Re: [xmail] Logging of hack attempts and unauthorized relay attempts
On Wed, 28 Jan 2009, Ralf wrote: Hi, how can I enable verbose logging in xmail? I need especially to know about unauthorized connects to the mail/pop server (ie. mailbox hack attempts by trying many password), and also of unauthorized mail relaying/forwarding attempts. Do these events get logged? Yes, once you enable logging with the proper command line options: http://www.xmailserver.org/Readme.html#command_line - Davide ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] Enabling SPF howto?
On Thu, 29 Jan 2009, Ralf wrote: I'm trying to switch from qmail to xmail. There I had SPF activated and would like to use SPF also in xmail. I saw that there is a perl script for SPF (http://www.xmailserver.org/xm-spf.pl), but how do I integrate it into xmail? Suggestion. Leave SPF alone. Nobody is using it and its contribution on SPAM-cutting on my servers was totally irrelevant WRT greylisting and RBLs. The whole SPF project tanked, badly. - Davide ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] Logging of hack attempts and unauthorized relay attempts
Davide Libenzi wrote: On Wed, 28 Jan 2009, Ralf wrote: Hi, how can I enable verbose logging in xmail? I need especially to know about unauthorized connects to the mail/pop server (ie. mailbox hack attempts by trying many password), and also of unauthorized mail relaying/forwarding attempts. Do these events get logged? Yes, once you enable logging with the proper command line options: http://www.xmailserver.org/Readme.html#command_line Thanks Davide. I've now added the following options to the xmail start script (ie. /etc/init.d/xmail) and restarted xmail: XMAIL_CMD_LINE=-Pl -Sl -Ql -Ll -Fl -Cl -Yl Ok, now I'll have to do some test-connects and analyse the logs in the MailRoot/logs dir to locate the entries I need. Many thanks, xmail rocks! :-) ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
[xmail] xmail in Debian pkg eats up more than 200 MB ! (maybe debug build? :-)
Here's an IMO interessting observation/experience I made when I installed xmail the first time on my Debian 4 (Etch) and 5 (Lenny) boxes: When I install it from the Debian repository (via apt-get or via aptitude etc.) then xmail eats up more than 200 MB RAM !!!. I couldn't believe it and have immediately deinstalled it! :-) But then I took a quick look into the source code and I couldn't believe that this clean C++ source really eats up that much memory (FYI I'm myself C++ programmer). Just for fun I compiled it myself and installed it and started it. What a surprize! xmail eats up only about 6 MB memory! Not 200 MB ! So, the xmail package maintainer at Debian must have done something badly wrong! Maybe you should inform the xmail package mainter at Debian. I've unfortunately no time at the moment because of switching my mail servers from qmail to xmail. FYI: This issue (6 MB vs 200 MB) is in my case very important because I run my mail servers on rented VPS boxes which have only 128 or 256 MB total RAM allocated for the whole VPS... cu ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] xmail in Debian pkg eats up more than 200 MB ! (maybe debug build? :-)
On Thu, 29 Jan 2009, Ralf wrote: Here's an IMO interessting observation/experience I made when I installed xmail the first time on my Debian 4 (Etch) and 5 (Lenny) boxes: When I install it from the Debian repository (via apt-get or via aptitude etc.) then xmail eats up more than 200 MB RAM !!!. I couldn't believe it and have immediately deinstalled it! :-) But then I took a quick look into the source code and I couldn't believe that this clean C++ source really eats up that much memory (FYI I'm myself C++ programmer). Just for fun I compiled it myself and installed it and started it. What a surprize! xmail eats up only about 6 MB memory! Not 200 MB ! So, the xmail package maintainer at Debian must have done something badly wrong! Maybe you should inform the xmail package mainter at Debian. I've unfortunately no time at the moment because of switching my mail servers from qmail to xmail. Such memory is very likely the per-thread VM stack memory reservation. I dunno how it was built, but likely the Debian build uses some linking to libraries the in GLIBC trigger the extra NPTL stack reservation. Setting something like `ulimit -s 128` in the XMail startup scripts should fix the issue even for the Debian build). - Davide ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] Enabling SPF howto?
Davide Libenzi wrote: On Thu, 29 Jan 2009, Ralf wrote: I'm trying to switch from qmail to xmail. There I had SPF activated and would like to use SPF also in xmail. I saw that there is a perl script for SPF (http://www.xmailserver.org/xm-spf.pl), but how do I integrate it into xmail? Suggestion. Leave SPF alone. Nobody is using it and its contribution on SPAM-cutting on my servers was totally irrelevant WRT greylisting and RBLs. The whole SPF project tanked, badly. Sorry Davide, but I _must_ use SPF. That's the policy here. I would very much appreciate it if you could show me how to activate SPF in xmail (maybe you should include this info into the comment header of the xm-spf.pl file). Best Regards, Ralf ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] Enabling SPF howto?
fred wrote: It might help you but this is the script that I have made / use: http://xmailforum.homelinux.net/index.php?showtopic=4260 Tnanks fred, but per our security policy I can use only C/C++ source and bash or perl scripts. But especially php and python aren't allowed on the Linux boxes where our mail servers run. Best Regards, Ralf -Original Message- From: xmail-boun...@xmailserver.org [mailto:xmail-boun...@xmailserver.org] On Behalf Of Ralf Sent: 28 janvier 2009 20:43 To: XMail Users Mailing List Subject: Re: [xmail] Enabling SPF howto? Davide Libenzi wrote: On Thu, 29 Jan 2009, Ralf wrote: I'm trying to switch from qmail to xmail. There I had SPF activated and would like to use SPF also in xmail. I saw that there is a perl script for SPF (http://www.xmailserver.org/xm-spf.pl), but how do I integrate it into xmail? Suggestion. Leave SPF alone. Nobody is using it and its contribution on SPAM-cutting on my servers was totally irrelevant WRT greylisting and RBLs. The whole SPF project tanked, badly. Sorry Davide, but I _must_ use SPF. That's the policy here. I would very much appreciate it if you could show me how to activate SPF in xmail (maybe you should include this info into the comment header of the xm-spf.pl file). Best Regards, Ralf ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] Enabling SPF howto?
On Thu, 29 Jan 2009, Ralf wrote:
fred wrote:
It might help you but this is the script that I have made / use:
http://xmailforum.homelinux.net/index.php?showtopic=4260
Tnanks fred,
but per our security policy I can use only C/C++ source and
bash or perl scripts. But especially php and python aren't allowed
on the Linux boxes where our mail servers run.
I really don't remember. I only briefly used it, given its complete
failure to stop anything.
You prolly want to use filters.post-rcpt.tab with something like:
!aex[TAB]PATH/xm-spf.pl[TAB]--ip[TAB]$(REMOTEADDR)[TAB] \
--sender[TAB]$(FROM)[TAB]--rcpt-to[TAB]$(CRCPT)
Where [TAB] is the *real* TAB character, and that's a single line (' \ ')
trimmed.
I cannot ensure you any success though :)
- Davide
___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] Enabling SPF howto?
Davide Libenzi wrote:
On Thu, 29 Jan 2009, Ralf wrote:
fred wrote:
It might help you but this is the script that I have made / use:
http://xmailforum.homelinux.net/index.php?showtopic=4260
Tnanks fred,
but per our security policy I can use only C/C++ source and
bash or perl scripts. But especially php and python aren't allowed
on the Linux boxes where our mail servers run.
I really don't remember. I only briefly used it, given its complete
failure to stop anything.
You prolly want to use filters.post-rcpt.tab with something like:
!aex[TAB]PATH/xm-spf.pl[TAB]--ip[TAB]$(REMOTEADDR)[TAB] \
--sender[TAB]$(FROM)[TAB]--rcpt-to[TAB]$(CRCPT)
Where [TAB] is the *real* TAB character, and that's a single line (' \ ')
trimmed.
I cannot ensure you any success though :)
Thanks, will try it out.
Here are some examples of SPF catches by my other mail server.
It shows that SPF indeed catches spammers who misusingly
use the same domain name of the destination mail server or
of the To-adress for their own machine to trick the mail server
to believe he is from the same domain...
SPF is not a spam solution, it just checks whether the
sending machine has been authorized (via DNS SPF/TXT record)
to send mail for that domain. So it catches those spammers
who illegally use other domain names in their own hostname / mail domain name...
Log excerpt:
Received-SPF: softfail (srv3.amitrader.com: transitioning SPF record at blue.plala.or.jp does not designate 92.39.220.216 as
permitted sender)
Received-SPF: softfail (srv3.amitrader.com: transitioning SPF record at dvdownunder.com.au does not designate 91.124.168.23 as
permitted sender)
Received-SPF: softfail (srv3.amitrader.com: transitioning SPF record at msn.com
does not designate 213.21.33.60 as permitted sender)
The return values (above softfail; there are some more) can help
to decide whether to accept or reject mail from such a sender...
In the above cases my mail server rejected to accept mail from those spammers.
BTW, here is your own SPF entry: :-)
Received-SPF: pass (srv3.amitrader.com: SPF record at xmailserver.org
designates 64.71.152.41 as permitted sender)
Received: (qmail 23732 invoked from network); 29 Jan 2009 03:18:32 +0100
Received: from x35.xmailserver.org (64.71.152.41)
by srv3.amitrader.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 29 Jan 2009
03:18:32 +0100
Received-SPF: pass (srv3.amitrader.com: SPF record at xmailserver.org
designates 64.71.152.41 as permitted sender)
Received: from x35.xmailserver.org ([:::127.0.0.1]:50052)
by x35.xmailserver.org with [XMail 1.26 ESMTP Server]
id S2CB6CA for r...@amitrader.com from
xmail-boun...@xmailserver.org;
Wed, 28 Jan 2009 21:17:44 -0500
X-AuthUser: davi...@xmailserver.org
Received: from alien.or.mcafeemobile.com
by x35.xmailserver.org with [XMail 1.26 ESMTP Server]
id S2CB6C7 for xmail@xmailserver.org from davi...@xmailserver.org;
Wed, 28 Jan 2009 21:17:29 -0500
Date: Wed, 28 Jan 2009 18:17:28 -0800 (PST)
From: Davide Libenzi davi...@xmailserver.org
X-X-Sender: dav...@alien.or.mcafeemobile.com
To: XMail Users Mailing List xmail@xmailserver.org
In-Reply-To: 49810ea6.4090...@amitrader.com
Message-ID: alpine.deb.1.10.0901281810160.21...@alien.or.mcafeemobile.com
References: 4980fb23.6070...@amitrader.com
alpine.deb.1.10.0901281704560.21...@alien.or.mcafeemobile.com
49810994.4020...@amitrader.com
004901c981b3$9abf30c0$d03d92...@com
49810ea6.4090...@amitrader.com
User-Agent: Alpine 1.10 (DEB 962 2008-03-14)
X-GPG-FINGRPRINT: CFAE 5BEE FD36 F65E E640 56FE 0974 BF23 270F 474E
X-GPG-PUBLIC_KEY: http://www.xmailserver.org/davidel.asc
MIME-Version: 1.0
Subject: Re: [xmail] Enabling SPF howto?
X-BeenThere: xmail@xmailserver.org
X-Mailman-Version: 2.1.11
Precedence: list
Reply-To: XMail Users Mailing List xmail@xmailserver.org
List-Id: XMail Users Mailing List xmail.xmailserver.org
List-Unsubscribe: http://xmailserver.org/mailman/options/xmail,
mailto:xmail-requ...@xmailserver.org?subject=unsubscribe
List-Archive: http://xmailserver.org/pipermail/xmail
List-Post: mailto:xmail@xmailserver.org
List-Help: mailto:xmail-requ...@xmailserver.org?subject=help
List-Subscribe: http://xmailserver.org/mailman/listinfo/xmail,
mailto:xmail-requ...@xmailserver.org?subject=subscribe
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: xmail-boun...@xmailserver.org
Errors-To: xmail-boun...@xmailserver.org
snip
___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] Enabling SPF howto?
Besides the mentioned perl module there is also a native C library
for SPF/SRS (and also a prebuilt package in the Debian repository),
called libspf2, so it would IMO make sense to add native
SPF capability into xmail.
http://packages.debian.org/unstable/source/libspf2
Source Package: libspf2 (1.2.9-1)
Homepage www.libspf2.org
The following binary packages are built from this source package:
libspf2-2
library for validating mail senders with SPF
libspf2-dev
Header and development libraries for libspf2
spfquery
query SPF (Sender Policy Framework) to validate mail senders
The Sender Policy Framework (SPF) is one part of the SPF/SRS protocol pair.
SPF allows email systems such as Sendmail, Postfix, Exim, Zmailer and
MS Exchange to check SPF records and make sure that the email is authorized
by the domain name that it is coming from. This prevents email forgery,
commonly used by spammers, scammers and email viruses/worms.
This package contains simple utilities that use libspf2 to test and query SPF
records.
And here is a list of mail servers with SPF-support:
http://www.openspf.org/Implementations
Ralf wrote:
Davide Libenzi wrote:
On Thu, 29 Jan 2009, Ralf wrote:
fred wrote:
It might help you but this is the script that I have made / use:
http://xmailforum.homelinux.net/index.php?showtopic=4260
Tnanks fred,
but per our security policy I can use only C/C++ source and
bash or perl scripts. But especially php and python aren't allowed
on the Linux boxes where our mail servers run.
I really don't remember. I only briefly used it, given its complete
failure to stop anything.
You prolly want to use filters.post-rcpt.tab with something like:
!aex[TAB]PATH/xm-spf.pl[TAB]--ip[TAB]$(REMOTEADDR)[TAB] \
--sender[TAB]$(FROM)[TAB]--rcpt-to[TAB]$(CRCPT)
Where [TAB] is the *real* TAB character, and that's a single line (' \
') trimmed.
I cannot ensure you any success though :)
Thanks, will try it out.
Here are some examples of SPF catches by my other mail server.
It shows that SPF indeed catches spammers who misusingly
use the same domain name of the destination mail server or
of the To-adress for their own machine to trick the mail server
to believe he is from the same domain...
SPF is not a spam solution, it just checks whether the
sending machine has been authorized (via DNS SPF/TXT record)
to send mail for that domain. So it catches those spammers
who illegally use other domain names in their own hostname / mail domain
name...
Log excerpt:
Received-SPF: softfail (srv3.amitrader.com: transitioning SPF record at
blue.plala.or.jp does not designate 92.39.220.216 as permitted sender)
Received-SPF: softfail (srv3.amitrader.com: transitioning SPF record at
dvdownunder.com.au does not designate 91.124.168.23 as permitted sender)
Received-SPF: softfail (srv3.amitrader.com: transitioning SPF record at
msn.com does not designate 213.21.33.60 as permitted sender)
The return values (above softfail; there are some more) can help
to decide whether to accept or reject mail from such a sender...
In the above cases my mail server rejected to accept mail from those
spammers.
BTW, here is your own SPF entry: :-)
Received-SPF: pass (srv3.amitrader.com: SPF record at xmailserver.org
designates 64.71.152.41 as permitted sender)
Received: (qmail 23732 invoked from network); 29 Jan 2009 03:18:32 +0100
Received: from x35.xmailserver.org (64.71.152.41)
by srv3.amitrader.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 29 Jan
2009 03:18:32 +0100
Received-SPF: pass (srv3.amitrader.com: SPF record at xmailserver.org
designates 64.71.152.41 as permitted sender)
Received: from x35.xmailserver.org ([:::127.0.0.1]:50052)
by x35.xmailserver.org with [XMail 1.26 ESMTP Server]
id S2CB6CA for r...@amitrader.com from
xmail-boun...@xmailserver.org;
Wed, 28 Jan 2009 21:17:44 -0500
X-AuthUser: davi...@xmailserver.org
Received: from alien.or.mcafeemobile.com
by x35.xmailserver.org with [XMail 1.26 ESMTP Server]
id S2CB6C7 for xmail@xmailserver.org from
davi...@xmailserver.org;
Wed, 28 Jan 2009 21:17:29 -0500
Date: Wed, 28 Jan 2009 18:17:28 -0800 (PST)
From: Davide Libenzi davi...@xmailserver.org
X-X-Sender: dav...@alien.or.mcafeemobile.com
To: XMail Users Mailing List xmail@xmailserver.org
In-Reply-To: 49810ea6.4090...@amitrader.com
Message-ID: alpine.deb.1.10.0901281810160.21...@alien.or.mcafeemobile.com
References: 4980fb23.6070...@amitrader.com
alpine.deb.1.10.0901281704560.21...@alien.or.mcafeemobile.com
49810994.4020...@amitrader.com
004901c981b3$9abf30c0$d03d92...@com
49810ea6.4090...@amitrader.com
User-Agent: Alpine 1.10 (DEB 962 2008-03-14)
X-GPG-FINGRPRINT: CFAE 5BEE FD36 F65E E640 56FE 0974 BF23 270F 474E
X-GPG-PUBLIC_KEY: http://www.xmailserver.org/davidel.asc
MIME-Version: 1.0
Subject: Re: [xmail] Enabling SPF howto?
X-BeenThere: xmail@xmailserver.org
X-Mailman-Version: 2.1.11
Precedence: list
Reply-To: XMail Users Mailing List
Re: [xmail] Return-Path missing in delivery error notifications
On Thu, 29 Jan 2009, My BSD wrote: On Wed, 28 Jan 2009 15:26:36 -0800 (PST) Davide Libenzi davi...@xmailserver.org wrote: On Tue, 27 Jan 2009, My BSD wrote: ... snip ... At the end of the SMTP session, why, when the message already contains a Return-Path header, does XMail not prepend a Return-Path header (and strip any existing header) upon final delivery to a Maildir or MBox, ? Ok, I see it. That was done in order to preserve the Return-Path: for PSYNC messages. But it needs different handling for SMTP. I'll look into it. ... snip ... Good day and thank you Davide. I appreciate your responsiveness and the fact that (unlike a lot of other authors) you don't become defensive, or rude, or both when questions are asked or comments expressed. Sometimes I do too, unfortunately :) - Davide ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
