Re: First time denysoft plugin
I must be missing something, I often see 100's of SPAM coming from an IP. How is doing a DENYSOFT to only the first one going to help? > On Friday, May 30, 2003, at 19:35 Europe/London, Devin Carraway wrote: > > > On Fri, May 30, 2003 at 10:04:24PM +1000, Gavin Carr wrote: > >> A while ago Matt Sergeant mentioned he'd implemented a plugin that he > >> couldn't release that returned a denysoft on the first connection from > >> an IP address, on the theory that spammers don't queue, they just fire > > > > Hmm, that reminds me -- Matt, it's been a couple of months, how's it > > been working out for you? > > I turned it off because I wanted to be receiving my full quota of spam > (for statistical training and various other stats I use my spam for). I > guess I could have modified it to DENYSOFT after DATA and record the > full email somewhere anyway, but I took the easy option. > > Up to that point I would say it took out about 60% of my spam, and zero > false positives. > > Matt. >
Proxy servers and SPAM
It seems that much SPAM originates from hijacked open proxy servers. http://www.fr2.cyberabuse.org/?page=abuse-proxy http://spamcop.net/fom-serve/cache/278.html It would be possible to make a plugin, that on the SMTP connect, takes the remote IP address and does a quick check for an open proxy on the remote IP address. If it finds an open proxy, it could block the connection, and add the IP to a local DB of IPs to block. It could also remember the IPs that passed if that made sense from a performance standpoint. Would a plug-in like this be a useful tool? Worth writing? More Background === An open proxy test appears to be fairly easy: From: http://cert.uni-stuttgart.de/archive/incidents/2002/12/msg00044.html There are programs to scan for open proxy servers, but you can also just try using nmap on well-known proxy ports (1080,8080,3128... sometimes 80 and 81). Then telnet to the port and try something like: "GET http://www.yahoo.com/ HTTP/1.0" and hit enter twice. This indicates they are at least open to HTTP proxying. This is a problem, but it's not as bad as some servers, which allow you to connect out on any port. For your spam example, try "CONNECT x.x.x.x:25 HTTP/1.0" where x.x.x.x is the address of some mailserver you own. If you get the SMTP banner, your suspicions are confirmed. Info on the Analogx proxy server: From: http://groups.google.com/groups?q=analogx+spam&hl=en&lr=&ie=UTF-8&selm=c0-dnWpdCPkk5lajXTWcrg%40inte rnetpro.net&rnum=1 AnalogX Proxy, a free proxy-server program that has been downloaded by more than a million people, is automatically in the open state when it is first installed. Mark Thompson, the author of AnalogX, said he had rebuffed the requests of many antispam activists to distribute the software with the security features already activated because doing so would make it harder to set up. "The biggest plug for the proxy is it is really easy to get it running," he explained. Mr. Thompson said he did try to achieve a compromise by revising the program to give people a warning about security problems every time it starts. Even so, Wirehub, a Dutch Internet service provider, says that 45,000 of the 150,000 open proxy servers it has identified as sending spam appear to be using AnalogX. Jim James H. Thompson [EMAIL PROTECTED]
Re: problem with pperl
I found that speedyCGI worked much better than pperl -- at least on my systems.
Jim
James H. Thompson
[EMAIL PROTECTED]
- Original Message -
From: "Meng Weng Wong" <[EMAIL PROTECTED]>
To: "Matt Sergeant" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Sunday, July 27, 2003 12:51 PM
Subject: problem with pperl
> I was using pperl to run qpsmtpd. It was pegging the CPU. I tried to
> shut it down:
>
> 20030727-18:48:34 [EMAIL PROTECTED]:/# postfix stop
> postfix/postfix-script: stopping the Postfix mail system
> 20030727-18:48:51 [EMAIL PROTECTED]:/# svc -d /service/proxy
> 20030727-18:48:55 [EMAIL PROTECTED]:/# svc -d /service/content-filter
> 20030727-18:49:00 [EMAIL PROTECTED]:/# cd ~qpsmtpd
> 20030727-18:49:02 [EMAIL PROTECTED]:~qpsmtpd# pperl -k proxy/qpsmtpd; pperl -k
> content-filter/qpsmtpd
>18:49:49 up 108 days, 1:51, 6 users, load average: 3.99, 3.96, 3.05
> 209 processes: 200 sleeping, 4 running, 3 zombie, 2 stopped
> CPU states: 10.4% user 5.1% system 0.5% nice 0.0% iowait 83.8% idle
> Mem: 450868k av, 408752k used, 42116k free, 0k shrd, 20868k buff
> 73400k active, 306192k inactive
> Swap: 268080k av, 148388k used, 119692k free 227360k cached
>
> PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND
> 30171 root 20 0 704 592 564 R48.7 0.1 468:50 0 /icg/bin/pperl
> -Tw ./qpsmtpd
> 19014 root 20 0 700 700 564 R48.0 0.1 466:40 0 /icg/bin/pperl
> -Tw ./qpsmtpd
> 11130 root 18 0 1080 1080 744 R11.6 0.2 0:00 0 top -c
>9646 mengwong 15 10 14512 14M 2256 R N 1.4 3.2 0:04 0 web server:
> pobox.com/~user
redirection
> 1 root 8 0 496 472 440 S 0.0 0.1 0:11 0 init [3] --init
> 2 root 9 0 00 0 SW0.0 0.0 0:00 0 keventd
> 3 root 19 19 00 0 SWN 0.0 0.0 0:05 0 ksoftirqd_CPU0
> 4 root 9 0 00 0 SW0.0 0.0 15:27 0 kswapd
> 5 root 9 0 00 0 SW0.0 0.0 0:05 0 bdflush
> 6 root 9 0 00 0 SW0.0 0.0 12:03 0 kupdated
> 8 root 18446744073709551615 -20 00 0 SW< 0.0 0.0 0:00 0
> mdrecoveryd
> 9 root 18446744073709551615 -20 00 0 SW< 0.0 0.0 0:00 0
> raid1d
> 10 root 18446744073709551615 -20 00 0 SW< 0.0 0.0 0:00 0
> raid1d
> 11 root 18446744073709551615 -20 00 0 SW< 0.0 0.0 0:00 0
> raid1d
> 12 root 18446744073709551615 -20 00 0 SW< 0.0 0.0 0:00 0
> raid1d
> 528 rpcuser9 0 336 248 244 S 0.0 0.0 0:00 0 rpc.statd
> 605 root 9 0 356 280 200 S 0.0 0.0 18:58 0
> /usr/local/sbin/sshd
>1011 root 9 0 192 144 140 S 0.0 0.0 0:00 0 /sbin/mingetty
> tty1
>1012 root 9 0 192 144 140 S 0.0 0.0 0:00 0 /sbin/mingetty
> tty2
>1013 root 9 0 192 144 140 S 0.0 0.0 0:00 0 /sbin/mingetty
> tty3
>1014 root 9 0 192 144 140 S 0.0 0.0 0:00 0 /sbin/mingetty
> tty4
>1015 root 9 0 192 144 140 S 0.0 0.0 0:00 0 /sbin/mingetty
> tty5
>1016 root 9 0 192 144 140 S 0.0 0.0 0:00 0 /sbin/mingetty
> tty6
>1017 root 9 0 1116 804 576 S 0.0 0.1 0:14 0 /usr/bin/perl
> -sw-
/icg/bin/governor
>1020 root 9 0 876 604 420 S 0.0 0.1 0:00 0
> voter-spool-sizes: sleeping
since start o
>1042 root 9 0 252 200 196 S 0.0 0.0 0:00 0 logger -p
> local5.info -t
governor[1017]
>1043 root 9 0 252 200 196 S 0.0 0.0 0:00 0 logger -p
> local5.warn -t
governor[1017]
>1127 root 9 0 244 192 188 S 0.0 0.0 0:00 0 logger -p
> local5.info -t
voter-spool-size
>1128 root 9 0 244 232 188 S 0.0 0.0 0:00 0 logger -p
> local5.warn -t
voter-spool-size
>1514 mengwong 9 0 404 328 252 S 0.0 0.0 0:54 0 ssh-agent
>1847 mengwong 9 0 24788 20M 592 S 0.0 4.6 1649m 0 SCREEN
> 20030727-18:49:54 [EMAIL PROTECTED]:~qpsmtpd# strace -p 30171 |& head
> rt_sigaction(SIGPIPE, {0x403754cc, [PIPE], SA_RESTORER|SA_RESTART, 0x40165d48},
> {0x403754cc,
[PIPE], SA_RESTORER|SA_RESTART, 0x40165d48}, 8) = 0
> sigreturn() = ? (mask now [RTMIN])
> --- SIGPIPE (Broken pipe) @ 0 (0) ---
> kill(0, SIGPIPE)= 0
> rt_sigaction(SIG
Re: pop-before-smtp with mysql
I'm in the process of testing a plugin to do this. I'll post it as soon as I verify it works. Jim James H. Thompson [EMAIL PROTECTED] - Original Message - From: "Ashish Pawaskar" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, August 26, 2003 5:32 AM Subject: pop-before-smtp with mysql > Tuesday, August 26, 2003 > > Hello, > > I am using qmail+vpopmail with Mysql based authentication. > > vpopmail will add the IP of all who authenticate themselves with POP3 > to a mysql table (relayclients) > > I am trying to use qpsmtpd but I cannot find a pop-before-smtp plugin > anywhere! > > Can anyone give any pointers as to how i can have the check_relay > plugin check the mysql table? I can't figure out where I can find the > IP address of the sender. > > > Can anyone help? > > -- > Best regards, > Ashish mailto:[EMAIL PROTECTED] > > I've learned that simple walks with my father around the block on > summer nights when I was a child did wonders for me as an adult. > * > Internet Wizards - Professional web services! http://www.inwiz.com > * >
allow smtp relay after vpopmail POP3 session plugin
# This plugin enables relaying for any IP address that# has done a successful vpopmail POP3 session within# last 60 minutes.# vpopmail must have been compiled with SQL roaming support# i.e. something like:# ./configure \# --enable-mysql=y \# --enable-roaming-users=y \# --enable-relay-clear-minutes=180 \# --enable-rebuild-tcpserver-file=n# # To avoid doing an SQL DB lookup for every rcpt, one lookup is# done at the beginning of the connection, and the result is cached.# the rcpt_handler uses this cached result to process each rcpt request. # Config# --# create a file called: check_relay_after_pop# in the config directory# file must contain 4 values, one per line# sql DB Host name or IP# sql DB Name (usually 'vpopmail')# sql DB user name# sql DB user password## in the 'plugins' file in the config directory# add a line like this:# check_relay_after_pop# just BEFORE the line that says: check_relay## Relaying will be enabled if the IP is OK with this plugin,# or if OK with the check_relay plugin## If you want to run this plugin without also using the check_relay plugin# then you may need to change the DECLINED in the rcpt_handler to DENY# Jim James H. Thompson[EMAIL PROTECTED] check_relay_after_pop Description: Binary data
Files left in /var/spool/smtpd question
I've noticed that orphan files are being left in my /var/spool/smtpd. I'm running under SpeedyCGI, so don't know if this is a contributing factor. Going back through the logs all of the orphan files I checked have in common having triggered: in SMTP.pm in the 'data' sub: $self->respond(451, "See http://develooper.com/code/qpsmtpd/barelf.html";), exit if $_ eq ".\n"; I noticed that all of the other aborts in this routine use "return 1" instead of exit. Is there some reason this is an 'exit' instead of a return? Thanks. Jim James H. Thompson [EMAIL PROTECTED]
Re: Files left in /var/spool/smtpd question
Since $self->disconnect will do an exit after it calls the disconnect hooks,
you don't need the return in front of it.
I'm wondering if the same problem also occurs on a timeout.
Jim
James H. Thompson
[EMAIL PROTECTED]
- Original Message -
From: "Robert James Kaes" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, September 04, 2003 7:53 AM
Subject: Re: Files left in /var/spool/smtpd question
> On Thu, 04 Sep 2003, Ask Bj?rn Hansen wrote:
> > "Breaking out" at that point wouldn't work, as the client is just
> > spewing data to us until it tells us that it's done, so leaving the
> > connection open won't work. Exiting it what qmail-smtpd does (which
> > might or might not make it right :-) )
> >
> > I think what it needs to do is reset the transaction
> > ($self->reset_transaction) and then call disconnect.
>
> Would something like the following work?
> -- Robert
>
>
> --- qpsmtpd-0.26/lib/Qpsmtpd/SMTP.pm 2003-04-21 05:42:01.0 -0400
> +++ qpsmtpd.work/lib/Qpsmtpd/SMTP.pm 2003-09-04 13:50:36.0 -0400
> @@ -335,8 +335,14 @@
>while () {
> $complete++, last if $_ eq ".\r\n";
> $i++;
> -$self->respond(451, "See http://develooper.com/code/qpsmtpd/barelf.html";), exit
> - if $_ eq ".\n";
> +
> +# If we get an improper line, reset the transaction and disconnect
> +if ($_ eq ".\n") {
> + $self->respond(451, "See http://develooper.com/code/qpsmtpd/barelf.html";);
> + $self->reset_transaction;
> + return $self->disconnect;
> +};
> +
> # add a transaction->blocked check back here when we have line by line plugin
> access...
> unless (($max_size and $size > $max_size)) {
>s/\r\n$/\n/;
>
>
> --
> Robert James Kaes--- Flarenet Inc. ---(519) 426-3782
> http://www.flarenet.com/consulting/
> * Putting the Service Back in Internet Service Provider *
>
Re: sad logfiles
At least in the case of qsmptd running under SpeedyCGI, each instance of qpsmtpd gobbles progressively more memory for each message it processes until it finally hits the softlimit setting. Does that also happen running under Pperl? Jim James H. Thompson [EMAIL PROTECTED] - Original Message - From: "Matt Sergeant" <[EMAIL PROTECTED]> To: "Jim Winstead" <[EMAIL PROTECTED]> Cc: "Ask Bjørn Hansen" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, September 05, 2003 7:04 AM Subject: Re: sad logfiles > On 5 Sep 2003, at 17:52, Jim Winstead wrote: > > > i switched to using PPerl, which helped the load average, but it got > > stuck overnight and i had to kill a single qpsmtpd process to get > > things > > going again. i'll try to figure out what caused it to get stuck if it > > happens again. > > Make sure you run with --no-cleanup. qmsmtpd is clean enough to run > without that. > > Not sure if that will fix things. >
Re: clamav plugin
I think the clamav plugin is broken when used with the current release of clamav. I had to put in quite a few patches to get it work with the lastest clamav. Jim James H. Thompson [EMAIL PROTECTED] - Original Message - From: "Sam Laffere" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, September 11, 2003 11:42 AM Subject: clamav plugin > I can not get the clamav plugin to catch any viruses that I am attaching and > sending with email. The details of the setup follow first, and then some of > the things I have done to pinpoint the problem. > I think that the problem is one of two places. Either the attachment is > encoded in such a way that it is not detected when passed to clamscan, or > the method of passing it into clamscan is at fault. Not being a programmer, > I am stuck at this point and am looking for help. > > If I have overlooked a source of information regarding setting this up, I > apologize, and would like to shown the link. > > Thank You, > Sam Laffere > > > > System Details > Linux 2.4.20 > qpsmtpd 0.26 > clamav 0.60 > > I have ftp'd the file virus-mimail into my home directory, and clamscan > finds and reports it just fine. > > > * > newqmail:/home/clamav# clamscan /home/lafferes/virus-mimail > /home/lafferes/virus-mimail: Trojan.Dropper.C FOUND > > --- SCAN SUMMARY --- > Known viruses: 9577 > Scanned directories: 0 > Scanned files: 1 > Infected files: 1 > ... > > * > > I have modified the plugin line as follows > > **original* > my $cmd = > "/usr/local/bin/clamscan --stdout -i --max-recursion=50 --disable-summary > $filename 2>&1"; > results follow: > > 11541 running plugin clamav > 11541 clamav plugin: Running: > /usr/local/bin/clamscan --stdout -i --max-recursion=50 --disable-summary > /tmp/s3FgMwMfFQ 2>&1 > 11541 clamav plugin: clamscan results: > > > *modified > my $cmd = > "/usr/local/bin/clamscan --stdout -i --max-recursion=50 --disable-summary > /home/username/virus-mimail 2>&1"; > > and the results are thus. > 11471 running plugin clamav > 11471 clamav plugin: Running: > /usr/local/bin/clamscan --stdout -i --max-recursion=50 --disable-summary > /home/lafferes/virus-mimail 2>&1 > 11471 clamav plugin: clamscan results: Trojan.Dropper.C > 11471 clamav plugin: Virus(es) found > > >
Memory footprint
I've been looking at the memory usage of qpsmtpd.
When you are running a 100 copies, it starts to add up.
I wrote a small test program to track the memory requirements (VmSize) of some of the
perl libraries
used by qpsmtpd.
Here is what I found:
cd /home/smtpd
./test.pl 100
use Qpsmtpd::Connection consumed: 24 KB bytes
use Qpsmtpd::Transaction consumed: 956 KB bytes
use Qpsmtpd::Plugin consumed: 16 KB bytes
use Qpsmtpd::Constants consumed: 0 KB bytes
use Mail::Address () consumed: 116 KB bytes
use Mail::Header () consumed: 216 KB bytes
use IPC::Open2 consumed: 92 KB bytes
use Data::Dumper consumed: 328 KB bytes
use POSIX qw(strftime) consumed: 340 KB bytes
use Net::DNS consumed: 1764 KB bytes
$MAIN::x = ("a" x 1024) x $ARGV[0] consumed: 232 KB bytes
*** Done ***
On a slow machine, there is a noticable pause as the larger libraries load.
The source for the test program is attached.
Jim
James H. Thompson
[EMAIL PROTECTED]
test.pl
Description: Binary data
Re: Memory footprint
Robert Spier wrote: >At Mon, 15 Sep 2003 04:01:22 -0700, >Ask Bjørn Hansen wrote: >> >> >> On Sunday, Sep 14, 2003, at 16:25 America/Los_Angeles, James H. >> Thompson wrote: >> >> > I've been looking at the memory usage of qpsmtpd. >> > When you are running a 100 copies, it starts to add up. >> >> If you used PPerl, wouldn't most of it get shared? > >Yes. I'm wondering if this is the case, as it looks like pperl does a fork for each child which would copy all of the perl code and data to a new process -- i.e. no sharing of the perl code or data. Jim James H. Thompson [EMAIL PROTECTED]
Verisign breaks require_resolvable_fromhost plugin
This article explains what Verisign has done for lookups of non-existing host names.
http://www.theregister.co.uk/content/6/32852.html
If you are using the:
require_resolvable_fromhost
plugin, it just stopped working because all host names resolve to an IP whether the
exist or not.
I made a quick patch so the loop in the plugin now reads:
if ($query) {
foreach my $rr ($query->answer) {
# if this host, its the verisign catch all domain address
# for non-existing domains
# see: http://www.theregister.co.uk/content/6/32852.html
if ($rr->type eq "A" && $rr->address eq "64.94.110.11") {
print STDERR "Verisign catchall IP for: $host\n";
return 0;
}
return 1 if $rr->type eq "A" or $rr->type eq "MX";
}
}
Jim
James H. Thompson
[EMAIL PROTECTED]
Re: qpsmtpd on windows?
Was looking at code for SelectServer. Saw: $self->respond(451, "See http://develooper.com/code/qpsmtpd/barelf.html";), exit if $_ eq ".\n"; Is is really suppose to 'exit' here? Jim James H. Thompson [EMAIL PROTECTED] - Original Message - From: "Matt Sergeant" <[EMAIL PROTECTED]> To: "Gavin Carr" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, November 17, 2003 9:43 PM Subject: Re: qpsmtpd on windows? > On 17 Nov 2003, at 22:46, Gavin Carr wrote: > > > > > From the masochism department: anyone tried getting qpsmtpd up on > > Windows > > platform (presumably in smtp-proxy mode rather than qmail mode)? Any > > thoughts on how easy or difficult this might be? > > With the new SelectServer (only in CVS) it should be possible. Probably > not possible with tcpserver. >
Re: Valid account checks for vpopmail users
Does this patch support vpopmail domains that have a 'catch-all' address, and
conversely ones that
do not?
Jim
James H. Thompson
[EMAIL PROTECTED]
- Original Message -
From: "Bryan Scott" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, November 26, 2003 5:55 AM
Subject: Re: Valid account checks for vpopmail users
>
> Forgot to include the list on this one...
>
> I've added the following code to the check_delivery plugin to check vpopmail
> using 'vuserinfo'. It then proceeds to check for .qmail files and everything
> else as normal.
>
> My apologies for not having it "patch" ready, but it should be a simple copy and
> paste solution.
>
> -- Bryan
>
> CertaintyTech wrote:
>
> > I see on the qpsmtpd home page that it states "Can be configured to know
> > about local addresses and bounce invalid addresses at the smtp level.".
> > Has any one created a plugin for vpopmail?
> >
> > Also, is there someone to search the archives? Appears that the archive
> > site is not searchable.
> >
> > Thanks for any tips,
> > ---
> > Ed
>
> # --- Start after this line:
>
>return (DECLINED) unless $local;
>
> # --- my modification includes defining $count sooner...
>
>my $count;
>
> # --- Then call vuserinfo -- could probably be done cleaner; IWFM :)
>
># first check vpopmail
>if (-f "/home/vpopmail/bin/vuserinfo") {
>my $result = `/home/vpopmail/bin/vuserinfo -n $delivery`;
>chomp($result);
># logging only needed for debugging
>$self->log(0,"Checked vpopmail: name = $result");
>$count = 1 if ($result eq lc($user)); # continue on
>}
>
># expand the address
>my @deliverylist = $self->expand_address($delivery);
>
># allow other plugins to hook into the results of this one
>$self->qp->run_hooks("user_delivery", $delivery, @deliverylist);
>
> # --- then add the vpopmail count to whatever expand_address was able to find
>
>$count .= $#deliverylist + 1;
>my $msg;
>
> # back to existing code
>
>
>
>
>
>
>
Re: SMTP AUTH
WIll the Perl CPAN module Crypt::PasswdMD5 do what you need? Jim James H. Thompson [EMAIL PROTECTED] - Original Message - From: "Mike Williams" <[EMAIL PROTECTED]> To: "qpsmtpd" <[EMAIL PROTECTED]> Sent: Tuesday, December 16, 2003 12:40 AM Subject: Re: SMTP AUTH On Monday 15 December 2003 19:49, Peter J. Holzer wrote: > > Isn't that only true if you implement the CRAM-MD5 mechanism? IOW, PLAIN > > and LOGIN can be done without storing plaintext passwords. > > Yes. PLAIN and LOGIN can hash the transmitted password and compare > against a stored hash, e.g., as created by the Unix crypt function. I had a bit of a fiddle last night with Digest::MD5 and crypt, in an attempt to make it encrypt a phrase in the same manner as /etc/shadow. If either will then we can authenticate against /etc/shadow itself, or where ever you wish to store MD5/crypt passwords, no matter which SASL authentication type is used. PAM is a possibility too, but I truely hate perls "documentation", and was too tired to think much. -- Mike Williams Systems Administrator â Comodo Research Lab Ltd Invent  Secureâ Office Tel Europe: +44 (0) 1274 730 505 Fax Europe: +44 (0) 1274 730 909. www.comodogroup.com, www.trustix.com, www.enterprisessl.com, www.seeos.com
MAPS DNS Blackhole list and dnsbl plugin
The MAPS (http://mail-abuse.org/) blackhole list doesn't appear to include DNS TXT
records -- only DNS A records.
The dnsbl plugin does lookups like this:
$sel->add($res->bgsend("$reversed_ip.$dnsbl", "TXT"));
Thus it never finds any entries in a MAPS Blackhole list.
The logic later in the dnsbl plugin is setup to process DNS A records in the query
results, so I changed the line above to:
$sel->add($res->bgsend("$reversed_ip.$dnsbl"));
And all is working fine now.
Jim
James H. Thompson
[EMAIL PROTECTED]
Re: dnsbl functionality
I posted a patch a while back to make dnsbl work with A records. Don't know if its been changed in CVS. Jim James H. Thompson [EMAIL PROTECTED] - Original Message - From: "Mark Powell" <[EMAIL PROTECTED]> Cc: "qpsmtpd ML" <[EMAIL PROTECTED]> Sent: Monday, January 19, 2004 3:17 AM Subject: Re: dnsbl functionality > On Sat, 3 Jan 2004, Roger Walker wrote: > > > Previously, I had used a patched rblsmtpd that would work with > > "TXT" records and with the patch, with "A" records (the admin supplied the > > text to go along with the rejection message). Another item it supplied was > > the ability to treat an RBL as a whitelist (so that if you had lots of > > RBLs in the list to wait for, you could have your own reverse RBL that > > would speed the connection for known/approved IPs. > > Does the dnsbl not work with services like RBL+ that do not provide TXT > records? > Cheers. > > > > > From my limited ability to figure out the dnsbl plugin supplied in > > the current package, it looks like it will only work as I would expect > > with "TXT" records. Having said that, I suppose if I only used it with > > a single RBL using "A" records, I could change the $result text to > > whatever I want and be done with it. > > > > And it doesn't look like there is a reverse RBL function. Am I > > making the right assumptions? > > > > Thanks. > > > > > > -- > Mark Powell - UNIX System Administrator - The University of Salford > Information Services Division, Clifford Whitworth Building, > Salford University, Manchester, M5 4WT, UK. > Tel: +44 161 295 4837 Fax: +44 161 295 5888 www.pgp.com for PGP key >
Re: dnsbl functionality
If the query is to the authorative server it should return both A and TXT records.
But if not the authorative server, then yes patch is less than perfect.
Jim
James H. Thompson
[EMAIL PROTECTED]
- Original Message -
From: "Mark Powell" <[EMAIL PROTECTED]>
To: "James H. Thompson" <[EMAIL PROTECTED]>
Cc: "qpsmtpd ML" <[EMAIL PROTECTED]>
Sent: Tuesday, January 20, 2004 12:49 AM
Subject: Re: dnsbl functionality
> On Mon, 19 Jan 2004, James H. Thompson wrote:
>
> > I posted a patch a while back to make dnsbl work with A records.
> > Don't know if its been changed in CVS.
>
> The patches that changes one line in dnsbl to this?
>
> $sel->add($res->bgsend("$reversed_ip.$dnsbl"));
>
> That performs a query for ANY record, which means services that have A &
> TXT records (all?) will return the A record and not the TXT record.
> Need functionality similar to rblsmtpd where if the service only has an
> A record, then you can specify the URL i.e.
>
> --config/dnsbl_zones-
> sbl-xbl.spamhaus.org
> list.dsbl.org
> rbl-plus.mail-abuse.ja.net:Listed by rbl-plus.mail-abuse.ja.net - see
http://www.mail-abuse.org/cgi-bin/lookup?%IP%>
> relays.ordb.org
> -
>
> Time to look at how dnsbl works :)
> Cheers.
>
> --
> Mark Powell - UNIX System Administrator - The University of Salford
> Information Services Division, Clifford Whitworth Building,
> Salford University, Manchester, M5 4WT, UK.
> Tel: +44 161 295 4837 Fax: +44 161 295 5888 www.pgp.com for PGP key
>
Re: Fork server benchmarks
I ran a few small tests on an old slow system and only looked at messages/second. Based on my very limited testing SpeedyCGI is slightly faster than forkserver There could easily be some problems in my test evironment, so these results are more a starting point for discussion than anything else. forkserver $ ./smtpsend -s 10 -c 1 -m 1 -b 4096 -n 100 -F [EMAIL PROTECTED] -T [EMAIL PROTECTED] -S "SMTP Benchmark test" -v -p 8025 Sending rate:16.95 messages/minute, 0.28 messages/second Average delivery time: 3.54 seconds/message speedyCGI $ ./smtpsend -s 10 -c 1 -m 1 -b 4096 -n 100 -F [EMAIL PROTECTED] -T [EMAIL PROTECTED] -S "SMTP Benchmark test" -v Sending rate:18.63 messages/minute, 0.31 messages/second Average delivery time: 3.22 seconds/message Here is the benchmark system I used: http://www.etc.msys.ch/software/smtp-benchmark/ To get smtpsend to compile on Linux I changed: strlcat to strncat and strlcpy to strncpy then did: gcc smtpsend.c mv a.out smtpsend Once its compiled usage is: $ ./smtpsend usage: smtpsend [options] [host] options: -s senders Number of parallel senders -c connections Number of connections per sender -m messages Send n messages per connection -b bytesMessage size in bytes operation modes (exactly one is required): -n messages Send at least n messages -t seconds Run for n seconds miscellaneous: -p port Port number to connect to -F from_address Specify the senders e-mail address -T to_address Specify the recipients e-mail address -S subject Specify subject of the message -v Be verbose (give twice to show SMTP traffic) Jim James H. Thompson [EMAIL PROTECTED]
Re: Mail::Address->Parse croaks... (Solution)
For those that don't need UTF support. New versions of Redhat come with the file: /etc/sysconfig/i18n set to enable UTF support system wide. Some software can have a problem with this. Symptoms can include man pages that don't display correctly, or perl programs that don't do as you expect. To turn it off replace the contents of this file with something like: LANG="en_US" SUPPORTED="en_US" SYSFONT="lat1-16" Jim James H. Thompson [EMAIL PROTECTED] - Original Message - From: "Paulo Matos" <[EMAIL PROTECTED]> To: "Sympatico" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, April 27, 2004 9:18 AM Subject: Re: Mail::Address->Parse croaks... (Solution) > > Not in the list so please reply directly to me! > > On Mon, 26 Apr 2004, Paulo Matos wrote: > > > > On Mon, 19 Apr 2004 Sympatico wrotes: > > > > > > At the risk of asking a trivial question. > > > > > > I just installed qpsmtpd and when I test it with a simple mail, I get an > > > error when sending the mail from: line. It seems that the > > > Mail::Address->parse fonction croaks at line 209 of SMTP.pm. I changed > > > the line to hardcode the $from variable (to test[at]test.com, and the > > > whole thing went through (not very useful in real life). I fear I have a > > > problem with my perl installation, but I am not sure what it is. I am on > > > 5.8.0. The programs dies in a tokenise fonction of the Mail::Address > > > module. Thanks if anyone can help. > > > > > I'm having the exact same problem in a much more complex > > environment (apache2 + mod_perl2). This makes me more suspicious about > > perl 5.8.0 than Mail::Address itself... I'm using module version 1.62 and > > I replaced directly Address.pm from version 1.58 and the problem persists. > > > > The most weired thing is that the parameter value seems to be ok > > everywhere. If you make a script use the module directly or indirectly > > (through the caller module, in your case SMTP.pm) it just works just fine. > > > > Just for the record, the cause and solution: > > Mail::Address->parse($email) caused an the error (croaks): > > Unrecognised line: '[EMAIL PROTECTED]' > > Well it seems that perl 5.8.0-5.8.X has a problem with utf8/regexps. > > The internal representation of perl strings has an UTF-8 flag associated > that can be turned off via Encode::_utf8_off($string), so a way to solve > some issues like this are to use this workaround. (see Encode > documentation for more details). > > I saw postings refering that the problem may be cause by using perl with > thread support, which is not the case I tested it under perl with and > without thread support with the same results. (The stock perl shipped with > some distros are threaded enabled: e.g. RedHat 9, RHEL, WBEL...) > > A generic workaround to cases like this would be to use: > > Encode:_utf8_off($parameter_variable); > > before calling the problematic function, which in this case is > Mail::Address->parse(). > > This has to be used with caution since it messes with perl internals, so > sometimes you'll have to switch the flag on after calling the function. > > > If there's something incorrect above please let me know!!! > > > Cheers, > > -- > Paulo Matos > --- -- > |Sys & Net Admin| Serviço de Informática | > |Faculdade de Ciências e Tecnologia | Tel: +351-21-2948596 | > |Universidade Nova de Lisboa| Fax: +351-21-2948548 | > |P-2829-516 Caparica| e-Mail: [EMAIL PROTECTED] | > --- -- >
Re: How are you running qpsmtpd?
Running on several sites with tcpserver/SpeedyCGI/qpsmtpd Latest version of SpeedyCGI has been very stable for me. The busiest of the machines handles up to about 9000 connections/hour, less than 1/2 result in a queued message due to spam and virus filters. Jim James H. Thompson [EMAIL PROTECTED] - Original Message - From: "John Peacock" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, May 24, 2004 6:35 AM Subject: How are you running qpsmtpd? > Can I get a show of hands for how people are running qpsmtpd? Specifically: > > 1) tcpserver running > a) ./qpsmtpd directly > b) qpsmtpd-server > > 2) [x]inetd > 3) qpsmtpd-forkserver > > 4) Any of the above using of pperl or SpeedyCGI? > > 5) Version 0.27.1? Anyone running CVS HEAD in production? > > 6) What is your load (messages per day)? > > I'm curious because I am already planning on making some changes to our > architecture due to retiring a commercial MTA for qmail/vpopmail/courier, so I > have to mess with everything anyways. I just want to get a feel for whether I > should leave the inbound qpsmtpd servers alone for the moment and focus more on > the backend server. > > TIA > > John >
Re: Spam Assassin Plugin Problem
I've been using: Mantis ( http://www.mantisbt.org/ ) for bug tracking when working on the Asterisk project. Nice system -- I can setup and host it if no one else volunteers. Jim James H. Thompson [EMAIL PROTECTED] - Original Message - From: "Tim Meadowcroft" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, June 19, 2004 9:21 AM Subject: Re: Spam Assassin Plugin Problem > > On Saturday 19 Jun 2004 14:53, Matt Sergeant wrote: > > The best long term solution is to get RT or Bugzilla setup for the > > project. > > True, but it can take a while to do so (setting up the components and > sub-component lists etc.), and unless it's actually tied in to the CM system > then it still relies on manual processes to check for outstanding issues. > > Still, it can work very well - I had a nice integrated pairing of Perforce and > Bugzilla recently (never been a CVS man myself). > > I've never really looked that hard at what's involved with putting a project > on SourceForge or similar, but would that involve less work ? Or CPAN keeps > on threatening to be a proper repository for full on scripts rather than just > modules, but seeing that most of qpsmtpd is actually implemented as modules, > would a CPAN module/bundle be appropriate (there's a bug tracking system > included on cpan.org which I think is RT, but I couldn't swear to it). > > I don't want to suggest work for other people, of course, that's why I was > wondering that if we just made a rule that anyone submitting patches always > have a subject line of "PATCH: " then it might make it easier > for Ask to gather up and review patches before a release. > > Cheers > > -- > Tim >
Re: srand() for forkserver
While I'm not sure what the best fix is, I've also encountered the file name collision
problem in my
clamav plugin.
In my plugin I did:
srand($$+time);
which is not perfect, but fixed the problem for me.
Jim
James H. Thompson
[EMAIL PROTECTED]
- Original Message -
From: "Matt Sergeant" <[EMAIL PROTECTED]>
To: "Robert Spier" <[EMAIL PROTECTED]>
Cc: "qpsmtpd List" <[EMAIL PROTECTED]>
Sent: Friday, July 16, 2004 11:44 PM
Subject: Re: srand() for forkserver
> On 17 Jul 2004, at 05:52, Robert Spier wrote:
>
> >> +
> >> +## call srand(), else we will have (e.g.) the same tempfile in
> >> +## _all_ children
> >> +## i.e. after 'use File::Temp; ($fh,$name)=tempfile();' in a
> >> plugin
> >> +srand( ($$ ^ $port) ^ (time ^ unpack("C*", $iaddr)) );
> >>
> >> close($server);
> >
> > What version of perl are you using? That shouldn't be necessary, and
> > I can't replicate the problem.
> >
> > perl -MFile::Temp=tempfile -le' print $]; for(1..4) { unless ( fork()
> > ) { ($h,$n) = tempfile(); print "$_:$n"; exit; } } while(wait>0){1};'
> > 5.008003
> > 1:/tmp/uNb2fHtfHs
> > 2:/tmp/R039hLPiKO
> > 3:/tmp/Wish2wqoM7
> > 4:/tmp/488A0F4Hrx
> >
> > All children. All forked. No srand. All different.
>
> I've seen this before - it might depend on loaded modules (e.g. a
> module might call srand in the parent). I've applied the patch anyway
> as it's sensible.
>
> Matt.
>
Re: forkserver/pperl (was Re: starttls support)
Elliot F. wrote: > > How does speedycgi compare to pperl? Is pperl being used more as a > generic term for persistent perl processes? Speedycgi has worked > wonderfully for me (Debian Sarge 2.22-1) without any apparent > problems. However, most of the discussions I've seen tend to mention > pperl rather than speedycgi. I've been using speedycgi/qpsmtpd on several heavily loaded Redhat systems. Has been working well. As has been mentioned, there are some unresolved problems using pperl with qpsmtpd. After making changes to plugins, a simple 'touch' of the main qpsmtpd executable will cause speedyCGI to reload qpsmtpd with any changes. Jim James H. Thompson [EMAIL PROTECTED]
Re: forkserver/pperl (was Re: starttls support)
Elliot F. wrote: > > How does speedycgi compare to pperl? Is pperl being used more as a > generic term for persistent perl processes? Speedycgi has worked > wonderfully for me (Debian Sarge 2.22-1) without any apparent > problems. However, most of the discussions I've seen tend to mention > pperl rather than speedycgi. I've been using speedycgi/qpsmtpd on several heavily loaded Redhat systems. Has been working well. As has been mentioned, there are some unresolved problems using pperl with qpsmtpd. After making changes to plugins, a simple 'touch' of the main qpsmtpd executable will cause speedyCGI to reload qpsmtpd with any changes. Jim James H. Thompson [EMAIL PROTECTED]
Re: Call me whacky...
> Today I was supposed to do my expenses. Instead I did this. > > http://www.sergeant.org/Apache-Qpsmtpd/ > Is this an alternative to speedy-cgi, pperl, tcpserver, etc.? Jim
disconnect hooks not being executed in all cases
There are some cases where the registered disconnect handlers do not get run because disconnect is never called. For example, when the connection dies before a "QUIT" is received. This is not a big issue when qpsmtpd is run standalone (other than perhaps undeleted temp files), but when run under Speedy-CGI or other similar system, not running the disconnect chain of handlers can leave various memory allocated and files/connections open and eventually cause problems. One possible fix: in qpsmtpd just after: $qpsmtpd->run(); adding $qpsmtpd->disconnect(); Also in Qpsmtpd/TcpServer.pm, in 'sub read_input', it leaves an alarm enabled on exit (if for example the connection is lost before a QUIT is seen) Adding an: alarm 0; as the last statment in this routine would fix this. Jim James H. Thompson [EMAIL PROTECTED]
earlytalker
What time intervals are good when enabling the earlytalker plugin? Is there something to be gained by using a time period larger than the default 1 second? Thanks.
