[xmail] Re: External authentication and Active Directory
Thanks for the pointer - I did check the xmailserver.org home page before, but my mind must not have registered NT Domain. Kirk -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tracy Sent: Thursday, May 31, 2007 7:21 PM To: xmail@xmailserver.org Subject: [xmail] Re: External authentication and Active Directory Kirk Friggstad wrote: Has anyone done any work with authenticating XMail against a Windows Active Directory system? Just curious if it can be done, if anyone has code to share, etc. before I go possibly re-inventing the wheel. Thanks! I wrote some code a while back to do that - but I haven't tested it in several versions of Xmail. Check on the Xmail site for a link for NT Domain Authentication. If you can't find it there, let me know and I'll dig up a copy on my system here and send it to you. - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] External authentication and Active Directory
Has anyone done any work with authenticating XMail against a Windows Active Directory system? Just curious if it can be done, if anyone has code to share, etc. before I go possibly re-inventing the wheel. Thanks! Kirk - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: AOL and Netzero
Not sure about Netzero, but for AOL blacklists/bounces, http://postmaster.aol.com/ is probably the best place to start. We recently had problems with messages from a mail server on our network (not XMail) that was being bounced by AOL, and we managed to get things figured out through information from that site, as well as a quick phone call with their Postmaster Services help desk. Their Feedback Loop service is a good thing - gives you a heads-up whenever AOL users report spam that originated in your IP block, helps you be proactive. Hope that helps. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Edmonds, J.B. Sent: Wednesday, April 18, 2007 2:03 PM To: xmail@xmailserver.org Subject: [xmail] AOL and Netzero I know there have been discussions on this subject but I cant find them in my archives. I am getting mail bounced from AOL and Netzero. Appears to treat me as SPAM and bounces the mail. I have reviewed all the documentation and I don't use SMTPRELAY. My users are authenticated via Outlook. Seems to me I remember that there are some setting to be changed or entries to make in a tab file to make AOL, etc play nice. Can someone help me out, or point me to the right place? JB Edmonds - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Email address reverse check
From http://xmailserver.org/Readme.html#server_tab_variables [AllowNullSender] Enable null sender ('MAIL FROM:') messages to be accepted by XMail. _ Kirk Friggstad - Sysadmin / Database Admin IRON Solutions: 109 Saskatchewan Ave E. Outlook, SK Canada S0L 2N0 Phone 1-306-867-6262 Toll-free 1-877-264-4766 Fax 1-800-665-9876 Email friggstadk@ironsolutions.com ¯ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Helio Cavichiolo Jr Sent: Friday, October 27, 2006 4:33 PM To: xmail@xmailserver.org Subject: [xmail] Email address reverse check I'm having problems sending messages to some servers that do reverse check because XMail demands email addresses enclosure with . Is there a way to inhibit this need? Take a look on this chat: helo220-host1.northweb.com.br ESMTP Exim 4.52 #1 Fri, 27 Oct 2006 18:22:29 -0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. corp.cobranet.com.br 250 host1.northweb.com.br Hello corp.cobranet.com.br [200.190.197.66] mail from: [EMAIL PROTECTED] 250 OK rcpt to: [EMAIL PROTECTED] 550-Callback setup failed while verifying [EMAIL PROTECTED] 550-(result of an earlier callout reused). 550-The initial connection, or a HELO or MAIL FROM: command was 550-rejected. Refusing MAIL FROM: does not help fight spam, disregards 550-RFC requirements, and stops you from receiving standard bounce 550-messages. This host does not accept mail from domains whose servers 550-refuse bounces. 550 Sender verify failed quit 221 host1.northweb.com.br closing connection - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Listen on specific IP addresses?
Hi Kay: It looks like you're running XMail on Windows, right? When XMail is run as a service on Windows, the command-line parameters (including -SI, etc.) are kept in a registry key - see the NT/Win2K section of the main XMail README file ( http://xmailserver.org/Readme.html#nt_win2k ) for more info. Hope this helps. Kirk -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kay Seljeseth Sent: Monday, June 26, 2006 2:32 PM To: xmail@xmailserver.org Subject: [xmail] Re: Listen on specific IP addresses? Thanks, but I'm experiencing problems when playing around with this option. I have tried to set it in different ways: a) Remove and add service with SI option: xmail --remove xmail --install -SI x.x.x.204 Afterwards XMail does answer on both the primary (204) and my spam designated IP address (233) using telnet on port 25 b) Xmail starting without knowing the IP address? Removed (233) IP address from IP Properties in XP Restarted XMail server Added IP address (233) in IP props Still XMail does answer on both the primary (204) and my spam designated IP address (233) using telnet on port 25 c) Running commandline c:\mailroot\bin\xmail -SI x.x.x.204:25 Still it does answer on the 233 address in addition to the 204 address. I have searched the registry to find a reference, without luck. Would be nice with an option like -SU ip:[port] to Unbind the xmail service? Pls.. any ideas? :) Kay -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Kielkopf Sent: 26. juni 2006 18:18 To: xmail@xmailserver.org Subject: [xmail] Re: Listen on specific IP addresses? Yes, the sending IP address is the server's primary address... but that shouldn't matter in his case. --John Rob Arends wrote: I seem to remember that the -SI option was for incoming, but the sending from xmail was still on the Servers primary Address - Please check the List Archive for verification, in case I'm wrong. Rob :-) _ Note To Self: Remember to put something witty here later... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Kielkopf Sent: Tuesday, 27 June 2006 12:25 AM To: xmail@xmailserver.org Subject: [xmail] Re: Listen on specific IP addresses? Use the -SI command line option. From: http://www.xmailserver.org/Readme.html#command_line -SI ip[:port] Bind server to the specified ip address and (optional) port (can be multiple). --John Kay Seljeseth wrote: We have been running XP and Xmail Server without any problems for a long time, but would now also like to run a spam filter (SpamFighter) on the same machine. Hence, we would like to use two IP addresses where the SpamFighter gets incoming mail first on one public SMTP IP address, checking the email and then forwarding it to the Xmail Server IP address, acting as a SMTP tunnel/Proxy. Does anyone know how we may configure XMail server to listen on a single specific IP address? We cannot use another port number as some domains should bypass the Spam filter. Thanks! Kay - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Attachment stripping filter?
Hi all: I'm wondering if anyone knows of a filter that will strip attachments (ideally, attachments over a certain kb threshold) from an incoming message, post them to a web-accessible directory, and insert a link to the stripped attachment into the message? I'd like to avoid re-inventing this, if something exists already. Thanks in advance Kirk - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: IP-based mail-before-smtp
Ross: Maybe I'm not understanding what you're asking for, but XMail does this sort of thing already without using a database - look in the README for [EnableAuthSMTP-POP3] (which is on by default), check the command-line parameter -Se (controls how long an IP address is valid based on POP3 login), and look in the user directory ($MAILROOT/domains/$DOMAIN/$USER/) for a file called .ipconn - that contains the IP address that a user last logged in from via POP3. As for it being a better solution - when you do a Send/Receive in MS Outlook, that's exactly what happens - it tries to send any mail in the Outbox first via SMTP, then checks mail via POP3. Depending on how often Outlook is set to check mail, and the -Se timeout parameter on XMail, XMail may refuse to relay the message, popping up an error dialog on the client machine, and often resulting in a call to support/help-desk/knowledgeable son-in-law. As for concerns about sending the password in plaintext - POP3 is plaintext and a much more likely target for someone sniffing for passwords, and XMail supports CRAM-MD5 for SMTP authentication (provided that the client supports it - I seem to remember that Outlook doesn't support this). If you're truly concerned about plaintext passwords being intercepted on the wire, you'd be better off to look into using SSL to encrypt connections (check the current mailing list thread on XMail + SSL patch). Hope this answers your questions - let me know if I missed anything. Kirk -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ross Gohlke Sent: Friday, September 09, 2005 1:38 AM To: xmail@xmailserver.org Subject: [xmail] IP-based mail-before-smtp Is it possible to poll a database (postgresql) for an IP address to authenticate SMTP sending? A user checks their email. Their IP is logged in the database. When they try to send an email through XMail, could you use a script in userauth/smtp to authenticate based on the IP? It doesn't seem that XMail can pass the IP. This seems like a better solution than plaintext password authentication, is there something I'm missing? Thanks, Ross - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Feature request: POP3 log - STATUS field
Greeting Davide (and everyone else): Would it be possible to add a STATUS field to XMail's POP3 logs - something to indicate whether a login was successful or not, and if not successful perhaps some indicator of why it failed? Something similar to the STATUS field in the SMTP logs would be great to have. We're just troubleshooting a POP3 connection for one of our users, and right now we're reduced to guesswork - we suspect that there is an open POP3 connection somewhere that is preventing any other logins to this account (this happened yesterday, restarting XMail resolved the problem, but it's happening again today). Concurrent POP3 logins are not allowed, if I remember correctly - if I'm wrong, please correct me. Thanks! Kirk - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: F-Prot?
Hi Dale: We've been using the workstation version of f-prot along with Peter Lindeman's AV filter for quite some time now (looks like since late 2003), and I haven't had any major problems with it (I seem to remember running into some sort of bug in v1.8 of the filter, but Peter was quite responsive and helpful in tracking it down and solving it - sorry, don't remember any further details on it other than I got a version of 1.9-pre before the official 1.9 release). Anyhow, we've been pretty happy with it. Let me know if you have more questions. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dale Qualls Sent: Tuesday, June 28, 2005 7:46 AM To: xmail@xmailserver.org Subject: [xmail] F-Prot? Long time no post (all has been running great, knock on wood). Is anyone using FSI's f-prot along with Pete Lindemann's (sp?) av filter? Are you happy with it? Are you using a workstation or server version and does it really matter which you use? Any/all information is welcome. Thanks! ** The preceding message and any attachments may contain confidential information protected by the attorney-client or other privilege. If you believe that it has been sent to you in error, please reply to the sender that you received the message in error and then delete it. Nothing in this email message, including the typed name of the sender and/or this signature block, is intended to constitute an electronic signature unless a specific statement to the contrary is included in the message. ** - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Spammers / viruses bypassing MX records?
Hey all: We've recently installed a Barracuda (rack-mount spam firewall based on Spam Assassin, also does virus scanning) on our network in front of our XMail system, and pointed our MX records to deliver mail to the Barracuda instead of directly to our server. This change was made over a month ago, but we still find some spammers and viruses (especially W32/Zafi.B) are delivering directly to our XMail server instead of following the MX records to the Barracuda. The mail server is not at the same IP address as our default @ record for the domain, but it does have A records for mail and smtp. First question: has anyone seen behavior like this before (bypassing MX records)? Second question: is there any way to configure XMail to block any unauthenticated request from untrusted IP addresses (not in SMTPRELAY.TAB), but still allow mail from the Barracuda to come in (obviously the Barracuda is in SMTPRELAY.TAB) and allow our users to relay with authentication? Thanks in advance for any advice and/or insights! Kirk - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Spammers / viruses bypassing MX records?
If you have a publicly accessable IP address on your server it will always be open to smtp traffic regardless of MX records. Does your Barracuda device also contain a stateful firewall? Firewall is perhaps too strong of a word for what the Barracuda does - it accepts incoming SMTP connections with recipients in domains that we host, does spam filtering and virus scanning, then relays it to our XMail server. It does not have separate network interfaces, does not proxy POP3 connections, and does not relay mail to any other server not specified in it's configuration. We need to maintain our public IP address for our XMail server, as we provide e-mail service to a number of our customers, including authenticated SMTP relay. I guess what I'm really looking for is a way to configure XMail to only accept incoming SMTP connections if they are (A) authenticated or (B) from a trusted subnet. According to the docs, it appears that adding [SmtpConfig] mail-auth to my SERVER.TAB might work, but it doesn't state whether SMTPRELAY.TAB entries will bypass this check, and I don't currently have a system to test this on, and I'd rather not play with the config on our production system. Again, any insight is appreciated. Thanks! Kirk - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: XMail quota monitor
Looks like that perl script was originally written for Windows - you're going to need to change the first line: #/usr/bin/perl to #!/usr/bin/perl (note missing bang) - and verify the path to your copy of perl. You also need to go through the script and update paths in the User Configurable Settings block of code. Hope that helps. Kirk -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Fred Sent: Thursday, April 29, 2004 3:02 PM To: [EMAIL PROTECTED] Subject: [xmail] Re: XMail quota monitor Thanks for the reply Shawn, this is exactly what i need but unfortunately the script does not work :( I tried it on a redhat-8.0 box and on a FreeBSD-4.8 box, both are running perl-5.8.0. Do you know what is going on here: [EMAIL PROTECTED] bin]# ./xmailquotamonitor.pl .../xmailquotamonitor.pl: line 35: use: command not found .../xmailquotamonitor.pl: line 36: use: command not found .../xmailquotamonitor.pl: line 43: =: command not found .../xmailquotamonitor.pl: line 44: =: command not found .../xmailquotamonitor.pl: line 45: =: command not found .../xmailquotamonitor.pl: line 48: =: command not found .../xmailquotamonitor.pl: line 50: =: command not found .../xmailquotamonitor.pl: line 53: =: command not found .../xmailquotamonitor.pl: line 56: =: command not found .../xmailquotamonitor.pl: line 57: =: command not found .../xmailquotamonitor.pl: line 58: =: command not found .../xmailquotamonitor.pl: line 59: =: command not found .../xmailquotamonitor.pl: line 63: =: command not found .../xmailquotamonitor.pl: line 71: =: command not found .../xmailquotamonitor.pl: line 72: .=: command not found .../xmailquotamonitor.pl: line 73: .=: command not found .../xmailquotamonitor.pl: line 74: .=: command not found .../xmailquotamonitor.pl: line 75: .=: command not found .../xmailquotamonitor.pl: line 76: .=: command not found .../xmailquotamonitor.pl: line 77: .=: command not found .../xmailquotamonitor.pl: line 78: .=: command not found .../xmailquotamonitor.pl: line 79: .=: command not found .../xmailquotamonitor.pl: line 80: .=: command not found .../xmailquotamonitor.pl: line 81: .=: command not found .../xmailquotamonitor.pl: line 82: .=: command not found .../xmailquotamonitor.pl: line 83: .=: command not found .../xmailquotamonitor.pl: line 84: .=: command not found .../xmailquotamonitor.pl: line 87: =: command not found .../xmailquotamonitor.pl: line 89: my: command not found .../xmailquotamonitor.pl: line 90: my: command not found .../xmailquotamonitor.pl: line 92: my: command not found .../xmailquotamonitor.pl: line 95: my: command not found .../xmailquotamonitor.pl: line 96: my: command not found .../xmailquotamonitor.pl: line 98: chomp: command not found .../xmailquotamonitor.pl: line 104: syntax error near unexpected token `0,' .../xmailquotamonitor.pl: line 104: `Output (0, XMQuotaMonitor);' [EMAIL PROTECTED] bin]# fred -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shawn Anderson Sent: 29 avril, 2004 16:36 To: [EMAIL PROTECTED] Subject: [xmail] Re: XMail quota monitor Check out: http://xmail.eye-catcher.com/Community/Downloads/General/60.aspx Shawn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fred Sent: Thursday, April 29, 2004 4:28 PM To: [EMAIL PROTECTED] Subject: [xmail] XMail quota monitor Hi, maybe someone already written a script that does what i need, if yes please post the url. I need something that will monitor all the mailboxes of my xmail server to make sure the sum of all messages in each mbox isn't bigger than specified in user.tab. If bigger, the script would send an email to me so I can contact the user before he starts crying a river. fred - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Outlook / xmailserver prob?
Hi Kay: We've had the same thing happen here, and the best answer that I can come up with is: magic_8_ballOutlook not so good/magic_8_ball Seriously, though, we've had lots of problems with Outlook 98 and Outlook 2000 when set to leave mail on the server. It's been happening for years, and not just with XMail but with other mail servers we've used in the past. off_topicI happen to live in a town called Outlook - it's actually quite nice here, I don't understand why the Magic 8-ball keeps putting it down.../off_topic :-) Kirk -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kay Seljeseth Sent: Wednesday, April 21, 2004 6:17 AM To: [EMAIL PROTECTED] Subject: [xmail] Outlook / xmailserver prob? I am experiencing that mails are being downloaded multiple times by the same Outlook client. Setup is a new install of xmailserver 1.18 on W2K and Outlook 2002-sp2 clients reading from the same mail account with the option to leave messages on the server for 10 days in order to allow for the different clients to read all the mails. For example the mail with header shown below has been picked up by Outlook 5-6 times to the same client. It does appear as if Outlook does not recognise that the mail has been downloaded already now and then. Sometimes the mailbox is flooded with duplicated mails. Anyone have an idea what this can be? Thx! Kay Seljeseth Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: from x35.xmailserver.org (192.168.1.131:15781) by usertrade.com with [XMail 1.18 (Win32/Ix86) ESMTP Server] id SEE for [EMAIL PROTECTED] from [EMAIL PROTECTED]; Fri, 16 Apr 2004 22:44:50 +0200 Received: from SMTP agent by mail gateway Fri, 16 Apr 2004 22:52:19 --100 Received: from x35.xmailserver.org (127.0.0.1:51500) by localhost.localdomain with [XMail 1.19 (Linux/Ix86) ESMTP Server] id S11789D for [EMAIL PROTECTED] from [EMAIL PROTECTED]; Fri, 16 Apr 2004 14:04:53 -0700 Received: with ECARTIS (v1.0.0; list xmail); Fri, 16 Apr 2004 14:04:42 -0700 (PDT) Received: from avs2.arnes.si (193.2.1.75:62648) by xmailserver.org with [XMail 1.19 (Linux/Ix86) ESMTP Server] id S117895 for [EMAIL PROTECTED] from [EMAIL PROTECTED]; Fri, 16 Apr 2004 14:04:42 -0700 Received: from localhost (avs2.arnes.si [193.2.1.75]) by avs2.arnes.si (Postfix) with ESMTP id 1C441D18B5 for [EMAIL PROTECTED]; Fri, 16 Apr 2004 23:04:21 +0200 (CEST) Received: from avs2.arnes.si ([193.2.1.75]) by localhost (avs2.arnes.si [193.2.1.75]) (amavisd-new, port 10024) with ESMTP id 23754-04 for [EMAIL PROTECTED]; Fri, 16 Apr 2004 23:04:20 +0200 (CEST) Received: from xmail.homelinux.net (cmb16-74.dial-up.arnes.si [194.249.51.74]) by avs2.arnes.si (Postfix) with ESMTP id C1A95D1870 for [EMAIL PROTECTED]; Fri, 16 Apr 2004 23:04:19 +0200 (CEST) X-Virus-Scanner: This message was checked by NOD32 Antivirus system NOD32 for Linux Mail Server. For more information on NOD32 Antivirus System, please, visit our website: http://www.nod32.com/ Received: from stupar.homelinux.net (master [192.168.10.1]) by xmail.homelinux.net (8.12.8/8.12.5) with ESMTP id i3GL4JaQ005076 for [EMAIL PROTECTED]; Fri, 16 Apr 2004 23:04:19 +0200 Message-ID: [EMAIL PROTECTED] Date: Fri, 16 Apr 2004 23:04:19 +0200 From: Sasa Stupar [EMAIL PROTECTED] User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; sl-SI; rv:1.6) Gecko/20040113 X-Accept-Language: sl, en-gb, en MIME-Version: 1.0 To: Xmail-ML [EMAIL PROTECTED] Subject: [xmail] New wish Content-type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-Virus-Scanned: by amavisd-new at arnes.si X-ecartis-version: Ecartis v1.0.0 Sender: [EMAIL PROTECTED] Errors-to: [EMAIL PROTECTED] X-original-sender: [EMAIL PROTECTED] Precedence: bulk Reply-to: [EMAIL PROTECTED] X-list: xmail - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Catch-All configuration for a domain
Hi Noor: If I understand you right, it is possible to do this right now in XMail. Here's what I do: 1) Create a user called default (this is just my name for it, call it whatever you want) 2) Create a forward for that user using a mailproc.tab to the target e-mail address 3) Create an alias for that user using the * wildcard. This will forward all mail sent to a particular domain to a single e-mail address, regardless of the requested e-mail address at that domain. Hope that helps. Kirk -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Noor Dawod Sent: Friday, April 02, 2004 5:33 PM To: [EMAIL PROTECTED] Subject: [xmail] Re: Catch-All configuration for a domain Hi Bill, Thanks for the detailed explanation. I understood everything you've written, and I'm sure that I could do that in XMAIL. The one thing that is missing, still, is the ability to forward an E-mail without knowing where it's going. Think of it like this: I only know the domain name, and I want to forward each and every message that that domain is getting, to another e-mail address. What you suggested works well when I know that a specific USER wants to forward all messages to another EMAIL. What I am asking is how to forward an entire DOMAIN, regardless of the [EMAIL PROTECTED], to another EMAIL address. Do you get it? Noor -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Toby Reiter Sent: Saturday, April 03, 2004 1:01 AM To: [EMAIL PROTECTED] Subject: [xmail] Re: Catch-All configuration for a domain Sure Bill. In Postfix, I had a file named ``virtual`` that had two columns, left one is the source address/alias/domain, and the right is the destination/forwarded email address(es). Observe an example: # forward one email in domain.name [EMAIL PROTECTED] [EMAIL PROTECTED] # forward one email in domain.name to another user in same domain [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] # forward entire same-domain.name to domain.name @same-domain.name @domain.name Is this more clear now? Noor Noor, This can be done in XMail right now, using the standard means for editing settings. Frankly, my favorite way to do this is using one of the GUI/Web style interfaces available. My favorite is at: https://sourceforge.net/projects/phpxmail In any case, you would first create an alias for the domain.name domain, with global pointing to [EMAIL PROTECTED] (assuming you control another-domain.name. if you don't, it should be set up a forward in mailproc.tab). If you were directly editing your aliases.tab file, it would look like this: domain.name[tab]global[tab][EMAIL PROTECTED] You would then set up all the aliases that point to the global address: domain.name[tab]info[tab][EMAIL PROTECTED] domain.name[tab]jobs[tab][EMAIL PROTECTED] domain.name[tab]support[tab][EMAIL PROTECTED] For the one user address, that would be domain.name[tab]user[tab][EMAIL PROTECTED] e If both the global and user domains are forwards to different mailservers, they would be stored in: /var/MailRoot/domains/domain.name/global/mailproc.tab and /var/MailRoot/domains/domain.name/user/mailproc.tab and where /var/MailRoot/domains/domain.name/global/mailproc.tab looks like: redirect[tab][EMAIL PROTECTED] and /var/MailRoot/domains/domain.name/user/mailproc.tab looks like: redirect[tab][EMAIL PROTECTED] Your last rule is done using the aliasdomains.tab file: same-domain.name[tab]domain.name Let me know of any of this helps (or if you get confused, or if I've got it all wrong). Have a great weekend, Toby -- Toby Reiter mailto:[EMAIL PROTECTED] Breezing Internet Communications http://www.breezing.com 1106 West Main Stphone:434.295.2050 Charlottesville, VA 22903fax:603.843.6931 - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: OT: Port forwarding / redirection
You realize that XMail can listen on more than one port for SMTP, right? Check out the -SI commandline parameter in the documentation. For example: -SI 192.168.0.1:25 -SI 192.168.0.1:2500 would set XMail to listen to port 25 and 2500 for incoming SMTP connections on 192.168.0.1 - no tunneling software, etc. needed. For the Windows version, you'll need to add this to the XMAIL_CMD_LINE value of the HKEY_LOCAL_MACHINE\SOFTWARE\GNU\XMail\ registry key. We've been using this type of configuration for quite some time to help our remote users who are stuck with Earthlink or other ISPs that block port 25 outgoing. There you go - no muss, no fuss, no Cygwin, no SSL/SSH tunneling... hope that helps! Kirk -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Tracy Sent: Friday, March 26, 2004 1:40 PM To: [EMAIL PROTECTED] Subject: [xmail] OT: Port forwarding / redirection I know this is OT for this list, but it does apply peripherally. Shoot if you must...:) I am using Xmail 1.17 on Windows 2000 Server. It's working just fine (except for a minor bug I introduced when modifying the code - but I'll clean that up when I migrate to 1.18). However, I have some remote users who are on networks that are blocking port 25. Now, I understand the reasons behind port 25 blocking, and I agree with them (for the most part). However, the users in question are reputable, and need to be able to send their mail through my server (rather than through the servers on the networks they are connected to). The simple answer, of course, is to set up a second SMTP listener on the machine, listening on a different port. But I don't want to have to set up a second instance of XMail (with all the attendant configuring and spam issues and whatnot), so I'm looking around to see if anyone knows of a way (either using Windows itself, or some trusted piece of software that won't run the system into the ground) to redirect connections from one port to another. For example, having a remote user connect to port 587 instead of 25, and having that connection redirected to the existing SMTP listener on port 25. I've considered using a proxy server, but I can't find any that are both trustworthy and lightweight enough for me to be comfortable with them. I'm not looking for a secure setup here - anything coming into this port will be treated just as a standard SMTP connection (meaning all the spam filtering and relay blocking of my main server will be in effect). So, SSH tunneling and such things are not really what I'm after (perhaps at some future point, for secure email services, but not now). Oh, and if at all possible, I'd like to avoid things like Cygwin - I've never had good luck with using it... Thanks for any suggestions (even if they amount to go soak your head...:) - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: How to specify a multi-line reject message for Xmail?
If I may jump in here with a comment on your spam-blocking method... We've just been through hell with an ISP who uses a similar blocking scheme (blocking IP addresses in the headers of reported spam messages). We have a forwarding mail account set up for one of our out-of-office sales reps - [EMAIL PROTECTED] forwarding to [EMAIL PROTECTED] (obviously, names have been changed). Our sales rep had spam sent to the [EMAIL PROTECTED], and proceeded to report it to hisISP.net. hisISP.net then blocked all messages sent through our mail server, which effectively cut us out of any communication with our sales rep. After about a week's worth of phone calls between our rep, our tech guys, and hisISP.net, we managed to get our server whitelisted at hisISP.net - although our whitelist entry apparently disappeared a few days later, and we had to do the whole thing again to get back into the whitelist. The point of this story - the collateral damage of this type of blocking scheme may outweigh it's effectiveness. Not saying that it will in your case, but just something to keep in mind. Kirk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Tracy Sent: Sunday, December 28, 2003 12:10 PM To: [EMAIL PROTECTED] Subject: [xmail] How to specify a multi-line reject message for Xmail? I am attempting to modify the SmtpMsgIPBanSpammers (and similar) messages in server.tab to allow me to return a multi-line message in response to such an error. Specifically, I want to return something along the lines of: 550-5.7.1 Your IP address has been found in the headers of spam sent to this 550- network. All mail from your IP address will be refused. Do not attempt to 550-resend your message. If you have questions about this rejection, you 550-may send mail to [EMAIL PROTECTED] or you may visit: 550 http://www.arisiasoft.com/Mailblock/blocked.aspx I had thought I could just separate the lines using \r\n but that didn't work - the literal string \r\n got send as part of the message (rather than being interpreted into CRLF). Any suggestions on this? - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: How to specify a multi-line reject message for Xmail?
You're absolutely right that I don't know anything about your methods - my apologies. The proposed multi-line reject message appeared very similar to the error messages produced by the remote mail server in our incident, and the line Your mail server's IP address has been found in the headers of spam received by this domain on the page referenced by the error message led me to jump to conclusions. Thanks for sharing the details of your system - it's sounds like a pretty good system, and should have very little collateral damage on a system of your size. It's Monday - I'll shut up now. :-) Kirk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Tracy Sent: Monday, December 29, 2003 10:00 AM To: [EMAIL PROTECTED] Subject: [xmail] Re: How to specify a multi-line reject message for Xmail? snip Not to be obstinate or anything, but you really don't know anything about my blocking methods here... snip - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: av script not stopping
Hi Benny: Funny - never thought to try that myself - I'll try playing around with that myself next time I see a hung process. However, the file in the slog directory is substantially different from the message in the mess directory - the file is a log of XMail's delivery attempts for the message (good for debugging frozen and/or bounced messages). If you're looking for an actual message file in the correct spool format, you'll probably want to log in the froz directory instead. Kirk -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Benny Sent: Tuesday, December 09, 2003 10:25 AM To: [EMAIL PROTECTED] Subject: [xmail] Re: av script not stopping Ok guys... let me know if any of you have seen this or tried this. I took the process that was running in limbo and ran it from command. All the sudden the below message kept on repeating. I had to press CTRL+C to stop it. Here is my command and the output: COMMAND --- /usr/bin/perl -w /var/MailRoot/filters/checkvirus.pl /var/MailRoot/spool/14/13/slog/1059064707303.376856.localhost [EMAIL PROTECTED] [EMAIL PROTECTED] 1059064707303.376856.localhost --- OUTPUT --- Use of uninitialized value in string ne at /var/MailRoot/filters/checkvirus.pl line 772, MAILFILE line 7. Use of uninitialized value in index at /var/MailRoot/filters/checkvirus.pl line 774, MAILFILE line 7. --- I have no clue, but if I had to press control + c to manually stop this than I can only assume that each of the processes are doing the same thing and so that is why it is so intense on the system. The thing I did change between the command listed in the process and the command you see above is that I had to pull a message from the slog directory instead of the mess directory, because there were no messages in the mess directory. ben - Original Message - From: Jeffrey Laramie [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 10:09 AM Subject: [xmail] Re: av script not stopping On Tuesday 09 December 2003 10:58, you wrote: Hey Ben: I'm also one of the ones experiencing problems with Peter's AV script. From past discussion here, it doesn't seem to matter which virus scanner is used (F-Prot and ClamAV are the ones reported so far), what version of XMail (seen people reporting this problem with 1.15, 1.16, and 1.17), or what Linux distro (RedHat, Mandrake, SuSE). In my case, the AV script is the only filter in use. If you'd like to review, the original thread regarding this problem is online in the XMail archive: http://www.mail-archive.com/xmail%40xmailserver.org/msg07865.html I don't think the script version is the issue either since I had processes hang recently with AV script 1.7 and I know others were using 1.8. The weird thing is that this just started happening to configurations that have worked fine in the past. Jeff - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: av script not stopping
Hi Jeff: That thought had occurred to me - but since (at least in my case) by the time I notice a hung filter, the file is no longer in the spool, I haven't had a chance to examine it. Looking through the filter errors in my /var/log/messages, the sender's addresses all look spammy, so maybe there's a fubar spam mailer out there that has some screwed headers etc. in it? Again, without being able to recover the actual message spool file, there's no way to tell, and I'm just making (hopefully educated) guesses... Kirk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jeffrey Laramie Sent: Tuesday, December 09, 2003 10:48 AM To: [EMAIL PROTECTED] Subject: [xmail] Re: av script not stopping On Tuesday 09 December 2003 11:37, you wrote: Hi Benny: Funny - never thought to try that myself - I'll try playing around with that myself next time I see a hung process. However, the file in the slog directory is substantially different from the message in the mess directory - the file is a log of XMail's delivery attempts for the message (good for debugging frozen and/or bounced messages). If you're looking for an actual message file in the correct spool format, you'll probably want to log in the froz directory instead. Kirk OK, here's a crazy thought. Benny hung the script by read an incorrectly formatted file. Could there be an exploit out there that screws with the mail headers and causes the same problem? Just throwing out ideas here. Jeff - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Anti Virus Filter - log entry question
Hi Sasa: This problem seems to not be related to a particular mailbox or domain - we have over 1800 users in 470 domains, with an average of around 11600 incoming SMTP messages per day (roughly 70 viruses caught by the filter), and these errors (according to the entries in /var/log/messages) involve multiple users and domains. Kirk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Sasa Stupar Sent: Friday, December 05, 2003 12:23 AM To: [EMAIL PROTECTED] Subject: [xmail] Re: Anti Virus Filter - log entry question Is this problem on particular mailbox or random? I had similar issues but I have found out that somehow the particular mailbox was corrupted so I have just recreated mailbox and after it works fine. --Sasa - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Anti Virus Filter - log entry question
Hi Peter: I'd be more than willing to put a debug version of your script in place on my server - we have this problem pretty regularly (i.e. at least once every 24-48 hours), I've got lots of disk space for logging debug messages, and I'd love to see this problem disappear. Would be nice to narrow down if it's one of the external processes hanging (i.e. F-Prot, reformime, etc.). Our system monitors detect this problem fairly quickly and alert me (e-mail to SMS gateway to my cell), but if I'm outside of my cell coverage (happens occasionally - I'm in rural Canada, sometimes digital coverage is spotty) or away from an Internet connection, our systems can bog down and become completely unresponsive... which doesn't make our customers and my co-workers very happy. :-O Anyhow, if you have any sort of a debug version of the script, please let me know and I'll put it in place on our system. Thanks! Kirk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Peter Lindeman Sent: Friday, December 05, 2003 9:03 AM To: [EMAIL PROTECTED] Subject: [xmail] Re: Anti Virus Filter - log entry question I have seen this in the past also but have no clue yet what causes this problem. At my site I haven't seen it for months now. Perhaps version of virusscanner depends if this problem occurs. So if anybody got a clue I'm interested ;-) -- Groeten, Peter - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] RE: [xmail] Anti Virus Filter - log entry question
Hi Phil: I've been getting similar error messages on our Linux XMail box with AV Filter - Filter error (-5). In our case, when the filter fails, it starts using CPU cycles at an incredible rate, like it's stuck in an infinite loop or something. When enough of these filters fail (in our case, a couple dozen), the server becomes extremely unresponsive, to the point where it takes nearly 20 minutes to me to SSH in, start top, and kill all the hung filter processes. (Yes, it would probably be easier to just hit the reset button, but this server is in a co-lo facility 100 km away, and I like uptime stats :-) ) Our system: XMail 1.17 (built from source, stock) RedHat Linux 9.0 (upgraded from RHL 7.3, plus additional updates from RHN) F-Prot antivirus 4.3.1 for Linux (installed from RPM) AV Filter 1.8 There doesn't seem to be any pattern to the failures on our system - sometimes the system will run fine for 24 hours or more without any hanging filters, and then suddenly 3 or 4 of them will hang within the span of 10 seconds. We do not have any other filters running on XMail. I have no idea if the problem lies in XMail, in Peter's filter, or possibly even in F-Prot (gotta love debugging processes involving multiple programs and vendors). Anyone else out there having a similar problem? Phil, what anti-virus are you using with AV Filter? Thanks to all. Kirk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Philipp Ringli Sent: Thursday, December 04, 2003 2:24 AM To: [EMAIL PROTECTED] Subject: [xmail] Anti Virus Filter - log entry question hi all, i seem to have some problems with the Anti Virus Filter 1.8 (http://www.lindeman.org/filters.html). my MDK 9.2 box went black. i mean, i had to press the reset button. could this have caused it? maybe someone has a clue on these log entries? (/var/log/messages): Dec 2 19:55:26 ns1 XMail[2680]: Filter error (-5): Sender = [EMAIL PROTECTED] Recipient = [EMAIL PROTECTED] Filter = /var/MailRoot/filters/checkvirus.pl Dec 2 19:55:32 ns1 CROND[10009]: (root) CMD ( /usr/share/sshd-monitor/sshd-restarter) Dec 2 19:59:04 ns1 XMail[2680]: Filter error (-5): Sender = [EMAIL PROTECTED] Recipient = [EMAIL PROTECTED] Filter = /var/MailRoot/bin/sa_filter.pl Dec 2 20:01:30 ns1 CROND[10025]: (root) CMD (nice -n 19 run-parts /etc/cron.hourly) cheers, phil sichtwerk gmbh http://www.sichtwerk.com - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Create a message file to be sent
http://www.xmailserver.org/Readme.html#xmail_local_mailer That should answer your question. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Vitor Renato Alves de Brito Sent: Monday, November 10, 2003 11:40 AM To: [EMAIL PROTECTED] Subject: [xmail] Create a message file to be sent Hi, Can I create a message by hand, in a text file named like 1068433237340.135029760.server.domain.com.br with all headers, RFC compliant and put it to a xmail spool dir to be send by xmail? If yes, which spool dir? temp, mess, froz, rsnd? Até mais, --- Vitor Renato Alves de Brito - System Manager Arte Final Provedor Internet - http://www.artefinal.com.br Alfenas/Lavras - Sul de Minas Gerais --- Esta mensagem foi verificada pelo e-mail protegido Arte Final Antivírus: F-Prot / Versão: 4.1.1 / Atualizado em: 8-Nov-2003 Proteja o seu e-mail com a Arte Final - http://www.artefinal.com.br - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: XMail + Scope + SA on Win32
I'm not using SCOPE on Win32, but I did notice the site looked strange as well. I e-mailed them about it yesterday - here's what Thomas told me: ---BEGIN QUOTE--- hehe, I am compiling a version of apache right now that can handle that stuff you just saw. Hang on ;) Thing is I just relocated my server the other day and thought it was a good time to switch OS aswell, so I am currently rebuilding my setup from scratch. As for Scope I have a new fresh version about roll out very soon. ---END QUOTE--- Sounds like he's having fun. :-) He said he'd send me the updated URL when he has the new version of Scope posted - I would assume he'll post it to the list as well. __ IRON Solutions, LLC - Kirk Friggstad SQL DBA / Project Manager 109 Saskatchewan Ave E. Outlook, SK Canada S0L 2N0 Phone: 1-306-867-6262 [EMAIL PROTECTED] Toll-Free: 1-877-264-4766 ext 6262ICQ 17626817 Fax: 1-800-665-9876 www.ironsolutions.com __ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Edinilson J. Santos Sent: Friday, October 03, 2003 12:12 PM To: [EMAIL PROTECTED] Subject: [xmail] XMail + Scope + SA on Win32 Is someone using SCOPE (http://www.saltstorm.net/depo/scope/) together with Spamassassin on Win 32? The site is opening very strange for me, in unformatted text. Edinilson - ATINET-Professional Web Hosting Tel Voz: (0xx11) 4412-0876 http://www.atinet.com.br --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.522 / Virus Database: 320 - Release Date: 29/09/2003 - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Clam AV?
From a comp.os.linux.security posting from March 3, 2003: However, use it [ClamAV] at your peril. Clam AntiVirus uses the OpenAntivirus virus database. It is in an early development state and members of the OpenAntivirus group say that it should be regarded as a toy at present. It is not up-to-date and tests by the group using it have found that the database does not (yet) trap many ITW (in the wild) viruses. They have consistently told me that they have asked Clam Antivirus NOT to use their database in Clam Antivirus. (found on Google groups - search for clam antivirus and old rocker should have this posting as the top result) Took a quick peek at Open Antivirus' page on SourceForge - the virus signature database they have there is dated back to May of 2002, so I'd be inclined to agree with the person who posted the above message to Usenet. Hope this helps. We just implemented F-Prot with Peter Lindemann's AV script this past week - we're averaging about 3000 viruses per day (mostly Sobig, with a sprinkling of Klez, Bugbear and other classics). Very happy with it so far - the price tag wasn't insignificant, but it was much less than it would have been for a commercial mail package with integrated virus scanning. Kirk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Filip Sent: Thursday, August 28, 2003 4:50 PM To: Toby Reiter Subject: [xmail] Re: Clam AV? Hi, I have a collection from viruses my av-filter (linked on xmailserver.org) caught using f-prot. I compared clamav and f-prot on Linux RH 9 : #clamscan /var/MailRoot/filters/XM_Fprot_Filter/InfectedMessages/ Scanned files: 94 Infected files: 41 #f-prot /var/MailRoot/filters/XM_Fprot_Filter/InfectedMessages/ Files: 94 Infected: 92 Suspicious: 1 Any other experience or comment on this ? -- Fil. - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: how can I send to AOL users
I'm not so sure that turning off RDNS for dial-up/dynamic is a good idea. RDNS checks aren't just used by SMTP relay blockers. For example: until a few years ago, it was illegal in the United States for a company to export high encryption (that's a whole other story, though), so download sites for high encryption products in the U.S. had to use RDNS checks to confirm that the person downloading was from the U.S. or Canada. (The reason I remember this so well is that the non-profit ISP that I volunteered with (and had my dial-up access through) had problems with RDNS, and so I was unable to download encryption products (at that point in time, 128-bit Netscape Navigator - gads, that was a while ago) until we got the RDNS fixed.) For another example (just discovered this today at http://www.mynetwatchman.com/kb/security/ports/17/137.htm - scroll down to the False Positives section at the end) - on a Windows web server, if Netbios is bound to the public IP address of the server, IIS will attempt to do a direct Netbios query back to the client if RDNS fails. This causes (a) unnecessary network traffic and (b) false alarms on firewalls, etc. Which reminds me - I need to check on my Netbios bindings on my Windows boxes... In short - RDNS ain't just for servers. Of course, that's just my 2 cents - your mileage may vary. Kirk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Tracy Sent: Thursday, June 12, 2003 3:46 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [xmail] Re: how can I send to AOL users At 17:16 6/12/2003, Michael Harrington wrote: Honestly, can you blame AOL for doing this? I can't even count how much SPAM gets thrown at our system from people using their cable or DSL lines. No, I can't blame them for wanting to stop some of the spam. But one of the best solutions I've seen proposed to date has nothing to do with running regex's on DNS names. It's very simple, and very cost effective. Have the ISPs who allocate IP pools for dynamic assignment or for dialup users remove the PTR records for those addresses, and let mail servers do RDNS checks. This serves three purposes: 1) It gives a simple, quick, and reasonably accurate measure of whether an IP address is intended to be a server (no PTR record = no server) 2) It is nearly costless to implement on both sides (removing PTR records is a one-time operation, and can be done quickly; and setting up an RDNS check for incoming connections should be a simple matter in most mail server software - or even on a firewall or portal before it gets to the mail server). 3) It helps prevent users of dynamic or dialup IP addresses from running server packages in contravention of their ISP's AUP and contract. I know that my own ISP does this - I had to explicitly ask for RDNS to be set up on my IP block (I have a 16 address subnet allocated from my ISP). And several other ISPs in the area also do this (set up RDNS only on request, and often charge an additional monthly fee for the service). The number of messages you stop vs. the number of legitimate email messages makes the concept seem worth it to me. I'm glad I don't have AOL or Hotmails systems. They could probably cut their systems in half if it weren't for the junk mail that they're having to process. The same thing could be said from the other side. Do you have any idea how many spam mails I could block from my server by rejecting anything with aol.com or hotmail.com in the envelope sender? And, honestly, for my own mail server here, I could do that with near 0% casualties to legitimate mail. But would that be ethical as a postmaster to do? I don't think so - just as I don't really think that their solution is ethical. Sure, it's their network, and they can make the rules they want, but... Spam may not realistically cost end users that much money, but it definatly costs ISPs money in bandwidth and storage for all that junk. Well, I'm a *small* operation - my mail server handles traffic for three domains, containing a total of about 30 users. My average throughput is around 2000 messages a day. However, out of that 2000 messages, nearly 70% is spam. But I've not found it necessary to result to regex operations on DNS names. Actually, I should say that nearly 70% *was* spam - after having spent a couple of weeks playing with various DNSBLs and assessing their collateral damage, and playing with RDNS checks and assessing the damage there, I've reduced the spam to under 25% of the daily flow - and I'm expecting to reduce it further by tuning the DNSBLs. Granted that 25% of the total traffic is still a whale of a lot of messages, but it's a lot better than 70%. - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to