Re: [vchkpw] setting up a secondary MX

2008-02-26 Thread Florian Leeber 

Bogdan,

try it with the CHKUSER patch for qmail-smtpd, I had the same problems
like you, and I got all issues solved with that. The only thing I have
to solve is the fact that the vpopmail data should be replicated on the
secondary MX. So far this would be no problem except that my domain
users all got their private vpopmail domain directory which is difficult
to replicate ...
FL
there is a patchset including smtp-auth and so on, but unfortunately you
would have to google this...


Bogdan Motoc - CRC schrieb:
I need some advice on setting up a secondary MX for some domains not 
handled by me. So far, I've used my mail server
(qmail+vpopmail+simscan+clamav+spamassassin+chkuser) by adding the 
domains in question to the rcpthosts file. It works, but even with 
virus and spam
filters I'm left with a lot of junk, mainly because there is no valid 
user check involved for those domains.


The main reason for setting up this secondary MX is to have a place 
for mail to go to when the mailserver that's supposed to receive them 
is down. It
works, but there is a downside: my email server is leaking a lot of 
junk email, because it is being used to spread spam by sending mails 
to inexistent
users on those domains with valid return addresses. The primary MX 
refuses the messages, and so they get bounced; exactly what the 
spammers intended in
the first place. And this gets my mail server blacklisted, thus 
hurting all my users.


The questions are:
1. what are the options for checking if the user is valid and has not 
reached it's quota for a setup like mine?

2. how can I stop sending back the emails that the primary MX rejects?

I know there is a solution out there that would cut down spam 
drastically if it were used by everyone: SPF.
Unfortunately, it's not. So in my case it can't help, and I can't 
afford to reject mail that doesn't explicitly pass SPF check.
So far I've only come up with one scenario that would help somehow: 
setting up the secondary MX on another server that doesn't run an MTA 
at the
moment, so if it gets blacklisted it won't affect my users. However, 
getting the secondary MX blacklisted would hurt the domains in 
question in case
of a primary MX failure, i.e. exactly when it's needed the most. I 
thought of a workaround: filtering with a firewall connections to 
remote port
TCP/25 initiated to destinations other than the primary MX. This would 
stop the spreading of spam, but I would still end up with a huge qmail 
queue,
and the secondary MX would still see a lot of traffic (the spam 
doesn't get out, but it still gets in). And still, there are 
blacklists out there that
check if your server accepts mails for inexistent users on your 
domains, and will still blacklist you even if not a single 
illegitimate message was

sent from your ip.

I'm sorry that this is not a genuine vpopmail issue, and thus not 
worthy of being broadcasted on this mailing list, but after reading 
the [vchkpw]
messages for the past few years, I couldn't think of a better 
community to address this to.


Bogdan






--

Mit freundlichen Grüßen

Ing. Florian Leeber, Bakk. techn.

Tel +43-1-2082049
Mobil +43-699-11404079
Mail [EMAIL PROTECTED]

!DSPAM:47c456f9310541632823816!

Re: [vchkpw] issue with vchkpw + qmail

2008-02-02 Thread Florian Leeber 

Hi!

Probably your mail client does a wrong AUTH before passing the correct 
login data. At least I had something similar with Thunderbird a while ago.


F. Leeber


TRM schrieb:

Hi,
i have one issue with vchkpw, whenever any user sending mail from mail 
client , i'm getting following, but the user is able to send and 
receive mail


tail -f /var/log/maillog

Jan 31 16:23:38 mail vpopmail[4881]: vchkpw-smtp: password fail (pass: 
'[EMAIL PROTECTED]') [EMAIL PROTECTED]:xxx.xxx.xxx.xxx


But the thing is that he is able to send receive mail , whatt could be 
the problem,


Thanks  Regards,
Tarak






--

Mit freundlichen Grüßen

Ing. Florian Leeber, Bakk. techn.

Tel +43-1-2082049
Mobil +43-699-11404079
Mail [EMAIL PROTECTED]


!DSPAM:47a4d4a4310543451117958!

[vchkpw] qmail + smtp-auth + chkuser + vpopmail = messed up pipes?

2008-01-30 Thread Florian Leeber 

Hi folks,

after rather long but then successul compile marathon I finally habe 
everything in place...but...


- inbound mail without SMTP auth works fine
- outbound mail with auth leads basically to some messed up pipes or 
file descriptors whatever, look at this:


ehlo ()
250-www.happyserverfriends.info
250-AUTH LOGIN CRAM-MD5 PLAIN
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-PIPELINING
250 8BITMIME
AUTH PLAIN (xx)
235 ok, go ahead (#2.0.0)
mail from: (x)
CHKUSER accepted sender: from gmx.at:[EMAIL PROTECTED]: remote 
test.at:unknown:127.0.0.1 rcpt  : sender accepted

250 ok

after the mail from the log line form chkuser does not appear in the log 
file, instead it appears at the client?s side! therefore all clients 
choke and won?t send any mail...


this prevents me to use smtp auth at the moment - plz help, as a handful 
of users is waiting desperately for outgoing mails, thx!


kind regards, F. Leeber


--

Mit freundlichen Grüßen

Ing. Florian Leeber, Bakk. techn.

Tel +43-1-2082049
Mobil +43-699-11404079
Mail [EMAIL PROTECTED]


!DSPAM:47a11df2310549081918933!