Re: [xmail] Logging of hack attempts and unauthorized relay attempts
On Wed, 28 Jan 2009, Ralf wrote: Hi, how can I enable verbose logging in xmail? I need especially to know about unauthorized connects to the mail/pop server (ie. mailbox hack attempts by trying many password), and also of unauthorized mail relaying/forwarding attempts. Do these events get logged? Yes, once you enable logging with the proper command line options: http://www.xmailserver.org/Readme.html#command_line - Davide ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] Enabling SPF howto?
On Thu, 29 Jan 2009, Ralf wrote: I'm trying to switch from qmail to xmail. There I had SPF activated and would like to use SPF also in xmail. I saw that there is a perl script for SPF (http://www.xmailserver.org/xm-spf.pl), but how do I integrate it into xmail? Suggestion. Leave SPF alone. Nobody is using it and its contribution on SPAM-cutting on my servers was totally irrelevant WRT greylisting and RBLs. The whole SPF project tanked, badly. - Davide ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] Logging of hack attempts and unauthorized relay attempts
Davide Libenzi wrote: On Wed, 28 Jan 2009, Ralf wrote: Hi, how can I enable verbose logging in xmail? I need especially to know about unauthorized connects to the mail/pop server (ie. mailbox hack attempts by trying many password), and also of unauthorized mail relaying/forwarding attempts. Do these events get logged? Yes, once you enable logging with the proper command line options: http://www.xmailserver.org/Readme.html#command_line Thanks Davide. I've now added the following options to the xmail start script (ie. /etc/init.d/xmail) and restarted xmail: XMAIL_CMD_LINE=-Pl -Sl -Ql -Ll -Fl -Cl -Yl Ok, now I'll have to do some test-connects and analyse the logs in the MailRoot/logs dir to locate the entries I need. Many thanks, xmail rocks! :-) ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
[xmail] xmail in Debian pkg eats up more than 200 MB ! (maybe debug build? :-)
Here's an IMO interessting observation/experience I made when I installed xmail the first time on my Debian 4 (Etch) and 5 (Lenny) boxes: When I install it from the Debian repository (via apt-get or via aptitude etc.) then xmail eats up more than 200 MB RAM !!!. I couldn't believe it and have immediately deinstalled it! :-) But then I took a quick look into the source code and I couldn't believe that this clean C++ source really eats up that much memory (FYI I'm myself C++ programmer). Just for fun I compiled it myself and installed it and started it. What a surprize! xmail eats up only about 6 MB memory! Not 200 MB ! So, the xmail package maintainer at Debian must have done something badly wrong! Maybe you should inform the xmail package mainter at Debian. I've unfortunately no time at the moment because of switching my mail servers from qmail to xmail. FYI: This issue (6 MB vs 200 MB) is in my case very important because I run my mail servers on rented VPS boxes which have only 128 or 256 MB total RAM allocated for the whole VPS... cu ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] xmail in Debian pkg eats up more than 200 MB ! (maybe debug build? :-)
On Thu, 29 Jan 2009, Ralf wrote: Here's an IMO interessting observation/experience I made when I installed xmail the first time on my Debian 4 (Etch) and 5 (Lenny) boxes: When I install it from the Debian repository (via apt-get or via aptitude etc.) then xmail eats up more than 200 MB RAM !!!. I couldn't believe it and have immediately deinstalled it! :-) But then I took a quick look into the source code and I couldn't believe that this clean C++ source really eats up that much memory (FYI I'm myself C++ programmer). Just for fun I compiled it myself and installed it and started it. What a surprize! xmail eats up only about 6 MB memory! Not 200 MB ! So, the xmail package maintainer at Debian must have done something badly wrong! Maybe you should inform the xmail package mainter at Debian. I've unfortunately no time at the moment because of switching my mail servers from qmail to xmail. Such memory is very likely the per-thread VM stack memory reservation. I dunno how it was built, but likely the Debian build uses some linking to libraries the in GLIBC trigger the extra NPTL stack reservation. Setting something like `ulimit -s 128` in the XMail startup scripts should fix the issue even for the Debian build). - Davide ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] Enabling SPF howto?
Davide Libenzi wrote: On Thu, 29 Jan 2009, Ralf wrote: I'm trying to switch from qmail to xmail. There I had SPF activated and would like to use SPF also in xmail. I saw that there is a perl script for SPF (http://www.xmailserver.org/xm-spf.pl), but how do I integrate it into xmail? Suggestion. Leave SPF alone. Nobody is using it and its contribution on SPAM-cutting on my servers was totally irrelevant WRT greylisting and RBLs. The whole SPF project tanked, badly. Sorry Davide, but I _must_ use SPF. That's the policy here. I would very much appreciate it if you could show me how to activate SPF in xmail (maybe you should include this info into the comment header of the xm-spf.pl file). Best Regards, Ralf ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] Enabling SPF howto?
fred wrote: It might help you but this is the script that I have made / use: http://xmailforum.homelinux.net/index.php?showtopic=4260 Tnanks fred, but per our security policy I can use only C/C++ source and bash or perl scripts. But especially php and python aren't allowed on the Linux boxes where our mail servers run. Best Regards, Ralf -Original Message- From: xmail-boun...@xmailserver.org [mailto:xmail-boun...@xmailserver.org] On Behalf Of Ralf Sent: 28 janvier 2009 20:43 To: XMail Users Mailing List Subject: Re: [xmail] Enabling SPF howto? Davide Libenzi wrote: On Thu, 29 Jan 2009, Ralf wrote: I'm trying to switch from qmail to xmail. There I had SPF activated and would like to use SPF also in xmail. I saw that there is a perl script for SPF (http://www.xmailserver.org/xm-spf.pl), but how do I integrate it into xmail? Suggestion. Leave SPF alone. Nobody is using it and its contribution on SPAM-cutting on my servers was totally irrelevant WRT greylisting and RBLs. The whole SPF project tanked, badly. Sorry Davide, but I _must_ use SPF. That's the policy here. I would very much appreciate it if you could show me how to activate SPF in xmail (maybe you should include this info into the comment header of the xm-spf.pl file). Best Regards, Ralf ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] Enabling SPF howto?
On Thu, 29 Jan 2009, Ralf wrote: fred wrote: It might help you but this is the script that I have made / use: http://xmailforum.homelinux.net/index.php?showtopic=4260 Tnanks fred, but per our security policy I can use only C/C++ source and bash or perl scripts. But especially php and python aren't allowed on the Linux boxes where our mail servers run. I really don't remember. I only briefly used it, given its complete failure to stop anything. You prolly want to use filters.post-rcpt.tab with something like: !aex[TAB]PATH/xm-spf.pl[TAB]--ip[TAB]$(REMOTEADDR)[TAB] \ --sender[TAB]$(FROM)[TAB]--rcpt-to[TAB]$(CRCPT) Where [TAB] is the *real* TAB character, and that's a single line (' \ ') trimmed. I cannot ensure you any success though :) - Davide ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] Enabling SPF howto?
Davide Libenzi wrote: On Thu, 29 Jan 2009, Ralf wrote: fred wrote: It might help you but this is the script that I have made / use: http://xmailforum.homelinux.net/index.php?showtopic=4260 Tnanks fred, but per our security policy I can use only C/C++ source and bash or perl scripts. But especially php and python aren't allowed on the Linux boxes where our mail servers run. I really don't remember. I only briefly used it, given its complete failure to stop anything. You prolly want to use filters.post-rcpt.tab with something like: !aex[TAB]PATH/xm-spf.pl[TAB]--ip[TAB]$(REMOTEADDR)[TAB] \ --sender[TAB]$(FROM)[TAB]--rcpt-to[TAB]$(CRCPT) Where [TAB] is the *real* TAB character, and that's a single line (' \ ') trimmed. I cannot ensure you any success though :) Thanks, will try it out. Here are some examples of SPF catches by my other mail server. It shows that SPF indeed catches spammers who misusingly use the same domain name of the destination mail server or of the To-adress for their own machine to trick the mail server to believe he is from the same domain... SPF is not a spam solution, it just checks whether the sending machine has been authorized (via DNS SPF/TXT record) to send mail for that domain. So it catches those spammers who illegally use other domain names in their own hostname / mail domain name... Log excerpt: Received-SPF: softfail (srv3.amitrader.com: transitioning SPF record at blue.plala.or.jp does not designate 92.39.220.216 as permitted sender) Received-SPF: softfail (srv3.amitrader.com: transitioning SPF record at dvdownunder.com.au does not designate 91.124.168.23 as permitted sender) Received-SPF: softfail (srv3.amitrader.com: transitioning SPF record at msn.com does not designate 213.21.33.60 as permitted sender) The return values (above softfail; there are some more) can help to decide whether to accept or reject mail from such a sender... In the above cases my mail server rejected to accept mail from those spammers. BTW, here is your own SPF entry: :-) Received-SPF: pass (srv3.amitrader.com: SPF record at xmailserver.org designates 64.71.152.41 as permitted sender) Received: (qmail 23732 invoked from network); 29 Jan 2009 03:18:32 +0100 Received: from x35.xmailserver.org (64.71.152.41) by srv3.amitrader.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 29 Jan 2009 03:18:32 +0100 Received-SPF: pass (srv3.amitrader.com: SPF record at xmailserver.org designates 64.71.152.41 as permitted sender) Received: from x35.xmailserver.org ([:::127.0.0.1]:50052) by x35.xmailserver.org with [XMail 1.26 ESMTP Server] id S2CB6CA for r...@amitrader.com from xmail-boun...@xmailserver.org; Wed, 28 Jan 2009 21:17:44 -0500 X-AuthUser: davi...@xmailserver.org Received: from alien.or.mcafeemobile.com by x35.xmailserver.org with [XMail 1.26 ESMTP Server] id S2CB6C7 for xmail@xmailserver.org from davi...@xmailserver.org; Wed, 28 Jan 2009 21:17:29 -0500 Date: Wed, 28 Jan 2009 18:17:28 -0800 (PST) From: Davide Libenzi davi...@xmailserver.org X-X-Sender: dav...@alien.or.mcafeemobile.com To: XMail Users Mailing List xmail@xmailserver.org In-Reply-To: 49810ea6.4090...@amitrader.com Message-ID: alpine.deb.1.10.0901281810160.21...@alien.or.mcafeemobile.com References: 4980fb23.6070...@amitrader.com alpine.deb.1.10.0901281704560.21...@alien.or.mcafeemobile.com 49810994.4020...@amitrader.com 004901c981b3$9abf30c0$d03d92...@com 49810ea6.4090...@amitrader.com User-Agent: Alpine 1.10 (DEB 962 2008-03-14) X-GPG-FINGRPRINT: CFAE 5BEE FD36 F65E E640 56FE 0974 BF23 270F 474E X-GPG-PUBLIC_KEY: http://www.xmailserver.org/davidel.asc MIME-Version: 1.0 Subject: Re: [xmail] Enabling SPF howto? X-BeenThere: xmail@xmailserver.org X-Mailman-Version: 2.1.11 Precedence: list Reply-To: XMail Users Mailing List xmail@xmailserver.org List-Id: XMail Users Mailing List xmail.xmailserver.org List-Unsubscribe: http://xmailserver.org/mailman/options/xmail, mailto:xmail-requ...@xmailserver.org?subject=unsubscribe List-Archive: http://xmailserver.org/pipermail/xmail List-Post: mailto:xmail@xmailserver.org List-Help: mailto:xmail-requ...@xmailserver.org?subject=help List-Subscribe: http://xmailserver.org/mailman/listinfo/xmail, mailto:xmail-requ...@xmailserver.org?subject=subscribe Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: xmail-boun...@xmailserver.org Errors-To: xmail-boun...@xmailserver.org snip ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] Enabling SPF howto?
Besides the mentioned perl module there is also a native C library for SPF/SRS (and also a prebuilt package in the Debian repository), called libspf2, so it would IMO make sense to add native SPF capability into xmail. http://packages.debian.org/unstable/source/libspf2 Source Package: libspf2 (1.2.9-1) Homepage www.libspf2.org The following binary packages are built from this source package: libspf2-2 library for validating mail senders with SPF libspf2-dev Header and development libraries for libspf2 spfquery query SPF (Sender Policy Framework) to validate mail senders The Sender Policy Framework (SPF) is one part of the SPF/SRS protocol pair. SPF allows email systems such as Sendmail, Postfix, Exim, Zmailer and MS Exchange to check SPF records and make sure that the email is authorized by the domain name that it is coming from. This prevents email forgery, commonly used by spammers, scammers and email viruses/worms. This package contains simple utilities that use libspf2 to test and query SPF records. And here is a list of mail servers with SPF-support: http://www.openspf.org/Implementations Ralf wrote: Davide Libenzi wrote: On Thu, 29 Jan 2009, Ralf wrote: fred wrote: It might help you but this is the script that I have made / use: http://xmailforum.homelinux.net/index.php?showtopic=4260 Tnanks fred, but per our security policy I can use only C/C++ source and bash or perl scripts. But especially php and python aren't allowed on the Linux boxes where our mail servers run. I really don't remember. I only briefly used it, given its complete failure to stop anything. You prolly want to use filters.post-rcpt.tab with something like: !aex[TAB]PATH/xm-spf.pl[TAB]--ip[TAB]$(REMOTEADDR)[TAB] \ --sender[TAB]$(FROM)[TAB]--rcpt-to[TAB]$(CRCPT) Where [TAB] is the *real* TAB character, and that's a single line (' \ ') trimmed. I cannot ensure you any success though :) Thanks, will try it out. Here are some examples of SPF catches by my other mail server. It shows that SPF indeed catches spammers who misusingly use the same domain name of the destination mail server or of the To-adress for their own machine to trick the mail server to believe he is from the same domain... SPF is not a spam solution, it just checks whether the sending machine has been authorized (via DNS SPF/TXT record) to send mail for that domain. So it catches those spammers who illegally use other domain names in their own hostname / mail domain name... Log excerpt: Received-SPF: softfail (srv3.amitrader.com: transitioning SPF record at blue.plala.or.jp does not designate 92.39.220.216 as permitted sender) Received-SPF: softfail (srv3.amitrader.com: transitioning SPF record at dvdownunder.com.au does not designate 91.124.168.23 as permitted sender) Received-SPF: softfail (srv3.amitrader.com: transitioning SPF record at msn.com does not designate 213.21.33.60 as permitted sender) The return values (above softfail; there are some more) can help to decide whether to accept or reject mail from such a sender... In the above cases my mail server rejected to accept mail from those spammers. BTW, here is your own SPF entry: :-) Received-SPF: pass (srv3.amitrader.com: SPF record at xmailserver.org designates 64.71.152.41 as permitted sender) Received: (qmail 23732 invoked from network); 29 Jan 2009 03:18:32 +0100 Received: from x35.xmailserver.org (64.71.152.41) by srv3.amitrader.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 29 Jan 2009 03:18:32 +0100 Received-SPF: pass (srv3.amitrader.com: SPF record at xmailserver.org designates 64.71.152.41 as permitted sender) Received: from x35.xmailserver.org ([:::127.0.0.1]:50052) by x35.xmailserver.org with [XMail 1.26 ESMTP Server] id S2CB6CA for r...@amitrader.com from xmail-boun...@xmailserver.org; Wed, 28 Jan 2009 21:17:44 -0500 X-AuthUser: davi...@xmailserver.org Received: from alien.or.mcafeemobile.com by x35.xmailserver.org with [XMail 1.26 ESMTP Server] id S2CB6C7 for xmail@xmailserver.org from davi...@xmailserver.org; Wed, 28 Jan 2009 21:17:29 -0500 Date: Wed, 28 Jan 2009 18:17:28 -0800 (PST) From: Davide Libenzi davi...@xmailserver.org X-X-Sender: dav...@alien.or.mcafeemobile.com To: XMail Users Mailing List xmail@xmailserver.org In-Reply-To: 49810ea6.4090...@amitrader.com Message-ID: alpine.deb.1.10.0901281810160.21...@alien.or.mcafeemobile.com References: 4980fb23.6070...@amitrader.com alpine.deb.1.10.0901281704560.21...@alien.or.mcafeemobile.com 49810994.4020...@amitrader.com 004901c981b3$9abf30c0$d03d92...@com 49810ea6.4090...@amitrader.com User-Agent: Alpine 1.10 (DEB 962 2008-03-14) X-GPG-FINGRPRINT: CFAE 5BEE FD36 F65E E640 56FE 0974 BF23 270F 474E X-GPG-PUBLIC_KEY: http://www.xmailserver.org/davidel.asc MIME-Version: 1.0 Subject: Re: [xmail] Enabling SPF howto? X-BeenThere: xmail@xmailserver.org X-Mailman-Version: 2.1.11 Precedence: list Reply-To: XMail Users Mailing List
Re: [xmail] Return-Path missing in delivery error notifications
On Thu, 29 Jan 2009, My BSD wrote: On Wed, 28 Jan 2009 15:26:36 -0800 (PST) Davide Libenzi davi...@xmailserver.org wrote: On Tue, 27 Jan 2009, My BSD wrote: ... snip ... At the end of the SMTP session, why, when the message already contains a Return-Path header, does XMail not prepend a Return-Path header (and strip any existing header) upon final delivery to a Maildir or MBox, ? Ok, I see it. That was done in order to preserve the Return-Path: for PSYNC messages. But it needs different handling for SMTP. I'll look into it. ... snip ... Good day and thank you Davide. I appreciate your responsiveness and the fact that (unlike a lot of other authors) you don't become defensive, or rude, or both when questions are asked or comments expressed. Sometimes I do too, unfortunately :) - Davide ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail