qmail Digest 2 Apr 2000 10:00:01 -0000 Issue 959 Topics (messages 39412 through 39432): Re: Poor documentation of anti-spam options? 39412 by: Paul Schinder 39413 by: Len Budney 39418 by: Patrick Bihan-Faou 39419 by: Len Budney 39420 by: Patrick Bihan-Faou 39421 by: Peter van Dijk 39422 by: Patrick Bihan-Faou 39425 by: richard.illuin.org 39432 by: Michael Raff Re: qmail-lspawn # Using qmail-local to deliver messages to ~/Mailbox by default.??./Maibox 39414 by: Peter van Dijk 39415 by: Peter van Dijk Re: Relay based on IP 39416 by: Irwan Hadi spam 39417 by: chris.pds2k.com Re: Problem: 552 max. message size exceeded 39423 by: D. J. Bernstein Re: Virtual Users ? 39424 by: Michael Boman Re: qmail success 39426 by: Charles Cazabon 39427 by: markd.bushwire.net 39428 by: markd.bushwire.net "special" chacters in .qmail filenames 39429 by: Mark E. Drummond tcpserver accept netmasks? 39430 by: John Conover 39431 by: Chris Johnson Administrivia: To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To subscribe to the digest, e-mail: [EMAIL PROTECTED] To bug my human owner, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] ----------------------------------------------------------------------
At 11:53 PM -0500 3/31/00, Patrick Bihan-Faou wrote: >Hi, > >From: "Paul Schinder" <[EMAIL PROTECTED]> >> At 3:06 PM -0500 3/31/00, Dave Sill wrote: >> >Do the spammers: >> > >> > 1) throw up their hands and admit defeat, or >> > 2) start using valid (but wrong) domains in their envelope return >> > paths, thereby defeating your rejection and escalating the arms >> > race? >> > >> >Note that many are already doing (2), of course. >> >> I've had several emails using my @pobox.com address as the MAIL FROM >> bounced because spammers use phony @pobox.com addresses. I've never >> seen a single spam that originated on pobox's servers. Most of the >> spam I see comes from China or relay raped machines outside the US. >> And, of course, I've seen numerous pieces of spam with phony >> @yahoo.com, @hotmail.com, @aol.com, etc. >> > > >Maybe one way to deal with this is: >1. verify that the domain of MAIL FROM is correct >2. verify that the address of the server sending the mail > resolves to that domain... That's not a good idea at all. It defeats the entire purpose of a mail redirection service like pobox. I use my @pobox.com address on all sorts of mail, but I've *never* used pobox's servers to send out. The mail goes out through a variety of routes. All of the machines I send out from have resolvable IP's, but none of them are in pobox's domain. > >This is probably not the best answer, but if you apply that to some key >domains, then you should be able to cut down on a fairly good volume of spam >with fake addresses. Also it should be fairly easy to implement a scheme >like this in qmail (although it also means more DNS lookups for a good >number of incoming mail messages). > > >Patrick. -- -- Paul J. Schinder NASA Goddard Space Flight Center Code 693 [EMAIL PROTECTED]
"Patrick Bihan-Faou" <[EMAIL PROTECTED]> wrote: > > The problem with spam is that there is no reliable way to split spam from > legitimate mail. Bingo! > If you try to filter-out spam, you will always end-up filtering out > proper mail as well. Bingo! > The key is to try to keep track as much as possible of what is accepted > and what is rejected. Why? To satisfy your curiosity? Or do you then track down all senders of legitimate email, and tell them what happened? > ...the tolerable lost email / killed spam ratio is somewhat a personal > decision... The tolerable ratio is zero. If you are an ISP and think differently, then your customers should abandon you. They might even have grounds to sue you. (``The computer threw your job offer away. Sorry.'') They probably won't, because they don't understand. (``Oh. Those darn computers!'') Len. -- E-mail encryption is a perfect application where cascades are reasonable. Pretty much no one cares if they have to wait 10 milliseconds or 50 milliseconds for the encryption to occur. -- Bruce Schneier
From: "Len Budney" <[EMAIL PROTECTED]> > > The key is to try to keep track as much as possible of what is accepted > > and what is rejected. > > Why? To satisfy your curiosity? Or do you then track down all senders of > legitimate email, and tell them what happened? > The reason why I feel that logging of spam filtering is crucial is exatly that: try to find out how much valid mail you are killing compared to the number of spam. I definitely want to know what gets rejected by a filter to fine tune it or remove it if does not satisfy my needs. > > ...the tolerable lost email / killed spam ratio is somewhat a personal > > decision... > > The tolerable ratio is zero. If you are an ISP and think differently, then > your customers should abandon you. They might even have grounds to sue > you. (``The computer threw your job offer away. Sorry.'') They probably > won't, because they don't understand. (``Oh. Those darn computers!'') > Hey, don't flame me. I said this is a personal choice. For my part I don't filter anything out (yet) because spam is not enough of a problem for me at this time. The only thing I am pointing out is that the choice of doing spam filtering is a personal one, and one has to understand that it will kill legitimate mail as well. Patrick.
"Patrick Bihan-Faou" <[EMAIL PROTECTED]> wrote: > > The only thing I am pointing out is that the choice of doing spam > filtering is a personal one, and one has to understand that it will > kill legitimate mail as well. Okay, sorry for the warm response. If ``personal'' means the same thing to you that it does to me, then we agree perfectly. (For example, ISPs unilaterally rejecting emails for their customers, without specific authorization is not a ``personal'' decision--and it's unacceptable. Even RBL use, which makes sense, should not be done without informing customers.) Len. -- Experience has shown again and again that Microsoft regards security problems as public relations problems. Hence, I would not trust any claims that Microsoft makes about changes in PPTP that it has, or will, make. -- Bruce Schneier
Hi, ----- Original Message ----- From: "Paul Schinder" <[EMAIL PROTECTED]> > >Maybe one way to deal with this is: > >1. verify that the domain of MAIL FROM is correct > >2. verify that the address of the server sending the mail > > resolves to that domain... > > That's not a good idea at all. It defeats the entire purpose of a > mail redirection service like pobox. I use my @pobox.com address on > all sorts of mail, but I've *never* used pobox's servers to send out. > The mail goes out through a variety of routes. All of the machines I > send out from have resolvable IP's, but none of them are in pobox's > domain. Well I am certainly not saying that this should be done for all domains. But for some sensitive ones (yahoo ? hotmail ? aol ?), it would probably be worth while. Also remember that the "MAIL FROM" may not the same thing as the "reply-to". If you are using this ISP's mail relay, then it is likely because you have a user account with that ISP. Nothing prevents you to advertise the e-mail address associated with that user account in the MAIL FROM, nothing prevents you to advertise your "official" email address in the reply-to header. This amounts to enforcing stricter relay servers: should a server relay mail if the address presented in MAIL FROM does not belong to one of its domains (in addition to does it come from one of the "local" computers, etc.) ? The method I am proposing is still more permissive than blocking mail from servers based on them being listed in ORBS or DUL. Again, I don't advocate on doing that for all servers, but just for the domains the most likely to be used for fake email addresses. Patrick.
On Sat, Apr 01, 2000 at 11:07:05AM -0500, Patrick Bihan-Faou wrote: [snip] > > Well I am certainly not saying that this should be done for all domains. But > for some sensitive ones (yahoo ? hotmail ? aol ?), it would probably be You could perhaps indeed consider yahoo and/or hotmail since these are webbased and people can _only_ read their mail on their webinterfaces (correct me if I'm wrong) so they will probably only send out mail thru these same interfaces. > worth while. Also remember that the "MAIL FROM" may not the same thing as > the "reply-to". If you are using this ISP's mail relay, then it is likely Add the header-From: (which can be different from the MAIL FROM and reply-to!) to that. > because you have a user account with that ISP. Nothing prevents you to Correct. > advertise the e-mail address associated with that user account in the MAIL > FROM, nothing prevents you to advertise your "official" email address in the > reply-to header. Uhm. You are correct. Nothing prevents you from doing that. But it kinda defeats the purpose of being able to dialin anywhere in the world, POP mail off your home-provider and send thru the relay of the ISP you're dialing into. > This amounts to enforcing stricter relay servers: should a server relay mail > if the address presented in MAIL FROM does not belong to one of its domains > (in addition to does it come from one of the "local" computers, etc.) ? Yes it should. Relaying should be based on IP, either fixed (subnets) or dynamic (SMTP-after-POP), and _nothing_ else. > The method I am proposing is still more permissive than blocking mail from > servers based on them being listed in ORBS or DUL. Again, I don't advocate > on doing that for all servers, but just for the domains the most likely to > be used for fake email addresses. You are not making sense here. You can compare ORBS/DUL use to what you are proposing, since these are two completely different things. Anyway, most people here will agree that the rules you are proposing are insane, because you will prevent your customers from using a POP-account at another ISP. Greetz, Peter. -- Peter van Dijk - student/sysadmin/ircoper/madly in love/pretending coder | | 'C makes it easy to shoot yourself in the foot; | C++ makes it harder, but when you do it blows your whole leg off.' | Bjarne Stroustrup, Inventor of C++
Hi, From: "Peter van Dijk" <[EMAIL PROTECTED]> > > advertise the e-mail address associated with that user account in the MAIL > > FROM, nothing prevents you to advertise your "official" email address in the > > reply-to header. > > Uhm. You are correct. Nothing prevents you from doing that. But it kinda > defeats the purpose of being able to dialin anywhere in the world, POP mail > off your home-provider and send thru the relay of the ISP you're dialing > into. Well I think that the better answer in this case would be to use your home-provider's SMTP relay using either SMTP-after-POP or SMTP AUTH or TLS or whatever other scheme that will let you use your *normal* relay. Since you are already accessing you home provider's services (the POP account), you should be able to also its mail relay. Again I am not saying that this is practical today. My only claim is that you should be able to use the domain indicated in MAIL FROM to do validity checks and possibly reject spam. > > This amounts to enforcing stricter relay servers: should a server relay mail > > if the address presented in MAIL FROM does not belong to one of its domains > > (in addition to does it come from one of the "local" computers, etc.) ? > > Yes it should. Relaying should be based on IP, either fixed (subnets) or > dynamic (SMTP-after-POP), and _nothing_ else. > I think that this is debatable (cf. my comment above). If I am an ISP, why should I let somebody use my mail servers to relay messages that pretend they are not from one of my users (including any virtual domains that I may have) ? > Anyway, most people here will agree that the rules you are proposing are > insane, because you will prevent your customers from using a POP-account at > another ISP. When you configure a POP account in your MUA, you usually configure a SMTP server along with it. Why not configure that ISP's SMTP server ? Please note that I am not trying to start a flame war. I just want to have strong arguments as to why that method should or should not be used. So far we have: - travelling users may be impacted badly by this, unless they always use their "home" mail relay (how feasible is it today ? should it be enforced ?). - this could work with yahoo or hotmail (because the only way you can use their relays is via their web interface) - this is insane (this is the point I have trouble with :) Patrick.
On Sat, 1 Apr 2000, Patrick Bihan-Faou wrote: > Hey, don't flame me. I said this is a personal choice. For my part I don't > filter anything out (yet) because spam is not enough of a problem for me at > this time. The only thing I am pointing out is that the choice of doing spam > filtering is a personal one, and one has to understand that it will kill > legitimate mail as well. I got hit by the results of a lot of spam last week when someone decided to forge thousands of mail apparently from my mail domain; I was delaing with the cleanup mess rather than the initial contact so all of the anti-spam techniques available were causing me more grief as they rejected mail (and .qmail-default delivered them to me). Since this I much prefer anti-spam methods which deposit spam into a mail-box which sysadmins can look at when they get time (in fact this should be a task for a PFY[1] where they'll learn more about routing mail) RjL [1]Pimply faced youth, the sysadmin's sidekick.
Hi At 06:40 PM 3/31/00 -0500, you wrote: >At 3:06 PM -0500 3/31/00, Dave Sill wrote: >>Do the spammers: >> >> 1) throw up their hands and admit defeat, or >> 2) start using valid (but wrong) domains in their envelope return >> paths, thereby defeating your rejection and escalating the arms >> race? >> >>Note that many are already doing (2), of course. > >I've had several emails using my @pobox.com address as the MAIL FROM >bounced because spammers use phony @pobox.com addresses. I've never seen >a single spam that originated on pobox's servers. Most of the spam I see >comes from China or relay raped machines outside the US. And, of course, >I've seen numerous pieces of spam with phony @yahoo.com, @hotmail.com, >@aol.com, etc. I own the pobox.co.za domain and am having the same problem. Someone is spamming faking a rubbish source address from the @pobox.co.za domain. The first line in the headers that gives any smtp info is Received: from excite.com (209.203.247.83) by adv-www.advancedgroup.co.uk (Worldmail 1.3.167); 1 Apr 2000 07:52:43 +0100 I am just getting the rejected emails that are sent to non-existent address on the spammers send list, and that alone is in the hundreds of emails. Can anyone suggest a way I can prevent this? Maybe it is time we blacklist all free email domains. Thanks Michael
On Fri, Mar 31, 2000 at 01:47:48PM -0500, Dave Sill wrote: > em9652015 <[EMAIL PROTECTED]> wrote: > > >I have problem, while I try ps ax show this, > > > >qmail-lspawn # Using qmail-local to deliver messages to ~/Mailbox by > >default.??./Maibox > > > >How I can turn off this option? > > This isn't an option, it's a misconfiguration. Look at the script that > runs qmail-start: it's botched. Actually I have seen the exact same problem, I don't recally exactly what I did, but I know that I did qmail from source and then got the SysV scripts from www.qmail.org. Unfortunately, I forgot what exactly happened. Greetz, Peter. -- Peter van Dijk - student/sysadmin/ircoper/madly in love/pretending coder | | 'C makes it easy to shoot yourself in the foot; | C++ makes it harder, but when you do it blows your whole leg off.' | Bjarne Stroustrup, Inventor of C++
On Fri, Mar 31, 2000 at 01:47:48PM -0500, Dave Sill wrote: > em9652015 <[EMAIL PROTECTED]> wrote: > > >I have problem, while I try ps ax show this, > > > >qmail-lspawn # Using qmail-local to deliver messages to ~/Mailbox by > >default.??./Maibox > > > >How I can turn off this option? > > This isn't an option, it's a misconfiguration. Look at the script that > runs qmail-start: it's botched. Actually this is quite a valid setup. A thing that I _do_ think is wrong with the SysV scripts on www.qmail.org is that they use a file called 'rc' with options named 'home' and 'proc' and stuff, but in a different format from the ones with qmail. This is what caught me by surprise back then. Greetz, Peter. -- Peter van Dijk - student/sysadmin/ircoper/madly in love/pretending coder | | 'C makes it easy to shoot yourself in the foot; | C++ makes it harder, but when you do it blows your whole leg off.' | Bjarne Stroustrup, Inventor of C++
At 17:50 31/03/2000 -0300, Ricardo D. Albano wrote: >How can I set qmail to accept relaying from a set of IPs ? >I wan't to set qmail to accept relaying from some local nets. then you must run qmail under tcpserver first make a file named tcp.smtp put in this file all of your IPs which have the permission to use the mail server for eg: 192.168.:allow,RELAYCLIENT="" if you want to make relay from 192.168.1.1 to 192.168.1.20 then 192.168.1-20:allow,RELAYCLIENT="" at the last line put :allow After that read selected relaying documentation at www.qmail.org/top.html > >RDA.- ------- AFLHI 058009990407128029/089802---(102598//991024)
Hey! I discovered this free service called eLOL, electronic Laugh Out Loud that sends jokes to you every day. It uses some sort of "smart technology" that learns your sense of humor. This "spam" joke is so funny I had to send it to you. Check this link to view the joke: http://www.elol.com/site/ViewJoke?title=spam&url=05/600028.gif&name=CTarricone By registering for eLOL today you're automatically entered to WIN A BRAND NEW PALM V. eLOL not only delivers the best jokes on the net, it actually learns your sense of humor and sends the jokes you'll like most. Download is availabe from http://www.elol.com/download/
Toni Mueller writes: > Or is qmail dead due to Postfix success? qmail's share of *.com mail servers has grown past 5%, behind only sendmail at 56%, Imail at 7.6%, and Exchange at 5.5%. Next are Post.Office at 4.5% and Exim at 1.8%. There are eight servers around 1%, including Netscape's server, Eudora's MacOS server, the NT version of sendmail, and Postfix. The total number of servers that have ever run Postfix is smaller than the number of qmail servers added in the past six months. ---Dan
Markus Fischer wrote: > > Hello list, > > I've read the documentation about virtual domains and it seems > fairly clear to me. I also came over vchkpw (oder vpoper > nowadays). In 'vchkps' is described how to create pop accounts > vor virtual users, e.g. users that are not in /etc/passwd but in > a flat text file or even in a mysql database. > > Is there a way to configure qmail to look up users from a simple > flat text file (so not /etc/passwd) or even a mysqldatabase > (okok, performance penalty) when accepting mails for local > deilvery via port 25 ? [and this for virtual domains, too] > > thanks for your time, > > Markus Fischer > - Free Software For A Free World - Check out vpopmail (http://www.inter7.com/vpopmail/) as it can store virtual users either in a file or in a database, and it is made for doing virtual email servers (both SMTP and POP3 and IMAP and WebBased email and WebBased administration). I suggest you have a look. Best regards Michael Boman -- W I Z O F F I C E . C O M P T E L T D - Your Online Office Wizard 16 Tannery Lane, Crystal Time Building, #04-00, Singapore 347778 Voice : (+65) 844 3228 [extension 118] Fax : (+65) 842 7228 Pager : (+65) 92 93 29 49 ICQ : 5566009 Mobile: (+65) 97 87 39 14 eMail : mailto:[EMAIL PROTECTED] URL : http://www.wizoffice.comS/MIME Cryptographic Signature
D. J. Bernstein <[EMAIL PROTECTED]> wrote: > The total number of servers that have ever run Postfix is smaller than > the number of qmail servers added in the past six months. Out of curiosity, how do you measure the number of qmail servers added in a given time period? None of the qmail installations that I have performed or use downloaded the source from cr.yp.to, and I have never run the "To report success" quickie in the instructions, so presumably you can't track them. Or are you counting only SMTP hosts identified through your automated surveys? I have the feeling that this would miss a lot of qmail installations. Charles -- ----------------------------------------------------------------------- Charles Cazabon <[EMAIL PROTECTED]> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. -----------------------------------------------------------------------
On Sat, Apr 01, 2000 at 03:51:47PM -0600, Charles Cazabon wrote: > D. J. Bernstein <[EMAIL PROTECTED]> wrote: > > > The total number of servers that have ever run Postfix is smaller than > > the number of qmail servers added in the past six months. > > Out of curiosity, how do you measure the number of qmail servers added in > a given time period? None of the qmail installations that I have performed > or use downloaded the source from cr.yp.to, and I have never run the > "To report success" quickie in the instructions, so presumably you can't > track them. > > Or are you counting only SMTP hosts identified through your automated > surveys? I have the feeling that this would miss a lot of qmail installations. Right. But it also misses a lot of postfix systems. Your question can only be: "is your sampling method statistically valid". Is that what you're a professor of mathematics? Mark.
> Right. But it also misses a lot of postfix systems. Your question can only be: > "is your sampling method statistically valid". Is that what you're a professor > of mathematics? In case it's not obvious, I mean "is that what you're asking a professor of mathematics?". Regards.
I am setting up a large number of virtual domains. I have been diligently replacing the "." in my .qmail files with ":" but I was wondering, are there any other characters that require special treatment? What about "-" ? What if I have the following domain: my-dom.com would the corrensponding .qmail file for user joe be .qmail-my-dom:com-joe? -- Mark Drummond|ICQ#19153754|mailto:[EMAIL PROTECTED] UNIX System Administrator|Royal Military College of Canada The Kingston Linux Users Group|http://signals.rmc.ca/klug/ Saving the World ... One CPU at a Time
Will tcpserver's -x something.cdb accept a netmask, like: :deny 127.:allow,RELAYCLIENT="" 172.16.0.0/12:allow,RELAYCLIENT="" Thanks, John -- John Conover [EMAIL PROTECTED] http://www.johncon.com/ 631 Lamont Ct. Tel. 408.370.2688 http://www.johncon.com/ntropix/ Campbell, CA 95008 Fax. 408.379.9602 http://www.johncon.com/nformatix/
On Sun, Apr 02, 2000 at 07:53:21AM -0000, John Conover wrote: > Will tcpserver's -x something.cdb accept a netmask, like: > > :deny > 127.:allow,RELAYCLIENT="" > 172.16.0.0/12:allow,RELAYCLIENT="" No, but it will accept the following: 172.16-31.:allow,RELAYCLIENT="" By the way, do you really want that :deny in there? Probably not. Chris