1.isocast.it - Welcome to Qmail Toaster Ver. 1.3 SMTP 
Server ESMTP

ehlo .xx
250-server1.isocast.it - Welcome to Qmail Toaster Ver. 1.3 SMTP Server
250-STARTTLS
250-PIPELINING
250-8BITMIME
250-SIZE 20971520
250 AUTH LOGIN PLAIN CRAM-MD5
quit
221 server1.isocast.it - Welcome to Qmail Toaster Ver. 1.3 SMTP Server
Connection closed by foreign host.


[...@nc07493 ~]$ telnet mail.digital-instruments.com 25
Trying 79.14.157.43...
Connected to mail.digital-instruments.com (79.14.157.43).
Escape character is '^]'. *---> (((waiting here about 1 min)))*
220 server1.isocast.it - Welcome to Qmail Toaster Ver. 1.3 SMTP 
Server ESMTP

ehlo .xx
250-server1.isocast.it - Welcome to Qmail Toaster Ver. 1.3 SMTP Server
250-STARTTLS
250-PIPELINING
250-8BITMIME
250-SIZE 20971520
250 AUTH LOGIN PLAIN CRAM-MD5
quit
221 server1.isocast.it - Welcome to Qmail Toaster Ver. 1.3 SMTP Server
Connection closed by foreign host.
---end logs ---

You have a long delay after success connection till 220 response
Your server may be busy? No mem? dns problems? or anything else,

can you give us :
'w' and 'free -m' ?

--
T.Bogdan
http://www.direkt.ro
--
   




Nessun virus nel messaggio in arrivo.
Controllato da AVG -www.avg.com
Versione: 9.0.851 / Database dei virus: 271.1.1/3020 -  Data di rilascio: 
07/21/10 20:36:00

   




OK i got it now
tested your pop3 connection:


--start log ---
[...@n0r2hid ]# telnet mail.digital-instruments.com 110
Trying 79.14.157.43...
Connected to mail.digital-instruments.com (79.14.157.43).
Escape character is '^]'.
+OK <4814.1279790...@server1.isocast.it>
user webmaster
+OK
pass test
vmysql: sql error[3]: Table 'vpopmail.users' doesn't exist
Attempting to rebuild connection to SQL server
vmysql: connection rebuild failed: Table 'vpopmail.users' doesn't exist
-ERR authorization failed
Connection closed by foreign host.
-- end log ---

Check that your mysql server is running, if not start it
if it running check DB structure , error tell you that table users from 
vpopmail db not exist


--
T.Bogdan
http://www.direkt.ro
--

Re: [qmailtoaster] Very strange and huge problem with port 25 and Qmailtoaster

2010-07-22 Thread Toma Bogdan 

On 22/07/2010 11:34 AM, Digital Instruments wrote:

w
USER TTY  FROM  LOGIN@   IDLE   JCPU   PCPU WHAT
root pts/0:7.0 Wed12   21:39m  0.01s  0.01s -bash
root pts/2192.168.200.80   10:200.00s  0.01s  0.00s w

free -m

total   used   free sharedbuffers cached
Mem:  1002958 43  0121293
-/+ buffers/cache:543459
Swap: 1983  0   1983

ps aux --sort -rss
clamav   29200  0.3 16.8 224624 173484 ?   Sl   09:39   0:10 
/usr/sbin/clamd
root 29247  0.0  4.0 127032 42080 ?S09:39   0:01 
/usr/bin/perl -T -w /usr/bin/spamd -x -u vpopmail -s stderr
vpopmail 29297  0.0  3.8 127032 39924 ?S09:39   0:00 spamd 
child
vpopmail 29298  0.0  3.8 127032 39844 ?S09:39   0:00 spamd 
child


probably clamav problem? 16% memory suage also vpopmail a bit high? 
4.0 and 3.8 [x2]. Also clamd has 21.4% cpu usage.





-- start logs ---
Escape character is '^]'. *---> (((waiting here about 1 min)))*
220 server1.isocast.it - Welcome to Qmail Toaster Ver. 1.3 SMTP 
Server ESMTP

ehlo .xx
250-server1.isocast.it - Welcome to Qmail Toaster Ver. 1.3 SMTP Server
250-STARTTLS
250-PIPELINING
250-8BITMIME
250-SIZE 20971520
250 AUTH LOGIN PLAIN CRAM-MD5
quit
221 server1.isocast.it - Welcome to Qmail Toaster Ver. 1.3 SMTP Server
Connection closed by foreign host.


[...@nc07493 ~]$ telnet mail.digital-instruments.com 25
Trying 79.14.157.43...
Connected to mail.digital-instruments.com (79.14.157.43).
Escape character is '^]'. *---> (((waiting here about 1 min)))*
220 server1.isocast.it - Welcome to Qmail Toaster Ver. 1.3 SMTP 
Server ESMTP

ehlo .xx
250-server1.isocast.it - Welcome to Qmail Toaster Ver. 1.3 SMTP Server
250-STARTTLS
250-PIPELINING
250-8BITMIME
250-SIZE 20971520
250 AUTH LOGIN PLAIN CRAM-MD5
quit
221 server1.isocast.it - Welcome to Qmail Toaster Ver. 1.3 SMTP Server
Connection closed by foreign host.
---end logs ---

You have a long delay after success connection till 220 response
Your server may be busy? No mem? dns problems? or anything else,

can you give us :
'w' and 'free -m' ?

--
T.Bogdan
http://www.direkt.ro
--
   




Nessun virus nel messaggio in arrivo.
Controllato da AVG -www.avg.com
Versione: 9.0.851 / Database dei virus: 271.1.1/3020 -  Data di rilascio: 
07/21/10 20:36:00

   



your resources seems to be fine, clamav mem usage it ok from my point
pls check system load > cat /proc/loadavg or with top ( htop )
pls check from server dns responses to resolve hostnames
last telnet test to your server: 127 sec delay after connection established
one more question, when you telnet from server ( localhost ) you have 
any delay?


--
T.Bogdan
http://www.direkt.ro
--

Re: [qmailtoaster] Very strange and huge problem with port 25 and Qmailtoaster

2010-07-22 Thread Toma Bogdan 

On 22/07/2010 10:31 AM, Mike Canty wrote:


If it is any consolation, we have a site where the ISP has blocked 
port 25 traffic to any other point except their own outgoing mail 
server.  This was noticed recently because the site is currently using 
mail hosted externally, and I have tried to install a qmail toaster 
machine and came across the block.


Could this be an ISP thing?

*From:* Digital Instruments [mailto:toasterl...@digital-instruments.com]
*Sent:* Thursday, 22 July 2010 4:39 PM
*To:* qmailtoaster-list@qmailtoaster.com
*Subject:* Re: [qmailtoaster] Very strange and huge problem with port 
25 and Qmailtoaster


The funny thing is that i haven't change nothing at all.
Is it possible i have been blacklisted on port 25 by zen spamhouse?

Also another problem happened yesterday, in the noon, we could not 
recieve e-mail from pop3 and ppl who recieved them were delayed by 30 
minutes.


Nothing special on logs the only strange thing i can see is in 
/var/log/qmail/smtp, this line:
vchkpw-smtp: vchkpw is only for talking with qmail-popup and 
qmail-pop3d. It is not for runnning on the command line.


Telnet port 25 today gives:
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 server1.isocast.it - Welcome to Qmail Toaster Ver. 1.3 SMTP Server 
ESMTP


Yesterday was giving both on localhost and remote the same messages 
given to you.


So.. i can't really understand what's going on...




Il 21/07/2010 16.17, Jake Vickers ha scritto:

On 07/21/2010 08:12 AM, Digital Instruments - Toaster List wrote:

Greetings List,
I'm running from 4 years qmail greatly without many problems, but 
today something very very bad happened.


>From this morning i can't send any e-mail from port 25 no matter if 
it's internal or external address. its not send at all.

I think something is blocking port 25 cause from IMAP i can send e-mail.

Can anyone help me, please? I need to have this port 25 working back.


IMAP does not send email. You can only send email on ports 25 and 587 
with a stock Qmailtoaster.
You have something going on - when telnetting to port 25, I do not 
receive a welcome banner:

[j...@jake-lapbox ~]$ time telnet mail.digital-instruments.com 25

Trying 79.14.157.43...
Connected to mail.digital-instruments.com.
Escape character is '^]'.
Connection closed by foreign host.

real0m0.381s
user0m0.000s
sys0m0.004s

But without more information it's almost impossible to even guess at 
what the problem may be.
What recently changed? Can you show us logs? What do you get when you 
telnet to port 25 at the localhost? Is there something in the network 
that may be intercepting this traffic?


  
  
  
Nessun virus nel messaggio in arrivo.
Controllato da AVG -www.avg.com    
Versione: 9.0.851 / Database dei virus: 271.1.1/3019 -  Data di rilascio: 07/21/10 08:36:00
  
   



-- start logs ---
Escape character is '^]'. *---> (((waiting here about 1 min)))*
220 server1.isocast.it - Welcome to Qmail Toaster Ver. 1.3 SMTP Server ESMTP
ehlo .xx
250-server1.isocast.it - Welcome to Qmail Toaster Ver. 1.3 SMTP Server
250-STARTTLS
250-PIPELINING
250-8BITMIME
250-SIZE 20971520
250 AUTH LOGIN PLAIN CRAM-MD5
quit
221 server1.isocast.it - Welcome to Qmail Toaster Ver. 1.3 SMTP Server
Connection closed by foreign host.


[...@nc07493 ~]$ telnet mail.digital-instruments.com 25
Trying 79.14.157.43...
Connected to mail.digital-instruments.com (79.14.157.43).
Escape character is '^]'. *---> (((waiting here about 1 min)))*
220 server1.isocast.it - Welcome to Qmail Toaster Ver. 1.3 SMTP Server ESMTP
ehlo .xx
250-server1.isocast.it - Welcome to Qmail Toaster Ver. 1.3 SMTP Server
250-STARTTLS
250-PIPELINING
250-8BITMIME
250-SIZE 20971520
250 AUTH LOGIN PLAIN CRAM-MD5
quit
221 server1.isocast.it - Welcome to Qmail Toaster Ver. 1.3 SMTP Server
Connection closed by foreign host.
---end logs ---

You have a long delay after success connection till 220 response
Your server may be busy? No mem? dns problems? or anything else,

can you give us :
'w' and 'free -m' ?

--
T.Bogdan
http://www.direkt.ro
--