Re: [qmailtoaster] chkuser issue
Jake Vickers wrote: Eric Shubert wrote: On a side note, could CHKUSER_ALLOW_SENDER_CHAR_3="/" be used for blackberries, without having to rebuild qmail-toaster? If so, I think this adds fodder to redoing the stock toaster chkuser defaults. I'm thinking that if options cannot be turned off dynamically (CHKUSER_SENDER_MX for example), then they should be left off at compile time and activated in the tcp.smtp file, so that they can be dynamically disabled if desired. It could very well be that we can simply use the stock chkuser defaults as they are, and use definitions in tcp.smtp for toaster variants. Or perhaps I'm just not awake yet (still dreaming). Qmailtoaster mostly uses the defaults for chkuser and you can adjust some variables as necessary in the tcp.smtp file. I do not think you can just define compilation flags like that in the tcp.smtp file, but I have never tried either. May be something I learn as well! I used to think this as well until I looked that this (updated) documentation. Perhaps the capability was added as some point. I just see that there's CHKUSER_RCPTLIMIT="50" in the tcp.smtp file, and a corresponding entry in the .h configuration. If it works for this parameter, why not the others? I don't see anything on that web page which says one way or another. If an option cannot be dynamically controlled it will need to be defined in the code. That's why I wanted to start a matrix of options on the devel list and kinda steer how the options would be set as defaults in the next update. I was trying to get the community's opinion and adjust the defaults according to that. I understand that, and I think it's still a valid thing to do. I'm simply suggesting that whatever settings we choose for the stock toaster perhaps should be set in the tcp.smtp file, instead of hard coded changes (another patch) to the chkuser defaults. I personally think that options such as checking the sender's MX record are valid - if you get a message from an invalid MX (or no MX), how do you bounce messages for the other admin to know he has a misconfigured system? I think turning options like this one off will cause more headaches and bad public opinion than they would provide a benefit. I'm not suggesting to turn it off. I'm suggesting we turn it on in the tcp.smtp file instead of not having the option to turn it off. Dynamic good. Hard coded bad. ;) -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] chkuser issue
Eric Shubert wrote: On a side note, could CHKUSER_ALLOW_SENDER_CHAR_3="/" be used for blackberries, without having to rebuild qmail-toaster? If so, I think this adds fodder to redoing the stock toaster chkuser defaults. I'm thinking that if options cannot be turned off dynamically (CHKUSER_SENDER_MX for example), then they should be left off at compile time and activated in the tcp.smtp file, so that they can be dynamically disabled if desired. It could very well be that we can simply use the stock chkuser defaults as they are, and use definitions in tcp.smtp for toaster variants. Or perhaps I'm just not awake yet (still dreaming). Qmailtoaster mostly uses the defaults for chkuser and you can adjust some variables as necessary in the tcp.smtp file. I do not think you can just define compilation flags like that in the tcp.smtp file, but I have never tried either. May be something I learn as well! If an option cannot be dynamically controlled it will need to be defined in the code. That's why I wanted to start a matrix of options on the devel list and kinda steer how the options would be set as defaults in the next update. I was trying to get the community's opinion and adjust the defaults according to that. I personally think that options such as checking the sender's MX record are valid - if you get a message from an invalid MX (or no MX), how do you bounce messages for the other admin to know he has a misconfigured system? I think turning options like this one off will cause more headaches and bad public opinion than they would provide a benefit. - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] chkuser issue
Jake Vickers wrote: Mike Canty wrote: Eric, Sorry, but what you have suggested, is not working for me. I have altered the tcp.smtp file with your suggestion. I have included a line exactly like the 127. Line but changed the IP address to be 192.168.xxx. (obviously the xxx is a number). I was having messages on the sending server, but I have corrected these. A line from the maillog on the sending server reads as below (the actual server that is sending the message is shown here as "r...@server.domainname.com.au", the recipient is "u...@anotherdomainname.com.au" and the relay is the recipient mail server Aug 19 14:13:25 server sendmail[2101]: n7J4hPKb002101: from=root, size=357, class=0, nrcpts=1, msgid=<200908190443.n7j4hpkb002...@server.domainname.com.au>, relay=r...@localhost Aug 19 14:13:26 server sendmail[2102]: n7J4hPPH002102: from=, size=697, class=0, nrcpts=1, msgid=<200908190443.n7J4hPKb002101@ server.domainname.com.au>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1] Aug 19 14:13:26 server sendmail[2101]: n7J4hPKb002101: to=u...@anotherdomain.com.au, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30357, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n7J4hPPH002102 Message accepted for delivery) Aug 19 14:13:26 server sendmail[2104]: STARTTLS=client, relay=mailserver.anotherdomain.com.au., version=TLSv1/SSLv3, verify=FAIL, cipher=AES256-SHA, bits=256/256 From what I can gather here the message was sent OK from the originating server. However, the message is still showing as below. The original message was received at Wed, 19 Aug 2009 14:13:25 +0930 from localhost.localdomain [127.0.0.1] - The following addresses had permanent fatal errors - (reason: 511 sorry, can't find a valid MX for sender domain (#5.1.1 - chkuser)) The settings for chkuser to verify a valid MX record for the sending domain (TTBOMK) cannot be changed with a switch. It can only be changed by editing the source code and recompiling. You will need to have that sender get a valid MX record created or create your own DNS entry to allow it through. See http://www.interazioni.it/opensource/chkuser/documentation/chkuser_settings.html I believe you can add a variable definition to your line in tcp.smtp that tells chkuser not to check this. Since CHKUSER_SENDER_MX is already set at compile time, I don't know how you'd unset it using an environment variable. Looks like you can turn off chkuser entirely though. See CHKUSER_STARTING_VARIABLE. If I'm reading that right, if you add "CHKUSER_STARTING_VARIABLE=CU_START_VAR,CU_START_VAR=none" would turn off chkuser entirely for that connection. On a side note, could CHKUSER_ALLOW_SENDER_CHAR_3="/" be used for blackberries, without having to rebuild qmail-toaster? If so, I think this adds fodder to redoing the stock toaster chkuser defaults. I'm thinking that if options cannot be turned off dynamically (CHKUSER_SENDER_MX for example), then they should be left off at compile time and activated in the tcp.smtp file, so that they can be dynamically disabled if desired. It could very well be that we can simply use the stock chkuser defaults as they are, and use definitions in tcp.smtp for toaster variants. Or perhaps I'm just not awake yet (still dreaming). -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] chkuser issue
Mike Canty wrote: Eric, Sorry, but what you have suggested, is not working for me. I have altered the tcp.smtp file with your suggestion. I have included a line exactly like the 127. Line but changed the IP address to be 192.168.xxx. (obviously the xxx is a number). I was having messages on the sending server, but I have corrected these. A line from the maillog on the sending server reads as below (the actual server that is sending the message is shown here as "r...@server.domainname.com.au", the recipient is "u...@anotherdomainname.com.au" and the relay is the recipient mail server Aug 19 14:13:25 server sendmail[2101]: n7J4hPKb002101: from=root, size=357, class=0, nrcpts=1, msgid=<200908190443.n7j4hpkb002...@server.domainname.com.au>, relay=r...@localhost Aug 19 14:13:26 server sendmail[2102]: n7J4hPPH002102: from=, size=697, class=0, nrcpts=1, msgid=<200908190443.n7J4hPKb002101@ server.domainname.com.au>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1] Aug 19 14:13:26 server sendmail[2101]: n7J4hPKb002101: to=u...@anotherdomain.com.au, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30357, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n7J4hPPH002102 Message accepted for delivery) Aug 19 14:13:26 server sendmail[2104]: STARTTLS=client, relay=mailserver.anotherdomain.com.au., version=TLSv1/SSLv3, verify=FAIL, cipher=AES256-SHA, bits=256/256 From what I can gather here the message was sent OK from the originating server. However, the message is still showing as below. The original message was received at Wed, 19 Aug 2009 14:13:25 +0930 from localhost.localdomain [127.0.0.1] - The following addresses had permanent fatal errors - (reason: 511 sorry, can't find a valid MX for sender domain (#5.1.1 - chkuser)) The settings for chkuser to verify a valid MX record for the sending domain (TTBOMK) cannot be changed with a switch. It can only be changed by editing the source code and recompiling. You will need to have that sender get a valid MX record created or create your own DNS entry to allow it through. - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] chkuser issue
Eric, Sorry, but what you have suggested, is not working for me. I have altered the tcp.smtp file with your suggestion. I have included a line exactly like the 127. Line but changed the IP address to be 192.168.xxx. (obviously the xxx is a number). I was having messages on the sending server, but I have corrected these. A line from the maillog on the sending server reads as below (the actual server that is sending the message is shown here as "r...@server.domainname.com.au", the recipient is "u...@anotherdomainname.com.au" and the relay is the recipient mail server Aug 19 14:13:25 server sendmail[2101]: n7J4hPKb002101: from=root, size=357, class=0, nrcpts=1, msgid=<200908190443.n7j4hpkb002...@server.domainname.com.au>, relay=r...@localhost Aug 19 14:13:26 server sendmail[2102]: n7J4hPPH002102: from=, size=697, class=0, nrcpts=1, msgid=<200908190443.n7J4hPKb002101@ server.domainname.com.au>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1] Aug 19 14:13:26 server sendmail[2101]: n7J4hPKb002101: to=u...@anotherdomain.com.au, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30357, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n7J4hPPH002102 Message accepted for delivery) Aug 19 14:13:26 server sendmail[2104]: STARTTLS=client, relay=mailserver.anotherdomain.com.au., version=TLSv1/SSLv3, verify=FAIL, cipher=AES256-SHA, bits=256/256 >From what I can gather here the message was sent OK from the originating server. However, the message is still showing as below. The original message was received at Wed, 19 Aug 2009 14:13:25 +0930 from localhost.localdomain [127.0.0.1] - The following addresses had permanent fatal errors - (reason: 511 sorry, can't find a valid MX for sender domain (#5.1.1 - chkuser)) - Transcript of session follows - ... while talking to mailserver.anotherdomain.com.au.: >>> MAIL From: SIZE=955 <<< 511 sorry, can't find a valid MX for sender domain (#5.1.1 - chkuser) 554 5.0.0 Service unavailable I have added the "server.domainname.com.au" to the hosts file so it can resolve the IP correctly. Should I change the line in the tcp.smtp file from 192.168.xxx.:allow,RELAYCLIENT="",DKSIGN="/var/qmail/control/domainkeys/%/pr ivate",NOP0FCHECK="1" To server.domainname.com.au:allow,RELAYCLIENT="",DKSIGN="/var/qmail/control/dom ainkeys/%/private",NOP0FCHECK="1" Or am I just loosing the plot Cheers Mike Canty -Original Message- From: news [mailto:n...@ger.gmane.org] On Behalf Of Eric Shubert Sent: Wednesday, 19 August 2009 12:08 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] chkuser issue If the sending (backup) server has a static IP address, you can add it to your /etc/tcprules.d/tcp.smtp file with a record like the 127.0.0.1 record that's there. Put it after the 127. record, but before the last one. Using the full IP address is preferable to (more secure than) a partial address (range). This will allow open (non-authenticated) relay from that server. You'd better be sure that it won't start spewing out spam though. ;) It's also a slight security risk, due to IP address spoofing. Don't forget to # service qmail cdb after changing that file. Mike Canty wrote: > I have a problem with one server sitting on an outside site. This server in > a Fedora core 7 box, and it purpose it to house backup data. That's it. We > have setup a crontab script to send the Logwatch details via Email. This > site has a Windows 2003 Server managing the users, etc., but mail (at this > stage is with an outside ISP) > > Until we bring their mail to my Qmail server, I have a problem with messages > from this backup server. > > Mail messages are being rejected by our server because of chkuser. See > reason below > > (reason: 511 sorry, can't find a valid MX for sender domain (#5.1.1 - > chkuser)) >- Transcript of session follows - > ... while talking to colloweb.collotype.com.au.: >>>> MAIL From: SIZE=1863 > <<< 511 sorry, can't find a valid MX for sender domain (#5.1.1 - chkuser) > 554 5.0.0 Service unavailable > > Is there a way we can allow the actual user through chkuser? I don't want > to allow this one at the expense of allowing others through, just this one. > > I have tried aliasing the messages through the external ISP, but the same > problem occurs. > > Maybe I should try and modify the Sendmail configuration on the sending > server. Not my preferred option. > > Cheers > Mike Canty > > > > > --
Re: [qmailtoaster] chkuser issue
Same exact code. Just different ways of getting there. Phil Leinhauser wrote: Hmmm I didn't know about "Service qmail cdb" I always use "qmailctl cdb". I assume same thing? -Original Message- From: news [mailto:n...@ger.gmane.org] On Behalf Of Eric Shubert Sent: Tuesday, August 18, 2009 10:38 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] chkuser issue If the sending (backup) server has a static IP address, you can add it to your /etc/tcprules.d/tcp.smtp file with a record like the 127.0.0.1 record that's there. Put it after the 127. record, but before the last one. Using the full IP address is preferable to (more secure than) a partial address (range). This will allow open (non-authenticated) relay from that server. You'd better be sure that it won't start spewing out spam though. ;) It's also a slight security risk, due to IP address spoofing. Don't forget to # service qmail cdb after changing that file. Mike Canty wrote: I have a problem with one server sitting on an outside site. This server in a Fedora core 7 box, and it purpose it to house backup data. That's it. We have setup a crontab script to send the Logwatch details via Email. This site has a Windows 2003 Server managing the users, etc., but mail (at this stage is with an outside ISP) Until we bring their mail to my Qmail server, I have a problem with messages from this backup server. Mail messages are being rejected by our server because of chkuser. See reason below (reason: 511 sorry, can't find a valid MX for sender domain (#5.1.1 - chkuser)) - Transcript of session follows - ... while talking to colloweb.collotype.com.au.: MAIL From: SIZE=1863 <<< 511 sorry, can't find a valid MX for sender domain (#5.1.1 - chkuser) 554 5.0.0 Service unavailable Is there a way we can allow the actual user through chkuser? I don't want to allow this one at the expense of allowing others through, just this one. I have tried aliasing the messages through the external ISP, but the same problem occurs. Maybe I should try and modify the Sendmail configuration on the sending server. Not my preferred option. Cheers Mike Canty - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] chkuser issue
Hmmm I didn't know about "Service qmail cdb" I always use "qmailctl cdb". I assume same thing? -Original Message- From: news [mailto:n...@ger.gmane.org] On Behalf Of Eric Shubert Sent: Tuesday, August 18, 2009 10:38 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] chkuser issue If the sending (backup) server has a static IP address, you can add it to your /etc/tcprules.d/tcp.smtp file with a record like the 127.0.0.1 record that's there. Put it after the 127. record, but before the last one. Using the full IP address is preferable to (more secure than) a partial address (range). This will allow open (non-authenticated) relay from that server. You'd better be sure that it won't start spewing out spam though. ;) It's also a slight security risk, due to IP address spoofing. Don't forget to # service qmail cdb after changing that file. Mike Canty wrote: > I have a problem with one server sitting on an outside site. This server in > a Fedora core 7 box, and it purpose it to house backup data. That's it. We > have setup a crontab script to send the Logwatch details via Email. This > site has a Windows 2003 Server managing the users, etc., but mail (at this > stage is with an outside ISP) > > Until we bring their mail to my Qmail server, I have a problem with messages > from this backup server. > > Mail messages are being rejected by our server because of chkuser. See > reason below > > (reason: 511 sorry, can't find a valid MX for sender domain (#5.1.1 - > chkuser)) >- Transcript of session follows - > ... while talking to colloweb.collotype.com.au.: >>>> MAIL From: SIZE=1863 > <<< 511 sorry, can't find a valid MX for sender domain (#5.1.1 - chkuser) > 554 5.0.0 Service unavailable > > Is there a way we can allow the actual user through chkuser? I don't want > to allow this one at the expense of allowing others through, just this one. > > I have tried aliasing the messages through the external ISP, but the same > problem occurs. > > Maybe I should try and modify the Sendmail configuration on the sending > server. Not my preferred option. > > Cheers > Mike Canty > > > > > - > Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) > Vickers Consulting Group offers Qmailtoaster support and installations. > If you need professional help with your setup, contact them today! > - > Please visit qmailtoaster.com for the latest news, updates, and packages. > > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > > > -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] chkuser issue
If the sending (backup) server has a static IP address, you can add it to your /etc/tcprules.d/tcp.smtp file with a record like the 127.0.0.1 record that's there. Put it after the 127. record, but before the last one. Using the full IP address is preferable to (more secure than) a partial address (range). This will allow open (non-authenticated) relay from that server. You'd better be sure that it won't start spewing out spam though. ;) It's also a slight security risk, due to IP address spoofing. Don't forget to # service qmail cdb after changing that file. Mike Canty wrote: I have a problem with one server sitting on an outside site. This server in a Fedora core 7 box, and it purpose it to house backup data. That's it. We have setup a crontab script to send the Logwatch details via Email. This site has a Windows 2003 Server managing the users, etc., but mail (at this stage is with an outside ISP) Until we bring their mail to my Qmail server, I have a problem with messages from this backup server. Mail messages are being rejected by our server because of chkuser. See reason below (reason: 511 sorry, can't find a valid MX for sender domain (#5.1.1 - chkuser)) - Transcript of session follows - ... while talking to colloweb.collotype.com.au.: MAIL From: SIZE=1863 <<< 511 sorry, can't find a valid MX for sender domain (#5.1.1 - chkuser) 554 5.0.0 Service unavailable Is there a way we can allow the actual user through chkuser? I don't want to allow this one at the expense of allowing others through, just this one. I have tried aliasing the messages through the external ISP, but the same problem occurs. Maybe I should try and modify the Sendmail configuration on the sending server. Not my preferred option. Cheers Mike Canty - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com