[spamdyke-users] Block Wrong To: ?
Hello, in the past days my server receives alot of spam from known and valid mailhosts (aim, hotmail, etc) and I am looking for a solution to greylist/blacklist those attempts. If I look into the mailheaders the receiving mail-address is not even listed (guess th BCC field is used). I attach two mail headers which are spam. Is there a solution for such emails? Mailheader one X-Spam-Checker-Version: SpamAssassin 3.1.7-deb3 (2006-10-05) on h1406933.stratoserver.net X-Spam-Level: X-Spam-Status: No, score=0.6 required=7.0 tests=HTML_MESSAGE,NO_REAL_NAME, UNPARSEABLE_RELAY autolearn=no version=3.1.7-deb3 Received: (qmail 2509 invoked from network); 3 Jun 2009 20:31:34 +0200 Received-SPF: pass (stefanpausch.com: domain of aim.com designates 64.12.143.145 as permitted sender) client-ip=64.12.143.145; envelope-from=scazonak...@aim.com; helo=omr-m33.mx.aol.com; Received: from omr-m33.mx.aol.com (64.12.143.145) by stefanpausch.com with SMTP; 3 Jun 2009 20:31:34 +0200 Received: from imo-da04.mx.aol.com (imo-da04.mx.aol.com [205.188.169.202]) by omr-m33.mx.aol.com (8.14.1/8.14.1) with ESMTP id n53ICXql028666; Wed, 3 Jun 2009 14:12:33 -0400 Received: from scazonak...@aim.com by imo-da04.mx.aol.com (mail_out_v40_r1.5.) id i.c99.4b08cd82 (37533) for garyjc...@hotmail.com; Wed, 3 Jun 2009 14:12:23 -0400 (EDT) Received: from smtprly-db02.mx.aol.com (smtprly-db02.mx.aol.com [205.188.249.153]) by cia-mb01.mx.aol.com (v123.4) with ESMTP id MAILCIAMB016-5c374a26bcf227; Wed, 03 Jun 2009 14:12:19 -0400 Received: from WEBMAIL-DZ24 (webmail-dz24.sim.aol.com [205.188.185.38]) by smtprly-db02.mx.aol.com (v123.4) with ESMTP id MAILSMTPRLYDB025-5c374a26bcf227; Wed, 03 Jun 2009 14:12:02 -0400 To: garyjc...@hotmail.com Subject: Just want to inform you. Date: Wed, 03 Jun 2009 14:12:02 -0400 X-AOL-IP: 79.33.107.112 X-MB-Message-Source: WebUI MIME-Version: 1.0 From: scazonak...@aim.com X-MB-Message-Type: User Content-Type: multipart/alternative; boundary=MB_8CBB28DED8ADDFF_177C_DCE_WEBMAIL-DZ24.sysops.aol.com X-Mailer: AIM WebMail 42952-STANDARD Received: from 79.33.107.112 by WEBMAIL-DZ24.sysops.aol.com (205.188.185.38) with HTTP (WebMailUI); Wed, 03 Jun 2009 14:12:02 -0400 Message-Id: 8cbb28ded861953-177c-...@webmail-dz24.sysops.aol.com --MB_8CBB28DED8ADDFF_177C_DCE_WEBMAIL-DZ24.sysops.aol.com Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Mailheader two X-Spam-Checker-Version: SpamAssassin 3.1.7-deb3 (2006-10-05) on h1406933.stratoserver.net X-Spam-Level: X-Spam-Status: No, score=0.6 required=7.0 tests=HTML_MESSAGE,NO_REAL_NAME, UNPARSEABLE_RELAY autolearn=no version=3.1.7-deb3 Received: (qmail 7560 invoked from network); 4 Jun 2009 16:35:19 +0200 Received-SPF: pass (stefanpausch.com: domain of aim.com designates 205.188.249.131 as permitted sender) client-ip=205.188.249.131; envelope-from=jabne...@aim.com; helo=omr-d33.mx.aol.com; Received: from omr-d33.mx.aol.com (205.188.249.131) by stefanpausch.com with SMTP; 4 Jun 2009 16:35:19 +0200 Received: from imo-da02.mx.aol.com (imo-da02.mx.aol.com [205.188.169.200]) by omr-d33.mx.aol.com (8.14.1/8.14.1) with ESMTP id n54EM8Zn024338; Thu, 4 Jun 2009 10:22:08 -0400 Received: from jabne...@aim.com by imo-da02.mx.aol.com (mail_out_v40_r1.5.) id i.c31.590f1c25 (37552) for bit...@kbbsnet.com; Thu, 4 Jun 2009 10:21:57 -0400 (EDT) Received: from smtprly-db02.mx.aol.com (smtprly-db02.mx.aol.com [205.188.249.153]) by cia-mb03.mx.aol.com (v123.4) with ESMTP id MAILCIAMB031-5c374a27d872b8; Thu, 04 Jun 2009 10:21:54 -0400 Received: from webmail-dh32 (webmail-dh32.sim.aol.com [205.188.170.134]) by smtprly-db02.mx.aol.com (v123.4) with ESMTP id MAILSMTPRLYDB025-5c374a27d872b8; Thu, 04 Jun 2009 10:21:38 -0400 To: bit...@kbbsnet.com Subject: Hot news for you. Date: Thu, 04 Jun 2009 10:21:38 -0400 X-AOL-IP: 83.230.175.12 X-MB-Message-Source: WebUI MIME-Version: 1.0 From: jabne...@aim.com X-MB-Message-Type: User Content-Type: multipart/alternative; boundary=MB_8CBB336E8484651_9F8_5313_webmail-dh32.sysops.aol.com X-Mailer: AIM WebMail 42952-STANDARD Received: from 83.230.175.12 by webmail-dh32.sysops.aol.com (205.188.170.134) with HTTP (WebMailUI); Thu, 04 Jun 2009 10:21:38 -0400 Message-Id: 8cbb336e8411f46-9f8-2...@webmail-dh32.sysops.aol.com --MB_8CBB336E8484651_9F8_5313_webmail-dh32.sysops.aol.com Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Qmail writes with wrong user to the maildir
Hello, i know this is not a spamdyke issue, but since here are very smart heads i thought i give it a try and I hope you don’t mind. I posted already on 3 forums and contacted my provider and plesk support … with no solution at all. My system configuration: - Plesk 9.2.1 with QMail und Spamdyke (+Mysql) - Debian Sarge 64bit ( 2.6.18-6-amd84 ) - xinetd My .qmail configuration: | true | /usr/bin/deliverquota ./Maildir Maildir is: /var/qmail/mailnames/DOMAIN.tld/USER/Maildir/new My problem is that “deliverquota” writes new emails with the wrong username (root:popuser instead of popuser:popuser) into the maildirs (which causes issues). Does anybody here know where I can configure which user:group is used? … this drives me nuts for a few weeks (currently a 1min cronjob is running to correct this issue *sigh) Thanks a lot for any help. --Stefan ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Qmail writes with wrong user to the maildir
Stefan Pausch wrote: Hello, i know this is not a spamdyke issue, but since here are very smart heads i thought i give it a try and I hope you don’t mind. I posted already on 3 forums and contacted my provider and plesk support … with no solution at all. My system configuration: - Plesk 9.2.1 with QMail und Spamdyke (+Mysql) - Debian Sarge 64bit ( 2.6.18-6-amd84 ) - xinetd My .qmail configuration: | true | /usr/bin/deliverquota ./Maildir Maildir is: /var/qmail/mailnames/DOMAIN.tld/USER/Maildir/new My problem is that “deliverquota” writes new emails with the wrong username (root:popuser instead of popuser:popuser) into the maildirs (which causes issues). Does anybody here know where I can configure which user:group is used? … this drives me nuts for a few weeks (currently a 1min cronjob is running to correct this issue *sigh) Thanks a lot for any help. --Stefan I'm not familiar with Plesk, but I believe that if you set the sticky bit on the email folder (/var/qmail/mailnames/DOMAIN.tld/USER/Maildir/new), then the individual emails will be created with the owner of that folder instead of the owner of the process that runs deliverquota. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Qmail writes with wrong user to the maildir
I'm not familiar with Plesk, but I believe that if you set the sticky bit on the email folder (/var/qmail/mailnames/DOMAIN.tld/USER/Maildir/new), then the individual emails will be created with the owner of that folder instead of the owner of the process that runs deliverquota. I set the sticky bit to new, but that wasn't the solution. A few days back I installed plesk on the same debian (version as my server) on a test server and compared directories (owner, rights and structure). Everything looked fine, but qmailquota writes with the wrong username. If I use procmail instead of the standard qmailquota, the correct user is used. I think it's either a qmailquota issue or a qmailqueue issue (Must be something simple I am missing...) Basic qmail config (under /var/qmail/) looks 100% okay. Rights and owner are set correct and qmail is started correctly. --Stefan __ Information from ESET NOD32 Antivirus, version of virus signature database 4131 (20090604) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Qmail writes with wrong user to the maildir
* Stefan Pausch ste...@stefanpausch.com [090604 21:50]: My .qmail configuration: | true | /usr/bin/deliverquota ./Maildir Shouldn't there be a trailing / - ./Maildir/ Don't know what deliverquota is, but if it is suid, you might want to check its perms. Shantanu -- www.shantanukulkarni.org ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Qmail writes with wrong user to the maildir
Hi Eric, check if the privileges of the files in /var/qmail/bin/ are set correctly. Plesk uses qmail-queue as the qmail-wrapper, wich needs the sticky-bit: -r-xr-xr-x 1 root qmail 24704 Aug 24 2008 qmail-lspawn [...] -r-s--x--x 1 drwebqmail 152436 Sep 17 2008 qmail-queue -r-s--x--x 1 drwebqmail 152436 Sep 17 2008 qmail-queue.drweb -r-s--x--x 1 qmailq qmail 20424 Aug 24 2008 qmail-queue.moved -r-x--x--x 1 qmailq qmail 30664 Sep 17 2008 qmail-queue.origin -r-s--x--x 1 root qmail 30664 Aug 24 2008 qmail-queue.plesk These are my binaries with drweb installed. Spamdyke would warn you, if it was running with root, at the config-check, so i guess the problem is not caused by spamdyke. qmail-lspawn is using deliverquota to deliver (http://www.qmail.org/man/man8/qmail-lspawn.html), maybe something is messed up with the above mentioned binaries. Eric Shubert schrieb: Stefan Pausch wrote: Hello, i know this is not a spamdyke issue, but since here are very smart heads i thought i give it a try and I hope you don’t mind. I posted already on 3 forums and contacted my provider and plesk support … with no solution at all. My system configuration: - Plesk 9.2.1 with QMail und Spamdyke (+Mysql) - Debian Sarge 64bit ( 2.6.18-6-amd84 ) - xinetd My .qmail configuration: | true | /usr/bin/deliverquota ./Maildir Maildir is: /var/qmail/mailnames/DOMAIN.tld/USER/Maildir/new My problem is that “deliverquota” writes new emails with the wrong username (root:popuser instead of popuser:popuser) into the maildirs (which causes issues). Does anybody here know where I can configure which user:group is used? … this drives me nuts for a few weeks (currently a 1min cronjob is running to correct this issue *sigh) Thanks a lot for any help. --Stefan I'm not familiar with Plesk, but I believe that if you set the sticky bit on the email folder (/var/qmail/mailnames/DOMAIN.tld/USER/Maildir/new), then the individual emails will be created with the owner of that folder instead of the owner of the process that runs deliverquota. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Qmail writes with wrong user to the maildir
Did you try to run /usr/local/psa/admin/sbin/mchk? Stefan Pausch schrieb: Hello, the /var/qmail/bin/ owner/rights are set correctly (compared to a fresh installation, which works 100% with correct username). The file-permissions or qmail-lspawn und qmail-queue are the same as yours, but the owner is different, because I don’t use drweb. It's either qmail-lspawn (which spawns qmailquota) or a qmail-queue issue, but everything I look up (config files, file permissions, logs etc) hasn’t point me to the cause of the problem. -Original Message- From: spamdyke-users-boun...@spamdyke.org [mailto:spamdyke-users-boun...@spamdyke.org] On Behalf Of David Stiller Sent: Thursday, June 04, 2009 7:23 PM To: spamdyke users Subject: Re: [spamdyke-users] Qmail writes with wrong user to the maildir Hi Eric, check if the privileges of the files in /var/qmail/bin/ are set correctly. Plesk uses qmail-queue as the qmail-wrapper, wich needs the sticky-bit: -r-xr-xr-x 1 root qmail 24704 Aug 24 2008 qmail-lspawn [...] -r-s--x--x 1 drwebqmail 152436 Sep 17 2008 qmail-queue -r-s--x--x 1 drwebqmail 152436 Sep 17 2008 qmail-queue.drweb -r-s--x--x 1 qmailq qmail 20424 Aug 24 2008 qmail-queue.moved -r-x--x--x 1 qmailq qmail 30664 Sep 17 2008 qmail-queue.origin -r-s--x--x 1 root qmail 30664 Aug 24 2008 qmail-queue.plesk These are my binaries with drweb installed. Spamdyke would warn you, if it was running with root, at the config-check, so i guess the problem is not caused by spamdyke. qmail-lspawn is using deliverquota to deliver (http://www.qmail.org/man/man8/qmail-lspawn.html), maybe something is messed up with the above mentioned binaries. __ Information from ESET NOD32 Antivirus, version of virus signature database 4131 (20090604) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Qmail writes with wrong user to the maildir
Verdammt... Thought so. When i ran it, it crashed my whole system^^ So, i guess mchk corrupted your mailsystem. Ok, first run this - if you didn't ;-) strace -feopen /usr/local/psa/admin/bin/mail_auth_dump (using strace to see which files it writes to) Stefan Pausch schrieb: Did you try to run /usr/local/psa/admin/sbin/mchk? The thing is, that’s what (in my opinion) caused the problem in the first place (besides emptying a few configuration files and rewriting other config files with incorrect data :) ). -Original Message- From: David Stiller [mailto:david.stil...@blackbit.de] Sent: Thursday, June 04, 2009 8:17 PM To: ste...@stefanpausch.com; spamdyke users Subject: Re: [spamdyke-users] Qmail writes with wrong user to the maildir Did you try to run /usr/local/psa/admin/sbin/mchk? __ Information from ESET NOD32 Antivirus, version of virus signature database 4131 (20090604) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Qmail writes with wrong user to the maildir
I didn't run strace (had to install it, because i never have used it before) /usr/local/psa/admin/bin/mail_auth_dump does not exist (I think it is gone with the Plesk9 release) mail_auth_view does exist, but I guess that’s not what we are looking for. If I run strace on mail_auth_view it uses some libs and reads the /etc/psa/psa.conf The psa.conf looks okay. Any other idea what I could strace? :) -Original Message- From: David Stiller [mailto:david.stil...@blackbit.de] Sent: Thursday, June 04, 2009 8:40 PM To: ste...@stefanpausch.com; spamdyke users Subject: Re: [spamdyke-users] Qmail writes with wrong user to the maildir Verdammt... Thought so. When i ran it, it crashed my whole system^^ So, i guess mchk corrupted your mailsystem. Ok, first run this - if you didn't ;-) strace -feopen /usr/local/psa/admin/bin/mail_auth_dump (using strace to see which files it writes to) __ Information from ESET NOD32 Antivirus, version of virus signature database 4131 (20090604) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Qmail writes with wrong user to the maildir
David, thanks alot for your suggestions. I played a bit around and for some weird reasons the server works now. I ran mchk 2 more times which fucked the whole machine ... email receiving was dead for an hour, or so. Installed a local testsystem and compared the rights/users - everything was 100% the same, but my liveserver didn’t receive emails anymore. The error logs showed some permission denied errors. I finally ran into a suggestion to set qmail-local to mhandlers-user.popuser along with chmod g+s and g-r,o-r which a) made me receiving emails again b) corrected my wrong user problem While the problems are gone I still can't tell what caused my problem and what is the correct solution. Thanks alot -Original Message- From: David Stiller [mailto:david.stil...@blackbit.de] Sent: Thursday, June 04, 2009 9:18 PM To: ste...@stefanpausch.com; spamdyke users Subject: Re: [spamdyke-users] Qmail writes with wrong user to the maildir Sure, you could strace mchk, if there was not enough output. ;-) mail_auth_dump was more than just a dump on the 8.6. You also can watch a running process, maybe you can catch the conf-file wich deliverquota is reading! check the pid of couriertcp (thats also using deliverquota), or the other procs needed, like qmail-lspawn or deliverquota it self. You can attach to running processes like this: strace -p pid -feopen replace pid with the pid you found out. Hopefully you see opening errors causing deliverquota to fall back to default user root, or something like that. -feopen is the parameter to limit the trace to the needed file-opening. The rest strace spits out, might just be to much. ;-) __ Information from ESET NOD32 Antivirus, version of virus signature database 4132 (20090604) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users