[xmail] Re: AW: Re: XMail 1.20 Smtp slow
Hello, i have Filters Antivirus, Iptables, webmail. i compile xmail with make -f Makefile.lnx Nothing Strange. Thank you - Original Message - >From : Goesta Smekal - IT executive <[EMAIL PROTECTED]> To : [EMAIL PROTECTED] Date : Tuesday, 27 July, 2004 04:00 PM Sub : [xmail] Re: AW: Re: XMail 1.20 Smtp slow >Am Die, den 27.07.2004 schrieb Harald Schneider um 15:33: >> If you guys have installed the .rpm, then pls try a built from the = >> source >> tar ball. >...rpm on a slackware system ? not me ! ;-) > >> Any differences ? > >I won't try to install the .rpm just to see if this does any more harm >;-) > > Goesta >-- >Wiener Hilfswerk - IT Staff >we are a NPO offering social services locally in Vienna >A-1072 Vienna, AUSTRIA, Schottenfeldgasse 29 >Phone: ++43 1 512 36 61 DW 407 / Fax ++43 1 512 36 61 33 > >-- Attached file included as plaintext by Ecartis -- >-- File: signature.asc >-- Desc: Dies ist ein digital signierter Nachrichtenteil > >-BEGIN PGP SIGNATURE- >Version: GnuPG v1.2.4 (GNU/Linux) > >iQEVAwUAQQZgL+EKFiIqAG4fAQJfuAgAoSFOOWQ5oje8PHm+s7xHdSyf oZBSz7FN >Z7KUFmfZU7l2Aab9qDbFNVLuZeRKLQGea5CtvsI6oY2OzxD6l8P9/zg/ ZSOMS4EG >XXp2hCePQnY0bVQgQoGz+GZY5sNz3naNJJkpAOaeebkB+TaLCoam5rKq xhesNeYm >4RPMwzoxOlDWV/sYm911On9fOv66OePZ2smlI0q9WaTJ0QTLCZTeBMlS WEG0YbwI >XnRy1+r+zP3Nao15hATW7OwUeYWymAp0BuxbWb8fy71DQkuBdkT5UoMW kAEPVge3 >qzfotZu2C3wr9q/iNvbOYUBeG/OgdkhRTdBZf8GqqWoHYgXtkyCuqg== >=PAUo >-END PGP SIGNATURE- > > >- >To unsubscribe from this list: send the line "unsubscribe xmail" in >the body of a message to [EMAIL PROTECTED] >For general help: send the line "help" in the body of a message to >[EMAIL PROTECTED] > > - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Domain Literals
Morning All, Well I'm still waiting for my ISP to resolve my RDNS problem but at least I know it's not a problem with my mail server. While looking at the report from dnsreports.com I see that they are warning that my mail server doesn't accept "domain literals". I seem to recall reading somewhere recently that this was no longer required or even desirable. Any thoughts on this? If I wanted to accept domain literals, how would I configure that? Jeff - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Domain Literals
At 09:13 7/28/2004, Jeffrey Laramie wrote: >While looking at the report from dnsreports.com I see that they are warning >that my mail server doesn't accept "domain literals". I seem to recall >reading somewhere recently that this was no longer required or even >desirable. Any thoughts on this? If I wanted to accept domain literals, how >would I configure that? Add an alias domain for the domain literal. Make sure that you add it with it in brackets - [66.219.172.36] - as that's the way it is specified in the RFC. I believe (but would have to look to be sure) that it was deprecated in RFC2821/RFC2822, but since they allow fallback to RFC821/RFC822 formats, it should still be supported. (Or not, according to local policy.) - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] SMTP Auth problem with Netscape Messenger 4.78
Hello, I wan't to authorize any one on my lan to send mail with my xmail Server (without authentication) With Mozilla 1.6 or Outook Express 6, no problem With Netscape 4.78 (i know it's old), it ask me user login. Of course the POP3 server is not on the same server. I tried to change EnableAuthSMTP-POP3 , DefaultSmtpPerms in server.tab, it doesn't seems to work. There's something i dont' understand, but what :-) Thanks Philippe - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SMTP Auth problem with Netscape Messenger 4.78
On Wed, 2004-07-28 at 19:32 +0200, Philippe wrote: > Hello, > > I wan't to authorize any one on my lan to send mail with my xmail Server (without > authentication) > > With Mozilla 1.6 or Outook Express 6, no problem > With Netscape 4.78 (i know it's old), it ask me user login. Of course the POP3 > server is not on the same server. > > I tried to change EnableAuthSMTP-POP3 , DefaultSmtpPerms in server.tab, it doesn't > seems to work. > > There's something i dont' understand, but what :-) It might be that you try to login using [EMAIL PROTECTED], but netscape 4 has a problem with the @ sign. You need to replace it wit a : Dick > > Thanks > > Philippe > - > To unsubscribe from this list: send the line "unsubscribe xmail" in > the body of a message to [EMAIL PROTECTED] > For general help: send the line "help" in the body of a message to > [EMAIL PROTECTED] > - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SMTP Auth problem with Netscape Messenger 4.78
If you do not want to require SMTP AUTH, you could list your local IP addresses in the smtprelay.tab file. Then those IPs could relay without authentication. Personally, I think it is a better idea to require everybody to use SMTP AUTH to relay. Trusting IPs opens the door to a lot of relaying, = especially when one of the PCs gets a virus on it. Even using POP before SMTP is a = bad idea in my opinion because it is a form of IP based trusting. I've seen open proxy problems that allowed for relaying through machines via POP before SMTP. The user would check his email and the IP would be = temporarily trusted by POP before SMTP, and then the open proxy would suddenly = become a spam cannon. So personally, I think only allowing SMTP AUTH is the way = to go. If somebody has an email client that won't support SMTP AUTH, = convince then to upgrade to a version that does support SMTP AUTH. In my = experience, trusting based on IP is just too risky. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] = On Behalf Of Philippe Sent: Wednesday, July 28, 2004 12:32 PM To: [EMAIL PROTECTED] Subject: [xmail] SMTP Auth problem with Netscape Messenger 4.78 Hello, I wan't to authorize any one on my lan to send mail with my xmail Server (without authentication) With Mozilla 1.6 or Outook Express 6, no problem With Netscape 4.78 (i know it's old), it ask me user login. Of course = the POP3 server is not on the same server. I tried to change EnableAuthSMTP-POP3 , DefaultSmtpPerms in server.tab, = it doesn't seems to work. There's something i dont' understand, but what :-) Thanks Philippe - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SMTP Auth problem with Netscape Messenger 4.78
At 14:28 7/28/2004, Shiloh Jennings wrote: >Personally, I think it is a better idea to require everybody to use SMTP >AUTH to relay. Trusting IPs opens the door to a lot of relaying, >especially when one of the PCs gets a virus on it. Even using POP >before SMTP is a bad idea in my opinion because it is a form of IP >based trusting. I've seen open proxy problems that allowed for >relaying through machines via POP before SMTP. The user would >check his email and the IP would be temporarily trusted by POP >before SMTP, and then the open proxy would suddenly become a >spam cannon. So personally, I think only allowing SMTP AUTH is the >way to go. If somebody has an email client that won't support SMTP >AUTH, convince then to upgrade to a version that does support SMTP >AUTH. In my experience, trusting based on IP is just too risky. I agree with you that IP based trust schemes are not the most secure, and should only be considered in limited situations (such as the need for automated reporting tools to be able to send mail from specific IP addresses). However, I don't believe that SMTP AUTH is the full picture, either. While it is fairly secure (assuming that an encrypted connection method is chosen to send the credentials), it is still subject to abuse. For instance, the mail client typically stores the password used for SMTP AUTH somewhere (it may be a configuration file, or on Windows platforms it may be in the registry). It would be fairly trivial for a malware author to put together a list of typical storage locations for the major mail clients and check each of those locations to attempt to find the necessary password. SMTP AUTH does have flexibility that IP based trust schemes do not - such as the ability to allow users to travel to remote locations while still sending mail through the same mail servers. But it's certainly not the end-all-be-all for preventing abuse. Rate limiting and other protection schemes are still needed. - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: DNS Issue
On Tuesday 27 July 2004 22:39, Tracy wrote: > At 21:32 7/27/2004, Jeffrey Laramie wrote: > >On Tuesday 27 July 2004 20:13, John Kielkopf wrote: > > > http://www.dnsstuff.com/tools/ptr.ch?ip=209.12.136.106 > > > > > > Yeah, looks like you have no PTR record visible. Your bandwidth > > > provider should be able to create it for you, or delegate a reverse > > > lookup zone to you. > > > >Yeah, this is pretty weird. I have my own name servers and I've always had > >RDNS configured I assume correctly. Now nobody can do the lookup outside > > my LAN. Based on the 'dig' that Tracy did, the lookup ends at my ISP and > > never even queries my name server. My best guess is that my ISP provides > > DNS for the other IPs in my block and their configuration is preempting > > my server. I've got a trouble ticket started with my ISP to see if they > > can resolve this. > > > >Jeff > > That's pretty much it, I'd say. Either they need to delegate authority for > your subnet to your DNS servers, or they need to establish PTR records for > your IP addresses. > > Some ISPs do this without charge, but don't count on it - a lot of ISPs are > using the "extras" to make up for the money they lose in bandwidth fees. > However, for simple PTR records, the charge should not be exorbitant - > usually a "one time charge" It's fixed now. My ISP instituted a new policy that all IPs had to have a PTR record so they... broke mine (?). Yeah, and they took 28 hours to fix it and didn't even apologize that they crippled my mail server for over a day. Argghh! At least they didn't charge me for fixing their screwup. Jeff - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SMTP Auth problem with Netscape Messenger 4.78
On Wed, 28 Jul 2004 15:16:11 -0400 Tracy <[EMAIL PROTECTED]> wrote: > At 14:28 7/28/2004, Shiloh Jennings wrote: > >Personally, I think it is a better idea to require everybody to use SMTP > >AUTH to relay. Trusting IPs opens the door to a lot of relaying, > >especially when one of the PCs gets a virus on it. Even using POP > >before SMTP is a bad idea in my opinion because it is a form of IP > >based trusting. I've seen open proxy problems that allowed for > >relaying through machines via POP before SMTP. The user would > >check his email and the IP would be temporarily trusted by POP > >before SMTP, and then the open proxy would suddenly become a > >spam cannon. So personally, I think only allowing SMTP AUTH is the > >way to go. If somebody has an email client that won't support SMTP > >AUTH, convince then to upgrade to a version that does support SMTP > >AUTH. In my experience, trusting based on IP is just too risky. > > I agree with you that IP based trust schemes are not the most secure, > and > should only be considered in limited situations (such as the need for > automated reporting tools to be able to send mail from specific IP > addresses). > > However, I don't believe that SMTP AUTH is the full picture, either. > While > it is fairly secure (assuming that an encrypted connection method is > chosen > to send the credentials), it is still subject to abuse. For instance, > the > mail client typically stores the password used for SMTP AUTH somewhere > (it > may be a configuration file, or on Windows platforms it may be in the > registry). It would be fairly trivial for a malware author to put > together > a list of typical storage locations for the major mail clients and check > each of those locations to attempt to find the necessary password. > > SMTP AUTH does have flexibility that IP based trust schemes do not - > such > as the ability to allow users to travel to remote locations while still > sending mail through the same mail servers. But it's certainly not the > end-all-be-all for preventing abuse. Rate limiting and other protection > schemes are still needed. With one exception. Using SMTP AUTH I know who's account to shut down for abuse without ever having to leave the mail log and cross reference a connection log. Especailly if the user is sending mail while connected via some other ISP or corportae network. If I get a spam report I can open the mail log and track the message ID right back to the [log-ID] [EMAIL PROTECTED] -- AUTHENTICATED line in the log and disable that account on the spot. The AUTHENTICATED marker always has the true local email account info for the sender. Doesn't matter what's in the "From:" or "Sender:" headers. Other auth methods (including SMTP after POP) don't directly relate the sending account to each individual message. The best you can do is have a look at the logs to see did a POP within the last "x" minutes and go check other spam messages to look for a pattern of "user Y always does a POP just before a spam burst goes out". Gerald - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SMTP Auth problem with Netscape Messenger 4.78
Or have them set up and use SMTPAuth, the program. http://www.software.bisswanger.de/en/index.php?seite=smtp Gerald On Wed, 28 Jul 2004 13:28:00 -0500 Shiloh Jennings <[EMAIL PROTECTED]> wrote: > If somebody has an email client that won't support SMTP AUTH, = > convince > then to upgrade to a version that does support SMTP AUTH. In my = > experience, > trusting based on IP is just too risky. > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > = > On > Behalf Of Philippe > Sent: Wednesday, July 28, 2004 12:32 PM > To: [EMAIL PROTECTED] > Subject: [xmail] SMTP Auth problem with Netscape Messenger 4.78 > > Hello, > > I wan't to authorize any one on my lan to send mail with my xmail Server > (without authentication) > > With Mozilla 1.6 or Outook Express 6, no problem > With Netscape 4.78 (i know it's old), it ask me user login. Of course = > the > POP3 server is not on the same server. > > I tried to change EnableAuthSMTP-POP3 , DefaultSmtpPerms in server.tab, = > it > doesn't seems to work. > > There's something i dont' understand, but what :-) > > Thanks > > Philippe - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SMTP Auth problem with Netscape Messenger 4.78
At 19:32 7/28/2004, Gerald V. Livingston II wrote: >With one exception. Using SMTP AUTH I know who's account to shut down for >abuse without ever having to leave the mail log and cross reference a >connection log. Especailly if the user is sending mail while connected via >some other ISP or corportae network. > >If I get a spam report I can open the mail log and track the message ID >right back to the [log-ID] [EMAIL PROTECTED] -- AUTHENTICATED line in the >log and disable that account on the spot. The AUTHENTICATED marker always >has the true local email account info for the sender. Doesn't matter >what's in the "From:" or "Sender:" headers. Oh, no... I completely agree that SMTP AUTH makes an admin's job a lot easier. It's just that it doesn't necessarily take care of the whole problem - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
