[xmail] FreeBSD 7 and lc_r
Hi All - There appears to be a build problem with FreeBSD 7 and XMail, at least on the two non-64 bit systems I have updated so far - the build fails on the -lc_r flag. I am uncertain as to the specifics of the lc_r flag - it appears to be a directive to link against libc_r for threading - but at any rate, that flag is no longer recognized (or valid?) under FreeBSD 7. I removed it from the Makefile and kept -pthread, and so far everything seems OK with the XMail binaries. I am guessing that FreeBSD 7 has changed the way it handles threads, probably a good thing, and this is the root of the build problem. If so, does anyone know if simply passing -pthreads is adequate? I haven't been able to find much info about lc_r so far... Thanks, Jeff - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: FreeBSD 7 and lc_r
OK - I found a small amount of info that seems to indicate that the correct flag is simply -pthread without -lc_r, and this is also true for FreeBSD 6, although the only problem I ran into with FreeBSD 6 was a show stopping 64 bit compile issue. Once I compiled 32 bit I had no problems. Anyway, if you are running FreeBSD 7 and have trouble compiling the binaries, remove -lc_r from the makefile - that seems to be working so far for me quite well. From what I read, you should remove it regardless and just keep -pthread, but then I try not to believe everything I read! Jeff Jeff Buehler wrote: Hi All - There appears to be a build problem with FreeBSD 7 and XMail, at least on the two non-64 bit systems I have updated so far - the build fails on the -lc_r flag. I am uncertain as to the specifics of the lc_r flag - it appears to be a directive to link against libc_r for threading - but at any rate, that flag is no longer recognized (or valid?) under FreeBSD 7. I removed it from the Makefile and kept -pthread, and so far everything seems OK with the XMail binaries. I am guessing that FreeBSD 7 has changed the way it handles threads, probably a good thing, and this is the root of the build problem. If so, does anyone know if simply passing -pthreads is adequate? I haven't been able to find much info about lc_r so far... Thanks, Jeff - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: FreeBSD problem (similar to NetBSD problem report ed earlier?)
Hi Rob - That is more or less what is happening, but I'm not clear about the specifics. I'm finding it a bit of a mystery - the firewall does NAT, but the external DNS server trying to contact the internal server does so in the case of many other domains, so the firewall is properly configured for external queries - also, a dig dns1.buehlertech.net +trace works properly from the server (as does dns2.buehlertech.net which is on another public IP and behind a different router running PFSense) so dns1.buehlertech.com (and dns2.buehlertech.com) must be visible without difficulty to the external dns server. The server shouldn't really be trying to communicate with it's own public IP (itself), but rather the external dns server which then should simply return the public IP of the server doing the query, or so I would think, but I guess dig +trace has to literally dig all the way back to itself? Even then, why is the secondary dns, which works and is on an entirely separate network, not stepping in? Also, if I do a dig trikorausa.com +trace from my secondary server (dns2.buehlertech.net) it works fine. Perhaps the PFSense router is handling the query and NAT properly and the m0n0wall router is not? At this point to me it is some sort of voodoo dns issue (and here I am without any animal sacrifice to offer it), but it isn't causing me any real headaches since SmartDns works. I will look more closely at NAT, though, as I suspect you are right that it is at the center of the issue somehow - it simply redirect inbound requests to port 53 of the server in question, nothing complex. I still need to look at the other external cases, but I have a feeling that there will be some misconfigured DNS or other problems in those cases. It also does not sound like an XMail issue anymore either, so my apologies for continuing on here. I will post a final time if I find out what is going on simply for the sake of posterity! Thanks, Jeff Rob Arends wrote: This will be a fault where the world uses you public IP to access your zone hosted on your server, but when your server tries to resolve dns1.buehlertech.net it is not contactable (probably because of NAT on a firewall) and so tries dns2.buehlertech.net, but it is also not contactable. Then it goes back to the root to try again, but of course there is no way you can talk to yourself via a public IP. I may have got a little bit of the process wrong, but in essence it is correct. If anyone can talk to you, but you can't talk to you, then it will be NAT. Try BIND views, or hosting on a different server, or allowing dns resolution from 127.0.0.1, then pointing resolv.conf to 127.0.0.1 Rob :-) _ It might look like I'm doing nothing, but on a cellular level, I'm quite busy. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Buehler Sent: Saturday, February 23, 2008 11:36 AM To: xmail@xmailserver.org Subject: [xmail] Re: FreeBSD problem (similar to NetBSD problem report ed earlier?) Hi Davide - Sorry about the delay on this - I was in away yesterday and today... Here is a sample of the dig + trace - I copied only the last two entries - basically this pattern is repeated until the too many lookups result. The other domains this server is authoritative for produce the same result except for buehlertech.net and buehlertech.com which work fine. The only differences I can think of is the reverse points to buehlertech.net and the domain is buehlertech.net in resolv.conf and in the hosts file (but why would buehlertech.com work?). ;; Received 117 bytes from 192.5.6.30#53(a.gtld-servers.net) in 126 ms com.21365 IN NS e.gtld-servers.net. com.21365 IN NS f.gtld-servers.net. com.21365 IN NS g.gtld-servers.net. com.21365 IN NS h.gtld-servers.net. com.21365 IN NS i.gtld-servers.net. com.21365 IN NS j.gtld-servers.net. com.21365 IN NS k.gtld-servers.net. com.21365 IN NS l.gtld-servers.net. com.21365 IN NS m.gtld-servers.net. com.21365 IN NS a.gtld-servers.net. com.21365 IN NS b.gtld-servers.net. com.21365 IN NS c.gtld-servers.net. com.21365 IN NS d.gtld-servers.net. ;; Received 504 bytes from 67.102.108.82#53(dns1.buehlertech.net) in 68 ms trikorausa.com. 172800 IN NS dns1.buehlertech.net. trikorausa.com. 172800 IN NS dns2.buehlertech.net. ;; Received 117 bytes from 192.12.94.30#53(e.gtld-servers.net) in 93 ms com.21365 IN NS
[xmail] Re: FreeBSD problem (similar to NetBSD problem report ed earlier?)
I should also clarify, as you mention users, that none of this has anything to do with users on a LAN. This is a hosting server providing web services and email, along with some other functionality. The issue at question is how this particular server sees domains that are external to it. It has no way of knowing about yahoo.com or hotmail.com without a name server that provides recursive lookups, so I have assigned it a name server that does. It just so happens that in the case of this one domain (trikorausa.com) this server provides the authoritative DNS (A records, MX records, etc.). There is no way (that I know about) for me to have it query itself just for domains it knows about, then query external dns for everything else. Thanks again, Jeff Jeff Buehler wrote: Hi Clement - Perhaps I am using the wrong semantics, or perhaps I am not completely understanding you, or possibly I am doing something wrong (even thought I have been doing it this way more or less for about 10 years!). This server provides (what I understand to be) true authoritative name resolution for about 60 domains and ONLY those 60 domains, but provides no recursive lookups nor any caching - no systems on the LAN query it, or any other server I provide locally, for DNS resolution. It is simply queried by external caching DNS servers on the net for name resolution of a small number of domains. I do provide complete zone content for these domains, but not for other domains such as yahoo.com (obviously) which need to be queried elsewhere as no caching is being done. My understanding is that a DNS server generally should not provide recursive lookups and caching while also providing authoritative resolution of domains for security reasons. This at least is a recommendation made by Dan Bernstein (author of Tiny DNS) and makes sense to me - Bind and MS systems allow it, but it is probably not a good idea. Am I missing something? Thanks for your input ... Jeff CLEMENT Francis wrote: As an autoritive dns, why do you want your internal network to go to = the 'external' dns servers An autoritive dns server for a zone is ONLY one of the NS listed, and = theses NS roles suppose they have a full copy of the zone content. As many election algorythms will sort the ns entries to place the = 'locals' (network point of vue) as the preferred to ask first, your 'internal autoritive' that does not have all of the zone will surely be elected ! Then, the local computer electing to use you 'false autoritive server', = that is online and response to dns queries even if not the desirable good responses from user point of vue, but a 'good' response at dns protocol point of vue, why do you want them to 'change' and switch to the = 'external true autoritive servers' ? A tcpdump for dns traffic on your local network could show that for DOM domain almost all the queries are send to you 'false autoritive = server'. Best way to resolve this issue : - Don't use any 'internal dns server' for this zone at all or - Give your internal dns server the complete zone content to become a = true autoritive dns server for the zone :) (Notice that doing so if your local dns is behind a nat server, you = could face a commom 'nat firewall' loopback issue. I can explain if you want) Francis -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] la part de Jeff Buehler Envoy=E9 : mercredi 20 f=E9vrier 2008 20:35 =C0 : xmail@xmailserver.org Objet : [xmail] Re: FreeBSD problem (similar to NetBSD problem report = ed earlier?) Hi Davide - Yes, it works from an external line, but not from the server itself. I = am trying to figure out why providing the authoritative DNS for that=20 domain (pointing to another server on the net which provides everything = else for the domain) causes the failure - it seems to be looping, which = might be expected behavior, but I'm not certain. At this point since = it=20 works with SmartDNS it is mostly curiosity. Jeff - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: FreeBSD problem (similar to NetBSD problem report ed earlier?)
Hi Clement - Perhaps I am using the wrong semantics, or perhaps I am not completely understanding you, or possibly I am doing something wrong (even thought I have been doing it this way more or less for about 10 years!). This server provides (what I understand to be) true authoritative name resolution for about 60 domains and ONLY those 60 domains, but provides no recursive lookups nor any caching - no systems on the LAN query it, or any other server I provide locally, for DNS resolution. It is simply queried by external caching DNS servers on the net for name resolution of a small number of domains. I do provide complete zone content for these domains, but not for other domains such as yahoo.com (obviously) which need to be queried elsewhere as no caching is being done. My understanding is that a DNS server generally should not provide recursive lookups and caching while also providing authoritative resolution of domains for security reasons. This at least is a recommendation made by Dan Bernstein (author of Tiny DNS) and makes sense to me - Bind and MS systems allow it, but it is probably not a good idea. Am I missing something? Thanks for your input ... Jeff CLEMENT Francis wrote: As an autoritive dns, why do you want your internal network to go to = the 'external' dns servers An autoritive dns server for a zone is ONLY one of the NS listed, and = theses NS roles suppose they have a full copy of the zone content. As many election algorythms will sort the ns entries to place the = 'locals' (network point of vue) as the preferred to ask first, your 'internal autoritive' that does not have all of the zone will surely be elected ! Then, the local computer electing to use you 'false autoritive server', = that is online and response to dns queries even if not the desirable good responses from user point of vue, but a 'good' response at dns protocol point of vue, why do you want them to 'change' and switch to the = 'external true autoritive servers' ? A tcpdump for dns traffic on your local network could show that for DOM domain almost all the queries are send to you 'false autoritive = server'. Best way to resolve this issue : - Don't use any 'internal dns server' for this zone at all or - Give your internal dns server the complete zone content to become a = true autoritive dns server for the zone :) (Notice that doing so if your local dns is behind a nat server, you = could face a commom 'nat firewall' loopback issue. I can explain if you want) Francis -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] la part de Jeff Buehler Envoy=E9 : mercredi 20 f=E9vrier 2008 20:35 =C0 : xmail@xmailserver.org Objet : [xmail] Re: FreeBSD problem (similar to NetBSD problem report = ed earlier?) Hi Davide - Yes, it works from an external line, but not from the server itself. I = am trying to figure out why providing the authoritative DNS for that=20 domain (pointing to another server on the net which provides everything = else for the domain) causes the failure - it seems to be looping, which = might be expected behavior, but I'm not certain. At this point since = it=20 works with SmartDNS it is mostly curiosity. Jeff - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: FreeBSD problem (similar to NetBSD problem report ed earlier?)
By the way, the trace does, and always has, produced the correct name servers (dns1.buehlertech.net and dns2.buehlertech.net), it just continues to trace after that result. Jeff Jeff Buehler wrote: Hi Clement - Yes - that is the setup, and the m0n0wall provides NAT to the servers services. dig @localhost (or serving LAN ip) triokorausa.com +trace produces the same dig: too many lookups error as does the dig @external-dns trikorausa.com +trace. Which also seems odd to me, but I have a strange feeling that it is the correct (to be expected) behavior, even if it is undesirable in this case. Or perhaps a recent update to FreeBSD is causing a problem? Jeff CLEMENT Francis wrote: Hey Jeff Seams I did not understood all of your dns server setup. I thinked you dns only returned a list of NS for the domains it is autoritive. Sorry :) Another possibility :) : Just in case there is a problem with natted loop-back at monowall = router I suppose you have this physical hardware setup (correct if wrong) : Internet - MonoWall - 'autoritive only' dns server ;) / xmail = server Is it this ? Does the interface between Monowall and dns/xmail server do NAT ? If NATTED servers : What does a dig from the dns/xmail server to itself using its internal = ip address ? dig @internal-dns-server-ip-address trikorausa.com +trace And a dig from the xmail server using the External ip address of the = dns server (so the Monowall external ip) ? dig @monowall-external-internet-ip trikorausa.com +trace Francis -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] la part de Jeff Buehler Envoy=E9 : jeudi 21 f=E9vrier 2008 17:12 =C0 : xmail@xmailserver.org Objet : [xmail] Re: FreeBSD problem (similar to NetBSD problem report = ed earlier?) I should also clarify, as you mention users, that none of this has=20 anything to do with users on a LAN. This is a hosting server providing = web services and email, along with some other functionality. The issue = at question is how this particular server sees domains that are = external=20 to it. It has no way of knowing about yahoo.com or hotmail.com without = a name server that provides recursive lookups, so I have assigned it a=20 name server that does. It just so happens that in the case of this one = domain (trikorausa.com) this server provides the authoritative DNS (A=20 records, MX records, etc.). There is no way (that I know about) for me = to have it query itself just for domains it knows about, then query=20 external dns for everything else. Thanks again, Jeff Jeff Buehler wrote: Hi Clement - Perhaps I am using the wrong semantics, or perhaps I am not = completely=20 understanding you, or possibly I am doing something wrong (even = thought=20 I have been doing it this way more or less for about 10 years!). = This=20 server provides (what I understand to be) true authoritative name=20 resolution for about 60 domains and ONLY those 60 domains, but = provides=20 no recursive lookups nor any caching - no systems on the LAN query = it,=20 or any other server I provide locally, for DNS resolution. It is = simply=20 queried by external caching DNS servers on the net for name = resolution=20 of a small number of domains. I do provide complete zone content for = these domains, but not for other domains such as yahoo.com = (obviously)=20 which need to be queried elsewhere as no caching is being done. My understanding is that a DNS server generally should not provide=20 recursive lookups and caching while also providing authoritative=20 resolution of domains for security reasons. This at least is a=20 recommendation made by Dan Bernstein (author of Tiny DNS) and makes=20 sense to me - Bind and MS systems allow it, but it is probably not a=20 good idea. Am I missing something? Thanks for your input ... Jeff - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: FreeBSD problem (similar to NetBSD problem report ed earlier?)
Hi Clement - Yes - that is the setup, and the m0n0wall provides NAT to the servers services. dig @localhost (or serving LAN ip) triokorausa.com +trace produces the same dig: too many lookups error as does the dig @external-dns trikorausa.com +trace. Which also seems odd to me, but I have a strange feeling that it is the correct (to be expected) behavior, even if it is undesirable in this case. Or perhaps a recent update to FreeBSD is causing a problem? Jeff CLEMENT Francis wrote: Hey Jeff Seams I did not understood all of your dns server setup. I thinked you dns only returned a list of NS for the domains it is autoritive. Sorry :) Another possibility :) : Just in case there is a problem with natted loop-back at monowall = router I suppose you have this physical hardware setup (correct if wrong) : Internet - MonoWall - 'autoritive only' dns server ;) / xmail = server Is it this ? Does the interface between Monowall and dns/xmail server do NAT ? If NATTED servers : What does a dig from the dns/xmail server to itself using its internal = ip address ? dig @internal-dns-server-ip-address trikorausa.com +trace And a dig from the xmail server using the External ip address of the = dns server (so the Monowall external ip) ? dig @monowall-external-internet-ip trikorausa.com +trace Francis -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] la part de Jeff Buehler Envoy=E9 : jeudi 21 f=E9vrier 2008 17:12 =C0 : xmail@xmailserver.org Objet : [xmail] Re: FreeBSD problem (similar to NetBSD problem report = ed earlier?) I should also clarify, as you mention users, that none of this has=20 anything to do with users on a LAN. This is a hosting server providing = web services and email, along with some other functionality. The issue = at question is how this particular server sees domains that are = external=20 to it. It has no way of knowing about yahoo.com or hotmail.com without = a name server that provides recursive lookups, so I have assigned it a=20 name server that does. It just so happens that in the case of this one = domain (trikorausa.com) this server provides the authoritative DNS (A=20 records, MX records, etc.). There is no way (that I know about) for me = to have it query itself just for domains it knows about, then query=20 external dns for everything else. Thanks again, Jeff Jeff Buehler wrote: Hi Clement - Perhaps I am using the wrong semantics, or perhaps I am not = completely=20 understanding you, or possibly I am doing something wrong (even = thought=20 I have been doing it this way more or less for about 10 years!). = This=20 server provides (what I understand to be) true authoritative name=20 resolution for about 60 domains and ONLY those 60 domains, but = provides=20 no recursive lookups nor any caching - no systems on the LAN query = it,=20 or any other server I provide locally, for DNS resolution. It is = simply=20 queried by external caching DNS servers on the net for name = resolution=20 of a small number of domains. I do provide complete zone content for = these domains, but not for other domains such as yahoo.com = (obviously)=20 which need to be queried elsewhere as no caching is being done. My understanding is that a DNS server generally should not provide=20 recursive lookups and caching while also providing authoritative=20 resolution of domains for security reasons. This at least is a=20 recommendation made by Dan Bernstein (author of Tiny DNS) and makes=20 sense to me - Bind and MS systems allow it, but it is probably not a=20 good idea. Am I missing something? Thanks for your input ... Jeff - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: FreeBSD problem (similar to NetBSD problem report ed earlier?)
OK, just to add to my confusion, here is part of what is going on - this server also provides the authoritative DNS for trikorausa.com (but not local DNS queries or caching!). It does not provide any other services for trikorausa.com (no email etc.) - the records point to an outside address. If I do a dig @an-external-dns-server trikorausa.com +trace I still get a dig: Too many lookups error. Does that make sense - is it looping? It seems like it should work - the external primary DNS knows the server doing the dig provides the authoritative DNS, shouldn't it simply trace back to it and stop? Essentially the server is simply doing a trace from an external DNS server back to itself. If I do a dig using ANY dns server from the server that provides the authoritative DNS for this domain I get the same result. As Davide reported if I do a dig to trikorausa.com from an outside line the trace is fine and does not fail. Also I don't know what the story is with the other domains - I only have client reports at this point about unexpected failures. Also, three weeks ago I was able to send email to trikorausa.com without the nxdomain error. Jeff CLEMENT Francis wrote: Hello Davide Recently I asked you how SMARTDnshost variable affected xmail internal resolver, and you said that when using SmartDnsHost, xmail only ask for = the 'final' request (directly the mx lookup without trying first soa, ns, = . ) I asked this because I had the same problem as Jeff but was not at this = time able to find the reason about xmail resolver without smartdnshost = setting able or not to find the mx records for domains that was ok with dig = and/or nslookups at xmail server side (so using os resolver) and that the same xmail server with smartdnshost applied was able to find without = problems (with all involved dns servers caches cleaned that don't use smart = hosts themself) I didn't have time to trace dns queries w/wo SmarDnshost usage (to see timings, ...) but it seems that in some cases of long latencies on the = wire (temporarly high bandwidth usages, ...) xmail 'timeouts' quicker for = dns queries than then it use 'classic' resolvers (SmartDnsHost setting in effect). The problem could be after this timeout : how xmail handle this ? retry later ? and on persistent 'no response from dns server', flag the = domain with an 'nxdomain' internal error without having any valid 'nxdomain' responses ? Could any of these be possible ? Any way to test xmail resolver by changing xmail internal dns 'timeout' value ? Francis -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] la part de Davide Libenzi Envoy=E9 : mardi 19 f=E9vrier 2008 21:33 =C0 : XMail mailing list Objet : [xmail] Re: FreeBSD problem (similar to NetBSD problem reported earlier?) On Tue, 19 Feb 2008, Jeff Buehler wrote: Hi Davide - =20 Everything works when I use SmartDNS host to point to the same = resolver=20 as the server uses (a m0n0wall router). If I do not use SmartDNS host, I get the error to domains that can=20 receive email from other sources. =20 One example domain is trikorausa.com, although I am getting reports = of=20 the error from clients with about 5 other domains that mail can be = sent=20 to from other sources (like Hotmail). The results of a dig=20 trikorausa.com mx +trace actually result in a dig: too many lookups = failure - apparently the last time I did it a inadvertently did a = dig=20 trikorausa.com mx + trace with a space between the + and the trace = and=20 didn't notice that it hadn't performed a trace - sorry about that... =20 I will research why would I might get a too many lookups failure = (the=20 domain is fine and has valid MX records) and try to determine what = may=20 have changed recently (and if XMail is even involved) - I send to = this=20 domain all of the time and this seems to have started about when I=20 upgraded to 1.25. However, there were a number of changes around = that=20 time (including a FreeBSD update) so I will continue trying to = isolate=20 what is up and post back if I can find the problem. There's some configuration problem inside your network. The command = is=20 with +trace (w/out space), and from here is working fine. So it must be something internal to your net. - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body
[xmail] Re: FreeBSD problem (similar to NetBSD problem report ed earlier?)
Hi Davide - Yes, it works from an external line, but not from the server itself. I am trying to figure out why providing the authoritative DNS for that domain (pointing to another server on the net which provides everything else for the domain) causes the failure - it seems to be looping, which might be expected behavior, but I'm not certain. At this point since it works with SmartDNS it is mostly curiosity. Jeff Davide Libenzi wrote: On Wed, 20 Feb 2008, Jeff Buehler wrote: OK, just to add to my confusion, here is part of what is going on - this server also provides the authoritative DNS for trikorausa.com (but not local DNS queries or caching!). It does not provide any other services for trikorausa.com (no email etc.) - the records point to an outside address. If I do a dig @an-external-dns-server trikorausa.com +trace I still get a dig: Too many lookups error. Does that make sense - is it looping? It seems like it should work - the external primary DNS knows the server doing the dig provides the authoritative DNS, shouldn't it simply trace back to it and stop? Essentially the server is simply doing a trace from an external DNS server back to itself. If I do a dig using ANY dns server from the server that provides the authoritative DNS for this domain I get the same result. As Davide reported if I do a dig to trikorausa.com from an outside line the trace is fine and does not fail. Also I don't know what the story is with the other domains - I only have client reports at this point about unexpected failures. Also, three weeks ago I was able to send email to trikorausa.com without the nxdomain error. From here it works just fine: [EMAIL PROTECTED]:~$ dig trikorausa.com mx +trace ; DiG 9.4.2 trikorausa.com mx +trace ;; global options: printcmd ... 324708 IN NS J.ROOT-SERVERS.NET. ... 324708 IN NS K.ROOT-SERVERS.NET. ... 324708 IN NS L.ROOT-SERVERS.NET. ... 324708 IN NS M.ROOT-SERVERS.NET. ... 324708 IN NS A.ROOT-SERVERS.NET. ... 324708 IN NS B.ROOT-SERVERS.NET. ... 324708 IN NS C.ROOT-SERVERS.NET. ... 324708 IN NS D.ROOT-SERVERS.NET. ... 324708 IN NS E.ROOT-SERVERS.NET. ... 324708 IN NS F.ROOT-SERVERS.NET. ... 324708 IN NS G.ROOT-SERVERS.NET. ... 324708 IN NS H.ROOT-SERVERS.NET. ... 324708 IN NS I.ROOT-SERVERS.NET. ;; Received 428 bytes from 10.107.17.218#53(10.107.17.218) in 0 ms com.172800 IN NS D.GTLD-SERVERS.NET. com.172800 IN NS F.GTLD-SERVERS.NET. com.172800 IN NS B.GTLD-SERVERS.NET. com.172800 IN NS E.GTLD-SERVERS.NET. com.172800 IN NS H.GTLD-SERVERS.NET. com.172800 IN NS M.GTLD-SERVERS.NET. com.172800 IN NS K.GTLD-SERVERS.NET. com.172800 IN NS C.GTLD-SERVERS.NET. com.172800 IN NS I.GTLD-SERVERS.NET. com.172800 IN NS J.GTLD-SERVERS.NET. com.172800 IN NS L.GTLD-SERVERS.NET. com.172800 IN NS A.GTLD-SERVERS.NET. com.172800 IN NS G.GTLD-SERVERS.NET. ;; Received 492 bytes from 202.12.27.33#53(M.ROOT-SERVERS.NET) in 127 ms trikorausa.com. 172800 IN NS dns1.buehlertech.net. trikorausa.com. 172800 IN NS dns2.buehlertech.net. ;; Received 117 bytes from 192.43.172.30#53(I.GTLD-SERVERS.NET) in 197 ms trikorausa.com. 43200 IN MX 10 mail.trikorausa.com. trikorausa.com. 43200 IN NS dns1.buehlertech.net. trikorausa.com. 43200 IN NS dns2.buehlertech.net. ;; Received 154 bytes from 69.12.155.168#53(dns2.buehlertech.net) in 35 ms - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: FreeBSD problem (similar to NetBSD problem reported earlier?)
Hi David - I think I have finally solved this mysterious problem, and of course it was an element I had not even considered (as it often is). The line provider (Covad) for this server had a problem several weeks ago with this line, about the time I was updating xmail to 1.25. When they were running tests on the line, they had slowed it down (from 5.4mb down/700k up to 300k down/60k up) and they managed to leave it that way. By some miracle the people using this server didn't notice (nor did I), aside from this problem, as it also provides web services - it does explain a lot of strange behavior I have been seeing, though! This slowdown seems to have been causing a time out on the DNS query for certain domains, so the common denominator may have been (just guessing) a high latency on the response time for these particular domains coupled with the very slow line speed of my servers connection, causing the fore mentioned error (NXDOMAIN). Now that the circuit is operating at its proper speeds, the problem has gone away. I don't know if this is a reflection on any particular package (Bind under *BSD, XMail, etc.) in terms of low speed testing, but it might be worth noting for someone that at very low speeds something is failing intermittently. Thanks for your help and input! Jeff David Lord wrote: On 18 Feb 2008, at 12:27, Jeff Buehler wrote: Hi all - Sorry to be late to the game with this - in an earlier list email that I inadvertently deleted (thinking I had no helpful input, of course!) titled Problem with XMail on NetBSD-4 there was a discussion about the error: Recipient domain .com does not exist (or it has a misconfigured DNS) I am also getting this error regularly with FreeBSD 6 and XMail 1.25. I mention it in the XMail forums as well, and read about a number of other recent occurrences, but nothing has been resolved specifically. As I mention in the forums, I have verified the domains are valid and properly configured in some of the cases, but the errors are consistent with specific domains. In my case, one example is trikorausa.com which I can send email from any server other than my active XMail server under FreeBSD, adn which looks properly configured via dnstools.com (I configured it, so I believe it is correct...) Davide responded: I think XMail is getting a ERR_DNS_NXDOMAIN (NXDOMAIN) from your DNS server. When that's happening, XMail does not even try to fall back to the A record delivery. and I think seems like it may be correct, but I am uncertain how to test this. The server does not provide DNS queries for itself (although it provides DNS for the domains it is authoritative on) but queries a m0n0wall router on the LAN, which queries my ISPs DNS servers. The server is able to resolve a dig as well as dig+trace to the MX record to trikorausa.com (and other domains) without incident. This would suggest that something else might be going on, since the domain does have a functional and valid MX record, so there should be no need to fall back to an A record. Davide's reply was in response to my problems with NetBSD-3.1 and NetBSD-4.0. I'd been using SmartDNSHost pointing to my local dns as that was also configured for private ips on the lan and at some point this had become replaced by a malformed version (I'd commented out it out for some reason and afterwards un-commented the wrong line). The only thing this broke was local mail delivery which I didn't notice until testing new server which used cloned configuration of current server. This seems to be a new problem, but I updated XMail to 1.25, FreeBSD (minor update) and the m0n0wall router (minor update) all around the same time. I am not using SmartDNSHost, nor have I ever, although I've been running XMail for 6 or more years... should I test setting it to my ISP DNS servers rather than the local m0n0wall router (which queries the ISP servers anyway successfully with other services on the same server)? Does anyone have any ideas or recommendations about how to test where the problem might be? I'd suggest trying with SmartDNSHost set to the router then again with it set to the ISP. What servers do you have set in resolv.conf? David Thanks, Jeff - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: FreeBSD problem (similar to NetBSD problem reported earlier?)
Hi David - I spoke too soon! The problem has reappeared, and consistently. So it was NOT the line speed issue. I will test SmartDNS settings and post the results. Presently /etc/resolv.conf is set to the m0n0wall router on the LAN. Jeff Jeff Buehler wrote: Hi David - I think I have finally solved this mysterious problem, and of course it was an element I had not even considered (as it often is). The line provider (Covad) for this server had a problem several weeks ago with this line, about the time I was updating xmail to 1.25. When they were running tests on the line, they had slowed it down (from 5.4mb down/700k up to 300k down/60k up) and they managed to leave it that way. By some miracle the people using this server didn't notice (nor did I), aside from this problem, as it also provides web services - it does explain a lot of strange behavior I have been seeing, though! This slowdown seems to havebeen causing a time out on the DNS query for certain domains, so the common denominator may have been (just guessing) a high latency on the response time for these particular domains coupled with the very slow line speed of my servers connection, causing the fore mentioned error (NXDOMAIN). Now that the circuit is operating at its proper speeds, the problem has gone away. I don't know if this is a reflection on any particular package (Bind under *BSD, XMail, etc.) in terms of low speed testing, but it might be worthnoting for someone that at very low speeds something is failing intermittently. Thanks for your help and input! Jeff David Lord wrote: On 18 Feb 2008, at 12:27, Jeff Buehler wrote: Hi all - Sorry to be late to the gamewith this - in an earlier list email that I inadvertently deleted (thinking I had no helpful input, of course!) titled Problem with XMail on NetBSD-4 there was a discussion about the error: Recipient domain .comdoes not exist (or it has a misconfigured DNS) I am also getting this error regularly with FreeBSD 6 and XMail 1.25. I mention it in the XMailforums as well, and read about a number of other recent occurrences, butnothing has been resolved specifically. As I mention in the forums, I haveverified the domains are valid and properly configured in some of the cases, but the errors are consistent with specific domains. In my case, one example is trikorausa.com which I can send email from any server other thanmy active XMail server under FreeBSD, adn which looks properly configuredvia dnstools.com (I configured it, so I believe it is correct...) Davide responded: I think XMail is getting a ERR_DNS_NXDOMAIN (NXDOMAIN) fromyour DNS server. When that's happening, XMail does not even try to fall back to the A record delivery. and I think seems like it may be correct, but I am uncertain how to test this. The server does not provide DNS queries for itself (although it provides DNS for the domains it is authoritative on) but queries a m0n0wall router on the LAN, which queries my ISPs DNS servers. The server is able to resolve a dig as well as dig+trace to the MX record to trikorausa.com (and other domains) without incident. This would suggest that something else might be going on, since the domain does have a functional andvalid MX record, so there should be no need to fall back to an A record. Davide's reply was in response to my problems with NetBSD-3.1 and NetBSD-4.0.I'd been using SmartDNSHost pointing to my local dns as that was also configured for private ips on the lan and at some point this had become replaced by a malformed version (I'd commented out it out for some reason andafterwards un-commented the wrong line). The only thing this broke was local mail delivery which I didn't notice until testing new server which usedcloned configuration of current server. This seems to be a new problem, but I updated XMail to 1.25, FreeBSD (minor update) and the m0n0wall router (minor update) all around the same time. I am not using SmartDNSHost, nor have I ever, although I've been running XMail for 6 or more years... should Itest setting it to my ISP DNS servers rather than the local m0n0wall router (which queries the ISP servers anyway successfully with other services on thesame server)? Does anyone have any ideas or recommendations about how to test where the problem might be? I'd suggest trying with SmartDNSHost set to the router then again with it set to the ISP. What servers do you have set inresolv.conf? David Thanks, Jeff - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the bodyof a message to [EMAIL PROTECTED] --- Links --- 1 mailto:[EMAIL PROTECTED] 2 mailto:[EMAIL PROTECTED] 3 mailto:[EMAIL PROTECTED] 4 mailto:[EMAIL PROTECTED] - To unsubscribe from this list: send
[xmail] Re: FreeBSD problem (similar to NetBSD problem reported earlier?)
Hi Davide - Everything works when I use SmartDNS host to point to the same resolver as the server uses (a m0n0wall router). If I do not use SmartDNS host, I get the error to domains that can receive email from other sources. One example domain is trikorausa.com, although I am getting reports of the error from clients with about 5 other domains that mail can be sent to from other sources (like Hotmail). The results of a dig trikorausa.com mx +trace actually result in a dig: too many lookups failure - apparently the last time I did it a inadvertently did a dig trikorausa.com mx + trace with a space between the + and the trace and didn't notice that it hadn't performed a trace - sorry about that... I will research why would I might get a too many lookups failure (the domain is fine and has valid MX records) and try to determine what may have changed recently (and if XMail is even involved) - I send to this domain all of the time and this seems to have started about when I upgraded to 1.25. However, there were a number of changes around that time (including a FreeBSD update) so I will continue trying to isolate what is up and post back if I can find the problem. Thanks, Jeff Davide Libenzi wrote: On Tue, 19 Feb 2008, Jeff Buehler wrote: Hi David - I spoke too soon! The problem has reappeared, and consistently. So it was NOT the line speed issue. I will test SmartDNS settings and post the results. Presently /etc/resolv.conf is set to the m0n0wall router on the LAN. Are you using SmartDNSHost or not? If yes, the DNS server configured in the SmartDNSHost returns a nary answer. If not, which domain is failing for you? If domain XXX is failing, go in your XMail box, issue this command and post here: $ dig XXX mx +trace - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] FreeBSD problem (similar to NetBSD problem reported earlier?)
Hi all - Sorry to be late to the game with this - in an earlier list email that I inadvertently deleted (thinking I had no helpful input, of course!) titled Problem with XMail on NetBSD-4 there was a discussion about the error: Recipient domain .com does not exist (or it has a misconfigured DNS) I am also getting this error regularly with FreeBSD 6 and XMail 1.25. I mention it in the XMail forums as well, and read about a number of other recent occurrences, but nothing has been resolved specifically. As I mention in the forums, I have verified the domains are valid and properly configured in some of the cases, but the errors are consistent with specific domains. In my case, one example is trikorausa.com which I can send email from any server other than my active XMail server under FreeBSD, adn which looks properly configured via dnstools.com (I configured it, so I believe it is correct...) Davide responded: I think XMail is getting a ERR_DNS_NXDOMAIN (NXDOMAIN) from your DNS server. When that's happening, XMail does not even try to fall back to the A record delivery. and I think seems like it may be correct, but I am uncertain how to test this. The server does not provide DNS queries for itself (although it provides DNS for the domains it is authoritative on) but queries a m0n0wall router on the LAN, which queries my ISPs DNS servers. The server is able to resolve a dig as well as dig+trace to the MX record to trikorausa.com (and other domains) without incident. This would suggest that something else might be going on, since the domain does have a functional and valid MX record, so there should be no need to fall back to an A record. This seems to be a new problem, but I updated XMail to 1.25, FreeBSD (minor update) and the m0n0wall router (minor update) all around the same time. I am not using SmartDNSHost, nor have I ever, although I've been running XMail for 6 or more years... should I test setting it to my ISP DNS servers rather than the local m0n0wall router (which queries the ISP servers anyway successfully with other services on the same server)? Does anyone have any ideas or recommendations about how to test where the problem might be? Thanks, Jeff - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Relocate .pid file on *BSD
Hi Harald - You are right - I just tested it and had assumed that pidfile= set the location. It's seems strange that it would be hard coded in any application rather than parameterized. It sounds like the variable mentioned by Tjeerd might be the way to go. Jeff Harald Schneider wrote: Hi Jeff, as far as I can see this just assigns the standard path to the .pid to a variable which is used for the Kill command. It does not SET the -pid file's location - right ? IMHO it needs to be modified in the source. Any hints Davide ? -- Harald Jeff Buehler wrote: Hi Harald - It's all about the startup script on *BSD. There is no standard package for Xmail (something I have thought about setting up numerous times) in FreeBSD, so modifying a default template is not an issue. I place my custom startup script in /usr/local/etc/rc.d - I believe this is at least somewhat similar in the other *BSDs. It specifiers the location of the .pid file - here is the script I use, pidfile being declared explicitly: #!/bin/sh# # $FreeBSD: XMail - non-standard port # # PROVIDE: xmail # # Add the fellowing line to /etc/rc.conf.local or /etc/rc.conf # to enable xmail # # xmail_enable (bool): Set it to YES to enable ... /etc/rc.subr MAIL_ROOT=/server/MailRoot export MAIL_ROOT name=xmail rcvar=`set_rcvar` command=${MAIL_ROOT}/bin/XMail command_args=-B- -W- -X- -F- -Ms /server/MailRoot -MM -Qr 50 -Ql -Pl -Sl -SI 127.0.0.1:25 -Ll -Mr 240 -Sr 300pidfile=/var/run/XMail.pid sig_stop=-kill $pidfile # read configurationand set defaults load_rc_config $name : ${xmail_enable=NO} run_rc_command $1 I hope that helps! Jeff Harald Schneider wrote: Hi, is there a way to relocate the XMail.pid file from /var/run to another location ? This would allow to use XMail as e.g. a proxy with user rights only, startable from a simple script - all files in a single folder. -- Harald - Tounsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] --- Links --- 1 mailto:[EMAIL PROTECTED] 2 mailto:[EMAIL PROTECTED] 3 mailto:[EMAIL PROTECTED] 4 mailto:[EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Relocate .pid file on *BSD
Hi Harald - It's all about the startup script on *BSD. There is no standard package for Xmail (something I have thought about setting up numerous times) in FreeBSD, so modifying a default template is not an issue. I place my custom startup script in /usr/local/etc/rc.d - I believe this is at least somewhat similar in the other *BSDs. It specifiers the location of the .pid file - here is the script I use, pidfile being declared explicitly: #!/bin/sh # # $FreeBSD: XMail - non-standard port # # PROVIDE: xmail # # Add the fellowing line to /etc/rc.conf.local or /etc/rc.conf # to enable xmail # # xmail_enable (bool):Set it to YES to enable .. /etc/rc.subr MAIL_ROOT=/server/MailRoot export MAIL_ROOT name=xmail rcvar=`set_rcvar` command=${MAIL_ROOT}/bin/XMail command_args=-B- -W- -X- -F- -Ms /server/MailRoot -MM -Qr 50 -Ql -Pl -Sl -SI 127.0.0.1:25 -Ll -Mr 240 -Sr 300 pidfile=/var/run/XMail.pid sig_stop=-kill $pidfile # read configuration and set defaults load_rc_config $name : ${xmail_enable=NO} run_rc_command $1 I hope that helps! Jeff Harald Schneider wrote: Hi, is there a way to relocate the XMail.pid file from /var/run to another location ? This would allow to use XMail as e.g. a proxy with user rights only, startable from a simple script - all files in a single folder. -- Harald - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] freebsd 6 problems?
I have been running XMail using daemontools under Freebsd 5/6 32 and 64 bit for about a year or so. I have decided to discontinue using daemontools, and I only now notice than when I try to run XMail from a standard rc.d script under Freebsd (64 bit), it crashes UNLESS I run it in debug (-Md) mode, which is the mode I (I think) needed to use to run it under daemontools which doesn't want things running in the background. If I run xmail locally without the -Md parameter (for example, /MailRoot/bin/XMail with MAIL_ROOT set properly) after a fresh compile it simply dies (signal 11) with almost no info. Under the 32 bit version of an otherwise identical OS it is fine and launches. So, does anyone have info about XMail failing under FreeBSD 6 64 bit? It appears to simply fail... A version compiled on a 32 bit platform appears to run on my 64 bit platforms although I haven't actually tested it. Thanks for any info about this! Jeff - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: xmail 1.24 smtp timeouts
Hi Davide - Using top, XMailis the active process using CPU. However, perhaps it would display that way if the fault was with OpenSSL, which I am using. However, I am using the FreeBSD 6.2 standard port and having no problems with other SSl uses on thisd system. Also, I beleive (unhless I am doing something incorrectly) that I have discabled the use of SSL completely - does XMail still make calls to OpenSSL even if SSL is unused? I am setting in server.tab: SSLWantVerify0 SSLWantCert0 SSLAllowSelfSigned1 SSLUseCertsFile0 SSLUseCertsDir0 EnableSMTP-TLS0 Thanks, Jeff - Original Message - From: Davide Libenzi davidel@xmailserver.org To: Xmail Mailing List xmail@xmailserver.org Sent: Tuesday, February 13, 2007 12:52 PM Subject: [xmail] Re: xmail 1.24 smtp timeouts On Mon, 12 Feb 2007, Jeff Buehler wrote: Hi Everyone - I have been getting XMail timeouts, along with CPU use going up to something like 98%, after upgrading to 1.24. I am not 100% certain that the upgrade is what is causing this, so I am looking for ideas. I did not have any problems with 1.23, and I don't think that I am seeing any more traffic than I did when using 1.23. I am running FreeBSD 6.2, and saw this with 1.24 under 6.1 also. My configuration is a bit unusual. ASSP is receiving socket 25/587 - ClamSMTP - Xmail, but XMail is the executable that seems to be getting overwhelmed. One thing that I googled time ago that was making openssl for have large delays, was related to the lack of a good source of entropy. But if you're not using openssl, that's never get triggered. Also, are you sure it's XMail sucking CPU? - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: ClamAV usage with XMail
I use ASSP withlut ClamAV, then the email is scanned by ClamSMTP WITH ClamAV. ASSP's implementation is less complete than ClamSMTP which does a deep scan. Then XMail gets the email for delivery. This has worked great up until XMail 1.24, but now I seem to be having time out problems with XMail. My guess is that 1.24 is slower with the SSL addition (even not using SSL) than 1.23 and that is cuaing it to hang. Using ClamAV with ClamSMTP I have only had one virus in over three years get through, and that due to a failed update the night before. Jeff On 2/13/2007, David Lord [EMAIL PROTECTED] wrote: On 12 Feb 2007, at 20:28, Brian wrote: Any opinions on using ClamAV with XMail? How good is ClamAV and is it secure / stable? I installed both fprot and clamav on NetBSD with intention of using whichever I managed to get working first which turned out to be fprot. I've no reason to suspect clamav is any less useful than fprot and it might even be more configurable. I suspect glst prevents the server seeing many viruses and so far fprot hasn't let any through to my users (me). David - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] xmail 1.24 smtp timeouts
Hi Everyone - I have been getting XMail timeouts, along with CPU use going up to something like 98%, after upgrading to 1.24. I am not 100% certain that the upgrade is what is causing this, so I am looking for ideas. I did not have any problems with 1.23, and I don't think that I am seeing any more traffic than I did when using 1.23. I am running FreeBSD 6.2, and saw this with 1.24 under 6.1 also. My configuration is a bit unusual. ASSP is receiving socket 25/587 - ClamSMTP - Xmail, but XMail is the executable that seems to be getting overwhelmed. Reducing SMTP connections via ASSP seems to help some, as does reducing allowed file sizes, but I haven't verified this completely. The timeouts are intermittent, but always there seems to be a large number of connections via netstat. Here are the enabled server.tab entries of any interest: NotifyTryPattern0 MaxMTAOps16 ReceivedHdrType1 FetchHdrTags+X-Deliver-To,+Received,To,Cc SmtpMsgIPBanSpammers550 Denied due inclusion of your IP in our spam lists SmtpMsgIPBanSpamAddress550 Denied due inclusion of your email address in our spam lists SmtpMsgIPBanMaps550 Denied due inclusion of your IP in the following map SMTP-MaxErrors3 MaxMessageSize62000 EnableAuthSMTP-POP31 AllowNullSender1 DefaultSmtpPermsMRVZ SSLWantVerify0 SSLWantCert0 SSLAllowSelfSigned1 SSLUseCertsFile0 SSLUseCertsDir0 EnableSMTP-TLS0 Any help would be greatly appreciated! I am about to downgrade to 1.23... Thanks, Jeff - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Advices
ASSP is great. I sue it with ClamSMTP rather than using ASSP's virus filtering. I have been running ASSP - ClamSMTP - XMail for several years now with literally no problems (other than the occasional misconfiguration issue :)), however I am using FreeBSD 6 (not Windows). Jeff Emmanuel Gonzalez wrote: Hi, We're using Xmail servers for long. We have migrate on a Win 2K3 server and it's working fine. My question : - does anyone knows an antivirus working fine with xmail (on Windows 2003 server) and working with xmail filters. - Can someone advise me to find a spam tool working on windows 2003 server Again, I won't change my Xmail Server ! You did a fabulous work Davide. Thanks for your help Emmanuel Gonzalez - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Poll ...
I don't need it right now, but I think it's an excellent idea to add it if it isn't a crazy amount of work. I can easily see needing it in the future... Thanks, Jeff Davide Libenzi wrote: How many would appreciate per-RCPT SMTP filter capabilities? - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Problems installing Xmail
I haven't read the rest of this post (sorry) but in case it helps I recall it does attempt a chroot and port forward/redirect, which was a bit of a problem for me as I do this myself using ASSAP and ClamSMTP - I finally just installed XMail manually and ignored the port, which worked well. Jeff Davide Libenzi wrote: On Sun, 1 Oct 2006, Simon Zarate wrote: While trying to install, fail and reply with this error. Hmm, something fishy is going on with the gentoo portage. Either their package ir b0rken, or they're trying to run XMail in a chroot by doing port forwarding. - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Reducing spam
Look into ASSP (Anti Spam Server Proxy). This is my favorite solution for a number of reasons. XMail has a number of tools to help with SPAM, and they work well, but I found ASSP to be significantly ahead of any specific XMail integration solutions I was able to come up with or implement after about 6 years of using it, so that's my advice. Jeff Clive Lansink wrote: Hi list. Spam seems to be getting to rediculous levels so I'm trying to reduce the number of spam messages I am receiving in my xmail server. I started by uncommenting the line in server.tab: CustMapsList list.dsbl.org.:1,blackholes.mail-abuse.org.:1,dialups.mail-abuse.org.:0 First, is there any way to tell if Xmail is correctly contacting the hosts in the maps list? It would be nice to know that it is. Also, what is the best system to use for this purpose? I've heard of something called Sorbs but I don't know much about it and whether it would be better to put that into the CustMapsList. Here is a random sample of a message I can expect to receive. The log entry looks like this: lansink.co.nz lansink.co.nz 63.163.14.58 2006-10-02 00:09:00 smtp.secureserver.net lansink.co.nz [EMAIL PROTECTED] [EMAIL PROTECTED] S7C56 RCPT=OK 0 It is addressed to [EMAIL PROTECTED], which is actually wrong but I have my domain set up so I receive all messages for the domain other than those for other specific mailboxes. I take it then that the mail-from was [EMAIL PROTECTED], and the IP address that this message came from was 63.163.14.58. I could possibly keep that IP address in my own list of spamming IP addresses, but I really don't want to have to maintain my own list. I'd rather rely on one of these public organisations to do that, but I would still want a simple way to report an offending IP address to people better able to deal with it. Is there a tool I can add to xmail that could reply to the sender of a message with a chalenge so they must respond in a specific way to authorise the message? I am thinking that this could be relatively simple to do by adding a tool to xmail if it is not already done. It would rely on having a list of senders that are known to be acceptable, and some rules for other messages such as for email lists that are also acceptable. But any other incoming message would be chalenged. Just an idea. I'm reluctant to go back to a system in which my ISP filters spam for me because they are often too agressive and can filter out messages that I really need to see. I'm not happy with anti-spam systems that do some sort of analysis on the message to determine if it is spam or genuine mail. But I do agree with coming down hard on people who misbehave and I'd like to do what I can to stop spam at its source. Since we're all using xmail on this list, I would really appreciate a discussion on how to reduce spam. Ultimately it would be good to update the manual to make it easier for others to get to grips with this, and I'd be happy to write something depending on what results from this discussion. Clive Lansink Email: [EMAIL PROTECTED] Phone: +64 9 520-4242 Mobile: +64 21 663-999 Fax: +64 21 789-150 - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Problems in receiving mail from hotmail
It sounds like a filter added on to XMail or something... unless you mean XMail is hanging on emails from Hotmail. I don't really understand the statement mails from Hotmail are regularly caught as bad html - I don't think XMail would do that unless you are talking about it actually crashing with Hotmail HTML email or something... can you clarify? Jeff Prakash wrote: Hi All i am fresh to linux admin. In our concern we are using X-Mailserver running on Debian 2.6 Linux. mails from hotmail is regularly caught as badhtml and there need to manual release of those mail Help me in this concern Regards Prakash - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Spammers - How to block them.
Hi Henri - I suspect this makes little difference, but just in case you aren't aware of this, you can run ASSP on a different computer - it doesn't have to be the same system, and so Perl also does not need to be on your XMail system. I'm not certain why you have feelings about running something in front of XMail if it will simply reduce the burden on your server (significantly) but we all have our reasons, I suppose! If you aren't processing much email, then I can't understand why you are getting the server too busy errors you mentioned in your first email. Something doesn't sound quite right. Frankly, even before I was running ASSP, I was processing quite a bit of email (thousands a day, sometimes more, and thousands more a day of SPAM) and I never received an error like that on send. I understood you to say that you were getting SMTP connect errors because XMail was taking too long to refuse invalid users. Logically, if you are receiving server too busy errors simply from refusing emails to non-valid users (as I read your first email to be saying), which would require an incredible volume of invalid email (or a very, very slow server), then the only way to prevent server overload would be to put something in front of XMail, since XMail is already refusing those emails that are causing the problem. But I must have misunderstood given the direction the rest of this thread has taken. If it is simply an issue of SPAM in general, and you need to block it, and you don't want to use something like ASSP (for reasons of purity?), then your best bet is greylisting (as Rob Arends covers well), RBL blocking, and perhaps something like you mention with an automated addition to the spammers list as a last addition. Jeff Henri van Riel wrote: Hi Jeff, You can run ASSP on a different server than XMail. Also, you can use it simply to verify that the address being sent to is a valid one - it does not need to perform Bayesian -filter based SPAM blocking unless you want it to (you could open up the ruleset, or you can have it simply tag the email that goes through with something if it thinks it's SPAM). If what you need is to be able to close sessions to invalid addresses quickly, that is the only way I know how to do it. I'll certainly look into it but I don't like the idea of having to run something in front of XMail... Also, I'd need to install Perl on my mailserver which is *strictly* a mailserver. What you suggest might work, but spammers domains and addresses change very rapidly, so I'm not certain you would actually cut down the volume much, and you would end up having to process all of that email. ASSP will simply terminate the session more or less immediately if it doesn't like the email, the sender, or the address, or any combination of those things. I don't have to process that much email though. First of all, my new CustMapsList filters out a lot of spam. If the sender seems ok, XMail first checks if the recipient is known. If not, it redirects it to my catch-all account. While it is doing that, the filters.pre-data.tab filter kicks in *before* the data command, only the headers have arrived so far. Next, my script will get the ip address from those headers and exits with code 3 which makes XMail to terminate the connection. Mail with a valid recipient will still go through the filter but that's not a problem. Sounds to me that it could work! ;) - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Spammers - How to block them.
Hi Henri - That's odd. How many smtp threads were you running? I've set the maximum to 16 now where 4 should be enough to handle all incoming mail (easily!). Whatever the default is (is it MaxMTAOps? - that is set to 16 on my system). Running on FreeBSD on a Athlon XP running at 2 GHz, 1 gig of RAM, fast SCSI hard drive. Nothing too fancy. Right now running ASSP - clamsmtp - XMail (in this case on the same system) this handily processes 4500 (or so) valid emails per day and refuses about the same number of additional SPAMs. Without the CLAMsmtp and ASSP this same system processed almost that much email without me ever seeing the problem you describe. It's not the spam per se, I know how to get rid of that. It's because 99.5% of all incoming mail is for non-existent recipients. I don't want to check them all to see if it's spam or not cause I already *know* it's spam. I don't want to waste server resources and internet bandwidth for something I already know I don't want. I just want to get rid of those attempts from spammers to deliver spam to my server as quickly and as easily as possible. Again, if the problem is email to invalid users, I don't see how any of the other options you mentioned in XMail will necessarily help. Perhaps they will by using a different mechanism, like RBL check, that is faster than XMails own determination of an invalid address, but that seems a stretch to me. ASSP is designed to close the SMTP session immediately if it doesn't like an email for any reason specified by the admin, such as an invalid address, so it directly addresses the problem you are having. However, as also mentioned, it seems very strange to me that XMail would be so slow on refusing invalid connections as to cause connection failures from valid senders if you have a low volume of email - I don't know XMail's mechanism behind this (perhaps someone else can clarify) but I have never run into that problem, or heard of anyone else running into that problem, unless they were getting a HUGE volume of SPAM (and not specifically to invalid users). So it might be worth looking into WHY your installation is behaving this way, since it sounds fishy to me. Maybe 4 threads was too low? Jeff - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Spammers - How to block them.
ASSP with XMail is an excellent solution for this - it is robust and reasonably lightweight. ASSP checks the first number of K that you specify to determine if an email is SPAM, then closes the session if it is. You can specify valid user accounts in a text file or using LDAP. If the email is invalid, it simply closes the session. Then you can forward the email to XMail for final processing. Jeff Henri van Riel wrote: Hi all, I've got a peculiar problem. My domain (a sub-domain of my ISP) receives a lot of (spam) email. I'm talking more than 15,000 emails per day (about 10mb/hour). All these emails are for recipients *not* defined on my domain. Someone has simply generated thousands of fake email addresses and put them on a cd and sells that (probably). I've set up XMail so that it only accepts mail for known users, so I don't really receive these emails. The problem is that my smtp threads are always *busy*. When I try to send email from outside my LAN through my mailserver at home I always get the message `server too busy, retry later...` because all my SMTP threads are handling mail from these spammers... What I would like is that XMail *immediately* drops the connection with the spammer's mailserver but it doesn't seem to do that. Connections stay open for a while because this server has dozens of emails to deliver to my server (all for users that don't exist!). Is there a way to immediately drop the connection with the server that tries to deliver mail to an unknown user and also ban this particular mail server for at least a day? That would decrease the number of random emails significantly and save me a lot on bandwidth. Any help would be appreciated. Thanks. - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Spammers - How to block them.
Hi Henri - You can run ASSP on a different server than XMail. Also, you can use it simply to verify that the address being sent to is a valid one - it does not need to perform Bayesian -filter based SPAM blocking unless you want it to (you could open up the ruleset, or you can have it simply tag the email that goes through with something if it thinks it's SPAM). If what you need is to be able to close sessions to invalid addresses quickly, that is the only way I know how to do it. What you suggest might work, but spammers domains and addresses change very rapidly, so I'm not certain you would actually cut down the volume much, and you would end up having to process all of that email. ASSP will simply terminate the session more or less immediately if it doesn't like the email, the sender, or the address, or any combination of those things. Jeff - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Error messages returned to sender replicated
Leanardo: Interesting find about the errors appearing not to be XMail generated - I will have to look into that in more detail by going over the logs when I can get the time. Clement: I use an IP in the cmdalias. The FQDN of the Exchange server resolves only to one IP. Xmail connects to the Exchange server through a M0n0wall firewall/NAT device that is NAT'ing the Exchange server. I don't recall seeing multiple times the same same bounce before upgrading to 1.22 (and now that you brought it up, M0n0wall is a recent addition to the network there as well). I will have to go over the logs as soon as I can to answer your other question about whether or not the bounce is seen on the Exchange side. It sounds like I will need to spend some more time with the logs and testing on this one - I will let you know what I find - thanks for all of your input! Jeff - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Error messages returned to sender replicated
Hmmm - ok, let me look at this a little deeper (and thanks for your input!). In answer to your questions: Exchange has its own domain, but only handles internal email (so outbound is Exchange - ASSP - (clamSMTP) - Xmail - INTERNET or inbound is INTERNET-ASSP - (clamSMTP) - XMail - Exchange). Xmail does forward the error messages to Exchange by using smtprelay in cmdalias - it does not actually have a mail account for the Exchange user, it just relays. Postmaster does receive errors as well, but they seem inconsistent with the others - I need to research this point a bit more and see if I am receiving more than 1 error to this account as well, but I don't think I am. It appears that I am not getting one email for each failure - rather, it appears to be some random number of bounce emails (sometimes 3, sometimes 5, and so on). Two complete examples (from the same failure) follow: From: buehlertech.net PostMaster [EMAIL PROTECTED] Sent: Friday, January 20, 2006 1:03 PM To: Jeff Buehler Subject: Error sending message [1137780666750.135234560.3ee.banshee.buehlertech.net] from [buehlertech.net] [00] XMail bounce: [EMAIL PROTECTED];Error=[The maximum number of delivery attempts has been reached] [01] Error sending message [1137780666750.135234560.3ee.banshee.buehlertech.net] from [buehlertech.net]. ID:S75A16 Mail From: [EMAIL PROTECTED] Rcpt To: [EMAIL PROTECTED] Server:delmone.com [delmone.com] [02] The reason of the delivery failure was: The maximum number of delivery attempts has been reached [05] Here is listed the initial part of the message: Received: from BuehlerTechAntiSpam ([127.0.0.1]:58144) by antispam.buehlertech.net ([127.0.0.1]:25) with [XMail 1.22 ESMTP Server] id S75A16 for [EMAIL PROTECTED] from [EMAIL PROTECTED]; Fri, 20 Jan 2006 10:11:04 -0800 Received: from 71.134.90.35 ([71.134.90.35] helo=mail.interoceanss.com) by BuehlerTechAntiSpam ; 20 Jan 06 18:11:02 - MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=_=_NextPart_001_01C61DEC.DE69A4EC Subject: test4 Content-class: urn:content-classes:message X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Fri, 20 Jan 2006 10:11:00 -0800 Message-ID: [EMAIL PROTECTED] X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: test4 Thread-Index: AcYd7N33dm49C2YAQOGUDPl2HKf/bg== From: Jeff Buehler [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Virus-Scanned: Buehler Technologies Anti-virus ClamSMTP - From: buehlertech.net PostMaster [EMAIL PROTECTED] Sent: Friday, January 20, 2006 12:22 PM To: Jeff Buehler Subject: Error sending message [1137775892511.135234560.250.banshee.buehlertech.net] from [buehlertech.net] [00] XMail bounce: [EMAIL PROTECTED];Error=[The maximum number of delivery attempts has been reached] [01] Error sending message [1137775892511.135234560.250.banshee.buehlertech.net] from [buehlertech.net]. ID:S758C4 Mail From: [EMAIL PROTECTED] Rcpt To: [EMAIL PROTECTED] Server:delmone.com [delmone.com] [02] The reason of the delivery failure was: The maximum number of delivery attempts has been reached [05] Here is listed the initial part of the message: Received: from BuehlerTechAntiSpam ([127.0.0.1]:54200) by antispam.buehlertech.net ([127.0.0.1]:25) with [XMail 1.22 ESMTP Server] id S758C4 for [EMAIL PROTECTED] from [EMAIL PROTECTED]; Fri, 20 Jan 2006 08:51:32 -0800 Received: from 71.134.90.35 ([71.134.90.35] helo=mail.interoceanss.com) by BuehlerTechAntiSpam ; 20 Jan 06 16:51:31 - MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=_=_NextPart_001_01C61DE1.C3D28DF8 Subject: test3 Content-class: urn:content-classes:message X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Fri, 20 Jan 2006 08:51:17 -0800 Message-ID: [EMAIL PROTECTED] X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: test3 Thread-Index: AcYd4buU0P6OtpNtTT+mAMHshLq35g== From: Jeff Buehler [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Virus-Scanned: Buehler Technologies Anti-virus ClamSMTP Thanks, Jeff Leonardo Fogel wrote: --- Jeff Buehler wrote : Right now I have XMail set to try 10 times, so there seem to be 10 emails that are sent to notify the sender of the failure. (...) Exchange users that have this problem - XMail is running on FreeBSD, but a number of Exchange users send through it as shown: Exchange - ASSP (anti-spam proxy) -XMail - Internet - the problem definitely happens with this flow Some thoughts: As far as I know from XMail, a bounce (error) message is like any other message, i.e., XMail will try to deliver them the same way and it will make the same number of tries if it needs. So, if you configure XMail to make N tries to send a message and it fails (and the sender's domain is not handled by XMail), it will also make at most N tries to send (forward) the error message. Questions: does Exchange handle a domain of its own? Does XMail have to forward the error messages to Exchange
[xmail] Re: Error messages returned to sender replicated
Thats what I thought should happen, but my Exchange users are verifiably getting multiple (it seems to be random) bounces back. Only my Exchange users seem to be affected - users accessing from a standard email client are getting the correct (single bounce) behavior). Jeff Davide Libenzi wrote: On Sat, 21 Jan 2006, Jeff Buehler wrote: I see. Any thoughts on what my be causing the repeat error bounces? Has anyone else run into this problem? If not, I would guess it has to do with the Exchange/ASSP/XMail relationship somehow since that is the only distinct thing about my configuration from a standard one... Davide, can you think of anything that may have changed between 1.20/1.21 and 1.22 that might affect this? The one below is a standard bounce message that happen (only once per message - maximum) if the maximum number of delivery attempts is reached. Ah ... I was unaware of that setting. It's commented out, which according to the documentation would seem to suggest that the errors aren't (or shouldn't be) coming from XMail at all. However, the headers indicate (to me, anyway!) that they are - here is an abbreviated example: From: buehlertech.net PostMaster [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 17, 2006 6:31 AM To: Jens Jensen Subject: Error sending message [1137452256244.135361536.4d65.banshee.buehlertech.net] from [buehlertech.net] [00] XMail bounce: [EMAIL PROTECTED];Error=[The maximum number of delivery attempts has been reached] - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Error messages returned to sender replicated
Yes - I despise Exchange, personally. However, talking the people holding the money out of using Exchange and going with LDAP/IMAP is like telling them that their father is a moron. They look dumbfounded and then proceed as if nothing was said. I host entirely on FreeBSD and I am just doing SPAM/AntiVirus filtering for this particular client. At any rate, the strange part is that each of the messages I sent IS from the same email. So, XMail is seeing two different messages (as you pointed out) but it is actually from the SAME send, so it must be getting duplicated by one of the other applications(?). So, as you mention, there is obviously something in the configuration that is causing the trouble. I will keep looking into it and report what I find for posteritys sake! Thanks, Jeff Davide Libenzi wrote: On Mon, 23 Jan 2006, Jeff Buehler wrote: Hmmm - ok, let me look at this a little deeper (and thanks for your input!). In answer to your questions: Exchange has its own domain, but only handles internal email (so outbound is Exchange - ASSP - (clamSMTP) - Xmail - INTERNET or inbound is INTERNET-ASSP - (clamSMTP) - XMail - Exchange). Xmail does forward the error messages to Exchange by using smtprelay in cmdalias - it does not actually have a mail account for the Exchange user, it just relays. Postmaster does receive errors as well, but they seem inconsistent with the others - I need to research this point a bit more and see if I am receiving more than 1 error to this account as well, but I don't think I am. It appears that I am not getting one email for each failure - rather, it appears to be some random number of bounce emails (sometimes 3, sometimes 5, and so on). Two complete examples (from the same failure) follow: Those refer to two different messages ... From: buehlertech.net PostMaster [EMAIL PROTECTED] Sent: Friday, January 20, 2006 1:03 PM To: Jeff Buehler Subject: Error sending message [1137780666750.135234560.3ee.banshee.buehlertech.net] from ^^^ and From: buehlertech.net PostMaster [EMAIL PROTECTED] Sent: Friday, January 20, 2006 12:22 PM To: Jeff Buehler Subject: Error sending message [1137775892511.135234560.250.banshee.buehlertech.net] from ^^^ Something funky is going on with your setup. I don't know what, but a wild guess is that removing MS Exchange will have a 98% probability of fixing it :) - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Error messages returned to sender replicated
I see. Any thoughts on what my be causing the repeat error bounces? Has anyone else run into this problem? If not, I would guess it has to do with the Exchange/ASSP/XMail relationship somehow since that is the only distinct thing about my configuration from a standard one... Davide, can you think of anything that may have changed between 1.20/1.21 and 1.22 that might affect this? Jeff Davide Libenzi wrote: On Fri, 20 Jan 2006, Jeff Buehler wrote: Ah ... I was unaware of that setting. It's commented out, which according to the documentation would seem to suggest that the errors aren't (or shouldn't be) coming from XMail at all. However, the headers indicate (to me, anyway!) that they are - here is an abbreviated example: From: buehlertech.net PostMaster [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 17, 2006 6:31 AM To: Jens Jensen Subject: Error sending message [1137452256244.135361536.4d65.banshee.buehlertech.net] from [buehlertech.net] [00] XMail bounce: [EMAIL PROTECTED];Error=[The maximum number of delivery attempts has been reached] The NotifyTryPattern variable does not affect final/definitive bounces, only intermediate ones. - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Error messages returned to sender replicated
Hi everyone - Running XMail 1.22 my users have been reporting that No server found errors are coming back in duplicate. The mails all come in after The maximum number of delivery attempts has been reached and the user receives a separate email for each failed delivery attempt, rather than one email containing all of the failures (which is the expected behavior, right?). Right now I have XMail set to try 10 times, so there seem to be 10 emails that are sent to notify the sender of the failure. It was set to 40, and in that case the user was receiving 40 (or so) emails. I have not verified that the number of returns is always exactly the same as the retry setting, but it is at least somewhat close. Has anyone seen this behavior? I am trying to verify if it is only my Exchange users that have this problem - XMail is running on FreeBSD, but a number of Exchange users send through it as shown: Exchange - ASSP (anti-spam proxy) -XMail - Internet - the problem definitely happens with this flow or Email client - ASSP - XMail - Internet - the problem has not been verified yet with this flow Thanks, Jeff - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Error messages returned to sender replicated
Ah ... I was unaware of that setting. It's commented out, which according to the documentation would seem to suggest that the errors aren't (or shouldn't be) coming from XMail at all. However, the headers indicate (to me, anyway!) that they are - here is an abbreviated example: From: buehlertech.net PostMaster [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 17, 2006 6:31 AM To: Jens Jensen Subject: Error sending message [1137452256244.135361536.4d65.banshee.buehlertech.net] from [buehlertech.net] [00] XMail bounce: [EMAIL PROTECTED];Error=[The maximum number of delivery attempts has been reached] Jeff Davide Libenzi wrote: On Fri, 20 Jan 2006, Jeff Buehler wrote: Hi everyone - Running XMail 1.22 my users have been reporting that No server found errors are coming back in duplicate. The mails all come in after The maximum number of delivery attempts has been reached and the user receives a separate email for each failed delivery attempt, rather than one email containing all of the failures (which is the expected behavior, right?). Right now I have XMail set to try 10 times, so there seem to be 10 emails that are sent to notify the sender of the failure. It was set to 40, and in that case the user was receiving 40 (or so) emails. I have not verified that the number of returns is always exactly the same as the retry setting, but it is at least somewhat close. How's your NotifyTryPattern set inside the server.tab? - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Error messages returned to sender replicated
By the way, I had no indications of this happening using 1.21 or earlier. This does not mean that it didn't for certain, but I am pretty certain that it would have come up (I was running 1.21 and maybe 1.20 from the time they were made available until the newer versions with this configuration - exchange - assp - xmail - internet). It is possible that I may have made some seemingly insignificant change to any of the players involved, though, most suspect being ASSP. I have verified that I (seem) get only one failure message back to the sender when the configuration does not involve exchange, that being email client - assp - xmail - internet. Unless I am misreading the documentation, I think this is also not the right behavior since NotifyTryPattern is set to the default, but I prefer it to a whole bunch of messages! Here is an example of the header for that: [00] XMail bounce: [EMAIL PROTECTED];Error=[The maximum number of delivery attempts has been reached] [01] Error sending message [1137796073865.135234560.61c.banshee.buehlertech.net] from [buehlertech.net]. ID:S75D07 Mail From: [EMAIL PROTECTED] Rcpt To: [EMAIL PROTECTED] Server:bogusdomain.com [bogusdomain.com] [02] The reason of the delivery failure was: The maximum number of delivery attempts has been reached Thanks again for any thoughts or ideas... Jeff Jeff Buehler wrote: Ah ... I was unaware of that setting. It's commented out, which according to the documentation would seem to suggest that the errors aren't (or shouldn't be) coming from XMail at all. However, the headers indicate (to me, anyway!) that they are - here is an abbreviated example: From: buehlertech.net PostMaster [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 17, 2006 6:31 AM To: Jens Jensen Subject: Error sending message [1137452256244.135361536.4d65.banshee.buehlertech.net] from [buehlertech.net] [00] XMail bounce: [EMAIL PROTECTED];Error=[The maximum number of delivery attempts has been reached] Jeff Davide Libenzi wrote: On Fri, 20 Jan 2006, Jeff Buehler wrote: Hi everyone - Running XMail 1.22 my users have been reporting that No server found errors are coming back in duplicate. The mails all come in after The maximum number of delivery attempts has been reached and the user receives a separate email for each failed delivery attempt, rather than one email containing all of the failures (which is the expected behavior, right?). Right now I have XMail set to try 10 times, so there seem to be 10 emails that are sent to notify the sender of the failure. It was set to 40, and in that case the user was receiving 40 (or so) emails. I have not verified that the number of returns is always exactly the same as the retry setting, but it is at least somewhat close. How's your NotifyTryPattern set inside the server.tab? - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Backup
I prefer rsync of the entire MailRoot directory to another system, but you could as easily rsync to an alternate media source on the same system. By using rsync, you can run it often since rsync operates incrementally (only the portions of files that have changed are replicated). I run it every 5 minutes staggered to two different systems, so changes are up to date about every 2.5 minutes. In order to do a restore you can simply rsync in the reverse direction, which might take 10 seconds or less to complete. This method can also be used for primitive but effective failover to alternate systems. Jeff Chad Fleenor wrote: I always just tar up /var/MailRoot every night. I have had to restore this file before because someone deleted a domain. It took me less than 5 minutes to have the domain back up and operational, no one knew that anything had happened. Thanks Kay Seljeseth wrote: Is a full directory backup of the mailroot the best way to make a backup of the xmailserver config? May the message files under the mailbox directories be excluded if not needing a backup of the messages, but still wanting a full config backup? (did not find any info about this in the readme file?) Thanks! - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] -- Buehler Technologies 19 Circle Drive - San Rafael, CA 94901 415.459.4677 - [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: hidden copy - recent supreme court decision
Who cares about the law? What about your own sense of moral culpability? Sure, it's your job, and it's hard to tell your paycheck to f-off, but spying on people is spying on people. Life is short and there are a lot of ways to make money - the one thing you can keep to the grave is your belief that you have done what is intrinsically right (as long as you have stood up for that!). I don't think it's worth being the conduit for something that you may not be comfortable with. If you are, then fine, go for it. I wouldn't be, but we all come from different places! Jeff Leonardo Fogel wrote: --- Helio Cavichiolo Jr wrote: That's a great idea, but perhaps not enough. Here in Brazil, as in France, the law don't allow mail violation. News about the topic: The decision of the TST [brazilian supreme court of labour] was favourable to HSBC, under the argumentation that 'the enterprise can track all eletronic addresses, because there is not any privacy to be preserved, since the e-mail could not be used for private ends'. Security Review, year I, number 4. ___ Yahoo! doce lar. Faça do Yahoo! sua homepage. http://br.yahoo.com/homepageset.html - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: hidden copy - recent supreme court decision
Yeah, sorry about the soapbox (I had just woken up when I wrote that so I was on a bit of a soapbox - my apologies!) Issues like the one you are in are always quite complicated to resolve, and nothing is ever black and white... Right now in the U.S. these sorts of issues are really in my face all of the time. For example, one of my favorites right now, the Patriot Act! What a giant freedom sucking black hole piece of crap that is. As if taking away our toenail clippers on the plane is going to stop a determined martyr/terrorist/whatever, or high-tech invasion of privacy is going to actually protect us from some of the terrible things we have perpetrated on global affairs (I would make a list but it would reduce me to grinding my teeth). Anyway, here I am ranting again... sorry. You could always accidentally have an email forwarded to a given user that mentions a mail has been forwarded to the boss, and apologize later saying that it was a preconfigured behavior you were unaware of or some nonsense. By the time the boss found out, everyone involved might be a little steamed... Good luck with however it works out (and sorry to use this mail list for non-technical ranting yet again!) Jeff Vidmantas wrote: Jeff, I understand moral situation quite enough and I'm not looking positive to the things like spying on people's letters. I'm asked to make possibility to realize such things, not to start spying right now. Boss will make decision. Since I'm just IT engineer, not boss or similar, I don't know the exact reason of making copies. But I know it is related to spreading (selling?) commercial information. Anyway, I don't think the illegal copies are best way to fight it. I'm feeling really uncomfortable. But my job is to make programs... Jeff Buehler wrote: Who cares about the law? What about your own sense of moral culpability? Sure, it's your job, and it's hard to tell your paycheck to f-off, but spying on people is spying on people. Life is short and there are a lot of ways to make money - the one thing you can keep to the grave is your belief that you have done what is intrinsically right (as long as you have stood up for that!). I don't think it's worth being the conduit for something that you may not be comfortable with. If you are, then fine, go for it. I wouldn't be, but we all come from different places! Jeff Leonardo Fogel wrote: --- Helio Cavichiolo Jr wrote: That's a great idea, but perhaps not enough. Here in Brazil, as in France, the law don't allow mail violation. News about the topic: The decision of the TST [brazilian supreme court of labour] was favourable to HSBC, under the argumentation that 'the enterprise can track all eletronic addresses, because there is not any privacy to be preserved, since the e-mail could not be used for private ends'. Security Review, year I, number 4. ___ Yahoo! doce lar. Faça do Yahoo! sua homepage. http://br.yahoo.com/homepageset.html - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] __ NOD32 1.1325 (20051215) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: smtp authentication to external server via cmdaliases
Sönke, thanks again! That will do the trick ... Jeff Sönke Ruempler wrote: Hi Jeff, [EMAIL PROTECTED] wrote on Wednesday, November 23, 2005 8:09 AM: I am using the cmdaliases functionality to forward certain emails to an Exchange 2003 Server. I would like to disable general SMTP for the Exchange server and force authentication. Does anyone know of a way to authenticate the SMTP session when forwarding an email via a cmdalias? Not per user - but per domain: http://www.xmailserver.org/Readme.html#smtp_client_authentication - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] smtp authentication to external server via cmdaliases
Hi all - I am using the cmdaliases functionality to forward certain emails to an Exchange 2003 Server. I would like to disable general SMTP for the Exchange server and force authentication. Does anyone know of a way to authenticate the SMTP session when forwarding an email via a cmdalias? Thanks for any input! Jeff - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: still on clamav and xmail...
Also, check out clamsmtp if you aren't running Windows - I'm not certain if it is faster than the available XMail filters (which I have had mixed luck with over the years), but it is easy to setup and works well for me... it is very lightweight and written in C. Jeff jonn ah wrote: hi all, Can anybody tell me which av filters (clamav) works on xmail? I followed chris franklin's directions on his av filter with xmail but it doesnt detect eicar's test virus when i send it thru xmail... thanks! __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] earthlink modified
Hi all - Let me try that last question without the other info: Does anyone know if XMail 1.22 queries A records when MX queries for a domain have failed? I realize this has been covered, but I'm not clear on the specific outcome of this ... Jeff - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: earthlink modified
Thanks, Davide. I am the worst with RFC's - many of them seem to contradict each other, so this is just a question (not an attack or even a recommendation - I am very happy with XMail!) I assume that querying the A record query is by design, based on your response, so I am wondering if there is a way to change that in the configuration. The Earthlink problem I am seeing is probably almost certainly related to this A record query. I printed this (and the RFC) earlier, but just for clarity: Earthlink says The earthlink.net A record forwards port 25 connections to our outbound SMTP servers. Unless the mail server attempting the transaction maintains IP connectivity through the Earthlink network, delivery attempts through the A record will consequently fail and the above quoted error message will be returned. and that this is the fault of the MTA for being non-compliant with RFC 2821 (partially) shown below: RFC 2821, Address Resolution and Mail Handling: If one or more MX RRs are found for a given name, SMTP systems MUST NOT utilize any A RRs associated with that name unless they are located using the MX RRs; the implicit MX rule above applies only if there are no MX records present. If MX records are present, but none of them are usable, this situation MUST be reported as an error. So, any suggestions? Is there a way to prevent the A record query, or is there another sound reason not to prevent this? Thanks, Jeff Davide Libenzi wrote: On Sat, 15 Oct 2005, Jeff Buehler wrote: Let me try that last question without the other info: Does anyone know if XMail 1.22 queries A records when MX queries for a domain have failed? I realize this has been covered, but I'm not clear on the specific outcome of this ... Yes, of course it does. It is supposed to try the A record if MX resolution fails. Note that XMail does not try to send to the A record if MX records exist, but a failure happened in the delivery to such records. - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: earthlink modified
Davide, sorry - I just reread you previous email and I now realize that you clarified already that XMail does not try an A record if MX records exist, but I am a bit confused. Are you saying that it will try the A record if the MX records exist but fail, or that it won't try the A record at all if any MX records exist even if sends to them fail? Earthlink seems to be failing because after all MX records fail, if the A record is then attempted the send is terminated completely, rather than XMail continuing to try the MX records as it should later. Or am I not clearly understanding the mechanism here... Thanks again for your input on this! Jeff Davide Libenzi wrote: On Sat, 15 Oct 2005, Jeff Buehler wrote: Let me try that last question without the other info: Does anyone know if XMail 1.22 queries A records when MX queries for a domain have failed? I realize this has been covered, but I'm not clear on the specific outcome of this ... Yes, of course it does. It is supposed to try the A record if MX resolution fails. Note that XMail does not try to send to the A record if MX records exist, but a failure happened in the delivery to such records. - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] earthlink
Hi All - it seems to me that this may have been covered, but I wasn't able to find any XMail specific references to it: Sending to Earthlink, my customers are getting a number of seemingly intermittent errros as follows: 550-EarthLink does not recognize your computer (67.102.229.138) as connecting from an EarthLink connection. If this is in error, please contact technical support. 550 relaying to [EMAIL PROTECTED] prohibited by administrator It would seem, after some research, that this is because of a DNS problem in which the following occurs (according to Earthlink): are due to an improper MTA configuration with the host that is responsible for delivering outbound mail on your network. In a nutshell, the mail server which attempted to deliver mail to the earthlink.net e-mail address was initially unable to successfully deliver the mail to the earthlink.net MX (more than likely due to high load on our end, no Earthlink MX host was available to accept the transaction at the moment of the delivery attempt), and so the Earthlink A record was attempted by the sending mail server. The earthlink.net A record, however, forwards port 25 connections to our outbound SMTP servers. Unless the mail server attempting the transaction maintains IP connectivity through the Earthlink network, delivery attempts through the A record will consequently fail and the above quoted error message will be returned. on the same site where I found the most helpful information on this (http://forums.smartertools.com/ShowPost.aspx?PostID=3872) this is also mentioned: The behavior exhibited by the sending mail server, in this case, is not standard. According to RFC 2821, Address Resolution and Mail Handling: If one or more MX RRs are found for a given name, SMTP systems MUST NOT utilize any A RRs associated with that name unless they are located using the MX RRs; the implicit MX rule above applies only if there are no MX records present. If MX records are present, but none of them are usable, this situation MUST be reported as an error. http://www.faqs.org/rfcs/rfc2821.html Does anyone have any recommendations or suggestions about this? Does version 1.23 correct the attempt to send to an A record, or is that is even what may be happening? I recall a lot of commentary recently on the DNS/A record issue, but I can't recall (and I have not kept) the email thread about that. Is anyone else having this problem? Thanks, Jeff - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Build/Smoke test request ...
Here is another verification that it builds fine on FreeBSD 5.4. I haven't tried running it yet. Jeff Davide Libenzi wrote: I might have found the reason for the XMail erratic behaviour on some BSDs versions. I need Solaris and *BSD users to try to build and run the following version: http://www.xmailserver.org/xmail-1.23-pre01.tar.gz Thank you! - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: mail problem
Hi Charlie - Well, I'm uncertain what to tell you. My suspicion, since I have heard of no one having this particular sort of problem (there is a large XMail user base running 1.21 on Linux) is that there is something being overlooked. I would double check your findings as scientifically as possible, and make absolutely certain that what you think you are seeing is really what you are seeing. Make certain that the addresses you are using are all valid, that the logs are definately not reporting anything strange, your XMail server.tab settings look right, and so on. If you are certain about your findings, then I would start looking at other apps that may be interfering or trying to bind to the ports, such as Sendmail (which should be disabled, or at least XMail and Sendmail should be binding to different ports). If that all looks good, I would test your connection to make certain that packets aren't dropping or something. make certain your MTU setting is correct (if you are connecting via DSL PPP then it is likely less than the default of 1500 as I recall). I have had incorrect MTU settings cause intermittent failures that can be difficult to pin down. Without at least one or two other people verifying the findings or seeing the behavior, it probably indicates to an misconfiguration (of some sort) or an anomaly on your system. Did you try searching the forums for any similar user experiences? Jeff Charlie Qualls wrote: Hey there Jeff, I forgot, this also happens if listing several people in the to address field. I don't know how many before it balks though. - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: mail problem
The forum is an excellent resource, if sometimes challenging to get through (lots of info and search doesn't always cut it)... http://xmailforum.homelinux.net/ Charlie Qualls wrote: Hey there Jeff, Thanks for your thinking this out for me. I'll see what else I can find. I know that large organizations use the program and I think it's a wonderful program, I'm a small operation with less then 30 users not counting the users I created to try to figure out the problem. Thanks again for some guidence on where else to look and places to look for a answer. In answer to you question about looking in the forums, no I didn't try searching that. I do know that for as long as I have been reading this group(about 2yrs) I have never seen a problem like this. - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: mail problem
So, when you receive mail some email is lost - the logs say that mail came in correctly but it is not in the Domains - MailDir - new folder and when you send email some mail is lost - the logs say that it was sent correctly, but it never arrives at the recipient email account - and this happens ONLY with mail groups that you are aware of? Is that the gist of it? Jeff Charlie Qualls wrote: Hello Group, I'm using 1.21 on a redhat server running just mail. I'm having a issue of mail delivery. The logs say the mail was received ok but if I go look in the mailbox, it's not there. This happens internally and externally. I set up 30 bogus accounts and using the bat as a client set it up to mail to groups or list. I mail 4 test messages to the list of the bogus accounts. Checking each account, some made it and some did not. There was no rhythm or reason to which made it and which did not. Again this is also happening to mail sent outside of our system. Oh I also tried this with Thunderbird and had the same results but no pattern to what was delivered and what wasn't. Mostly I hope I explained the problem well enough that you all understand my problem. - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: XMail + SSL patch
The risk of someone bothering to parse packets and retrieve your passwords in order to gain access to user email is, I think, extremely small unless you have information that people really want to read, in which case it is easy to do. In other words, almost anyone can get a password from plain text email, but almost no one in most cases of standard email would bother wasting their time. On the other hand, if you have email or email accounts that need to be secure for specific reasons then it is mandatory that you use some form of encryption (such as SSL, etc.) because the email is easily read, and the passwords if passed in plain text are easy to retrieve. I hope that helps... Jeff Ross Gohlke wrote: I have tried to install the patch linked from the XMail homepage: http://mail.godeltech.com/xmail/ My specs: FreeBSD 5.3 openssl-0.9.7d I downloaded the patch and applied it to my preexisting XMail 1.2.1 source. I did not use the binary for FreeBSD 4.8. gmake -f Makefile-SSL.bsd outputs this: %gmake -f Makefile-SSL.bsd ../bin/MkMachDep SysMachine.h g++ -O2 -I. -DUSE_SSL -D__UNIX__ -D__BSD__ -D__FREEBSD__ -D_REENTRANT=1 -D_THREAD_SAFE=1 -DHAS_SYSMACHINE -c SSLSupport.cpp SSLSupport.cpp:161:8: warning: extra tokens at end of #endif directive g++ -O2 -I. -DUSE_SSL -D__UNIX__ -D__BSD__ -D__FREEBSD__ -D_REENTRANT=1 -D_THREAD_SAFE=1 -DHAS_SYSMACHINE -c BuffSock.cpp g++ -O2 -I. -DUSE_SSL -D__UNIX__ -D__BSD__ -D__FREEBSD__ -D_REENTRANT=1 -D_THREAD_SAFE=1 -DHAS_SYSMACHINE -c MailSvr.cpp g++ -O2 -I. -DUSE_SSL -D__UNIX__ -D__BSD__ -D__FREEBSD__ -D_REENTRANT=1 -D_THREAD_SAFE=1 -DHAS_SYSMACHINE -c POP3Svr.cpp g++ -O2 -I. -DUSE_SSL -D__UNIX__ -D__BSD__ -D__FREEBSD__ -D_REENTRANT=1 -D_THREAD_SAFE=1 -DHAS_SYSMACHINE -c POP3Utils.cpp g++ -O2 -I. -DUSE_SSL -D__UNIX__ -D__BSD__ -D__FREEBSD__ -D_REENTRANT=1 -D_THREAD_SAFE=1 -DHAS_SYSMACHINE -c SMAILSvr.cpp g++ -O2 -I. -DUSE_SSL -D__UNIX__ -D__BSD__ -D__FREEBSD__ -D_REENTRANT=1 -D_THREAD_SAFE=1 -DHAS_SYSMACHINE -c SMAILUtils.cpp g++ -O2 -I. -DUSE_SSL -D__UNIX__ -D__BSD__ -D__FREEBSD__ -D_REENTRANT=1 -D_THREAD_SAFE=1 -DHAS_SYSMACHINE -c SMTPSvr.cpp g++ -O2 -I. -DUSE_SSL -D__UNIX__ -D__BSD__ -D__FREEBSD__ -D_REENTRANT=1 -D_THREAD_SAFE=1 -DHAS_SYSMACHINE -c SMTPUtils.cpp g++ -o bin/XMail SSLSupport.o BuffSock.o CTRLSvr.o DynDNS.o DNS.o DNSCache.o Errors.o ExtAliases.o FINGSvr.o MailConfig.o MailSvr.o Maildir.o MailDomains.o MD5.o MiscUtils.o LMAILSvr.o AliasDomain.o POP3GwLink.o POP3Svr.o POP3Utils.o PSYNCSvr.o ResLocks.o SList.o SMAILSvr.o TabIndex.o SMAILUtils.o SMTPSvr.o SMTPUtils.o ShBlocks.o StrUtils.o MessQueue.o QueueUtils.o SvrUtils.o SysDep.o UsrMailList.o UsrAuth.o UsrUtils.o Main.o Base64Enc.o Filter.o -lkvm -lcrypt -pthread -lc_r -lssl -lcrypto SSLSupport.o(.text+0x388): In function `SSLMakeSession(int, int, int)': : undefined reference to `SysSetSockNoDelay(int, int)' POP3Utils.o(.text+0xe08): In function `UPopSessionSendMsg(POP3_HANDLE_struct*, int, BSOCK_HANDLE_struct*)': : undefined reference to `SysSendFile(BSOCK_HANDLE_struct*, char const*, unsigned long, unsigned long, int)' SMTPUtils.o(.text+0x28b6): In function `USmtpSendMail(SMTPCH_HANDLE_struct*, char const*, char const*, FileSection const*, SMTPError*)': : undefined reference to `SysSendFile(BSOCK_HANDLE_struct*, char const*, unsigned long, unsigned long, int)' gmake: *** [bin/XMail] Error 1 Is anybody else interested in SSL-encrypted SMTP authentication? Is anybody else using this patch? On FreeBSD 5.3? Any suggestion on what I could try? Would upgrading openssl to openssl-0.9.7e help? If not SSL, what is the risk of a plaintext password sent over the Internet being picked off and abused? Thanks. Ross - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: XMail + SSL patch
It would be nice to get SSL working with XMail - if I can get some time together today, Ross, I will try compiling the SSL patch for XMail 1.21 under FreeBSD 5.4, and see if I can get it working. Jeff Alexander Hagenah wrote: Am 9.9.2005 schrieb Sönke Ruempler [EMAIL PROTECTED]: Yes i did, even with XMail some time ago. I never said, it won't work - I only mentioned, that stunnel causes often problems. I also wrote, that he could try it out and then he will see if it works - or won't. -- Regards, Alexander 'xaitax' Hagenah http://xmail.topconcepts.net - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: XMail + SSL patch
Well, that was easy! It compiled and linked without difficulty on my FreeBSD 5.4 platform. My openssl is version 0.9.7e, however ... try upgrading to that and see if you have better luck... Jeff Ross Gohlke wrote: I have tried to install the patch linked from the XMail homepage: http://mail.godeltech.com/xmail/ My specs: FreeBSD 5.3 openssl-0.9.7d I downloaded the patch and applied it to my preexisting XMail 1.2.1 source. I did not use the binary for FreeBSD 4.8. gmake -f Makefile-SSL.bsd outputs this: %gmake -f Makefile-SSL.bsd ../bin/MkMachDep SysMachine.h g++ -O2 -I. -DUSE_SSL -D__UNIX__ -D__BSD__ -D__FREEBSD__ -D_REENTRANT=1 -D_THREAD_SAFE=1 -DHAS_SYSMACHINE -c SSLSupport.cpp SSLSupport.cpp:161:8: warning: extra tokens at end of #endif directive g++ -O2 -I. -DUSE_SSL -D__UNIX__ -D__BSD__ -D__FREEBSD__ -D_REENTRANT=1 -D_THREAD_SAFE=1 -DHAS_SYSMACHINE -c BuffSock.cpp g++ -O2 -I. -DUSE_SSL -D__UNIX__ -D__BSD__ -D__FREEBSD__ -D_REENTRANT=1 -D_THREAD_SAFE=1 -DHAS_SYSMACHINE -c MailSvr.cpp g++ -O2 -I. -DUSE_SSL -D__UNIX__ -D__BSD__ -D__FREEBSD__ -D_REENTRANT=1 -D_THREAD_SAFE=1 -DHAS_SYSMACHINE -c POP3Svr.cpp g++ -O2 -I. -DUSE_SSL -D__UNIX__ -D__BSD__ -D__FREEBSD__ -D_REENTRANT=1 -D_THREAD_SAFE=1 -DHAS_SYSMACHINE -c POP3Utils.cpp g++ -O2 -I. -DUSE_SSL -D__UNIX__ -D__BSD__ -D__FREEBSD__ -D_REENTRANT=1 -D_THREAD_SAFE=1 -DHAS_SYSMACHINE -c SMAILSvr.cpp g++ -O2 -I. -DUSE_SSL -D__UNIX__ -D__BSD__ -D__FREEBSD__ -D_REENTRANT=1 -D_THREAD_SAFE=1 -DHAS_SYSMACHINE -c SMAILUtils.cpp g++ -O2 -I. -DUSE_SSL -D__UNIX__ -D__BSD__ -D__FREEBSD__ -D_REENTRANT=1 -D_THREAD_SAFE=1 -DHAS_SYSMACHINE -c SMTPSvr.cpp g++ -O2 -I. -DUSE_SSL -D__UNIX__ -D__BSD__ -D__FREEBSD__ -D_REENTRANT=1 -D_THREAD_SAFE=1 -DHAS_SYSMACHINE -c SMTPUtils.cpp g++ -o bin/XMail SSLSupport.o BuffSock.o CTRLSvr.o DynDNS.o DNS.o DNSCache.o Errors.o ExtAliases.o FINGSvr.o MailConfig.o MailSvr.o Maildir.o MailDomains.o MD5.o MiscUtils.o LMAILSvr.o AliasDomain.o POP3GwLink.o POP3Svr.o POP3Utils.o PSYNCSvr.o ResLocks.o SList.o SMAILSvr.o TabIndex.o SMAILUtils.o SMTPSvr.o SMTPUtils.o ShBlocks.o StrUtils.o MessQueue.o QueueUtils.o SvrUtils.o SysDep.o UsrMailList.o UsrAuth.o UsrUtils.o Main.o Base64Enc.o Filter.o -lkvm -lcrypt -pthread -lc_r -lssl -lcrypto SSLSupport.o(.text+0x388): In function `SSLMakeSession(int, int, int)': : undefined reference to `SysSetSockNoDelay(int, int)' POP3Utils.o(.text+0xe08): In function `UPopSessionSendMsg(POP3_HANDLE_struct*, int, BSOCK_HANDLE_struct*)': : undefined reference to `SysSendFile(BSOCK_HANDLE_struct*, char const*, unsigned long, unsigned long, int)' SMTPUtils.o(.text+0x28b6): In function `USmtpSendMail(SMTPCH_HANDLE_struct*, char const*, char const*, FileSection const*, SMTPError*)': : undefined reference to `SysSendFile(BSOCK_HANDLE_struct*, char const*, unsigned long, unsigned long, int)' gmake: *** [bin/XMail] Error 1 Is anybody else interested in SSL-encrypted SMTP authentication? Is anybody else using this patch? On FreeBSD 5.3? Any suggestion on what I could try? Would upgrading openssl to openssl-0.9.7e help? If not SSL, what is the risk of a plaintext password sent over the Internet being picked off and abused? Thanks. Ross - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: XMail + SSL patch
By the way, while it is possible, I think the likelihood of spammers going to the effort to retrieve packets to use your server for spamming is extremely low. I have never heard of anyone going to the effort to sniff packets simply to spam on commercial servers - none of the big commercial servers use SSL for regular email transactions - Comcast, SBC, and so on - and they have a lot more at risk than most of us. Also, it is a potentially pretty big bust these days since once they use an ill-gained password they have stepped over the law, so if they manage to cause damage with it they might be tracked down like dogs (with your help, of course!) Lastly, SSL is not very efficient since it takes time to encrypt and then decrypt. Personally I would only use it for transactions that are required to be secure, not for daily emailing. Anyway, if you still want to use it, I would try updating your openssl either to the newest version or to 0.9.7e (which I know works on my system). Jeff Ross Gohlke wrote: Alas, I'm on FreeBSD! Is there Linux stunnel? PGP would protect the mail itself, but is a separate issue from securing SMTP Auth, no? What I'm trying to do right now is protect the ACCOUNT INFORMATION. Even if it's unlikely that someone would sniff my users' packets, what's to stop a spammer from snagging random SMTP username/pass of the Net and using that server to send spam? I'm just trying to be consistent. For anyone running a commercial service for users, such issues must be considered. Thanks for all the feedback. But well, it might work - give it a try Ross. ross - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: XMail + SSL patch
On FreeBSD there is a port of stunnel: /usr/ports/security/stunnel Jeff Ross Gohlke wrote: Alas, I'm on FreeBSD! Is there Linux stunnel? PGP would protect the mail itself, but is a separate issue from securing SMTP Auth, no? What I'm trying to do right now is protect the ACCOUNT INFORMATION. Even if it's unlikely that someone would sniff my users' packets, what's to stop a spammer from snagging random SMTP username/pass of the Net and using that server to send spam? I'm just trying to be consistent. For anyone running a commercial service for users, such issues must be considered. Thanks for all the feedback. But well, it might work - give it a try Ross. ross - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: XMail + SSL patch
You should ALWAYS be able to tell if someone is abusing your system by doing a somewhat regular log analysis, at least in my opinion. If I were to implement SSL, I would do this log analysis regularly anyway. This is the only way I know of that many system attacks can be discovered - vigilance on the part of a human and overall system-awareness. Many admins scan the logs only after the fact - I think this is inadequate. So it doesn't seem to me that using SSL in a general way would provide any real extra security, just extra processing time. It's best use is to make certain that an email is encrypted so that it can't be read by intermediary servers, not to prevent spammers from getting a hold of account passwords. In the case you mention, I consider it far more likely that a user would reveal their password inadvertently to a would-be hacker/spammer who would then use it to gain access, or that a user would use a simple to crack password, or some other entry point - SSL of would not help with any of this. I tell all my users not to send any email they aren't comfortable being public knowledge. SSL would correct this. It is a good service to offer for those who need it, though! For those who need to send email with industry secrets, credit card numbers, drug deals, spy vs. spy, radical anarchist viewpoints, and so on! I can't tell you what the overhead is exactly for SSL, although on a fast system it wouldn't be anywhere near 5 seconds for any but extremely large messages. However, if you are processing a lot of email, and especially allowing large attachments and the like, overall you may feel the burn! Jeff Ross Gohlke wrote: Jeff Buehler wrote: By the way, while it is possible, I think the likelihood of spammers going to the effort to retrieve packets to use your server for spamming is extremely low. I have never heard of anyone going to the effort to sniff packets simply to spam on commercial servers - none of the big commercial servers use SSL for regular email transactions - Comcast, SBC, and so on - and they have a lot more at risk than most of us. Also, it is a potentially pretty big bust these days since once they use an ill-gained password they have stepped over the law, so if they manage to cause damage with it they might be tracked down like dogs (with your help, of course!) It's hard to find the balance between paranoid and exposed... Lastly, SSL is not very efficient since it takes time to encrypt and then decrypt. Personally I would only use it for transactions that are required to be secure, not for daily emailing. So if SSL is used, does it encrypt the ENTIRE MESSAGE, not just authentication? Does it hog the processor or just make the user wait? For how long? 5 or 50 extra seconds on an average email? What about attachments? Encrypted email is definitely a service I want to offer. I think the stakes for email are only going to get higher, especially if SPF or similar takes hold. ISPs will have to get increasingly vigilant about how they do email. Here's a googled list of clients that support SSL. http://www.uni.edu/its/us/document/unimail/ssl/ Anyway, if you still want to use it, I would try updating your openssl either to the newest version or to 0.9.7e (which I know works on my system). Should I just download the patch from the same place in your website? - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: stopping spam
How does ASSP flake out - I haven't had any problems with ASSP (running on FreeBSD 5.x, anyway). ASSP is the best solution I have found. Jeff Digerati Isabaddass wrote: I am not sure if this got through the first time so here goes again. What can I use that will not cost anything to stop spam at the server? I have tried to work with spamassassin for win32 on win2k and its installed but how do I hook it to xmail? I have also used ASSP and it works for a while then flakes out and will not work properly as a proxy for xmail. - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: stopping spam
I would look more closely at what is causing the problem with ASSP and continue to use that. I like it much better than Spam Assassin myself, at least for use with XMail. It is far more efficient since it handles the SPAM check in the SMTP session then closes it after a specified number of bytes, and it has far more options (RBL, filters, domain blocking, whitelisting, etc.). Jeff Eric Garnice wrote: On 9/8/2005 5:16 PM Jason J. Ellingson wrote: I have run SpamAssasin on Windows servers (both with ActivePerl and CygWin) and Linux servers. Running SpamAssassin on Linux (or other unix) runs much faster and more reliably than on Windows. I run XMail on a Windows server and SpamAssassin on a Fedora Core 4 server. Works like a charm. I wrote a SpamC filter for Windows XMail Post-Data filter to use. If you are really limited to just one box, then you should try to run SpamAssassin using CygWin so you can make full use of DCC, Pyzor, Razor and such. I still have an out-dated (but useful) page hidden on my server that might help you... http://www.yourtech.net/documents/cw-sa/ I will (someday) write step by step instructions for install XMail for Windows, XMail-WAI (webmail and admin) for Windows, and SpamAssassin for Fedora Core 4. If you do decide to try Fedora Core 4, use YUM to install SpamAssassin. It'll give you a startup script for SpamAssassin and install it as a service. Also note that SpamAssassin doesn't run under root account... you'll need to create an account for it to run under... I named mine spamd Jason J Ellingson To my knowledge (and I have done some searching in the past), no one has developed a decent XMail filter for SpamAssassin in serial mode on Windows. At work I'm forced to run my XMail relay directly on the Exchange server and use Dario's XSpamC to call SpamAssassin on Fedora PPC on a Mac G4. It's been flawless for over a year now. I don't think Digerati is going to find exactly what he's looking for. - Eric - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: stopping spam
Ah - I was only referring to a Spam Assassin filter I sued with XMail, and in my case as of about a year ago (the last time I set it up and used it). Glad that it has all of those features now - it didn't that I was aware of then. No danger of flame at all - I like dialog about this stuff - it helps me clarify my own direction and make changes if better options are out there. However, with respect to efficiency, you mention that to use Spam Assassin in these ways requires a significant investment not only time to install, but also in hardware. This is largely what I was referring to when I mentioned ASSP - it is robust, easy to install, extremely powerful and configurable AND there is no reason to run it on separate platform because it isn't a memory or a CPU hog, and it is fast. I have yet to try ALL of the Spam Assassin apps you comment on (SpamC, SPamD, etc.) - when I ran it under FreeBSD it was simply a perl filter in XMail and SpamD running (I vaguely recall RBL through Razor or some name like that). At the time, it was really slow, but there was no SMTP session handling, so I'm glad that has been introduced. In my case, I run ASSP - ClamSMTPD (effective and thorough antivirus) - XMail (and for some clients - Exchange). This has proven to be simple, robust and effective, and I know the Windows implementation is straightforward from the mail list (even though I don't use Windows internally). It sounds like Spam Assassin is a pain under Windows (I find Cygwin to be a bit of a pain myself and try to avoid it - why use it at all for a operate platform - just run Linux or *BSD). So my recommendation still remains ASSP - Digerati has used it, it is easy and works well, so all that is required is finding out why it was failing on his system, which the ASSP mail list would help with quickly. Jeff Jason J. Ellingson wrote: ASSP is great and I applaud anyone using it... ASSP is easier to set up and use than SpamAssassin. I won't argue that. However, SpamAssassin offers everything ASSP does and more. In your post: It (ASSP) is far more efficient since it handles the SPAM check in the SMTP session then closes it after a specified number of bytes SpamAssassin does the same. You insert your SpamC filter into Post-SMTP and it will only check messages smaller than a specified size you can set. You can also avoid running the filter for authenticated users (!aex). The filter as well as SpamD has timeouts and triggers to return spam-identified messages instantly when it scores high enough to be spam. It (ASSP) has far more options (RBL, filters, domain blocking, whitelisting, etc.) So does SpamAssassin. You can use all the RBLs you like, enable disable filters to your heart's content, add domains, email addresses, IPs, etc to blacklists, and whitelists. Please, I don't mean to start a flame war. Please read the following which I think is fair: ASSP is great! Simple to install and use - Great for novices and experts alike! SpamAssassin is great! Slightly more powerful, but a lot more work to install and use - Not for novices! Jason J Ellingson -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Buehler Sent: Thursday, September 08, 2005 7:12 PM To: xmail@xmailserver.org Subject: [xmail] Re: stopping spam I would look more closely at what is causing the problem with ASSP and continue to use that. I like it much better than Spam Assassin myself, at least for use with XMail. It is far more efficient since it handles the SPAM check in the SMTP session then closes it after a specified number of bytes, and it has far more options (RBL, filters, domain blocking, whitelisting, etc.). Jeff Eric Garnice wrote: On 9/8/2005 5:16 PM Jason J. Ellingson wrote: I have run SpamAssasin on Windows servers (both with ActivePerl and CygWin) and Linux servers. Running SpamAssassin on Linux (or other unix) runs much faster and more reliably than on Windows. I run XMail on a Windows server and SpamAssassin on a Fedora Core 4 server. Works like a charm. I wrote a SpamC filter for Windows XMail Post-Data filter to use. If you are really limited to just one box, then you should try to run SpamAssassin using CygWin so you can make full use of DCC, Pyzor, Razor and such. I still have an out-dated (but useful) page hidden on my server that might help you... http://www.yourtech.net/documents/cw-sa/ I will (someday) write step by step instructions for install XMail for Windows, XMail-WAI (webmail and admin) for Windows, and SpamAssassin for Fedora Core 4. If you do decide to try Fedora Core 4, use YUM to install SpamAssassin. It'll give you a startup script for SpamAssassin and install it as a service. Also note that SpamAssassin doesn't run under root account... you'll need
[xmail] duplicate email
Hi all - I could find no reference to this anywhere - I occasionally have senders that send, and the email does not stop sending, like a SPAM bomb, but these are valid senders. I assumed the first couple of times that it was something in the remote server configuration causing this, but this is the fifth or sixth time it has happened so it looks like my server may not be closing the session properly in SOME cases so the remote server just keeps sending over and over. Has anyone seen this behavior? I have a feeling it may be related to my ANTI-SPAM proxy which relays to XMail, but I'm not certain ... Thanks, Jeff - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: duplicate email
Just to be clear, the senders in this case are sending to my local users. So, these are emails to my users that continue sending and sending until I finally either contact the sending ISP or block the domain. The SMAIL and SMTP logs simply show the same email being sent over and over, and then my users receive the mail over and over every time they check their email. So everything is normal except that the remote server keeps resending at regular intervals. I still suspect the remote servers are at fault since I rarely encounter this, but it is happening just enough that I am starting to wonder ... Sönke Ruempler wrote: On 07.09.2005 19:57, Jeff Buehler wrote: I could find no reference to this anywhere - I occasionally have senders that send, and the email does not stop sending, like a SPAM bomb, but these are valid senders. I assumed the first couple of times that it was something in the remote server configuration causing this, but this is the fifth or sixth time it has happened so it looks like my server may not be closing the session properly in SOME cases so the remote server just keeps sending over and over. Has anyone seen this behavior? I have a feeling it may be related to my ANTI-SPAM proxy which relays to XMail, but I'm not certain ... What do SMAIL and SMTP logs show in the case that happens? - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: messages to yahoo and or hotmail does not get del ivered
You may have been right then, Rob - if you recently posted about having the exact same config I was thinking that that was Edinilson (I no longer have that email - oops) so that would make possibly three with this problem. He posted about this also, so I think I must be mixing you two up a bit. It sounds like what you are doing should help get to the bottom of it ... As Davide points out, though, it must be something either unrelated (or maybe indirectly related) to XMail since so few seem to have it. My suspicion is still that it isWindows specific, possibly Win 2000 specific, and that it has to do with some interaction between that XMail binary and DNS. But I can't test it easily (it would take a gun to my head to get me to set up a Win 2000 server at this point). Francis and Edinilson seem to only have the problem with Hotmail and Yahoo, so that is also strange that you have it with many domains rather than just those two. Rob, are you outdide the U.S.? Edinilson, are you seeing the problem with Windows 2000 also or with some other OS? What is your config since seem to have confused Robs with yours? Jeff Rob Arends wrote: Ok, I hadn't noticed anyone other than Francis post they had the same issue - must have missed it. I didn't post config, but did say I have *exactly* the same config and issue. (I think I even emphasised the 'exactly' then too.) Re the 'Cisco PIX' issue: quote from http://www.postfix.org/faq.html#timeouts Cisco PIX fixup protocol smtp bug The Cisco PIX firewall has a bug when running software older than version 5.2(4) or 6.0(1). /quote I never have 'fixup protocol smtp' on because it does not support ESMTP and AUTH, so it kills authenticated SMTP sessions. Also 6.0.1 is really old, I'm currently using 6.3.5 Just to put perspective on the PIX issue, I install these thing for a living and have never had to track down an SMTP issue like this, that ended up being caused by the PIX. Back to the DNS issue: I have ethereal running 24x7 on my mail server now (25 hrs so far), logging to file. I have enough disk space to handle that for a while. I cleared the cache on the w2k DNS server (different box) and on the mail server I 'flushed dns', emptied the 'mx' 'ns' cache in xmail and restarted xmail. I then sent a test email to a user that I know has had problems. It all worked as expected on the 'refreshed' environment - the mail was received. Now I need to wait a few days? - not sure really how long - but eventually the mails to this user will fail due to the A record being used in place of the MX record. At that point I'll collate and analyse the packet dumps and report my findings. Note: the SmartDNSHost is inside my PIX firewall, so there is nothing but LAN between the two servers. Rob :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Buehler Sent: Sunday, September 04, 2005 12:50 AM To: xmail@xmailserver.org Subject: [xmail] Re: messages to yahoo and or hotmail does not get del ivered /-- I think you may be meaning me when you say Edlinilson./ No, I meant Edinilson. He has the same config as Francis, has what appears to be exactly the same behavior, has verified that MS SMTP works where XMail fails, and so on. You may be a third person seeing exactly the same behavior - your previous two emails that I read discussing greenbaycc.org and intergraonline.com seemed to be something else completely. There was another one you sent that said you were seeing an A record problem as well, but you didn't send any info about your configuration - type of system, whether or not it was with everyone (as it sounds like it is) or just Hotmail and Yahoo (which, so far, seems to be the problem that Francis and Edinilson are specifically having). Little differences like that can easily mean that it is two entirely different problems. You probably mentioned some of this in one of the previous threads, but neither my memory nor my datastore go back that far, so: What is your configuration (win 2000, Linux, what DNS, etc.)? You're problem sounds like XMail is using A records periodically when it should be using MX records - this has been verified? It happens with other domains periodically or consistently? Are Hotmail and Yahoo noticeably suspect, or just as likely to fail as others? Jeff Rob Arends wrote: I think you may be meaning me when you say Edlinilson. Re Point 6, I did mention that I have the problem with other MTAs that have an A record for the domain. aanet.com.au is an example. So it is not just yahoo/hotmail. Re point 7, I agree that Xmail is, and should be, very RFC compliant. I think the question is why is Xmail using the A record when there is a good MX record? I have asked Davide to elaborate on his comment for FireWall interference and I'll see what I can do on a packet trace. Rob :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff
[xmail] Re: messages to yahoo and or hotmail does not get del ivered
/-- I think you may be meaning me when you say Edlinilson./ No, I meant Edinilson. He has the same config as Francis, has what appears to be exactly the same behavior, has verified that MS SMTP works where XMail fails, and so on. You may be a third person seeing exactly the same behavior - your previous two emails that I read discussing greenbaycc.org and intergraonline.com seemed to be something else completely. There was another one you sent that said you were seeing an A record problem as well, but you didn't send any info about your configuration - type of system, whether or not it was with everyone (as it sounds like it is) or just Hotmail and Yahoo (which, so far, seems to be the problem that Francis and Edinilson are specifically having). Little differences like that can easily mean that it is two entirely different problems. You probably mentioned some of this in one of the previous threads, but neither my memory nor my datastore go back that far, so: What is your configuration (win 2000, Linux, what DNS, etc.)? You're problem sounds like XMail is using A records periodically when it should be using MX records - this has been verified? It happens with other domains periodically or consistently? Are Hotmail and Yahoo noticeably suspect, or just as likely to fail as others? Jeff Rob Arends wrote: I think you may be meaning me when you say Edlinilson. Re Point 6, I did mention that I have the problem with other MTAs that have an A record for the domain. aanet.com.au is an example. So it is not just yahoo/hotmail. Re point 7, I agree that Xmail is, and should be, very RFC compliant. I think the question is why is Xmail using the A record when there is a good MX record? I have asked Davide to elaborate on his comment for FireWall interference and I'll see what I can do on a packet trace. Rob :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Buehler Sent: Saturday, September 03, 2005 1:50 AM To: xmail@xmailserver.org Subject: [xmail] Re: messages to yahoo and or hotmail does not get del ivered Hmmm - so far, you two are the only ones that are verified as having the exact same problem sending to Yahoo and Hotmail - there may be others, but we haven't verified that, is that correct? You both have the same configuration (exactly, as Edinilson pointed out). So what do we know so far? 1. WIN 2000 service pack 4 2. MS DNS from Win 2000 on a different system than XMail and presently using SmartDNSHost (Edlinilson pointed out he seemed to have the problem even without SmartDNSHost) 3. Neither of you is in the US (does this increase the likelihood of failed connection attempts (?) or do these providers have systems spread globally (?)) 4. XMail 1.21 (but Edinilson pointed out that other versions down to 1.17 behaved the same way) 5. Francis has verified that with this configuration XMail seems to be using A records on occasion when it should be using MX records 6. The problem is intermittent and ONLY happens with Hotmail and Yahoo 7. Edinilson has verified that the problem does not exist when using MS SMTP to send from the same configuration, so it seems somehow related to XMail. On this issue I have found XMail to be extremely RFC compliant (I think that was one of Davides intentions) and it may be that MS SMTP is doing something extra to overcome some known issue that we have yet to discover with Hotmail, Yahoo, DNS, or something else. 8. Many or most others running XMail are not having this problem. It remains to be seen if others running it on Windows 2000 do or don't. So here is what I would do if I were you: 1. Try it on Windows 2003 server if you can - 2000 is starting to get a little grey at the temples anyway. 2. Try it on Linux or *BSD (FreeBSD! FreeBSD!) If you still have the same problem with these configurations, then the problem likely has to do with your infrastructure outside of the OS - some funky problem that defies imagination, but that IT people are all quite familiar with! You know, the kind of problem where you stand there with your mouth hanging open and mutter: huh? and it never makes any sense, or a distinction in the way it interacts with XMail that is unusual. Without being able to replicate the behavior, you have a very limited test group - you two (so far!) If I could replicate the behavior, and had any time left over after typing this email, then I would help, but at the moment it is up to you! I don't think anyone is ignoring XMail under Windows, but finding any possible bug without being able to easily replicate it is extremely difficult... Jeff CLEMENT Francis wrote: -Message d'origine- De : Edinilson J. Santos [mailto:[EMAIL PROTECTED] Envoyé : vendredi 2 septembre 2005 15:02 À : xmail@xmailserver.org Objet : [xmail] Re: messages to yahoo and or hotmail does not get delivered .. .. .. I'm discarding DNS problems. Thanks
[xmail] Re: messages to yahoo and or hotmail does not get del ivered
Hmmm - so far, you two are the only ones that are verified as having the exact same problem sending to Yahoo and Hotmail - there may be others, but we haven't verified that, is that correct? You both have the same configuration (exactly, as Edinilson pointed out). So what do we know so far? 1. WIN 2000 service pack 4 2. MS DNS from Win 2000 on a different system than XMail and presently using SmartDNSHost (Edlinilson pointed out he seemed to have the problem even without SmartDNSHost) 3. Neither of you is in the US (does this increase the likelihood of failed connection attempts (?) or do these providers have systems spread globally (?)) 4. XMail 1.21 (but Edinilson pointed out that other versions down to 1.17 behaved the same way) 5. Francis has verified that with this configuration XMail seems to be using A records on occasion when it should be using MX records 6. The problem is intermittent and ONLY happens with Hotmail and Yahoo 7. Edinilson has verified that the problem does not exist when using MS SMTP to send from the same configuration, so it seems somehow related to XMail. On this issue I have found XMail to be extremely RFC compliant (I think that was one of Davides intentions) and it may be that MS SMTP is doing something extra to overcome some known issue that we have yet to discover with Hotmail, Yahoo, DNS, or something else. 8. Many or most others running XMail are not having this problem. It remains to be seen if others running it on Windows 2000 do or don't. So here is what I would do if I were you: 1. Try it on Windows 2003 server if you can - 2000 is starting to get a little grey at the temples anyway. 2. Try it on Linux or *BSD (FreeBSD! FreeBSD!) If you still have the same problem with these configurations, then the problem likely has to do with your infrastructure outside of the OS - some funky problem that defies imagination, but that IT people are all quite familiar with! You know, the kind of problem where you stand there with your mouth hanging open and mutter: huh? and it never makes any sense, or a distinction in the way it interacts with XMail that is unusual. Without being able to replicate the behavior, you have a very limited test group - you two (so far!) If I could replicate the behavior, and had any time left over after typing this email, then I would help, but at the moment it is up to you! I don't think anyone is ignoring XMail under Windows, but finding any possible bug without being able to easily replicate it is extremely difficult... Jeff CLEMENT Francis wrote: -Message d'origine- De : Edinilson J. Santos [mailto:[EMAIL PROTECTED] Envoyé : vendredi 2 septembre 2005 15:02 À : xmail@xmailserver.org Objet : [xmail] Re: messages to yahoo and or hotmail does not get delivered .. .. .. I'm discarding DNS problems. Thanks Edinilson - ATINET-Professional Web Hosting Tel Voz: (0xx11) 4412-0876 http://www.atinet.com.br Me too ... Francis - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: messages to yahoo and or hotmail does not get del ivered
What would you look for in a tcpdump like this? I am technical (years of c/c++/PHP/Perl programming) but I am clueless about tcpdumps... pardon my ignorance! Jeff Sönke Ruempler wrote: On 02.09.2005 17:07, Davide Libenzi wrote: In the hotmail case, that sure has DNS configured like it should, the MX resolution is not a problem (like you can see from the logs posted). The End of stream data error, is something you linked to problem in the link between XMail and the remote SMTP server. And the fact that happens on an handfull of setups out of many tenths of thousands, shows that is somehow related with network setups. Some tcpdump logs could help ... - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: messages to yahoo and or hotmail does not get del ivered
It sounds like first the dump of XMail communications running under Win 2000, to see exactly where the time out or break occurs, and possibly also a dump of the FreeBSD firewall might help to see if that is part of the problem. Coordinating them might be a good idea so you can see the same XMail communication from both Win 2000 and the FreeBSD firewall occurring at the same time. FreeBSD command is tcpdump -i (netinterface) -c count -w path/to/filename (I was just messing around with it now) For Windows it looks like this tool might be helpful: http://www.winpcap.org/windump/ Sönke, Davide, do you agree with that? Jeff Edinilson J. Santos wrote: Our firewall gateway is a freebsd. Which level of tcpdump do you want? I can send you everything that you want, just tell me what. Edinilson - ATINET-Professional Web Hosting Tel Voz: (0xx11) 4412-0876 http://www.atinet.com.br - Original Message - From: Davide Libenzi davidel@xmailserver.org To: xmail@xmailserver.org Sent: Friday, September 02, 2005 1:50 PM Subject: [xmail] Re: messages to yahoo and or hotmail does not get del ivered On Fri, 2 Sep 2005, Sönke Ruempler wrote: On 02.09.2005 17:07, Davide Libenzi wrote: In the hotmail case, that sure has DNS configured like it should, the MX resolution is not a problem (like you can see from the logs posted). The End of stream data error, is something you linked to problem in the link between XMail and the remote SMTP server. And the fact that happens on an handfull of setups out of many tenths of thousands, shows that is somehow related with network setups. Some tcpdump logs could help ... I asked them. Have you seen them? - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: messages to yahoo and or hotmail does not get del ivered
Hmmm - thats interesting. The only aspect of your configuration that I have no experience with is SmartDNSHost pointing to another system for DNS resolution - I have never used SmartDNSHost. Have you tried turning that off? Have you tried pointing it to another DNS server, such as one provided by your ISP, especially a non-MS DNS solution just to verify it has nothing to do with that? Hotmail and Yahoo are both very busy, and very slow. I would consider latency issues when trying to resolve problems with these domains, although using an A record rather than an MX record wouldn't seem to be related to that. Jeff CLEMENT Francis wrote: -Message d'origine- De : jonn ah [mailto:[EMAIL PROTECTED] Envoyé : mercredi 31 août 2005 10:31 À : xmail@xmailserver.org Objet : [xmail] Re: messages to yahoo and or hotmail does not get delivered Hi all, would downgrading to a previous xmail version solve this hotmail/yahoo problem? if so, is there a repository for other rpm versions? Not sure ... As I said, I never encourated this problem with 1.17 but don't know if 1.18 or 1.19 or 1.20 have the problem. And as at 1.17 time my server didn't have exactly the same patchs available for w2k as current setup with xmail 1.21 I'm not sure this is a xmail problem ... could be a dns server problem introduced by a os patch ... But I can't revert back to 1.17 as now I use smtp filters in production The 'test' to do is to revert back to 1.17 on a 'up to date' (all patchs) on a test server, and see if problem occurs. If no, os patchs don't introduce the problem so next test is to install 1.18 then 1.19 ... until problem occurs again. It's time consumming because the problem comes 'randomly' Francis - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: messages to yahoo and or hotmail does not get delivered
I remember this topic too. The only thing I thought strange at the time, and still do, is that many users of 1.21 are not affected by this problem at all (myself being an example), and so there must be something related in the systems of those who do have the problem. I am not saying any of these things are the cause (I have no idea) but I remember thinking that many (all?) were running Windows Systems and that many were coming from outside the U.S.. Perhaps the problem is with the Windows binary, or the way it interacts with Microsoft DNS? Maybe there is something else related? It seems to me it might be helpful if people with this problem published relevant system data so that we can see what the commonalities are to isolate the problem... just a thought. Jeff Edinilson J. Santos wrote: I'm using the same solution that Francis described without problems. Try to search in the list about this topic. I'm the first that related it few months ago. Edinilson - ATINET-Professional Web Hosting Tel Voz: (0xx11) 4412-0876 http://www.atinet.com.br - Original Message - From: CLEMENT Francis [EMAIL PROTECTED] To: xmail@xmailserver.org Sent: Tuesday, August 30, 2005 9:22 AM Subject: [xmail] Re: messages to yahoo and or hotmail does not get delivered This problem was previously reported on this mailing list. Seems (but not completly clarified/debugged at this time) 'xmail 1.21' have some problems with some 'domains' zones setup (hotmail and yahoo in most cases). Seems xmail or dns server or tcp stack ? finaly choose the domain A record and not the MX record for the domain in some cases ! even if a nslookup or dig get the correct response ... I had the same problem, and configured xmail to allways use a smtp gateway (a iis smtp server on another computer using the same dns server for final delivery !!) to temporary resolve sending to these domains (especialy hotmail ...) So, if you isp provide you a smtp gateway, tell xmail to deliver to it and let the isp smtp server do the job. Put this line in smtpfwd.tab (replace a.b.c.d with you isp smtp server) : * a.b.c.d:25 As I said previously I have to get some tcp dumps to help understand the problem when xmail resolves by itself on these domains but my xmail server is in 'production' (for customers) and i can't test with it for this delivery problem so I need to find time to run another server on another 'dummy' domain ... Francis -Message d'origine- De : David Lord [mailto:[EMAIL PROTECTED] Envoyé : mardi 30 août 2005 12:33 À : xmail@xmailserver.org Objet : [xmail] Re: messages to yahoo and or hotmail does not get delivered On 29 Aug 2005, at 3:33, jonn ah wrote: Hi all, we're using xmail's pop3 and smtp service but when we try to send messages to either yahoo or hotmail, the messages does not seem to get delivered...Is there a default blacklist list that xmail automatically throws out messages to yahoo or hotmail to /dev/null? using tail -f /var/log/messages gives me nothing...I can however, send to other domains without any problems... any ideas? thanks! Possibly they both have tighter requirements on sender authentication, RDNS, SPF etc. David - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Official 'Powered by XMail Banner' ...
I like the 3d look myself, so http://www.fonsy.com/XMail_IAN88x31.2.jpg; is also my vote. It's also relatively easy to read at a small size, and uses elements of the original logo so that brand recognition is maintained. Jeff Davide Libenzi wrote: On Sat, 27 Aug 2005, Rob Arends wrote: Well, I think that settles it. Davide has spoken! The winner is: http://www.fonsy.com/XMail_IAN88x31.2.jpg That's only my preference though. Let's say that my vote count 5 :=) - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Xmail filter with ClamAV
Hi John - I use clamSMTP - it is c based proxy that is very lightweight and easy to use. I also use ASSP in front of this for anti-spam (so sender - ASSP - clamSMTP - XMail - sendee). As it turns out, after testing, the emails didn't even reach my anti-virus because ASSP blocked all of the attachments, but I am reasonably certain that it would have caught all of them regardless - I have had great success with clamSMTP. Jeff John Kielkopf wrote: Anyone else scanning mail with ClamAV? With just telling ClamAV to scan the message file supplied by Xmail, It'll miss a number of the test from http://www.webmail.us/testvirus If I build a new temp file to scan doing the following: - Strip MAIL-DATA and everything before - Add a Return-Path: xxx header to the top. - Detect and fix a bad EOH (no double CRLF before the start of the message body) I can then get ClamAV to pass all of the tests that contain a virus. (#24 and #24 get past, but they contain no virus). Is it possible to get ClamAV to hit the target without all of this? I'd like to avoid the overhead of building a new file every time I want to scan it. Thanks, --John - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] -- Buehler Technologies 19 Circle Drive - San Rafael, CA 94901 415.459.4677 - [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Xmail filter with ClamAV
I simply disallow email of greater than 5 mb (that was my cutoff exactly!) - email is not ideal for large file transfers for a number of reasons, so I discourage it. However, if you need to allow larger emails, then I'm not certain how different your situation is - ASSP does a significant amount of filtering (greylisting, etc.) and can actually do virus scanning as well and much more efficiently since it only scans the first X number of bytes of an email (but not compressed archives). Any thorough anti-virus scan (that I am aware of) will risk time outs for really large files that get to them. ClamSMTP is very thorough (using clamAV to do the scanning, including archives and so on) so it needs to be carefully configured and has the potential to cause problems. ASSP is great for anti-spam since it scans the first X bytes (I have mine set to 15k) of a mail and then simply refuses it (sending a SPAM error to the sender) if it is determined to be SPAM, significantly lowering the overhead associated with SPAM scanning. The accuracy I have had once properly configured is exceptional (98-99%) - in ASSP whitelisting is very important and automated which helps a lot. I prefer it over Spam Assassin myself. Jeff John Kielkopf wrote: Jeff Buehler wrote: Hi John - I use clamSMTP - it is c based proxy that is very lightweight and easy to use. I also use ASSP in front of this for anti-spam (so sender - ASSP - clamSMTP - XMail - sendee). As it turns out, after testing, the emails didn't even reach my anti-virus because ASSP blocked all of the attachments, but I am reasonably certain that it would have caught all of them regardless - I have had great success with clamSMTP. Jeff Are you stripping all attachments with ASSP? If not, how does clamSMTP react to large (5MB) attachments? Does it just not scan them, or does it risk a time-out? I currently use a combination of blacklisting and greylisting (and of course some white listing) in a pre-data filter, so actually very few viruses do make it to the scanner. Though some aggressive viruses have managed to pound their way through the greylist before they end up on a blacklist. clamSMTP would require me to do all my antispam with something like ASSP, as you've suggested, and possibly complicate things like shutting off antispam and/or antivirus at a per user level (something we do quite often) - but it is something to think about. Still, the perfectionist in me still wants to get my script working well (and fast - many of our users tend to send large attachments via email). Moving AV back to a mailproc.tab filter and scanning off-line may be what I have to do. --John - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] -- Buehler Technologies 19 Circle Drive - San Rafael, CA 94901 415.459.4677 - [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Xmail filter with ClamAV
As far as I know, it does. ASSP greylisting is a bit of a mystery to me, though, to be honest, so this aspect you should research. I don't think it is using greylisting in the same way as XMail does but I am not really certain (there is some sort of a greylist download that occurs and is used, rather than the refuse/send mechanism that is the kind of greylisting XMail uses). As far as I know all of the scanning takes place during the SMTP session, as I mentioned - 15K (or whatever you specify - many users swear by just using 5k) is allowed through then the Bayesian filter makes a determination. I am pretty certain that the greylisting mechanism is actually invoked prior to this, so it is more or less the first thing that happens. There is also SPF checking, RBL checking, proper header construct verification, verification against an LDAP lookup (if desired) and other stuff. After training ASSP, users have the option to receive SPAM marked (which I discourage since the entire mail has to be dealt with then, which is inefficient) or to have it refused, or to not have it scanned at all if outside corporate policy on that. Because the whitelisting mechanism is so robust, and the Bayesian filter quite solid, I have had almost no complaints about false positives. I presently have about 4000 emails go through a day with something like 90 users, all remote - I provide filtering for a small corporation and operate as a web/email host as well. Inevitably with this number of users some people want mail from Costco and some people don't, so there is no perfect solution. Jeff John Kielkopf wrote: Jeff Buehler wrote: I simply disallow email of greater than 5 mb (that was my cutoff exactly!) - email is not ideal for large file transfers for a number of reasons, so I discourage it. I agree, however some of my users may say otherwise ;) I was thinking about scanning all messages 2MB durring the SMTP session, and then scanning the few larger ones off-line at low priority. Currently I just don't scan anything 5MB. The accuracy I have had once properly configured is exceptional (98-99%) - in ASSP whitelisting is very important and automated which helps a lot. I prefer it over Spam Assassin myself. Do you get many complaints about false positives? Roughly how many users do you have? I prefer to do most of my antispam in the SMTP envelope, before the DATA phase. It's just a waste of bandwidth otherwise. Do you know if greylisting in ASSP does this? Thanks, --John - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] -- Buehler Technologies 19 Circle Drive - San Rafael, CA 94901 415.459.4677 - [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Can't send email from outside of my LAN
Try telneting to the SMTP port (25) to make certain it isn't blocked. Your ISP may be blocking port 25 (most of them are these days). i.e. telnet mail.yourdomain.com 25 or by ip telnet xx.xxx.xxx.xx 25 Jeff Larry Azlin wrote: Greetings. I run Xmail 1.21 on a SUSE 9.0 box to host my personal email (azlin.com), and all's well if the laptop running my email client (Thunderbird) is on my LAN. Recently I've been taking the laptop over to a friend's house and trying to send email from there, w/o success. I can GET email from my Xmail server, I just can't SEND through it. I've modified smtprelay.tab to include the ip at my friend's house, so it now looks like: 192.168.0.0[TAB]255.255.0.0 xxx.xxx.xxx.0[TAB]255.255.255.0 And I've verified that smtp.ipmap.tab is correct: 0.0.0.0[TAB]0.0.0.0[TAB]ALLOW[TAB]1 Just to be sure, I've also looked at my pop3 log files and verified that I've got his ip address correct. Yet, when I try to send email, there's a long delay while Thunderbird is trying to send, and I get an unable to access server type of message. I'm betting that there's something simple which I need to do in addition to the above changes can anyone point me in the right direction? TIA, Larry Azlin P.S. I restarted Xmail after these changes. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Suppress NDRs
By the way, Sönke, the solution you outlined is working perfectly - thanks! Jeff Sönke Ruempler wrote: Hi Eric, On 18.07.2005 20:38, Eric Garnice wrote: I have an XMail server in front of an Exchange server solely doing SpamAssassin. A problem arises where missed spam is sent to a bogus user on the domain where the from address is a valid distribution group on the same domain. The result is everyone on the distribution group receiving a copy of the non-delivery report. Is there any way to prevent these reports to be sent to valid users? I guess the problem you have is very similar to Jeff Buehler's thread one day ago and you maybe want to read that ;-) - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] undeliverable message auto delete
Hi all - Does anyone know of an existing solution for the auto-deletion of undeliverable messages in XMail? I am running FreeBSD. Writing something to remove them all periodically would be pretty easy, but I would like something that allows a settable time to collect dust before removing undeliverables in the FROZ directory, which seems like it might be useful to a lot of people. I guess this wouldn't be too difficult to write either - just query the present date against the mail creation date. But it would still be easier to use someone elses already working solution, if one exists! Thanks, Jeff - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: undeliverable message auto delete
Thanks, Sönke - I was hoping to keep them in the queue for awhile, but I am collecting 500 or more undeliverables a day presently since I am forwarding to a domain that is getting heavily spammed. When spammers send spam to bogus users at the busy Exchange server I am forwarding to, it predicatably sends back the user doesn't exist message, then xmail correctly attempts to send that back to the spammer who, of course, doesn't accept incoming mail, and so the message is undelivered. Are you aeware of a better way to handle this sort of interaction? I could create a user to match every user on the Exchange server and at least cut out a hop, but XMail will still then try to send the no user by that name reply back to the spammer. I guess it's important to notify valid senders to the domain that a given user doesn't exist, though... Is that an RFC requirement? In the meantime, I am going to turn on RemoveSpoolErrors as you mentioned just so I don't have to go empty out the undeliverable queue every three days manually. Thanks again! Jeff Sönke Ruempler wrote: Hi Jeff, On 17.07.2005 22:53, Jeff Buehler wrote: Does anyone know of an existing solution for the auto-deletion of undeliverable messages in XMail? I am running FreeBSD. Writing something to remove them all periodically would be pretty easy, but I would like something that allows a settable time to collect dust before removing undeliverables in the FROZ directory, which seems like it might be useful to a lot of people. I guess this wouldn't be too difficult to write either - just query the present date against the mail creation date. But it would still be easier to use someone elses already working solution, if one exists! The only switch that XMail provides at present is the server.tab variable: [RemoveSpoolErrors] Indicate if mail has to be removed or stored in 'froz' directory after a failure in delivery or filtering. So errors are removed just in time. - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: undeliverable message auto delete
Thanks! I'm doing it right now ... Jeff Sönke Ruempler wrote: Jeff, On 17.07.2005 23:10, Jeff Buehler wrote: Thanks, Sönke - I was hoping to keep them in the queue for awhile, but I am collecting 500 or more undeliverables a day presently since I am forwarding to a domain that is getting heavily spammed. When spammers send spam to bogus users at the busy Exchange server I am forwarding to, it predicatably sends back the user doesn't exist message, then xmail correctly attempts to send that back to the spammer who, of course, doesn't accept incoming mail, and so the message is undelivered. Are you aeware of a better way to handle this sort of interaction? I could create a user to match every user on the Exchange server and at least cut out a hop, but XMail will still then try to send the no user by that name reply back to the spammer. I guess it's important to notify valid senders to the domain that a given user doesn't exist, though... Is that an RFC requirement? My solution is to setup a cmdaliases file for each user that is being forwarded. So your mail server does not send bogus bounce mails into the internet. It's quite simple because XMail then sends directly 550 user not found in the SMTP session. So there is _NO_ bounce mail generated and your Exchange server gets only these messages that it can handle. And if there is a non-spam sender that types a wrong mail adress he'll get a bounce message from the server that tries to send to yours. I hope you got the advantage of that way. And note: Some providers are blacklisting servers with high bounce volumes. So someone - aware or unaware - could exploit your mailserver with wrong sender addresses and wrong rcpt addresses. now your mailserver weirdly sends out bounces back to the faked sender mailserver and could get blacklisted. So it's always a good idea to use forwarding for each user and not for whole domains. That differs the lame admins from the good ones *SCNR* - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] smtp greeting helodomain
Hi everyone - I am running XMail 1.21 on FreeBSD 5.4 - everything runs great. However, although HeloDomain is set (to mail.buehlertech.net and mail2.buehlertech.net) my greeting remains, for example, [EMAIL PROTECTED]. I assume the prefix is random. If I remove helodomain, I get the same kind of response, even though I have a proper PTR (reverse) record for each of these domains. Any ideas? Thanks, Jeff - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: smtp greeting helodomain
Hi Sönke - Thanks for your reply - Presently my [SmtpServerDomain] is set to buehlertech.net, does it require the prefix (i.e. mail or mail2.buehlertech.net)? Jeff Sönke Ruempler wrote: On 15.07.2005 21:31, Jeff Buehler wrote: Hi everyone - I am running XMail 1.21 on FreeBSD 5.4 - everything runs great. However, although HeloDomain is set (to mail.buehlertech.net and mail2.buehlertech.net) my greeting remains, for example, [EMAIL PROTECTED]. I assume the prefix is random. If I remove helodomain, I get the same kind of response, even though I have a proper PTR (reverse) record for each of these domains. HeloDomain is what what your server sends if it's connecting to a remote server. What you whant is: [SmtpServerDomain] If set, forces the domain name XMail uses inside the ESMTP banner used to support CRAM-MD5 ESMTP authentication. Try that please. - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: smtp greeting helodomain
Hi Sönke - When I change [SmtpServerDomain] by adding the prefix (mail2) then the resulting greeting is: [EMAIL PROTECTED] Is that correct? I wasn't expecting the numeric value before the domain... Jeff Jeff Buehler wrote: Hi Sönke - Thanks for your reply - Presently my [SmtpServerDomain] is set to buehlertech.net, does it require the prefix (i.e. mail or mail2.buehlertech.net)? Jeff Sönke Ruempler wrote: On 15.07.2005 21:31, Jeff Buehler wrote: Hi everyone - I am running XMail 1.21 on FreeBSD 5.4 - everything runs great. However, although HeloDomain is set (to mail.buehlertech.net and mail2.buehlertech.net) my greeting remains, for example, [EMAIL PROTECTED]. I assume the prefix is random. If I remove helodomain, I get the same kind of response, even though I have a proper PTR (reverse) record for each of these domains. HeloDomain is what what your server sends if it's connecting to a remote server. What you whant is: [SmtpServerDomain] If set, forces the domain name XMail uses inside the ESMTP banner used to support CRAM-MD5 ESMTP authentication. Try that please. - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: pop before smtp
At first I thought that was a question I should just go ahead and answer without bothering to double check my Thunderbird configuration, because I was certain that it isn't doing SMTP authentication. As it turns out, it is - at some point I actually checked the box to do so, and I have no idea when (obviously I was sleepwalking). That means that I either have roughly 50 users who can't send mail and don't seem to care enough to bother letting me know, or by some small miracle they figured out to get their email clients to do SMTP authentication, which I have a hard time believing. But then this week has been full of strange suprises! Thanks for snapping me out of yet another misconception... I can only assume at this point that Rob was correct in pointing out that I have to use SMTP authentication now across the board since my SMTP and POP3 are coming in and going out of different IP:PORT combinations. Clarity at last... :) Jeff Sönke Ruempler wrote: [EMAIL PROTECTED] wrote on Thursday, July 07, 2005 2:16 AM: Maybe its some sort of security related bug in Thunderbird that allows it to authenticate across 2 different IP's? Are you sure that TB does not send SMTP auth? What tell the SMTP logs? - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: pop before smtp
Ah ha! Thanks, Rob - that makes sense now. The behavior I am seeing is expected. I'm glad that SMTP authorization works alongside with pop before smtp, and as you said, why would anyone want to turn it off. I'll start promoting it since it can coexist with the popb4. I didn't promote smtp authorization previously because I already had users using the pop b4 smtp already (it is pretty standard with the larger ISP's like Comcast or SBC so users are familiar with it) and I wasn't certain how it would interact with uebmiau or other web mail apps. Now I see that it can coexist, though, and that is great ... Thanks, Jeff Rob Arends wrote: Jeff, Smtp auth is enabled by default, and there does not seem to be a way to turn it off (why would you?), however I know the EnableAuthSMTP-POP3 1 is configurable and is turned on by default. *ALL* my users are told to use smtp auth. It gets them around grey listing and they can send as whom ever they like. Because of this I still know who they are, and that's all that matters. Never had a problem, but then I've never actively promoted or tried pop-b4-smtp. Rob :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Buehler Sent: Wednesday, July 06, 2005 10:33 AM To: xmail@xmailserver.org Subject: [xmail] Re: pop before smtp Yes, the email client (in this case Thunderbird and numerous other external email clients) must be doing pop before smtp since I have never enabled true SMTP authentication (even though I would like to, but that is another story), and none of my testing has included setting password authentication for SMTP. The part that suprised me is that I am not set up to do real SMTP authentication (only pop before), but when going through the ASSP proxy running on the same system as XMail, SMTP authentication not only works with at least some email clietns but is actually required for some. Perhaps this is expected behavior, but I thought it was an either/or sort of thing. So, ASSP - Xmail with pop before SMTP works with Thunderbird (at least), but in Outlook 2003 and Mac OS X Mailtool (at least) SMTP authentication is required for proper authentication. This was not the case when ASSP was on a seperate IP and a seperate platform - with that config, pop before SMTP worked for all these email clients. Also this was not the case when ASSP was not in the picture (so obviously it has something to do with ASSP - XMail). Jeff Davide Libenzi wrote: On Tue, 5 Jul 2005, Jeff Buehler wrote: Hmmm - It would appear that if I set the email clients in question to require SMTP authentication, and use the same username and password as for pop3 authentication, then everything works. I thought this was an either/or requirement, but now I have most users doing pop3 before smtp and some users using smtp authentication, and it works (so far). If you use *real* SMTP authentication, then you won't need the POP3 before SMTP thing. In order for POP3 before SMTP to work, you need you mail clients to actually try a POP3 session before the SMTP session (with the account doing the POP3 session being the *same* as the MAIL FROM: of the SMTP session). Is your email client doing so? - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: pop before smtp
Nah! ASSP (anti spam smtp proxy) is actually a great opensource anti-spam proxy tool that (as it tunrs out) runs under Linux, FreeBSD and Windows. It loads a specified number of bytes of a given mail then refuses the connection based on a bayesian determination of spam, RBL, etc. instead of downloading the whole thing (unless you want it to). It has RBL, whitelisting, greylisting, SPF, web-based interface, limited anti-virus (which I don't use), and its fast and reasonably simple to install. The only thing that would make it better (in my opinion) is if it were written in c/c++ instead of Perl. I like it quite a bit better than SpamAssassin myself. At any rate, it appears I was wrong about the smtp authentication OR popb4 and it is actually popb4 AND smtp authentication, which is kool. So now I know. I will instruct my users to start using SMTP authentication because, as another use kindly pointed out recently, why not? Thanks again for your input, Davide! Jeff Davide Libenzi wrote: On Tue, 5 Jul 2005, Jeff Buehler wrote: Yes, the email client (in this case Thunderbird and numerous other external email clients) must be doing pop before smtp since I have never enabled true SMTP authentication (even though I would like to, but that is another story), and none of my testing has included setting password authentication for SMTP. The part that suprised me is that I am not set up to do real SMTP authentication (only pop before), but when going through the ASSP proxy running on the same system as XMail, SMTP authentication not only works with at least some email clietns but is actually required for some. Perhaps this is expected behavior, but I thought it was an either/or sort of thing. So, ASSP - Xmail with pop before SMTP works with Thunderbird (at least), but in Outlook 2003 and Mac OS X Mailtool (at least) SMTP authentication is required for proper authentication. This was not the case when ASSP was on a seperate IP and a seperate platform - with that config, pop before SMTP worked for all these email clients. Also this was not the case when ASSP was not in the picture (so obviously it has something to do with ASSP - XMail). Then remove ASSP (whatever it is) :=) - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: pop before smtp
That was my guess too (that ASSP was the culprit), as I mentioned in my first mails about it, but I thought I would check and see if anyone had any ideas. The strange part is the timing issue - across a LAN no problem, but locally certain email clients fail to do popb4smtp (and other ones do not), so it would seem to be an issue of ASSP not waiting properly for an authentication response or something. At any rate, I am satisfied with the solution of SMTP authentication now that I know it is not abnormal behavior to have it working. Thanks, Jeff Sönke Ruempler wrote: On 06.07.2005 20:59, Jeff Buehler wrote: Nah! ASSP (anti spam smtp proxy) is actually a great opensource anti-spam proxy tool that (as it tunrs out) runs under Linux, FreeBSD and Windows. It loads a specified number of bytes of a given mail then refuses the connection based on a bayesian determination of spam, RBL, etc. instead of downloading the whole thing (unless you want it to). It has RBL, whitelisting, greylisting, SPF, web-based interface, limited anti-virus (which I don't use), and its fast and reasonably simple to install. The only thing that would make it better (in my opinion) is if it were written in c/c++ instead of Perl. I like it quite a bit better than SpamAssassin myself. At any rate, it appears I was wrong about the smtp authentication OR popb4 and it is actually popb4 AND smtp authentication, which is kool. So now I know. I will instruct my users to start using SMTP authentication because, as another use kindly pointed out recently, why not? I guess if you encounter this problem again, you should dump the traffic with tcpdump or whatever. Maybe we can help you then. But IMHO that sounds not like a XMail problem but a ASSP's. - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: pop before smtp
Hmmm - that makes sense. I wonder why Thunderbird has no problem doing popb4, though ... it works as before doing popb4. ASSP does something a bit unusual in that it operates as a proxy, so i'm not certain it is technically providing SMTP but might be doing some sort of passthrough. XMail is active at 127.0.0.1:25, 192.168.1.13:110 and ASSP at 192.168.13:25, so your thought makes sense since XMail is technically listening on two different IPs even though one is 25 and the other is 110. Maybe its some sort of security related bug in Thunderbird that allows it to authenticate across 2 different IP's? Thanks, Rob... Jeff Rob Arends wrote: Jeff, your email below answers it. How can xmail correlate the popb4smtp, if the smtp is actually ASSP. POPb4 only works if the same server is running both port 25 and port 110. In your case xmail will see the smtp connection coming from ASSP, not the MUA. Rob :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Buehler Sent: Thursday, July 07, 2005 4:59 AM To: xmail@xmailserver.org Subject: [xmail] Re: pop before smtp Nah! ASSP (anti spam smtp proxy) is actually a great opensource anti-spam proxy tool that (as it tunrs out) runs under Linux, FreeBSD and Windows. It loads a specified number of bytes of a given mail then refuses the connection based on a bayesian determination of spam, RBL, etc. instead of downloading the whole thing (unless you want it to). It has RBL, whitelisting, greylisting, SPF, web-based interface, limited anti-virus (which I don't use), and its fast and reasonably simple to install. The only thing that would make it better (in my opinion) is if it were written in c/c++ instead of Perl. I like it quite a bit better than SpamAssassin myself. At any rate, it appears I was wrong about the smtp authentication OR popb4 and it is actually popb4 AND smtp authentication, which is kool. So now I know. I will instruct my users to start using SMTP authentication because, as another use kindly pointed out recently, why not? Thanks again for your input, Davide! Jeff Davide Libenzi wrote: On Tue, 5 Jul 2005, Jeff Buehler wrote: Yes, the email client (in this case Thunderbird and numerous other external email clients) must be doing pop before smtp since I have never enabled true SMTP authentication (even though I would like to, but that is another story), and none of my testing has included setting password authentication for SMTP. The part that suprised me is that I am not set up to do real SMTP authentication (only pop before), but when going through the ASSP proxy running on the same system as XMail, SMTP authentication not only works with at least some email clietns but is actually required for some. Perhaps this is expected behavior, but I thought it was an either/or sort of thing. So, ASSP - Xmail with pop before SMTP works with Thunderbird (at least), but in Outlook 2003 and Mac OS X Mailtool (at least) SMTP authentication is required for proper authentication. This was not the case when ASSP was on a seperate IP and a seperate platform - with that config, pop before SMTP worked for all these email clients. Also this was not the case when ASSP was not in the picture (so obviously it has something to do with ASSP - XMail). Then remove ASSP (whatever it is) :=) - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] pop before smtp
Hi all - This question may be a bit out of place, but someone here may have a recommendation... Over the years, I have had an occasional problem with different mail clietns choking on pop before smtp. Generally this has been the case on Mac (OS 9) mail clients, which thankfully are gone from my user group now. Recently I put an anti-spam service (ASSP) on the same box and IP as XMail which forwards mail to XMail after scanning it. This mecahnism has worked with no problems when I had ASSP on a seperate IP and a seperate box from XMail, and it works well now *except* that certain mail clients no longer seem to be able to authenticate properly. Specifically these are Mac OS X mailtool and Outlook 2003 that I am aware of (Thunderbird works fine). This is obviosly some sort of interaction between ASSP and XMail, and so the problem might exist on either side, but I was hoping someone on the XMail side might have some ideas ...? Thanks! Jeff - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: pop before smtp
Hmmm - It would appear that if I set the email clients in question to require SMTP authentication, and use the same username and password as for pop3 authentication, then everything works. I thought this was an either/or requirement, but now I have most users doing pop3 before smtp and some users using smtp authentication, and it works (so far). Should I be concerned? This must be some funky ASSP thing ... but I am (pleasantly?) suprised that XMail allows it to verify even when it is not set to do smtp authentication (or at least I didn't think that it was!) Jeff Jeff Buehler wrote: Hi all - This question may be a bit out of place, but someone here may have a recommendation... Over the years, I have had an occasional problem with different mail clietns choking on pop before smtp. Generally this has been the case on Mac (OS 9) mail clients, which thankfully are gone from my user group now. Recently I put an anti-spam service (ASSP) on the same box and IP as XMail which forwards mail to XMail after scanning it. This mecahnism has worked with no problems when I had ASSP on a seperate IP and a seperate box from XMail, and it works well now *except* that certain mail clients no longer seem to be able to authenticate properly. Specifically these are Mac OS X mailtool and Outlook 2003 that I am aware of (Thunderbird works fine). This is obviosly some sort of interaction between ASSP and XMail, and so the problem might exist on either side, but I was hoping someone on the XMail side might have some ideas ...? Thanks! Jeff - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: pop before smtp
Yes, the email client (in this case Thunderbird and numerous other external email clients) must be doing pop before smtp since I have never enabled true SMTP authentication (even though I would like to, but that is another story), and none of my testing has included setting password authentication for SMTP. The part that suprised me is that I am not set up to do real SMTP authentication (only pop before), but when going through the ASSP proxy running on the same system as XMail, SMTP authentication not only works with at least some email clietns but is actually required for some. Perhaps this is expected behavior, but I thought it was an either/or sort of thing. So, ASSP - Xmail with pop before SMTP works with Thunderbird (at least), but in Outlook 2003 and Mac OS X Mailtool (at least) SMTP authentication is required for proper authentication. This was not the case when ASSP was on a seperate IP and a seperate platform - with that config, pop before SMTP worked for all these email clients. Also this was not the case when ASSP was not in the picture (so obviously it has something to do with ASSP - XMail). Jeff Davide Libenzi wrote: On Tue, 5 Jul 2005, Jeff Buehler wrote: Hmmm - It would appear that if I set the email clients in question to require SMTP authentication, and use the same username and password as for pop3 authentication, then everything works. I thought this was an either/or requirement, but now I have most users doing pop3 before smtp and some users using smtp authentication, and it works (so far). If you use *real* SMTP authentication, then you won't need the POP3 before SMTP thing. In order for POP3 before SMTP to work, you need you mail clients to actually try a POP3 session before the SMTP session (with the account doing the POP3 session being the *same* as the MAIL FROM: of the SMTP session). Is your email client doing so? - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: sendmail-Xmail non-standard port
I *may* have answered my own question, but I would still be curious about any input on sendmail. I realized that ASSP is running on port 25 but is not getting the mail forward from sendmail. It then occurred to me that this was because ASSP is running on the external address at ports 25 and 587, and can't support any more IP/PORTs. So, there was no MTA running on 127.0.0.1:25 - I added this to XMail, and now I am waiting to see if I start getting some emails from the system! If not, I will send out another email with info and questions... Thanks... Jeff Buehler wrote: I have a configuration of XMail that requries XMail to run on port 125. So ASSP on port 25/587 - XMail port 125. Previously I had ASSP running on another IP range so this was not necessary. I am running FreeBSD and I am not certain how to get sendmail to forward mail through XMail now - previously I was using the non-XMail version of Sendmail, and my servers local mails were available at [EMAIL PROTECTED] Now they are getting spooled but they are not getting to XMail for the domain, I assume because the port is no longer 127.0.0.1:25 but now is 127.0.0.1:125. Anyone know much about configuring sendmail under FreeBSD to send these mails to port 125 (assuming that is the problem as I suspect?) Thanks! Jeff - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: sendmail-Xmail non-standard port
-bd port? I'm sorry - I don't know what to do with that. A flag to the sendmail daemon, or some other archaic invocation? You are of course correct about the assumption thing - I can't seem to help it. Thanks, Jeff Alexander Hagenah wrote: [EMAIL PROTECTED] schrieb am Friday, July 01, 2005 4:45 PM: Anyone know much about configuring sendmail under FreeBSD to send these mails to port 125 (assuming that is the problem as I suspect?) ..-- | -bd 125 `-- Assuming - it won't solve your problem. :) -- Regards, Alexander Hagenah - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: sendmail-Xmail non-standard port
Hi Alexander - Sorry - got it now. I did a man of sendmail, and there it was, three lines or so down, -bd to run sendmail deamon with port alternatives. Thanks. I am not certain if this is going to help me with this particular problem, because I don't (think I) want sendmail listening on a SMTP port (that's XMails job, right?) but simply redirecting local mails to XMail. Also I am under the impresion that the proper mechanism under FreeBSD is to modify the domainname.mc file in /etc/mail to instruct sendmail to do what I want it to, but I am a bit confused by the different sendmail modes under FreeBSD (/etc/rc.conf - sendmail_enable= yes, no or none - none kills it completely, no allows it to do local redirecting to XMail so far until today). Thanks, Jeff Alexander Hagenah wrote: [EMAIL PROTECTED] schrieb am Friday, July 01, 2005 4:45 PM: Anyone know much about configuring sendmail under FreeBSD to send these mails to port 125 (assuming that is the problem as I suspect?) ..-- | -bd 125 `-- Assuming - it won't solve your problem. :) -- Regards, Alexander Hagenah - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Help Xscanner
That, of course, is the clear argument for Windows as a workstation OS, and I agree 100% in that sense (Mac OS X is great also). However, when it comes to server management, I prefer people I work with (and myself) to be knowledgeable, and I prefer the OS to be as flexible as possible. This is just my experience, I am not presenting it as an absolute truth for everyone, but I have found that at best the Windows GUI does nothing to help understanding or flexibility, and at worst it creates IT people who don't understand the internals behind what they are doing and rigid GUI behavior that makes it more difficult (or even impossible) to create poweful non-commercial or non-standard solutions to complex problems. So, with a workstation, ease of use is extermely high on my list of importance, and with servers ease of use is extremely low on my list of importantance. But that's just me... And no, I don't know of any Linux solutions as complete as Windows from a graphical standpoint - there are a few good starts, though (Red Hat seemed pretty good, but not up to the Windows standard). However, I won't know about any that do get developed because that doesn't much interest me in a server OS - I'll take the road of having to understand the internals a bit so that there is no problem fixing it or making it work later. That is what I like about XMail - it is hardly a standard Windows application and certainly defies the comprehensive and consistent GUI that Windows provides, but it is powerful, rock solid and fast. I'll take it over Exchange (when possible - it doesn't have all the functionality) any day, and Apache (or Xitami or a bunch of others) over IIS, even when running Windows OS, despite the relative hassle of setting them up the same way you might on a UNIX or Linux platform. Francis, I enjoy the discussion - if you want, please feel free to mail me any responses directly so that we don't have to burden others who are probably tired of this ancient discussion! It probably doesn't really belong on this mailing list... My email address is [EMAIL PROTECTED] Jeff CLEMENT Francis wrote: Just to say that for me, free os will win the battle, especially in small business and finaly at home, only when a comprehensive, easy to use, complete admin gui will be available for use by anyone without big knowledge. This will help a lot ... Computers must be easy to use. The big point for windows is that it is easy to use, easy to manage/configure ... All tools are gui, all are consistent in use, ... Is there a complete managment tool for linux ? Francis -Message d'origine- De : Jeff Buehler [mailto:[EMAIL PROTECTED] Envoyé : mercredi 22 juin 2005 19:36 À : xmail@xmailserver.org Objet : [xmail] Re: Help Xscanner However, ASSP (nor ClamSMTP nor ClamAV) do not run on Windows. There are, of course, other solutions, but this combination is the best I have found for the price (or any price, although the high-priced commercial market is not really my expertise). I'm honestly trying to help Yann come up with an ideal solution for what it sounds like his problem may be, not push idealogy. Speaking of idealogy, I think a lot of people choose Windows because of comfort and familiarity, which are really not the best reasons to make server based decisions (or arguably most reasonably complex IT decisions), but I acknowledge that this is an opinion and not a clear fact. I also run two Windows servers simply because I need them to debug IT problems for clients, so I use them as test beds for changes I intend or need to make to client systems. I am at a loss as to why someone would want a (very) expensive operating system for a server when free ones are available that perform at least as well (oh, wait, I know, Exchange and Active Directory - yay!). Not an argument, just an opinion from my experience. Bill certainly doesn't need the income. Thanks for the reminder not to start any wars! Certainly never my intention - there are enough ridiculous wars around without my help (um, I hope that doesn't start another discussion!) Jeff CLEMENT Francis wrote: -Message d'origine- De : Jeff Buehler [mailto:[EMAIL PROTECTED] Envoyé : mercredi 22 juin 2005 18:30 À : xmail@xmailserver.org Objet : [xmail] Re: Help Xscanner If you have a SPAM problem, I would advise the following configuration: 1. Dump windows. Ubiquitous != good. Install Linux or FreeeBSD. this may seem a bit elaborate, but in my opinion Windows is really not ideal (unstable, not too scaleable, not free) for running a mail server. I found My xmail 'windows' server runs good from xmail 0.96 to xmail 1.21 now and never restarted nor bugged ;-) (except for standard maintenance) I have too some FreeBSD running well too ... Badly configured Linux/FreeBSD/... equal badly configured windows too
[xmail] Re: Help Xscanner
If you have a SPAM problem, I would advise the following configuration: 1. Dump windows. Ubiquitous != good. Install Linux or FreeeBSD. 2. Install ASSP - an excellent anti-spam, opensource program 3. Install ClamSMTP and ClamAV. ASSP - ClamSMTP - XMail. It works great. Use the beta 12 or 13 of ASSP, not the release version. There is a port for FreeBSD now. On the other hand, if you are having that much trouble with Spam Assassin, this may seem a bit elaborate, but in my opinion Windows is really not ideal (unstable, not too scaleable, not free) for running a mail server. I found the above installation and set up reasonably simple, although FreeBSD handlesinterface issues differently than Windows, of course. Spam Assassin works well for anti-spam purposes, but it's a little bit CPU intensive relative to ASSP in my experience. I'm sorry but I can't help you with the doList filter, although at first look doList seems to be a pretty weak anti-spam solution - it's just a filter without Bayesian analysis or anything. Jeff Yann LE ROCH - Agence CHROM wrote: Hello I use http://software.dolist.net/xscanner.asp[1] on my xmail 1.18 (windows 2000 server) I just want to know if it's possible to send an e.mail notification to recipient when a e.mail is blocked by xscanner. Spamassassin is too difficult to install... Thanks Yann - To unsubscribe from this list: send theline unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the bodyof a message to [EMAIL PROTECTED] -- Buehler Technologies Email Signature Buehler Technologies 19 Circle Drive - San Rafael, CA 94901 415.459.4677 - [EMAIL PROTECTED] --- Links --- 1 http://software.dolist.net/xscanner.asp 2 mailto:[EMAIL PROTECTED] 3 mailto:[EMAIL PROTECTED] 4 mailto:[EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Help Xscanner
However, ASSP (nor ClamSMTP nor ClamAV) do not run on Windows. There are, of course, other solutions, but this combination is the best I have found for the price (or any price, although the high-priced commercial market is not really my expertise). I'm honestly trying to help Yann come up with an ideal solution for what it sounds like his problem may be, not push idealogy. Speaking of idealogy, I think a lot of people choose Windows because of comfort and familiarity, which are really not the best reasons to make server based decisions (or arguably most reasonably complex IT decisions), but I acknowledge that this is an opinion and not a clear fact. I also run two Windows servers simply because I need them to debug IT problems for clients, so I use them as test beds for changes I intend or need to make to client systems. I am at a loss as to why someone would want a (very) expensive operating system for a server when free ones are available that perform at least as well (oh, wait, I know, Exchange and Active Directory - yay!). Not an argument, just an opinion from my experience. Bill certainly doesn't need the income. Thanks for the reminder not to start any wars! Certainly never my intention - there are enough ridiculous wars around without my help (um, I hope that doesn't start another discussion!) Jeff CLEMENT Francis wrote: -Message d'origine- De : Jeff Buehler [mailto:[EMAIL PROTECTED] Envoyé : mercredi 22 juin 2005 18:30 À : xmail@xmailserver.org Objet : [xmail] Re: Help Xscanner If you have a SPAM problem, I would advise the following configuration: 1. Dump windows. Ubiquitous != good. Install Linux or FreeeBSD. this may seem a bit elaborate, but in my opinion Windows is really not ideal (unstable, not too scaleable, not free) for running a mail server. I found My xmail 'windows' server runs good from xmail 0.96 to xmail 1.21 now and never restarted nor bugged ;-) (except for standard maintenance) I have too some FreeBSD running well too ... Badly configured Linux/FreeBSD/... equal badly configured windows too Don't be soo partial ;-) Well configured Windows equals well configured linux or others It's not really on these arguments that free software will win ... So don't start a war again please ... Spam Assassin works well for anti-spam purposes, but it's a little bit CPU intensive relative to ASSP in my experience. I'm sorry but I can't help you with the doList filter, although at first look doList seems to be a pretty weak anti-spam solution - it's just a filter without Bayesian analysis or anything. Jeff My one experience on spam battle : Run Xmail (one your os of choice, just configure the os correctly ...) Add it Davide's excellent GLST filter Add it a good virus scanner (av-filter from Dario, henry.it, with fprot or nai) At this time, you eliminate 99% spams without big cpu/software/harware/config... This is approximatively the result I found after 2 months with this configuration (we are hosters, with a good number of mails coming in every day) Francis - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Help Xscanner
Opps - thanks! That's actually good to know... I actually find that most stuff works, or can be made to work, under Windows from the UNIX/Linux side pretty easily. Of course, the opposite isn't always true since Microsoft has good reason to keep stuff proprietary. ~J~ Kevin Williams wrote: Jeff Buehler wrote: However, ASSP (nor ClamSMTP nor ClamAV) do not run on Windows. FYI - http://www.clamwin.com/ (Not that I run xmail on Windows, but just to clarify.) - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Help Xscanner
Ha! Well, there you go - I'm actually not too suprised, but I didn't realize (or didn't remember) that there was an ASSP implementation for Windows (nor ClamAV - how about ClamSMTP, I wonder? I guess I could always take thirty seconds and look it up...). Thanks for the info - now that you mention it, I vaguely recall seeing a bunch of mail from the ASSP list about people on Windows having this or that question or problem. Nevermind Linux or FreeBSD then, it would probably work well for Yann if he can do ASSP and some other anti-virus solution on a Windows machine - why not if it's already up and running? Yann, since you are on Win 2000, you might want to try that - ASSP-Xmail or better ASSP-anti-virus(?)-Xmail. That combination works really well for me, although I have no idea about stability and so on under Windows for ASSP or ClamAV. Jeff Kroll, David wrote: I run assp on windows just fine and have for quite some time. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Buehler Sent: Wednesday, June 22, 2005 7:04 PM To: xmail@xmailserver.org Subject: [xmail] Re: Help Xscanner Opps - thanks! That's actually good to know... I actually find that most stuff works, or can be made to work, under Windows from the UNIX/Linux side pretty easily. Of course, the opposite isn't always true since Microsoft has good reason to keep stuff proprietary. ~J~ Kevin Williams wrote: Jeff Buehler wrote: However, ASSP (nor ClamSMTP nor ClamAV) do not run on Windows. FYI - http://www.clamwin.com/ (Not that I run xmail on Windows, but just to clarify.) - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Socket bind error - finally working
I have never seen or used mta_start_script= - based on what you sent, though, I doubt you are using it properly and I have no idea what the side effects of your approach will be. My scripts in/etc/rc.d and /usr/local/etc/rc.d start up fine without it (in 5.3. and 5.4). If it works, though, great - just be careful is isn't doing something unexpected, like preventing other necessary services in /etc/rc.conf from starting or something. I find sendmail a bit confusing - it has several modes of operation (you can probably find out all about it in it's ridiculously long man page) - sendmail_enable=no, sendmail_enable=yes, sendmail_enable=none and I recall (but this may be wrong) sendmail_enable=both. sendmail_enalbe=no will still allow sendmail to send mail out that it gets a hold of, and thos may be what you want for admin messages and the like that XMail may not retrieve. This is actually how I do it. The process you have running I'm not so certain about - sendmail still looks active, but given what you wrote I don't know in what mode. Jeff Ross Gohlke wrote: The good news is, XMail is finally running properly. The bad news is, I'm not exactly sure how. To prevent sendmal from runnig under Freebsd, add to /etc/rc.conf the following: sendmail_enable = NONE. However, I don't know why sendmail would interfere with CtrlClnt, or if it would. You can do a ps -alx | grep sendmail to see if it's running. I did try to turn off sendmail. When I rebooted, Xmail started up fine, and I could use CtrlClnt. /etc/rc.sendmail # This script is used by /etc/rc at boot time to start sendmail. It # is meant to be sendmail specific and not a generic script for all # MTAs. It is only called by /etc/rc if the rc.conf mta_start_script is # set to /etc/rc.sendmail. This provides the opportunity for other MTAs # to provide their own startup script. /etc/defaults/rc.conf mta_start_script=/etc/rc.sendmail SO I ADDED THIS LINE TO /etc/rc.conf ABOVE OTHER SERVICES mta_start_script=/usr/local/etc/rc.d/xmailserverstart.sh Then I rebooted. Funny thing is, NONE of the services defined in /etc/rc.conf (except IPFILTER) are starting up on reboot, and ps yields the exact same results as reported before for sendmail: james# ps -alx | grep sendmail 0 394 390 164 8 0 1632 1100 wait I+ con0:00.00 /bin/sh /usr/sbin/sendmail -L sm-mta -bd -q30m -ODaemonPortOpt 0 395 394 164 116 0 2772 1804 select I+ con0:00.01 /usr/sbin/sendmail.xmail -L sm-mta -bd -q30m -ODaemonPortOptio Here's to happy XMailing! ross PS Happy Father's Day to those who code with kids. - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Socket bind error
Your get system panics using the patch? Are you certain you have the right one - I get nothing like that at all. Perhaps you are running a service that uses the function (kqueue_stat in kern_event.c) and doesn't like it that I am not running? Here are the modifications I use that work perfectly in 5.3 and 5.4 so far for me: /* OLD FUNCTION COMMENT OUT*/ /* static int kqueue_stat(struct file *fp, struct stat *st, struct ucred *active_cred, struct thread *td) { return (ENXIO); } */ /* NEW FUNCTION ADD */ static int kqueue_stat(struct file *fp, struct stat *st, struct ucred *active_cred, struct thread *td) { struct kqueue *kq; int error; if ((error = kqueue_aquire(fp, kq))) return ENOENT; KQ_LOCK(kq); bzero((void *)st, sizeof(*st)); st-st_size = kq-kq_count; kqueue_release(kq, 1); KQ_UNLOCK(kq); st-st_blksize = sizeof(struct kevent); st-st_mode = S_IFIFO; return (0); } also, I haven't seen these mails...are they in the list and I'm just missing them? I would definately advice trying the patch, Ross - if it causes system panics that you didn't get before as it seems to for David, then roll it back. Hopefully the FreeBSD team will fix this bug before too long - they have been advised about it, but I don't know it's status... Jeff David Lord wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 18 Jun 2005, at 14:08, Ross Gohlke wrote: Which version of XMail? 1.21 from source. What are outputs of: 'lsof | grep -c XMail' and '/sbin/sysctl kern.openfiles'? james# lsof | grep -c XMail 0 james# /sbin/sysctl kern.openfiles kern.openfiles: 106 I was getting a gradual increase in open files such that maximum allowed would be reached within about two weeks and XMail would stop without any message to indicate it had. I ran XMail 1.17 on FreeBSD 4.10 for some time without a problem once configured. Now with XMail 1.21 on FreeBSD 5.3 as of Feb 6, I've never had it stable due to kqueue and possible hardware incompatibilities. I'm considering move back to try XMail 1.17 and if that doesn't work a move to NetBSD 2.0.2. So should I downgrade to 1.17? Jeff mentioned a patch. Would this fix my problem? If so, where can I get it? If it needs fixing at all, ie you see a build up of open files, then it's worth trying the patch. Here the patch worked in that open files didn't increase but I would have a system panic within a few days whilst now unpatched I'm on 26 days uptime and restarting XMail twice a week and open files are only hitting around 700 with maximum set at 2816. I'm slowly setting up a replacement server. I've had similar errors from CtrlClnt when either command syntax was wrong or had a misconfiguration. I no longer attempt to use CtrlClnt from a commandline, only from scripts. Not sure I understand how calling them from scripts would make a difference. It's just that it lowers my chances of having mistyped the command. Also some of the scripts can take parameters from a list. David -BEGIN PGP SIGNATURE- Version: PGP 7.0.4 -- QDPGP 2.65 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBQrXDNq2RmIodDo7KEQKb/QCZAe8c7iBMmllRvb2dLPaWc2E+MJkAoOND 7zGcFYuYE3e1+r0C0vlkL/9q =bKej -END PGP SIGNATURE- - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Socket bind error
There is a simple patch (requiring a few lines of code) available for the kqueue problem. I run 1.21 on 5.4 (and for 6 or so months on 5.3) and have no problems after modyfying the code for the kqueue problem. I have found it to be incredibly stable (Xmail has never gone down that I can recall with this configuration). Jeff David Lord wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 17 Jun 2005, at 18:52, Ross Gohlke wrote: Which version of XMail? What are outputs of: 'lsof | grep -c XMail' and '/sbin/sysctl kern.openfiles'? I ran XMail 1.17 on FreeBSD 4.10 for some time without a problem once configured. Now with XMail 1.21 on FreeBSD 5.3 as of Feb 6, I've never had it stable due to kqueue and possible hardware incompatibilities. I'm considering move back to try XMail 1.17 and if that doesn't work a move to NetBSD 2.0.2. I've had similar errors from CtrlClnt when either command syntax was wrong or had a misconfiguration. I no longer attempt to use CtrlClnt from a commandline, only from scripts. OS: FreeBSD 5.3-RELEASE XMail seems to be running smoothly, but I cannot seem to access CtrlClnt. I created one user successfully, then it stopped working. If I changed something I can't remember what it was, and I've gone through all the processes again. When running a CtrlClnt command such as: /usr/bin/CtrlClnt -s mydomain.org -u postmaster -p password useradd mydomain.org newuser newpassword U where mydomain.org is the RootDomain, the command tries to run for over a minute, then gives this error: ErrCode = -162 ErrString = End of socket stream data I also noticed a socket bind error when starting up from command line: james# /var/MailRoot/bin/XMail -Md -Pl -Sl -Fl -Cl -Ll SMAIL thread [00] started SMAIL thread [01] started SMAIL thread [02] started SMAIL thread [03] started SMAIL thread [04] started SMAIL thread [05] started SMAIL thread [06] started SMAIL thread [07] started SMAIL thread [08] started SMAIL thread [09] started SMAIL thread [10] started SMAIL thread [11] started SMAIL thread [12] started SMAIL thread [13] started SMAIL thread [14] started SMAIL thread [15] started Socket bind error [XMail 1.21 POP3 Server] started [XMail 1.21 ESMTP Server] started [XMail 1.21 PSYNC Server] started [XMail 1.21 FINGER Server] started LMAIL thread [00] started LMAIL thread [01] started LMAIL thread [02] started I'm assuming these issues are related. I found a thread in the archive suggesting I may have some other mail service running and interfering, but I can't figure it out. james# netstat Active Internet connections Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 32 james.ssh 207.65.63.34.62315 ESTABLISHED tcp4 0 0 james.ssh 64-184-8-187.bb..50415 ESTABLISHED udp6 0 0 localhost.localh.55733 localhost.localh.55733 Active UNIX domain sockets Address Type Recv-Q Send-QInode Conn Refs Nextref Addr c25bf08c stream 0 00 c25c04ec0 0 c25c04ec stream 0 00 c25bf08c0 0 c25bf578 stream 0 0 c272a210000 /tmp/.s.PGSQL.5432 c25bf7a8 stream 0 00 c25bf834 00 c25bf834 stream 0 00 c25bf7a80 0 c25bfec4 stream 0 0 c25f421000 0 /var/run/devd.pipe c25c0a64 dgram 0 00 c25bfe38 0 c25bfc94 c25bfc94 dgram 0 00 c25bfe38 00 c25bfe38 dgram 0 0 c25c18400 c25c0a64 0 /var/run/log Could it be sendmail? I followed these instructions for replacing sendmail: http://www.ubaight.com/xmail/BeginnersGuide.html#SendmailScript james# ps aux | grep sendmail root394 0.0 0.1 1632 1100 con I+3:14PM 0:00.00 /bin/sh /usr/sbin/sendmail -L sm-mta -bd -q30m -ODaemonPortOptions=Addr=localhost root395 0.0 0.2 2772 1804 con I+3:14PM 0:00.01 /usr/sbin/sendmail.xmail -L sm-mta -bd -q30m -ODaemonPortOptions=Addr=localhost I have DBMail installed and running imap, but no other mail software. Any ideas? I'd really like to start using XMail! Ross Gohlke - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: PGP 7.0.4 -- QDPGP 2.65 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBQrPswa2RmIodDo7KEQLUygCgx3sm0UM4hxkv4TrykJTzSFhSdF4AoNfh 6y7mVYsw4sL2/VFN5wTveORq =Tdjk -END PGP SIGNATURE- - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For
[xmail] Re: Socket bind error
I don't see XMail (or the standard POP3/SMTP) ports anywhere (those being 110 and 25 or maybe 587). However, I think port 6017 is the XMail CtrlClnt port, so that should (possibly) be working. The ports you are listening on are: 22 (? - ftp?), 1 (?), 443 (HTTP/SSL), 80 (HTTP), 5432 (?), 514 (?), 6017(XMail CtrlClnt) - Maybe you need different command parameters for XMail than you have presently - you might try specifying the ports you want XMail to listern on for SMTP instead of all ports. Jeff Ross Gohlke wrote: Davide Libenzi wrote: On Fri, 17 Jun 2005, Ross Gohlke wrote: OS: FreeBSD 5.3-RELEASE XMail seems to be running smoothly, but I cannot seem to access CtrlClnt. I created one user successfully, then it stopped working. If I changed something I can't remember what it was, and I've gone through all the processes again. When running a CtrlClnt command such as: /usr/bin/CtrlClnt -s mydomain.org -u postmaster -p password useradd mydomain.org newuser newpassword U where mydomain.org is the RootDomain, the command tries to run for over a minute, then gives this error: ErrCode = -162 ErrString = End of socket stream data Try a: # netstat -t -n -a -p Thanks, I actually tried that (from another post in the archive): james# netstat -t -n -a -p netstat: option requires an argument -- p usage: netstat [-AaLnSW] [-f protocol_family | -p protocol] [-M core] [-N system] netstat -i | -I interface [-abdnt] [-f address_family] [-M core] [-N system] netstat -w wait [-I interface] [-d] [-M core] [-N system] netstat -s [-s] [-z] [-f protocol_family | -p protocol] [-M core] netstat -i | -I interface -s [-f protocol_family | -p protocol] [-M core] [-N system] netstat -m [-c] [-M core] [-N system] netstat -r [-AenW] [-f address_family] [-M core] [-N system] netstat -rs [-s] [-M core] [-N system] netstat -g [-W] [-f address_family] [-M core] [-N system] netstat -gs [-s] [-f address_family] [-M core] [-N system] james# netstat -t -n -a Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) tcp4 0 32 65.75.135.140.22 207.65.63.34.62315 ESTABLISHED tcp4 0 0 *.1*.*LISTEN tcp4 0 0 *.80 *.*LISTEN tcp4 0 0 *.443 *.*LISTEN tcp4 0 0 *.6017 *.*LISTEN tcp4 0 0 *.5432 *.*LISTEN tcp6 0 0 *.5432 *.*LISTEN tcp4 0 0 65.75.135.140.22 64.184.8.187.50415 ESTABLISHED tcp4 0 0 *.22 *.*LISTEN tcp6 0 0 *.22 *.*LISTEN udp4 0 0 *.1*.* udp6 0 0 ::1.55733 ::1.55733 udp4 0 0 *.514 *.* udp6 0 0 *.514 *.* Active UNIX domain sockets Address Type Recv-Q Send-QInode Conn Refs Nextref Addr c25bf08c stream 0 00 c25c04ec00 c25c04ec stream 0 00 c25bf08c00 c25bf578 stream 0 0 c272a210000 /tmp/.s.PGSQL.5432 c25bf7a8 stream 0 00 c25bf83400 c25bf834 stream 0 00 c25bf7a800 c25bfec4 stream 0 0 c25f4210000 /var/run/devd.pipe c25c0a64 dgram 0 00 c25bfe380 c25bfc94 c25bfc94 dgram 0 00 c25bfe3800 c25bfe38 dgram 0 0 c25c18400 c25c0a640 /var/run/log - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]