qmail Digest 6 May 2000 10:00:01 -0000 Issue 993 Topics (messages 41086 through 41197): Re: hack for filtering "i love you" worm 41086 by: octave klaba 41092 by: Jesper Hess Nielsen 41095 by: Rainer Link 41096 by: octave klaba 41098 by: Jesper Hess Nielsen 41099 by: Petr Novotny 41100 by: Jesper Hess Nielsen 41101 by: Tim Gollschewsky 41102 by: Petr Novotny 41103 by: Ricardo Cerqueira 41109 by: Bruno Wolff III 41112 by: Paul Farber 41113 by: Johan Almqvist 41114 by: Alex at MessageLabs 41130 by: Kai MacTane 41131 by: Kai MacTane 41136 by: Neil Schemenauer 41140 by: Neil Schemenauer 41142 by: Vrba Miroslav 41165 by: Jason Haar 41177 by: vogelke.c17mis.region2.wpafb.af.mil 41194 by: Rainer Link reverting back to mbox format with qmail 41087 by: Nicholas Horwood No Mail Log ?! 41088 by: Cedric Revest 41107 by: Chris Harris Qmail filter for ILOVEYOU 41089 by: Rodney Edwards 41105 by: Len Budney Problem with tcpserver 41090 by: Clark Hon 41094 by: Chris Johnson Atención:::::VIRUS!!!!!!!!!!!!!! 41091 by: Rafael Villalobos Prats Re: qmail won't start!? 41093 by: Isaiah Chua 41125 by: Dave Sill Virus Scanners 41097 by: Jason Brooke 41106 by: Johan Almqvist 41111 by: Rainer Link Re: accustamp|tailocal|matchup 41104 by: Len Budney 41144 by: Kins Orekhov 41145 by: Len Budney Re: Global filtering 41108 by: Paul Schinder 41124 by: Dave Sill how do i apply QMAILQUEUE 41110 by: Jan Stifter 41120 by: Jan Stifter Re: db files for vpopmail and courier imap 41115 by: Ken Jones shim before final local delivery? 41116 by: Paul Farber 41121 by: Len Budney Re: ETRN and QMail 41117 by: John White 41118 by: Robert Varga QMAILQUEUE seems not to work with scan4virus 41119 by: Jan Stifter Re: Alias file 41122 by: Dave Sill Re: qmail abuse... 41123 by: Dave Sill 41127 by: Ronneil Camara PERL filtering... 41126 by: John W. Lemons III 41129 by: Patrick Berry 41133 by: octave klaba 41134 by: Patrick Berry 41146 by: Searcher 41153 by: John W. Lemons III 41156 by: Neil Schemenauer 41157 by: Mark D. Wilkins qmail-mrtg & qfilelog 41128 by: Mark E. Drummond 41155 by: Mark E. Drummond 41160 by: Mark E. Drummond Antigen found =love-letter-for-you.txt.vbs file 41132 by: ANTIGEN_HOUSTON 41137 by: Kai MacTane 41167 by: David L. Nicol How do I invoke the qmail-users Mechanism ?? 41135 by: Tony D'Andrade 41139 by: Dave Sill Antigen found =*.vbs file 41138 by: ANTIGEN_HOUSTON Qmail-send 41141 by: Eric Davis 41143 by: Dave Sill Re: Two Delivered-To headers - Why ? 41147 by: Dave Kitabjian Future of qmail: will it care about viri/worms/etc? 41148 by: Keith Warno 41150 by: markd.bushwire.net 41151 by: Patrick Berry 41154 by: Dave Sill 41168 by: Jason Haar 41169 by: David L. Nicol 41170 by: Kevin Waterson 41171 by: Paul Farber 41172 by: Steve Wolfe 41188 by: Russell Nelson 41189 by: Mrs. Brisby Connecting to my email server.. 41149 by: Steve Peace\(Internal\) 41152 by: Tim Hunter 41158 by: spacetask.youwasahero.com 41164 by: Steve Peace Re: IL0VEY0U worm 41159 by: Keith Warno Re: smtp-auth? 41161 by: Russell Nelson Re: qmail-mrtg & qfilelog - oops 41162 by: Mark E. Drummond ETRN problem with qmail 41163 by: Eric Davis 41173 by: rvanzant qmail and debugging 41166 by: clifford thurber Open Today. 41174 by: zxmmnnuv1l1l.www0101111111101tototo.to 41175 by: Irwan .qmail questions 41176 by: Chris Hanlon adduser? 41178 by: James 41179 by: Bolivar Diaz Galarza 41181 by: Bolivar Diaz Galarza checkpassword and Openbsd 2.6 41180 by: Dale Miracle 41182 by: Charles Werbick 41183 by: chuck 41184 by: Dale Miracle 41185 by: chuck 41186 by: Dale Miracle Install Help!! 41187 by: Mark Lo tcprules problem 41190 by: James Still can send, but not receive 41191 by: James 41192 by: Kevin Waterson 41193 by: James EZMLM problems 41195 by: jay On-line web mail 41196 by: Mark Lo Help on SMTP ! 41197 by: Xionghui Chen Administrivia: To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To subscribe to the digest, e-mail: [EMAIL PROTECTED] To bug my human owner, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] ----------------------------------------------------------------------
Hi, I did setup your qmail-filter.py and test works # echo "test 1" | mail -s okay myself # echo "test 2" | mail -s ILOVEYOU myself qmail-inject: fatal: mail server permanently rejected message (#5.3.0) # echo "test 2" | mail -s ILOVEYOU [EMAIL PROTECTED] qmail-inject: fatal: mail server permanently rejected message (#5.3.0) but when I send an email thought eudora using smtp of this serveur or not to a pop on this serveur, email is not rejected. any idea ? PS I restarted all thanks ! Octave Neil Schemenauer a écrit : > > qmail-filter.pyName: qmail-filter.py > Type: Plain Text (text/plain) -- Amicalement, oCtAvE Connexion terminée par expiration du délai d'attente
I tried installing the hack as described, but when I try the test, I get an arror saying [root@ns bin]# echo "test 1" | mail -s okay [EMAIL PROTECTED] [root@ns bin]# qmail-inject: fatal: unable to exec qq (#4.3.0) Anyone know what this could be? When I try to execute the py script, it says bash: ./qmail-filter.py: No such file or directory I double checked that the path to python is correct in the script file. /Jesper
Mulindwa Eric wrote: > > but hoe can one use Amavis with qmail, p'se help Please have a look at http://www.unixzone.com/virus - I would suggest to use AMaViS-Perl-5. It should work out-of-the-box. If you run into troubles, please ask me directly. HTH best regards, Rainer Link -- Rainer Link | Member of Virus Help Munich (www.vhm.haitec.de) [EMAIL PROTECTED] | Member of AMaViS Development Team (amavis.org) rainer.w3.to | Maintainer FAQ "antivirus for Linux" (av-linux.w3.to)
Jesper Hess Nielsen a écrit : > > I tried installing the hack as described, but when I try the test, I get an > arror saying > > [root@ns bin]# echo "test 1" | mail -s okay [EMAIL PROTECTED] > [root@ns bin]# qmail-inject: fatal: unable to exec qq (#4.3.0) > > Anyone know what this could be? > > When I try to execute the py script, it says > > bash: ./qmail-filter.py: No such file or directory #!/usr/bin/python # You might have to modify the Python path at the top. which python and fix the first line Amicalement, oCtAvE Connexion terminée par expiration du délai d'attente
If you had taken the time to read the whole mail I sent, You would notice that I already had double checked the location of python. That is not the problem - something else is not working right. /Jesper ----- Original Message ----- From: "octave klaba" <[EMAIL PROTECTED]> To: "Jesper Hess Nielsen" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, May 05, 2000 1:46 PM Subject: Re: hack for filtering "i love you" worm > > > Jesper Hess Nielsen a écrit : > > > > I tried installing the hack as described, but when I try the test, I get an > > arror saying > > > > [root@ns bin]# echo "test 1" | mail -s okay [EMAIL PROTECTED] > > [root@ns bin]# qmail-inject: fatal: unable to exec qq (#4.3.0) > > > > Anyone know what this could be? > > > > When I try to execute the py script, it says > > > > bash: ./qmail-filter.py: No such file or directory > > #!/usr/bin/python > # You might have to modify the Python path at the top. > > which python and fix the first line > > Amicalement, > oCtAvE > > Connexion terminée par expiration du délai d'attente >
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 5 May 00, at 13:50, Jesper Hess Nielsen wrote: > If you had taken the time to read the whole mail I sent, You would notice > that I already had double checked the location of python. That is not the > problem - something else is not working right. chmod +x /var/qmail/bin/that-script-filename perhaps? -----BEGIN PGP SIGNATURE----- Version: PGP 6.0.2 -- QDPGP 2.60 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBORKoe1MwP8g7qbw/EQK+XQCgoTAFg93O4YoKe3ihN1EhFETaEXwAnRWK /N9090LPOKs6n3Xubs7OsG+V =U5QP -----END PGP SIGNATURE----- -- Petr Novotny, ANTEK CS [EMAIL PROTECTED] http://www.antek.cz PGP key ID: 0x3BA9BC3F -- Don't you know there ain't no devil there's just God when he's drunk. [Tom Waits]
I have ALREADY done everything stated at the beginning of the script file (which I have attached for clarity - some of you may not have seen it). When I have done all this, I get an error when performing the test : [root@ns bin]# echo "test 1" | mail -s okay [EMAIL PROTECTED] [root@ns bin]# qmail-inject: fatal: unable to exec qq (#4.3.0) When I try to run the script directly : [root@ns bin]# ./qmail-filter.py bash: ./qmail-filter.py: No such file or directory Now. Does anyone have any ideas what the problem could be? I've tried running strace ./qmail-filter.py, but it only outputs a "exec: file not found" error. /Jesper ---------[SNIP]----------------- #!/usr/bin/python # # A quick hack to filter the ILOVEYOU worm with qmail. Use: # # $ cp qmail-filter.py /var/qmail/bin # $ cd /var/qmail/bin # $ chmod +x qmail-filter.py # $ mv qmail-queue qmail-queue-real; ln -s qmail-filter.py qmail-queue # # Test: # # $ echo "test 1" | mail -s okay myself # $ echo "test 2" | mail -s ILOVEYOU myself # # You might have to modify the Python path at the top. This is a # temporary fix. Remove it after the dust settles: # # $ cd /var/qmail/bin # $ mv qmail-queue-real qmail-queue # # Neil Schemenauer <[EMAIL PROTECTED]> PATTERN = r"^Subject: ILOVEYOU\s*$" QMAIL_QUEUE = "/var/qmail/bin/qmail-queue-real" import re import string import sys import os import tempfile def mktemp(): for i in range(10): tmp = tempfile.mktemp() try: fd = os.open(tmp, os.O_RDWR|os.O_CREAT|os.O_EXCL, 0700) except OSError: continue file = os.fdopen(fd, "w+b") os.unlink(tmp) return file return None try: mess = mktemp() if not mess: os._exit(53) # write error header = 1 while 1: line = sys.stdin.readline() if not line: break if line in ("\r\n", "\n"): header = 0 if header and re.search(PATTERN, line): os._exit(31) # blocked, permanent error mess.write(line) mess.flush() mess.seek(0) os.dup2(mess.fileno(), 0) os.execv(QMAIL_QUEUE, ()) except: os._exit(81) # internal error -------------------[SNIP]---------------------
On Fri, May 05, 2000 at 01:59:39PM +0200, Jesper Hess Nielsen spoke thusly: > I have ALREADY done everything stated at the beginning of the script file > (which I have attached for clarity - some of you may not have seen it). > When I have done all this, I get an error when performing the test : > > [root@ns bin]# echo "test 1" | mail -s okay [EMAIL PROTECTED] > [root@ns bin]# qmail-inject: fatal: unable to exec qq (#4.3.0) > > When I try to run the script directly : > > [root@ns bin]# ./qmail-filter.py > > bash: ./qmail-filter.py: No such file or directory This looks like the error you get when the path to your interpreter on the shebang line is incorrect. Tim.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 5 May 00, at 13:59, Jesper Hess Nielsen wrote: > [root@ns bin]# ./qmail-filter.py > > bash: ./qmail-filter.py: No such file or directory I see. What does "head -n1 qmail-filter.py|od -c" say? Is there anything about character "015" or "\r" or so? Then you need to delete DOS-like end-of-line characters. -----BEGIN PGP SIGNATURE----- Version: PGP 6.0.2 -- QDPGP 2.60 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBORKqwFMwP8g7qbw/EQITcgCg8ZCWR3Rc04kHKT48tt5gryf8HOQAoIuN AVub7s3cLN50Bz6fASIiUw+s =VVpT -----END PGP SIGNATURE----- -- Petr Novotny, ANTEK CS [EMAIL PROTECTED] http://www.antek.cz PGP key ID: 0x3BA9BC3F -- Don't you know there ain't no devil there's just God when he's drunk. [Tom Waits]
On Fri, May 05, 2000 at 01:10:53PM +0200, Jesper Hess Nielsen wrote: > I tried installing the hack as described, but when I try the test, I get an > arror saying > > [root@ns bin]# echo "test 1" | mail -s okay [EMAIL PROTECTED] > [root@ns bin]# qmail-inject: fatal: unable to exec qq (#4.3.0) > > Anyone know what this could be? > > When I try to execute the py script, it says > > bash: ./qmail-filter.py: No such file or directory ldd /path/to/python Maybe you're missing a library. Regards; RC -- +------------------- | Ricardo Cerqueira | PGP Key fingerprint - B7 05 13 CE 48 0A BF 1E 87 21 83 DB 28 DE 03 42 | Novis - Engenharia ISP / Rede Técnica | Pç. Duque Saldanha, 1, 7º E / 1050-094 Lisboa / Portugal | Tel: +351 21 3166730/00 (24h/dia) - Fax: +351 21 3166701
On Fri, May 05, 2000 at 02:56:38AM -0600, Neil Schemenauer <[EMAIL PROTECTED]> wrote: > On Thu, May 04, 2000 at 07:28:32PM -0400, Searcher wrote: > > > exit(31) if /name="LOVE-LETTER-FOR-YOU.TXT.vbs"/o; > > > > Am I missing something here? > > Nothing except that fact that the real solution is to fix the > broken mail clients. IMHO, virus scanners and the like are > fundamentally broken. I agree with that. Since this one actually burns people, maybe people will learn not to run attachments unless they are expecting them and they are from someone they have a good reason to trust. I am suprised that we aren't already seeing viruses that mutate by encrypting themselves (to make virus scanning harder by greatly reducing the fixed part of the payload) and using varients in the deliverly envelope at each iteration. Using the same filename for the attachment and the same subject each time the virus transmits itself makes it too easy to detect the message.
Well, to thourghly test any of these scripts for qmail.. you need a copy or infected e-mail to run through the script. Does anyone have an infected e-mail to post? Or a URL where I can get one? Just adding a script is useless.... gotta test it out. BTW, should we send the bill to Bill Gates or Ballmer for allowing thier software to yet again grind the internet to a freaking halt. My Pine/Linux box has been virus free for 3+ years! Paul Farber Farber Technology [EMAIL PROTECTED] Ph 570-628-5303 Fax 570-628-5545 On Fri, 5 May 2000, Rainer Link wrote: > Mulindwa Eric wrote: > > > > but hoe can one use Amavis with qmail, p'se help > > Please have a look at http://www.unixzone.com/virus - I would suggest to > use AMaViS-Perl-5. It should work out-of-the-box. > If you run into troubles, please ask me directly. > > HTH > > best regards, > Rainer Link > > -- > Rainer Link | Member of Virus Help Munich (www.vhm.haitec.de) > [EMAIL PROTECTED] | Member of AMaViS Development Team (amavis.org) > rainer.w3.to | Maintainer FAQ "antivirus for Linux" (av-linux.w3.to) >
On Fri, May 05, 2000 at 09:47:57AM -0400, Paul Farber wrote: > Well, to thourghly test any of these scripts for qmail.. you need a copy > or infected e-mail to run through the script. > > Does anyone have an infected e-mail to post? Or a URL where I can get > one? Just adding a script is useless.... gotta test it out. http://www.almqvist.net/~johan/virus.txt > BTW, should we send the bill to Bill Gates or Ballmer for allowing thier > software to yet again grind the internet to a freaking halt. My > Pine/Linux box has been virus free for 3+ years! -Johan -- Johan Almqvist
>Well, to thourghly test any of these scripts for qmail.. you need a copy >or infected e-mail to run through the script. You must be the only person in the world without a copy! Seriously though, you don't need a copy of the virus. Just create an email with the correct subject line, and with a correctly named attachment. That should be enough to test your script _______________________________________________________________ This message has been checked for all known viruses by the MessageLabs Virus Control Centre. For further information visit http://www.messagelabs.com/stats.asp
At 5/5/2000 09:47 AM -0400, Paul Farber wrote or quoted: >Well, to thourghly test any of these scripts for qmail.. you need a copy >or infected e-mail to run through the script. Good point. >Does anyone have an infected e-mail to post? Or a URL where I can get >one? Just adding a script is useless.... gotta test it out. Yeah, I got emailed a copy of the I-LOVE-YOU-LETTER.TXT.vbs last night, and it's still in my Maildir on my server. Should I just email it to you, or does the whole list want a copy? ----------------------------------------------------------------- Kai MacTane System Administrator Online Partners.com, Inc. ----------------------------------------------------------------- From the Jargon File: (v4.0.0, 25 Jul 1996) finger trouble /n./ Mistyping, typos, or generalized keyboard incompetence (this is surprisingly common among hackers, given the amount of time they spend at keyboards). "I keep putting colons at the end of statements instead of semicolons", "Finger trouble again, eh?".
At 5/4/2000 11:29 PM -0600, Bruce Guenter wrote or quoted: > > Anyone can rename that .vbs to what ever they want and send it around again > > so wouldn't it be more efficient to filter all .vbs attachments? > >Nope, you're exactly right. However, the question was, how do I filter >the "ILOVEYOU" worm, and the above is a quick (and somewhat dirty) >answer. If you know how to identify VBS source, with the absence of a >MIME type, please tell us. I intend to do this for my employers, so I'm >not just being facetious. I really think this is the way to go as well. I've been telling my employer since yesterday morning that the Subject: line is probably the single most easily mutatable thing about this email, and that it would make much more sense to just stop any mail containing a .vbs attachment. I looked at the copy on my disk, and found the following at the beginning: Content-Type: application/octet-stream; name="LOVE-LETTER-FOR-YOU.TXT.vbs" Content-Disposition: attachment; filename="LOVE-LETTER-FOR-YOU.TXT.vbs" Content-Transfer-Encoding: base64 You could probably just do a regex match on: ^Content-type: \S+\; name=\".+\.vbs\" (Note: I have not tested that regex yet. It may not even function. It is quick-and-dirty, and even if it *does* work, there are probably better ways to do it.) In particular, there's probably a better way to express that .+\.vbs, although I note that \w+\.vbs and \S+\.vbs are *not* the way to do it, as filenames may contain spaces and other characters. ----------------------------------------------------------------- Kai MacTane System Administrator Online Partners.com, Inc. ----------------------------------------------------------------- From the Jargon File: (v4.0.0, 25 Jul 1996) finger trouble /n./ Mistyping, typos, or generalized keyboard incompetence (this is surprisingly common among hackers, given the amount of time they spend at keyboards). "I keep putting colons at the end of statements instead of semicolons", "Finger trouble again, eh?".
On Fri, May 05, 2000 at 01:59:39PM +0200, Jesper Hess Nielsen wrote: > When I try to run the script directly : > > [root@ns bin]# ./qmail-filter.py > > bash: ./qmail-filter.py: No such file or directory Try: $ python qmail-filter.py If that works then something is wrong with the first line or the permissions are wrong. It may also be useful to remove the try/except lines when testing. Neil -- "All truth passes through three stages: first, it is ridiculed; next it is violently attacked; finally, it is held to be self-evident." -- Schopenhauer
On Fri, May 05, 2000 at 12:19:09PM +0200, octave klaba wrote: > Hi, > I did setup your qmail-filter.py and test works > # echo "test 1" | mail -s okay myself > # echo "test 2" | mail -s ILOVEYOU myself > qmail-inject: fatal: mail server permanently rejected message (#5.3.0) > # echo "test 2" | mail -s ILOVEYOU [EMAIL PROTECTED] > qmail-inject: fatal: mail server permanently rejected message (#5.3.0) Nothing is wrong with those tests. > but when I send an email thought eudora using smtp of this serveur or not > to a pop on this serveur, email is not rejected. Are you sure you have the Subject right? It should be: "Subject: ILOVEYOU\r\n" Try: $ telnet localhost 25 220 example.com ESMTP mail <me> 250 ok rcpt <me> 250 ok data 354 go ahead Subject: ILOVEYOU^M ^M . 250 ok 957554771 qp 1623 quit Where you see ^M type "Control-v Enter". > PS I restarted all Not necessary. Neil -- Real programmers don't make mistrakes
On Fri, 5 May 2000, Jesper Hess Nielsen wrote: > Date: Fri, 5 May 2000 13:10:53 +0200 > From: Jesper Hess Nielsen <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: hack for filtering "i love you" worm > > I tried installing the hack as described, but when I try the test, I get an > arror saying > > [root@ns bin]# echo "test 1" | mail -s okay [EMAIL PROTECTED] > [root@ns bin]# qmail-inject: fatal: unable to exec qq (#4.3.0) > > Anyone know what this could be? > > When I try to execute the py script, it says > > bash: ./qmail-filter.py: No such file or directory missing language python --- /usr/local/bin/python > > I double checked that the path to python is correct in the script file. > > /Jesper > > >
Rainer Link wrote: > "Benjamin de los Angeles Jr." wrote: > > > > Can you sight pros/cons of using your antivirus software compared to > > AmaVis? > > > [I used it's perlscanner interface to match on the attachment filename while > > > waiting for the Antivirus vendors to come up with an "official" fix :-)] > > > See http://www.geocities.com/jhaar/scan4virus/ > > Well, I think you refer to AMaViS-Perl? AMaViS-Perl does not require any > qmail patch(es) and supports more antivirus software. > scan4virus provides a "generic filter/scanner" to filter out eMails with > a specific attachment name - which in case of "I love you" is a good > thing, but it's very easy to change the file name (or the subject line), > according to BugTraq this has happend. Err - no scan4virus contains a "generic filter" IN ADDITION TO support for other commercial virus scanners. Currently Trend, MacAffee, HBEDV and Sophos. My original rationale for developing my own virusscanner wrapper was that I had some security concerns with AmaVis which weren't shared by the author, it didn't support Qmail, and it was a shell script instead of a more "secure" language like perl (well, "perl -T"). Maybe some of these reasons no longer apply, but I doubt it operates as efficiently as scan4virus does (i.e. at the qmail-queue level) - that would be difficult to do and retain conpatibility with postfix and sendmail... Anyway, variety is the spice of life... -- Jason Haar
>> On Thu, 4 May 2000 19:28:32 -0400, >> "Searcher" <[EMAIL PROTECTED]> said: R> Anyone can rename that .vbs to what ever they want and send it around R> again so wouldn't it be more efficient to filter all .vbs attachments? The only safe way to handle this is to check any attachment for a Registry reference or an indication that Visual Basic is being run. Few if any legitimate attachments should be referring to the Registry, and all the mischief seems to be done via VB scripts. Unpacking an infected attachment (different virus) and running strings on it gave me the following: HKEY_CURRENT_USER\Software\Microsoft\Office\ VB_Nam VBProjectOh VBComponents temp\VBE C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VBA\VBA332.DLL \VBE\MSForms.EXD -- Karl Vogel ASC/YCOA, Wright-Patterson AFB, OH 45433, USA [EMAIL PROTECTED] or [EMAIL PROTECTED]
Jason Haar wrote: > > scan4virus provides a "generic filter/scanner" to filter out eMails with > > a specific attachment name - which in case of "I love you" is a good > > thing, but it's very easy to change the file name (or the subject line), > > according to BugTraq this has happend. > > Err - no scan4virus contains a "generic filter" IN ADDITION TO support for other > commercial virus scanners. > Currently Trend, MacAffee, HBEDV and Sophos. Yes, I know that. The word "also/moreover/too" is missing in the sentence above. Sorry for that - it wasn't intended to make a false statemant about scan4virus. To few sleep in the past days :-( > My original rationale for developing my own virusscanner wrapper was that I had > some security concerns with AmaVis which weren't shared by the author, it didn't Huh? Can you tell me more, please? Maybe you can simple repost/forward your old mails to me. Thx a lot! > support Qmail, and it was a shell script instead of a more "secure" language like > perl (well, "perl -T"). Well, that's why we startet AMaViS-perl (written by Chris Mason) :-) See www.unixzone.com/virus/ > Maybe some of these reasons no longer apply, but I doubt it operates as efficiently > as scan4virus does (i.e. at the qmail-queue level) - that would be difficult to do > and retain conpatibility with postfix and sendmail... Well, AMaViS-perl does :-) > Anyway, variety is the spice of life... Yes. Competition is welcome :-) cheers, Rainer -- Rainer Link | Member of Virus Help Munich (www.vhm.haitec.de) [EMAIL PROTECTED] | Member of AMaViS Development Team (amavis.org) rainer.w3.to | Maintainer FAQ "antivirus for Linux" (av-linux.w3.to)
Hi there I'm having problems with qmail and procmail, were procmail is being able to deliver into the $HOME/Maildir directort, and seems to want to put it all in /var/mail/user, even when we change authenticate.c file, so we have decided to revert back to the mailbox format and put up with it. Does anyoe have a script to conert mailboxes back to the mbox format from the qmail maildir format? cheers nicholas
Hello everyone, I am using Qmail on Suse 6.3, using /var/spool/mail/USERDIR. For an unknown reason, the mail logs have been cleared and Qmail does not log anything anymore....... I have looked in syslog and qmail does not report any errors either. Maybe permissions are wrong on the /var/log/mail file ?? what should they be? Does anybody have any suggestions? (No the hard drive is not full :)) Regards Cedric Revest ----------------------------------------------- Cedric Revest Britnet Ltd http://www.britnet.co.uk/ Direct Line: 0208 962 9542 Fax: 0208 964 8457
>> Hello everyone, > > I am using Qmail on Suse 6.3, using /var/spool/mail/USERDIR. > > For an unknown reason, the mail logs have been cleared and Qmail does not > log anything anymore....... > > I have looked in syslog and qmail does not report any errors either. > Maybe permissions are wrong on the /var/log/mail file ?? what should they > be? > > Does anybody have any suggestions? (No the hard drive is not full :)) > > Regards > > Cedric Revest > This may be due to the feature of syslogd that if the file it's supposed to be writing to doesn't exist, it doesn't create it, & nothing gets logged. If that's the case, try touching the log file and see if the messages start coming. Chris Harris System Manager STL Ltd. ph. 01228 512512 ext. 2211 fax 01228 514949
Hi, This has probably been asked already but I've literally just joined. How can I filter and reject ILOVEYOU messages in Qmail. Any pointers would be appreciated Best regards Rod
Rodney Edwards <[EMAIL PROTECTED]> wrote: > > This has probably been asked already but I've literally just joined. > How can I filter and reject ILOVEYOU messages in Qmail? Congratulations! You may be the first new subscriber whose question is at least 1) timely, and 2) not a FAQ! You get a cigar! > Any pointers would be appreciated Let me point you to the qmail archive: <http://www-archive.ornl.gov:8000/>. There have been some quick-and-dirty hacks suggested over the last couple of days, but since I don't run Windows I haven't paid much attention. Searching on ``ILOVEYOU'' should turn them up. Hope this helps, Len. -- Frugal Tip #31: Incrementally reduce your year-to-year operating expenditures while aggressively recognizing unrealized receivables in the current quarter.
Hi, I am new to this distribution list. Please forgive me if I am not posting to the correct DL. I have a problem to setup a new qmail server. When I trying to enable selective relaying with tcpserver/tcprules for qmail-smtpd, I always got *** 553 sorry, that domain isn't in my list of allowed *** rcpthosts (#5.7.1) To make it simple, I have already tried to put a single rule :allow, RELAYCLIENT="" inside tcp.smtp file and convert it to tcp.smtp.cdb. (no error message) Sill failed. What I have tried is use an OLD cdb file from the retiring server. It works! I have already lost the original rule file in text format. Is there any special way to generate the cdb file?? Is there any suggestion/suspection? Here is my configuration: - Redhat 6.2 - uscpi-tcp 8.0 / 8.4 / 8.8 - qmail 1.03 (install from rpm packages) Appreciated for your help! Regards, Clark __________________________________________________ Do You Yahoo!? Send instant messages & get email alerts with Yahoo! Messenger. http://im.yahoo.com/
On Fri, May 05, 2000 at 03:31:57AM -0700, Clark Hon wrote: > I have a problem to setup a new qmail server. When I > trying to enable selective relaying with > tcpserver/tcprules for qmail-smtpd, I always got > > *** 553 sorry, that domain isn't in my list of allowed > > *** rcpthosts (#5.7.1) > > To make it simple, I have already tried to put a > single rule > :allow, RELAYCLIENT="" ^ Take out the space. Chris
Me ha infectado el virus I LOVE YOU, a alguno de vosotros le ha tenido que llegar, lo siento.
hi Dave, > >The init scripts are in, > In what/where? And what's in them? And what platform are you using? Sorry I didn't give enough info. The init scripts are in my /etc/rc.d/init.d dir and softlinked to the various /etc/rcx.d directories. I'm using RH6.2, and used the RPM package to first compile the src then installed it using rpm. > By "nothing happens" do you mean that the script runs but doesn't > output anything, runs but exits immediately, or what? It runs, but immediately exits. > You can't start qmail from inetd.conf. Perhaps you mean qmail-smtpd? Yes, I meant qmail-smtpd.
"Isaiah Chua" <[EMAIL PROTECTED]> wrote: >Sorry I didn't give enough info. The init scripts are in my /etc/rc.d/init.d >dir and softlinked to the various /etc/rcx.d directories. I'm using RH6.2, >and used the RPM package to first compile the src then installed it using >rpm. > >> By "nothing happens" do you mean that the script runs but doesn't >> output anything, runs but exits immediately, or what? > >It runs, but immediately exits. That's normal. Init scripts generally run stuff in the background so the system can move on to the next script. Do the qmail processes show up when you run ps? See: http://Web.InfoAve.Net/~dsill/lwq.html#processes -Dave
Any recommendations on server virus scanners that run in harmony with qmail on linux, and if so, why the recommendation? Thanks, jason
On Fri, May 05, 2000 at 09:51:52PM +1000, Jason Brooke wrote: > > Any recommendations on server virus scanners that run in harmony with qmail > on linux, and if so, why the recommendation? H+BEDV antivir, from www.hbedv.com and www.antivir.de. Free for non-commercial use, no fuzz with web interfaces and the like (just command-line), fast updates. German version is better than english, though. > Thanks, > jason -Johan -- Johan Almqvist
Jason Brooke wrote: > > Any recommendations on server virus scanners that run in harmony with qmail > on linux, and if so, why the recommendation? Please have a look at http://av-linux.w3.to, esp. the Mini-FAQ as text file (direct link is http://www.ce.is.fh-furtwangen.de/~link/security/av-linux_e.txt) (please bookmark only http://av-linux.w3.to - thnx) HTH cu, Rainer -- Rainer Link | Member of Virus Help Munich (www.vhm.haitec.de) [EMAIL PROTECTED] | Member of AMaViS Development Team (amavis.org) rainer.w3.to | Maintainer FAQ "antivirus for Linux" (av-linux.w3.to)
"David Dyer-Bennet" <[EMAIL PROTECTED]> wrote: > Peter Samuel <[EMAIL PROTECTED]> wrote: > > > > And you editor can't read in the results of a program? > > I can think offhand of a couple of ways of doing it, but all of them > are grossly inefficient and take lots of keystrokes. There may well > be an easy way I'm overlooking, too. Nothing exotic, I'm an emacs > user. I'm not starting a new instance, I'm visiting the log file from > my existing instance. <rant> ``Nothing exotic, I'm an emacs user''? Emacs? Have you heard the debates whether Emacs was an OS, a shell, or an editor? Have you seen the emacs mailreaders, shell modes, IRC interfaces, and web browser? What you want to do is absolutely trivial in emacs, and you can bind it to a single keystroke. </rant> Anyway, what you want to do is absolutely trivial in emacs, and you can bind it to a single keystroke. Len. -- You're repeating the same old ``forks are bad and execs are disastrous'' litany without _profiling_ where your time is actually going. -- Dan Bernstein
> > Because we look at them too often :) > > And can't you look at them by passing them through tai64nlocal each > time? Can you spell "shell script wrapper"? :) I *asked* the list about *some program* which can do reverse time translation for my *already existing logs* - from Local to TAI. I *know* how solve my problem for newly generated logs, but my question was about *old* logs. Isn't it clear? And your response(s) (especially last one) never answered my question. -- Kins Orekhov Outlook Technologies, Inc. E-mail: [EMAIL PROTECTED] Phone: 773-775-2099, ext. 226 http://swoop.outlook.net
Kins Orekhov <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] wrote: > > And can't you look at them by passing them through tai64nlocal each > > time? Can you spell "shell script wrapper"? :) > > I *asked* the list about *some program* which can do reverse time > translation for my *already existing logs* - from Local to TAI. Correct. And Peter answered your question: ``Can you spell `shell script wrapper'?'' Translated, he just told you to write a script called ``look-at-old-logs'', which runs tai64nlocal on the old log files, and then displays them to you. Then, whenever you want to look at old logs, you run ``look-at-old-logs'', and voila! The magic happens all over again. That's the wonderful thing about computers: they never get bored. > And your response(s) (especially last one) never answered my question. It did. However, to benefit from the answer required some work from you. If you want somebody to do the work for you, pay them. (I'll do it if you prepay, in US dollars. Say, $250 for 2.5 hours work, and if I'm done sooner, I'll refund the difference.) Len. -- Frugal Tip #41: Remember, the best things in life are free. That means if you can resell them, that's a 100% profit margin.
At 9:33 PM -0400 5/4/00, Bennett Samowich wrote: >Greetings, > >I am relatively new to qmail, so forgive me if this is too simple... > >With all of the current goings on about the "luv bug", I have a >question concerning qmail and filtering. My customer base uses >sendmail primarily, while I have been experimenting with qmail at my >site. With the sendmail sites I was able to implement a >configuration "hack" to stop initial instances of the message. I >was also able to implement a global procmail filter to accomplish >the same thing. > >My question is this: >Does qmail have the ability to implement global filters. I know >that I can put procmail lines in each users .qmail file, but that >seems like alot of work. IIRC, the default delivery instruction in /var/qmail/rc can be a pipe to a program. So you can qmail-start "| preline /path/to/procmail" and have mail by default run through procmail. Of course, you still have a .qmail problem: any user with a .qmail will override the default instruction. "man qmail-command" gives you some details. > >Thanks in advance, >- Bennett -- -- Paul J. Schinder NASA Goddard Space Flight Center Code 693 [EMAIL PROTECTED]
Bennett Samowich <[EMAIL PROTECTED]> wrote: >Does qmail have the ability to implement global filters. I know that >I can put procmail lines in each users .qmail file, but that seems >like alot of work. qmail doesn't have a filtering mechanism built in, but one can be constructed pretty easily using the technique described in the following article: http://www.faqts.com/knowledge-base/view.phtml/aid/2142/fid/203/lang/en -Dave
hi i am sorry for this very easy question, but i am playing around and can not work it out. how can i apply the QMAILQUEUE patch? i made a file with the patch in it, qmailqueue-patch, which looks like: ---------------------- start --- qmail-1.03-orig/Makefile Mon Jun 15 04:53:16 1998 +++ qmail-1.03/Makefile Tue Jan 19 10:52:24 1999@@ -1483,12 +1483,12 @@ trigger.o fmtqfn.o quote.o now.o readsubdir.o qmail.o date822fmt.o \ datetime.a case.a ndelay.a getln.a wait.a seek.a fd.a sig.a open.a \ lock.a stralloc.a alloc.a substdio.a error.a str.a fs.a auto_qmail.o \ -auto_split.o+auto_split.o env.a ./load qmail-send qsutil.o control.o constmap.o newfield.o \ prioq.o trigger.o fmtqfn.o quote.o now.o readsubdir.o \ qmail.o date822fmt.o datetime.a case.a ndelay.a getln.a \ wait.a seek.a fd.a sig.a open.a lock.a stralloc.a alloc.a \ - substdio.a error.a str.a fs.a auto_qmail.o auto_split.o + substdio.a error.a str.a fs.a auto_qmail.o auto_split.o env.a qmail-sen d.0: \ qmail-send.8diff -u qmail-1.03-orig/qmail.c qmail-1.03/qmail.c --- qmail-1.03-orig/qmail.c Mon Jun 15 04:53:16 1998 +++ qmail-1.03/qmail.c Tue Jan 19 09:57:36 1999@@ -6,14 +6,25 @@ #include "fd.h " #include "qmail.h" #include "auto_qmail.h"+#include "env.h" -static char *binqqargs[2] = { "bin/qmail-queue", 0 } ; +static char *binqqargs[2] = { 0, 0 } ;++static void setup_qqargs()+{ + if(!binqqargs[0])+ binqqargs[0] = env_get("QMAILQUEUE"); + if(!binqqargs[0])+ binqqargs[0] = "bin/qmail-queue";+} int qmail_open(qq) struct qmail *qq; { int pim[2]; int pie[2];++ setup_qqargs(); if (pipe(pim) == -1) return -1; if (pipe(pie) == -1) { close(pim[0]); close(pim[1]); return -1; } ----------------------------- end i tried to apply it: caramel:/usr/local/src # ls -d qmail* qmail-1.03/ qmail.tar.gz qmailanalog-0.70/ qmailanalog-0_70.tar.gz qmailqueue-patch caramel:/usr/local/src # patch < qmailqueue-patch Hmm... I can't seem to find a patch in there anywhere. caramel:/usr/local/src # what am i doing wrong? any help is greatly appreciated jan stifter
On Fri, 05 May 2000 15:21:43 +0200, Jan Stifter <[EMAIL PROTECTED]> wrote: i solved it. my patch was broken. sorry jan
> Cono D'Elia wrote: > > Hello, > > Is there a limitation for the amount of users courier imap and > vpopmail can support using the db type files? Is it better to go with > an sql database instead? > > > Thanks, > > Cono. There is no limitation of cdb password files. However, modifications to the file (add/delete/mod) start taking long amounts of time >30 seconds when you have more than 5,000 users. ken jones inter7
Hello all, Is there a way to insert a shim (or shell wrapper) before qmail-local deleivers a local message? IE, check for message size if $RECIEPENT = 'baduser' or some such thing? It would seem administratively easier to apply these type of filters for a large group of users that way rather than ~/.qmail-default 'ing all the home dirs. Paul Farber Farber Technology [EMAIL PROTECTED] Ph 570-628-5303 Fax 570-628-5545
Paul Farber <[EMAIL PROTECTED]> wrote: > > Is there a way to insert a shim (or shell wrapper) before qmail-local > delivers a local message? Simple; write a wrapper called ``qmail-local'', which in the end exec's the original qmail-local (which you should rename, of course). The interface is remarkably simple. From qmail-local(8): SYNOPSIS qmail-local [ -nN ] user homedir local dash ext domain sender defaultdelivery DESCRIPTION ... The standard input for qmail-local must be a seekable file, so that qmail-local can read it more than once. See? It's a snap. (If you don't know how, I'll do it for a small fee.) > It would seem administratively easier to apply these type of filters for a > large group of users that way rather than ~/.qmail-default 'ing all the > home dirs. In fact this latter ``solution'' doesn't work anyway--unless the users cannot create .qmail files. Extensions for which more specific .qmail-ext files exist are delivered according to those instructions, bypassing .qmail-default entirely. Len. -- Frugal Tip #19: Discover the secret to happiness, then sell the franchise rights.
On Thu, May 04, 2000 at 05:51:46PM -0700, Jon Rust wrote: > At 2:43 AM +0200 5/5/00, Peter van Dijk wrote: > >So much for security, eh? > > > > Hrmf. You have apoint there. :-/ Guess I should think before typing. > Of course, by limiting the range of IPs allowed to trigger the > download, you could decrease the exposure, but it would be far from > perfect. No, you're on the right track. Have tcpserver on the private port trigger authentication via the qmail-popup and checkpassword. tcpserver sets the incoming ip address in an environment variable, and you can trigger serial- mail from the tcpserver commandline. John
On Thu, 4 May 2000, Jon Rust wrote: > At 2:43 AM +0200 5/5/00, Peter van Dijk wrote: > >So much for security, eh? > > > > Hrmf. You have apoint there. :-/ Guess I should think before typing. > Of course, by limiting the range of IPs allowed to trigger the > download, you could decrease the exposure, but it would be far from > perfect. > > (crawling back into lurk mode) > > jon > Exchange servers can be made to run an arbitrary program upon completing the initiation of the dialup connection. Give them program which initiates a pop3 or spop3 connection, authenticates itself at the server, then quits. And there is a wrapper for this behaviour on www.qmail.org. ssh can also be made to do this, but that would need a system account on the mailserver for each such user. Albeit their shell can be the script maildir2smtp. Robert Varga
hi, i applied the QMAILQUEUE patch to qmail. i start my qmail-smtpd with supervise /var/lock/svc/qmail-smtpd tcpserver -v -q -x/etc/tcp.smtp.cdb\ -u101 -g101 0 smtp /var/qmail/bin/qmail-smtpd 2>&1 | \ setuser qmaill accustamp | \ setuser qmaill tailocal >> /var/log/qmail-smtpd.log & and it works. if i do an export QMAILQUEUE="/var/qmail/bin/antivirus-qmail-queue.pl" in front of the above command, no mail is working: caramel:/var/log # telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 caramel.medres.ch ESMTP helo 250 caramel.medres.ch mail from: test 250 ok rcpt to: [EMAIL PROTECTED] 250 ok data 354 go ahead . 451 qq temporary problem (#4.3.0) quit 221 caramel.medres.ch Connection closed by foreign host. caramel:/var/log # the file qmail-smtpd.log shows the following lines: 2000-05-05 16:44:31.581449 Can't do setuid what is the problem? what can i do? any hints are greatly appreciated jan
Mario Rafael <[EMAIL PROTECTED]> wrote: > Hi :), I have several questions.... I have an /var/spool/mail/alias file >that is getting bigger and bigger each moment, what it's is purpose?, It's the user "alias"'s mailbox. It's sometimes where root/postmaster mail ends up. >I have taken a lookt at it and it seems that the messages double >bouncing are stored there... how can I directly throw those messages >to /dev/null?, thanks in advance. echo devnull > /var/qmail/control/doublebounceto echo # > ~alias/.qmail-devnull Then restart qmail. -Dave
"Luke Chiam" <[EMAIL PROTECTED]> wrote: >I suspect someone is sending bulk mail using our qmail server, as we are >getting a lot of rebounced mail and delivery failure notice. A spammer might be sending stuff out with your domain in the envelope return path. That would cause bounces to come to you even if the messages didn't come from you. (They could be doing that to avoid anti-spam mechanisms that require a valid domain in the return path.) One of your users could be sending spam. Presumably this would be apparent from examing the double bounces. You could be an open relay. See: http://Web.InfoAve.Net/~dsill/lwq.html#relaying -Dave
I guess the bounce mail comes from my side since I'm trying to configure my qmail also but still having some problems. Sorry for that. I've restored my old config and later, I will test again. My qmail setup is different. My qmail is configured as an email gateway only. So there are no users in my qmail server. I hope you can help with this kind of scenario. > -----Original Message----- > From: Dave Sill [mailto:[EMAIL PROTECTED]] > Sent: Saturday, May 06, 2000 1:18 AM > To: [EMAIL PROTECTED] > Subject: Re: qmail abuse... > > > "Luke Chiam" <[EMAIL PROTECTED]> wrote: > > >I suspect someone is sending bulk mail using our qmail > server, as we are > >getting a lot of rebounced mail and delivery failure notice. > > A spammer might be sending stuff out with your domain in the envelope > return path. That would cause bounces to come to you even if the > messages didn't come from you. (They could be doing that to avoid > anti-spam mechanisms that require a valid domain in the return path.) > > One of your users could be sending spam. Presumably this would be > apparent from examing the double bounces. > > You could be an open relay. See: > > http://Web.InfoAve.Net/~dsill/lwq.html#relaying > > -Dave >
I have recently deployed a freeware procmail script that does a very good job filtering out various forms or malicious mail. So far it has caught all the ILOVEYOU mail and a few of the variants we have seen. Since I use QMail on my own machine, can procmail scripts be used with QMail? Most of the script uses some well crafted PERL code, so if not, it could probably be shoe-horned into a form that QMail will utilize. Any suggestions?
on 5/5/00 10:32 AM, John W. Lemons III had the thought: > I have recently deployed a freeware procmail script that does a very good > job filtering out various forms or malicious mail. So far it has caught all > the ILOVEYOU mail and a few of the variants we have seen. Since I use QMail > on my own machine, can procmail scripts be used with QMail? Most of the > script uses some well crafted PERL code, so if not, it could probably be > shoe-horned into a form that QMail will utilize. Any suggestions? You are better off using something like scan4virus at the queue level. http://www.geocities.com/jhaar/scan4virus/ While it is probably not advised, I am using it without the QMAILQUEUE patch. Instead, the scan4virus program receives the mail, scans it, then passes it to my renamed qmail-queue program. Right now I deny all .vbs attachments. Yes, this is rather draconian and there might be a 1 in 100,000,000,000,000 chance that someone really needs to send a .vbs attachment. Those are the breaks... Pat -- Freestyle Interactive | http://www.freestyleinteractive.com | 415.778.0610
Hi, > You are better off using something like scan4virus at the queue level. > http://www.geocities.com/jhaar/scan4virus/ setuping scan4vuris I have this error Cannot find unzip on your system! 2 stupid questions: - where can I find it out for linux ? - do I need to use McAfee with ? if yes, whch version ? an url ? thanks Octave Amicalement, oCtAvE Connexion terminée par expiration du délai d'attente
on 5/5/00 10:55 AM, octave klaba had the thought: > setuping scan4vuris I have this error > > Cannot find unzip on your system! > > 2 stupid questions: > - where can I find it out for linux ? http://freshmeat.net > - do I need to use McAfee with ? if yes, whch version ? an url ? No, but should have at least one kind of scanner. It is easier if you use one that is already tested and on the list. Or you can simply use the built in perl scanner. Freshmeat also has links for cirus scanners. Pat -- Freestyle Interactive | http://www.freestyleinteractive.com | 415.778.0610
> > I have recently deployed a freeware procmail script that does a very good > > job filtering out various forms or malicious mail. So far it has caught all > > the ILOVEYOU mail and a few of the variants we have seen. Since I use QMail > > on my own machine, can procmail scripts be used with QMail? Most of the > > script uses some well crafted PERL code, so if not, it could probably be > > shoe-horned into a form that QMail will utilize. Any suggestions? > > You are better off using something like scan4virus at the queue level. > http://www.geocities.com/jhaar/scan4virus/ > > While it is probably not advised, I am using it without the QMAILQUEUE > patch. Instead, the scan4virus program receives the mail, scans it, then > passes it to my renamed qmail-queue program. > > Right now I deny all .vbs attachments. Yes, this is rather draconian and > there might be a 1 in 100,000,000,000,000 chance that someone really needs > to send a .vbs attachment. Those are the breaks... Thanks Pat... That was the point I was trying to get across yesterday... It can be renamed and sent through over and over so why not filter all .vbs attachments? I tried to emphasize the point that non tech uses are killing us with their carelessness so we have to protect them from vbs scripts in order to protect ourselves. On the same note I carried it through to all exe files as well. If they need to be sent by good users- What's the big deal in changing the extension to .exx? Bad guys will send an exe and hope it is run on double click while an exx.obviously won't till the end user changes the extension back to .exe. My point is, if we don't stop viruses and Trojans from spreading then Uncle Sam will try and we do not want that to happen considering the mess we have with this child safety act. I wonder at times if they don't create these problems so they have an excuse to try to control the net! The news I saw and read leaned heavily towards government offices and military bases being affected. :( Rick < == paranoid!
>> Right now I deny all .vbs attachments. Yes, this is rather draconian and >> there might be a 1 in 100,000,000,000,000 chance that someone really needs >> to send a .vbs attachment. Those are the breaks... >That was the point I was trying to get across yesterday... It can be >renamed and sent through over and over so why not filter all .vbs >attachments? I tried to emphasize the point that non tech uses are killing >us with their carelessness so we have to protect them from vbs scripts in >order to protect ourselves. >On the same note I carried it through to all exe files as well. If they >need to be sent by good users- What's the big deal in changing the >extension to .exx? Bad guys will send an exe and hope it is run on double >click while an exx.obviously won't till the end user changes the extension >back to .exe. Consider filtering the following as well: *.reg Regedit will inject its contents into your registry without any warning if you open this file *.hlp Windose help files can contain auto-executing vb script *.hta html application, can contain vb script, javascript etc.(MSHTA.EXE will run them when you click on them) *.shs shell automation code *.vbs vb script *.chm compiled HTML help file, also can contain vb script, javascript etc. Most of these will never need to be sent or received by a user and all can contain malicious code. Any other suggestions?
On Fri, May 05, 2000 at 02:32:10PM -0500, John W. Lemons III wrote: [A whole pile of extensions cut] > Most of these will never need to be sent or received by a user and all can > contain malicious code. Any other suggestions? Yes. Fix the mail client or switch to one that does not execute untrusted code without prompting. Neil -- Real programmers don't make mistrakes
> Consider filtering the following as well: > > *.reg Regedit will inject its contents into your > registry without any > warning if you open this file > *.hlp Windose help files can contain auto-executing vb script > *.hta html application, can contain vb script, > javascript etc.(MSHTA.EXE > will run them when you click on them) > *.shs shell automation code > *.vbs vb script > *.chm compiled HTML help file, also can contain vb > script, javascript etc. > > Most of these will never need to be sent or received by a > user and all can > contain malicious code. Any other suggestions? Here's a snip from a bugtraq post... <snip> Sean Malloy <[EMAIL PROTECTED]> is letting us known that changing the virus to use a WSF extension instead of VBS is just as affective. WSF stands for Windows Scripting File. Antivirus vendors that want to be proactive might want to add this extension to their signatures. </snip> Mark
Is there some way to make qmail-mrtg work with qfilelog log files? I am doing my logging monthly .. that is i have log data piped through qfilelog into /var/log/qmail/sendlog and a /var/log/qmail/smtpd/smtpdlog which grow for an entire month and then get rolled over, and are parsed with matchup/zoverall and friends. Is it possible to have the qmail-mrtg scripts read these two files? -- Mark Drummond|ICQ#19153754|mailto:[EMAIL PROTECTED] UNIX System Administrator|Royal Military College of Canada The Kingston Linux Users Group|http://signals.rmc.ca/klug/ Saving the World ... One CPU at a Time
"Mark E. Drummond" wrote: > > Is there some way to make qmail-mrtg work with qfilelog log files? I am > doing my logging monthly .. that is i have log data piped through > qfilelog into /var/log/qmail/sendlog and a /var/log/qmail/smtpd/smtpdlog > which grow for an entire month and then get rolled over, and are parsed > with matchup/zoverall and friends. > > Is it possible to have the qmail-mrtg scripts read these two files? Cancel my last ... I have switched to multilog and I am modifying the qmail-mrtg scripts to use multilog formatted log files. If anyone else is interested in them I can provide them when finished. -- Mark Drummond|ICQ#19153754|mailto:[EMAIL PROTECTED] UNIX System Administrator|Royal Military College of Canada The Kingston Linux Users Group|http://signals.rmc.ca/klug/ Saving the World ... One CPU at a Time
"Mark E. Drummond" wrote: > > Cancel my last ... I have switched to multilog and I am modifying the > qmail-mrtg scripts to use multilog formatted log files. If anyone else > is interested in them I can provide them when finished. Hmmm, while working on this I just noticed that there is a descrepancy between the time returned by perl's `time` (or $^T) and the time -- Mark Drummond|ICQ#19153754|mailto:[EMAIL PROTECTED] UNIX System Administrator|Royal Military College of Canada The Kingston Linux Users Group|http://signals.rmc.ca/klug/ Saving the World ... One CPU at a Time Please excuse me if I am terse. I answer dozens of emails every day.
Antigen for Exchange found LOVE-LETTER-FOR-YOU.TXT.vbs matching =love-letter-for-you.txt.vbs file filter. The file is currently Detected. The message, "Re: hack for filtering "i love you" worm", was sent from Kai MacTane and was discovered in IMC Queues\Inbound located at Matchlogic/MATCHLOGIC/HOUSTON.
At 5/5/2000 11:54 AM -0600, ANTIGEN_HOUSTON wrote or quoted: >Antigen for Exchange found LOVE-LETTER-FOR-YOU.TXT.vbs matching >=love-letter-for-you.txt.vbs file filter. >The file is currently Detected. The message, "Re: hack for filtering "i >love you" worm", was sent from Kai MacTane and was discovered in IMC >Queues\Inbound located at Matchlogic/MATCHLOGIC/HOUSTON. Hmmm. Looks like someone's already filtering on just the string I sent out. I wonder if they're filtering all .vbs files? Content-Type: application/octet-stream; name="This is Bogus.vbs" Content-Disposition: attachment; filename="This is Bogus.vbs" ----------------------------------------------------------------- Kai MacTane System Administrator Online Partners.com, Inc. ----------------------------------------------------------------- From the Jargon File: (v4.0.0, 25 Jul 1996) finger trouble /n./ Mistyping, typos, or generalized keyboard incompetence (this is surprisingly common among hackers, given the amount of time they spend at keyboards). "I keep putting colons at the end of statements instead of semicolons", "Finger trouble again, eh?".
Kai MacTane wrote: > > At 5/5/2000 11:54 AM -0600, ANTIGEN_HOUSTON wrote or quoted: > >Antigen for Exchange found LOVE-LETTER-FOR-YOU.TXT.vbs matching > >=love-letter-for-you.txt.vbs file filter. > >The file is currently Detected. The message, "Re: hack for filtering "i > >love you" worm", was sent from Kai MacTane and was discovered in IMC > >Queues\Inbound located at Matchlogic/MATCHLOGIC/HOUSTON. > > Hmmm. Looks like someone's already filtering on just the string I sent out. > > I wonder if they're filtering all .vbs files? Our exchange admin is. __________________________________________________________________ David Nicol 816.235.1187 [EMAIL PROTECTED] "Lord Macbeth knew he was approaching the SITE of the rout from the SIGHT of odd body parts scattered on the blasted heath."
Hi. I dont understand how to invoke the qmail-users system. I have a server and /var/qmail/users/ is empty. I would like to be able to use the "assign" mechanism. How do i do this ? I tried to run qmail-pw2u but it just seems to hang forever. This is how it says to do it in Life with Qmail. Also if i start using 'assign' will it somehow mess up my exisiting config ? Does qmail have to be restarted as well ?? thanks in advance ! tony
"Tony D'Andrade" <[EMAIL PROTECTED]> wrote: >Hi. I dont understand how to invoke the qmail-users system. I have a >server and /var/qmail/users/ is empty. I would like to be able to use >the "assign" mechanism. How do i do this ? I tried to run qmail-pw2u >but it just seems to hang forever. Did you read the qmail-pw2u man page? >This is how it says to do it in Life with Qmail. No, LWQ doesn't tell you how to run qmail-pw2u. The purpose of the qmail-users coverage in LWQ is to supplement the man pages, not to replace them. >Also if i start using 'assign' will it somehow mess up my >exisiting config ? That depends upon what you put in /var/qmail/users. >Does qmail have to be restarted as well ?? No. -Dave
Antigen for Exchange found This is Bogus.vbs matching =*.vbs file filter. The file is currently Deleted. The message, "Re: Antigen found =love-letter-for-you.txt.vbs file", was sent from Kai MacTane and was discovered in IMC Queues\Inbound located at Matchlogic/MATCHLOGIC/HOUSTON.
We can only send out 22 messages from remote queue at once and when theserver has finished delivering those 22 it does not queue up to deliver any more.We have over 8,000 message in our remote queue and sending qmail-send an-ALRM does not get it to restart sending. We have to stop and start it by handeach time. Any help would be greatly apprecaited or request for more info.Concurrency is set to 100 remote queues and it is not even using them all.Qmail 1.03 running on a SGI Challenge S - Irix 6.5-Eric Davis
"Eric Davis" <[EMAIL PROTECTED]> wrote: >We can only send out 22 messages from remote queue at once and when >the server has finished delivering those 22 it does not queue up to >deliver any more. We have over 8,000 message in our remote queue and >sending qmail-send an -ALRM does not get it to restart sending. We >have to stop and start it by hand each time. Any help would be >greatly apprecaited or request for more info. > >Concurrency is set to 100 remote queues and it is not even using them >all. > >Qmail 1.03 running on a SGI Challenge S - Irix 6.5 What Do The Logs Say(tm)? What does qmail-qstat say? Have you checked your trigger? See: http://Web.InfoAve.Net/~dsill/lwq.html#trigger -Dave
We frequently get two Delivered-To headers when one qmail mailbox forwards to another qmail mailbox. Dave > -----Original Message----- > From: PPPindia [mailto:[EMAIL PROTECTED]] > Sent: Thursday, May 04, 2000 1:57 PM > To: [EMAIL PROTECTED] > Subject: Two Delivered-To headers - Why ? > > > Setup: > LAN, Redhat 6.1, qmail, vpopmail/vchkpw, Mailman list software > Default domain : sanshri.com, Virtual domain : ppp.com > Mailman list is configured for the virtual domain ppp.com > > Problem : Two Delivered-To headers are being generated > - one addressed to the alias, and the other with the actual > destination address - the mailman list owner address. (see below) > I am having this problem not only in this case, but also > when i manually create an alias in the default domain sanshri.com > > So far i have never been able to create an alias entry > without the mail having two delivered-to headers ? > I do not have this problem when i create an alias > through qmailadmin/vpopmail. > > The alias setup for the virtual domain is as follows : - > In /domains/ppp.com/.qmail-pppshar > | preline /home/mailman/mail/wrapper post pppshar > > In .qmail-default the vdelivermail is called... > and the default line put by vpopmail is there undisturbed > in /var/qmail/users/assign > > Headers : > Return-Path: <[EMAIL PROTECTED]> > Delivered-To: [EMAIL PROTECTED] > Received: (qmail 1040 invoked from network); 4 May 2000 12:02:28 -0000 > Received: from unknown (HELO sanshri.com) ([EMAIL PROTECTED]) > by 192.168.0.15 with SMTP; 4 May 2000 12:02:28 -0000 > Return-Path: <[EMAIL PROTECTED]> > Delivered-To: [EMAIL PROTECTED] > Received: (qmail 986 invoked from network); 4 May 2000 11:57:05 -0000 > Received: from unknown (HELO ppp) (192.168.0.3) > by 192.168.0.15 with SMTP; 4 May 2000 11:57:05 -0000 > Message-ID: <003f01bfb5be$ddd1ef80$0300a8c0@ppp> > From: "listc" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > ------------------------- > > What could be the problem here ? > I want only one Delivered-To header in the messages. > > Please help > ksamy > +--------------------------------------------------------+ > PPPshar- Internet for your LAN with one Internet account > netMailshar -Email for every desktop with one 'Net account. > MailAssistant - Speaking Email Notifier > GetAgain - resume interrupted downloads. > Visit http://www.pppindia.com/software > +--------------------------------------------------------+ > >
Hello all. The continued discussions about the "love bug" and qmail "hacks" for dealing with it have me disturbed. I won't knock djb; the man needs to write an OS one of these days. :) However there should be no need to "hack" qmail to get it to filter unwanted mail and I'm wondering if future versions of qmail will care. Dave Sill's "general approach" for filtering is, well... I couldn't help but crack up when I read it [01]. This is by no means intended to be offensive; it's just funny to read that a *possible* solution for getting qmail to do what I want is to install it twice. Maybe windoze will do what I want if I install it twice eh? ermm.. no, been there, done that. CERT also talked about filters for sendmail, postfix, and procmail [02]. No mention of qmail. qmail is a programmer's MTA. (Un)fortunately the world isn't full of programmers. When things like the "love bug" hit the main stream, getting everyone to frantically and quickly slam their doors shut in the faces of all that is unwanted, qmail users should be able to do the same. Er, that is, without having to write some quick, untested "hack" to do it. Or install a 2nd copy of qmail and then write a quick, untested "hack". qmail needs filtering rules for this "love bug" sort of thing, ie, a new control file or set of control files. These days, filtering by the MTA is probably more of a necessity than a feature. Then again, this is all merely my US $0.02. kw /* ** Keith Warno ** Developer & Sys Admin ** http://www.HaggleWare.com/ */ [01]http://www.faqts.com/knowledge-base/view.phtml/aid/2142/fid/203/lang/en [02]http://www.cert.org/advisories/CA-2000-04.html
On Fri, May 05, 2000 at 03:27:40PM -0400, Keith Warno wrote: > Hello all. > > The continued discussions about the "love bug" and qmail "hacks" for dealing > with it have me disturbed. I won't knock djb; the man needs to write an OS > one of these days. :) However there should be no need to "hack" qmail to > get it to filter unwanted mail and I'm wondering if future versions of qmail > will care. > > Dave Sill's "general approach" for filtering is, well... I couldn't help but > crack up when I read it [01]. This is by no means intended to be offensive; > it's just funny to read that a *possible* solution for getting qmail to do > what I want is to install it twice. I presume you understood Dave to mean run two instances of qmail, not merely to install and re-install. Once instance would accept the mail, filter it and pass it off to the other instance for delivery. Of course you knew that, you just fine it funny for some reason. Also, having a mail gateway is fairly common corporate practise, so having a qmail instance as a gateway with a global filtering strategy is pretty trivial by delivering thru ~alias/.qmail-default then forwarding on. Finally, there *is* a well defined interface at which all mail going thru qmail can be filtered. It's called qmail-queue. Nothing is stopping any enterprising person or organization from writing or commercializing a filtering system that wraps qmail-queue. It could even be written to provide the same interface as the filtering API that sendmail now deploys so those commercial filters could be transparently used with either MTA. Regards.
on 5/5/00 12:27 PM, Keith Warno had the thought: > > qmail is a programmer's MTA. (Un)fortunately the world isn't full of > programmers. When things like the "love bug" hit the main stream, getting > everyone to frantically and quickly slam their doors shut in the faces of > all that is unwanted, qmail users should be able to do the same. Er, that > is, without having to write some quick, untested "hack" to do it. Or > install a 2nd copy of qmail and then write a quick, untested "hack". > > qmail needs filtering rules for this "love bug" sort of thing, ie, a new > control file or set of control files. These days, filtering by the MTA is > probably more of a necessity than a feature. What makes you think that the fixes that instantly sprang up for sendmail, et. all weren't quick hacks? With the design of qmail I am able to do more general filtering and it keeps me from having to use a 1 meg procfile recipe. I use scan4virus. The problem that this presents is that there is always more than one way to do it so you have 18 different perl scripts to do the same task ;-) We have a dedicated test machine for qmail, so testing 'quick hacks' usually isn't a problem. I know this isn't an option for everyone, but before you apply any kind of patch to sendmail or other MTAs I would think you want to test it as well. Pat -- Freestyle Interactive | http://www.freestyleinteractive.com | 415.778.0610
"Keith Warno" <[EMAIL PROTECTED]> wrote: >The continued discussions about the "love bug" and qmail "hacks" for dealing >with it have me disturbed. I won't knock djb; the man needs to write an OS >one of these days. :) However there should be no need to "hack" qmail to >get it to filter unwanted mail and I'm wondering if future versions of qmail >will care. I'll be suprised if the next version of qmail doesn't have better support for filtering/processing messages. DJB is good at addressing users needs in subsequent releases. Look at the development of DNScache or the early qmail days for two examples. >Dave Sill's "general approach" for filtering is, well... I couldn't help but >crack up when I read it [01]. This is by no means intended to be offensive; >it's just funny to read that a *possible* solution for getting qmail to do >what I want is to install it twice. Well, I always try to entertain, as well as inform. :-) The [01] method is crude, but quite flexible and powerful--and requires no modification to the source code. >Maybe windoze will do what I want if I install it twice eh? ermm.. no, been >there, done that. More of a good thing is sometimes better, but more of a bad thing...? >CERT also talked about filters for sendmail, postfix, and procmail [02]. No >mention of qmail. Probably because the "vendors" submitted that information, but DJB didn't. -Dave
On Fri, May 05, 2000 at 12:21:40PM -0700, [EMAIL PROTECTED] wrote: > Finally, there *is* a well defined interface at which all mail going thru > qmail can be filtered. It's called qmail-queue. Nothing is stopping any > enterprising person or organization from writing or commercializing a filtering See http://www.geocities.com/jhaar/scan4virus/ - qmail-queue replacement that can run a variety or commercial virus scanners (as well as it's inbuilt one) over all Email that has to go through qmail-queue (i.e. everything). Been there - done that. -- Cheers Jason Haar Unix/Network Specialist, Trimble NZ Phone: +64 3 9635 377 Fax: +64 3 9635 417
Keith Warno wrote: > > there should be no need to "hack" qmail And there isn't! Why do people persist on insecure MUAs? __________________________________________________________________ David Nicol 816.235.1187 [EMAIL PROTECTED] "Lord Macbeth knew he was approaching the SITE of the rout from the SIGHT of odd body parts scattered on the blasted heath."
"David L. Nicol" wrote: > Keith Warno wrote: > > > > there should be no need to "hack" qmail > > And there isn't! Why do people persist on insecure MUAs? My sentiment exactly. Why should I have to expend valuable time and resources fixing Microsofts dud ware. Here in .au there are rumblings of legislation for ISPs to block virii, these people have no concept of the difference between a virus and a worm or any other type of exploit, yet pressure is mounting on ISPs and, if legislated, means ISPs will be liable for loss and damage and loss of production because MS constantly fail to secure their systems. To effect this type of policy one would need to prohibit all attachments, scan each mail for vb/java script and why not peersonally read/censure each mail </rant> Kevin
But if you are the first one to sell 'secure' qmail servers you will be the MS of .au! Take a bad thing and make it into a good one. That and make profit along the way! Paul Farber Farber Technology [EMAIL PROTECTED] Ph 570-628-5303 Fax 570-628-5545 On Fri, 5 May 2000, Kevin Waterson wrote: > "David L. Nicol" wrote: > > > Keith Warno wrote: > > > > > > there should be no need to "hack" qmail > > > > And there isn't! Why do people persist on insecure MUAs? > > My sentiment exactly. > Why should I have to expend valuable time and resources fixing > Microsofts dud ware. > Here in .au there are rumblings of legislation for ISPs to block virii, > these people have no concept of the difference between a virus and > a worm or any other type of exploit, yet pressure is mounting on ISPs > and, if legislated, means ISPs will be liable for loss and damage and > loss of production because MS constantly fail to secure their systems. > To effect this type of policy one would need to prohibit all > attachments, > scan each mail for vb/java script and why not peersonally read/censure > each mail > </rant> > > Kevin > >
> > there should be no need to "hack" qmail > > And there isn't! Why do people persist on insecure MUAs? I'll chime in on this, even though my view may not be the same as everyone else's. The problem isn't MUA's. The problem is that users were duped into executing a program of a malicious intent. That isn't anything new. In fact, it isn't even restricted to MUA's. The recent root-exploit of Apache.org involved duping a root user into executing malicious code. It's just a fact of life, until every user in the world is not only educated (hah, when will that happen?), but sufficiently competant to analyze programs on their own, virii will still exist. And een if those utopian conditions existed, we'd just find trickier ways to spread the virii. Because of that, viral scanning is a necessity for large corporations, to save themselves a lot of monetary loss. They simply need to protect themselves through viral scanning. The ability to have incoming/outgoing mail scanned does not solve the problem, but is a very, very good first step. Few experienced administrators would fail to use some sort of firewalling/filtering on their company's Internet connection. If they wanted to, they could simply throw the blame on insecure programs / OS / systems, but they don't. The use the firewall / filtering because it's a fast, easy way to block many attacks. Not all, but many. Central email virus scanning is the same thing. When I sent my analysis of the "iloveyou" virus to BugTraq, I was deluged with email - all of them bounces. Because my message started with "ilove you", many, many mail servers had blocked it. That was within something like 12 hours of the release. Think of the immense amount of headaches the system administrators for those companies saved themselves. The ounce of prevention was worth a metric ton of cure. There is also the issue of cost. Is it cheaper to purchase one SMP machine to scan mail on the server for virii, or to license a hundred copies of a virus scanner, and then puy each machine more RAM and CPU, so that they can still work as efficiently while the virus scanner watches what they do? Scanning mail on the server may not be your preference. However, it is a very valuable and useful resource, that is just as valid as using firewalls to prevent attacks against insecure machines on the inside network. If someone in the open-source community doesn't anty up and make server-side mail scanning work well, someone in the private sector will. Let's make the world a Better Place, and do it first. Shoot, just this morning, my MOTHER of all people called me up and asked why they couldn't stop the virus at the mail server. : ) steve
Steve Wolfe writes: > The problem isn't MUA's. The problem is that users were duped into > executing a program of a malicious intent. And until the MUA is fixed, this will happen again, and again and again and again. Replace your MUA with something that's secure and you have solved the problem. Stop the email at the MTA and you're a sitting duck for the next invocation. Lather, rinse, repeat. -- -russ nelson <[EMAIL PROTECTED]> http://russnelson.com Crynwr sells support for free software | PGPok | "Ask not what your country 521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | do for you..." -Perry M.
>Steve Wolfe writes: > > The problem isn't MUA's. The problem is that users were duped into > > executing a program of a malicious intent. > >And until the MUA is fixed, this will happen again, and again and >again and again. Replace your MUA with something that's secure and >you have solved the problem. Stop the email at the MTA and you're a >sitting duck for the next invocation. Lather, rinse, repeat. a lot of people forget that when you get a defective car, you don't sue the dealer; you sue the vendor. for some reason, people also think it's somehow different with the windows. cheers to those of you that have enough whiskey in your system to where that makes the slightest bit of sense. :)
First off, let me thank everyone in this mailing list for assiting me in setting up my qmail server. Within about 4 weeks, I now have a functioning server that will send and receive email from the internet and internally. A special koodoos to Dave Sill for writing LWQ. Your Document was a huge amount of help. I now have a server running on RedHat 6.1 with Qmail 1.03. I seem to be having one problem. My server sits behind a NAT firewall. I have 2 NICs in my server, one with an internal non routeable adrress, and another with a real ip address that my new ISP has given to me. I contacted my former/other provider that is hosting our website and also registered our domain, to get the MX records changed to point to my new mail server. This has been done as far as I can tell. when I do a nslookup on mail.foobar.com I get back the correct address. Also I can receive email from the outside world. My problem lies with attaching to mail.foobar.com. When I am behind the firewall I can attach to mail.int.foobar.com and everything is working, but when I try to attach to mail.foobar.com, I time out. Listed below is the output of qmail-showctl. It all seems to be OK when I look at it, but I'm just a newbie. Any help would be greatly appreciated.qmail home directory: /var/qmail.
user-ext delimiter: -.
paternalism (in decimal): 2.
silent concurrency limit: 120.
subdirectory split: 23.
user ids: 501, 502, 503, 0, 504, 505, 506, 507.
group ids: 501, 502.
badmailfrom:
bouncefrom: (Default.) Bounce user name is MAILER-DAEMON.
bouncehost: (Default.) Bounce host name is foobar.com.
concurrencylocal: (Default.) Local concurrency is 10.
concurrencyremote: (Default.) Remote concurrency is 20.
databytes: SMTP DATA limit is 20000000 bytes.
defaultdomain: Default domain name is foobar.com.
defaulthost: (Default.) Default host name is foobar.com.
doublebouncehost: (Default.) 2B recipient host: foobar.com.
doublebounceto: (Default.) 2B recipient user: postmaster.
envnoathost: (Default.) Presumed domain name is foobar.com.
helohost: (Default.) SMTP client HELO host name is foobar.com.
idhost: (Default.) Message-ID host name is foobar.com.
localiphost: (Default.) Local IP address becomes foobar.com.
locals:
Messages for mail.foobar.com are delivered locally.
Messages for foobar.com are delivered locally.
me: My name is foobar.com.
percenthack: (Default.) The percent hack is not allowed.
plusdomain: Plus domain name is foobar.com.
qmqpservers: (Default.) No QMQP servers.
queuelifetime: (Default.) Message lifetime in the queue is 604800 seconds.
rcpthosts:
SMTP clients may send messages to recipients at foobar.com.
SMTP clients may send messages to recipients at mail.foobar.com.
SMTP clients may send messages to recipients at mail.int.foobar.com.
morercpthosts: (Default.) No effect.
morercpthosts.cdb: (Default.) No effect.
smtpgreeting: (Default.) SMTP greeting: 220 foobar.com.
smtproutes: (Default.) No artificial SMTP routes.
timeoutconnect: (Default.) SMTP client connection timeout is 60 seconds.
timeoutremote: (Default.) SMTP client data timeout is 1200 seconds.
timeoutsmtpd: (Default.) SMTP server data timeout is 1200 seconds.
virtualdomains: (Default.) No virtual domains.
When I attempt to connect to telnet mail.foobar.com 25
I get mail.foobar.com: Unknown hostI will make two assumptions,1) mail.foobar.com does not exist (DNS broke,etc)2) your domain is not foobar.com and you are editing the output of qmail-showctlPlease send us the TRUE information since dealing with mailservers is often a DNS issuealso send us the commands you use to start qmail-----Original Message-----
From: Steve Peace(Internal) [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 05, 2000 3:12 PM
To: [EMAIL PROTECTED]
Subject: Connecting to my email server..First off, let me thank everyone in this mailing list for assiting me in setting up my qmail server. Within about 4 weeks, I now have a functioning server that will send and receive email from the internet and internally. A special koodoos to Dave Sill for writing LWQ. Your Document was a huge amount of help. I now have a server running on RedHat 6.1 with Qmail 1.03. I seem to be having one problem. My server sits behind a NAT firewall. I have 2 NICs in my server, one with an internal non routeable adrress, and another with a real ip address that my new ISP has given to me. I contacted my former/other provider that is hosting our website and also registered our domain, to get the MX records changed to point to my new mail server. This has been done as far as I can tell. when I do a nslookup on mail.foobar.com I get back the correct address. Also I can receive email from the outside world. My problem lies with attaching to mail.foobar.com. When I am behind the firewall I can attach to mail.int.foobar.com and everything is working, but when I try to attach to mail.foobar.com, I time out. Listed below is the output of qmail-showctl. It all seems to be OK when I look at it, but I'm just a newbie. Any help would be greatly appreciated.qmail home directory: /var/qmail.
user-ext delimiter: -.
paternalism (in decimal): 2.
silent concurrency limit: 120.
subdirectory split: 23.
user ids: 501, 502, 503, 0, 504, 505, 506, 507.
group ids: 501, 502.
badmailfrom:
bouncefrom: (Default.) Bounce user name is MAILER-DAEMON.
bouncehost: (Default.) Bounce host name is foobar.com.
concurrencylocal: (Default.) Local concurrency is 10.
concurrencyremote: (Default.) Remote concurrency is 20.
databytes: SMTP DATA limit is 20000000 bytes.
defaultdomain: Default domain name is foobar.com.
defaulthost: (Default.) Default host name is foobar.com.
doublebouncehost: (Default.) 2B recipient host: foobar.com.
doublebounceto: (Default.) 2B recipient user: postmaster.
envnoathost: (Default.) Presumed domain name is foobar.com.
helohost: (Default.) SMTP client HELO host name is foobar.com.
idhost: (Default.) Message-ID host name is foobar.com.
localiphost: (Default.) Local IP address becomes foobar.com.
locals:
Messages for mail.foobar.com are delivered locally.
Messages for foobar.com are delivered locally.
me: My name is foobar.com.
percenthack: (Default.) The percent hack is not allowed.
plusdomain: Plus domain name is foobar.com.
qmqpservers: (Default.) No QMQP servers.
queuelifetime: (Default.) Message lifetime in the queue is 604800 seconds.
rcpthosts:
SMTP clients may send messages to recipients at foobar.com.
SMTP clients may send messages to recipients at mail.foobar.com.
SMTP clients may send messages to recipients at mail.int.foobar.com.
morercpthosts: (Default.) No effect.
morercpthosts.cdb: (Default.) No effect.
smtpgreeting: (Default.) SMTP greeting: 220 foobar.com.
smtproutes: (Default.) No artificial SMTP routes.
timeoutconnect: (Default.) SMTP client connection timeout is 60 seconds.
timeoutremote: (Default.) SMTP client data timeout is 1200 seconds.
timeoutsmtpd: (Default.) SMTP server data timeout is 1200 seconds.
virtualdomains: (Default.) No virtual domains.
I don't know exactly what types of NAT firewalling there are, but I'll assume you mean something like IPmasquerading with Port forwarding (25 forwarded to you internal machine). You can't send packets to your external (real) IP and then have them come back into the network. For instance, my web server is inside my network. If I try to access www.youwasahero.com, it will time out. On the otherhand, my FTP server is on the firewall/gateway box, so if I access ftp.youwasahero.com that works, because the packets don't have to leave the network and then come back in. Here are your options: 1) Put your qmail server on the gateway/firewall machine (this is what I do). 2) Set up a DNS server for your internal network. Make an entry so that mail.int.foobar.com resolves to your INTERNAL IP address for the mail server. (this is how I handle my internal web server. For the real world DNS records, www.youwasahero.com resolves to my external (real) IP address, and port 80 is forwarded. For my private internal DNS server, www.youwasahero.com resolves to the IP address of the web server on the internal network, 192.168.0.5.) I hope that makes sense. "Steve Peace(Internal)" wrote: > First off, let me thank everyone in this mailing list for assiting me > in setting up my qmail server. Within about 4 weeks, I now have a > functioning server that will send and receive email from the internet > and internally. A special koodoos to Dave Sill for writing LWQ. Your > Document was a huge amount of help. I now have a server running on > RedHat 6.1 with Qmail 1.03. I seem to be having one problem. My > server sits behind a NAT firewall. I have 2 NICs in my server, one > with an internal non routeable adrress, and another with a real ip > address that my new ISP has given to me. I contacted my former/other > provider that is hosting our website and also registered our domain, > to get the MX records changed to point to my new mail server. This > has been done as far as I can tell. when I do a nslookup on > mail.foobar.com I get back the correct address. Also I can receive > email from the outside world. My problem lies with attaching to > mail.foobar.com. When I am behind the firewall I can attach to > mail.int.foobar.com and everything is working, but when I try to > attach to mail.foobar.com, I time out. Listed below is the output of > qmail-showctl. It all seems to be OK when I look at it, but I'm just > a newbie. Any help would be greatly appreciated.qmail home directory: > /var/qmail.
Thanks for the assist, I should have realized that, but I have Friday on the brain. Excuse me while I wipe the egg off of my face :-) ----- Original Message ----- From: <[EMAIL PROTECTED]> To: "Steve Peace(Internal)" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, May 05, 2000 3:59 PM Subject: Re: Connecting to my email server.. > I don't know exactly what types of NAT firewalling there are, but I'll > assume you mean something like IPmasquerading with Port forwarding (25 > forwarded to you internal machine). > > You can't send packets to your external (real) IP and then have them > come back into the network. > For instance, my web server is inside my network. If I try to access > www.youwasahero.com, it will time out. > On the otherhand, my FTP server is on the firewall/gateway box, so if I > access ftp.youwasahero.com that works, because the packets don't have to > leave the network and then come back in. > > Here are your options: > 1) Put your qmail server on the gateway/firewall machine (this is what > I do). > > 2) Set up a DNS server for your internal network. Make an entry so that > mail.int.foobar.com resolves to your INTERNAL IP address for the mail > server. (this is how I handle my internal web server. For the real > world DNS records, www.youwasahero.com resolves to my external (real) IP > address, and port 80 is forwarded. For my private internal DNS server, > www.youwasahero.com resolves to the IP address of the web server on the > internal network, 192.168.0.5.) > > I hope that makes sense. > > > "Steve Peace(Internal)" wrote: > > > First off, let me thank everyone in this mailing list for assiting me > > in setting up my qmail server. Within about 4 weeks, I now have a > > functioning server that will send and receive email from the internet > > and internally. A special koodoos to Dave Sill for writing LWQ. Your > > Document was a huge amount of help. I now have a server running on > > RedHat 6.1 with Qmail 1.03. I seem to be having one problem. My > > server sits behind a NAT firewall. I have 2 NICs in my server, one > > with an internal non routeable adrress, and another with a real ip > > address that my new ISP has given to me. I contacted my former/other > > provider that is hosting our website and also registered our domain, > > to get the MX records changed to point to my new mail server. This > > has been done as far as I can tell. when I do a nslookup on > > mail.foobar.com I get back the correct address. Also I can receive > > email from the outside world. My problem lies with attaching to > > mail.foobar.com. When I am behind the firewall I can attach to > > mail.int.foobar.com and everything is working, but when I try to > > attach to mail.foobar.com, I time out. Listed below is the output of > > qmail-showctl. It all seems to be OK when I look at it, but I'm just > > a newbie. Any help would be greatly appreciated.qmail home directory: > > /var/qmail. > >
For those not on the BugTraq mailing list. This is yet another update about the worm from the moderator of BugTraq. There's all sorts of useful info here. You may also want to poke around at www.securityfocus.com . kw ----- Original Message ----- From: "Elias Levy" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: 05 May 2000, Friday 15:37 Subject: Re: IL0VEY0U worm Another update. VARIANTS -------- Toni Tiainen <[EMAIL PROTECTED]> reports of a new variant they are calling LoveLetter.E with spreads with a subject of "Mothers Day Order Confirmation" with a message body of (indented two spaces): Thanks for your purchase! We have proceeded to charge your credit card for the amount of $326.92 for the mothers day diamond special. We have attached a detailed invoice to this email. Please print out the attachment and keep it in a safe place. Thanks Again and Have a Happy Mothers Day! The attachment is named "mothersday.vbs". This variant deleted all files with an extension of ".bat". F-Secure Anti-Virus for Firewalls with the latest signature file can detect and delete this variant. For more info check out http://www.f-secure.com/v-descs/love.htm The LoveLetter.B variant has a subject of "Susitikim shi vakara kavos puodukui...". Brian Moore <[EMAIL PROTECTED]> reports seeing at least one variant where the VBS virus was not an attachment but it was instead uuencoded. This may fool antivirus products. Look out for the string "begin 600 LOVE-LETTER-FOR-YOU.TXT.vbs" in the message. Could this be the result of some MTA rewriting the message? Trend Micro has released pattern file number 695 which includes definitions to detect the variants reported by Dan Simoes <[EMAIL PROTECTED]> (the tabs to spaces variant). Sean Malloy <[EMAIL PROTECTED]> is letting us known that changing the virus to use a WSF extension instead of VBS is just as affective. WSF stands for Windows Scripting File. Antivirus vendors that want to be proactive might want to add this extension to their signatures. The file contents would look something like this: <job id="iloveyou"> <script language="VBScript"> 'insert code here </script> </job> or as Sean points out you could encode it to obfuscate it by doing: <job id="iloveyouencrypted"> <script language="VBScript.Encode"> #@~^EQAAAA==vbxd^?DDPmKN^?~t^?DnOwYAAA==^#~@ </script> </job> where "#@~^EQAAAA==vbxd^?DDPmKN^?~t^?DnOwYAAA==^#~@' is the encoded worm. It seems the "fwd: Joke" variant attachment is "Very Funny.vbs" (note the space) and not "VeryFunny.vbs". Or maybe its a new variant. FILTERING --------- As many of you pointed out filtering based on the subject line is less than perfect. Sadly that is the best you can do with many MTAs without some hacking. If others can come up with ways to filter based on attachments let us know. If you can filter by attachment look out for files with these extensions: VBS, VBE, WSF, WSH, HTA. Also the second regexp filter I recommended for Postfix was wrong. Postfix can only match message headers, not attachment headers. So the line "/Content.*\.vbs/ REJECT" will have no effect on the worm. You are left with filtering by subject (e.g. "/^Subject:.*ILOVEYOU/ REJECT"). Jose Nazario <[EMAIL PROTECTED]> has updated his sendmail rules. As suggested by Keith Petersen it now generates 501 errors (rather than 553's, which causes an Exchange server to keep retrying delivery) and it now handles the Joke variants. http://biocserver.bioc.cwru.edu/~jose/iloveyouhack.txt Jimmy Corio <[EMAIL PROTECTED]> has provided the following procmail recipe: # # Look for ILOVEYOU worm. File copy in /var/mail/ILoveYouSave and # notify that an infected mail file may have come in. # - jc3 05/04/00 # :0 B * ^Content-Type: application/octet-stream;.*($|).*name="LOVE-LETTER-FOR-YOU.TXT.vbs" { ILOVEYOULOG="/var/mail/ILoveYouSave" :0 c $ILOVEYOULOG :0 h | (formail -i"Subject: Potential ILOVEYOU worm email received" \ -i"To:[EMAIL PROTECTED]" \ -i"Content-type: text/plain; charset=\"us-ascii\""; \ echo "Potential I Love You virus received. Check Log."; \ echo "Date: `/bin/date`"; \ ) | \ $SENDMAIL -oi [EMAIL PROTECTED] } Please note you need to change the email address it sends warning messages to, and you should also modify it to catch the "Very Funny.vbs" attachment. ANTIVIRUS --------- Daniel Doekal <[EMAIL PROTECTED]> reports that does not seems to stop the virus with the 24.4.2000 signature file and that LiveUpdate has not yet listed a newer signature file. At the same type the are conflicting reports that Norton does detect the virus but as the older BubbleBoy virus or by using its Bloodhound heuristics technology. Adele Shakal <[EMAIL PROTECTED]> points us to DrSolomon's fix at http://www.drsolomons.com/home/extra.zip Bernhard Schneck <[EMAIL PROTECTED]> points us to this German antivirus vendor fix http://www.antivir.de/presse/loveletter.htm RECOVERY SCRIPTS ---------------- Dave Salovesh <[EMAIL PROTECTED]> points out my comment about the ThePope.org recovery script was wrong. Since the overwritten files are renamed to have a .vbs extension the script does not need to look for the other extensions. The script is at http://www.thepope.org/fix.vbs David E Haasnoot <[EMAIL PROTECTED]> has some scripts to recover from the worm at http://www.liwdg.org/love.html Damon Lathe <[EMAIL PROTECTED]> points us to another recovery script called the Love Condom at http://www.creativebits.com/love-condom/ OTHER SOLUTIONS --------------- Chris Needham <[EMAIL PROTECTED]> had the clever idea of having the skyinet.net ISP that hosts the web pages for th WIN-BUGSFIX.exe program to replace those pages with a page information users they are infected and with instructions on how to fix their systems. Of curse this is not likely to happen but local ISPs can redirect these URLs in their proxies to help their customers. Dax Kelson <[EMAIL PROTECTED]> founds some errors on the script supplied by Dan Stromberg <[EMAIL PROTECTED]> yesterday. Dan has fixed it up and made a new version available at ftp://autoinst.acs.uci.edu/pub/virus/zotiloveyou David Luyer <[EMAIL PROTECTED]> provides us with a similar script in perl. Its attached. Run from /var/spool with $files = `echo mail/*` or $files = result of building list from grep. No forks, execs, etc, etc, so it can be run over a few hundred thousand mailboxes without too much pain, although the locking is very ugly and doesn't actually test the lock. Steve Parker <[EMAIL PROTECTED]> points out a way to stop the worm from propagating (at least via email). The worms uses the OLE automation object for Outlook to send the infected messages. It obtains a handle to this object via the following VBS line: set out=WScript.CreateObject("Outlook.Application") "Outlook.Application" references a registry key under HKEY_CLASSES_ROOT. That key references the CLSID of the OLE automation object for Outlook. If that key is deleted, renamed, or the CLSID value is changed, VB code will not be able to automate Outlook, and hence the worm, will not propagate itself via email. Steve tested this technique and it does not appear to break Outlook. It did, however, break the Palm HotSync manager. -- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum#!/usr/bin/perl $virusremoved = 0; #$files="mail/victim1 mail/victim2 ..." @files = split(/ /, $files); open(PW, "</etc/passwd"); while(<PW>) { @l = split(/:/); $uid{$l[0]} = $l[2]; } close(PW); for $file (@files) { print "doing $file...\n"; $msg = ""; $isvirus = 0; $isnotvirus = 0; open (TMP, ">$file.lock"); close (TMP); rename ("$file", "$file.TMP-RM-VIRUS"); open (FILEOLD, "<$file.TMP-RM-VIRUS"); open (FILENEW, ">$file"); while (<FILEOLD>) { if (/^From /) { print FILENEW $msg if (!$isvirus); $virusremoved++ if ($isvirus); print "REMOVED: $virusremoved\n" if ($isvirus); $msg = ""; $isvirus = 0; $isnotvirus = 0; } $msg .= $_; if (/^$/ && !$isvirus) { $isnotvirus++; } if(/^Subject: ILOVEYOU$/) { $isvirus++ if (!$isnotvirus); } } print FILENEW $msg if (!$isvirus); $virusremoved++ if ($isvirus); $msg = ""; $isvirus = 0; $isnotvirus = 0; close (FILEOLD); close (FILENEW); unlink("$file.TMP-RM-VIRUS"); unlink("$file.lock"); $user = $file; $user =~ s/mail\///; print "user = $user\n"; $uid = 0; $uid = $uid{$user} if exists $uid{$user}; print "uid = $uid\n"; chown $uid, 12, $file; chmod 0660, $file; }
listy-dyskusyjne Krzysztof Dabrowski writes: > At 20:06 2000-05-03, Russell Nelson wrote: > >But it looks to me like he's reversed the password and the > >timestamp parameters to checkpassword. > > so the order is : LOGIN, PASSWORD, TIMESTAMP > > my cmd5checkpassword accepts: > > login name terminated by \e0, > a cram-md5 challenge terminated by \e0, > and a cram-md5 response terminated by qmail-pop3d's apop command sends first parameter, second parameter, timestamp, where the "timestamp" parameter is actually pid.timestamp@hostname. That would correspond to login, response, and challenge for MD5. Not that it *really* matters since CRAM-MD5 and APOP use algorithms with different details. -- -russ nelson <[EMAIL PROTECTED]> http://russnelson.com Crynwr sells support for free software | PGPok | "Ask not what your country 521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | do for you..." -Perry M.
"Mark E. Drummond" wrote: > > Cancel my last ... I have switched to multilog and I am modifying the > qmail-mrtg scripts to use multilog formatted log files. If anyone else > is interested in them I can provide them when finished. Let's try that again. Hmmm, while working on this I just noticed that there is a descrepancy between the time returned by perl's `time` (or $^T) and the time on my multilog logs. Here is an example: --BEGIN QUOTE-- bastion# tail /var/log/qmail/sendlog 957550606.725794 status: local 0/10 remote 0/20 957550606.726275 end msg 175750 957550614.220152 new msg 175750 957550614.220404 info msg 175750: bytes 1102 from <[EMAIL PROTECTED]> qp 11557 uid 51015 957550614.467704 starting delivery 88634: msg 175750 to remote [EMAIL PROTECTED] 957550614.467785 status: local 0/10 remote 1/20 957550614.578268 delivery 88634: success: 137.94.1.134_accepted_message./Remote_host_said:_250_Message_received:_FU3MS600.HM3/ 957550614.608559 status: local 0/10 remote 0/20 957550614.609030 end msg 175750 957550627.961157 status: exiting bastion# perl test 957558159 : 957558159 bastion# --END QUOTE-- the script "test" is just: #!/usr/local/bin/perl print time," : $^T\n"; -- Mark Drummond|ICQ#19153754|mailto:[EMAIL PROTECTED] UNIX System Administrator|Royal Military College of Canada The Kingston Linux Users Group|http://signals.rmc.ca/klug/ Saving the World ... One CPU at a Time Please excuse me if I am terse. I answer dozens of emails every day.
I am hoping you can help me with a qmail problem...We have the etrn patch installed and etrn was working up until last night,but now it is not working. We telnet to the server on port 25 and issue anetrn command for a domain in our etrn file and it says reports an internaletrn failure.The message is: opening etrntrigger: No such device or addressAny idea of what we can look at? The etrntrigger file in there in /var/qmail andthe permissions are okay from what we can see. We have even rebult qmail.-Eric Davis
>We have the etrn patch installed and etrn was working up until last night, Where might one find this patch? Digging around qmail.org didn't produce anything. Thanks, [EMAIL PROTECTED]
Hello, What is they way to send qmail's output to standard output so I can view qmail's transaction's like sendmail in verbose mode. I know this was posted somewhere I though it was on life with qmail but it doesn't seem to be there anymore. If anyone has the url of could just send me the command line syntax I would appreciate it. Thanks in advance.
Reduce your international phone bill by over 50%. Join our easy-to-use callback service today for free. No monthly minimums, surcharges or set-up fees apply, just low flat rates 24 hours, everyday. Visit our website: http://hometown.aol.com/gotelcom/ and enter to win $500 in FREE phone calls, or email us for more info: [EMAIL PROTECTED] Check out our low rates below. Complete listing of rates for all countries available on our website. Prices are per minute in USD. To get the rates add cost of country you are calling FROM to cost of country you are calling TO. Algeria 0.27 Argentina 0.36 Argentina Buenos Aires 0.18 Australia 0.10 Austria 0.11 Bahamas 0.15 Bahrain 0.42 Bangladesh 0.63 Belgium 0.10 Brazil 0.27 Brazil Rio de Jan. 0.20 Brazil Sao Paulo 0.20 Canada 0.08 Chile 0.15 China 0.27 Colombia 0.25 Cyprus 0.23 Denmark 0.10 Djibouti 0.74 Egypt 0.59 Finland 0.10 France 0.08 Georgia 0.46 Germany 0.08 Ghana 0.36 Greece 0.20 Hong Kong 0.10 Hungary 0.26 India 0.60 Indonesia 0.33 Indonesia Jakarta 0.20 Iran 0.62 Ireland 0.10 Israel 0.13 Italy 0.11 Japan 0.10 Jordan 0.51 Kazakhstan 0.36 Kenya 0.74 Kuwait 0.54 Lebanon 0.55 Liberia 0.38 Libya 0.27 Malaysia 0.20 Malta 0.17 Mauritania 0.58 Mexico 0.18 Morocco 0.46 Netherlands 0.07 New Zealand 0.09 Nigeria 0.70 Norway 0.08 Oman 0.53 Pakistan 0.69 Philippines 0.29 Poland 0.28 Qatar 0.53 Romania 0.35 Russia 0.39 Russia Moscow 0.18 Russia St. Petersburg 0.20 Saudi Arabia 0.61 Singapore Rep. 0.15 Somalia 0.60 South Africa 0.35 South Africa Johannesburg0.22 South Korea 0.12 Spain 0.13 Sri Lanka 0.64 Sudan 0.39 Sweden 0.08 Switzerland 0.10 Syria 0.57 Taiwan 0.11 Tajikistan 0.47 Thailand 0.35 Tunisia 0.40 Turkey 0.39 Turkmenistan 0.46 Ukraine 0.29 United Arab Emirates 0.35 United Kingdom 0.07 USA 0.05 Venezuela 0.33 Yemen 0.74 - Rates apply 24 hrs/day, 7 days per week - NO sign-up fees, NO monthly fees, and NO surcharges - You DO NOT have to SWITCH your current provider - Ideal for Home and Business use - Callback service is available to/from anywhere in the world. Contact us for more information and complete rate table at: Email: [EMAIL PROTECTED] http://hometown.aol.com/gotelcom/ If you would like to be removed from our list, please reply to: [EMAIL PROTECTED] with the word "remove" in the subject line.
At 03:20 PM 5/4/00 +0000, [EMAIL PROTECTED] wrote: why this qmail mailling list doesn't use the rblsmtpd to prevent from Dial Up user abuse ? Delivered-To: mailing list [EMAIL PROTECTED] Received: (qmail 32716 invoked from network); 5 May 2000 23:34:51 -0000 Received: from ac81110d.ipt.aol.com (HELO mx.boston.juno.com) (172.129.17.13) by muncher.math.uic.edu with SMTP; 5 May 2000 23:34:51 -0000
Is there anyway to restrict which users/groups can execute commands via the | option in there .qmail file? I realise that the problem could be solved by not giving users access to the .qmail file but this is not always an option. The biggest problem is an ftp/mail user could write a .qmail which mails them the /etc/passwd file giving them access to the userlist. Another question. Does anyone know how to take the results of a command and forward the message to those usernames (I have a command that lists all users in a specific virtual domain). It would be nice to have a "dynamic mailing list". A final questions is does anyone have a script to forward the results of a command to the person who sent the message? ie. run amalist then send the result of the command to the user who emailed [EMAIL PROTECTED]? Thank you for you help.
I've installed qmail, and I can send messages out to the world just fine.. but I can't "get" messages from the world. The faq's and howto pages have me confused. I read something about the /users/assign file, but am completely confused about setting that up. All I want at this point is to allow a user to get mail from anywhere. If I already have [EMAIL PROTECTED], how do I get mail to the Mailbox directory? After I get this part figured out, hopefully the virtual domain part won't be all that difficult. I'm using Mandrake 7.02. Thanks.
James wrote: > > I've installed qmail, and I can send messages out to the world just fine.. > but I can't "get" messages from the world. > > The faq's and howto pages have me confused. I read something about the > /users/assign file, but am completely confused about setting that up. All > I want at this point is to allow a user to get mail from anywhere. If I > already have [EMAIL PROTECTED], how do I get mail to the Mailbox directory? > > After I get this part figured out, hopefully the virtual domain part won't > be all that difficult. > > I'm using Mandrake 7.02. > > Thanks. If you send a message to a user within your server, is he able to receive it? I had a problem more or less like yours, in my case my users were not able to retrieve any e-mail.....
I found most of my answers in a wonderful book written by Dave Sill "Life with Qmail" http://Web.InfoAve.Net/~dsill/lwq.html and the rest in this mailing list. Bolivar, James wrote: > > I've installed qmail, and I can send messages out to the world just fine.. > but I can't "get" messages from the world. > > The faq's and howto pages have me confused. I read something about the > /users/assign file, but am completely confused about setting that up. All > I want at this point is to allow a user to get mail from anywhere. If I > already have [EMAIL PROTECTED], how do I get mail to the Mailbox directory? > > After I get this part figured out, hopefully the virtual domain part won't > be all that difficult. > > I'm using Mandrake 7.02. > > Thanks.
I am using Openbsd 2.6 and I am having a problem with checkpassword. When I do the test in the install doc for checkpassword /var/qmail/bin/qmail-popup host /bin/checkpassword pwd It works fine, verifies my user id and password. When I try to telnet to the server using it's fqdn on port 110 I get this: atlas# telnet atlas.teoi.net 110 Trying 206.30.147.56... Connected to atlas.teoi.net. Escape character is '^', +OK ([EMAIL PROTECTED]) user dale +OK pass mypass -ERR authorization failed Connection closed by foreign host. atlas# If I telnet to localhost i get the same error as above but the line with the numbers@atlas etc has different numbers. The same happens if I try this from any machine in my subnet. Here is what one of my machines with win98se & outlook express (the one for IE5) spit out at me There was a problem logging onto your mail server. Your Password was rejected. Account: 'atlas.teoi.net', Server: 'atlas.teoi.net', Protocol: POP3, Server Response: '-ERR authorization failed', Port: 110, Secure(SSL): No, Server Error: 0x800CCC90, Error Number: 0x800CCC92 I can send mail out and get it at the destination address with out any problems. I have tried turning on and off the "require authentication" option in outlook but no luck...gave me another error which was obvious (not running ssh/ssl on the pop3d). I haven't tried this in netscape communicator's mail, the only machine I have it on is mine running RH61 and ns 4.61. I am using the win98 box with outlook so I don't have to mess with my netscape on my machine. I'm going to replace my slackware box with the openbsd eventually. Another thing I noticed is my pop3 sessions are getting logged, splogger is logging my smtp but they are setup the same as far as I know. Here are my start up's for both: if [ -x /usr/local/bin/tcpserver ]; then echo -n ' Qmail-smtp'; /usr/local/bin/tcpserver -x /etc/tcp.smtp.cdb -v -u 2850 -g 32750 0 smtp /var/qmail/bin/qmail-smtpd 2>&1 \ /var/qmail/bin/splogger smtpd 3 & fi if [ -x /usr/local/bin/tcpserver ]; then echo -n ' Qmail-pop3'; /usr/local/bin/tcpserver -v -R 0 pop3 /var/qmail/bin/qmail-popup atlas.teoi.net \ /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir 2>&1 \ /var/qmail/bin/splogger pop3d 3 & fi Please let me know if this wrong, it appears to work for the smtp without a problem. I saw an example on one of the web sites that put a | right after 2>&1 and when I did that splogger wouldn't load...error said it couldn't find it. I took the | out and and it loaded but pop3d is only one not logging. Thanks in advance for any ideas/suggestions. Dale
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dale, If your domain is teoi.net(i.e.- [EMAIL PROTECTED] and not [EMAIL PROTECTED]) try- ... /var/qmail/bin/qmail-popup teoi.net \ /bin/checkpassword ... Hope this helps. Regards, Charles Werbick -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> iQA/AwUBORN+gL4UXtxZ1qcBEQKYRACg+LEvGRhd22tyXhhpvsekfXZoGpcAoPBe Blk1aCTvaEbkXiNUC5NuLdZg =8Ti4 -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Oops, That was totally bogus. Too many hours awake... you may try the -u and -g options set to root for pop3 instance of tcpserver. Regards Charles Werbick -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> iQA/AwUBOROPvr4UXtxZ1qcBEQJnXgCgv/sMkosmBKr1qw/fViLrL3LAQo4AnRWU xvZYVAC2tNyyM55g06Alde76 =4bWT -----END PGP SIGNATURE-----
Charles Werbick wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Dale, > > If your domain is teoi.net(i.e.- [EMAIL PROTECTED] and not > [EMAIL PROTECTED]) try- > > ... > /var/qmail/bin/qmail-popup teoi.net \ /bin/checkpassword > ... > > Hope this helps. > > Regards, > Charles Werbick > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> > > iQA/AwUBORN+gL4UXtxZ1qcBEQKYRACg+LEvGRhd22tyXhhpvsekfXZoGpcAoPBe > Blk1aCTvaEbkXiNUC5NuLdZg > =8Ti4 > -----END PGP SIGNATURE----- I just tried that and no go, same error. Thanks for the suggestion though... I wish my pop3d would get logged then I might be able to figure out why it isn't taking my password. Can you think of any other idea's? I tried the /var/qmail/bin/qmail-popup host /bin/checkpassword pwd but replaced the host with atlas.teoi.net and it worked....did that just to double verify it wasn't a hostname problem. Thanks, Dale
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dale, Are you by chance running the shadow password suite? Charles Werbick - -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dale Miracle Sent: Friday, May 05, 2000 21:39 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: checkpassword and Openbsd 2.6 I just tried that and no go, same error. Thanks for the suggestion though... I wish my pop3d would get logged then I might be able to figure out why it isn't taking my password. Can you think of any other idea's? I tried the /var/qmail/bin/qmail-popup host /bin/checkpassword pwd but replaced the host with atlas.teoi.net and it worked....did that just to double verify it wasn't a hostname problem. Thanks, Dale -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> iQA/AwUBOROZD74UXtxZ1qcBEQJmWgCg7l1mHxtiUcd9iHQ1Us5vVrtwi0QAoIKx YMw/WXid/MwGeWwMBS/Z/w9+ =Yp3j -----END PGP SIGNATURE-----
chuck wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Oops, > That was totally bogus. Too many hours awake... > you may try the -u and -g options set to root for pop3 instance of > tcpserver. > > Regards > > Charles Werbick > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> > > iQA/AwUBOROPvr4UXtxZ1qcBEQJnXgCgv/sMkosmBKr1qw/fViLrL3LAQo4AnRWU > xvZYVAC2tNyyM55g06Alde76 > =4bWT > -----END PGP SIGNATURE----- I just tried that and no change... ps -aux shows it running as root . Dale
Hi, I am a newbie to all of the mail server, I have read the installation manual of qmail, but I can't really get it to work, is there any books about qmail??? Thank You Mark Lo
I'm trying to narrow down my problem with sending mail, but not receiving, and I am going through the "Life with qmail" steps (thanks for the suggestions on that).. but I have come to the step which will "Allow the local host to inject mail via SMPT" and I try to run "/usr/local/sbin/qmail cdb" I get this error: tcprules: command not found I am guessing that it is looking for the installed daemontools-0.61 which I have installed.. but perhaps improperly? Can anyone help me with this problem? All I want to be able to do at this point is get mail from the outside world. Thanks. james
I've reinstalled the tcprules and now I can execute "/usr/local/sbin/qmail cdb" but I'm still not getting any mail from the outside world. I can issue: echo To: [EMAIL PROTECTED] | /var/qmail/bin/qmail-inject and it will go to [EMAIL PROTECTED] but when I try to send to myself locally, I get this error: Sorry. Although I'm listed as a best-preference MX or A for that host, it isn't in my control/locals file, so I don't treat it as local. (#5.4.6) So.. I went into my control.locals file and saw that I had "localhost" and the "ns.myserver.com" in there, but I did not have a "myserver.com" in there, added it. Will this fix my locals problem? And why can't I get any outside mail? james
> > > And why can't I get any outside mail? > > james What do you have in rcpt.hosts Kevin
Kevin asked: :What do you have in rcpt.hosts Well, in my rcpthosts file I have localhost ns.mydomain.com and a couple of virtual domains that I will have to deal with later. Did you mean rcpt.hosts, or rcpthosts? james
I'm using ezmlm 0.53 with ezmlm-idx 0.40. Have never set up a moderated mailing list before, but decided I wanted to try it out tonight. Set it up with: ezmlm-make -q -m /path/to/list /path/to/. list domain.com Set up a couple of test subscribers, and set up a moderator with ezmlm-sub /path/to/list/mod [EMAIL PROTECTED] Tried to send a subscribe request, got the confirmation back, sent the "cookie" back to be accepted to the list, all while tail -f'ing my logfiles. Got this in the logfile... May 6 01:55:59 domain qmail: 957603359.650961 status: local 1/10 remote 2/20 May 6 01:55:59 elementdesign qmail: 957603359.760669 delivery 4325: failure: ezmlm-manage:_fatal:_Command_not_available_(#5.1.1)/ May 6 01:55:59 domain qmail: 957603359.761031 status: local 0/10 remote 2/20 What could be causing this? ezmlm-manage is there, its in the path, and it is taking the correct command line options (ezmlm-manage 'path/to/list', correct?) When I try to run it from the command line with these command line options, I get "SENDER not set". I know this is an environment variable, but where is it set, and what is it to be set to? It's pretty vague in the manpages and the FAQ. Thanks for any help... appreciate it. j
Hi, I am having a very very serious problem. I would like to use PHP mail function to send out a web page mail. Do I have to set up my mail server first ?? And Does this mail server must be located at the same location as my web server ??? Thank You Mark Lo
Hi, I'm new to qmail. I got problems hounding with SMTP now, I've read the FAQ though, but till now I've got no answer. I installed qmail step by step as to the INSTALL file, I also installed qpopper and WU-imap, now I can receive mail via pop and imap, and I also can send mail using qmail-inject. But I can't send mail through SMTP, when I telnet port 25 of the mail server, it doesn't work. Anyone give me a hint?