Re: [xmail] ask about smtp authentication with openldap database via XMail service.

[David Lord via xmail]

On 4 Aug 2015 at 4:26, Watthanachai Kekhua via xmail wrote:

> Dear XMail members,
> 
> Right now we use about XMail as MTA and we would like to use SMTP 
> authentication with ldap DB (openldap) .
> And in the manual said about add username (email address ) + password in to 
> file "MAILUSERS.TAB".
> 
> So we would like to ignore this kind of case due to security issue show 
> password field and then
> We would like to point authentication method to our ldap server instead such 
> as integrate with cyrussasl something like this,
> could you kindly guide us about setting configure on XMail to support ldap DB 
> ?
> 
> Please do not hesitate to contact us , If you have any questions .
> Best Regards.
> 
> #  Watthanachai KEKHUA (Golf)
> #  Operation And Maintenance Department (OAM)
> #  Tel: 02-2367227 Ext. 1624
> #  NTT Communications (Thailand) Co., Ltd.
> #
> 
> DISCLAIMER :
> This email is for the use of the intended recipient(s) only.
> If you have received this email in error, please notify the sender 
> immediately and then delete it.
> If you are not the intended recipient, you must not keep, use, disclose, copy 
> or distribute this email without the author's prior permission.
> We have taken precautions to minimise the risk of transmitting software 
> viruses, but we advise you to carry out your own virus checks on any 
> attachment to this message.
> We cannot accept liability for any loss or damage caused by software viruses.
> The information contained in this communication may be confidential and may 
> be subject to the attorney-client privilege.
> If you are the intended recipient and you do not wish to receive similar 
> electronic messages from us in future then please respond to the sender to 
> this effect.
> 
> 



Hi

logged in as my general admin user:

bash-4.3$ ls -l /var/MailRoot/
ls: acv: Permission denied
ls: aliasdomain.tab: Permission denied
...
ls: userauth: Permission denied
ls: userdef.tab: Permission denied

bash-4.3$ ls -l /var/MailRoot/mailusers.tab 
ls: /var/MailRoot/mailusers.tab: Permission denied


mailusers.tab:
"domain"[TAB]"account"[TAB]"enc-passwd"[TAB]"account-
id"[TAB]"accountt-dir"[TAB]"account-type"

also maybe your security risk
"enc-passwd" is encrypted, eg: "0123456789abcdef" 


It's possible to add hooks to external utilities, eg: openssl,
spam-assassin. See xmail.txt.

I've not changed my config since around 2004 but xmail and 
supporting programs are rebuilt fairly regularly, some along
with base OS, some with pkgsrc and a few, including xmail in
 /usr/local/sources.


David


___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

Re: [xmail] thx to xmail and its author

[David Lord via xmail]

On 16 May 2015 at 16:00, U.Mutlu via xmail wrote:

> Hi folks,
> 
> I'm using xmail for a long time now (maybe 7 yrs), and I'm still
> very satisfied with it. OTOH I must admit I'm using it only for
> a small number of users, and I've used (before xmail)
> only one other mail-system (it was qmail iirc).
> 
> I'm using a self-compiled version of xmail (the crippled version
> in the debian repository I tried about 2 yrs ago was unusable
> due to cfg-files spread around to many OS-system dirs;
> I like it compact under a single app-dir and its subdirs).
> 
> The only thing I don't like much is the usage of TAB as delimiter in the 
> cfg-files.
> 
> What I would like to ask is:
> 
> - What are the shortcomings or missing features other
users experience with xmail?
> - What about the new developments regarding ssl and
crypto since Snowden,
>and their relevance to xmail?
> - What new features should xmail have implemented?

Hi

I started using xmail around 2005 and at that time
also had about four remote users.

Main system here changed over time and is currently
NetBSD. When a security vulnerability relevant to my
setup is announced I rebuild the main base system, 
ntpd, xmail and other affected packages. XMail uses
a few third party programs that are from either base
system, NetBSD pkgsrc or local imports. 

I've always been setup so that a delay is introduced
so that email from point and shoot mailers or
mailers that don't retry isn't received but 
unfortunately "hotmail" is currently one of those.


David


___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

Re: [xmail] Dbg&Fix: Mail loop detected

[David Lord]

On 12 Oct 2012 at 16:54, U.Mutlu wrote:

> Just wanted to share a "debug session" to trace down a "Mail loop detected" 
> situation:
> 
> A bounce mail with reason "Mail loop detected" is generated under this 
> circumstance:
>   if it takes too many steps (operations) to get the first MX record
>   (or the final A record when MX is missing after trying all)
>   of the recipient domain than what is defined in server.tab under
> "MaxMTAOps" "16"

I had problems with some mailing lists and over
a period gradually increased MaxMTAOps to 28. 

Oldest server.tab in archive on this server is
Jul 7, 2009 and that has '"MaxMTAOps"  "28"' and
other changes go back to 2005.


David

> 
> For example:
> I had a mail to an address xx...@embarqnow.net and got that error
> because that domain has many nameservers and a depth of 3 levels
> to finally get the MX record, but the number of steps to get to the MX
> exceeds the above defined 16 ...
> 
> 
> #
> # dig  embarqnow.net any
> 
> ; <<>> DiG 9.8.1-P1 <<>> embarqnow.net any
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41501
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 13
> 
> ;; QUESTION SECTION:
> ;embarqnow.net. IN  ANY
> 
> ;; ANSWER SECTION:
> embarqnow.net.  39916   IN  A   64.45.201.2
> 
> ;; AUTHORITY SECTION:
> net.62167   IN  NS  f.gtld-servers.net.
> net.62167   IN  NS  d.gtld-servers.net.
> net.62167   IN  NS  b.gtld-servers.net.
> net.62167   IN  NS  i.gtld-servers.net.
> net.62167   IN  NS  g.gtld-servers.net.
> net.62167   IN  NS  k.gtld-servers.net.
> net.62167   IN  NS  a.gtld-servers.net.
> net.62167   IN  NS  e.gtld-servers.net.
> net.62167   IN  NS  j.gtld-servers.net.
> net.62167   IN  NS  c.gtld-servers.net.
> net.62167   IN  NS  l.gtld-servers.net.
> net.62167   IN  NS  m.gtld-servers.net.
> net.62167   IN  NS  h.gtld-servers.net.
> 
> ;; ADDITIONAL SECTION:
> a.gtld-servers.net. 22812   IN  A   192.5.6.30
> a.gtld-servers.net. 120523  IN  2001:503:a83e::2:30
> b.gtld-servers.net. 2525IN  A   192.33.14.30
> b.gtld-servers.net. 9837IN  2001:503:231d::2:30
> c.gtld-servers.net. 11423   IN  A   192.26.92.30
> d.gtld-servers.net. 79977   IN  A   192.31.80.30
> e.gtld-servers.net. 119385  IN  A   192.12.94.30
> f.gtld-servers.net. 70410   IN  A   192.35.51.30
> g.gtld-servers.net. 23788   IN  A   192.42.93.30
> h.gtld-servers.net. 23957   IN  A   192.54.112.30
> j.gtld-servers.net. 23958   IN  A   192.48.79.30
> l.gtld-servers.net. 22980   IN  A   192.41.162.30
> m.gtld-servers.net. 25511   IN  A   192.55.83.30
> 
> ;; Query time: 5 msec
> ;; WHEN: Fri Oct 12 16:20:56 2012
> ;; MSG SIZE  rcvd: 500
> 
> 
> #
> And picking one of the nameservers gives:
> 
> # dig @b.gtld-servers.net embarqnow.net any
> 
> ; <<>> DiG 9.8.1-P1 <<>> @b.gtld-servers.net embarqnow.net any
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7771
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
> ;; WARNING: recursion requested but not available
> 
> ;; QUESTION SECTION:
> ;embarqnow.net. IN  ANY
> 
> ;; AUTHORITY SECTION:
> embarqnow.net.  172800  IN  NS  ns1.embarqservices.net.
> embarqnow.net.  172800  IN  NS  ns2.embarqservices.net.
> 
> ;; ADDITIONAL SECTION:
> ns1.embarqservices.net. 172800  IN  A   138.210.81.3
> ns2.embarqservices.net. 172800  IN  A   64.45.205.2
> 
> ;; Query time: 97 msec
> ;; WHEN: Fri Oct 12 16:29:17 2012
> ;; MSG SIZE  rcvd: 114
> 
> 
> #
> And continuing:
> 
> # dig @ns1.embarqservices.net embarqnow.net any
> 
> ; <<>> DiG 9.8.1-P1 <<>> @ns1.embarqservices.net embarqnow.net any
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61425
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 3
> ;; WARNING: recursion requested but not available
> 
> ;; QUESTION SECTION:
> ;embarqnow.net. IN  ANY
> 
> ;; ANSWER SECTION:
> embarqnow.net.  86400   IN  SOA ns1.embarqservices.net. 
> dns-admin.embarqservices.net. 
> 2011070100 10800 3600 604800 86400
> embarqnow.net.  86400   IN  NS  ns2.e

Re: [xmail] Possible bug and suggestion

[David Lord]

On 26 Sep 2012 at 10:10, Edinilson - ATINET wrote:

> Francesco, using nslookup or dig, how can I simulate a name resolution using 
> this kind of dns name?
> I´ve tried:
> nslookup -type=MX university.ac.uk? MY-DNS-SERVER
> and
> dig university.ac.uk?
> 
> without success.
> 
> ps: Even nslookup -type=MX university.ac.uk MY-DNS-SERVER can´t find the 
> correct address.

I suspect that university.ac.uk is not an existing 
domain name. Try with kent.ac.uk or warwick.ac.uk.


David

___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

Re: [xmail] Trash Can

[David Lord]

On 15 Apr 2012 at 14:30, md wrote:

> Does anybody know how to route all mail not in the white list
> into the permanent trash can?
> 
> For example, when we send out emails for a newsletter, we want the reply 
> to address to be:  nore...@xmailserver.com
> 


All my users either have an account setup or an
alias to an existing account. Email to unknown
users is bounced by xmail with "RCPT+EAVAIL"


David


  

> in aliases.tab I have:
> 
> "xmailserver.com" TAB "*" "junk...@xmailserver.com"
> 
> But I do not want the XMAIL server to even store this email since it 
> will not be picked up ever by an email client and I do not want these 
> messages taking up disk space in some queue file or directory.
> 
> Anybody have an idea on how to either accept the email into a black hole
> or reject the email outright.
> 
> md
> ___
> xmail mailing list
> xmail@xmailserver.org
> http://xmailserver.org/mailman/listinfo/xmail


___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

Re: [xmail] Getting hammered bad

[David Lord]

On 6 Jul 2011 at 13:36, Fred wrote:

> Hello all,
> 
>  
> 
> I need help to fight against spammers, here is a sample of an smtp log
> entry:
> 
>  
> 
>  
> 
> "mail"  "mail"  "72.16.236.115" "2011-07-06 12:46:21"
> "ALEXSERVER01.ANDREWALEX.local" "hotmail.co.uk"
> "vreaus...@vreausutelog.com""obbard_d...@hotmail.co.uk" "SE86331"
> "RECV=OK"   "legitusern...@legitdomain.com"  "2507"  ""
> 
>  
> 
>  
> 
> I am receiving sometimes hundreds of this kind of email in a short time. I
> have tried black listing the IP and sender domain in spam-adress.tab and
> spammers.tab but they just change both and they spam again.
> 
>  
> 
> The email legitusern...@legitdomain.com is a legit user on my server. I am
> using spamassassin, spf filter and RBL checks.
> 
>  
> 
> Anyone has any ideas how to block these ers.

I'm using both "glst" and "spamassassin" 

Glst is a bit tricky to setup for receiving email
where the sender attempts to sends same email from
a range of ip addresses. 

I have to either whitelist or set a high score with
"spamassassin" so most of spam is blocked by "glst".

My mailboxes receive much more advertising from
legitimate sources than spam.


David
 
___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

Re: [xmail] Mail loops

[David Lord]

On 2 Mar 2010 at 23:57, Gary Bainbridge wrote:

> Received: from technetium.cix.co.uk ([194.153.0.53]:43576)

Blast from the past. I even miss it.

Anyway I can't see an actual mail loop, it's just the
large number of received headers. I had problems with
some mailing lists and just increased MaxMTAOps from
default of 16. It's now at 28.


David

___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

Re: [xmail] XMail under attack - failed pop3 logins

[David Lord]

On 12 Feb 2010 at 9:18, Spyros Tsiolis wrote:

> 
> Why do you port-forward pop110 to the outside world anyway ?
> 

Because I'd never thought about it, and it has always 
been open from before I used xmail. Even smtps, ssh
etc aren't as open, ie just from selected ip blocks 
that are likely to be used.

I've only just noticed volume of attacks increased,
eg. over past 20 weeks:
0,3,0,0,0,416,0,168,3,0,0,1225,127,0,132,3,3694,557,5049

> If you have clients outside, why not use VPNs for this ?

I'll setup a vpn when I swap out the two old firewalls
but it's not worth hassle at moment.

> AFAIK, port-forwarding pop3 to the outside world is not advisable.
No more than running an ftp server.

Problem isn't so much the security issues, it's load on
server during such attacks. Having a secure connection 
doesn't prevent the connection attempts although it 
will possibly reduce the load. Accepting connections
and delaying responses seems to be best compromise.

> Maybe Secure POP3 ?

Yep, I've had smtps in use for many years and no reason
not to use pop3s. 

cheers

David

___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

Re: [xmail] XMail under attack - failed pop3 logins

[David Lord]

On 10 Feb 2010 at 8:17, Davide Libenzi wrote:

> On Wed, 10 Feb 2010, David Lord wrote:
> 
> > 
> > I've not seen this before today but XMail fell
> > over during a pop3 password attack.
> > 
> >  pop3 connections at firewall
> > Feb 10 05:00-06:00 0
> > Feb 10 06:00-07:00  1161 
> > Feb 10 07:00-08:00  9851
> > Feb 10 08:00-09:00   248 
> > Feb 10 09:00-10:00 0
> > 
> > Pop3 log on one server has 4987 entries all 
> > "ELOGIN" but nothing else.  Second server on
> > network has 3 similar entries from Feb 6.
> > 
> > Can I just add offending source ip range to spammers.tab
> > or is it best to block at firewall?
> > 
> > I believe firewall can block on connection rate so
> > might investigate that.
> 
> Firewall is better suited for things like that. That $hit does not even 
> bother your server, in that way.
> 

A couple of /8 blocks added as I was setting off out
for afternoon when I spotted the problem.

Are attacks on pop3 something recent, or have I just
been lucky?

Cheers

David


___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

[xmail] XMail under attack - failed pop3 logins

[David Lord]

I've not seen this before today but XMail fell
over during a pop3 password attack.

 pop3 connections at firewall
Feb 10 05:00-06:00 0
Feb 10 06:00-07:00  1161 
Feb 10 07:00-08:00  9851
Feb 10 08:00-09:00   248 
Feb 10 09:00-10:00 0

Pop3 log on one server has 4987 entries all 
"ELOGIN" but nothing else.  Second server on
network has 3 similar entries from Feb 6.

Can I just add offending source ip range to spammers.tab
or is it best to block at firewall?

I believe firewall can block on connection rate so
might investigate that.

David

___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

Re: [xmail] Speed

[David Lord]

On 30 Jan 2010 at 12:25, Sabahattin Gucukoglu wrote:

> Hi all,
> 
> By all reasonable accounts, XMail is fast.  Does anybody know how it stacks 
> up against the competition?  Postfix, in particular, has held the speed crown 
> for a good while now.  But XMail with this fast thread startup and connection 
> reuse could, I'm sure, be made to outflank Postfix even under stress and with 
> its connection cache enabled.
>

Here on my minimal server it's filters that take most
of resources by orders of magnitude I'd guess.

David

___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

Re: [xmail] Rif: XMail 1.27-pre10

[David Lord]

On 15 Jan 2010 at 7:31, Davide Libenzi wrote:

> On Fri, 15 Jan 2010, sergio.casagra...@telsey.it wrote:
> 
> > Davide,
> > on linux I compiled from source and inside bin directory I find not only 
> > the objects but also the sources.
> > In previous versions in bin directory there were only the objects.
> > Did you want to make it in this way?
> 
> Yes. Certain object files are shared among different binaries, so makes 
> sense to not build them many times.

My install script copied all of /bin to /var/MailRoot/bin
but now first creates /obj and moves all *.o to that.

Not a big deal but change  did cause some added confusion 
at the time.

cheers

David

 
> - Davide
> 
> 
> ___
> xmail mailing list
> xmail@xmailserver.org
> http://xmailserver.org/mailman/listinfo/xmail


___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

Re: [xmail] strange Xmail behaviour (v1.23)

[David Lord]

On 5 Jan 2010 at 18:24, Spyros Tsiolis wrote:

> 
> 
> > Date: Mon, 4 Jan 2010 14:16:23 -0800
> > From: davi...@xmailserver.org
> > To: xmail@xmailserver.org
> > Subject: Re: [xmail] strange Xmail behaviour (v1.23)
> > 
> > On Mon, 4 Jan 2010, Spyros Tsiolis wrote:
> > 
> > [  BLAH BLAH BLAH . . .  ]
> > 
> > > I _did_ check the system though, but sending a couple of e-mail message
> > > back and forth from web-based mail addresses (like this one). Nothing
> > > came through and I noticed that whatever I tried to send from the
> > > problematic domain didn't get out of the LAN.
> > 
> > Messages do not disappear, unless there is some hardware or OS problem.
> > If you send a message, *and* the message is accepted by XMail, than the 
> > message is either in the spool (and you have the slog for it), or you'll 
> > find an entry for it leaving the system in the SMAIL log.
> > 
> 
> And where exactly might "spool" be? The "SMAIL" log ?
> Forgive my ignorance Davide but I don't know.

It's all in the xmail documentation and if you don't
have it to hand it would be a good idea to download it.

On my NetBSD system "locate xmail-1.23 | grep Readme"
/usr/local/sources/xmail/xmail-1.23/docs/Readme.html
/usr/local/sources/xmail/xmail-1.23/docs/Readme.pod
/usr/local/sources/xmail/xmail-1.23/docs/Readme.txt

Here spool is a tree of directories at
/var/MailRoot/spool/ and layout for this is in the docs
along with instructions on using various admin tools.

Logs are in /var/MailRoot/logs/ but you may need to
enable them by adding commandline parameters and 
restarting xmail.


David


___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

Re: [xmail] strange Xmail behaviour (v1.23)

[David Lord]

On 4 Jan 2010 at 9:27, Davide Libenzi wrote:

> On Mon, 4 Jan 2010, David Lord wrote:
> 
> > I think Davide prefers the xmail options all to be in commandline
> > whilst I'd prefer an xmail.conf but it's not that important an
> > issue for me. My commandline options are set in /etc/rc.d/xmail
> > but on linux I've no idea.
> 
> Let me be clear again on that.
> People wanted command line arguments inside the server.tab file, which is 
> NOT the place from them. Command line arguments are parsed one at program 
> startup, and changing them after that results in nothing, since the 
> actions and configuration that are driven by them, are only performed at 
> boot time.
> The server.tab file has, and had always been, a configuration file whose 
> options can be changed at any time, and immediately after are they visible 
> to the user.
> The server.tab file is NOT the correct place for command line options.
> Another file, like conf.tab or something, might be. Although do you really 
> need an extra file to pass comand line options, when you have the 
> environment (on Unix) and the registry (on Windows)?

I see that point very well and agree with it, it's just
that to me /etc/rc.d/ seems a strange and forgetable
place for configuration options. It's easy enough to 
arrange to pick up the commandline parameters from 
rc.conf or rc.local though so I might try that.


cheers

David

___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

Re: [xmail] strange Xmail behaviour (v1.23)

[David Lord]

On 4 Jan 2010 at 15:05, Spyros Tsiolis wrote:

> 
> Hello people,
> 
> I've had a strange XMail behaviour the last couple of days.
> Server was (I've upgraded it, please read on) a slackware 12.2
> box with XMail v1.23.
> 
> People for this specific box started complaining that they send 
mail
> from their MUAs but never receive anything or their intended
> receipients.
> 

1.26/1.27pre swapping over a few times but now 1.27pre10.

spamassassin rules not updated?

check spam folders etc

That's only problem I've heard of, year > 2009,  but not had 
any adverse impact for me as I have high threshold but I did 
check and noted all spam scores were higher until sa rules
were updated.


> That was the absolute truth. I've had a quick hunt on the logs and
> found nothing. BTW, I have to XMail logs to look at. This is really
> weird also.

Other possibility is you lost internet connection for a while
and mails are still queued to go out or have been frozen.

Do a scan of your spool file or use ctrclnt to check

Frozen messages I have and checked are delivery failures
and running frozsubmit sometimes clears some/all or does
nothing if mails are misaddressed.

> 
> Then, without knowing what else to do since this was a live
> system that mis-behaved, I stopped XMail process and started
> a quick upgrade from v1.23 to v1.26.
> 
> After that everything worked like before.
> However, I find this most suspicious.
> 
> Would anyone have any idea what I should check ?
> Maybe the executable got corrupted or changed in any way ?

On NetBSD there is a security report between file changes
and I also have a copy of each MailRoot/bin that I have 
updated and recently run md5 against to check nothing 
changed.

> 
> Also, how would someone configure XMail so to receive logs from it
> (XMail) somewhere on the hard drive ?

Look at the docs that give the commandline options which
have those for debugging listed. I have masses of logs in 
/var/MailRoot/logs/ and find them very useful at times.

I think Davide prefers the xmail options all to be in commandline
whilst I'd prefer an xmail.conf but it's not that important an
issue for me. My commandline options are set in /etc/rc.d/xmail
but on linux I've no idea.

> 
> Any help would be appreciated,
> 
> Thank you in advance all,
> 

___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

Re: [xmail] coredump from frozlist on NetBSD 4.0.1 with 1.27 pre06/08

[David Lord]

On 30 Dec 2009 at 22:49, Davide Libenzi wrote:

> On Thu, 31 Dec 2009, David Lord wrote:
> 
> > Hi
> > 
> > frozlist.sh coredumps 
> > 
> > Decided to read local mail before going to bed 
> > tonight (daily and security reports), there was
> > none so checked to see if any frozen files and
> > had a core dump. That was with 1.27-pre08. I
> > had same coredump when I went back to pre06,
> > then back to 1.26 when frozlist script returned
> > nothing and the missing mails appeared.
> > 
> > Just tried to check for frozen files on live
> > system that has pre06 and that also coredumps.
> > 
> > When I run CntrlClnt from command prompt there
> > seems to be no problem. When I revert that to
> > 1.26 the frozlist.sh script runs ok (been using
> > same script since 2006).
> 
> What is frozlist.sh?

Single line script that runs CtrlClnt frozlist for xmail
admin user. 

> Did I understand correctly that pre08+CtrlClnt did work?
Yes it ran ok from same commandline as per the script.

I was thinking it was a resource issue and I need to
increase some setting. It also coincided with problem
of the couple of emails being held in limbo.

I'll leave it back on 1.26 as too busy to run any
debugging at moment.

David

> Can you build in debug mode:


> 
> $ export XMAIL_DEBUG=1
> $ make -f Makefile.bsd
> 
> Then run again and once you get the core:
> 
> $ gdb -c corefile path-to-xmail-binary
> > bt full
> 
> Then send the report.
> 
> 
> 
> - Davide
> 
> 
> ___
> xmail mailing list
> xmail@xmailserver.org
> http://xmailserver.org/mailman/listinfo/xmail


___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

[xmail] coredump from frozlist on NetBSD 4.0.1 with 1.27 pre06/08

[David Lord]

Hi

frozlist.sh coredumps 

Decided to read local mail before going to bed 
tonight (daily and security reports), there was
none so checked to see if any frozen files and
had a core dump. That was with 1.27-pre08. I
had same coredump when I went back to pre06,
then back to 1.26 when frozlist script returned
nothing and the missing mails appeared.

Just tried to check for frozen files on live
system that has pre06 and that also coredumps.

When I run CntrlClnt from command prompt there
seems to be no problem. When I revert that to
1.26 the frozlist.sh script runs ok (been using
same script since 2006).


Any ideas?

David


___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

Re: [xmail] TLS connection logging?

[David Lord]

On 24 Aug 2009 at 11:50, Chris Evans wrote:

> All,
> 
> Is there any way of knowing if xmail made a TLS connection for a particular 
> message? I've not seen anything in the log files or added to the message 
> header as with some other SMTP servers.
> 
> Thanks
> Chris
> 

I've seen an Xauth header and took it to be that, however
I'd like to see something in a logfile (maybe there is and
I can't spot it) or a separate log file.

David

> 
> Gloucester Research Limited believes the information provided herein is 
> reliable. While every care has been taken to ensure accuracy, the information 
> is furnished to the recipients with no warranty as to the completeness and 
> accuracy of its contents and on condition that any errors or omissions shall 
> not be made the basis for any claim, demand or cause for action.
> The information in this email is intended only for the named recipient.  If 
> you are not the intended recipient please notify us immediately and do not 
> copy, distribute or take action based on this e-mail.
> All messages sent to and from this email address will be logged by Gloucester 
> Research Ltd and are subject to archival storage, monitoring, review and 
> disclosure.
> Gloucester Research Limited, 5th Floor, Whittington House, 19-30 Alfred 
> Place, London WC1E 7EA.
> Gloucester Research Limited is a company registered in England and Wales with 
> company number 04267560.
> 
> 
> 


___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

Re: [xmail] SMTP TLS

[David Lord]

On 19 Aug 2009 at 16:41, Edinilson - ATINET wrote:

> Davide, I checked:
> http://www.xmailserver.org/Readme.html#ssl_configuration
> and created server.cert and server.key
> 
> And in server.tab
> "SMTP-TLS" "1"
> "EnableSMTP-TLS" "1"
> 
> Using netstat -an I can see that port 465 was opened.
> 
> But, for some reason, we can´t authenticate any user using smtp tls.
> 
> Any tip?

I can't see you've got anything wrong.
Can you test locally.

Also the more competent isp I use for adsl has enabled
both smtps port 465 for ssl along with smmsp port 587 
for smtpauth but that might also support tls (as I use
xmail from home I've not needed those facilities).

Last week by chance I tried out tls on port 25 from
notebook via mobile broadband, to send by xmail on
my server at home. That was delivered to one of my
accounts on another isp and ended up in spam folder.
Spam scores were due to mobile broadband ips I was
sending from being on several blocklists and their
dns was bad as well. At least using smtps or smmsp
I'd be sending from clean ips. I'd previously tried
smtps (then set as default) and those emails were 
delivered without problem.


David

> 
> Regards
> 
> Edinilson
> -
> ATINET-Professional Web Hosting
> Tel Voz: (0xx11) 4412-0876
> http://www.atinet.com.br
> 
> 
> - Original Message - 
> From: "Davide Libenzi" 
> To: "XMail Users Mailing List" 
> Sent: Wednesday, August 19, 2009 1:39 PM
> Subject: Re: [xmail] SMTP TLS
> 
> 
> On Wed, 19 Aug 2009, Edinilson - ATINET wrote:
> 
> > Hi All,
> >
> > Some users are asking us about smtp tls to be used together with google.
> > What do we need to configure in Xmail to support smtp tls ?
> 
> Have you checked this?
> 
> http://www.xmailserver.org/Readme.html#ssl_configuration
> 
> And be sure EnableSMTP-TLS in not set to 0 in your server.tab file
> (default, if missing, is 1).
> 
> 
> 
> - Davide
> 
> 
> ___
> xmail mailing list
> xmail@xmailserver.org
> http://xmailserver.org/mailman/listinfo/xmail 
> 
> ___
> xmail mailing list
> xmail@xmailserver.org
> http://xmailserver.org/mailman/listinfo/xmail


___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

Re: [xmail] SMTP TLS

[David Lord]

On 19 Aug 2009 at 10:25, Edinilson - ATINET wrote:

> Hi All,
> 
> Some users are asking us about smtp tls to be used together with google.
> What do we need to configure in Xmail to support smtp tls ?
> 
> obs: Xmail Win32 running on Windows 2000 Server SP4
> 

I found that although I can connect to my own server from a remote 
blocklisted ip it's no use at all for getting email through to
other sites, ie blocked before authentication.

Not that I blame them. I route via my own server using smtps
on port 465.

My mobile broadand supplier suggests I contact recipient to add 
me (+any of their users spreading virus or spam) to add their ip 
block to their whitelist (and I have shares in this organisation).

Either way you need certificates etc, which took me a nights
session to setup (but several hours to get some tuits), and put 
them in correct place as per xmail docs and have the required 
lines in server.tab.

If you self certify you will get complaints, as from one of my 
mates, that certificate isn't trusted, even though he had my
public key already and I'd told him to accept it.

On other users of my server I've done the add certificate bit
myself. Then they only use it when their own isp's mailserver
is down or blocklisted.

can of worms?

David

> Regards
> 
> Edinilson
> -
> ATINET-Professional Web Hosting
> Tel Voz: (0xx11) 4412-0876
> http://www.atinet.com.br
> ___
> xmail mailing list
> xmail@xmailserver.org
> http://xmailserver.org/mailman/listinfo/xmail


___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

Re: [xmail] Problem compiling xmail on NetBSD-5_BETA

[David Lord]

On 6 Mar 2009 at 9:51, Davide Libenzi wrote:

> On Fri, 6 Mar 2009, Davide Libenzi wrote:
> 
> > On Fri, 6 Mar 2009, David Lord wrote:
> > 
> > > 
> > > Problem compiling xmail on NetBSD-5_BETA
> > > 
> > > Hi
> > > 
> > > I've tried compile of various versions of xmail and all give
> > > this error on NetBSD-5_BETA although binaries from earlier 
> > > NetBSD 3.1 and 4.0 appeared to be running ok after upgrade
> > > to NetBSD-5.
> > > 
> > > 
> > > SSLBind.cpp: In function 'int BSslBindClient(BSOCK_HANDLE_struct*, 
> > >   const SslServerBind*, int (*)(void*, int, const void*), 
> > > void*)':
> > > SSLBind.cpp:462: error: invalid conversion from 'const SSL_METHOD*' 
> > >   to 'SSL_METHOD*'
> > > SSLBind.cpp: In function 'int BSslBindServer(BSOCK_HANDLE_struct*,
> > >   const SslServerBind*, int (*)(void*, int, const void*), 
> > > void*)':
> > > SSLBind.cpp:536: error: invalid conversion from 'const SSL_METHOD*' 
> > >   to 'SSL_METHOD*'
> > > gmake: *** [SSLBind.o] Error 1
> > > 
> > > 
> > > Any ideas as to a fix.
> > 
> > OpenSSL changed the prototype. Try to replace the lines 456 and 530 from 
> > this:
> > 
> > SSL_METHOD *pMethod;
> > 
> > to this:
> > 
> > SSL_METHOD const *pMethod;
> 
> Oh, but they did not change the SSL_CTX_new() proto :/ (at least in my 
> Debian Lenny box).
> Try the attached patch instead ...

Thanks, that compiled ok.

I'll give it some testing. 

Cheers

David



___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

[xmail] Problem compiling xmail on NetBSD-5_BETA

[David Lord]

Problem compiling xmail on NetBSD-5_BETA

Hi

I've tried compile of various versions of xmail and all give
this error on NetBSD-5_BETA although binaries from earlier 
NetBSD 3.1 and 4.0 appeared to be running ok after upgrade
to NetBSD-5.


SSLBind.cpp: In function 'int BSslBindClient(BSOCK_HANDLE_struct*, 
  const SslServerBind*, int (*)(void*, int, const void*), 
void*)':
SSLBind.cpp:462: error: invalid conversion from 'const SSL_METHOD*' 
  to 'SSL_METHOD*'
SSLBind.cpp: In function 'int BSslBindServer(BSOCK_HANDLE_struct*,
  const SslServerBind*, int (*)(void*, int, const void*), 
void*)':
SSLBind.cpp:536: error: invalid conversion from 'const SSL_METHOD*' 
  to 'SSL_METHOD*'
gmake: *** [SSLBind.o] Error 1


Any ideas as to a fix.

David

___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

[xmail] Re: log file

[David Lord]

On 10 Nov 2008 at 12:58, Kövesdi György wrote:

> > >Is there any explanation available for the log file entries?
> > >e.g.: "RCPT=ERELAY": I hope it means that relaying is denied.
> > You have all xmail errors explained here :
> > http://www.xmailserver.org/Errors.html
> OK, but it does not explain the example mentioned. I would need some detailed 
> explanation of the log file, especially its errors.

Sorry I don't have a full list but some of those seen here are:

RCPT=ERELAY = rejection of a relay attempt
RCPT=EAVAIL = rejection for an unknown user
RCPT=EERS   = rejection after too many failed attempts
AUTH=EFAIL:CRAM-MD5 = authenticated login failure

RCPT=EFILTER= blocked by filter

Accepted emails here are
RCPT=OK
  followed by
RECV=OK

I usually check with  after making 
any changes. There was also a loopback site that I used in distant 
past (but lost details of) which allowed sending email back to 
originating ip but as from a remote ip.


David
-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: Problem with pop3links

[David Lord]

On 8 Oct 2008 at 5:17, gbainbridge wrote:

> 
> 
> Fabian Cenedese wrote:
> > 
> > 
> > Are the mails received by the ISP somehow modified?
> > 
> > 
> 
> Not that I can tell. The only place in the header where I see the original
> recipient's name is the 'To' line. My ISP adds X-Originally-To: but that
> only points to their Spam remover, not the final recipient.

I don't believe you are seeing all the headers. The To: header is 
meaningless if it's cc in which case you have a choice of To: or any 
number of CC: and if bcc you don't see those at all.

I've bcc this to your email address.


David


-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: Problem with pop3links

[David Lord]

On 7 Oct 2008 at 16:13, gbainbridge wrote:

> 
> 
> How does the content of your pop3links.tab file look like?
> 
> This is it. Note that I have tried ? and @ prefixes without any success.
> 
> 
> 
> > 
> > "bainb.co.uk"   "gary"  "mail.myisp.com""gbainbridge"   
> > "XX""APOP"
> > "bainb.co.uk"   "jason" "mail.myisp.com""gbainbridge"   
> > "XX""APOP"
> > "bainb.co.uk"   "nm""mail.myisp.com""gbainbridge"   
> > "XX""APOP"
> > 
> > 
> 
> Where "XX" is my the encrypted password for my ISPs mailserver, and
> mail.myisp.com is the name of my ISPs mailserver.

When I was on demon I had:

"my.fq.domain.name" "david" "pop3.myisp" "[EMAIL PROTECTED]"

Similar also works for pop3 from some other isps but not the one used 
as my secondary MX. This puts all email in one mailbox but their 
server didn't support collection by [EMAIL PROTECTED] (it might do now). 
I'm fairly certain xmail could filter these but I'd already setup 
Mercury to filter on 'received*for' text in headers many years ago 
when it was primary mx and I was on dialup. Note the filtering is 
postreceipt and specific to header fomats of isp/server so has needed 
a few changes over the years.


David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: 1.26-pre01

[David Lord]

On 13 May 2008 at 18:01, Davide Libenzi wrote:

> 
> I put out a pre01 version of 1.26:
> 
> http://www.xmailserver.org/xmail-1.26-pre01.tar.gz

Thanks

that installed ok first on NetBSD 3.1 then on both of NetBSD 4.1 
servers.

Cheers

David


> http://www.xmailserver.org/xmail-1.26-pre01.win32bin.zip
> 
> 
> Changes:
> 
> - Fixed a bug that allowed non-RFC characters inside domain names.
> 
> - Fixed OSX Leopard build error.
> 
> - Added "timeo" option to flags execution.
> 
> - Added "NoAuth", "EnableVRFY" and "EnableETRN" settings inside IP properties.
> 
> 
> 
> - Davide
> 
> 
> -
> To unsubscribe from this list: send the line "unsubscribe xmail" in
> the body of a message to [EMAIL PROTECTED]
> For general help: send the line "help" in the body of a message to
> [EMAIL PROTECTED]
> 


-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: Lockdown xMail

[David Lord]

On 4 May 2008 at 22:16, Hal Dell wrote:

> Dear David Lord -
> 
> > I've still not worked out if you want mail coming in via postini to be
> allowed
> > to be relayed or if postini is just an external filter for scanning some
> of your
> > incoming mail. If the latter, I can't see why it should need to be treated
> different
> > to any other incoming email. However you've mentioned putting an entry for
> > postini in smtprelay.tab which would indicate that you intend it is
> allowed to
> > be relayed. I can't see how that can be done securely though without
> authentication.
> 
> Please understand that I support eMail for about over 300 Domains and
> about 450 eMailboxes so changing ports would be large task. Further, you
> are correct that the eMail from Postini plus outbound eMail from clients are
> Relay'd on Port 25.

There is no problem so far as I know in using port 25, but 
in my case that port is blocked for outgoing by the ISPs
except via their particular gateways.

Can you arrange for your clients to use authentication on 
port 25?
  
> The problem is 1) the SPAMers are ignoring the MX records and
> using a private look-aside IP Address Database(s) which allows the
> SPAMers to bypass Postini by directly making a connection to the
> xMail Server on it's IP Address on Port 25;
> 
> and 2) the SPAMers are constantly scanning IPs around the world
> for new or moved eMail servers; therfore they will eventually any
> "hidden" open Server within weeks -- I'm not just talking about an
> Issuse with SMTP -- this includes ALL of  the protocols including the
> more common FTP, SQL, SMB, etc.

Mostly glst removes majority of spam but there are periods, as 
just now, when a lot of spam is arriving via normal mailservers 
and this is being quarantined by spamassassin. I only run a few 
services with rest blocked at firewall. I also have a few ip 
blocklists in use.

> Thefore, one has no choice but to lock the relay function to only accept
> eMails from the upstream relay MTA; in this case Postini IPs. This is
> easily doable on Many of the MTAs that I've come across in the past like
> Microsoft Exchange; and RFC 4409 already proposed this concept.

If you can be sure only your own customers will attempt to relay 
via postini you can just add that ip block to smtprelay.tab
without specifying authentication, however I'd not trust it as 
being secure without knowing a lot more as to how the
service works.

ie. (1) your account users authenticate
(2) postini only allowed to relay via its ip block

Do you need authentication capability for postini?


David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: Lockdown xMail

[David Lord]

On 4 May 2008 at 13:00, Hal Dell wrote:


..

> 
> It is my understanding that "Mail-Auth" was designed be to implement a
> submission port as defined by RFC 4409?
> 
> In fact, RFC 4409 states:  "3.2.  Message Rejection and Bouncing.
> 
> MTAs and MSAs MAY implement message rejection rules that rely in part on
> whether the message is a submission or a relay.
> 
> For example, some sites might configure their MTAs to reject all RCPT
> commands for messages that do not reference local users, and configure their
> MSA to reject all message submissions that do not come from authorized
> users, with authorization based either on authenticated identity or the
> submitting endpoint being within a protected IP environment."
> 
> Beyond Mr. Francis prior insights, I'm interested to here additional
> comments about how to xMail should respond to Relay'd eMail when using
> "Mail-Auth".

I only have four non local users that are allowed to relay. These
just have entries in smtpauth.tab. They have their mta connect via 
port 465 rather than port 25 as at least one has their ISP block 
port 25. I can't remember any other requirement (other than setting 
up SSL) and it's worked ok.

I've still not worked out if you want mail coming in via postini to 
be allowed to be relayed or if postini is just an external filter 
for scanning some of your incoming mail. If the latter, I can't
see why it should need to be treated different to any other incoming 
email. However you've mentioned putting an entry for postini in
smtprelay.tab which would indicate that you intend it is
allowed to be relayed. I can't see how that can be done
securely though without authentication.

David

> 
> Finally, in the document we should clarify how something like "96.227.65.4"
> is interpreted when use in conjunction with slash notation? Is this equal
> really to "96.227.65.4/32"? I think the docs should be updated to say one
> way or the other. I hope you can see how one my interpret the documentation.
> Davide can you please tells how this works exactly?
> 

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: Lockdown xMail

[David Lord]

On 2 May 2008 at 10:27, Hal Dell wrote:

> Hello... 
> 
> For those of you who don't know Postini -- the company was founded in 1999
> in California as a eMail Communication Security and Compliance company. By
> May 2004 it was relaying 1.4B eMail annually for over 3300 companies.
> Postini was recently purchased by Google for just over 1/2 Billon Dollars.
> 
> In one package you get SPAM Filtering, Anti-Spyware and Anti-Virus checking
> plus a web site to to manage white/black lists and quarantined eMail on a
> per eMailbox basis.
> 
> Today, Postini is processing eMails for 40,000 Business with 10M eMailboxes
> which means 1B eMail messages per day flow thru their systems of which 85%
> of these messages are blocked as unsolicited or malicious. Of the remaining,
> about 10% are quarantined and the balance are delivered as "clean" eMail.
> 
> For example over the last 30 Days we received 55,000 messages and 6.5% were
> delivered as "clean".
> 
> We now have a reseller agreement in place and are now signing up our ISP
> customers for this service.
> 
> Thanks,
> Hal Dell
> Managing Partner
> ePodWorks.net, Inc.

Cheers

that's explains your problems then :-)

DL

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: multiple smtprelay servers for custdomains and 5xx er rors

[David Lord]

On 26 Apr 2008 at 22:46, Davide Libenzi wrote:

> On Thu, 24 Apr 2008, Oliver Stöneberg wrote:
> > > On Tue, 22 Apr 2008, CLEMENT Francis wrote:
> > > 
> > > > Seems there was some post about this.
> > > > 
> > > > The BIG figure is when the final domain have multiple mx servers.
> > > > Suppose the final domain have two mx and one is misconfigured and return
> > > > a 5xx.
> > > > So if xmail tries first the 'bad' server, what to do next ?
> > > > 
> > > > On a atomic try/retry cycle, you have two choices :
> > > > 1 - don't try others mx and send back an NDR to the sender
> > > > 2 - Try the others reminding MX for this try/retry cycle, and send back
> > > > an NDR ONLY AND ONLY IF all mx return a 5xx, else schedule a normal
> > > > retry cycle (that will retry on each mx).
> > > > 
> > > > I think option 2 is better :)
> > > > 
> > > > Could Davide tell us how xmail handles the 5xx with multiple mx ?
> > > 
> > > As far as smtprelay goes, a failure (of whatever type), means try the 
> > > next 
> > > server in the list.
> > 
> > That's why I wrote a mail, because it makes no sense to continue in 
> > the case of a permanent error.
> > 
> > Is there a way to configure XMail with multiple domains and stop when 
> > you get a permanent error?
> 
> I remember there was a discussion or something, time ago. But now I can't 
> remember. It seems sane to me that a 5xx error stops the processing, and 
> I'll schedule this for change.
> Speak now or forever hold your peace, in case you rely on XMail re-trying 
> even upon 5xx ...

Looking at RFC2821 I can't really make out what is intended to happen 
in this situation. It seems ok to stop and send an NDR, or that the 
server that gave the 5xx response should not be retried but other 
servers MAY be tried. So I'd say go for option (2) as most robust 
method.

 
David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: XMailServer 1.25 Memory Footprint

[David Lord]

On 24 Apr 2008 at 14:46, Vinny Wadding wrote:


 
> Damn, I was hoping I had missed an option in server.tab. ;-)
> 
> I only mentioned the memory usage above to clarify that I didn't look like =
> it I was any leak in XMail itself.  Obviously, this is a new server and at =
> the moment only test traffic is running though it before it goes fully live=
> ..  When that happens the memory usage will, no doubt, go up accordingly.
> 
> The server it is running on is a Fedora8 X64 Server, with 4gb of memory.  I=
>  have two perl filters running.   A pre-smtp spf filter and an inbound/outb=
> ound virus scan.
> 
> The telnet sessions to the server were just standard ones - no errors were =
> reported at all.

Only a home user but several domains and host for a few friends.

I've had issues indirectly from XMail and filters eating up 
memory but in first case it was too many instances of perl
and most recently my AV filter causing load by false alarming 
on a particular message then due to same problem catching 
each warning email sent.

First problem was resolved by limiting number of scripts running 
at same time to just two (above four caused a rapidly increasing 
load to 100%cpu when my batch of a dozen test emails hit the 
server).

Second problem back in January wasn't investigated and I disabled 
AV scan, cleaned out the 30k+ emails in the queue and forgot about 
it. Later I cloned then reconfigured same setup onto another server 
but for another domain and had exact same problem when AV enabled. 
After clearing spool and update of AV the problem hasn't 
reappeared on either system. It may have been a corrupted AV
update in first place. Another possibility is a race when 
scanning and AV update coincide so I modified both update and 
filter to minimise this (my perl skill is not good enough to 
eliminate rather than minimise).

David


-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: hotmail delivery problems

[David Lord]

On 21 Mar 2008, at 16:41, Francesco Vertova wrote:

> At 12.47 21/03/08, David Lord wrote:
> >On 21 Mar 2008, at 1:56, max toro q wrote:
> 
> > > I installed Xmail on win2k, and I have delivery problems to hotmail.
> > > Some messages get delivered, some simply get lost. The log shows no
> > > sign of problem.
> >
> >Yes but not very often. Mails are accepted but never delivered.
> 
> Not sure we're talking about the same thing, anyway from time to time 
> my users complain that mails for hotmail accounts "are not 
> delivered", meaning that the receiver did not receive them and the 
> sender was not notified of any error. Every time I have investigated 
> I found that hotmail did accept the message for delivery: smail logs 
> say that. For me, this means that XMail did its job and the problem 
> (if any: you know, 90% of a computer's problems lie between the 
> keyboard and the chair ...) is with hotmail: if a MTA accepts a 
> message for delivery, it must either deliver or bounce.

Sorry I left it a little ambiguous. Exact same as you, Xmail 
delivered to hotmail so far as I could tell (that was before 
logging of the receipt code was added) hotmail accepted but 
from hotmail server (in my case, just on one particular ip 
address) it wasn't delivered to recipient.

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: hotmail delivery problems

[David Lord]

On 21 Mar 2008, at 1:56, max toro q wrote:

> Hello, I'm new in this list.
> I installed Xmail on win2k, and I have delivery problems to hotmail.
> Some messages get delivered, some simply get lost. The log shows no
> sign of problem.
> 
> I've also done some testing with gmail and yahoo, no problem there,
> everything gets delivered.
> 
> I have another server with Postfix installed, and there I have no
> problems with hotmail, so I assume the issue is between Xmail and
> hotmail.
> 
> Anyone had any similar issues?

Yes but not very often. Mails are accepted but never delivered. 
Similar with AOL. I guess it's one way to reduce spam and they are 
happy to occasionally lose their customers emails in the process. 
When I last had problem with hotmail, after fair number of test mails 
I could see it was only one of their servers dropping them.

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: Header 'Received :' question/suggestion

[David Lord]

On 20 Mar 2008, at 22:50, Davide Libenzi wrote:

> On Wed, 19 Mar 2008, CLEMENT Francis wrote:
> 
> > Hello Davide and list
> > 
> > Here is a sample xmail generated 'Received :' header :
> > 
> > Received: from some_sender_name ([aaa.bbb.ccc.ddd]:p)
> >  (not important)
> > 
> > What is exactly the 'some_sender_name' actual value ?
> > - The value of the HELO/EHLO ?
> > - The reverse dns of aaa.bbb.ccc.ddd ?
> > 
> > And what is the corresponding field in the different logs generated by xmail
> > ?
> > same as the one used in generating the 'received :' header ?
> > 
> > Suggestion :
> > Depending of the response to the above question, could it be possible to add
> > (options in server.tab ?) the other value ?
> > ie :
> > Received: from some_sender_name ([aaa.bbb.ccc.ddd]:p) (RDNS :
> > therevdnsvalue)
> 
> There're too many software relying of parsing Received: headers, and I 
> don't want to change and possibly break them. The RFC does not contemplate 
> it, so better not touch it.

Yes, for emails received bcc to several recipients there seems to be 
no easy method to determine the user they were intended for. I filter 
on received headers for this purpose as more general than the 
occasional 'envelope to' or other similar headers that may be 
present. For me this is Postscript related rather than Xmail as
my secondary mx is a catch-all mailbox on separate ISP and Mercury 
collects by pop3 and filters on received. When changes are made to 
Postscript and/or ISPs config I sometimes have to change filters 
(last time was a few years ago).

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: FreeBSD problem (similar to NetBSD problem reported earlier?)

[David Lord]

On 18 Feb 2008, at 12:27, Jeff Buehler wrote:

> Hi all -
> 
> Sorry to be late to the game with this - in an earlier list email that I 
> inadvertently deleted (thinking I had no helpful input, of course!)  
> titled "Problem with XMail on NetBSD-4" there was a discussion about the 
> error:
> 
> Recipient domain ".com" does not exist (or it has a misconfigured DNS)
> 
> I am also getting this error regularly with FreeBSD 6 and XMail 1.25.  I 
> mention it in the XMail forums as well, and read about a number of other 
> recent occurrences, but nothing has been resolved specifically.  As I 
> mention in the forums, I have verified the domains are valid and 
> properly configured in some of the cases, but the errors are consistent 
> with specific domains.  In my case, one example is "trikorausa.com" 
> which I can send email from any server other than my active XMail server 
> under FreeBSD, adn which looks properly configured via dnstools.com (I 
> configured it, so I believe it is correct...)
> 
> Davide responded:
> 
> I think XMail is getting a ERR_DNS_NXDOMAIN (NXDOMAIN) from your DNS 
> server. When that's happening, XMail does not even try to fall back to the 
> A record delivery.
> 
> and I think seems like it may be correct, but I am uncertain how to test 
> this.  The server does not provide DNS queries for itself (although it 
> provides DNS for the domains it is authoritative on) but queries a 
> m0n0wall router on the LAN, which queries my ISPs DNS servers.  The 
> server is able to resolve a dig as well as dig+trace to the MX record to 
> trikorausa.com (and other domains) without incident.  This would suggest 
> that something else might be going on, since the domain does have a 
> functional and valid MX record, so there should be no need to fall back 
> to an A record.

Davide's reply was in response to my problems with NetBSD-3.1 and 
NetBSD-4.0. I'd been using SmartDNSHost pointing to my local dns as 
that was also configured for private ips on the lan and at some point 
this had become replaced by a malformed version (I'd commented out it 
out  for some reason and afterwards un-commented the wrong line). The 
only thing this broke was local mail delivery which I didn't notice 
until testing new server which used cloned configuration of current 
server.

> 
> This seems to be a new problem, but I updated XMail to 1.25, FreeBSD 
> (minor update) and the m0n0wall router (minor update) all around the 
> same time.  I am not using SmartDNSHost, nor have I ever, although I've 
> been running XMail for 6 or more years... should I test setting it to my 
> ISP DNS servers rather than the local m0n0wall router (which queries the 
> ISP servers anyway successfully with other services on the same server)?
> 
> Does anyone have any ideas or recommendations about how to test where 
> the problem might be?

I'd suggest trying with SmartDNSHost set to the router then again 
with it set to the ISP.

What servers do you have set in resolv.conf?

David


> 
> Thanks,
> Jeff

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: Problem with XMail on NetBSD-4

[David Lord]

On 7 Feb 2008, at 23:50, Davide Libenzi wrote:

> On Fri, 8 Feb 2008, David Lord wrote:
> 
> > On 30 Jan 2008, at 23:35, David Lord wrote:
> > 
> > > Now back to NetBSD-4.0.
> > > I'm still unable to get local mail outgoing from NetBSD-4.0 
> > > whilst mail to public addresses seems be delivered ok.
> > > 
> > > The dns server is same for NetBSD-3.1 as for NetBSD-4.0 so I
> > > suspect problem is due to some changes from NetBSD-3.1 with 
> > > Sendmail to NetBSD-4.0 with Postscript. 
> > > 
> > > Local mail delivery to other hosts on lan worked ok via 
> > > Postscript.
> > 
> > This was difficult to find but when I checked my main mailserver I 
> > found it had developed the same problem but same NetBSD version 3.1+ 
> > as system that was ok. As these are near identical configuration I 
> > just diffed the files and found a typo in server.tab smartdns line 
> > and on correcting this could again send mail to hosts on lan ok. 
> > Problem with NetBSD-4 system was down to same fault.
> 
> So, are we cool?

Not yet, I think I'm now infrequently using so many features I need 
to put in place a test suite I can run each time any change is made. 

Other than that I'm really pleased :-)

Cheers

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: Problem with XMail on NetBSD-4

[David Lord]

On 30 Jan 2008, at 23:35, David Lord wrote:

> Now back to NetBSD-4.0.
> I'm still unable to get local mail outgoing from NetBSD-4.0 
> whilst mail to public addresses seems be delivered ok.
> 
> The dns server is same for NetBSD-3.1 as for NetBSD-4.0 so I
> suspect problem is due to some changes from NetBSD-3.1 with 
> Sendmail to NetBSD-4.0 with Postscript. 
> 
> Local mail delivery to other hosts on lan worked ok via 
> Postscript.

This was difficult to find but when I checked my main mailserver I 
found it had developed the same problem but same NetBSD version 3.1+ 
as system that was ok. As these are near identical configuration I 
just diffed the files and found a typo in server.tab smartdns line 
and on correcting this could again send mail to hosts on lan ok. 
Problem with NetBSD-4 system was down to same fault.

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: Problem with XMail on NetBSD-4

[David Lord]

On 29 Jan 2008, at 17:07, Davide Libenzi wrote:

> On Thu, 24 Jan 2008, David Lord wrote:
> 
> > On 20 Jan 2008, at 12:34, Davide Libenzi wrote:
> >  
> > > Give me a summary :) Should I look into it or not?
> > > 
> > 
> > Seems way hostnames are checked is different between NetBSD-4.0 
> > (xmail-1.25-pre16) and NetBSD-3.1 (xmail-1.25) or NetBSD-3.1 (xmail 
> > 1.25).
> > 
> > NetBSD 3.1  3.1  4.0
> > xmail  1.25-pre16   1.25 1.25
> > 
> > private A
> > address
> > sendmail  ok fail fail
> > recv  ok   ok   ok
> >  
> > public MX
> > address 
> > xmailrelayok   ok not checked
> > sendmail  ok   ok   ok
> > recv  ok   ok not checked 
> > 
> > I have local dns for hosts on lan which also caches public 
> > addresses. There are only A records for private addresses.
> > Server.tab has SmarDNSHost set to use local dns server. Mutt
> > and some logging uses /var/MailRoot/bin/sendmail but I could
> > get round part of problem by using postfix instead.
> > 
> > Send failures have this form of error
> > [<00>] XMail bounce: [EMAIL PROTECTED];
> > Error=[Recipient domain "p4x2400c.home.lordynet.org"
> > does not exist (or it has a misconfigured DNS)]
> > 
> > ###
> > ; <<>> DiG 9.4.1-P1 <<>> p4x2400c.home.lordynet.org -t ANY
> > ;; global options:  printcmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46719
> > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, 
> > ADDITIONAL: 2
> > 
> > ;; QUESTION SECTION:
> > ;p4x2400c.home.lordynet.org. IN  ANY
> > 
> > ;; ANSWER SECTION:
> > p4x2400c.home.lordynet.org. 604800 INA   192.168.59.210
> > ###
> > 
> > I've still to try an earlier version of xmail on NetBSD-4.0 and also 
> > try again with ipv6 enabled.
> 
> I think XMail is getting a ERR_DNS_NXDOMAIN (NXDOMAIN) from your DNS 
> server. When that's happening, XMail does not even try to fall back to the 
> A record delivery.

How do I check on that?

I found I'd messed up testing on the NetBSD-3.1 system and outgoing
mail was working from root when checking xmail-1.25-pre16 but I
was logged into a user account when I tried xmail-1.25. This was
giving the error that domain didn't exist.

Today when I tried again with xmail-1.25 but from root account it
worked ok and when I added the user account to /etc/mail/aliases 
and ran newaliases (sendmail) outgoing mail was then also working
ok from that user as well.

Now back to NetBSD-4.0.
I'm still unable to get local mail outgoing from NetBSD-4.0 
whilst mail to public addresses seems be delivered ok.

The dns server is same for NetBSD-3.1 as for NetBSD-4.0 so I
suspect problem is due to some changes from NetBSD-3.1 with 
Sendmail to NetBSD-4.0 with Postscript. 

Local mail delivery to other hosts on lan worked ok via 
Postscript.

David


-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: Problem with XMail on NetBSD-4

[David Lord]

On 20 Jan 2008, at 12:34, Davide Libenzi wrote:
 
> Give me a summary :) Should I look into it or not?
> 

Seems way hostnames are checked is different between NetBSD-4.0 
(xmail-1.25-pre16) and NetBSD-3.1 (xmail-1.25) or NetBSD-3.1 (xmail 
1.25).

NetBSD 3.1  3.1  4.0
xmail  1.25-pre16   1.25 1.25

private A
address
sendmail  ok fail fail
recv  ok   ok   ok
 
public MX
address 
xmailrelayok   ok not checked
sendmail  ok   ok   ok
recv  ok   ok not checked 

I have local dns for hosts on lan which also caches public 
addresses. There are only A records for private addresses.
Server.tab has SmarDNSHost set to use local dns server. Mutt
and some logging uses /var/MailRoot/bin/sendmail but I could
get round part of problem by using postfix instead.

Send failures have this form of error
[<00>] XMail bounce: [EMAIL PROTECTED];
Error=[Recipient domain "p4x2400c.home.lordynet.org"
does not exist (or it has a misconfigured DNS)]

###
; <<>> DiG 9.4.1-P1 <<>> p4x2400c.home.lordynet.org -t ANY
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46719
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, 
ADDITIONAL: 2

;; QUESTION SECTION:
;p4x2400c.home.lordynet.org. IN  ANY

;; ANSWER SECTION:
p4x2400c.home.lordynet.org. 604800 INA   192.168.59.210
###

I've still to try an earlier version of xmail on NetBSD-4.0 and also 
try again with ipv6 enabled.
 

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: Problem with XMail on NetBSD-4

[David Lord]

On 20 Jan 2008, at 12:34, Davide Libenzi wrote:

> On Sun, 20 Jan 2008, David Lord wrote:
> 
> > On 20 Jan 2008, at 2:43, David Lord wrote:
> > 
> > > 
> > > > 
> > > > I've just been setting up a new server running NetBSD-4 and copied my
> > > > existing 1.25-pre25 NetBSD 3.1 directory and binaries.
> > > > 
> > > > 'telnet localhost 25'
> > > > 
> > > > Allows me to connect and accepts a test email.
> > > > 
> > > > All attempts at using the interface hostname or ip address get a
> > > > connection refused.
> > 
> > Sorry for followups to my own message but  it now looks to be a 
> > configuration issue of some kind as my spare NetBSD 3.1 system 
> > XMail-1.25-pre16 shows exact same problem so it's probably not 
> > particularly a NetBSD-4 problem.  I can telnet to port 25 on main 
> > server by hostname ok but get connection refused from spare server. 
> > It's only a few weeks ago that I setup and tested smtps and pop3 
> > connections from a Ubuntu system to this spare server before 
> > transferring that configuration to main server to provide reasonably 
> > secure remote access as well as allowing direct connections from 
> > friends with outgoing port 25 blocked by isp.
> > 
> > sorry for the noise - again
> 
> Give me a summary :) Should I look into it or not?

I'm still working on it but it appears to be NetBSD-4 and/or ipv6 
related. Any help would still be appreciated.

Sockstat showed xmail to be listening on tcp6 on all three systems. 
NetBSD-3.1 mail.lordynet.org is ipv6 enabled and both ipv4 and ipv6 
working.

NetBSD-3.1 with test server used same commandline with 
"-M7 -B6 -P6 -S6 -X6" and also. With those parameters removed I now 
see sockstat only shows xmail listening on tcp rather than tcp6 and 
this system now accepts external connections.

NetBSD-4.0 on intended new server had same commandline but after 
restart with above parameters removed I still get sockstat showing 
tcp6 and connection refused except from localhost. With two 
previously unconfigured interfaces set to dummy ip4 addresses, 
sockstat now shows tcp rather than tcp6 and I can make remote 
connections.

So although systems are now working I suspect there is some problem 
there with xmail and or NetBSD. Also with default postfix there 
wasn't a problem. I disabled xmail and undid the changes to 
interfaces and sockstat then showed postscript listening on tcp (not 
tcp6) whilst external connections are ok.

cheers

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: Problem with XMail on NetBSD-4

[David Lord]

On 20 Jan 2008, at 2:43, David Lord wrote:

> 
> > 
> > I've just been setting up a new server running NetBSD-4 and copied my
> > existing 1.25-pre25 NetBSD 3.1 directory and binaries.
> > 
> > 'telnet localhost 25'
> > 
> > Allows me to connect and accepts a test email.
> > 
> > All attempts at using the interface hostname or ip address get a
> > connection refused.

Sorry for followups to my own message but  it now looks to be a 
configuration issue of some kind as my spare NetBSD 3.1 system 
XMail-1.25-pre16 shows exact same problem so it's probably not 
particularly a NetBSD-4 problem.  I can telnet to port 25 on main 
server by hostname ok but get connection refused from spare server. 
It's only a few weeks ago that I setup and tested smtps and pop3 
connections from a Ubuntu system to this spare server before 
transferring that configuration to main server to provide reasonably 
secure remote access as well as allowing direct connections from 
friends with outgoing port 25 blocked by isp.

sorry for the noise - again

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: Problem with XMail on NetBSD-4

[David Lord]

> 
> I've just been setting up a new server running NetBSD-4 and copied my
> existing 1.25-pre25 NetBSD 3.1 directory and binaries.
> 
> 'telnet localhost 25'
> 
> Allows me to connect and accepts a test email.
> 
> All attempts at using the interface hostname or ip address get a
> connection refused.
> 
> I've since done a fresh install of 1.25 which dumps core on attemp to
> start using supplied script /etc/rc.d/xmail and if started with my own

I've looked through startup scripts and main difference is single 
extra line in script with 1.25:

ulimit -s 128

If I add that line to my own script I also get a segfault/coredump.


-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Problem with XMail on NetBSD-4

[David Lord]

Hi

I've just been setting up a new server running NetBSD-4 and copied my 
existing 1.25-pre25 NetBSD 3.1 directory and binaries.

'telnet localhost 25'

Allows me to connect and accepts a test email.

All attempts at using the interface hostname or ip address get a 
connection refused.

I've since done a fresh install of 1.25 which dumps core on attemp to 
start using supplied script /etc/rc.d/xmail and if started with my 
own script again can connect ok to localhost but not by hostname or 
ip.

Log file entries smtp, smail, filters(glst, sa and fprot) look normal 
for local delivered email.

NFS, Samba, Ftp and Web servers all seem to be running ok (both NFS 
and Samba will eventually be removed), also default install of 
postfix accepted remote connections ok.

Any ideas to get some debugging out of it (Md option is already 
enabled).

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: Fprot false alarms?

[David Lord]

On 2 Dec 2007, at 21:46, David Lord wrote:

> Anyone using fprot with xmail?
> 
> My main server has given a couple of empty messages that a virus has 
> been found but no details and that was last week but it crashed last 
> week then earlier today.

I've now manually run fprot on the most recent saved 'infected' 
message but it scans as clean.

I'm suspecting a problem in the scripts or xmail maybe caused as
system time was stepped before ntpd was restarted after the crash.  

> Today my test server al;so crashed after uptime of 200+ days and on 
> restart I find multiple instances of XMail then see spool file is 
> full of (179174 of them) messages: Subject: Identified virus! all 
> dated from Dec 1.

The message that initially caused the problem was the email sent with 
output from daily security check on Dec 1. I've now found a possible 
misconfiguration of the spamd flags in rc.conf on the test server.

Sorry for the noise.

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Fprot false alarms?

[David Lord]

Anyone using fprot with xmail?

My main server has given a couple of empty messages that a virus has 
been found but no details and that was last week but it crashed last 
week then earlier today.

Today my test server al;so crashed after uptime of 200+ days and on 
restart I find multiple instances of XMail then see spool file is 
full of (179174 of them) messages: Subject: Identified virus! all 
dated from Dec 1.

The message flagged as infected is itself a message: Subject: 
Identified virus!

I hope this is a false alarm.

Anyone seen similar problem?

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: 2-4 hour delay on relays....

[David Lord]

On 22 Nov 2007, at 11:51, Davide Libenzi wrote:

> On Thu, 22 Nov 2007, David Lord wrote:
> 
> > I should have added that defaults for retries seem very conservative 
> > and much safer for a production server than my values that ramp up 
> > the period between reduced number of retries much more agressively.
> > 
> > Davide, please correct me if I've calculated wrong but I work out 
> > retries are at following times after initial attempt:
> 
> Actually, defaults are even too aggressive. Especially considering the 
> fact that *many* servers now use greylisting.

You're right, I'd missed that side effect of greylisting.

It does require a particular set of circumstances to hit a problem 
from it, not already being whitelisted together with connection 
failures over the period for first few retries. I suppose for a 
production server you're now stuck with needing a high value or zero 
for ratio and a high number of retries.

For me, I have three NotifyTryPattern points set and non appearance 
or otherwise seems a good enough way of indicating when an email has 
been sent.

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: 2-4 hour delay on relays....

[David Lord]

On 21 Nov 2007, at 23:27, David Lord wrote:

> On 21 Nov 2007, at 9:27, Dale Qualls wrote:
> 
> > Same problem thing this morning.   Sent a message, waited 30 minutes and 
> > it's still sitting in the queue, no SLOG file, message was sitting in 
> > the spool just fine.  Restart XMail and the message flies on through.
> > Is there anything strange with my command line?  This is happening on 
> 
> 
> Yes
> 
> ! Here is my command line (on both servers):
> !
> ! XMAIL_CMD_LINE="-Pl -Sl -Ql -Qt 10 -Qr 50 -Yl -Fl -Cl -Ll -SX 100"
> !
> ! I've got the Qt set to 10 so after a failure it should retry a send 
> ! in
> !
> !10 minutes, correct?  All of the "l" are lower case "L"s.
> 
> 10 seconds?
> 
> I have -Qg -Qt 907 -Qi 1 -Qr 9
> 
> Default Qt 480 so I guess that's not minutes.

I should have added that defaults for retries seem very conservative 
and much safer for a production server than my values that ramp up 
the period between reduced number of retries much more agressively.

Davide, please correct me if I've calculated wrong but I work out 
retries are at following times after initial attempt:

Qt,Qi,Qr  480,16,32  10,16,51   907,1,9

Retry hhh:mm:ss hhh:mm:ss hhh:mm:ss
 1  0: 8: 0   0: 0:10   0:15: 7 
 2  0:16:30   0: 0:20   0:45:21 
 3  0:25:31   0: 0:31   1:45:49 
 4  0:35: 7   0: 0:43   3:46:45 
 5  0:45:19   0: 0:56   7:48:37 
 6  0:56: 9   0: 1:10  15:52:21 
 7  1: 7:39   0: 1:24  31:59:49 
 8  1:19:53   0: 1:39  64:14:45 
 9  1:32:53   0: 1:56 128:44:37 
..
29 10:14:35   0:12:48
30 11: 1: 0   0:13:46
31 11:50:18   0:14:47
32 12:42:42   0:15:53
..
470:43:24
480:46:17
490:49:20
500:52:35



David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: 2-4 hour delay on relays....

[David Lord]

On 21 Nov 2007, at 9:27, Dale Qualls wrote:

> Same problem thing this morning.   Sent a message, waited 30 minutes and 
> it's still sitting in the queue, no SLOG file, message was sitting in 
> the spool just fine.  Restart XMail and the message flies on through.
> Is there anything strange with my command line?  This is happening on 


Yes

! Here is my command line (on both servers):
!
! XMAIL_CMD_LINE="-Pl -Sl -Ql -Qt 10 -Qr 50 -Yl -Fl -Cl -Ll -SX 100"
!
! I've got the Qt set to 10 so after a failure it should retry a send 
! in
!
!10 minutes, correct?  All of the "l" are lower case "L"s.

10 seconds?

I have -Qg -Qt 907 -Qi 1 -Qr 9

Default Qt 480 so I guess that's not minutes.

> both boxes.  Maybe the box is running low on memory?  They only have 
> 256MB of RAM and it looks like most of it is being used up (246MB).  I'm 
> going to double the RAM and see if that makes a difference.  I bet XMail 
> is maybe bogging down because it's getting killed by lack of RAM?

Only a home server here, k6-400, NetBSD 3.1, total memory = 127 MB, 
avail memory = 119 MB. I used to send a batch of 12 emails from a 
remote account as test of spamassassin and fprot, 6 x connections 
each to 2 accounts. Occasionally all would slowly get through but 
mostly system crashed (I think there is a memory problem from NetBSD 
2.0 on and still not located/fixed with 4.0). Seemed most likely 
spamassassin perl script was using all memory but I set a check in 
both fprot and spamassassin to each limit number of scans to 2. That 
fixed the problem completely.

I'm sure possibly several years back I've had cases of seeing 
incoming email connections in firewall logs but nothing arriving in 
mailbox. Going through spool and deleting any that appeared to be 
spam would fix the problem. It's happened so infrequently that I 
never tried to work out exact cause.


David


> 
> mx3:/ # top
> top - 09:03:45 up 5 days, 32 min,  1 user,  load average: 0.00, 0.00, 0.00
> Tasks:  52 total,   2 running,  50 sleeping,   0 stopped,   0 zombie
> Cpu(s):  0.0%us,  0.0%sy,  0.0%ni, 98.8%id,  0.0%wa,  0.0%hi,  1.2%si,  
> 0.0%st
> Mem:256724k total,   246544k used,10180k free,90496k buffers
> Swap:   514040k total,   84k used,   513956k free,95008k cached
> 
>   PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
> 14314 root  16   0  319m 3748 1584 S  0.3  1.5   0:21.38 XMail
> 1 root  16   0   720  284  244 S  0.0  0.1   0:00.58 init
> 2 root  34  19 000 S  0.0  0.0   0:00.04 ksoftirqd/0
> 3 root  10  -5 000 S  0.0  0.0   0:00.00 events/0
> 4 root  10  -5 000 S  0.0  0.0   0:00.00 khelper
> 5 root  10  -5 000 S  0.0  0.0   0:00.00 kthread
> 7 root  10  -5 000 S  0.0  0.0   0:01.79 kblockd/0
> 8 root  20  -5 000 S  0.0  0.0   0:00.00 kacpid
>98 root  15   0 000 S  0.0  0.0   2:30.25 pdflush
>99 root  15   0 000 S  0.0  0.0   0:02.91 pdflush
>   101 root  20  -5 000 S  0.0  0.0   0:00.00 aio/0
>   100 root  15   0 000 S  0.0  0.0   0:03.52 kswapd0
>   307 root  11  -5 000 S  0.0  0.0   0:00.00 cqueue/0
>   308 root  10  -5 000 S  0.0  0.0   0:00.00 kseriod
>   348 root  11  -5 000 S  0.0  0.0   0:00.00 kpsmoused
>   720 root  11  -5 000 S  0.0  0.0   0:00.00 scsi_eh_0
>   809 root  10  -5 000 S  0.0  0.0   0:00.06 reiserfs/0
> 
> 
> Thanks Davide.
> 
> Dale Qualls wrote:
> > I had attempted with the file system before, there just wasn't a slog file.
> > I followed your directions below but lo and behold the message 
> > transferred immediately.
> >
> > MX2:/var/MailRoot/spool # grep -R "[EMAIL PROTECTED]" *
> > MX2:/var/MailRoot/spool # cd ../logs
> > MX2:/var/MailRoot/logs # grep -R "[EMAIL PROTECTED]" smail-20071120*
> > "pmnhg.net" "1195567522962.2820438944.1ca30.MX2""S99747F"   
> > "[EMAIL PROTECTED]"   "[EMAIL PROTECTED]""RLYS"  
> > "10.5.10.3" "2007-11-20 12:09:01"
> > "pmnhg.net" "1195590261005.2812046240.2312b.MX2""S99D74E"   
> > "[EMAIL PROTECTED]"   "[EMAIL PROTECTED]""RLYS"  
> > "10.5.10.3" "2007-11-20 15:13:36"
> > *"pmnhg.net" "1195597085232.2837445536.48.MX2"   "S9A27C9"   
> > "[EMAIL PROTECTED]"   "[EMAIL PROTECTED]""RLYS"  
> > "10.5.10.3" "2007-11-20 16:18:05"*
> > MX2:/var/MailRoot/logs #
> >
> > So, I tried it again and it still transferred immediately:
> >
> > "pmnhg.net" "1195567522962.2820438944.1ca30.MX2""S99747F"   
> > "[EMAIL PROTECTED]"   "[EMAIL PROTECTED]""RLYS"  
> > "10.5.10.3" "2007-11-20 12:09:01"
> > "pmnhg.net" "1195590261005.2812046240.2312b.MX2""S99D74E"   
> > "[EMAIL PROTECTED]"   "[EMAIL PROTECTED]""RLYS"  
> > "10.5.10.3" "2007-11-20 15:13:36"
> > "pmnhg.net" "119559708

[xmail] Re: SSL + Attachment

[David Lord]

On 17 Nov 2007, at 19:11, Filip Supera wrote:

> Bonjour Davide,
> 
> R=E9ponse au message re=E7u le 17/11/2007 =E0 18:57 :
> 
> > On Sat, 17 Nov 2007, Filip Supera wrote:
> 
> >> Hello,
> >>=20
> >> I've got two machines running XMAIL. One has 1.24 and the other has
> >> 1.25.
> >> I use SSL on port 465 for SMTP.
> >> When I send a message without attachment or with small attachment (I
> >> just tried with 3 22KO jpeg pictures), no problem.
> >>=20
> >> But, if I attach files that weigh more than 80KO, the transfer
> >> starts but stops after a few seconds and fails. I see nothing special
> >> when I run in debug mode.
> >>=20
> >> Am I the only one having this problem ? Anybody can help me solve this
> >> ? Thanks.
> 
> > I have full SSL enabled in my systems, and it works w/out any problems?=
> =20
> > Can you try sending a 80KB attachment instead of a 80KO? Maybe XMail does=
> =20
> > not understand French very well :)
> 
> :-)
> 
> > Seriously, in the very latest 1.25-pre series I replaced OpenSSL DLLs wit=
> h=20
> > the new ones I built based on the latest OpenSSL release.
> > Are you sending from XMail to XMail, or from MUA to XMail?
> 
> From=20MUA (Thunderbird or The Bat!) with XMail (running on Linux) as SSL s=
> mtp server.

No (*)real problem here from Evolution on Ubuntu 7.10 with 230KB 
music file as attachment connecting to xmail 1.25-pre25 on NetBSD 
using smtps port 465
(1) picked up from xmail mailbox by pop3.
(2) via xmail to external email address (smtp possibly exim)

(*) Evolution complained of bad certificate - did I want to accept. 
Didn't do that earlier this week but both Ubuntu and xmail updated 
since.
(*) SpamAssassin log on NetBSD had "EMAIL TOO BIG" but attachment 
arrived intact.

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: Bounced eMail messags

[David Lord]

On 3 Oct 2007, at 9:56, Hal Dell wrote:

>  
> Hello All...
> 
> Recently a SPAMer started sending eMails to the server using a dictionary
> for eMail addresses like [EMAIL PROTECTED], [EMAIL PROTECTED], etc. Then the
> eMail Servers trys to send an eMail message back to the sender indicating
> the eMail was
> NOT delivered because of a bad eMail address.

So far as I am aware, XMail does not send an email back to the 
sender. If you check your smtp log you might see the incoming 
connection has been rejected with an EAVAIL error code.

What may be happening, and appears to be as I've been seeing, is that 
the spammer is sending via an open relay or badly configured server
and using your domain as return path as well as recipient, delivery
is rejected and the server then sends off the rejection email.

No sender bounce should help solve that problem but you can also put 
the severs ips in spammers.tab if you don't expect legitimate email
from those. I don't like using spammers.tab but have found option of
putting a delay of a few seconds in connections from those ips used
to work against previous methods of spam and virus propogation but
wouldn't be useful in this case.

David
 
> So I've set NoSenderBounce to 1. By changing this setting will this stop
> this behavior?
> 
> Next, I still need SenderBounce enabled for certain eMail accounts. I was
> wondering why we don't push
> down a lot of these configuration options to the domain level like
> SmarterMail does? If a lot of folks using
> xMail are ISP / ASP then this would make sense to have management control at
> the domain level.
> 
> I don't know if you guys have seen this but the SPAMers are now using your
> eMail Server, if eMail bounce back
> Messages are on, to effectively SYN Flood someone. The way this works is
> they get hold of some domain then
> point that domain's A to an IP that does NOT have an eMail Server associated
> with it. Typically, these domains
> don't have MX records.
> 
> Then, they send a slow drip of eMails to the same domain, the effect is the
> eMail Server tries to deliver the
> bounce back to the sender over and over again. Each time the bounce back is
> attempted an TCP connection
> is attempted and of course a SYN is generated first.
> 
> Now, imagine, that you have several 100 eMails in the message queue, all the
> time, all trying to connect to that
> same IP at various intervals based upon the time they were received.
> 
> And now you get a SYN Flood.
> 
> How do we solve this? Can you simply ONLY send eMails to domains that have
> MX records? I know this
> Probally violates and RFC, however, we else can we do until someone decides
> to fix the larger SPAM issue.

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: Less server load

[David Lord]

On 11 Oct 2007, at 16:02, Fabian Cenedese wrote:

> Hi
> 
> I recently had a case where xmail got about a dozen mails at the same
> time (with PSYNC). So I then had several threads doing virus scanning
> and spam checking. As each thread only got a little CPU time they
> timed out and the mails slipped through without being checked.
> 
> Apart from increasing the filter timeout time I would also like to lower
> the number of threads doing the filtering in filter.in.tab. Are these the
> SMAIL threads? So I need to give a lower -Qn argument?
> 
> I don't mind if a mail has to wait some minutes before it is filtered,
> the filter is more important then the immediate delivery.
> 
> Are there any other effects with less threads? Is the responsiveness
> still the same (should be so as they are handled from POP3/SMTP)?

That would/used to likely cause a kernel panic on my NetBSD server 
(k6-400/128MB ram.

I used both xmail commandline parameters and filter scripts to limit 
number processed simultaneously. I'm not sure which settings as this 
was a long while back. In the filter script I inserted a check on 
what filter was already running and a wait until < 2 were running 
before next one progressed. Spamassassin perl seemed to be main 
culprit rather than fprot. My test was to send a dozen emails from a 
remote account, 4 x ok, 4 x virus and 4 x spam and with number of 
simultaneous processes at 4 I'd occasionally have a problem so 
settled for 2 and there is only a short delay introduced such that 
from my remote account the sending client didn't timeout with all 
having been delivered within 30 - 40 sec.

David
 
> Is there anything else that can be done in the filters except to
> check if the @@FILE is still available to handle long filter runs?
> 

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: Bounced eMail messags

[David Lord]

On 4 Oct 2007, at 0:36, K. Wolf wrote:

> Hi,
> 
> Last weekend I had an example of this happen to one of my backup mail servers.
> When I noticed the problem there were 27,000 NDR type messages it was 
> trying to deliver.
> Mostly all were sent to random [EMAIL PROTECTED] and the mail server 
> was diligently trying sending NDR's to every single one of them - 
> most likely to faked or spoofed addresses.
> I could actually sit and watch more junk flooding in, they appeared 
> to be coming from many compromised hosts so blocking the IP's didn't 
> really help.
> 
> So it would be very useful if Xmail at least had an option so that it 
> does not send all the bounced email messages.
> I realise this may not conform to the RFC's and I realise that not 
> many people may use it, but it would still be a very helpful if the 
> mail-admin found that NDR messages were getting out of hand.
> One or two legitimate senders may not know that their mail was not 
> delivered, but when compared to the type of flood described here its 
> a small price to pay

I can't say I've seen xmail behave as you're seeing.

I was getting lots of bogus bounces incoming from systems that have 
attempted to send from forged valid addresses @lordynet.org to 
invalid addresses and these have correctly been rejected by xmail 
(EAVAIL) but the badly configured remote system then returns a bounce 
email to the rejection back out to the forged sender, also including 
the original spam content. These were more than a little annoying due 
to effort in working out what was happening. It seems to have been 
fixed now.

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: eMail NOT automatically being requeued?

[David Lord]

On 14 Jun 2007, at 23:55, Hal Dell wrote:

>  
> Dear David Lord-
> 
> > Hal Dell wrote:
> > 
> > The problem is that I received the error code and message "451 
> > Greylisted, please try again in 900 seconds". In the case of xMail it 
> > did not retry to send the eMail.
> > 
> > According to RFC2505, 4xx are Transient Negative Completion reply 
> > (Temporary
> > Error) and should result in the mail transfer being put back on queue 
> > again and a new attempt being made later.
> 
> >> David Lord wrote:
> >>
> >> That doesn't seem right, as greylisting has been taken up by more
> providers I've seen temporary
> >> failure many times but xmail retries and either delivers or eventually
> gives up and I get an unable
> >> to deliver message. Only unable to deliver have been whilst testing and
> not to real addresses.
> >> Xmail default here was a notification after first temporary failure then
> after complete failure which
> >> might be 4 - 5 days later. I modified notification settings to 1,6,9
> attempts but any that have hit
> >> 6, all test emails, never get through at all.  If I'm desperate I check
> what is still in spool file that
> >> xmail is still trying. One unlikely possibility is the greylisting accept
> period is too short and after
> >> jumping past it there is no possibility mail will get through. 
> 
> Thanks for the input -- I've been using xMail for quite some time and
> checked on your suggestions.
> 
> I don't understand the "NotifyTryPattern" option -- is this in hours? None
> of the docs I found describe
> this in detail.

These are simply the queue retry counts at which a notification email 
is sent to both postmaster and user that the email is still queued.

By default xmail makes 32 retries but only slowly increases time 
between retries from initial period of 480 seconds set by commandline 
options -Qt timeout, -Qi ratio, -Qr nretries. It's probably not a 
good idea to change from defaults.


> The problem is that with the 451 returned error from the remote MTA -- xMail
> seems to have
> considered this an error because it immediately sent back an eMail to the
> user with
> the Subject "Error sending message...". It did NOT retry -- I double checked
> this
> by reviewing the log file. Here is what is in the LOG file (please note I
> removed the
> original from/to for privacy) :
> 
> [PeekTime] 1181221418 : Thu, 7 Jun 2007 09:03:38 -0400
> <<
> ErrCode   = -77
> ErrString = [RCPT TO:] not permitted by remote SMTP server
> ErrInfo   = 451 Greylisted, please try again in 900 seconds
> SMAIL SMTP-Send MX = "mail22.webcontrolcenter.com."
> SMTP = "smtp-x1.phl1.mgfx.com" From = "" To = "" Failed !
> SMTP-Error = "451 Greylisted, please try again in 900 seconds"
> SMTP-Server = "mail22.webcontrolcenter.com."
> >>
> 
> The error code -77 translates to ERR_SMTP_BAD_RCPT_TO" with
> the string "[RCPT TO:] not permitted by remote SMTP server" as shown.
> I don't think this is correct
> 
> I am hoping that someone can read the source code better then I can to
> help figure this out. I don't see any place in the Server.Tab to change this
> behavior. For xMail to work with other MTAs it needs to follow the RFC
> 2505 and I think xMail should treat 451 as a soft error?

I've just looked back through mails to postmaster and the codes 451 
along with -77 are normal for email that is being blocked by 
greylisting and eventually sent (can't find messages for retry 6).

Unfortunately they are normal from a couple of sites where mail is in 
effect rejected permanently. I see several cases of test emails where 
reason is given as eg. "unacceptable sender address" and other 
similar reasons that might be correctable by the sender. These are 
not generally problems caused by xmail. 
 
David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] glst 0.25 reminder if using ipv6

[David Lord]

Last night and today I've been overwhelmed by spam, majority being 
caught by spamassassin. Tonight I noticed glst.dbm hadn't changed 
since yesterday when I restarted with xmail-1.25-pre16 and ipv6 
enabled. I then remembered Davide mentioned a glst update for ipv6, 
so glst-0.25 now installed, .dbm being updated and again seeing 
"DATA=EFILTER" in smtp log.

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: 1.25-pre16

[David Lord]

On 13 Jun 2007, at 11:16, Davide Libenzi wrote:

> On Wed, 13 Jun 2007, Davide Libenzi wrote:
> 
> > 
> > Here's -pre16 with the fixes for the problems (yep, more of them) found by 
> > David Lord:
> > 
> > http://www.xmailserver.org/xmail-1.25-pre16.tar.gz
> > http://www.xmailserver.org/xmail-1.25-pre16.win32bin.zip
> 
> BTW, nobody tested the newest 1.25 on Windows yet?

With pre16 this one went out ok, commandline with -M7 -S6 -P6.

Delivery-date: Wed, 13 Jun 2007 20:05:39 +0100
Received: from [2001:8b0:1c7:1::1] (helo=mail.lordynet.org)
by c.hopeless.aaisp.net.uk with esmtp (Exim 4.63)


I'll now try to work out how to collect via psync from above server 
with minimal amount of reconfiguration.


cheers

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: 1.25-pre14

[David Lord]

On 13 Jun 2007, at 8:57, Davide Libenzi wrote:

> On Wed, 13 Jun 2007, David Lord wrote:
> 
> > Ok that allowed me to send from dos box and now accepted by xmail but 
> > I still get reject from mail.lordynet.me.uk
> > 
> > Below are xmail commandline, failure message and capture of telnet 
> > session from local mail.lordynet.org to mail.lordynet.me.uk at isp.
> > 
> > Do I need to change any of .tab files in /var/MailRoot in order to 
> > support ip6?
> > 
> > # sysctl net.inet6.ip6.v6only
> > net.inet6.ip6.v6only = 0
> > 
> > # grep '^XMAIL_CMD' /etc/rc.d/xmail
> > XMAIL_CMD_LINE="-M7 -Md -Mr 168 -Pl -Pw 12 -Sl -Ql -Qg -Qt 907 -Qi 1 
> > -Qr 9"
> > XMAIL_CMD_LINE="$XMAIL_CMD_LINE -P6 -S6 -Yl -Fl -Cl -Ll  -Yi 1380 -Lt 
> > 19"
> 
> There was a bug in -M7 mode. XMail was getting the IPV6 address (when 
> available), but then it was creating an IPV4 socket. Duh!
> Will be making pre16 later today.

Right, thanks will look out for it.

> > bash-3.00$ telnet -6 mail.lordynet.me.uk 25
> > Trying 2001:8b0:0:81::51bb:510d...
> > Connected to C.mail.aaisp.net.uk.
> > Escape character is '^]'.
> > 220-c.hopeless.aaisp.net.uk ESMTP Wed, 13 Jun 2007 09:07:08 +0100
> > 220 Welcome
> > ehlo mail.lordynet.org
> > 250-c.hopeless.aaisp.net.uk Hello mail.lordynet.org [2001:8b0:1c7:1::1]

.
 
> Hmmm, this is not XMail, is it?

No they use Exim (on Linux I think).


David


-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: 1.25-pre14

[David Lord]

On 13 Jun 2007, at 9:09, David Lord wrote:

. 


Don't know if relevant but I just noticed in failure message I can't see any 
reference to the mx mail.lordynet.me.uk or mx alias C.mail.aaisp.net.uk.

> Failure message:
> [<00>] XMail bounce: [EMAIL PROTECTED];Error=[Network kernel error]
> [<01>] Error sending message 
> [1181723954664.3076521984.1.k6x400.home.lordynet.org] from 
> [mail.lordynet.org].
> ID:
> Mail From: <[EMAIL PROTECTED]>
> Rcpt To:   <[EMAIL PROTECTED]>
> Server: [lordynet.me.uk]
> [<02>] The reason of the delivery failure was:
> Network kernel error
> [<03>] Note:
> ** This is a temporary error and you do not have to resend the message
> ** The system tried to send the message at  : Wed, 13 Jun 2007 
> 08:39:14 -
> ** The current number of delivery attempts is   : 1
> ** The system will try to resend the message at : Wed, 13 Jun 2007 
> 08:54:21 -
> [<04>] Here is listed the message log file:
> [PeekTime] 1181723954 : Wed, 13 Jun 2007 08:39:14 -
> <<
> ErrCode   = -3
> ErrString = Network kernel error
> SMAIL SMTP-Send EDNS = "lordynet.me.uk" SMTP = "mail.lordynet.org"
> From = "[EMAIL PROTECTED]" To = "[EMAIL PROTECTED]" Failed !
> SMTP-Error = "Network kernel error"
> SMTP-Server = "lordynet.me.uk"
> >>
> 

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: 1.25-pre14

[David Lord]

On 12 Jun 2007, at 16:34, Davide Libenzi wrote:

> On Tue, 12 Jun 2007, Davide Libenzi wrote:
> 
> > On Tue, 12 Jun 2007, David Lord wrote:
> > 
> > > As soon as -P6 and -S6 are added Pegasus/ka9q(dos) doesn't connect to 
> > > xmail with ka9q log showing connect failed: reset/refused.
> > > 
> > > xmail acts as local smarthost for lan
> > > pegasus => ka9q => lan (ip4) => xmail (ip6) => internet => 
> > > 
> > > I'll have another play after a nights sleep.
> > 
> > I bet NetBSD defaults with IPV6_V6ONLY == 1 ...
> 
> Yes, it does. You need to set the sysctl "net.inet6.ip6.v6only" to 0, if 
> you want both IPV4 and IPV6 connectivity.

Ok that allowed me to send from dos box and now accepted by xmail but 
I still get reject from mail.lordynet.me.uk

Below are xmail commandline, failure message and capture of telnet 
session from local mail.lordynet.org to mail.lordynet.me.uk at isp.

Do I need to change any of .tab files in /var/MailRoot in order to 
support ip6?

# sysctl net.inet6.ip6.v6only
net.inet6.ip6.v6only = 0

# grep '^XMAIL_CMD' /etc/rc.d/xmail
XMAIL_CMD_LINE="-M7 -Md -Mr 168 -Pl -Pw 12 -Sl -Ql -Qg -Qt 907 -Qi 1 -Qr 9"
XMAIL_CMD_LINE="$XMAIL_CMD_LINE -P6 -S6 -Yl -Fl -Cl -Ll  -Yi 1380 -Lt 19"

Failure message:
[<00>] XMail bounce: [EMAIL PROTECTED];Error=[Network kernel error]
[<01>] Error sending message 
[1181723954664.3076521984.1.k6x400.home.lordynet.org] from [mail.lordynet.org].
ID:
Mail From: <[EMAIL PROTECTED]>
Rcpt To:   <[EMAIL PROTECTED]>
Server: [lordynet.me.uk]
[<02>] The reason of the delivery failure was:
Network kernel error
[<03>] Note:
** This is a temporary error and you do not have to resend the message
** The system tried to send the message at  : Wed, 13 Jun 2007 08:39:14 
-
** The current number of delivery attempts is   : 1
** The system will try to resend the message at : Wed, 13 Jun 2007 08:54:21 
-
[<04>] Here is listed the message log file:
[PeekTime] 1181723954 : Wed, 13 Jun 2007 08:39:14 -
<<
ErrCode   = -3
ErrString = Network kernel error
SMAIL SMTP-Send EDNS = "lordynet.me.uk" SMTP = "mail.lordynet.org"
From = "[EMAIL PROTECTED]" To = "[EMAIL PROTECTED]" Failed !
SMTP-Error = "Network kernel error"
SMTP-Server = "lordynet.me.uk"
>>


telnet session:
bash-3.00$ host k6x400
k6x400.home.lordynet.org has address 192.168.59.60

bash-3.00$ host mail.lordynet.org
mail.lordynet.org has address 81.187.61.67

bash-3.00$ telnet -6 mail.lordynet.me.uk 25
Trying 2001:8b0:0:81::51bb:510d...
Connected to C.mail.aaisp.net.uk.
Escape character is '^]'.
220-c.hopeless.aaisp.net.uk ESMTP Wed, 13 Jun 2007 09:07:08 +0100
220 Welcome
ehlo mail.lordynet.org
250-c.hopeless.aaisp.net.uk Hello mail.lordynet.org [2001:8b0:1c7:1::1]
250-SIZE 1048576000
250-PIPELINING
250 HELP
MAIL FROM: <[EMAIL PROTECTED]>
250 OK
RCPT TO: <[EMAIL PROTECTED]>
250 Accepted
QUIT
221 c.hopeless.aaisp.net.uk closing connection
Connection closed by foreign host.
bash-3.00$

cheers

David
-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: 1.25-pre14

[David Lord]

On 12 Jun 2007, at 12:31, Davide Libenzi wrote:

> On Tue, 12 Jun 2007, David Lord wrote:
> 
> > On 12 Jun 2007, at 8:05, Davide Libenzi wrote:
> > 
> > > On Tue, 12 Jun 2007, David Lord wrote:
> > > 
> > > > On 10 Jun 2007, at 20:34, David Lord wrote:
> > > > 
> > > > > On 10 Jun 2007, at 12:19, Davide Libenzi wrote:
> > > > 
> > > > ..
> > > > 
> > > > > > I made pre15 with some new -M* options. You can select if to use 
> > > > > > only 
> > > > > > IPV4, only IPV6, IPV4 if present or IPV6, IPV6 if present or IPV4.
> > > > > > It defaults to the former at the moment.
> > > > > 
> > > > > NetBSD 3.1
> > > > > With xmail-1.25-pre15 email was delivered ok to lordynet.me.uk
> > > > > (with pre14 it failed, likely due to mx having ip6 address).
> > > > 
> > > > I now have gif0 tunnel sort of working. The endpoint ip4 address is 
> > > > same but its ip6 address had changed. Ntpdate -6 and ftp -6 
> > > > connections seem to work ok. I tried xmail with -M7 and still had 
> > > > same reject message, but telnet -6 mail.lordynet.me.uk (isp server) 
> > > > gave connection refused so looks like although adverising ip6 address 
> > > > it doesn't allow ip6 connection so I've queried that with isp. The 
> > > > default xmail without -Mn connects by ip4 ok. 
> > > 
> > > What's your command line?
> > 
> > Almost same as last time you asked :)
> > 
> > XMAIL_CMD_LINE="-Md -Mr 168 -Pl -Pw 12 -Sl -Ql -Qg -Qt 907 -Qi 1 -Qr 
> > 9 -Yl -Fl"
> > XMAIL_CMD_LINE="$XMAIL_CMD_LINE -Cl -Ll  -Yi 1380 -Lt 19"
> > 
> > There was no problem with pre15 behaviour as far as I was able to 
> > test with above.
> 
> You're not binding to IPV6 addresses. Did you try adding "-P6 -S6"?

As soon as -P6 and -S6 are added Pegasus/ka9q(dos) doesn't connect to 
xmail with ka9q log showing connect failed: reset/refused.

xmail acts as local smarthost for lan
pegasus => ka9q => lan (ip4) => xmail (ip6) => internet => 

I'll have another play after a nights sleep.

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: 1.25-pre14

[David Lord]

On 12 Jun 2007, at 8:05, Davide Libenzi wrote:

> On Tue, 12 Jun 2007, David Lord wrote:
> 
> > On 10 Jun 2007, at 20:34, David Lord wrote:
> > 
> > > On 10 Jun 2007, at 12:19, Davide Libenzi wrote:
> > 
> > ..
> > 
> > > > I made pre15 with some new -M* options. You can select if to use only 
> > > > IPV4, only IPV6, IPV4 if present or IPV6, IPV6 if present or IPV4.
> > > > It defaults to the former at the moment.
> > > 
> > > NetBSD 3.1
> > > With xmail-1.25-pre15 email was delivered ok to lordynet.me.uk
> > > (with pre14 it failed, likely due to mx having ip6 address).
> > 
> > I now have gif0 tunnel sort of working. The endpoint ip4 address is 
> > same but its ip6 address had changed. Ntpdate -6 and ftp -6 
> > connections seem to work ok. I tried xmail with -M7 and still had 
> > same reject message, but telnet -6 mail.lordynet.me.uk (isp server) 
> > gave connection refused so looks like although adverising ip6 address 
> > it doesn't allow ip6 connection so I've queried that with isp. The 
> > default xmail without -Mn connects by ip4 ok. 
> 
> What's your command line?

Almost same as last time you asked :)

XMAIL_CMD_LINE="-Md -Mr 168 -Pl -Pw 12 -Sl -Ql -Qg -Qt 907 -Qi 1 -Qr 
9 -Yl -Fl"
XMAIL_CMD_LINE="$XMAIL_CMD_LINE -Cl -Ll  -Yi 1380 -Lt 19"

There was no problem with pre15 behaviour as far as I was able to 
test with above.

I just tried telnet -6 again and this time connected and sent email. 
I've restarted xmail with addition of -M7 at start of above 
commandline and get following to postmaster:

[<02>] The reason of the delivery failure was:

417 Temporary delivery error

[<03>] Note:

** This is a temporary error and you do not have to resend the message
** The system tried to send the message at  : Tue, 12 Jun 2007 16:02:35 
-
** The current number of delivery attempts is   : 1
** The system will try to resend the message at : Tue, 12 Jun 2007 16:17:42 
-


[<04>] Here is listed the message log file:

[PeekTime] 1181664155 : Tue, 12 Jun 2007 16:02:35 -
<<
ErrCode   = -3
ErrString = Network kernel error
SMAIL SMTP-Send MX = "C.secondary-mx.co.uk." SMTP = "mail.lordynet.org" From = 
"[EMAIL PROTECTED]" To = "[EMAIL PROTECTED]" Failed !
SMTP-Error = "417 Temporary delivery error"
SMTP-Server = "C.secondary-mx.co.uk."
>>
<<
ErrCode   = -3
ErrString = Network kernel error
SMAIL SMTP-Send MX = "tertiary-mx.co.uk." SMTP = "mail.lordynet.org" From = 
"[EMAIL PROTECTED]" To = "[EMAIL PROTECTED]" Failed !
SMTP-Error = "417 Temporary delivery error"
SMTP-Server = "tertiary-mx.co.uk."
>>

[<05>] Here is listed the initial part of the message:



Cheers

David


-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: eMail NOT automatically being requeued?

[David Lord]

On 12 Jun 2007, at 9:41, Hal Dell wrote:

>  
> Hello All... I have a sender who is using our xMail infrastructure to send
> eMails and one such eMail address is associated with the destination eMail
> Server mail22.webcontrolcenter.com which has implemented Greylisting (For
> those not familiar with Greylisting is a process by which the remote MTA
> rejects the eMail from a sender the first time -- every time -- assuming
> that a SPAM bot or alike does not have the ability to resend).
> 
> The problem is that I received the error code and message "451 Greylisted,
> please try again in 900 seconds". In the case of xMail it did not retry to
> send the eMail.
> 
> According to RFC2505, 4xx are Transient Negative Completion reply (Temporary
> Error) and should result in the mail transfer being put back on queue again
> and a new attempt being made later.

That doesn't seem right, as greylisting has been taken up by more 
providers I've seen temporary failure many times but xmail retries 
and either delivers or eventually gives up and I get an unable to 
deliver message. Only unable to deliver have been whilst testing and 
not to real addresses. Xmail default here was a notification after 
first temporary failure then after complete failure which might be
4 - 5 days later. I modified notification settings to 1,6,9 attempts 
but any that have hit 6, all test emails, never get through at all. 
If I'm desperate I check what is still in spool file that xmail is 
still trying. One unlikely possibility is the greylisting accept 
period is too short and after jumping past it there is no possibility 
mail will get through. 

What is your server.tab 'NotifyTryPattern' along with xmail 
commandline, in particular the -Q options if any? I have -Qr 
(retries) set to 9 rather than default of 32 with Qi to spread 
retries out more than default.
 
David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: 1.25-pre14

[David Lord]

On 10 Jun 2007, at 20:34, David Lord wrote:

> On 10 Jun 2007, at 12:19, Davide Libenzi wrote:

..

> > I made pre15 with some new -M* options. You can select if to use only 
> > IPV4, only IPV6, IPV4 if present or IPV6, IPV6 if present or IPV4.
> > It defaults to the former at the moment.
> 
> NetBSD 3.1
> With xmail-1.25-pre15 email was delivered ok to lordynet.me.uk
> (with pre14 it failed, likely due to mx having ip6 address).

I now have gif0 tunnel sort of working. The endpoint ip4 address is 
same but its ip6 address had changed. Ntpdate -6 and ftp -6 
connections seem to work ok. I tried xmail with -M7 and still had 
same reject message, but telnet -6 mail.lordynet.me.uk (isp server) 
gave connection refused so looks like although adverising ip6 address 
it doesn't allow ip6 connection so I've queried that with isp. The 
default xmail without -Mn connects by ip4 ok. 


David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: 1.25-pre14

[David Lord]

On 10 Jun 2007, at 12:19, Davide Libenzi wrote:

> On Sun, 3 Jun 2007, Ivo Smits wrote:
> 
> > Davide,
> > 
> > I've been experimenting with IPv6 (using 6to4),
> > some addresses are not reachable over 6to4,
> > at least telnet and firefox retry over IPv4 after a (too big) delay.
> > I think XMail should do this too, and also needs an option to completely 
> > disable (sending over) IPv6 to prevent delays on systems that don't have 
> > IPv6.
> 
> I made pre15 with some new -M* options. You can select if to use only 
> IPV4, only IPV6, IPV4 if present or IPV6, IPV6 if present or IPV4.
> It defaults to the former at the moment.

NetBSD 3.1
With xmail-1.25-pre15 email was delivered ok to lordynet.me.uk
(with pre14 it failed, likely due to mx having ip6 address).

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: Testing your xmail server for SMTP SSL functionality.

[David Lord]

On 5 Jun 2007, at 22:48, Rob Arends wrote:

> I came across this little command, thought someone might find it useful
> testing SSL on xmail:
>  
>   openssl s_client -showcerts -starttls smtp -connect
> x35.xmailserver.org:25
>  
> It uses openssl to 'telnet' to your smtp server and display a hole heap of
> info about the SSL info it finds.
>  
> you will need to QUIT at the end, or you can EHLO, etc.

If you need to actually send the email you need -quiet otherwise 
after RCPT TO: <> the 'R' is taken as 'R'enegotiate.

Anyway thanks as it got me on the way to having both STARTTLS and 
smtps working at least locally. I'm waiting for my friend on AOL to 
try it as port 25 is either blocked or proxied, I didn't proceed 
further than 'telnet mail.lordynet.org 25' from her system as 
although there appeared to be a connection established it wasn't to 
xmail. Attempt to send from Evolution on Ubuntu to my server failed 
on port 25 so I setup to use SSL which I guessed was smtps on port 
465 and confirmed when I got back here.

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Problem with glst and mail from hotmail

[David Lord]

I'm finding that currently hotmail appears to make just one attempt 
to deliver and then gives up. Of course it's my mailserver that's 
broken as hotmail is a large organisation and I'm just a hobbyist.

What I'd like to be able to do is check for, and if not already 
present, prime glst.dbm with the hotmail triple for that contact.

I could possibly get away with whitelisting the hotmail servers but 
I'd rather not on principle.

This might be a good intro for me to get back into doing some 
programming but I'm asking in case someone has already done it.

I've emailed the sender to resend twice with at least an hour between 
attempts. I already had an mnet line for hotmail in glst.conf.


David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: 1.25-pre14

[David Lord]

On 31 May 2007, at 12:32, Davide Libenzi wrote:

> On Thu, 31 May 2007, David Lord wrote:
> 
> > I used same commandline as for pre11. From your original post I 
> > understood that the IPV6 options were only needed if there was an 
> > active IPV6 connection which I no longer have working.
> > 
> > "-Md -Mr 168 -Pl -Pw 12 -Sl -Ql -Qg -Qt 907 -Qi 1 -Qr 9
> >  -Yl -Fl -Cl -Ll -Yi 1380 -Lt 19"
> > 
> > It could be the 1 hr outage yesterday has caused some problem with 
> > mail delivery to lordynet.me.uk but I've not seen reports of this. 
> > DNS-stuff indicates higher priority MX is giving 550 response to a 
> > valid user. That looks like it may be a different problem though. 
> > I'll ask on isp's irc channel.
> 
> My pre14 is running w/out problems at xmailserver.org. I disabled IPV6 
> options because GLST is not working ATM. But it ran fine with GLST 
> disabled for a while (modulo some SPAM messages getting through :)
> Another thing to keep in mind, is that, if your parse IP addresses emitted 
> by XMail (with IPV6 options enabled), IPs are in IPV6 format. Connections 
> coming though a mapped IPV4 network will have the format:
> 
> :::XXX.YYY.WWW.ZZZ

Yes but I don't have any form of IPV6 connectivity, native or via a 
tunnel or otherwise. That doesn't stop host lookups from returning 
ipv6 addresses to queries which does cause me some problems where 
applications don't have a -4 option.

With pre11 I don't see any problem. With pre14 I only seem to have a 
problem with delivery to my lordynet.me.uk domain which always gives 
the ErrCode = -3 Network kernel error. On switching back to pre11 all 
the still queued failed emails go out ok.

freezone.co.uk mail is handled by 10 mx1.freezone.co.uk.
freezone.co.uk mail is handled by 10 mx2.freezone.co.uk.
mx1.freezone.co.uk has address 62.189.246.13
mx1.freezone.co.uk has address 62.189.246.18
mx1.freezone.co.uk has address 62.189.246.28
mx2.freezone.co.uk has address 62.189.246.14
mx2.freezone.co.uk has address 62.189.246.15
mx2.freezone.co.uk has address 62.189.246.16

lordynet.me.uk mail is handled by 30 tertiary-mx.co.uk.
lordynet.me.uk mail is handled by 20 C.secondary-mx.co.uk.
C.secondary-mx.co.uk has address 81.187.81.13
C.secondary-mx.co.uk has IPv6 address 2001:8b0:0:81::51bb:510d
tertiary-mx.co.uk has address 81.187.30.42
tertiary-mx.co.uk has IPv6 address 2001:8b0:0:30::51bb:1e2a

When I get a lot of extra time I'll reconfigure firewall so I can use 
the spare to send emails and Pegasus to use the spare as smarthost. 


-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: 1.25-pre14

[David Lord]

On 31 May 2007, at 9:55, Davide Libenzi wrote:

> On Thu, 31 May 2007, David Lord wrote:
> 
> > On 30 May 2007, at 19:04, Davide Libenzi wrote:
> > 
> > > On Wed, 30 May 2007, Davide Libenzi wrote:
> > > 
> > > > Here's -pre14 with the fixes for the problems found by David Lord:
> > > > 
> > > > http://www.xmailserver.org/xmail-1.25-pre14.tar.gz
> > > > http://www.xmailserver.org/xmail-1.25-pre14.win32bin.zip
> > 
> > Compiled and installed ok on NetBSD 3.1. From initial testing it 
> > appears to have fixed the problem I had. Unfortunately although xmail 
> > had accepted the outgoing emails I now see I have emails to 
> > postmaster that there was a 'Network kernel error' in delivering both 
> > the test emails, first was from a telnet session (so incomplete set 
> > of headers but they've got through before), then another from 
> > Pegasus. Third test email to a different isp got through ok. I can 
> > see two email in spool/*/*/rsnd and slog are still being retried and 
> > both look to me as they should be accepted by the remote server. Just 
> > sent another one to each account with same result, lordynet.me.uk 
> > gets failed, 'ErrCode = -3', 'Network kernel error' whilst one to 
> > freezone.co.uk goes out ok.
> 
> Are you using the new IPV6 options? Are you explicitly binding to an IPV6 
> address? Or you just left the same command line options of pre11?

I used same commandline as for pre11. From your original post I 
understood that the IPV6 options were only needed if there was an 
active IPV6 connection which I no longer have working.

"-Md -Mr 168 -Pl -Pw 12 -Sl -Ql -Qg -Qt 907 -Qi 1 -Qr 9
 -Yl -Fl -Cl -Ll -Yi 1380 -Lt 19"

It could be the 1 hr outage yesterday has caused some problem with 
mail delivery to lordynet.me.uk but I've not seen reports of this. 
DNS-stuff indicates higher priority MX is giving 550 response to a 
valid user. That looks like it may be a different problem though. 
I'll ask on isp's irc channel.

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: 1.25-pre14

[David Lord]

On 30 May 2007, at 19:04, Davide Libenzi wrote:

> On Wed, 30 May 2007, Davide Libenzi wrote:
> 
> > Here's -pre14 with the fixes for the problems found by David Lord:
> > 
> > http://www.xmailserver.org/xmail-1.25-pre14.tar.gz
> > http://www.xmailserver.org/xmail-1.25-pre14.win32bin.zip

Compiled and installed ok on NetBSD 3.1. From initial testing it 
appears to have fixed the problem I had. Unfortunately although xmail 
had accepted the outgoing emails I now see I have emails to 
postmaster that there was a 'Network kernel error' in delivering both 
the test emails, first was from a telnet session (so incomplete set 
of headers but they've got through before), then another from 
Pegasus. Third test email to a different isp got through ok. I can 
see two email in spool/*/*/rsnd and slog are still being retried and 
both look to me as they should be accepted by the remote server. Just 
sent another one to each account with same result, lordynet.me.uk 
gets failed, 'ErrCode = -3', 'Network kernel error' whilst one to 
freezone.co.uk goes out ok.

Just gone back to 1.25-pre11 and email to lordynet.me.uk is delivered 
ok.


David

> If you enable IPV6 (with -*6, or you bind to an IPV6 address with -*I), 
> GLST does not work ATM, since it does not understand IPV6 addresses.
> Will be fixed ASAP.

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: 1.25-pre12

[David Lord]

On 30 May 2007, at 16:12, Davide Libenzi wrote:

 
> Can you try to build the program below, and then run?
> 
> $ ./ipaddr 192.168.59.0 255.255.255.0
> 
> 
> 
> 
> - Davide
> 
> 
> 
> #include 
> #include 
> #include 
> #include 
> #include 
> #include 
> 
> static const char *afname(int ipfam) {
>   switch (ipfam) {
>   case AF_INET:
>   return "ipv4";
>   case AF_INET6:
>   return "ipv6";
>   }
>   return "";
> }
> 
> static int numip(char const *ipname) {
> int error, ipfam;
> struct addrinfo *cares, *ares;
> struct addrinfo hints;
> 
>   printf("Looking up: %s\n", ipname);
> memset(&hints, 0, sizeof(hints));
> hints.ai_family = AF_UNSPEC;
> if ((error = getaddrinfo(ipname, NULL, &hints, &ares)) != 0) {
>   perror("getaddrinfo");
> return error;
> }
> for (cares = ares; cares != NULL; cares = cares->ai_next) {
>   ipfam =  *(unsigned short *) cares->ai_addr;
>   printf("Found: family='%s' fnbr=%u len=%u\n", afname(ipfam),
>  ipfam, cares->ai_addrlen);
> }
> freeaddrinfo(ares);
> 
> return 0;
> }
> 
> int main(int ac, char **av) {
>   int i;
> 
>   for (i = 1; i < ac; i++)
>   numip(av[i]);
> 
>   return 0;
> }

First after making a few of changes to server.tab on the spare system 
it gave relay denied at 'RCPT TO:' same as other system had done. 
Other than 'cosmetic' changes to get configs closer, eg. Maxerrors 
increased from "2" to "3", only ones I think made the difference are:
"SmtpNoSSLAuths" "1"
"EnableCTRL-TLS" "0"
"EnableSMTP-TLS" "0"
"EnablePOP3-TLS" "0"

Only guessing how to proceed with above code but looks as if 
something bad happened.

$ c++ -v -o ipaddr2 ipaddr.cpp
Using built-in specs.
Configured with: 
/home/nick/work/netbsd/src/tools/gcc/../../gnu/dist/gcc/configure 
--enable-long-long --disable-multilib --enable-threads --disable-symvers 
--build=i386-unknown-netbsdelf2.0. --host=i386--netbsdelf 
--target=i386--netbsdelf
Thread model: posix
gcc version 3.3.3 (NetBSD nb3 20040520)
 /usr/bin/../libexec/cc1plus -quiet -v -iprefix /usr/bin/../libexec/ 
-D__GNUC__=3 -D__GNUC_MINOR__=3 -D__GNUC_PATCHLEVEL__=3 ipaddr.cpp -D__GNUG__=3 
-quiet -dumpbase ipaddr.cpp -auxbase ipaddr -version -o /var/tmp//ccfdFz79.s
GNU C++ version 3.3.3 (NetBSD nb3 20040520) (i386--netbsdelf)
compiled by GNU C version 3.3.3 (NetBSD nb3 20040520).
GGC heuristics: --param ggc-min-expand=38 --param ggc-min-heapsize=16384
ignoring nonexistent directory "/usr/libexec/include/g++"
ignoring nonexistent directory "/usr/libexec/include/g++/backward"
ignoring nonexistent directory "/usr/libexec/include"
#include "..." search starts here:
#include <...> search starts here:
 /usr/include/g++
 /usr/include/g++/backward
 /usr/include
End of search list.
 as -o /var/tmp//cctFamJf.o /var/tmp//ccfdFz79.s
 ld -dc -dp -e __start -dynamic-linker /usr/libexec/ld.elf_so -o ipaddr2 
/usr/lib/crt0.o /usr/lib/crti.o /usr/lib/crtbegin.o -L/usr/bin/../libexec 
/var/tmp//cctFamJf.o -lstdc++ -lm -lgcc_s -lgcc -lc -lgcc_s -lgcc 
/usr/lib/crtend.o /usr/lib/crtn.o


$ ./ipaddr2 192.168.59.0 255.255.255.0
Looking up: 192.168.59.0
Found: family='' fnbr=528 len=16
Found: family='' fnbr=528 len=16
Looking up: 255.255.255.0
Found: family='' fnbr=528 len=16
Found: family='' fnbr=528 len=16


David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: 1.25-pre12

[David Lord]

On 30 May 2007, at 22:24, xmail@xmailserver.org wrote:

> On 30 May 2007, at 14:13, Davide Libenzi wrote:
 
...

> > Try to run in debug mode (-Md) from a console, not from a daemonize 
> > script. Then show me what's the output when you connect to the SMTP port.
> 
> OK but first I need to get as near as possible same config on spare 
> server as on the public facing server and hope spare server then 
> blocks local connections with ERELAY. If that doesn't happen I'll 
> have to rely on secondary MX whilst I do the testing on main server. 
> I don't want to risk rejecting wanted emails with relay denied.

Probably tomorrow evening when I get round to further testing.

Here are slightly munged log entries that may help:

1.25-pre11
"mail.lordynet.org" "mail.lordynet.org" "192.168.59.214"
"2007-05-30 12:13:32"   "dosbox.local.domain"   
"remote.domain" "[EMAIL PROTECTED]"   "[EMAIL PROTECTED]"
"S73DF" "RCPT=OK"   ""  "0" ""

1.25-pre12
"mail.lordynet.org" "mail.lordynet.org" "192.168.59.214"
"2007-05-30 12:29:03"   "dosbox.local.domain"
""  "[EMAIL PROTECTED]"   "[EMAIL PROTECTED]"
"S73E3" "RCPT=ERELAY"   ""  "0" "dosbox.local.domain"

1.25-pre11
"mail.lordynet.org" "mail.lordynet.org" "192.168.59.214"
"2007-05-30 13:33:42"   "dosbox.local.domain"
"remote.domain" "[EMAIL PROTECTED]"   "[EMAIL PROTECTED]" 
"S73E6" "RCPT=OK"   ""  "0" ""


David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: 1.25-pre12

[David Lord]

On 30 May 2007, at 14:13, Davide Libenzi wrote:

> On Wed, 30 May 2007, David Lord wrote:
> 
> > On 30 May 2007, at 18:57, David Lord wrote:
> > 
> > > On 30 May 2007, at 11:20, Davide Libenzi wrote:
> > 
> > ..
> > 
> > > > Can you show me the content of smtprelay.tab?
> > > 
> > > Same as from late January when public ips changed.
> > >  
> > > $ cat /var/MailRoot/smtprelay.tab
> > > "127.0.0.1""255.255.255.255"
> > > "192.168.59.0""255.255.255.0"
> > > "81.187.247.86""255.255.255.255"
> > > "81.187.61.64""255.255.255.240"
> > > $
> > 
> > I just updated spare server from 1.22 to 1.25-pre12. I've not made 
> > the more recent changes/additions to server.tab re SSL/TLS as per 
> > running mailserver on 1.25-pre11 and a quick test with telnet shows 
> > it accepting mail ok.
> > 
> > I'll do some more checking.
> 
> Try to run in debug mode (-Md) from a console, not from a daemonize 
> script. Then show me what's the output when you connect to the SMTP port.

OK but first I need to get as near as possible same config on spare 
server as on the public facing server and hope spare server then 
blocks local connections with ERELAY. If that doesn't happen I'll 
have to rely on secondary MX whilst I do the testing on main server. 
I don't want to risk rejecting wanted emails with relay denied.

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: 1.25-pre12

[David Lord]

On 30 May 2007, at 18:57, David Lord wrote:

> On 30 May 2007, at 11:20, Davide Libenzi wrote:

..

> > Can you show me the content of smtprelay.tab?
> 
> Same as from late January when public ips changed.
>  
> $ cat /var/MailRoot/smtprelay.tab
> "127.0.0.1""255.255.255.255"
> "192.168.59.0""255.255.255.0"
> "81.187.247.86""255.255.255.255"
> "81.187.61.64""255.255.255.240"
> $

I just updated spare server from 1.22 to 1.25-pre12. I've not made 
the more recent changes/additions to server.tab re SSL/TLS as per 
running mailserver on 1.25-pre11 and a quick test with telnet shows 
it accepting mail ok.

I'll do some more checking.

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: 1.25-pre12

[David Lord]

On 30 May 2007, at 11:20, Davide Libenzi wrote:

> On Wed, 30 May 2007, David Lord wrote:
> 
> > On 30 May 2007, at 11:25, David Lord wrote:
> > 
> > > On 29 May 2007, at 18:57, Davide Libenzi wrote:
> > > 
> > > > 
> > > > Here's the *preliminary* release of XMail supporting IPV6:
> > > > 
> > > > http://www.xmailserver.org/xmail-1.25-pre12.tar.gz
> > > > http://www.xmailserver.org/xmail-1.25-pre12.win32bin.zip
> > > > 
> > > > Both IPV4 and IPV6 formats are supposed to be working. The usual IPV4 
> > > > IPV4:PORT syntax has to become [IPV6]:PORT in case of IPV6.
> > > > New options -*6 enable listening on IPV6 addresses.
> > > 
> > > 
> > > On NetBSD 3.1 
> > > Compiled and installed ok but I've backed out to pre11 after first 
> > > outgoing email via xmail as local smarthost gave ERELAY response. 
> > > I've since attempted to resend and it hit expected greylisting with 
> > > temporary error. No time to send test mails as I'm off out now so 
> > > will try again with pre12 this evening.
> > 
> > Had to change plans for this afternoon and now another waste of time 
> > as I find my ISP is currently under DOS attack so connectivity is 
> > poor to nonexistant.
> > 
> > Anyway back on pre11 can confirm xmail again accepts emails from 
> > hosts on lan and has eventually delivered them ok.
> > 
> > Tried again with pre12 this time to one of my remote test accounts so 
> > no greylist problem, and again outgoing email is blocked by ERELAY.
> > 
> > Back on pre11 confirmed again that outgoing email is delivered ok.
> > 
> > I lost my ip6 tunnel after I had a change of ip block in January and 
> > managed to wipe my original settings so no longer have ip6 working.
> > DNS still returns the ip6 address as well as ip4 and in can cause 
> > minor problems with delay before ip4 address gets used.
> 
> Can you show me the content of smtprelay.tab?

Same as from late January when public ips changed.
 
$ cat /var/MailRoot/smtprelay.tab
"127.0.0.1""255.255.255.255"
"192.168.59.0""255.255.255.0"
"81.187.247.86""255.255.255.255"
"81.187.61.64""255.255.255.240"
$

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: 1.25-pre12

[David Lord]

On 30 May 2007, at 11:25, David Lord wrote:

> On 29 May 2007, at 18:57, Davide Libenzi wrote:
> 
> > 
> > Here's the *preliminary* release of XMail supporting IPV6:
> > 
> > http://www.xmailserver.org/xmail-1.25-pre12.tar.gz
> > http://www.xmailserver.org/xmail-1.25-pre12.win32bin.zip
> > 
> > Both IPV4 and IPV6 formats are supposed to be working. The usual IPV4 
> > IPV4:PORT syntax has to become [IPV6]:PORT in case of IPV6.
> > New options -*6 enable listening on IPV6 addresses.
> 
> 
> On NetBSD 3.1 
> Compiled and installed ok but I've backed out to pre11 after first 
> outgoing email via xmail as local smarthost gave ERELAY response. 
> I've since attempted to resend and it hit expected greylisting with 
> temporary error. No time to send test mails as I'm off out now so 
> will try again with pre12 this evening.

Had to change plans for this afternoon and now another waste of time 
as I find my ISP is currently under DOS attack so connectivity is 
poor to nonexistant.

Anyway back on pre11 can confirm xmail again accepts emails from 
hosts on lan and has eventually delivered them ok.

Tried again with pre12 this time to one of my remote test accounts so 
no greylist problem, and again outgoing email is blocked by ERELAY.

Back on pre11 confirmed again that outgoing email is delivered ok.

I lost my ip6 tunnel after I had a change of ip block in January and 
managed to wipe my original settings so no longer have ip6 working.
DNS still returns the ip6 address as well as ip4 and in can cause 
minor problems with delay before ip4 address gets used.

David


-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: 1.25-pre12

[David Lord]

On 29 May 2007, at 18:57, Davide Libenzi wrote:

> 
> Here's the *preliminary* release of XMail supporting IPV6:
> 
> http://www.xmailserver.org/xmail-1.25-pre12.tar.gz
> http://www.xmailserver.org/xmail-1.25-pre12.win32bin.zip
> 
> Both IPV4 and IPV6 formats are supposed to be working. The usual IPV4 
> IPV4:PORT syntax has to become [IPV6]:PORT in case of IPV6.
> New options -*6 enable listening on IPV6 addresses.


On NetBSD 3.1 
Compiled and installed ok but I've backed out to pre11 after first 
outgoing email via xmail as local smarthost gave ERELAY response. 
I've since attempted to resend and it hit expected greylisting with 
temporary error. No time to send test mails as I'm off out now so 
will try again with pre12 this evening.

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: News DNS problem with 1.25pre09 not in 1.24

[David Lord]

On 1 May 2007, at 7:07, Ana Paula Fernandes wrote:

> Hi,
> 
> I have testing 1.25-pre09 for some days in the normal production server.
> I have found one case when XMail resolve DNS with incorrect MX server.
> 
> Domain: ps5.com.br
> XMail is trying delivery to server gordo.ps5.com.br or
> sputinik.ps5.com.br (this is a NS for domain)
> The correct MX server is spirit.ps5.com.br (none try for this server).
> The XMail not create the DNS cache file for this domain.
> I send mail to [EMAIL PROTECTED] with a webmail gmail.com account
> and i receive a normal error with "User unknown in local recipient
> table"
> 
> I have deleted the "dnscache" folder to confirm this.
> Somebody can send test to [EMAIL PROTECTED] and report result?
> 
> [PeekTime] 1177381349 : Mon, 23 Apr 2007 23:22:29 -0300
> <<
> ErrCode   = -40
> ErrString = Invalid server address
> ErrInfo   = gordo.ps5.com.br.
> SMAIL SMTP-Send EDNS = "ps5.com.br" SMTP = "hm.mydomain.com" From =
> "[EMAIL PROTECTED]" To = "[EMAIL PROTECTED]" Failed !
> SMTP-Error = "Invalid server address"
> SMTP-Server = "ps5.com.br"
> >> >>
> [PeekTime] 1177383509 : Mon, 23 Apr 2007 23:58:29 -0300
> <<
> ErrCode   = -40
> ErrString = Invalid server address
> ErrInfo   = sputinik.ps5.com.br.
> SMAIL SMTP-Send EDNS = "ps5.com.br" SMTP = "hm.mydomain.com.br" From =
> "[EMAIL PROTECTED]" To = "[EMAIL PROTECTED]" Failed !
> SMTP-Error = "Invalid server address"
> SMTP-Server = "ps5.com.br"
> >>
> 
> I running under W2K SP4.

Sorry I can't see that on NetBSD.

ID:
Mail From: <[EMAIL PROTECTED]>
Rcpt To:   <[EMAIL PROTECTED]>
Server: [spirit.ps5.com.br.]

[<02>] The reason of the delivery failure was:

550 <[EMAIL PROTECTED]>: User unknown in local recipient table


David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: Dynamic DNS

[David Lord]

On 30 Apr 2007, at 8:33, Edmonds, J.B. wrote:

> The smptgw.tab is just what I am looking for (granularity).  I don't
> know how to tell whether to use "Login", "CRAM-MD5" or "Plain" for the
> relay server.  In debug mode it doesn't show the actual interchange
> between the servers (or I don't know how to see it, this would actually
> be useful to log all of it).  I also cant tell if its actually working?
> It doesn't appear to be since the response back is exactly the same once
> I configured the tab file and userauth\smtp file.
> 
> It is unclear as to when to use smtpgw.tab or smtpfwd.tab to route
> outging through an ISP's server.  I don't need to route everything, just
> some domains that block me directly.=20
> 
> It would be nice if in the docs that there was a lead paragraph for each
> tab file that gave its purpose and normal usage.  Some are self
> explanatory and some are puzzling for a guy like me who only delves into
> this when I have a problem.  I would actually tackle it myself but just
> don't have the in-depth knowledge.
> 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> On Behalf Of Rob Arends
> Sent: Friday, April 27, 2007 10:36 AM
> To: xmail@xmailserver.org
> Subject: [xmail] Re: Dynamic DNS
> 
> See here:
> 
> http://www.xmailserver.org/Readme.html#smtp_client_authentication=20
> 
> Either set up server.tab "defaultsmtpgateway"[tab]"mail.isp.com"
> Or add to smtpgw.tab "*"[tab]"mail.isp.com"
> 
> Then in $mailroot/userauth/smtp create file "mail.isp.com.tab"
> In it add "LOGIN"[tab]"username"[tab]"password"
> 
> Now, I've never tried this, but the doco is clear.
> Note: that LOGIN may be substituted as per the doco.
> 
> I expect that if you use an IP Address for the gateway, then the
> userauth/smtp file would be 1.2.3.4.tab (just guessing).
> 
> Note that the smtpgw.tab file method gives greater granularity in case
> you want to send mail for some domains to another relay.
> 
> Rob :-)
> =20
> _
> Note To Self: Remember to put something witty here later...
> =20
> 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> On Behalf Of Edmonds, J.B.
> Sent: Saturday, April 28, 2007 12:06 AM
> To: xmail@xmailserver.org
> Subject: [xmail] Re: Dynamic DNS
> 
> Thanks, it appears I can relay but must logon, presenting a different
> setup up problem.  How to do this in xmail?=3D20
> 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> On Behalf Of Rob Arends
> Sent: Friday, April 27, 2007 10:01 AM
> To: xmail@xmailserver.org
> Subject: [xmail] Re: Dynamic DNS
> 
> First thing to find out is if your ISP will allow you to relay for free.
> Second thing is, if you use SPF records, then include your ISP outgoing
> IP
> address(es) in your SPF record.
> 
> Then if at least #1, then relay via ISP.
> Those MTAs that deny mail from dynamic IPs, must not deny from the MTAs
> of that ISP.
> 
> Rob :-)
> =3D20
> _
> Note To Self: Remember to put something witty here later...
> =3D20
> 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> On Behalf Of Edmonds, J.B.
> Sent: Friday, April 27, 2007 9:52 PM
> To: xmail@xmailserver.org
> Subject: [xmail] Re: Dynamic DNS
> 
> That's exactly my concern.  I could be paying 3 cents per recipient to
> have the mail relayed, just to have it blocked anyway since the
> recipient's server does not allow relayed traffic from any =
> source.=3D3D20
> 
> I am looking for a better solution.

I still use dos/ka9q/pmail with smarthost set to xmail, however one 
of the options in ka9q config is to first try delivery to MX and 
fallback to smarthost on failure. Back when I was on dialup this 
solved problem getting mail through to AOL at various times and 
otherwise minimised dialup charges.

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: 1.25-pre03 ...

[David Lord]

On 9 Apr 2007, at 17:13, Davide Libenzi wrote:

> On Mon, 9 Apr 2007, David Lord wrote:
> 
> > > Could you give a spin to pre04?
> > 
> > No errors and now installed.
> > 
> > Abuse.net relaytest checked ok.
> 
> Thanks for testing!


Your welcome

Oh and no longer get the ENODNS when connecting to my server as 
[EMAIL PROTECTED] and CheckMailerDomain=1, although I don't 
normally have that setting enabled.

Cheers

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: 1.25-pre03 ...

[David Lord]

On 9 Apr 2007, at 16:09, Davide Libenzi wrote:

> On Mon, 9 Apr 2007, David Lord wrote:
> 
> > On 9 Apr 2007, at 9:15, Davide Libenzi wrote:
> > 
> > > On Mon, 9 Apr 2007, David Lord wrote:
> > > 
> > > > On 9 Apr 2007, at 1:04, Davide Libenzi wrote:
> > > > 
> > > > > 
> > > > > Here it is:
> > > > > 
> > > > > http://www.xmailserver.org/xmail-1.25-pre03.tar.gz
> > > > 
> > > > First failure to build one in a long time.
> > > > NetBSD 3.1.0_PATCH
> > > > 
> > > > SysDepUnix.cpp: In function 'int SysStackAlloc(ThreadStack**, 
> > > > int)';
> > > > SysDepUnix.cpp:1121: error: 'PTHREAD_STACK_MIN' undeclared 
> > > > (first  
> > > > use this function)
> > > > SysDepUnix.cpp:1129: error: 'MAP_ANONYMOUS' undeclared
> > > 
> > > MAP_ANONYMOUS seems not supported on NetBSD. Use MAP_ANON that is the 
> > > same.
> > 
> > With change to MAP_ANON that error went away.
> > 
> > > Can you try to find+grep PTHREAD_STACK_MIN inside /usr/include?
> > > Let me know ...
> > 
> > 64 lines with PTHREAD none with PTHREAD_STACK
> 
> Could you give a spin to pre04?

No errors and now installed.

Abuse.net relaytest checked ok.

cheers

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: 1.25-pre03 ...

[David Lord]

On 9 Apr 2007, at 9:15, Davide Libenzi wrote:

> On Mon, 9 Apr 2007, David Lord wrote:
> 
> > On 9 Apr 2007, at 1:04, Davide Libenzi wrote:
> > 
> > > 
> > > Here it is:
> > > 
> > > http://www.xmailserver.org/xmail-1.25-pre03.tar.gz
> > 
> > First failure to build one in a long time.
> > NetBSD 3.1.0_PATCH
> > 
> > SysDepUnix.cpp: In function 'int SysStackAlloc(ThreadStack**, int)';
> > SysDepUnix.cpp:1121: error: 'PTHREAD_STACK_MIN' undeclared (first  
> > use this function)
> > SysDepUnix.cpp:1129: error: 'MAP_ANONYMOUS' undeclared
> 
> MAP_ANONYMOUS seems not supported on NetBSD. Use MAP_ANON that is the 
> same.

With change to MAP_ANON that error went away.

> Can you try to find+grep PTHREAD_STACK_MIN inside /usr/include?
> Let me know ...

64 lines with PTHREAD none with PTHREAD_STACK

cheers

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: 1.25-pre03 ...

[David Lord]

On 9 Apr 2007, at 1:04, Davide Libenzi wrote:

> 
> Here it is:
> 
> http://www.xmailserver.org/xmail-1.25-pre03.tar.gz

First failure to build one in a long time.
NetBSD 3.1.0_PATCH

SysDepUnix.cpp: In function 'int SysStackAlloc(ThreadStack**, int)';
SysDepUnix.cpp:1121: error: 'PTHREAD_STACK_MIN' undeclared (first  
use this function)
SysDepUnix.cpp:1129: error: 'MAP_ANONYMOUS' undeclared

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: Another dns query - xmailserver.org.blackhole.securitysage.com

[David Lord]

On 8 Apr 2007, at 23:09, David Lord wrote:

> I've just noticed named is throwing up an error each time a 
> connection is made from xmailserver.org.
> 
> unexpected RCODE (SERVFAIL) resolving 
> 'xmailserver.org.blackhole.securitysage.com/A/IN'
> 
> Looking back through logs I see this started on April 4.
> 
> Any ideas what this is due to?
> 
> I'll try to work out what changes I made recently but guess it's from 
> my isps nameserver as start of problem coincides with problem there.
> 
> I've restarted xmail just in case.

A google indicated it was from a blocking list that's now offline. I 
use spamassassin and that is one of the lists it was configured to 
use.

Sorry for the noise.

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Another dns query - xmailserver.org.blackhole.securitysage.com

[David Lord]

I've just noticed named is throwing up an error each time a 
connection is made from xmailserver.org.

unexpected RCODE (SERVFAIL) resolving 
'xmailserver.org.blackhole.securitysage.com/A/IN'

Looking back through logs I see this started on April 4.

Any ideas what this is due to?

I'll try to work out what changes I made recently but guess it's from 
my isps nameserver as start of problem coincides with problem there.

I've restarted xmail just in case.

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: ENODNS Error

[David Lord]

On 7 Apr 2007, at 20:08, Don Drake wrote:

> I don't get it.  
> 
> I just upgraded to 1.24 (more emails on that later), and I'm still getting
> ENODNS from @returns.bulk.yahoo.com.  I just commented out my SmartDNSHost
> setting and cleared dnscache and it's still occurring.  Now that I'm
> grasping for straws, the from email is quite large (it's 99 characters),
> would that matter?
> 
> Just be clear, CheckMailerDomain checks that the 'MAIL FROM:<>' domain
> exists (MX or A record) and not the IP/name of the sender?
> 
> -Don
> 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of Davide Libenzi
> Sent: Saturday, April 07, 2007 1:39 PM
> To: xmail@xmailserver.org
> Subject: [xmail] Re: ENODNS Error
> 
> On Sat, 7 Apr 2007, Don Drake wrote:
> 
> > Sure do:
> > 
> > "SmartDNSHost"  "10.1.0.15:tcp,216.86.146.9:udp"
> 
> Then you have to see MX queries, unless they're cached. The *only* way you 
> get into the ENODNS error, if after XMail tried MX queries before and A 
> record after.

I normally have CheckMailerDomain disabled and just tried with MAIL 
FROM: <[EMAIL PROTECTED]> and it was accepted. Then enabled 
CheckMailerDomain and same MAIL FROM: is rejected with "505 Your 
domain has not DNS/MX entries"

This is 1.25-pre02.

'host returns.bulk.yahoo.com' gives list of six mx hosts, 
c1.bullet.mud.yahoo.com etc, and for each of those I see what appears 
to be an A record.

Now I try "MAIL FROM: <[EMAIL PROTECTED]>
250 OK

Now I try "MAIL FROM: <[EMAIL PROTECTED]>
250 OK

Now I disable CheckMailerDomain again.

So there is something odd about returns.bulk.yahoo.com. That's about 
my limit to working out dns issues.


-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: Is GLST still being developed?

[David Lord]

On 30 Mar 2007, at 7:40, Dale Qualls wrote:

> Davide:
> 
> Freshmeat.net shows no activity for 19 months, is it a mature product 
> that needs no development (based on the functionality)? 
> 
> Anyone using it?  I'm seriously considering it (or maia, something to GL).

I suspect a lot are. Now spamassassin has almost no work to do. From 
a few hundred per day with SA diverting around 80% I now just see a 
few spam per week, less than one per day.

I'm just dreading when spammers find a way around it. I'm also 
getting lots of first time 'temporary failure, try again' rsponses 
when sending emails that would indicate that it is being widely used.

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: Problem sending local mail on private network

[David Lord]

On 15 Mar 2007, at 18:00, Davide Libenzi wrote:

> On Fri, 16 Mar 2007, David Lord wrote:
> 
> > 
> > I'm sure this used to work. 
> > 
> > Sending mail from eg [EMAIL PROTECTED] to [EMAIL PROTECTED] doesn't 
> > work and gives an error in slog:
> > <<
> >   ErrCode   = -215
> >   ErrString = DNS name not exist
> >   Recipient domain "fileserver.home" does not exist
> > >>
> > 
> >   -bash [EMAIL PROTECTED] $ host fileserver
> >   fileserver.home has address 192.168.59.22
> > 
> > Using telnet to send to fileserver works ok.
> > 
> > If I put an entry for fileserver.home in smtpfwd.tab the mail is 
> > delivered ok. This has the problem that some hosts get dynamic ips.
> > 
> > Is there another setting that I've missed or is it designed to work 
> > this way?
> > 
> > XMail 1.25pre02 on mail and 1.22 on fileserver.
> 
> The fileserver.home is not a public server, and likely does not have an MX 
> record, so the only way is smtpfwd.tab.
> You could setup an MX record in your DNS *and* set SmartDNSHost to your 
> DNS server.
> But the first option is the simpler.

Thanks, 

There are no MX as unless someone can tell me different, this would 
require a separate zone file per host and would be a problem with the 
dynamic ips.

This is a change from 1.22 as sending from that to a non mx host 
works ok. I don't have any mail being sent between hosts that would 
break by the change and was just making some quick tests so for my 
purposes using smtpfwd.tab is acceptable.

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: Problem sending local mail on private network

[David Lord]

On 16 Mar 2007, at 0:16, David Lord wrote:

I never thought to try sending from fileserver.home to mail.home and
find that works ok, so something different between my 1.22 and 1.25 
setups.

> 
> I'm sure this used to work. 
> 
> Sending mail from eg [EMAIL PROTECTED] to [EMAIL PROTECTED] doesn't 
> work and gives an error in slog:
> <<
>   ErrCode   = -215
>   ErrString = DNS name not exist
>   Recipient domain "fileserver.home" does not exist
> >>
> 
>   -bash [EMAIL PROTECTED] $ host fileserver
>   fileserver.home has address 192.168.59.22
> 
> Using telnet to send to fileserver works ok.
> 
> If I put an entry for fileserver.home in smtpfwd.tab the mail is 
> delivered ok. This has the problem that some hosts get dynamic ips.
> 
> Is there another setting that I've missed or is it designed to work 
> this way?
> 
> XMail 1.25pre02 on mail and 1.22 on fileserver.
 
 
David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Problem sending local mail on private network

[David Lord]

I'm sure this used to work. 

Sending mail from eg [EMAIL PROTECTED] to [EMAIL PROTECTED] doesn't 
work and gives an error in slog:
<<
  ErrCode   = -215
  ErrString = DNS name not exist
  Recipient domain "fileserver.home" does not exist
>>

  -bash [EMAIL PROTECTED] $ host fileserver
  fileserver.home has address 192.168.59.22

Using telnet to send to fileserver works ok.

If I put an entry for fileserver.home in smtpfwd.tab the mail is 
delivered ok. This has the problem that some hosts get dynamic ips.

Is there another setting that I've missed or is it designed to work 
this way?

XMail 1.25pre02 on mail and 1.22 on fileserver.


David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: ClamAV usage with XMail

[David Lord]

On 12 Feb 2007, at 20:28, Brian wrote:

> Any opinions on using ClamAV with XMail?
> How good is ClamAV and is it secure / stable?
 
I installed both fprot and clamav on NetBSD with intention of using 
whichever I managed to get working first which turned out to be 
fprot. I've no reason to suspect clamav is any less useful than fprot 
and it might even be more configurable. 

I suspect glst prevents the server seeing many viruses and so far 
fprot hasn't let any through to my users (me).

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: wlex doubt

[David Lord]

On 25 Jan 2007, at 16:29, Davide Libenzi wrote:

> On Thu, 25 Jan 2007, David Lord wrote:
> > On 23 Jan 2007, at 7:54, Filip Supera wrote:
> > 
> > > 
> > > Davide Libenzi a écrit :
> > > 
> > > > 
> > > > Hmmm, that shouldn't happen. Did anyone else have problems with "wlex"?
> > > 
> > > Does anyone else use "wlex" with success ?
> > 
> > I thought I was but turns out not until tonight had a 451 temporary 
> > failure then added wlex and within timeo the following attempt was 
> > accepted as was another email to a different account that would have 
> > otherwise had the 451.
> 
> Can you explain in simpler words? :)  Did it work or not?

Yes it works.

I'd not noticed any problems previously without 'wlex' either even 
though outgoing via xmail as smarthost was being filtered with first 
attempts to any recipient delayed by glist. I'm not sure if any added 
security was outweighed by inconvenience of the delay.

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: wlex doubt

[David Lord]

On 23 Jan 2007, at 7:54, Filip Supera wrote:

> 
> Davide Libenzi a écrit :
> 
> > 
> > Hmmm, that shouldn't happen. Did anyone else have problems with "wlex"?
> 
> Does anyone else use "wlex" with success ?

I thought I was but turns out not until tonight had a 451 temporary 
failure then added wlex and within timeo the following attempt was 
accepted as was another email to a different account that would have 
otherwise had the 451.

xmail-1.24 on NetBSD

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: I'm trying to migrate to V1.24

[David Lord]

On 23 Jan 2007, at 18:05, Hal Dell wrote:
  
> Hello all... I attempted a migration to v1.24 and also tighten down xMail
> SMTP server to reject more SPAM.
> 
> I have set  CheckMailerDomain=1 and SMTP-RDNSCheck=1. I would first like
> somone point me to a web page or other documenation that can provide me a
> little detail about these checks and how the 220 message plays a role in
> these checks.

That worked perfectly when I tried it as it coincided with a friends 
organisation change of ISP during which period their DNS was screwed 
(maybe for a month or more). I had a phone call asking me why I was 
bouncing his emails so set the options to:

  # "CheckMailerDomain" "1"
  "SMTP-RDNSCheck"  "-2"

ie. disabled CheckMailerDomain and apply 2 sec delay to responses 
where RDNS check failed.

I was led to believe lots of spam and virus distribution was by dumb 
scripts that don't wait for a server response so the delay causes the 
session to fail. At least at the time this seemed to make a large 
impact in reduction of unwanted email. I found a delay of 15 sec was 
too much for some impatient mailers whilst 2 sec seemed enough.

Through last year the levels of spam via genuine mailers increased to 
point where spamassassin was catching >> 100 per day and > 20 per day 
going to users so a bit late I tried 'glist' which made another large 
difference so spamassassin still occasionally catches one and users 
get just a few per day. I believe spamassassin needs sufficient bad 
emails to keep it going. So far as I know there are no false 
positives.

David
 

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: gun for hire

[David Lord]

On 15 Jan 2007, at 20:49, Rob Arends wrote:
 
> 4.
> What did you find in your logs?
> Anything abnormal from IPs other than 10.10.10.99?
> Your scripts on the server - are they webforms where email can be sent? (you
> know, "contact us" forms)
> There are known vulnerabilities in some web forms where they are used to
> send spam.
> I'd check if the volume of emails from your scripts is abnormally high.
> 
> The problem you have is not to do with xmail (unless you've made it an open
> relay). 
> The problem will be in your scripts or some other source of emails.
> Your logs will have the answers, analyze them !!
> 
> To check if your xmail is an open relay, use the following test.
> From the xmail server, telnet to: relay-test.mail-abuse.org
> The server there will open a connection to tcp/25 on the ip address that you
> are sending from and issue a dozen or so relay tests.
> The progress is issued back to your telnet session.
> This needs to report a closed relay.

In an earler post Erwin mentioned he'd already checked with abuse.net 
and failed a relay attempt (see below).

When I used abuse.net so it would detect xmail relaying (it wasn't 
actually), it didn't continue past the failed attempt whilst with 
normal xmail setup there have been 17 failed relay attempts when test 
is passed.

I don't think anyone picked up on that message to request further 
details. I was offline for a while and now on dialup for a few weeks.


David

#
Another question (sorry about this but as you might guess I'm not
really a
computer wiz).
I've tested relaying at abuse.net and my xmail server accepted a third
party
mail relay. This cannot be good right?
#

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: 1.23-pre15 status ...

[David Lord]

On 18 Nov 2006, at 16:22, Davide Libenzi wrote:

> 
> 
> How many are running it and did any problem show up? I'd go for 1.23 final 
> if everything is going fine ...

There were no problems using pre14 since Nov 13, and I've just 
compiled and installed pre15 this morning (NetBSD 3.1RC1).
Test mails came through ok.

Cheers

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: 1.23-pre11 ...

[David Lord]

On 7 Nov 2006, at 13:28, Davide Libenzi wrote:

> 
> 
> Ok, I'll let this sit for a while before releasing 1.23 final:
> 
> http://www.xmailserver.org/xmail-1.23-pre11.tar.gz

Thanks Davide

that compiled straight off on NetBSD 3.1RC1 and now installed to 
MailRoot/bin but using existing 1.22 MailRoot. Assuming no disaster 
in next 30 minutes I'll leave it that way until I have time to 
checkout new config files and options. I've just sent a batch of test 
emails through (spam/virus/good) and all nine recv=ok.

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: 1.23-pre10 ...

[David Lord]

On 6 Nov 2006, at 12:05, Davide Libenzi wrote:

> 
> 
> At this point, I really can't think of any reason why we shouldn't have a 
> pre11 too :)

Well I'm happy with 1.22 although last week had internet connection 
problems and for first time a requeue function would have been 
welcome. As it was I just rm'ed the one email that I needed to get 
out straight away from the queue and resend. Problem seemed to be 
that any load on outgoing traffic dropped the adsl connection so 
number in queue just built up. Whatever the problem was seemed to 
have been cleared ok as resend went straight through rather than 
after several hours. Remainder went on their next retry times.

I've not been able to compile for NetBSD 3.1 same as with 3,0 but 
this time it's not just the new statvfs that replaces statfs but 
another error comes up afterwards.

SysDepBSD.cpp: In function 'int SysNextFile(long unsigned int, 
char*)':
SysDepBSD.cpp:2008:error: 'struct FileFindData' has no member named 
'DE'

It's too long ago since I compiled 1.22 that I can't remember if this 
came up but a diff of that SysDepBSD.cpp and my NetBSD one only picks 
up the couple of lines changed to statvfs. 

I think the possible out of memory error I had with 3.0 and on is 
still there in 3.1 but the crude fix of limiting number of 
connections by only allowing two of spamd or fprot filters to run has 
meant I've not had any further issue.

I'll look at this futher if I get time but more likely for when 
you're starting on 1.24.


David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: SMTP-RDNSCheck

[David Lord]

On 21 Oct 2006, at 9:55, Norbert Doeberlein wrote:

> 
> What is the syntax in reference to the -S you refer to in the docs?
> 
> 
> 
> Thanks!
> 
> 
> 
> [SMTP-RDNSCheck]
> 
> Indicate if XMail must do an RDNS lookup before accepting a incoming
> SMTP connection. If 0, the check is not performed; if 1 and the check
> fails, the user receives a 'server use forbidden' at MAIL_FROM time;
> if -S (S > 0) and the check fails, a delay of S seconds between SMTP
> commands is used to prevent massive spamming.

In server.tab
"SMTP-RDNSCheck""-2"

That's as much as I dare give it as otherwise I tend to lose wanted 
emails when senders DNS is bad and their mta is too impatient.

I also put longer timeouts, or even "code=0", on a per ip block basis 
in spammers.tab for ip blocks I'm not expecting to be sending me 
email.
"61.58.0.0" "255.255.0.0"   "code=-5"

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: mail() function and smtp relay settings

[David Lord]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 14 Jun 2006, at 15:06, Gideon So wrote:

> 
> Hi all,
> 
> Thanks for your prompt answers. I tried all the advices you all
> provided here> I found that there is nothing do with the smtprelay
> saettings.
> 
> While I try to send mail in command line (I am using linux) like this:
> 
> mail xxx(at)yyy.com
> 
> subject: this is a test
> test
> ..
> CC:
> 
> I get this error: cannot move file /var/MailRoot/spool/temp/*.*.mail
> 
> Any more hints on this one??

What are ownerships and permissions of spool, spool/tmp and 
spool/local?

Here on FreeBSD and NetBSD I have them chown xmail:xmail, spool is 
chmod 770 and both temp and local chmod 755.

BSD has a mailer.conf and sendmail is set to 
/var/MailRoot/bin/sendmail which is chmod 4755.
The alias send-mail is used for original sendmail.

I use 'send-mail -t' or 'sendmail -t' for messages that are already 
complete with headers, or as per examples in README.txt.
  sendmail [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] < msg.txt
or
  sendmail [EMAIL PROTECTED] --input-file msg.txt [EMAIL PROTECTED] [EMAIL 
PROTECTED]

David


-BEGIN PGP SIGNATURE-
Version: PGP 7.0.4 -- QDPGP 2.65 
Comment: http://community.wow.net/grt/qdpgp.html

iQA/AwUBRI/3QK2RmIodDo7KEQL+CwCeMPNxip/Rolnos5SJi0ShaYDr7gUAoJQv
Gig7DEzPOpql2D9aEU9Le1bM
=Hyoy
-END PGP SIGNATURE-
-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: Coredumps on NetBSD-3.0 - XMail memory settings

[David Lord]

On 12 Jun 2006, at 17:21, Davide Libenzi wrote:

> 
> On Thu, 8 Jun 2006, David Lord wrote:
> 
> > This now looks as though I've been picking up NetBSD 2 packages
> > rather than NetBSD 3. I noticed a while back that new install of
> > lsof from a package was complaining it was 2.0 so checked on gmake
> > binary which hadn't changed from before I thought I'd updated all
> > packages after update from v2 to v3. A new gmake compiled from
> > source gives significantly different sized xmail binaries. I'll
> > attempt a complete recompile of all packages, either on the fast
> > desktop or server itself if it stays up a while longer.
> >
> > PC's had another 64 MB ram to take it to 128 MB. I've also installed
> > and configured both fprot and spamassassin. These cause core dumps
> > on getting many simultaneous connections and XMail dies without core
> > dump. Last one was 01:23 GMT when I mailed myself six test mails.
> > I've now set spamassassin to check maximum of two emails at once and
> > modified fprot script to do similar. It just handled nine without
> > problem (3 x spam, 3 x virus, 3 x clean) RCPTs over 5 sec RECVs
> > +3sec to +4 sec later.
> 
> Is there an OOM killer that gets triggered on NetBSD?

I can't say for this particular pc as it could still be contaminated 
with one or more binaries from earlier version. I won't be happt 
until I move to new pc that's not had any earlier version installed.

I tried to run gdb last night specifying the running XMail and pid.
gdb-internal-error: legacy_fetch_link_map_offsets called without 
legacy link_map support enabled. I've no experience of debugging so 
just grepped for some setting to enable that support without success.

I also tried make of gdb from source which fell over after some long 
period with top showing very high cpu and free memory down to a few 
hundred KB. Eventual error was that pkgsrc gdb was broken and would 
be dropped if not fixed.

I'd like confirmation from another user of XMail on NetBSD 3.0 that 
it's running fine or otherwise.

That's as far as I've got although I've now replaced most precompiled 
packages with ones compiled on desktop and had no more coredumps from 
XMail.

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: Coredumps on NetBSD-3.0 - XMail memory settings

[David Lord]

On 3 Jun 2006, at 9:35, David Lord wrote:



This now looks as though I've been picking up NetBSD 2 packages 
rather than NetBSD 3. I noticed a while back that new install of lsof 
from a package was complaining it was 2.0 so checked on gmake binary 
which hadn't changed from before I thought I'd updated all packages 
after update from v2 to v3. A new gmake compiled from source gives 
significantly different sized xmail binaries. I'll attempt a complete 
recompile of all packages, either on the fast desktop or server 
itself if it stays up a while longer.

PC's had another 64 MB ram to take it to 128 MB. I've also installed 
and configured both fprot and spamassassin. These cause core dumps on 
getting many simultaneous connections and XMail dies without core 
dump. Last one was 01:23 GMT when I mailed myself six test mails. 
I've now set spamassassin to check maximum of two emails at once and 
modified fprot script to do similar. It just handled nine without 
problem (3 x spam, 3 x virus, 3 x clean) RCPTs over 5 sec RECVs +3sec 
to +4 sec later.

David

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]