qmail Digest 2 Apr 2000 10:00:01 -0000 Issue 959
Topics (messages 39412 through 39432):
Re: Poor documentation of anti-spam options?
39412 by: Paul Schinder
39413 by: Len Budney
39418 by: Patrick Bihan-Faou
39419 by: Len Budney
39420 by: Patrick Bihan-Faou
39421 by: Peter van Dijk
39422 by: Patrick Bihan-Faou
39425 by: richard.illuin.org
39432 by: Michael Raff
Re: qmail-lspawn # Using qmail-local to deliver messages to ~/Mailbox by
default.??./Maibox
39414 by: Peter van Dijk
39415 by: Peter van Dijk
Re: Relay based on IP
39416 by: Irwan Hadi
spam
39417 by: chris.pds2k.com
Re: Problem: 552 max. message size exceeded
39423 by: D. J. Bernstein
Re: Virtual Users ?
39424 by: Michael Boman
Re: qmail success
39426 by: Charles Cazabon
39427 by: markd.bushwire.net
39428 by: markd.bushwire.net
"special" chacters in .qmail filenames
39429 by: Mark E. Drummond
tcpserver accept netmasks?
39430 by: John Conover
39431 by: Chris Johnson
Administrivia:
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To bug my human owner, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
At 11:53 PM -0500 3/31/00, Patrick Bihan-Faou wrote:
>Hi,
>
>From: "Paul Schinder" <[EMAIL PROTECTED]>
>> At 3:06 PM -0500 3/31/00, Dave Sill wrote:
>> >Do the spammers:
>> >
>> > 1) throw up their hands and admit defeat, or
>> > 2) start using valid (but wrong) domains in their envelope return
>> > paths, thereby defeating your rejection and escalating the arms
>> > race?
>> >
>> >Note that many are already doing (2), of course.
>>
>> I've had several emails using my @pobox.com address as the MAIL FROM
>> bounced because spammers use phony @pobox.com addresses. I've never
>> seen a single spam that originated on pobox's servers. Most of the
>> spam I see comes from China or relay raped machines outside the US.
>> And, of course, I've seen numerous pieces of spam with phony
>> @yahoo.com, @hotmail.com, @aol.com, etc.
>>
>
>
>Maybe one way to deal with this is:
>1. verify that the domain of MAIL FROM is correct
>2. verify that the address of the server sending the mail
> resolves to that domain...
That's not a good idea at all. It defeats the entire purpose of a
mail redirection service like pobox. I use my @pobox.com address on
all sorts of mail, but I've *never* used pobox's servers to send out.
The mail goes out through a variety of routes. All of the machines I
send out from have resolvable IP's, but none of them are in pobox's
domain.
>
>This is probably not the best answer, but if you apply that to some key
>domains, then you should be able to cut down on a fairly good volume of spam
>with fake addresses. Also it should be fairly easy to implement a scheme
>like this in qmail (although it also means more DNS lookups for a good
>number of incoming mail messages).
>
>
>Patrick.
--
--
Paul J. Schinder
NASA Goddard Space Flight Center
Code 693
[EMAIL PROTECTED]
"Patrick Bihan-Faou" <[EMAIL PROTECTED]> wrote:
>
> The problem with spam is that there is no reliable way to split spam from
> legitimate mail.
Bingo!
> If you try to filter-out spam, you will always end-up filtering out
> proper mail as well.
Bingo!
> The key is to try to keep track as much as possible of what is accepted
> and what is rejected.
Why? To satisfy your curiosity? Or do you then track down all senders of
legitimate email, and tell them what happened?
> ...the tolerable lost email / killed spam ratio is somewhat a personal
> decision...
The tolerable ratio is zero. If you are an ISP and think differently, then
your customers should abandon you. They might even have grounds to sue
you. (``The computer threw your job offer away. Sorry.'') They probably
won't, because they don't understand. (``Oh. Those darn computers!'')
Len.
--
E-mail encryption is a perfect application where cascades are reasonable.
Pretty much no one cares if they have to wait 10 milliseconds or 50
milliseconds for the encryption to occur.
-- Bruce Schneier
From: "Len Budney" <[EMAIL PROTECTED]>
> > The key is to try to keep track as much as possible of what is accepted
> > and what is rejected.
>
> Why? To satisfy your curiosity? Or do you then track down all senders of
> legitimate email, and tell them what happened?
>
The reason why I feel that logging of spam filtering is crucial is exatly
that: try to find out how much valid mail you are killing compared to the
number of spam. I definitely want to know what gets rejected by a filter to
fine tune it or remove it if does not satisfy my needs.
> > ...the tolerable lost email / killed spam ratio is somewhat a personal
> > decision...
>
> The tolerable ratio is zero. If you are an ISP and think differently, then
> your customers should abandon you. They might even have grounds to sue
> you. (``The computer threw your job offer away. Sorry.'') They probably
> won't, because they don't understand. (``Oh. Those darn computers!'')
>
Hey, don't flame me. I said this is a personal choice. For my part I don't
filter anything out (yet) because spam is not enough of a problem for me at
this time. The only thing I am pointing out is that the choice of doing spam
filtering is a personal one, and one has to understand that it will kill
legitimate mail as well.
Patrick.
"Patrick Bihan-Faou" <[EMAIL PROTECTED]> wrote:
>
> The only thing I am pointing out is that the choice of doing spam
> filtering is a personal one, and one has to understand that it will
> kill legitimate mail as well.
Okay, sorry for the warm response. If ``personal'' means the same thing
to you that it does to me, then we agree perfectly.
(For example, ISPs unilaterally rejecting emails for their customers,
without specific authorization is not a ``personal'' decision--and it's
unacceptable. Even RBL use, which makes sense, should not be done without
informing customers.)
Len.
--
Experience has shown again and again that Microsoft regards security
problems as public relations problems. Hence, I would not trust any
claims that Microsoft makes about changes in PPTP that it has, or will,
make.
-- Bruce Schneier
Hi,
----- Original Message -----
From: "Paul Schinder" <[EMAIL PROTECTED]>
> >Maybe one way to deal with this is:
> >1. verify that the domain of MAIL FROM is correct
> >2. verify that the address of the server sending the mail
> > resolves to that domain...
>
> That's not a good idea at all. It defeats the entire purpose of a
> mail redirection service like pobox. I use my @pobox.com address on
> all sorts of mail, but I've *never* used pobox's servers to send out.
> The mail goes out through a variety of routes. All of the machines I
> send out from have resolvable IP's, but none of them are in pobox's
> domain.
Well I am certainly not saying that this should be done for all domains. But
for some sensitive ones (yahoo ? hotmail ? aol ?), it would probably be
worth while. Also remember that the "MAIL FROM" may not the same thing as
the "reply-to". If you are using this ISP's mail relay, then it is likely
because you have a user account with that ISP. Nothing prevents you to
advertise the e-mail address associated with that user account in the MAIL
FROM, nothing prevents you to advertise your "official" email address in the
reply-to header.
This amounts to enforcing stricter relay servers: should a server relay mail
if the address presented in MAIL FROM does not belong to one of its domains
(in addition to does it come from one of the "local" computers, etc.) ?
The method I am proposing is still more permissive than blocking mail from
servers based on them being listed in ORBS or DUL. Again, I don't advocate
on doing that for all servers, but just for the domains the most likely to
be used for fake email addresses.
Patrick.
On Sat, Apr 01, 2000 at 11:07:05AM -0500, Patrick Bihan-Faou wrote:
[snip]
>
> Well I am certainly not saying that this should be done for all domains. But
> for some sensitive ones (yahoo ? hotmail ? aol ?), it would probably be
You could perhaps indeed consider yahoo and/or hotmail since these are
webbased and people can _only_ read their mail on their webinterfaces
(correct me if I'm wrong) so they will probably only send out mail thru
these same interfaces.
> worth while. Also remember that the "MAIL FROM" may not the same thing as
> the "reply-to". If you are using this ISP's mail relay, then it is likely
Add the header-From: (which can be different from the MAIL FROM and
reply-to!) to that.
> because you have a user account with that ISP. Nothing prevents you to
Correct.
> advertise the e-mail address associated with that user account in the MAIL
> FROM, nothing prevents you to advertise your "official" email address in the
> reply-to header.
Uhm. You are correct. Nothing prevents you from doing that. But it kinda
defeats the purpose of being able to dialin anywhere in the world, POP mail
off your home-provider and send thru the relay of the ISP you're dialing
into.
> This amounts to enforcing stricter relay servers: should a server relay mail
> if the address presented in MAIL FROM does not belong to one of its domains
> (in addition to does it come from one of the "local" computers, etc.) ?
Yes it should. Relaying should be based on IP, either fixed (subnets) or
dynamic (SMTP-after-POP), and _nothing_ else.
> The method I am proposing is still more permissive than blocking mail from
> servers based on them being listed in ORBS or DUL. Again, I don't advocate
> on doing that for all servers, but just for the domains the most likely to
> be used for fake email addresses.
You are not making sense here. You can compare ORBS/DUL use to what you are
proposing, since these are two completely different things.
Anyway, most people here will agree that the rules you are proposing are
insane, because you will prevent your customers from using a POP-account at
another ISP.
Greetz, Peter.
--
Peter van Dijk - student/sysadmin/ircoper/madly in love/pretending coder
|
| 'C makes it easy to shoot yourself in the foot;
| C++ makes it harder, but when you do it blows your whole leg off.'
| Bjarne Stroustrup, Inventor of C++
Hi,
From: "Peter van Dijk" <[EMAIL PROTECTED]>
> > advertise the e-mail address associated with that user account in the
MAIL
> > FROM, nothing prevents you to advertise your "official" email address in
the
> > reply-to header.
>
> Uhm. You are correct. Nothing prevents you from doing that. But it kinda
> defeats the purpose of being able to dialin anywhere in the world, POP
mail
> off your home-provider and send thru the relay of the ISP you're dialing
> into.
Well I think that the better answer in this case would be to use your
home-provider's SMTP relay using either SMTP-after-POP or SMTP AUTH or TLS
or whatever other scheme that will let you use your *normal* relay.
Since you are already accessing you home provider's services (the POP
account), you should be able to also its mail relay.
Again I am not saying that this is practical today. My only claim is that
you should be able to use the domain indicated in MAIL FROM to do validity
checks and possibly reject spam.
> > This amounts to enforcing stricter relay servers: should a server relay
mail
> > if the address presented in MAIL FROM does not belong to one of its
domains
> > (in addition to does it come from one of the "local" computers, etc.) ?
>
> Yes it should. Relaying should be based on IP, either fixed (subnets) or
> dynamic (SMTP-after-POP), and _nothing_ else.
>
I think that this is debatable (cf. my comment above).
If I am an ISP, why should I let somebody use my mail servers to relay
messages that pretend they are not from one of my users (including any
virtual domains that I may have) ?
> Anyway, most people here will agree that the rules you are proposing are
> insane, because you will prevent your customers from using a POP-account
at
> another ISP.
When you configure a POP account in your MUA, you usually configure a SMTP
server along with it. Why not configure that ISP's SMTP server ?
Please note that I am not trying to start a flame war. I just want to have
strong arguments as to why that method should or should not be used. So far
we have:
- travelling users may be impacted badly by this, unless they always use
their "home" mail relay (how feasible is it today ? should it be enforced
?).
- this could work with yahoo or hotmail (because the only way you can use
their relays is via their web interface)
- this is insane (this is the point I have trouble with :)
Patrick.
On Sat, 1 Apr 2000, Patrick Bihan-Faou wrote:
> Hey, don't flame me. I said this is a personal choice. For my part I don't
> filter anything out (yet) because spam is not enough of a problem for me at
> this time. The only thing I am pointing out is that the choice of doing spam
> filtering is a personal one, and one has to understand that it will kill
> legitimate mail as well.
I got hit by the results of a lot of spam last week when someone decided
to forge thousands of mail apparently from my mail domain; I was delaing
with the cleanup mess rather than the initial contact so all of the
anti-spam techniques available were causing me more grief as they rejected
mail (and .qmail-default delivered them to me). Since this I much prefer
anti-spam methods which deposit spam into a mail-box which sysadmins can
look at when they get time (in fact this should be a task for a PFY[1]
where they'll learn more about routing mail)
RjL
[1]Pimply faced youth, the sysadmin's sidekick.
Hi
At 06:40 PM 3/31/00 -0500, you wrote:
>At 3:06 PM -0500 3/31/00, Dave Sill wrote:
>>Do the spammers:
>>
>> 1) throw up their hands and admit defeat, or
>> 2) start using valid (but wrong) domains in their envelope return
>> paths, thereby defeating your rejection and escalating the arms
>> race?
>>
>>Note that many are already doing (2), of course.
>
>I've had several emails using my @pobox.com address as the MAIL FROM
>bounced because spammers use phony @pobox.com addresses. I've never seen
>a single spam that originated on pobox's servers. Most of the spam I see
>comes from China or relay raped machines outside the US. And, of course,
>I've seen numerous pieces of spam with phony @yahoo.com, @hotmail.com,
>@aol.com, etc.
I own the pobox.co.za domain and am having the same problem. Someone is
spamming faking a rubbish source address from the @pobox.co.za domain. The
first line in the headers that gives any smtp info is
Received: from excite.com (209.203.247.83) by adv-www.advancedgroup.co.uk
(Worldmail 1.3.167); 1 Apr 2000 07:52:43 +0100
I am just getting the rejected emails that are sent to non-existent address
on the spammers send list, and that alone is in the hundreds of emails.
Can anyone suggest a way I can prevent this? Maybe it is time we blacklist
all free email domains.
Thanks
Michael
On Fri, Mar 31, 2000 at 01:47:48PM -0500, Dave Sill wrote:
> em9652015 <[EMAIL PROTECTED]> wrote:
>
> >I have problem, while I try ps ax show this,
> >
> >qmail-lspawn # Using qmail-local to deliver messages to ~/Mailbox by
> >default.??./Maibox
> >
> >How I can turn off this option?
>
> This isn't an option, it's a misconfiguration. Look at the script that
> runs qmail-start: it's botched.
Actually I have seen the exact same problem, I don't recally exactly what
I did, but I know that I did qmail from source and then got the SysV
scripts from www.qmail.org.
Unfortunately, I forgot what exactly happened.
Greetz, Peter.
--
Peter van Dijk - student/sysadmin/ircoper/madly in love/pretending coder
|
| 'C makes it easy to shoot yourself in the foot;
| C++ makes it harder, but when you do it blows your whole leg off.'
| Bjarne Stroustrup, Inventor of C++
On Fri, Mar 31, 2000 at 01:47:48PM -0500, Dave Sill wrote:
> em9652015 <[EMAIL PROTECTED]> wrote:
>
> >I have problem, while I try ps ax show this,
> >
> >qmail-lspawn # Using qmail-local to deliver messages to ~/Mailbox by
> >default.??./Maibox
> >
> >How I can turn off this option?
>
> This isn't an option, it's a misconfiguration. Look at the script that
> runs qmail-start: it's botched.
Actually this is quite a valid setup.
A thing that I _do_ think is wrong with the SysV scripts on www.qmail.org
is that they use a file called 'rc' with options named 'home' and 'proc'
and stuff, but in a different format from the ones with qmail.
This is what caught me by surprise back then.
Greetz, Peter.
--
Peter van Dijk - student/sysadmin/ircoper/madly in love/pretending coder
|
| 'C makes it easy to shoot yourself in the foot;
| C++ makes it harder, but when you do it blows your whole leg off.'
| Bjarne Stroustrup, Inventor of C++
At 17:50 31/03/2000 -0300, Ricardo D. Albano wrote:
>How can I set qmail to accept relaying from a set of IPs ?
>I wan't to set qmail to accept relaying from some local nets.
then you must run qmail under tcpserver
first make a file named tcp.smtp
put in this file all of your IPs which have the permission to use the mail
server
for eg:
192.168.:allow,RELAYCLIENT=""
if you want to make relay from 192.168.1.1 to 192.168.1.20 then
192.168.1-20:allow,RELAYCLIENT=""
at the last line put
:allow
After that read selected relaying documentation at www.qmail.org/top.html
>
>RDA.-
-------
AFLHI 058009990407128029/089802---(102598//991024)
Hey!
I discovered this free service called eLOL, electronic Laugh Out Loud
that sends jokes to you every day. It uses some sort of "smart technology" that learns
your sense of humor.
This "spam" joke is so funny I had to send it to you.
Check this link to view the joke:
http://www.elol.com/site/ViewJoke?title=spam&url=05/600028.gif&name=CTarricone
By registering for eLOL today you're automatically entered to WIN A BRAND NEW PALM V.
eLOL not only delivers the best jokes on the net, it actually learns your sense of
humor and sends the jokes you'll like most.
Download is availabe from http://www.elol.com/download/
Toni Mueller writes:
> Or is qmail dead due to Postfix success?
qmail's share of *.com mail servers has grown past 5%, behind only
sendmail at 56%, Imail at 7.6%, and Exchange at 5.5%. Next are
Post.Office at 4.5% and Exim at 1.8%.
There are eight servers around 1%, including Netscape's server, Eudora's
MacOS server, the NT version of sendmail, and Postfix.
The total number of servers that have ever run Postfix is smaller than
the number of qmail servers added in the past six months.
---Dan
Markus Fischer wrote:
>
> Hello list,
>
> I've read the documentation about virtual domains and it seems
> fairly clear to me. I also came over vchkpw (oder vpoper
> nowadays). In 'vchkps' is described how to create pop accounts
> vor virtual users, e.g. users that are not in /etc/passwd but in
> a flat text file or even in a mysql database.
>
> Is there a way to configure qmail to look up users from a simple
> flat text file (so not /etc/passwd) or even a mysqldatabase
> (okok, performance penalty) when accepting mails for local
> deilvery via port 25 ? [and this for virtual domains, too]
>
> thanks for your time,
>
> Markus Fischer
> - Free Software For A Free World -
Check out vpopmail (http://www.inter7.com/vpopmail/) as it can store
virtual users either in a file or in a database, and it is made for
doing virtual email servers (both SMTP and POP3 and IMAP and WebBased
email and WebBased administration).
I suggest you have a look.
Best regards
Michael Boman
--
W I Z O F F I C E . C O M P T E L T D - Your Online Office Wizard
16 Tannery Lane, Crystal Time Building, #04-00, Singapore 347778
Voice : (+65) 844 3228 [extension 118] Fax : (+65) 842 7228
Pager : (+65) 92 93 29 49 ICQ : 5566009
Mobile: (+65) 97 87 39 14
eMail : mailto:[EMAIL PROTECTED] URL : http://www.wizoffice.com
S/MIME Cryptographic Signature
D. J. Bernstein <[EMAIL PROTECTED]> wrote:
> The total number of servers that have ever run Postfix is smaller than
> the number of qmail servers added in the past six months.
Out of curiosity, how do you measure the number of qmail servers added in
a given time period? None of the qmail installations that I have performed
or use downloaded the source from cr.yp.to, and I have never run the
"To report success" quickie in the instructions, so presumably you can't
track them.
Or are you counting only SMTP hosts identified through your automated
surveys? I have the feeling that this would miss a lot of qmail installations.
Charles
--
-----------------------------------------------------------------------
Charles Cazabon <[EMAIL PROTECTED]>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
-----------------------------------------------------------------------
On Sat, Apr 01, 2000 at 03:51:47PM -0600, Charles Cazabon wrote:
> D. J. Bernstein <[EMAIL PROTECTED]> wrote:
>
> > The total number of servers that have ever run Postfix is smaller than
> > the number of qmail servers added in the past six months.
>
> Out of curiosity, how do you measure the number of qmail servers added in
> a given time period? None of the qmail installations that I have performed
> or use downloaded the source from cr.yp.to, and I have never run the
> "To report success" quickie in the instructions, so presumably you can't
> track them.
>
> Or are you counting only SMTP hosts identified through your automated
> surveys? I have the feeling that this would miss a lot of qmail installations.
Right. But it also misses a lot of postfix systems. Your question can only be:
"is your sampling method statistically valid". Is that what you're a professor
of mathematics?
Mark.
> Right. But it also misses a lot of postfix systems. Your question can only be:
> "is your sampling method statistically valid". Is that what you're a professor
> of mathematics?
In case it's not obvious, I mean "is that what you're asking a professor of
mathematics?".
Regards.
I am setting up a large number of virtual domains. I have been
diligently replacing the "." in my .qmail files with ":" but I was
wondering, are there any other characters that require special
treatment? What about "-" ? What if I have the following domain:
my-dom.com
would the corrensponding .qmail file for user joe be
.qmail-my-dom:com-joe?
--
Mark Drummond|ICQ#19153754|mailto:[EMAIL PROTECTED]
UNIX System Administrator|Royal Military College of Canada
The Kingston Linux Users Group|http://signals.rmc.ca/klug/
Saving the World ... One CPU at a Time
Will tcpserver's -x something.cdb accept a netmask, like:
:deny
127.:allow,RELAYCLIENT=""
172.16.0.0/12:allow,RELAYCLIENT=""
Thanks,
John
--
John Conover [EMAIL PROTECTED] http://www.johncon.com/
631 Lamont Ct. Tel. 408.370.2688 http://www.johncon.com/ntropix/
Campbell, CA 95008 Fax. 408.379.9602 http://www.johncon.com/nformatix/
On Sun, Apr 02, 2000 at 07:53:21AM -0000, John Conover wrote:
> Will tcpserver's -x something.cdb accept a netmask, like:
>
> :deny
> 127.:allow,RELAYCLIENT=""
> 172.16.0.0/12:allow,RELAYCLIENT=""
No, but it will accept the following:
172.16-31.:allow,RELAYCLIENT=""
By the way, do you really want that :deny in there? Probably not.
Chris
