Re: [opensuse] ftp install
Carlos wrote: hello i have install my server from the cds, i have buy the novell license i have put the server into one remote location. now i cannot use the cds for installing packages. there is one method for ising one novell / suse ftp server for installing packages? thanks Yast - Software - Software Repositories Here deactivate your cd/dvd install sources Then go to Community Repositories and add the ftp sources: Yast - Software - Community Repositories There choose [x] Main Repository (OSS) [x] Main Updates Repository Choose other repositories at your own risk and preference. Please answer by email Cute... what do you think this is? -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] amavisd warning failure?
Joe Morris (NTM) wrote: On 01/26/2008 04:08 AM, Sandy Drobic wrote: Interesting. I never noticed before that the default amavisd setup is to NOT use clamd as a primary antivirus scanner (but antivir is). Mine sees antivir as primary and clamscan as secondary. So the problem for the OP is he only has clamav installed and no primary (by default). I assume he could correct the socket path and uncomment the section for clamd to allow it to work as a primary scanner. Best I assume would be to install a primary scanner from the offering in amavisd.conf, and leave clamscan as a secondary. My reason for clamd as primary and clamscan as secondary is, that the daemonized version is faster, so the slower command line scanner should only be used when the daemon is unavailable. Actually, I also have antivir installed (in parallel to clamd as primary). Both are looking for fresh signatures every hour. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Postfix - howto deliver mail for user to 2 machines?
David C. Rankin wrote: Jan 25 21:29:43 bonza postfix/smtp[11264]: 5FF1026D838: to=me_at_trinity.rbpllc.com, orig_to=[EMAIL PROTECTED], relay=trinity.rbpllc.com[192.168.7.17]:25, delay=1236, delays=935/0.02/300/0, dsn=4.4.2, status=deferred (conversation with trinity.rbpllc.com[192.168.7.17] timed out while receiving the initial server greeting) Have you tried a simple telnet 192.168.7.17 25 to see if the smtp banner of the site appears? Is this really the correct address, it is a private ip, after all. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Postfix - howto deliver mail for user to 2 machines?
David C. Rankin wrote: an 25 21:14:43 bonza postfix/error[11182]: 5FF1026D838: to=me_at_trinity.rbpllc.com, orig_to=me_at_rbpllc.com relay=none, delay=335, delays=335/0.02/0/0.03, dsn=4.4.2, status=deferred (delivery temporarily suspended: conversation with trinity.rbpllc.com[192.168.7.17] timed out while receiving the initial server greeting) Huh? I tried increasing smtp_connect_timeout = 60s, but that didn't help either. Any help? I think I'm on the right track. I believe I've screwed up my virtual_alias_domain, I'm checking it out. Addresses in virtual_alias_domains MUST be rewritten to another address class (virtual_mailbox_domains, mydestination, relay_domains). -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] amavisd warning failure?
Carlos E. R. wrote: The Saturday 2008-01-26 at 15:09 +0100, Sandy Drobic wrote: ... My reason for clamd as primary and clamscan as secondary is, that the daemonized version is faster, so the slower command line scanner should only be used when the daemon is unavailable. Actually, I also have antivir installed (in parallel to clamd as primary). Both are looking for fresh signatures every hour. I have antivirus checking disabled; instead amavis dumps any email with executable attachments. After all, this is linux and I have no use for executables, even if bona fide ;-) That is what amavisd-new already does before it calls virus scanners or spam-assassin. Unfortunately, you can't just reject/quarantine every executable in a corporate environment. At least I can't. I wonder if amavis can be told to run virus scan only on those email with suspicious attachments: exes, docs, pdfs, etc. I disabled it precisely because it scanned every mail, which I think is an overkill: why should it scan this list mail, for instance? It text only. It doesn't (see above). Scanninng text only files is very fast, most of the time is spent to actually load the scanner itself. That's why a daemonized scanner is preferable. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] postfix master.cf question
Carlos Lorenzo Matés wrote: I'm having a lot of feedback in the hylafax list, i'm playing around a few ideas they told me. But i will try in the postfix list if i don't find a good solution Have you tried to use the command in mailbox_command as I suggested? That would take care of the user rights problem, provided the user is a system user. I tried with a custom script but i cant find how to get the mail to a variable to pass it to the mailfax command, i get the rest of the parameters, but no idea of how to get the mail itself (it comes form the pipe) I don't really understand right what you mean with mailbox:command, sorry :-( http://www.postfix.org/postconf.5.html#mailbox_command This is only available for recipient address in $mydestination. The documentation also lists the variables that can be used in mailbox_command. the users ara autentified against pam and ldap, but there is not problem, the command is executed as user fax, this is right , but i can pass it a That is what would be different with mailbox_command. The script is called as the user, that the command is run for. parameter to set the job owner, the problem is that parameter is not in the proper way in the postfix master.cf. What i tried to do is call a custom script in the master.cf like that fax unix - n n - 1 pipe flags= user=fax argv=/usr/local/bin/customfax.sh $(user) $(sender) then the customfax.sh shoul do #owner sender owner='cut -f 1 -d @ $sender' #destination is user destination=$1 faxmail -o $owner -d -n $destination (and here should pass the piped mail) this is the point i'm stoped in this way Okay, I finally realized just what you wanted to do. This is a script I adjusted for your purpose. You need to add error handling to your faxmail routine to achieve a robust transport. #- #!/bin/sh # I set this up in /var/lib/filter INSPECT_DIR=/var/lib/filter # Exit codes from sysexits.h EX_TEMPFAIL=75 EX_UNAVAILABLE=69 # Clean up when done or when aborting. trap rm -f in.$$ 0 1 2 3 15 # Start processing. cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; } cat in.$$ || { echo Cannot save mail to file; exit $EX_TEMPFAIL; } # Specify your content filter here. # filter in.$$ || { # echo Message content rejected; exit $EX_UNAVAILABLE; } #owner sender owner=`echo $2|cut -f 1 -d@` #destination is the user destination=$1 faxmail -o $owner -d -n $destination in.$$ exit $? #- -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] amavisd warning failure?
Hylton Conacher (ZR1HPC) wrote: Joe Sloan wrote: Hylton Conacher (ZR1HPC) wrote: Hi, Looking at the Alt-Ctrl-F10 tty I see that anavis is warning that 'all primary virus scanners failed, considering backups' What should I do to rectify this problem i.e. I assume update amavisd, but how, at least via YAST? You either don't have clamav installed, or have changed the configuration so that it's not listening to the port or socket that amavisd expects. If you do have clamav installed there should be additional warnings, something about a socket. I have clamav installed, have not changed anything and there are no socket warnings that I could see on the Alt-F10 list. So, now what? Now you get off you lazy butt and see for yourself how clam-av and amavisd-new are configured. (^-^) egrep -v ^# /etc/clamd.conf | egrep -v ^$ LogTime yes LogSyslog yes LogFacility LOG_MAIL PidFile /var/lib/clamav/clamd.pid # Same localSocket as in /etc/amavisd.conf! LocalSocket /var/run/clamav/clamd FixStaleSocket yes TCPSocket 3310 TCPAddr 127.0.0.1 User vscan Foreground no ScanOLE2 yes ScanPDF yes ScanMail yes PhishingSignatures yes PhishingScanURLs yes Some important parts of /etc/amavisd.conf: $daemon_user = 'vscan'; # yes, same user as clamd! $daemon_group = 'vscan'; @av_scanners = ( ['Clam Antivirus-clamd', \ask_daemon, [CONTSCAN {}\n, /var/run/clamav/clamd], qr/\bOK$/, qr/\bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], ['H+BEDV AntiVir or CentralCommand Vexira Antivirus', ['antivir'], '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/, qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) | (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ], ); @av_scanners_backup = ( ['Clam Antivirus - clamscan', 'clamscan', '--stdout --no-summary -r {}', [0], [1], qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'], '-dumb -archive -packed {}', [0,8], [3,6], qr/Infection: (.+)/ ], ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'], '-za -a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ], ['KasperskyLab kavscanner', ['/opt/kav/bin/kavscanner','kavscanner'], '-i1 -xp {}', [0,10,15], [5,20,21,25], qr/(?:CURED|INFECTED|CUREFAILED|WARNING|SUSPICION) (.*)/ , sub {chdir('/opt/kav/bin') or die Can't chdir to kav: $!}, sub {chdir($TEMPBASE) or die Can't chdir back to $TEMPBASE $!}, ], ); Check that clamd actually is running: rcclamd status and is set to start at boot: chkconfig clamd on and finally, that you call fresh-clam from cron. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] postfix relay host problem.
Carlos E. R. wrote: That part I solved in the transport file with this syntax: lists.sourceforge.net : users.sourceforge.net : localhost : valinor : nimrodel.valinor: .localhost : .valinor: .nimrodel.valinor : #Default: *smtp:[smtp.telefonica.net] I liked your previous configuration with relayhost better. This is exactly the same, only the configuration needs much more lines. (^-^) I think you need to look up the sender_dependent_relayhost_maps parameter in postfix. Simple: domain or user as key and relayhost as result. That's why it is called ...relayhost_maps (^-°) A sender-dependent override for the global relayhost parameter setting. The tables are searched by the envelope sender address and @domain. My example uses the extreme (two senders that use the same relayhost but different authentication. But there is no sample sender_relay file to guide me :-/ I have just googled that parameter and found many people asking for a solution for the very same problem I have: sending to diferent smtp relay hosts depending on the from address, and using the correct auth id each time for each server, based as well on the from address. Strange... Anyway, here's a sample I used to verify that it works: /etc/postfix/main.cf: sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relayhost smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/smtp_relayhost_auth smtp_sasl_security_options = noanonymous smtp_sender_dependent_authentication = yes /etc/postfix/sender_relayhost [EMAIL PROTECTED] [mail.gmx.de] [EMAIL PROTECTED] [mail.gmx.de] /etc/postfix/smtp_relayhost_auth: [EMAIL PROTECTED] [EMAIL PROTECTED]:password1 [EMAIL PROTECTED] [EMAIL PROTECTED]:password2 -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] postfix relay host problem.
Carlos E. R. wrote: Hi, I though I had this solved, but it is not so. I had defined: relayhost = [smtp.telefonica.net] but my stupid ISP rejects some from domains I need to send from, like @users.sourceforge.net to @lists.sourceforge.net. This is the verbose log excerpted: Jan 25 14:47:04 nimrodel postfix/smtp[31626]: smtp.telefonica.net[213.4.149.228]: 220 ctsmtpout3.frontal.correo ESMTP Service (7.2.056.6) ready Jan 25 14:47:04 nimrodel postfix/smtp[31626]: smtp.telefonica.net[213.4.149.228]: EHLO nimrodel.valinor ... Jan 25 14:47:04 nimrodel postfix/smtp[31626]: smtp.telefonica.net[213.4.149.228]: AUTH LOGIN ... Jan 25 14:47:04 nimrodel postfix/smtp[31626]: smtp.telefonica.net[213.4.149.228]: 235 LOGIN authentication successful I am thus authenticated, no? Yes. Jan 25 14:47:04 nimrodel postfix/smtp[31626]: smtp.telefonica.net[213.4.149.228]: MAIL FROM:[EMAIL PROTECTED] SIZE=4437 BODY=8BITMIME AUTH= Jan 25 14:47:04 nimrodel postfix/smtp[31626]: smtp.telefonica.net[213.4.149.228]: RCPT TO:[EMAIL PROTECTED] ORCPT=rfc822;[EMAIL PROTECTED] Jan 25 14:47:04 nimrodel postfix/smtp[31626]: smtp.telefonica.net[213.4.149.228]: DATA Jan 25 14:47:04 nimrodel postfix/smtp[31626]: smtp.telefonica.net[213.4.149.228]: 553 MAIL FROM:[EMAIL PROTECTED] domain not accepted Either they (telefonica) require that you use their domain as sender domain or they fubared their dns servers and used something like reject_unknown_sender_domain with broken dns. Only the postmaster of smtp.telefonica.net can tell you. So I want to attempt sending again from my local postfix (yes, on dynamic IP). I remove the relayhost = [smtp.telefonica.net] line, and edit the transport file: localhost smtp: valinor smtp: nimrodel.valinorsmtp: Don't you want to send mails for these recipients to your own host? In that case you should tell your box to use local: as transport. Though I wonder why that should be necessary. Postfix uses the default transport for the domain class if the domain is member of mydestination, relay_domains or virtual_mailbox_domains: mydestination local_transport relay_domains relay_transport virtual_mailbox_domains virtual_transport postconf -d local_transport relay_transport virtual_transport local_transport = local:$myhostname relay_transport = relay virtual_transport = virtual Setting the transport to smtp: practically tells Postfix to use the relay_host. (^-^) I think I also need to define my transport based on the FROM address, not the destination, but I don't know or rather forgot if this is possible. Guess I'll have to RTFM. O:-) Yes, this is possible with sender_dependent_relayhost = yes, but please define first, what sender address should use what host as nexthop. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] postfix relay host problem.
Carlos E. R. wrote: Now, what I want to get working is this: sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay Er.. hello?!? I just gave you a complete, tested and working example in my previous post. Granted, my file wasn't named sender_relay (this is an ARBITRARY name you can decide yourself!). My example used the file name sender_relayhost. Once again: /etc/postfix/main.cf: sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relayhost smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/smtp_relayhost_auth smtp_sasl_security_options = noanonymous smtp_sender_dependent_authentication = yes /etc/postfix/sender_relayhost [EMAIL PROTECTED][mail.gmx.de] [EMAIL PROTECTED][mail.gmx.de] /etc/postfix/smtp_relayhost_auth: [EMAIL PROTECTED][EMAIL PROTECTED]:password1 [EMAIL PROTECTED][EMAIL PROTECTED]:password2 But there is no sample sender_relay file, so I'm stuck. I'm googling it, and so far what I have found are questions but no answers. I only found this: See above (^-^) Documented is the parameter sender_dependent_relayhost_maps. Grin! You need sleep. (^-°) -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] postfix master.cf question
Carlos Lorenzo Matés wrote: Okay, I finally realized just what you wanted to do. This is a script I adjusted for your purpose. You need to add error handling to your faxmail routine to achieve a robust transport. #- #!/bin/sh # I set this up in /var/lib/filter INSPECT_DIR=/var/lib/filter # Exit codes from sysexits.h EX_TEMPFAIL=75 EX_UNAVAILABLE=69 # Clean up when done or when aborting. trap rm -f in.$$ 0 1 2 3 15 # Start processing. cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; } cat in.$$ || { echo Cannot save mail to file; exit $EX_TEMPFAIL; } # Specify your content filter here. # filter in.$$ || { # echo Message content rejected; exit $EX_UNAVAILABLE; } #owner sender owner=`echo $2|cut -f 1 -d@` #destination is the user destination=$1 faxmail -o $owner -d -n $destination in.$$ exit $? #- -- Thank you very much, Sandy, I will try with your script on monday, as i need this in my job. just to enhance my knowledge, could you explain a bit this sentences please? cat in.$$ || { echo Cannot save mail to file; exit $EX_TEMPFAIL; } I assume this gets the piped mail into in.PID The mail gets piped into the file or if this is not possible the script reports the problem and sets exit code to tempfail and exits. I need no content filter, as faxmail parses teh mail contents and convers teh multiparts to postscripts That script is taken from the example of the simple filter script of the postfix documentation. The part with the content filter is commented out to show where the content filter should be called. In your case I would probably check the error code of faxmail and report back to the sender if the fax was sent or not. faxmail -o $owner -d -n $destination in.$$ then the way to pass the piped mail is with the in.$$ saved previously, rigth? Yes. how should i call this script form master.cf like i was calling mine? Exactly as you have shown. Otherwise the script parameters probably would not be $1 and $2. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Mailinglist Delays
Felix Miata wrote: On 2008/01/24 11:45 (GMT-0500) Philippe Landau apparently typed: Messages are again distributed with a delay of about 20 minutes. Is there too much on the server used (lists4.suse.de) ? I don't notice any delays, except for messages from Aaron Kulkis always The server seems to be working under load. Other lists on this server also show delayed delivery. You can also check the delay in the received lines of the mail. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Question on Uninteruptable Power Supplies
Marc Chamberlin wrote: Thanks everyone for all your input, seems I stirred up a lot of tangential thoughts... Not sure I have gotten an answer yet to my question on whether this Cyberpower CP1350AVRLCD UPS will work ok under Linux and safely shutdown SuSE computers should the power get cut off, sounds like it is a maybe? The real question seems What is it worth to me to get a known working solution instead of a maybe. If the vendor can't say and the list doesn't know the answer you can either do a community service and post your result later or you fall back to a known working solution. If you want to risk it, I would suggest you make the vendor agree to take back the ups if it doesn't work. I also suggest you have this agreement in written form on a confirmation fax or explicitely on the order form. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] postfix master.cf question
Carlos Lorenzo Matés wrote: Hi. El Jueves, 24 de Enero de 2008, Hylton Conacher (ZR1HPC) escribió: Yes, it is notifying the user passed in $(user) but the job of the fax belongs to the user who call faxmail Well, i will try in the HylaFax list. You might also try the Postfix users list at by sending an mail to [EMAIL PROTECTED] to subscribe, with the following command in the body of your email message: subscribe postfix-users Thanks. I'm having a lot of feedback in the hylafax list, i'm playing around a few ideas they told me. But i will try in the postfix list if i don't find a good solution Have you tried to use the command in mailbox_command as I suggested? That would take care of the user rights problem, provided the user is a system user. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Question on Uninteruptable Power Supplies
Carlos E. R. wrote: The Tuesday 2008-01-22 at 22:04 -0500, Aaron Kulkis wrote: ... What a putz. Just enough information to...make you wish you had the information you actually need. Worthless :-( What is NECESSARY is what the UPS send out on the serial line to indicate that line power has been lost. And then you'll find that many PCs do not have a serial port. The usb method is the way of things to be, and besides, can give you more info, like current AC voltage, state of the battery, remaining on battery time (so that the driver decides when to power off safely)... Just a single line to tell you that you are running on batteries is insufficient nowdays. Agreed, I use the temperature of the ups to monitor the the environment in the server room (^-^) -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Question on Uninteruptable Power Supplies
Koenraad Lelong wrote: Aaron Kulkis schreef: Marc Chamberlin wrote: I have been looking at UPS to support some of my SuSE computers and am interested in one from CyberPower. I wrote them asking if theirs would run under SuSE Linux and got the following (somewhat unintelligible geek speak) and wonder if someone on this group can translate it for me.. ;-) Does anyone here use this UPS ( CyberPower Systems CP1350AVRLCD UPS) under SuSE? I use APC, because the explicitly support Linux, even providing the Linux version of their powerchute program on their website. ... Right now I'm considering a new UPS. I used MGE (a sponsor of NUT), but they seem to be taken over by APC. My question : do you protect more than one server with one UPS ? Does Powerchute provide information to the servers not directly communicating with the UPS ? What I mean is, when the UPS is exhausted, does the master server sends messages so the slave servers also go down cleanly (not just power off) ? Master meaning the server that listens to the UPS's status, slaves just get power from the UPS. Can Windows be part of this setup ? I looked on their web-site but I didn't find these answers, maybe I overlooked ? The opensource alternative is apcupsd (apcupsd.org). It works flawlessly and offers many features, among them all of your requirements. At home I use a small APC smart-ups that is monitored via usb on a linux box. This directly connected server is the master and provides all clients with the status information of the ups. Among the clients are my Windows XP workstation and my IPCop firewall. A quick check via http (it's a perl script) is always possible to monitor load, temperature, run time and battery capacity. In our company the ups is a bit bigger and includes a snmp card, so all servers can query the ups directly and decide depending on their local configuration if they should shut down or not. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Postfix - howto deliver mail for user to 2 machines?
James Knott wrote: Aaron Kulkis wrote: David C. Rankin wrote: Listmates, Sandy, Where do I tell postfix to deliver mail for a user to localhost and deliver a copy to [EMAIL PROTECTED] It has to be easy, -- I hope. Deliver it locally, and then use NFS so that both machines can read the incoming mail spool. And then set up a POP (Post Office Protocol) server, which will coerce them into removing their messages from the mail machine (advise them to set up their mail agent to use the remove mail from server option). Why not just imap? Guys? Please have a look at the first quoted line. It was supposed to be simple. Installing and maintaining additional unnecessary services, wenn one config line in an already running service is sufficient, seems horribly inefficient. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] amavisd warning failure?
Hylton Conacher (ZR1HPC) wrote: Hi, Looking at the Alt-Ctrl-F10 tty I see that anavis is warning that 'all primary virus scanners failed, considering backups' What should I do to rectify this problem i.e. I assume update amavisd, but how, at least via YAST? Amavisd-new is only the framework, that is calling the virus scanner. You should install at least clam-av. Please take care to update the signatures with fresh-clam frequently (at least once a day). Usually you set up the daemon version clamd as primary scanner and, in case the daemon is unavailable the commandline version clam-scan as fallback in backup-scanners. I think I had to change the configuration a bit to make it work with clamd. In /etc/amavisd.conf you should find the following lines: @av_scanners = ( #[...delete additional comments...] # ### http://www.clamav.net/ ['Clam Antivirus-clamd', \ask_daemon, [CONTSCAN {}\n, /var/run/clamav/clamd], qr/\bOK$/, qr/\bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], # # NOTE: run clamd under the same user as amavisd; match the s # # name (LocalSocket) in clamav.conf to the socket name in this entry # # When running chrooted one may prefer: [CONTSCAN {}\n,$MYHOME/clamd], #[...deleted even more uninstalled scanners...] ); @av_scanners_backup = ( # If no virus scanners from the @av_scanners list produce 'clean' nor # 'infected' status (e.g. they all fail to run or the list is empty), # then _all_ scanners from the @av_scanners_backup list are tried. # When there are both daemonized and command-line scanners available, # it is customary to place slower command-line scanners in the # @av_scanners_backup list. The default choice is somewhat arbitrary, # move entries from one list to another as desired. ### http://www.clamav.net/ ['Clam Antivirus - clamscan', 'clamscan', '--stdout --no-summary -r {}', [0], [1], qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], # [...deleted again uninstalled scanners...] ); -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Postfix - howto deliver mail for user to 2 machines?
Jim Cunning wrote: On Wednesday 23 January 2008 08:50:04 Sandy Drobic wrote: [...] Listmates, Where do I tell postfix to deliver mail for a user to localhost and deliver a copy to [EMAIL PROTECTED] It has to be easy, -- I hope. [...] Guys? Please have a look at the first quoted line. It was supposed to be simple. Installing and maintaining additional unnecessary services, wenn one config line in an already running service is sufficient, seems horribly inefficient. Sandy, Check out /etc/aliases. I have a server with a pseudo-user account called articles and a number of real users who want to receive mail addressed to [EMAIL PROTECTED] The following line in /etc/aliases makes postfix deliver a copy of any message to [EMAIL PROTECTED] to the addresses user and all users in the include file: Hello Jim, the original Problem has already been solved (in this case David used Procmail. Though there's one requirement for your solution (and also the procmail solution: /etc/aliases will only be used by domains in $mydestination, all other domain address classes like virtual_mailbox_domains or relay_domains don't use /etc/aliases at all. In this case you have to use virtual_alias_maps. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Postfix - howto deliver mail for user to 2 machines?
James Knott wrote: Sandy Drobic wrote: James Knott wrote: Aaron Kulkis wrote: David C. Rankin wrote: Listmates, Sandy, Where do I tell postfix to deliver mail for a user to localhost and deliver a copy to [EMAIL PROTECTED] It has to be easy, -- I hope. Deliver it locally, and then use NFS so that both machines can read the incoming mail spool. And then set up a POP (Post Office Protocol) server, which will coerce them into removing their messages from the mail machine (advise them to set up their mail agent to use the remove mail from server option). Why not just imap? Guys? Please have a look at the first quoted line. It was supposed to be simple. Installing and maintaining additional unnecessary services, wenn one config line in an already running service is sufficient, seems horribly inefficient. There's not a heck of a lot more to setting up an imap server than pop. I agree, most of the time you will use an imap server anyway when you want to provide pop3, since most imap servers are able to do both. But why the heck would I install another service just to forward a second copy of a mail. This is like installing vmware in order to kick up a windows guest host so that you can open notepad.exe to write Hello World!. (^-^) It would work, but it's just not efficient to do. You already have a mailserver running, so just tell him to do the job. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] WARNING! - Latest Update Kills Server
D Henson wrote: If your 'server' is critical you should test updates on a similar system before you commit to something so critical. Good advice. Now where did I put that similar system? :-) Try vmware or virtualbox. Exactly for that reason we have a test installation of our oracle server within a VM, so we can test patches and updates before ruining a productive system. A working backup also helps, I heard. (^-^) -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] postfix master.cf question
Carlos Lorenzo Matés wrote: Hi again. El Lunes, 21 de Enero de 2008, Sandy Drobic escribió: Carlos Lorenzo Matés wrote: Hi. El Domingo, 20 de Enero de 2008, Sandy Drobic escribió: Carlos Lorenzo Matés wrote: Well, the case is exactly this one. I have a mail to fax gateway, but the fax jobs are sent always with the same user (the sendfax). What i want is that the fax job is sent each time with the user who really send the mai Now i have this line in the master.cf fax unix - n n - 1 pipe flags= user=fax argv=/usr/bin/faxmail -d -n $(user) All the faxes seems to be sent by the user fax. I whant that each fax sent belongs to the user who really sent the fax. what i whould change is the user=fax to user=$(user), but i tried this and failed Have you checked the man pages for faxmail to see what options are available to set the user? Yes, it is notifying the user passed in $(user) but the job of the fax belongs to the user who call faxmail Well, i will try in the HylaFax list. It's worth a try. How would you execute the faxmail on the command line? I have not tried this, but i found that the with -u parameter you can pass the user i tried -u $(sender) but it uses [EMAIL PROTECTED] and the user must be without the domain part. I'm going to test a bit and perhaps make a little bash script to adapt parameters and call faxmail form this script The trouble might start if this script needs root privileges to work. The local delivery agent local of Postfix does not run under root privileges. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Postfix - howto deliver mail for user to 2 machines?
David C. Rankin wrote: Marcin Floryan wrote: On 22/01/2008, David C. Rankin [EMAIL PROTECTED] wrote: Listmates, Sandy, Where do I tell postfix to deliver mail for a user to localhost and deliver a copy to [EMAIL PROTECTED] It has to be easy, -- I hope. I tend to use procmail in such case and setup a rule to forward the message to another address. This can easily be done by the user themselves in the local .procmailrc file. Alternatively the .forward file in the user account can be used. Another (and possibly the simplest option) is to define an alias in the /etc/aliases file adding a similar line user: [EMAIL PROTECTED], \user Regards, Thanks Marcin, The tough part was I wanted a 'copy' forwarded to another box, not just a plain forward. Procmail was the answer. Not necessarily. I would do this in virtual_alias_maps. /etc/postfix/virtual: [EMAIL PROTECTED] [EMAIL PROTECTED], [EMAIL PROTECTED] -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] postfix master.cf question
Carlos Lorenzo Matés wrote: Hi. El Domingo, 20 de Enero de 2008, Sandy Drobic escribió: Carlos Lorenzo Matés wrote: Well, the case is exactly this one. I have a mail to fax gateway, but the fax jobs are sent always with the same user (the sendfax). What i want is that the fax job is sent each time with the user who really send the mai Now i have this line in the master.cf fax unix - n n - 1 pipe flags= user=fax argv=/usr/bin/faxmail -d -n $(user) All the faxes seems to be sent by the user fax. I whant that each fax sent belongs to the user who really sent the fax. what i whould change is the user=fax to user=$(user), but i tried this and failed Have you checked the man pages for faxmail to see what options are available to set the user? Yes, it is notifying the user passed in $(user) but the job of the fax belongs to the user who call faxmail Well, i will try in the HylaFax list. It's worth a try. How would you execute the faxmail on the command line? -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] postfix master.cf question
Carlos Lorenzo Matés wrote: Well, the case is exactly this one. I have a mail to fax gateway, but the fax jobs are sent always with the same user (the sendfax). What i want is that the fax job is sent each time with the user who really send the mai Now i have this line in the master.cf fax unix - n n - 1 pipe flags= user=fax argv=/usr/bin/faxmail -d -n $(user) All the faxes seems to be sent by the user fax. I whant that each fax sent belongs to the user who really sent the fax. what i whould change is the user=fax to user=$(user), but i tried this and failed Have you checked the man pages for faxmail to see what options are available to set the user? -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Advanced postfix question: IP and reverse DNS
Per Jessen wrote: I haven't tested this, but I'm pretty certain it should work. Well, I tried but it doesn't work. The left hand argument in transport is for receipt not for sender. I want to choose the smtp by sender. Hi Johannes, I think you can use the 'sender_dependent_relayhost_maps' setting: @domain1.com smtp1: @domain2.com smtp2: Yes, it should work. This feature was introduced with Postfix 2.3. Better check, if your version of Postfix provides this option: postconf mail_version must show a version 2.3 or higher. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Advanced postfix question: IP and reverse DNS
Johannes Nohl wrote: I think you can use the 'sender_dependent_relayhost_maps' setting: @domain1.com smtp1: @domain2.com smtp2: Hm, don't know. I'm not relaying I send directly to recipient. I tried and mail returned with following error: [EMAIL PROTECTED]: Host or domain name not found. Name service error for name=smtp2 type=: Host found but no data record of requested type Your dns couldn't resolve the domain domain2.com. Solve your dns setup problem. If you have the smtp client in a chroot (master.cf the fifth column must be n to disable chroot) make sure the dns configuration is accessible to the smtp client. This is not a problem with sender based routing. Further help is almost impossible without posting of the configuration (postconf -n, master.cf). My dns has no problem to resolve domain2.com: dig domain2.com ; DiG 9.4.1-P1 domain2.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 42970 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;domain2.com. IN A ;; ANSWER SECTION: domain2.com.86400 IN A 211.106.65.110 domain2.com.86400 IN A 211.106.65.118 ;; AUTHORITY SECTION: domain2.com.86400 IN NS ns.domainca.com. domain2.com.86400 IN NS ns2.domainca.com. If this is an attempt to obfuscate the real domain, please use example.com or example.org. As far as I could read until now the sender_dependent_relayhost map expects a domain as well on the right hand side, or? (like netxthop in transport) E.g. smtp2:domainxy.com (it has to know to where to relay). I'm somehow lost. I can't imagine that a used options is deprecated and newer version don't substitute it... I'm a bit lost as well. (^-^) As far as I know, Postfix didn't support sender based routing before version 2.3. If you really need routing based on the sender address you could also use the FILTER action in a check_sender_access. smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/senderdomain_routing /etc/postfix/senderdomain_routing: example1.comFILTER domain1-smtp: example2.comFILTER domain2-smtp: By the way, did you execute postfix reload after making changes to master.cf or main.cf? -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Advanced postfix question: IP and reverse DNS
Johannes Nohl wrote: More from my master.cf. I've integrated amavisd-new. Maybe this is disturbing the rest?? # hand over an spam / virus filter amavisfeed unix - - n - 2 lmtp -o lmtp_data_done_timeout=1200 -o lmtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 # Reinjection 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters -o local_header_rewrite_clients= No, the problem is a bit more difficult than I thought. I looked up some remarks from Wietse on smtp_bind_address and routing, and the answer is that you NEED separate instances if you really want sender_based smtp_bind_address. So, you will either have to set up separate instances (it's not THAT much work) or use the normal routing with sending ip. Why do you want separate sending ip addresses with on postfix instance anyway? With multiple instances you get a separate queue for each instance and you can fine tune the configuration for each instance. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Advanced postfix question: IP and reverse DNS
Johannes Nohl wrote: So then you're back to Sandys suggestion of using check_sender_access with FILTER results, but judging by his research, it doesn't seem possible after all. I would have never thought that. It seems that it was possible until postfix 2.2 using sender_based_routing. What Sandy said was that it isn't doable at all. As I understood even not with FILTER. NOT WITHOUT SEPARATE INSTANCES. If you set up separate instances it would work. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Advanced postfix question: IP and reverse DNS
Johannes Nohl wrote: What Sandy said was that it isn't doable at all. As I understood even not with FILTER. NOT WITHOUT SEPARATE INSTANCES. If you set up separate instances it would work. Ok, but that would mean that I have to set up at least 4 instances. And I have no idea right now what about the content filter (amavis) and it's helpers (clam, spamassassin). It's too much, probably. Not really, you just have to configure amavisd-new as if you would provide the service for several servers. The internal amavisd-new settings wouldn't change at all. I spent a lot of time to get familiar with Postfix, so it's easier for me to configure Postfix to do what I want than to spend the time to break in another mta. Your mileage may vary. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] postfix master.cf question
Carlos Lorenzo Matés wrote: Hi to All. Is possible to use a variable user in the pipe option? Yeees... that is possible. Though I don't know if it is exactly what you require. man 8 pipe will tell you that the pipe deamon expands the localpart of the recipient address (the part left of the @ character in the recipient address) for the macro ${user}. If that is the information you need, everything works. ie: procmail unix - n n - - pipe flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient} in this line change the user=nobody to user=${user} I wouldn't touch that. If you deliver to a command via mailbox_command (not a pipe) then this comes to play: Mailbox delivery can be delegated to an external command specified with the mailbox_command_maps and mailbox_com- mand configuration parameters. The command executes with the privileges of the recipient user (exceptions: sec- ondary groups are not enabled; in case of delivery as root, the command executes with the privileges of default_privs). Would that help you? it is not exactly to change the procmail user, but for changing the user in the emailto fax gateway, the line is similar. How does the line look? -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] How to tell ssh to log in as machine name.domain.tld?
Marcin Floryan wrote: On 17/01/2008, David C. Rankin [EMAIL PROTECTED] wrote: Ken Schneider wrote: No, this is just another of my anal retentive moments where I can't understand why my machine wants to ssh out to the world as mail.3111skyline.com. It's another of my inquisitively stupid Why? questions. I mean, what logic on the box looks to bind dns and says, I want to be known as mail today? Hell, why not nemesis.3111skyline.com, it real name? (Ur, Umm, the name of the box is probably at fault) I should have called the son-of-a-bitch accommodating.3111skyline.com and I wouldn't have to put up with this stuff. I know it doesn't matter, but why? It is simply a problem of incorrectly configured reverse DNS for the domain. A lookup for 66.76.63.120 yields mail.3111skyline.com. If mail and nemesis are on machine as it seems to be I would also consider using CNAME. The remote client will log the DNS-Name of the reverse lookup as the client name. How the client announces itself to the world is dependent on the hostname that was configured on the box itself. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] How to tell ssh to log in as machine name.domain.tld?
James Knott wrote: Sandy Drobic wrote: Marcin Floryan wrote: On 17/01/2008, David C. Rankin [EMAIL PROTECTED] wrote: Ken Schneider wrote: No, this is just another of my anal retentive moments where I can't understand why my machine wants to ssh out to the world as mail.3111skyline.com. It's another of my inquisitively stupid Why? questions. I mean, what logic on the box looks to bind dns and says, I want to be known as mail today? Hell, why not nemesis.3111skyline.com, it real name? (Ur, Umm, the name of the box is probably at fault) I should have called the son-of-a-bitch accommodating.3111skyline.com and I wouldn't have to put up with this stuff. I know it doesn't matter, but why? It is simply a problem of incorrectly configured reverse DNS for the domain. A lookup for 66.76.63.120 yields mail.3111skyline.com. If mail and nemesis are on machine as it seems to be I would also consider using CNAME. The remote client will log the DNS-Name of the reverse lookup as the client name. How the client announces itself to the world is dependent on the hostname that was configured on the box itself. Does IP now send host names along with the IP address? Any such announcement would have to be application dependent. The name I've No, unless the developer likes pain, the resolution is the job of the os. If your box opens a connection to a remote server then the remote server only sees the ip address of your box. The only way to get a hostname for that ip address is to look up the ptr record of that ip from the authoritative dns server responsible for the address space that contains the ip address of your box. If such a ptr record exists, the remote server now has a hostname corresponding to that ip address. In the next step the hostname is verified by looking up this hostname, now the remote server is asking the dns server responsible for the domain of that hostname to find out, what the corresponding ip address for that hostname is. If the hostname exists in dns and points to an ip address, the remote server can now check if the hostname resolves back to the ip address of your box. If that check is successful then the remote server can assume that the hostname is indeed a match for the ip address. There are many ways to foul up this resolution, and ISPs and service providers have found and implemented most of them. :-/ -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] How to tell ssh to log in as machine name.domain.tld?
Carlos E. R. wrote: The Thursday 2008-01-17 at 20:32 +0100, Sandy Drobic wrote: Does IP now send host names along with the IP address? Any such announcement would have to be application dependent. The name I've No, unless the developer likes pain, the resolution is the job of the os. If your box opens a connection to a remote server then the remote server only sees the ip address of your box. The only way to get a hostname for that ip address is to look up the ptr record of that ip from the authoritative dns server responsible for the address space that contains the ip address of your box. I think there are exceptions, for example in email. Look, from one of mine: Received: from nimrodel.valinor (88.*.*.*) by ctsmtpout2.frontal.correo (7.2.056.6) (authenticated as ***) id *** for opensuse@opensuse.org; Thu, 17 Jan 2008 16:29:13 +0100 The smtp server of my ISP logs that my machine names itself as nimrodel.valinor, and then logs the real IP :-) This is not what will appear in the log of the server. What you see here in the received line is not the dns hostname but your HELO name. (^-^) Postfix for example logs both the hostname AND the HELO name i the received lines to avoid such misunderstandings. (^-^) telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 japantest.homelinux.com ESMTP Postfix ehlo bush.must.go! 250-katgartest.washu.lab 250-PIPELINING 250-SIZE 52428800 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN mail from:[EMAIL PROTECTED] 250 2.1.0 Ok rcpt to:[EMAIL PROTECTED] 250 2.1.5 Ok data 354 End data with CRLF.CRLF . 250 2.0.0 Ok: queued as 0344414F0C quit 221 2.0.0 Bye Connection closed by foreign host. This is the server log of the mail: Jan 17 22:25:37 katgartest postfix/smtpd[13883]: connect from localhost[127.0.0.1] Jan 17 22:26:25 katgartest postfix/smtpd[13883]: 1779514F0C: client=localhost[127.0.0.1] Jan 17 22:26:33 katgartest postfix/cleanup[13884]: 1779514F0C: message-id=[EMAIL PROTECTED] Jan 17 22:26:33 katgartest postfix/qmgr[13530]: 1779514F0C: from=[EMAIL PROTECTED], size=357, nrcpt=1 (queue active) Jan 17 22:26:35 katgartest postfix/smtpd[13883]: disconnect from localhost[127.0.0.1] This is the data part of the mail: Received: from bush.must.go! (localhost [127.0.0.1]) by katgartest.washu.lab (Postfix) with ESMTP id 1779514F0C for [EMAIL PROTECTED]; Thu, 17 Jan 2008 22:26:06 +0100 (CET) Now it's pretty clear that this can't be a dns name. (^-^) According to RFC 2821 this SHOULD be a dns name... -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Postfix: howto allow 1 user or IP to relay across my server
David C. Rankin wrote: List, Sandy, I have one user in Plano that needs to relay mail outbound from/across my server. He has an account on the server and comes in from a fixed IP. How can I configure postfix to allow this user to send mail outbound from my server? smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/clients_relay_allowed reject_unauth_destination, /etc/postfix/clients_relay_allowed: #These clients are allowed to relay! 1.2.3.4 OK You can either let him authenticate (permit_sasl_authenticated) or you add him in clients_relay_allowed. As log as it happens before reject_unauth_destination. I would prefer to let him authenticate. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] 10.3 how to speed up smtp performance
David C. Rankin wrote: Messages ~1000 per day, but that isn't the problem. The problem is that when a user hits 'send' the mail take _60_ seconds to get across the server. The mailer just sits there sending... sending... the whole time. The 60 seconds suggests a screwup in configuration on my part and a 60 second timeout somewhere, but I don't know what to check. So, you have an internal client/server submission problem? This smacks like a dns resolution problem. All clients or only external/internal? Webmail or smtp client software? Firewall between client /server? What does the log say, starting from connect to? There are too many questions unanswered to give precise help. Here's a command line test: Check from client: telnet ip.of.ser.ver 25 or telnet name.of.ser.ver 25 (test both) - How log does it take, bevor the smtp banner appears? ehlo client.full.name - How long, bevor the Capabilities of the server are seen? mail from:[EMAIL PROTECTED] - How long for the server to respond? rcpt to:[EMAIL PROTECTED] - How long for the server to respond? data - How long... Write some text lines here... [return] . [return] - How long for the server to respond? -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] KMail vs. Thunderbird in handling lots of e-mails
Carlos E. R. wrote: The Tuesday 2008-01-08 at 15:22 -0500, Sergey Mkrtchyan wrote: I divided, but couldn't conquer :) I left only one message in my inbox, moving everything else in Local Folders, and again clicking on it brings that crazy gray look... (actually in status bar scroll-bar tries hard to progress, but then goes back to the beginning) Ok, I agree that message was 26 mb, but I tried with 4 Mb too, same result. Depressing... ;) 26 megs! That's too large for a single email, thunderbird might be having problems with it. That shouldn't be a problem, I've got mails up to 100 mb in my account and don't have any problem. Though in my case the mails the mails are not in local folders, they're within Cyrus Imap. This looks more like a corrupt local caching index. Let Thunderbird rebuild the index. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] 10.3 how to speed up smtp performance
Aaron Kulkis wrote: David C. Rankin wrote: Listmates (Sandy), I have built a fresh 10.3 server, but smtp performance seems slow. Are there any tips or tricks to improve the mail sending performance. There aren't going to be any magic kernel settings to make mail-handling faster. The reason is that mail handing is NOT a cpu-bound task, it's disk-I/O and network-I/O-bound Your advice isn't wrong, but doesn't really address the issue at hand. First you check your software configuration, and only then you throw metal and money at the problem. In most cases the the configuration is less than optimal, and investing in hardware ist not going to solve the problem if the number of smtp client processes is not adjusted. You simply waste -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] 10.3 how to speed up smtp performance
David C. Rankin wrote: Listmates (Sandy), I have built a fresh 10.3 server, but smtp performance seems slow. Are there any tips or tricks to improve the mail sending performance. Here There are two sides to performant smtp delivery: - make sure to configure the server to utilize available hardware and bandwidth as best as possible + avoid network saturation, that will hinder answer packages to get through, if necessary, use traffic shaping + avoid smtp process exhaustion for internal and incoming transports - make sure to accomodate the expectations of the receiving servers as best as possible + squeaky clean dns records: matching forward and reverse dns + helo matches existing dns records + spf entry if you send a lot to microsoft accounts + domainkeys/dkim + register as postmaster to high-level destinations, most big providers have such a procedure to whitelist your server and for you to receive trouble tickets etc. + monitor bounces/rejects carefully, some destinations blacklist you temporarily if you cause too many rejections. Your database of addresses will be outdated faster than you can watch. + don't saturate the receiving servers, set appropriate limits for simultaneous parallel delivery. Configure a slow transport that only uses a few smtp processes for small sites. Most of the usual suggestions are the reversal of antispam settings. Using your own dns server or at least caching slave server has also been suggested. For high level mailservers a local dns server could speed up dns resolution a lot. The rest is your task to figure out for your local circomstances. Do you send newsletters (many mails occuring during a short time) or do you need to send continuously at a high level? Lots of big mails, varying sizes or only lots of small mail? Look at your log to find out if your server doesn't send as fast as possible of if the receiving servers delay delivery. are the current settings: [EMAIL PROTECTED]:/home/david # postconf -n alias_maps = hash:/etc/aliases biff = no canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix debug_peer_level = 2 defer_transports = disable_dns_lookups = no disable_mime_output_conversion = no html_directory = /usr/share/doc/packages/postfix/html inet_interfaces = all inet_protocols = all mail_owner = postfix mail_spool_directory = /var/mail mailbox_command = /usr/bin/procmail -a $EXTENSION mailbox_size_limit = 0 mailbox_transport = mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_domains = masquerade_exceptions = root message_size_limit = 1024 mydestination = $myhostname, localhost.$mydomain, $mydomain, guillorylaw.com, rankinlawfirm.com, drrankin.com, txuovercharges.com, bertinlawoffice.com, darrenbertin.com, tannergarth.com myhostname = bonza.rbpllc.com The problem starts here: dig bonza.rbpllc.com ; DiG 9.4.1-P1 bonza.rbpllc.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 42966 postconf -d smtp_helo_name smtp_helo_name = $myhostname So you are using an invalid helo name. mynetworks_style = subnet Better set this manually. If the Server has an official ip address you will invite your neighbor servers to use you as relay. If you don't have correct dns records, receiving servers may reject you, place additional restrictions like greylisting or in best case waste time on additional dns queries for blacklists, helo etc. myorigin = $mydomain newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/packages/postfix/README_FILES relayhost = relocated_maps = hash:/etc/postfix/relocated sample_directory = /usr/share/doc/packages/postfix/samples sender_canonical_maps = hash:/etc/postfix/sender_canonical sendmail_path = /usr/sbin/sendmail setgid_group = maildrop smtp_sasl_auth_enable = no smtp_use_tls = no smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) (Rankin Law Firm, PLLC) smtpd_client_restrictions = check_client_access cidr:/etc/postfix/client_check.cidr, reject_rbl_client relays.ordb.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client list.dsbl.org Several problems: You don't exclude authenticated clients or clients in mynetworks. You are using a dead RBL (relays.ordb.org has gone the way of the dinosaurs). smtpd_hard_error_limit = 3 smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_hostname smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, check_recipient_access pcre:/etc/postfix/recipient_check.pcre smtpd_sasl_auth_enable = no smtpd_sender_restrictions = hash:/etc/postfix/access Do you use
Re: [opensuse] 10.3 how to speed up smtp performance
Sandy Drobic wrote: myhostname = bonza.rbpllc.com The problem starts here: dig bonza.rbpllc.com ; DiG 9.4.1-P1 bonza.rbpllc.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 42966 postconf -d smtp_helo_name smtp_helo_name = $myhostname So you are using an invalid helo name. Argh! It's not invalid, it simply does not exist. The matching Postfix check would be to use reject_unknown_helo_hostname. (Very risky, it would reject a lot of desired mails in my case). -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] KMail/IMAP question
Rodney Baker wrote: Hi all. Not sure if this is directly relevant to Suse or whether I should be asking this on a kde-related list but here goes. I'm using KMail 1.9.6 on 10.3 (KDE 3.5.7) running a Dovecot IMAP server so that I can access my email from my desktop or a couple of laptops on the lan. For some reason the size value in the folder list (I assume this is the size of each mail folder?) does not reduce in value when messages are deleted from a folder, but continues to increase each time a new message is received. For example I currently have 5 messages in my inbox totalling around 24k in size but the folder list tells me that my inbox is 915kB. I don't know if this is a bug with KMail and the way it interacts with IMAP servers, if it is a bug with dovecot perhaps reporting incorrectly to KMail or what. I have previously tried running Cyrus IMAP but gave up on that a couple of years ago - dovecot was so much easier to get running. Whilst this isn't a showstopper (and I can get around it by disabling the size column in the folder list), I'm wondering if anyone else on the list is running a similar setup and may have noticed this behaviour (perhaps even with a different IMAP server)? When you delete a mail in your imap account the mail is only marked with the delete flag. Only when you compress the folder (or whatever it is called in KMail) will the marked mails be expunged and removed from storage. It's a feature, not a bug. (^-^) -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] crontab - rdiff-backup
Donald D Henson wrote: (OpenSuSE 10.3 with all updates to date) I'm trying to set up two cron jobs to run as 'root'. The jobs are to run nightly rdiff-backup backups. So far, the jobs are not running or, at least, my backup files are not updated. I used kcron to set up the jobs and the crontab (see below) looks ok to me. I'm at a loss as to how to proceed. Any comments or suggestions will be appreciated. Here's the crontab: Earth-svr:~ # crontab -u root -l # DO NOT EDIT THIS FILE - edit the master and reinstall. # (/root/.kde4/tmp-Earth-svr/kcronh31359.tmp installed on Sun Dec 16 16:12:33 2007) # (Cron version V5.0 -- $Id: crontab.c,v 1.12 2004/01/23 18:56:42 vixie Exp $) # This file was written by KCron. Copyright (c) 1999, Gary Meyer # Although KCron supports most crontab formats, use care when editing. # Note: Lines beginning with #\ indicates a disabled task. # 5 0 * * 1,2,3,4,5,6 rdiff-backup --exclude-filelist /home/dhenson/exclude-list-Earth-svr / /media/Backup1 Better use the complete path to rdiff-backup in your crontab. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] eth increasing by 1 after each reboot
Klaas Tammling wrote: Hi, I've got a gigabyte mainboard and just installed opensuse 10.3. My problem is now that everytime I reboot the system my eth device number increases by 1. Currently I'm at eth8. I've read in the bugtracker that this issue was known but should have been fixed in the version 10.1 Does anyone have an idea how I can solve that problem? I think the problem is that bios or something is changing the mac adress everytime the computer boots. If it's the well-known forcedeth module problem you could try this: /etc/udev/rules.d/70-persistent-net.rules SUBSYSTEM==net, DRIVERS==forcedeth, NAME=eth0 Delete everything else in this file. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] migrating imap dovecot to cyrus
Jordi Massaguer wrote: That is what I was looking for! It looks like dovecot has the folders at the same hierarchy as the INBOX, so at the root level, and Cyrus has it at the INBOX level. For example: in Dovecot: INBOX opensuse in Cyrus: INBOX |--opensuse so what we tried (and worked quite well) is using the options --prefix2 INBOX/ --exclude INBOX Careful! Cyrus is not using Maildir, even if it looks like it at first glance. If you simply copy all the folders on the system level you need to reconstruct the mailbox in cyradm after copy, so that Cyrus can rebuild the database for the folder. This should also take care to add the copied subfolders to the mailboxes.db. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Evolution, IMAP and filtering
Bryen wrote: Well, in my case, I'm trying to set colors to certain email messages. Doesn't seem to be working. Another filter I set was to move a message into another folder. That didn't work either. :-( It depends a bit on the imap server. Cyrus Imap for example uses SIEVE to filter messages. So your Client would need to a) have access to the sieve port (not bound to localhost) b) understand and implement the sieve protocol A workaround for Cyrus would be to use the avelsieve or smartsieve plugins in Squirrelmail. About color coding for messages, the only way would be to mark the message with user attributes and then depend on the client to display the message according to the user attribute. It is possible to filter the incoming messages with procmail (a bit more cumbersome in case of Cyrus Imap, but still possible), but color coding might need some scripting effort. I don't think any of these rules can be created on the client. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Where can I download the kernel source rpm for 10.3?
Aaron Siegel wrote: Hello I have just recently upgraded to OpenSuSE 10.3 and would like to install the kernel source so I can start building the custom modules. I have not been able to find this package. I have look in the oss-src repository; http://download.opensuse.org/distribution/10.3/repo/src-oss/suse/src/linux-kernel-nutshell-1-32.src.rpm. It appear only the header are available. Where is can I download the kernel source package? Use a mirror: ftp://ftp.gwdg.de/pub/opensuse/distribution/10.3/repo/src-oss/suse/src/kernel-source-2.6.22.5-31.src.rpm ftp://ftp.gwdg.de/pub/opensuse/distribution/10.3/repo/src-oss/suse/src/kernel-docs-2.6.22.5-31.src.rpm ftp://ftp.gwdg.de/pub/opensuse/distribution/10.3/repo/src-oss/suse/src/kernel-syms-2.6.22.5-31.src.rpm -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] postfix does not listen on external interface
Milos Prudek wrote: Hi, I'm new to opensuse but veteran of RedHat, Mandriva and Ubuntu. Fresh install of openSuSE 10.3. Postfix listens on localhost but does not listen on eth0. More precisely, when I run telnet IP 25 from an outside PC, I get Unable to connect to remote host: Connection refused. I need Postfix to listen on eth0. No firewall is installed. iptables -L INPUT and iptables -L OUTPUT show POLICY ACCEPT and no rules are specified. /etc/postfix/main.cf has inet_interfaces commented out. Setting inet_interfaces=all does not help. /etc/postfix/master.cf has this line about smtpd: smtp inet n - n - - smtpd Postfix on Opensuse listens on localhost only by default. This will work in any case: postconf -e inet_interfaces = all rcpostfix restart check with netstat -antp | grep :25 It should also be possible to configure Postfix from within the MTA module in yast. But be careful. Once you configure Postfix manually, Yast will not touch the Postfix config files anymore. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Moving Cyrus IMAP mail files
Jim Flanagan wrote: The recent post on the best imap has made me ask the question, how do/should I move my Cyrus Imap files from one server to another. I'll need to be upgrading my suse 10.0 server to 10.3 soon, and I've never had to move my existing mail before. I haven't decided if I'll change boxes, or just do a new install on a different partition on the same box, but in any case will be a clean new install of 10.3 (assuming I can get my graphics issues worked out). If the only server application is Cyrus then you might as well export the cyrus databases, make a clean install and then restore and import the cyrus databases. On the other hand, I just upgraded from 10.0 to 10.3, and the Cyrus/Postfix/Amavis/saslauthd combination was upgraded perfectly. If I don't change boxes, I won't be able to have both installs running at the same time, so how do I move the files, or more specifically, which files do I move? /etc/cyrus.conf /etc/imapd.conf /etc/sasl2/ /etc/pam.d/* (common*, login, imap, sieve, smtp) /etc/sysconfig/saslauthd /var/lib/imap(where the databases are) /var/lib/sieve (where the compiled sieve scripts are stored) /var/spool/imap (where the actual mailboxes are) /usr/lib/sasl2/ (cyrus sasl libs for authentication mechanisms) I think it is easier to update the installation. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] suse 10.0 and spamassassin 3.1.8
Chuck Payne wrote: Guys, I got a problem and upgrading isn't an answer at this time. I need help upgrade spamassassin to 3.2, I know there is no rpm for opensuse 10.0, but I need to know what is the best way of doing this so that I don't lose spam scanning or mail flow. Simply grab the source rpm of opensuse 10.3 of spamassassin 2.3.2 and rebuild the rpm for your distribution. Though I wonder why you would want to run a server that is not supported anymore at the end of the month. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] suse 10.0 and spamassassin 3.1.8
Chuck Payne wrote: On 10/16/07, Chuck Payne [EMAIL PROTECTED] wrote: On 10/16/07, Sandy Drobic [EMAIL PROTECTED] wrote: Chuck Payne wrote: Guys, I got a problem and upgrading isn't an answer at this time. I need help upgrade spamassassin to 3.2, I know there is no rpm for opensuse 10.0, but I need to know what is the best way of doing this so that I don't lose spam scanning or mail flow. Simply grab the source rpm of opensuse 10.3 of spamassassin 2.3.2 and rebuild the rpm for your distribution. Ok, how can I build against my build. I have never done that and that worth a shoot. wget ftp://ftp.gwdg.de/pub/opensuse/distribution/10.3/repo/src-oss/suse/src/spamassassin-3.2.3-10.src.rpm rpmbuild --rebuild spamassassin-3.2.3-10.src.rpm Afterwards you will get a normal rpm that you can install via yast or simply with rpm -i. Please make sure that all prerequisites are met for spamassassin 3.2.3. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Best IMAP
Jim Flanagan wrote: It's been a while since I tested Dovecot, but as I remember, uw-imap and Coruier read different mail box file formats. One reads mbox, the other maidir (don't remember which is which at the moment). The beauty of UW-Imap uses mbox, Courier uses maildir format. Dovecot is that it can be configured to read one or the other format. In Dovecot you may want to adjust this setting if you are having trouble. In any case, all of the above read mail from /var/spool/mail. Cyrus works differently. When you set up opensuse to use Cryus imap, it will store mail in /var/spool/imap. I think it is because Cyrus imap does lots of active stuff behind the sceens in managing your mail. When you look at logs for example, there are lots of entries where cyrus imap is doing reads and other stuff to it. In practice I never notice a thing. Except for the fact that it has other benefits such as error correction. I've noticed in the past when moving a large number or emails from one folder to another (say a months or more worth of opensuse emails) uw-imap for example might get overwhelemed, and I wound up loosing some emails in the process. Since I started using Cyrus imap, this has never happened. Sometimes (agian moving large amounts of email at one time) the move process might fail, but Cyrus restores all mails to their original location. Active fault tolerance. This is one of the reasons I like Cyrus. But, you have to set it up differently, i.e. the mail is stored in a different location and in a cyrus format than the other imap solutions. You set it up using yast, which configures all that stuff for you. It is not hard. Cyrus is a lot more complex than it seems when you are setting it up in yast. You are right, in spite of the seemingly maildir like structure, Cyrus uses a proprietary format to store mails. Mails are stored as a file for each mail, but additionally Cyrus is keeping an index in every folder (sub-mailbox) to track mails. Other Cyrus databases are mailboxes.db - mailboxes, folder structure, ACLs deliver.db - duplicate suppression for delivery and vacation seen.db - the seen state of the mails Critical is the mailboxes.db. If that database is unreadable Cyrus will refuse to work. Now, the tricky part is that the database is dependent on the version of the installed berkeley db. The other databases can be deleted if neccessary, you will only lose not-critical meta-data. Let's assume you like your data and you backup regularly. Then the hdd of your box goes south and you decide to buy a new one. You install the newest Suse version, restore the data from your backup, log into your imap server and.. uh... it doesn't seem to be running... That is why Novell by default sets up a script in /etc/cron.daily to dump a flat text file of mailboxes.db each day. My backup script is dumping also the seen state and the deliver.db to text files before a backup run. For single user installations Cyrus is mostly overkill, though some features are pretty neat. I am running squatter to get a full text index, it speeds up fulltext searches tremendously, although the index is using a lot of space. Sieve scripts for serverside filtering are also very nice. Courier and Dovecot on the other hand use normal maildir format, backup and restore is done by copying the files. You can also use a script to remove files without breaking the imap server. If someone does not have any experience with imap servers I would suggest Dovecot, it is a very active project, the server has left beta state in the recent time. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Best IMAP
Lew Wolfgang wrote: I've been using wu-imap since the early '90s and have been told numerous times about how bad it is. Say what you will about the mbox format, but its big advantage is the files are all ascii. This means they can be grepped and fiddled with outside of the imap system. I once considered one of No difference to maildir format in that regard. All mails have to survive the transfer across various servers, so basically all mails are transfered as text. Even attachments are converted to ascii text for that reason. This does not mean that they are easily accessable with grep since they are often mime encoded. Just think about all the languages that are not compatible with ascii. the other systems that uses maildir format, but chickened out because I didn't want all of our 50 or so accounts being stored in a database format. This smelled too much like MS Exchange for me. Uhm, IIRC, Exchange is using one file for each mailbox. Domino is doing the same. In other words, much like mbox. (^-^) If we are talking about Cyrus this is at least partially true, though the mails are still stored as simple files in folders. A real database appliance would be something like dbmail where even the mails themselves are stored in in a mysql database. I also don't recall ever loosing mail due to wu-imap, but am willing to hear reasons to change. Has anyone ever had There are some good reasons for maildir: - performance: If you have a LOT of mails in a mbox file it takes a lot of time to scan the mbox for changes. The bigger the mbox files, the more users you've got, the more you will feel this. When you've got powerusers that have nurtured their mailboxes to sizes of 10 GB upwards and you expect your server to respond in a timely fashion you will have to use maildir. (^-^) - deliver security: mbox has a long history of locking problems. This mostly affects bigger installations, where the mbox files are stored on shared network devices and several services might try to access the files. Maildir has no trouble at all if ten mails are delivered in parallel to the same mailbox at the same time. The longer a process has to lock the mbox file for exclusive write access the bigger the change that another process will be blocked and delivery is deferred. - folder structure With maildir you can use a folder structure to sort your mail on your server. - backup: Backup and restore can be done on changed mails only. When you have single mbox files you have backup the entire file if just one mail has been added or deleted. Again, no problem with locking during backup. All these arguments are valid even for middle-sized installations though you might not experience these problems on a small installation. problems with the maildir format? Do tools outside of the imap daemon exist for manipulation of the data? Are maildir systems compatible with pine? Yes, we still have pine users. If pine can use pop or imap? Sure. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] OT 10.3 on an old server installed like a dream (nightmare version)
Clint Tinsley wrote: Sandy, Congratulations on the resurrection. Great work. There were so many reports about successful and easy installations that I had to set a counterpoint to make people aware about the risks of any upgrade. If you've got valuable data on your box, do your backups regularly and test it. If downtime is a problem test the upgrade on a non-production machine and have troubleshooting tools and documentation handy. Going off topic here but I tried to reply directly to you but your mail server rejected the suse-linux-e address... No spam there! Sorry, the mailinglist addresses are regularly harvested by spammers, so my server only accepts mails to these addresses from the listservers. Additionally it happens every other month, that someone misconfigures his server/forwarding/whatever resulting in a lot of bounces and related crap. Included beneath every mail I am sending to the list is an email address that is not restricted: [EMAIL PROTECTED] Question, where did you get a Knoppix 5.2 DVD and is it an English version? I have not been able to find anything since the 5.1.1 release in January. Google gives some references to a 5.2 DVD available via bittorrent which I can't use due to firewall issues. Would like to have that in my toolbox. The dvd was included with a magazine that I am subscribed to, no idea where I could get this version otherwise. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] 10.3 on an old server installed like a dream (nightmare version)
David C. Rankin wrote: Sandy Drobic wrote: I can only recommend to have a Knoppix dvd present and better yet a test installation on a less important system before you jump on the band wagon of 10.3. It seems as if some raid controllers are still not correctly supported by newer Opensuse installers, even though they are working beautifully in older versions. Sandy, if this happened to you, what can the rest of us expect? Just don't let your postfix knowledge become corrupt with the blood pressure elevation. Good rule of thumb (thou shall not Upgrade). Back up home and data, fresh install, then reload data -- The only way to fly. Uhm, that would give you a non-working Cyrus imap server for example. I am also pretty sure that it would have happened with a fresh install as well. The point of my story was that it can happen to everyone of us and that everyone should take steps to anticipate trouble and have a concept ready how to repair a system and minimize downtime. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] crazy mailer daemon
Thierry de Coulon wrote: Hello, Any time I post on this list recently the message gets through but I get this answer: From: Mail Delivery Subsystem [EMAIL PROTECTED] (...) - The following addresses had permanent fatal errors - [EMAIL PROTECTED] (reason: 550 host mx-ha01.web.de [217.72.192.149] said: 550 [EMAIL PROTECTED] Benutzer hat zuviele Mails auf dem Server. / User has too many messages on the server.) - Transcript of session follows - ... while talking to mx-ha01.web.de [217.72.192.149]: RCPT TO:[EMAIL PROTECTED] 550 host mx-ha01.web.de [217.72.192.149] said: 550 [EMAIL PROTECTED] Benutzer hat zuviele Mails auf dem Server. / User has too many messages on the server. 550 5.0.0 Mailbox unavailable/command rejected for policy reasons/no access I'm thinking of just filtering it, but why do I get a mail from web.de when I post on opensuse.org? Good question. The answer is probably (you haven't shown the more important headers) that a server in front of the rejecting server has accepted the mail and then sent the mail to the from-header of the mail, not the envelope sender address. Looks like a bounce from mi-ob.rzone.de. I guess that the mail is forwarded from rzone.de to web.de and the mailbox on web.de for that user is over qoata. Nothing you can do about that from your end but hope that the forwarder will notice it. If the problem persists, notifiy the list-owner to get im unsubscribed. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Where to tell MTA to send through port 587?
Johnny Ernst Nielsen wrote: Good day Lew, Johnny Ernst Nielsen wrote: Where do I tell the MTA to use port 587 when sending mail through my web hotel? Mandag 01 oktober 2007 17:58 kvad Lew Wolfgang: If you're using sendmail you can follow the recipe here: http://www.sendmail.org/faq/section3.html#3.39 According to /var/log/mail I seem to use postfix. I just use the OpenSUSE 10.2 default MTA and YaST2 - Network Services - MTA to try and configure the port. Sorry, can't help with yast settings, I always configure the Postfix config files directly. Here's what I can see: yast - Network Services - Mail Transfer Agent - Permanent - Outgoing mail server [mail.example.com]:587 Authentication: - Outgoing Server [mail.example.com]:587 user name user passwordpassword That should give you the following output from postconf -n: relayhost = [mail.example.com]:587 smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous ... /etc/postfix/sasl_passwd: [mail.example.com]:587 user:password You must have the cyrus-sasl package installed otherwise Postfix is unable to find suitable authentication mechanisms. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Where to tell MTA to send through port 587?
André Malin wrote: Le October 1, 2007 12:54:16 pm Johnny Ernst Nielsen, vous avez écrit : Good day James, Johnny Ernst Nielsen wrote: OpenSUSE 10.2 Where do I tell the MTA to use port 587 when sending mail through ^^^ Basicaly, you want postfix to listen on port 587 instead of 25, right? If this No, he needs to configure his local Postfix to send mails via the submission port, because the local ISP has blocked the port 25 for all residential (dynamic) ip addresses. So he is forced to configure Postfix like a mail user agent with authentication. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] clamsmtpd: couldn't bind to address: 10025: Address already in use
Hans Linux wrote: I just installed clamsmtp on my suse10.0, and when i run it, i got : clamsmtpd: couldn't bind to address: 10025: Address already in use how do i check what program is running on port 10025? Or should i just change the port for clamsmtp? Please see the current thread Who is listening on these ports?. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Stripping @domain from squirrelmail username.
Darragh Ó Héiligh wrote: Hello, I have Squirrelmail now set up with Dovecot in Open SuSE 10.2. Squirremail however is sending the username in a very strange format. Say I submit darragh with password abcdefg. Squirrelmail seems to pass [EMAIL PROTECTED] instead of just darragh. It is taking the domain from the URL. Example, if externally, the address is something like http://dyndns.org/squirrelmail/ it will take dyndns.ocm as the domain and format my address as [EMAIL PROTECTED] If working from the localhost and I access squirrelmail from localhost/squirrelmail/ squirrelmail sees the domain as localhost so formats the username as [EMAIL PROTECTED] Of course, when squirrelmail formats the username like this, I cant log in becauee the imap server is expecting the username darragh on it's own. Any ideas? How do I get Squirrelmail to only send my username as darragh without the domain? Any help would be very appreciated because at this stage, I'm about to go absolutely crazy. He he, sounds as if you have some autodetect-gone-wild feature enabled. When you configured Squirrelmail (you did configure it, right?), what value did you configure in the following option: (adjust the path to your installation) execute /srv/www/htdocs/squirrelmail/config/conf.pl SquirrelMail Configuration : Read: config.php (1.4.0) - Main Menu -- 1. Organization Preferences 2. Server Settings 3. Folder Defaults 4. General Options 5. Themes 6. Address Books 7. Message of the Day (MOTD) 8. Plugins 9. Database 10. Languages D. Set pre-defined settings for specific IMAP servers C Turn color off S Save data Q Quit Command 2 SquirrelMail Configuration : Read: config.php (1.4.0) - Server Settings General --- 1. Domain : japantest.homelinux.com 2. Invert Time: false 3. Sendmail or SMTP : Sendmail A. Update IMAP Settings : localhost:143 (cyrus) B. Change Sendmail Config : /usr/sbin/sendmail R Return to Main Menu C Turn color off S Save data Q Quit Command 1 The domain name is the suffix at the end of all email addresses. If for example, your email address is [EMAIL PROTECTED], then your domain would be example.com. [japantest.homelinux.com]: -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Serious server problem
Fabian Slovig wrote: Hello, I've a serious problem with my Fujitsu-Siemens RX100S4 server. I want to install a SuSE Linux on it with raid. I tried SuSE 10.0 and 10.1, but I always only saw two harddisks and no raid-system in the partitioner. Then I tried openSuSE 10.2 and had a little success. It found the correct raid Controller (a ICH7; ISL MegaRAID) and the two Broadcom network-interfaces. Then in the yast it crashed down. Without raid it donÄt carsh. The message is: device-mapper: table: 253:2: linear: dm-linear: Device lookup failed device-mapper: inctl: error adding target to table dmraid: segfault at 2b9809130a00 rip 2b9809130a00 rsp7fffa22f78c8 error 15 Can you help me? I need this server running SuSE linux Support for Linux from FSC has been rather lacking. I've pretty much given up on FSC with Linux, even though most of our servers are from FSC. Officially they don't support any Suse aside of the SLES. Your best bet is to either use a controller that is supported natively by the kernel or try Opensuse 10.3. The RC1 that appeared last week should be sufficient to test if the installation is possible. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Postfix not recognising me (WAS: Postfix does not seem to be logging)
John wrote: Hi, I'm still trying to send email from my mobile phone through my Postfix (on SuSE 10.0) server. I believe I have a TLS connection set up and working but the server does not allow me to relay mail from my phone to external recipients. Copy of log for such an attempt follows: [snip...] Sep 17 19:09:49 General postfix/smtpd[19573]: SSL_accept:SSLv3 flush data Sep 17 19:09:49 General postfix/smtpd[19573]: TLS connection established from host212-183-132-39.uk.access.vodafone.net[212.183.132.39]: TLSv1 with cipher RC4-MD5 (128/128 bits) Okay, TLS seems to work. But TLS is NOT, I repeat NOT an authentication method! TLS merely provides an encrypted channel where you can exchange data between server and client without worrying who else is listening between. Sep 17 19:09:52 General postfix/smtpd[19573]: NOQUEUE: reject: RCPT from host212-183-132-39.uk.access.vodafone.net[212.183.132.39]: 554 [EMAIL PROTECTED]: Relay access denied; from=[EMAIL PROTECTED] to=[EMAIL PROTECTED] proto=ESMTP helo=[xxx.xxx.xxx.xxx] This indicates that no authentication has taken place. Please check first that your server actually offers authentication and then check the client (your phone), if it actually is configured with username/password to authenticate. I am reluctant to put the vodafone.net IP subnet address (212.183.132.0/24) in mynetworks since I fear this could then open me to being a relay for that set of addresses. (the last octet is not always 39). Very good! Yes, that would indeed make you an open relay for that network. Don't do that. Set up smtp auth on your server and client instead. How can I allow mail with from=[EMAIL PROTECTED] to pass through my server from my phone? (Bizarrely, if I send an email to myself from my phone, it gets relayed as one of the mydestination names.) You don't use fully qualified names. Postfix will qualify it later. Usually you reject recipients/senders with non_fqdn_names. (Phone = Nokia 9300i configured to use StartTLS when sending email) Set up smtp auth on server and client. For further help please send the output of saslfinger -s of your Postfix box to the list. Patrick's Saslfinger is a script you can easily find. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Postfix not recognising me (WAS: Postfix does not seem to be logging)
John wrote: Sandy Drobic wrote: [snip] For further help please send the output of saslfinger -s of your Postfix box to the list. Patrick's Saslfinger is a script you can easily find. True, the script was easily found. However, running install gave the error: : bad interpreter: No such file or directory so I copied the files manually to the paths given (and chmoded them). 'man 1 saslfinger' works but 'saslfinger -s' gives the :bad interpreter error above. I hadn't bargained for debugging the debugging tool! Next stop - read the script and run manually. The most probable explanation is a bad line break, the difference between windows and unix line feeds. View the file with the viewer of mc, then you should see the control characters. Either find a correct encoded version or convert your script with dos2unix, recode... I remember that it happened to me as well some years ago. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Postfix not recognising me (WAS: Postfix does not seem to be logging)
John wrote: G T Smith wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John wrote: Hi, I'm still trying to send email from my mobile phone through my Postfix (on SuSE 10.0) server. I believe I have a TLS connection set up and working but the server does not allow me to relay mail from my phone to external recipients. Copy of log for such an attempt follows: Just a little question. In your config below I see two possibilities to authenticate: either by using conventional user/pass or by using a client certificate. Which one are you trying to implement? Did you test both of them? postconf output follows: broken_sasl_auth_clients = yes mynetworks = 127.0.0.0/8, 192.168.74.0/24, 192.168.80.0/24, 10.0.0.0/24 relay_clientcerts = hash:/etc/postfix/relay_ccerts smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_tls_clientcerts, reject_unauth_destination smtpd_sasl_application_name = smtpd smtpd_sasl_auth_enable = no Er, hello?!? If you want to use smtp auth you need to set this to yes! smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous smtpd_tls_CAfile = /Certificates/ssl/Authority/CA.crt smtpd_tls_ask_ccert = yes smtpd_tls_auth_only = yes smtpd_tls_cert_file = /Certificates/ssl/Certificate/PostOffice.DMJ-Consultancy.me.uk.unc smtpd_tls_key_file = /Certificates/ssl/Key/PostOffice.DMJ-Consultancy.me.uk.unc smtpd_tls_loglevel = 0 smtpd_tls_received_header = yes smtpd_tls_req_ccert = yes smtpd_use_tls = yes The rest looks fine. If you are trying to use client certs, did you put the client cert on your phone? I don't remember seeing a line in the tls log where the client (your phone) is presenting a client certificate. If you can't get saslfinger to work, please show the output of the last line of this command (the capabilities of your server after a tls connection has been established and the ehlo command is invoked. openssl s_client -starttls smtp -connect localhost:25 ehlo localhost Please also post the content of /usr/lib/sasl2/smtpd.conf. If you are trying to use client certificates for authentication please also post the content of /etc/postfix/relay_ccerts and verify that it is indeed the fingerprint of your client certificate. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] virtualisation and dual core
Greg Freemyer wrote: On 9/18/07, Rainer Klier [EMAIL PROTECTED] wrote: Am Dienstag, den 18.09.2007, 15:00 +0200 schrieb jdd: Hello can I state than any dual core provessor can do full virtualisation? no. not if you mean hardware-virtualization-technologies. there are pentium dual-cores for example, which are, of course dual core processors, but don't have hardware-virtualization-technologies. Also, it requires BIOS support as I understand it. Yes, I recently set up a VM server (FSC Primergy RX300S3 with 12 GB RAM and 2 Quad Core CPUs 1.6 Ghz. At the moment I've got 7 VMs running (most rather low usage), and overall the CPU utilisation is staying in the low one digit range. The BIOS had a setting for the virtualisation functions (disabled by default) called Vanderpool-something which I enabled. At the moment it looks as if I will run out of RAM much sooner than get into any trouble because of CPU/hdd usage. Though the server is running under Windows 2003 64bit. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] postfix error.
James D. Parra wrote: Hello, I am receiving the error message below from postfix, however I don't have alias_maps enabled in the config; If you haven't set alias_maps yourself, the default will be used: postconf -d alias_maps alias_maps = hash:/etc/aliases, nis:mail.aliases warning: dict_nis_init: NIS domain name not set - NIS lookups disabled And that is the result. Either set alias_maps to the database you use or use an empty value if you don't want alias_maps to be used at all: postconf -e alias_maps = postfix reload -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Re: NT domain authentication password expiration
Sunny wrote: On 9/13/07, Sandy Drobic [EMAIL PROTECTED] wrote: man chage chage -l chage: Unknown user `MYDOMAIN\sunny'. I guess chage is for local users, not domain ones. Yes. In that case you probably have a password expiry policy on your domain controller. That is nothing you can influence from your workstation. So you can only try to change the password and hope that expiry will be reset. IIRC the password expiry period is 42 days in a default installation. Do you get any hints other than the fact that the password is expiring? -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Spamassassin and Amavis
Chuck Payne wrote: Guys, One of the server I take care of, the admin of that site did something stupid. They want to upgrade their spamassassin to 3.2.3, because the last update version for 10.1 was 3.1.8. They upgrade from perl, by doing perl -MCPAN -eshell install Mail::SpamAssassin Once that it was done, now they aren't getting mail. They are getting this error message every time a message comes on the box Strange, if the make does not show errors it should work, the tests bofor install are quite extensive. Did the admin force the install? I am running sa 3.2.3 from a CPAN install on Suse 10.0 here. Perhaps some dependencies were not installed/updated to the neccessary version? parts_decode_ext FAILED: parsing file(1) results - missing last 1 results at (eval 65) line 154. (in reply to end of DATA command)) I turn on debugged and I see this error... Sep 10 01:47:49 hover spamc[7422]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#2 of 3): Connection refused Red hering, it shouldn't be neccessary for amavisd-new. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Avoiding spam to harvested addresses
Koenraad Lelong wrote: Hi, Recently I started receiving spam to a mail-address I setup for a list. To get rid of the spam I removed that mail-address so that's solved. Crude, but it works. But then I read Sandy Drobic's post from 22/8 about those bounced mails from this list (Why do I get this back all the time). He mentions that he setup his system to reject mails not coming from the listserver. Where in the Postfix documentation should I look for information about setting this up ? It is a simple application of a restriction class. The prerequisites of such filtering are, that you must have administrative access to your postfix server and that the postfix server itself is receiving the mails directly from the client (not polled by fetchmail or getmail or any other server in front of Postfix). /etc/postfix/main.cf: smtpd_restriction_classes = suse_only suse_only = check_client_access hash:/etc/postfix/check_recipient_class_suse_only, reject smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination check_recipient_access hash:/etc/postfix/check_restriction_class /etc/postfix/check_restriction_class: [EMAIL PROTECTED]suse_only /etc/postfix/check_recipient_class_suse_only: lists4.suse.com OK 195.135.221.135 OK I have included the ip address of lists4.suse.com in case of a DNS error. Don't forget to postmap the hash files. This example only shows the necessary options for one restriction class, my real setup is a bit more complex. (^-^) -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Post Restrict local.domain.com to local.domain.com ::ffff:ip (OpenSUSE 10.2) SOLVED!
Boyd Lynn Gerber wrote: On Fri, 24 Aug 2007, Sandy Drobic wrote: local_only = reject_unlisted_recipient permit_auth_destination reject This Solved the problem. The difference to reject_unauth_destination is, that permit_auth_destination will stop the evaluation of the checks and permit the requests while reject_unauth_destination (like mouss suggested) will only reject relay attempts and otherwise continue with the checks behind reject_unauth_destination. So the mail could still be rejected for other reasons like greylisting, RBLs etc. It is also the reason why I suggested reject_unlisted_recipient first to make sure that the recipient is valid before accepting the mail with permit_auth_destination. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Post Restrict local.domain.com to local.domain.com ::ffff:ip (OpenSUSE 10.2)
Boyd Lynn Gerber wrote: On Thu, 23 Aug 2007, Sandy Drobic wrote: Looks like scrambled eggs. (^-^) Sadly, yes A restriction class in Postfix is meant to combine two different checks. I still don't really know what exactly you want to restrict. Do you mean that you want to restrict all CLIENTS in 192.168.0.0/16 to send only to local domains? Yes, 192.168.0.0/16 only can send between 192.168.0.0/16 In that case you would use something like this: smtpd_restriction_classes = local_only local_only = reject_unlisted_recipient permit_auth_destination My bad... local_only = reject_unlisted_recipient permit_auth_destination reject smtpd_recipient_restrictions = check_client_access cidr:/etc/postfix/clients_local_only permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination /etc/postfix/clients_local_only: 192.168.0.0/16 local_only That is what I have now, but they can send outside of 192.168.x.x The access file I have modified to also have the local_only This is my main.cf file. No wonder, I forgot to add reject at the end of the restriction class. This will reject all mails to domains for which your server is not responsible, in other words, no relaying allowed. While it is possible to check the MX for a domain (check_recipient_mx_access), for security reasons you can't use OK as result for such a check. But permit_auth_destination should do the trick. --Main.cf--- Better send the output of postconf -n, it is much more readable. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Require all local IP to only send to local IP and Restrict local.domain.com to local.domain.com
Boyd Lynn Gerber wrote: Hello, I want to restrict all CLIENTS in 192.168.0.0/16 to send only to local domains. That is 192.168.0.0/16 only can send between 192.168.0.0/16. I have other public IP's that should be able to send any where. I am subsituting domain.com for the real domain. Please do not open a second thread for the same problem. I already replied to your first thread. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Require all local IP to only send to local IP and Restrict local.domain.com to local.domain.com
Boyd Lynn Gerber wrote: On Fri, 24 Aug 2007, Sandy Drobic wrote: Boyd Lynn Gerber wrote: I want to restrict all CLIENTS in 192.168.0.0/16 to send only to local domains. That is 192.168.0.0/16 only can send between 192.168.0.0/16. I have other public IP's that should be able to send any where. I am subsituting domain.com for the real domain. Please do not open a second thread for the same problem. I already replied to your first thread. Sorry, I thought I need to make things clearer and so I did a new post. Sorry. I and probably most other people prefer, if you simply rename the subject line. The threading will not be broken that way (for most mailclients) and the continuity is clear. - Threadsubject 1 | `-Threadsubject 2, was: Threadsubject 1 That way everyone should be happy. Please test my modification if it works (it should). -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Why do I get this back all the time..
[EMAIL PROTECTED] wrote: Hi all. That would be my badly misconfigured mailserver. Its taken down until further notice. I miss my old postfix+dovecot setup. :( If I remember correctly, your setup complained, that it couldn't resolve the name localhost. Please verify, that localhost is included in /etc/hosts and that /etc/nsswitch.conf contains hosts: files dns A more robust way to configure Postfix is zu use 127.0.0.1 instead of localhost. Then Postfix does not have to rely on hostname resolution for internal transports. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Post Restrict local.domain.com to local.domain.com ::ffff:ip (OpenSUSE 10.2)
Boyd Lynn Gerber wrote: Hello, I have a complete forward and reverse DNS setup for local.domain.com and I am trying to restrict all 192.168.x.x addresses. I am using in main.cf smtpd_restriction_classes = local_only local_only = check_recipient_access hash:/etc/postfix/local_only, reject smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_client_restrictions = smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/restricted_senders, permit_sasl_authenticated,permit_mynetworks,check_relay_domains and local_only has all 64770 entries below. 192.168.0.1 OK 192.168.0.2 OK ... 192.168.255.253 OK 192.168.255.254 OK Looks like scrambled eggs. (^-^) A restriction class in Postfix is meant to combine two different checks. I still don't really know what exactly you want to restrict. Do you mean that you want to restrict all CLIENTS in 192.168.0.0/16 to send only to local domains? In that case you would use something like this: smtpd_restriction_classes = local_only local_only = reject_unlisted_recipient permit_auth_destination smtpd_recipient_restrictions = check_client_access cidr:/etc/postfix/clients_local_only permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination /etc/postfix/clients_local_only: 192.168.0.0/16 local_only The check_client_access MUST NOT return OK because that would allow the client to relay (in the order of checks it appears before reject_unauth_destination can restrict the destination). -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Why do I get this back all the time..
Michael Skiba wrote: Am Mittwoch, 22. August 2007 21:17 schrieb Verner Kjærsgaard: A couple of minutes ago, I started receiving LOTS of emails back from a server. All my postings over the last 10 days or so to this list are coming back...like this one: --- Undelivered Mail Returned to Sender Fra: Mail Delivery System [EMAIL PROTECTED] Til: [EMAIL PROTECTED] Hehe, I got the same, guess almost everyone gets those mails, it's generated from a postfix program from a list subscriber.. don't ask me why or who, but it happend. The broken server is pat1outside.trollnet.no. I just saw in the log, that this server tried to bounce back a lot of mails to my list address. Since my server does not accept mails to my list address except from the listserver I am spared this crap. In fact, that is exactly the reason why I configured this check apart from the spammers that like to harvest the list archive for valid addresses. Among 2000 subscribers there's always someone with a broken server every other month or so. :-( -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] suse 10.3 beta1 64-bit dvd problem
Andreas Jaeger wrote: Art Fore [EMAIL PROTECTED] writes: Downloaded the 64 bit suse 10.3 beta1 via torrent. After 3 days of downloading, I can burn the dvd, md5 checks OK, but, machine will not boot from it. Burned another, same thing. I can read the files on the disk, just not boot from it. Is this a bug or is there something special with this dvd. I've seen some bugs similar to yours coming in bugzilla. Something looks rather fishy on 64-bit x86-64 with linuxrc (I expect you do not see the YaST Language selection at all). Nope, I downloaded Beta1 64-bit DVD x86-64 just yesterday, it checks out fine in the media check and I can boot from it without problem (had to change the device order, though). I can change the language to German and the installation is started in German as well. The real show-stopper comes when I choose to update an already installed Opensuse 10.2 x86-64 as base for the installation. During the dependendy check of the installed rpms it shows 27 packages that can not be updated. So far no problem. Unfortunately when I choose to delete the not-updatable packages, the system freezes solid. Not on the first package, but somewhere in the middle. Tried it twice now, once from top of list and second time from bottom of list. Last package I choose to delete was libgcj41-32bit. The only thing moving after that was the mouse cursor. It was just like working with Windows. (^-^) Since no Installation on harddisk happened yet, I can't provide you with any log. :-( -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] postfix isn't accepting connections anymore. Any changes to postfix?
Johannes Nohl wrote: This is problably a DNS timeout problem. Postfix is trying to resolve the client ip and checks the reverse dns as well. Without working dns you will run into many problems. Yesterday I added disable_dns_lookups = yes to main.cf without help. But today everything is running well. If it's about DNS (you are probably right) are there more than this switch. Thanks Sandy. Almost Everything that has to do with hostname resolution and transport decisions will depend on dns. That includes RBLs, connecting clients, sending mails to other hosts, but also checks like - reject_unknown_sender_domain - reject_unknown_recipient_domain - reject_unknown_client_hostname - reject_unknown_helo_hostname - reject_sender_mx_access ... A good reliable DNS resolution is a prerequisite for running a mailserver. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] postfix isn't accepting connections anymore. Any changes to postfix?
Johannes Nohl wrote: Thanks Theo for your fast answer. I ran out of ideas. My postfix installation on a opensuse 10.0 isn't accepting connections anymore. Out of sudden!! I didn't change anything (last what I did was using the apt upgrades for apache and php the day before but there can't be any relation I guess). While port 25 is dead submission port 587 is working as expected. Log files are still growing since spammers were rejected (mail and mail.info). Either it's not accepting connections, and thus not rejecting them either, or it is accepting connections and maybe rejecting (because of something you've changed). It can't be both. I telnet the server on port 25. Now the so called banner should be sent. But it isn't. So no chance to drop HELO. And after a while the connection will be closed. Please send output of postconf -n. When you restart Postfix and try to send a mail, what do you see in the log? Please post the log lines. This is problably a DNS timeout problem. Postfix is trying to resolve the client ip and checks the reverse dns as well. Without working dns you will run into many problems. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Re: domain and email forwarding
Dave Howorth wrote: On Wed, 2007-08-08 at 21:25 +0200, Sandy Drobic wrote: Just to clear up some probable misunderstanding: do you mean that your server receives the mail and then sends it onwards to your ISP? THAT is forwarding. If you mean that you have a domain which is hosted by your ISP and the mailserver of your ISP is the MX for that domain, that is NOT forwarding. I don't have a server. Company A hosting my domains receives the mail and forwards it to my ISP (company B) and I pick it up from there with POP3. Weird construction. (^-^) Why not poll the Server of Company A directly? The trouble with forwarding is, that different methods of determining spam might lead to blocking, if Company B considers the server of Company A as a source of spam. If you want to set up your own server the basic setup for Postfix/Cyrus is relatively simple. I still see a lot of traffic on this list from people with problems! They're ably helped by you and others but it still looks like more hassle than I'd like :( Of course. I only said that the basic setup is relatively easy. I didn't say anything about troubleshooting. (^-^) On Wed, 2007-08-08 at 19:13 -0400, Razi Khaja wrote: I just started using the google service for my own domain. Its very easy to setup and the standard edition is free so its worth a try. After trying it, if you dont like it you can always cancel the service. The good thing about the google service is that you can be pretty sure that your mail server wont go down (since you wont be admin'ing it, google will) and you wont have to become an expert in mail servers. Thanks, Razi. I'll investigate this - it sounds like what I'm looking for. It's definitely a better choice than to start your own server without knowing much about SMTP and IMAP. One caveat is that I simply don't trust Google to handle my data. They are a business in the first place, so they have to get some value out of it in a currency you don't see at first glance. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] domain and email forwarding
Dave Howorth wrote: I have a domain that I use to forward email. So I'm subscribed to this list as [EMAIL PROTECTED] and it is forwarded to my real ISP. The Just to clear up some probable misunderstanding: do you mean that your server receives the mail and then sends it onwards to your ISP? THAT is forwarding. If you mean that you have a domain which is hosted by your ISP and the mailserver of your ISP is the MX for that domain, that is NOT forwarding. company that provides this service has decided to try to get extra money for the same service so I'm looking for somewhere else. They also host the DNS for that domain and a few others and provide web forwarding as well, though I don't use that in earnest. Can anybody recommend any company in the UK or Europe that provides these services, speak English and are trustworthy? Or how much of this could I do for myself? Are there any good howtos? If you want to set up your own server the basic setup for Postfix/Cyrus is relatively simple. Prerequisite is definitely a dsl connection. If the mailserver of your ISP allows you to use arbitrary sender addresses then you can receive all mails for your domain directly and send the mails via your ISP. Otherwise too many mailserver will reject mails sent directly from a residential connection. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] ping: sendmsg: Network is unreachable
Carl Spitzer wrote: ping smtp.pcmagic.net PING smtp.pcmagic.net (69.19.155.88) 56(84) bytes of data. ping: sendmsg: Network is unreachable --- smtp.pcmagic.net ping statistics --- 257 packets transmitted, 0 received, 100% packet loss, time 256255ms does this mean the mail server is down? No, it means that an ICMP package could not be sent to the destination. Furthermore you get the result that the entire network can't be reached. If you want to know if a mailserver is online and reachable I suggest you use telnet hostname 25. When the server is online you will get the smtp banner of the server. If you have a residential ip it is possible that your provider does not allow you to connect to port 25 of any host unless it is the mailserver of your provider. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] ping: sendmsg: Network is unreachable
James Knott wrote: Carl Spitzer wrote: ping smtp.pcmagic.net PING smtp.pcmagic.net (69.19.155.88) 56(84) bytes of data. ping: sendmsg: Network is unreachable --- smtp.pcmagic.net ping statistics --- 257 packets transmitted, 0 received, 100% packet loss, time 256255ms does this mean the mail server is down? I can receive and this was sent via another smtp from myrealbox. No, what it means is that you cannot reach the server for whatever reason. It's the same situation as when you try to go to the store and find a road closed. Does that mean the store is closed? Or only that you can't get to it? Or you're simply knocking at the wrong door. (^-^) It it entirely possible that the server will not answer to ICMP queries but is available on port 25. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] any ideas to whats causing this messages
clifford jackson wrote: Any ideas to whats causing these messages: linifl login: Jul 23 06:55:17 linifl postfix/local[918]: fatal: open database /e tc/aliases.db: No such file or directory postalias /etc/aliases postfix reload -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] any ideas to whats causing this messages
Sloan wrote: Sandy Drobic wrote: clifford jackson wrote: Any ideas to whats causing these messages: linifl login: Jul 23 06:55:17 linifl postfix/local[918]: fatal: open database /e tc/aliases.db: No such file or directory postalias /etc/aliases postfix reload Or more tersely: newaliases - and you're done - assuming /etc/aliases exists. That requires that alias_database points to the correct file, in this case /etc/aliases, or you might geht unexpected results. (^-^) http://www.postfix.org/postconf.5.html#alias_database -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Virtual domain, between Postfix and Qmail
Hans Linux wrote: Currently i m using postfix as my mail server. but i m having problem when i have to add additionl domain to my server. I can't get the same username for 2 domains like [EMAIL PROTECTED] and [EMAIL PROTECTED] [EMAIL PROTECTED] and [EMAIL PROTECTED] will be treated as the same user by Postfix. And there is no interface for me to admin virtual domain in postfix and as i heard it's easy to do it with qmail since qmail has a lot of interface to admin like qadmin, vpopmail etc. I m not an expert in mail server, sorry i wasn't try to compare between postfix and qmail. I really need an interface for postfix to admin, and if there is no interface for postfix, i thought i will be easier for me to do it with qmail No interface will ever tell you what the right solution is. It will only help to handle the administration with more comfort. If you need a wellconfigured web interface I would suggest something like Scalix or Kolab. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Virtual domain, between Postfix and Qmail
Carlos E. R. wrote: The Saturday 2007-06-30 at 14:37 +0200, Sandy Drobic wrote: They timed out at 30 minutes, I think. Nope, When Postfix has accepted a mail its already in your queue. At that point the maximal_queue_lifetime starts. # postconf maximal_queue_lifetime maximal_queue_lifetime = 5d Well, that was perhaps two years ago, so I don't remember what limit did I hit, but I do remember postfix complaining about 30 minutes of something being sxceeded without response from the filter, and doing something about it, which I don't remember now what it was exactly. Perhaps bounce to the postmaster, or tell the postmaster, or something - what I remember is my nerves straining! O:-) If you still have the config then check what notify_classes were set to. In the meantime, your log will fill with timeouts. There are a lot of options to set timeouts that fit your situation: No need, I solved it throtlling the queue to one mail at a time, fed to amavis. And I only use it for emergencies nowdays. But nice to have this list handy, I'll keep it. :-) Development was rather fast in the last two years. Better use the list that applies to your installation: # all timeout parameters of current config postconf | grep timeout # all default timeout parameters postconf -d| grep timeout # parameters you have set manually: postconf -n| grep timeout -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Virtual domain, between Postfix and Qmail
Carlos E. R. wrote: The Friday 2007-06-29 at 12:43 -0700, Sloan wrote: Our look at qmail was some years ago so it's getting a bit fuzzy now. ISTR that qmail seemed to be full of gratuitous differences in the interface with no tangible benefit. I won't deny that it seemed smaller and cleaner than sendmail, but the message store by inode was one deal breaker, as I mentioned. Also ISTR that we would have needed thousands of alias files to do what we were doing in sendmail. If I'm not mistaken, in postfix the queue files are also related to the inodes and can not be moved. After a restore and before starting the postfix server you need to run ... I forgot the name, to scan the queues and change the filenames appropriately. It must be explained somewhere in the faq. You are correct. As long as the queue files do not leave the file sysem (aka change their inode number) you don't need to do anything. If you do restore the raw queue files from a backup you need to run postsuper -s. -s Structure check and structure repair. This should be done once before Postfix startup. · Rename files whose name does not match the mes- sage file inode number. This operation is nec- essary after restoring a mail queue from a dif- ferent machine, or from backup media. · Move queue files that are in the wrong place in the file system hierarchy and remove subdirec- tories that are no longer needed. File posi- tion rearrangements are necessary after a change in thehash_queue_namesand/or hash_queue_depth configuration parameters. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Virtual domain, between Postfix and Qmail
Carlos E. R. wrote: The Friday 2007-06-29 at 22:15 +0200, Sandy Drobic wrote: I assume that you configured both systems with reasonable defaults? Transfer over SMTP is indeed blazing fast with Postfix. I had to switch off my main server over night once. The queue on the replacement drained almost immediately (a few hundred mails only) when the primary came online again. Although the mails then sat in the active queue of the primary waiting to be scanned by amavisd-new. (^-^) For a time, I had to reuse my old computer to retrieve suse list mail (suse 7.3, 32 MB ram, refurbished with postfix). Mail delivery went so slow that it tried to bounce! The amavis script took more than half an hour to process some emails and postfix decided to bounce back, thinking it had stalled. 32 MB is indeed rather small for ram. (^-^) Your system was bouncing because the destination hop (content_filter) timed out. If your maximal_queue_lifetime was set sufficiently low, you could indeed end up bouncing the mails that could not be processed in time. The problem was that the system was starting a new instance or child amavis (or amvis.new, I don't remember), using swap memory for each and slowing the system more and more. The solution was, of course, to use a queue of one, so that postfix didn't feed amavis with the nest email till it had finished with the previous one, so that there were only one amavis child in memory and running. The processing time went down to under a minute per mail :-) Interesting lesson! Even on a fast server, the number of amavis childs must be limited to a sensible value. Of course. Even the fastest computer can be flooded with more mail than he can scan in realtime. On my old server here at home (was build around the end of the last century) I use amavisd-new as a pre-queue proxy-filter. So I have to restrict the number of concurrent connections to 6. Any more and I might run out of RAM (my server only has 512 MB and has a few more daemons running aside of Postfix). -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Virtual domain, between Postfix and Qmail
Carlos E. R. wrote: The Saturday 2007-06-30 at 13:28 +0200, Sandy Drobic wrote: 32 MB is indeed rather small for ram. (^-^) Indeed! Its a plain pentium /one/, with 32Mb and perhaps 1 GiB swap :-) The swap is so big because the yast/you of the time (7.3) has a memory hole, so it was needed. Nowdays I use that machine for tests or emergencies. Your system was bouncing because the destination hop (content_filter) timed out. If your maximal_queue_lifetime was set sufficiently low, you could indeed end up bouncing the mails that could not be processed in time. Exactly. They timed out at 30 minutes, I think. Nope, When Postfix has accepted a mail its already in your queue. At that point the maximal_queue_lifetime starts. # postconf maximal_queue_lifetime maximal_queue_lifetime = 5d In that time, the mails that can not be scanned are merely deferred. After the maximal_queue_lifetime the mails will be bounced as undeliverable. If delay_warning_time is set though, Postfix may send delivery status notifications (DSN) and warn the sender that a mail could not be sent yet. This only applies to more recent versions of Postfix that support DSN (starting from version 2.3). In the meantime, your log will fill with timeouts. There are a lot of options to set timeouts that fit your situation: postconf -d| grep timeout connection_cache_protocol_timeout = 5s daemon_timeout = 18000s ipc_timeout = 3600s lmtp_connect_timeout = 0s lmtp_data_done_timeout = 600s lmtp_data_init_timeout = 120s lmtp_data_xfer_timeout = 180s lmtp_lhlo_timeout = 300s lmtp_mail_timeout = 300s lmtp_quit_timeout = 300s lmtp_rcpt_timeout = 300s lmtp_rset_timeout = 20s lmtp_starttls_timeout = 300s lmtp_tls_session_cache_timeout = 3600s lmtp_xforward_timeout = 300s milter_command_timeout = 30s milter_connect_timeout = 30s milter_content_timeout = 300s qmqpd_timeout = 300s smtp_connect_timeout = 30s smtp_data_done_timeout = 600s smtp_data_init_timeout = 120s smtp_data_xfer_timeout = 180s smtp_helo_timeout = 300s smtp_mail_timeout = 300s smtp_quit_timeout = 300s smtp_rcpt_timeout = 300s smtp_rset_timeout = 20s smtp_starttls_timeout = 300s smtp_tls_session_cache_timeout = 3600s smtp_xforward_timeout = 300s smtpd_policy_service_timeout = 100s smtpd_proxy_timeout = 100s smtpd_starttls_timeout = 300s smtpd_timeout = 300s smtpd_tls_session_cache_timeout = 3600s trigger_timeout = 10s -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Virtual domain, between Postfix and Qmail
Hans Linux wrote: please enlight me with this issue : As far as i know, Postfix can handle virtual domain, but it can not has the same username for virtual doman. For example I have 2 domain on my server : - domain www.a.com and - domain www.b.com If i have a user named 'hans', and hans is with a.com domain, then i'll have [EMAIL PROTECTED] If b.com domain has a user also name hans, then Postfix will not be able to see there are 2 hans, but only 1 hans. Thus, i can not have [EMAIL PROTECTED] Am i right? No. This is true for domains in $mydestination, but not for domains in virtual_mailbox_domains. On the other hand, qmail will be able to do that. And there are many additional tool for qmail to set that up like vmailmanager, vpopadmin etc, but not postfix. What problem are you trying to solve? If the question is can Postfix do that? the answer is yes, it can, and a lot more, too. If the question is Which MTA should I use? The answer is Use the one you are able to administer and debug.. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] postfix/anvil
John Andersen wrote: Does anyone know if Anvil can set Different Rates for different sources? I notice that the suse list server gets anviled (rate limited) when messages are arriving fast, which puts more load in it, and slows traffic that I really would like to get without delay. These are the parameters that you are looking for: http://www.postfix.org/TUNING_README.html#conn_limit I never noticed these limits, but I compile the snapshots from source. Maybe Suse has changed a few settings. Did you change any of these settings? -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Virtual domain, between Postfix and Qmail
Hudibras wrote: What problem are you trying to solve? If the question is can Postfix do that? the answer is yes, it can, and a lot more, too. If the question is Which MTA should I use? The answer is Use the one you are able to administer and debug.. I do prefer, no doubt about it, qmail. Check www.shupp.org, and install in a twinkle the best mail server (imho, of course). And after, enjoy with a master piece of software. What features were the deciding factor for you to choose Qmail? I don't have any experience with Qmail myself, I chose Postfix because it has a great support community, a very active development and the documentation is extensive and accurate. Features like DSN and Policy Server/Milters also became very important. If I had to choose another MTA other than Postfix I would probably switch to Exim. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Virtual domain, between Postfix and Qmail
Hudibras wrote: El vie, 29-06-2007 a las 15:06 +0200, Sandy Drobic escribió: Hudibras wrote: What problem are you trying to solve? If the question is can Postfix do that? the answer is yes, it can, and a lot more, too. If the question is Which MTA should I use? The answer is Use the one you are able to administer and debug.. I do prefer, no doubt about it, qmail. Check www.shupp.org, and install in a twinkle the best mail server (imho, of course). And after, enjoy with a master piece of software. What features were the deciding factor for you to choose Qmail? I don't have any experience with Qmail myself, I chose Postfix because it has a great support community, a very active development and the documentation is extensive and accurate. Features like DSN and Policy Server/Milters also became very important. Do as you like. It's only my advice. But after many years testing nearly every mail server, I don't change qmail for anything in this world. It's simply a master piece of software. People who knows me also know my opinion about qmail, and I think this way from 1998-1999, when I tested the first time. It's great that you like Qmail, but this doesn't give my any information to compare it to Postfix. Ideally it would be great if someone had worked with both programs and could compare how much effort it took to reach the same result. The first (beta) version of Postfix was released 1999, the first stable release 1.0 appeared 2001, so I guess you didn't test Postfix at that time. All features you like in a mail server, qmail does have them. So, why don't you try and if not of your taste, install any other. I can assure you my qmail is really the same I've got from 2002. And I sleep peacefully while qmail works. That's not good, I know, but if you don't want be ever watching a mail server, install qmail and forget yourself. I have heard the same being said about Postfix. I still wonder how anyone can just install a mailserver and then forget about it. I am always finetuning the configuration to adapt to new spammer tricks. agreed, it would probably work without finetuning, but the rate of rejected spam would probably drop a lot. A big German ISP tested this, they simply stopped finetuning their configuration and noticed a considerable drop in their rejection rate. If I had to choose another MTA other than Postfix I would probably switch to Exim. Postfix and Exim are two great mail servers, but I still do prefer qmail, because (and it's only my opinion) is much better in most cases. qmail version is the same from 1998, and it does not need any more; but there are many people around helping and making add-ons, making it more powerful and never, never, never has a security hole or anything like these. However, sendmail or postfix really have holes... or is that not true? At least for Postfix it is not true. Sendmail had some problems with security some years ago. In the last years I they tightened their code a lot. Though I do remember that Sendmail had a remote exploitable bug last year. One good hint how secure Postfix is: Borderware has chosen Postfix as the MTA of their Firewall. So decide and have a try qmail, and you'll not be disappointed. So far, this does not yet give me enough encouragement to invest the many month of work to dig into Qmail as I did with Postfix. Before I change I have to know if the annoyances in Postfix are worth dealing with the annoyances of another MTA. Every piece of software has some drawbacks, the question is rather if I am willing to live with it or if I can circumvent the annoyance. Since I know Postfix quite well, so I know how to work around the annoyances of Postfix, but that is not the case with Qmail (or Exim or Sendmail). Recipient validation for example is very important, how and at what stage of the smtp dialogue is it done in Qmail? I would probably have to spend quite some hours to find the anwser. Time is expensive, I only have a limited supply of it. (^-^) -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Virtual domain, between Postfix and Qmail
Hudibras wrote: El vie, 29-06-2007 a las 18:15 +0200, Sandy Drobic escribió: Hudibras wrote: El vie, 29-06-2007 a las 15:06 +0200, Sandy Drobic escribió: Hudibras wrote: What problem are you trying to solve? If the question is can Postfix do that? the answer is yes, it can, and a lot more, too. If the question is Which MTA should I use? The answer is Use the one you are able to administer and debug.. I do prefer, no doubt about it, qmail. Check www.shupp.org, and install in a twinkle the best mail server (imho, of course). And after, enjoy with a master piece of software. What features were the deciding factor for you to choose Qmail? I don't have any experience with Qmail myself, I chose Postfix because it has a great support community, a very active development and the documentation is extensive and accurate. Features like DSN and Policy Server/Milters also became very important. Do as you like. It's only my advice. But after many years testing nearly every mail server, I don't change qmail for anything in this world. It's simply a master piece of software. People who knows me also know my opinion about qmail, and I think this way from 1998-1999, when I tested the first time. It's great that you like Qmail, but this doesn't give my any information to compare it to Postfix. I've no time (maybe several hours...) to explain each other capabilities. But this is not the forum to that. I only said if you would like a great (the best one, imho) MTA, qmail would be the first to begin with. I've got the same problem (not enough time), so I am very careful when the project will consume hundreds of hours (it does take that much time to really understand another program of that scale). Ideally it would be great if someone had worked with both programs and could compare how much effort it took to reach the same result. i've worked with both and more programs, as I said before. That should give you a good basis to remember some circumstances where something was very easy to configure in one product and much more difficult in another. That is what I am looking for, the gotchas that you encounter when you start to learn a program. The first (beta) version of Postfix was released 1999, the first stable release 1.0 appeared 2001, so I guess you didn't test Postfix at that time. Well, I've said I began to test MTAs in 1998-1999, but I refered to it in general, not considering Postfix o Exaim or Sendmail dates of release. That is not important. I assure you I have used Postfix and I missed mails, because of smtp deliveries if some cases. However that thing never happened with qmail, independently the type of delivery, domain existance or not, etc. That is also what I am looking for. Can you remember under what circumstances it happened and how long ago (which Postfix version)? All features you like in a mail server, qmail does have them. So, why don't you try and if not of your taste, install any other. I can assure you my qmail is really the same I've got from 2002. And I sleep peacefully while qmail works. That's not good, I know, but if you don't want be ever watching a mail server, install qmail and forget yourself. I have heard the same being said about Postfix. I still wonder how anyone can just install a mailserver and then forget about it. I am always finetuning the configuration to adapt to new spammer tricks. agreed, it would probably work without finetuning, but the rate of rejected spam would probably drop a lot. Of course. Postfix is a very very good MTA. I agree with you. But... qmail is better. It's completely modular, and... several of today Postfix capabilities are copied from qmail, like Maildir boxes... and more. Grin! If Postfix has (copied) all those features you like I don't need to learn Qmail. (^-^) Wietse himself said, that he rebuild in Postfix a lot of features he liked in Sendmail. One of the bigger implementations of new features was the milter protocol that was used only for Sendmail before. That gives Postfix admins access to the large base of milter applications. He even got a price from Sendmail for his implementation. A big German ISP tested this, they simply stopped finetuning their configuration and noticed a considerable drop in their rejection rate. I've heard more things like this about qmail... So, that's not important to me. For instance, several of the most important Domain Registration Servers use qmail! I hope you know what I mean (my English is not as good as my mother tongue). Qmail is one of the standard MTAs, no question. If I had to choose another MTA other than Postfix I would probably switch to Exim. Postfix and Exim are two great mail servers, but I still do prefer qmail, because (and it's only my opinion) is much better in most cases. qmail version is the same from 1998, and it does not need any more; but there are many people around helping and making add-ons, making
Re: [opensuse] Virtual domain, between Postfix and Qmail
Sloan wrote: We were a sendmail shop for years, and looked at other MTAs, always looking for the optimum setup. We looked at qmail, and found a few things we didn't like. It was so starkly different from sendmail that we'd have a lot of work to do to adapt our scripts etc to it, and there would be a learning curve for our admins. Also there were some technical When I started learning about MTAs I tried to understand Sendmail and gave up when even the documentation and how-tos sounded like so much gibberish to me. Postfix on the other hand is documented very accurately. How long did it take you to get a grip on the basics of QMail? details we didn't like - mail queue files were referenced by inode number, so if we ever had to recover from a disaster, guess what? different inode numbers, and we're hosed. Also, we had thousands of aliases and redirects which change daily - postfix and sendmail easily handle this, but qmail seemed a bit more awkward to configure. How were the lookups done, LDAP/SQL or flat files? What were the symptoms? In any case, we settled on postfix, and found it to be essentially sendmail on steroids for the most part - much lower demand on system resources, very flexible and fast, and no more security alerts. Yes, Postfix as well as QMail were developed out of need for secure MTAs, as I just read on http://cr.yp.to/qmail.html. Wietse does take care not to introduce features that waste resources. Probably one of the reasons whey Suse changed to Postfix as the default MTA. Thanks for the view of a (previous) Sendmail user. Did you have a look at Exim as well? When I took a casual look at their documentation it seemed quite nice. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Virtual domain, between Postfix and Qmail
Hudibras wrote: Sendmail had some problems with security some years ago. In the last years I they tightened their code a lot. Though I do remember that Sendmail had a remote exploitable bug last year. Yes. Sendmail is already history... Sendmail is used bz considerably more, and considerably larger installations than qmail. Yes. In 1929 considerably more people voted Hitler. But let's stop the hearsay debate, OK? No. It's not a debate. I think it's a very good thing to discuss things, programs, servers here. I learn a lot! Debate is okay, but please no more comparisons like the one above. That kills any desire to debate. :-( -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Intel Core Duo buggy as hell?
James D. Parra wrote: On Friday 29 June 2007 20:16:11 Stevens wrote: I personally think that Intel chip problems and their potential impact on opensuse, Redhat, Ubuntu or any one of the mryiad variants of Linux out there would be very much on topic or, at the very least, close enough to not warrant an admonition from you. I agree, I thought it was highly interesting, and might explain a few issues I've been seeing. I don't think it was off topic I concur. If this bug affects Linux, then it affects OpenSuse as well. The article seemed relevant and a good warning for anyone installing Linux on boards utilizing this Intel chip. Linus opinion about this affair: http://www.realworldtech.com/forums/index.cfm?action=detailid=80552threadid=80534roomid=2 -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Virtual domain, between Postfix and Qmail
Sloan wrote: Sandy Drobic wrote: When I started learning about MTAs I tried to understand Sendmail and gave up when even the documentation and how-tos sounded like so much gibberish to me. Postfix on the other hand is documented very accurately. How long did it take you to get a grip on the basics of QMail? Oh, our look at qmail was much more high level, we didn't invest the time required to get a grip on it. It was research, and then saying for each of our main functions OK, we do this in sendmail, how can we accomplish the same thing in qmail? Nice. I wish I had the time to do that as well. (^-^) What were the features that differed the most in implementation or performance? details we didn't like - mail queue files were referenced by inode number, so if we ever had to recover from a disaster, guess what? different inode numbers, and we're hosed. Also, we had thousands of aliases and redirects which change daily - postfix and sendmail easily handle this, but qmail seemed a bit more awkward to configure. How were the lookups done, LDAP/SQL or flat files? What were the symptoms? Lookups are done from local db files for optimum speed. The files are updated several times a day with automated scripts, but we need our mail gateways to be blazing fast, so the potential delay in waiting for ldap response from a remote lotus notes server running on windoze was unacceptable to us. Now that notes is being moved off of windoze and onto a p-series running AIX we may revisit that, but the current system works well. Our domino servers are still running on windows. I am also using a script to extract all valid recipients with ldap lookups. Even for a relative low volume site as our company I decided to stay with the script instead of direct ldap lookups. I didn't have a reason yet to stress test the ldap server, and with postfix in front of the domino servers I probably never will. Yes, Postfix as well as QMail were developed out of need for secure MTAs, as I just read on http://cr.yp.to/qmail.html. Wietse does take care not to introduce features that waste resources. Probably one of the reasons whey Suse changed to Postfix as the default MTA. Thanks for the view of a (previous) Sendmail user. Did you have a look at Exim as well? When I took a casual look at their documentation it seemed quite nice. We looked at exim, and it seemed to have some nice features - but we need to get the maximum mail throughput and minimum latency possib;e, and postfix was far and away the performance winner. BTW in researching benchmark results, I was unable to find any evidence of qmail's purported performance advantages over sendmail. I would also like to see some test results done on the same hardware and the same base of testmails. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Virtual domain, between Postfix and Qmail
Sloan wrote: Sandy Drobic wrote: What were the features that differed the most in implementation or performance? Our look at qmail was some years ago so it's getting a bit fuzzy now. ISTR that qmail seemed to be full of gratuitous differences in the interface with no tangible benefit. I won't deny that it seemed smaller and cleaner than sendmail, but the message store by inode was one deal breaker, as I mentioned. Also ISTR that we would have needed thousands of alias files to do what we were doing in sendmail. Agreed, that is a bit awkward if you need to be able to scale very high. I would also like to see some test results done on the same hardware and the same base of testmails. Well, from memory (this was several years ago) we had 2 identical linux test machines, rather modest, hp desktop class hardware as I remember. One was running sendmail, the other postfix, default configs. We fed them both with a mail spool of a few thousand messages and the difference was significant. The postfix box finished processing and delivering the messages in a few minutes. At this point, the sendmail box was thrashing, with a load average around 40. It finally finished about half an hour later. That one test settled the postfix-vs-sendmail debate for me. I assume that you configured both systems with reasonable defaults? Transfer over SMTP is indeed blazing fast with Postfix. I had to switch off my main server over night once. The queue on the replacement drained almost immediately (a few hundred mails only) when the primary came online again. Although the mails then sat in the active queue of the primary waiting to be scanned by amavisd-new. (^-^) -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] Virtual domain, between Postfix and Qmail
Sloan wrote: Sandy Drobic wrote: Sloan wrote: Well, from memory (this was several years ago) we had 2 identical linux test machines, rather modest, hp desktop class hardware as I remember. One was running sendmail, the other postfix, default configs. We fed them both with a mail spool of a few thousand messages and the difference was significant. The postfix box finished processing and delivering the messages in a few minutes. At this point, the sendmail box was thrashing, with a load average around 40. It finally finished about half an hour later. That one test settled the postfix-vs-sendmail debate for me. I assume that you configured both systems with reasonable defaults? Actually that would be the linux vendor - IOW it was straight, out of the box default configs. Bleah, Suse configures Postfix with two smtpd processes as default. It's a nullclient, and the limits are set accordingly. (^-^) -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]