qmail Digest 8 Feb 1999 11:00:14 -0000 Issue 545
Topics (messages 21600 through 21651):
Three solutions for spam
21600 by: [EMAIL PROTECTED]
21602 by: [EMAIL PROTECTED]
21604 by: [EMAIL PROTECTED]
21606 by: [EMAIL PROTECTED]
21609 by: Mike Holling <[EMAIL PROTECTED]>
21611 by: [EMAIL PROTECTED]
21618 by: Russell Nelson <[EMAIL PROTECTED]>
21619 by: [EMAIL PROTECTED]
21634 by: ppiamdn <[EMAIL PROTECTED]>
21635 by: ppiamdn <[EMAIL PROTECTED]>
21637 by: ppiamdn <[EMAIL PROTECTED]>
21641 by: ppiamdn <[EMAIL PROTECTED]>
21642 by: ppiamdn <[EMAIL PROTECTED]>
21643 by: ppiamdn <[EMAIL PROTECTED]>
21644 by: ppiamdn <[EMAIL PROTECTED]>
Using multiple IP addresses
21601 by: Peter Gradwell <[EMAIL PROTECTED]>
21603 by: [EMAIL PROTECTED]
"solutions for spam"
21605 by: [EMAIL PROTECTED]
21608 by: [EMAIL PROTECTED]
21610 by: Scott Kenney <[EMAIL PROTECTED]>
radius authentication
21607 by: Michael Bracker <[EMAIL PROTECTED]>
21648 by: Anand Buddhdev <[EMAIL PROTECTED]>
Safely archiving logs
21612 by: Peter Gradwell <[EMAIL PROTECTED]>
21650 by: Harald Hanche-Olsen <[EMAIL PROTECTED]>
Conversion complete, now what?
21613 by: Michael Bryan <[EMAIL PROTECTED]>
21614 by: Chris Johnson <[EMAIL PROTECTED]>
Slow connection to pop3 server.
21615 by: "Victor Regner" <[EMAIL PROTECTED]>
21616 by: Markus Stumpf <[EMAIL PROTECTED]>
21617 by: Chris Johnson <[EMAIL PROTECTED]>
when does a message get split
21620 by: ppiamdn <[EMAIL PROTECTED]>
virtualdomains troubles...
21621 by: ppiamdn <[EMAIL PROTECTED]>
21622 by: ppiamdn <[EMAIL PROTECTED]>
21630 by: ppiamdn <[EMAIL PROTECTED]>
21631 by: ppiamdn <[EMAIL PROTECTED]>
Any benchmarks?
21623 by: ppiamdn <[EMAIL PROTECTED]>
21624 by: ppiamdn <[EMAIL PROTECTED]>
21626 by: ppiamdn <[EMAIL PROTECTED]>
off-topic, MUA to mail system files
21625 by: ppiamdn <[EMAIL PROTECTED]>
21627 by: ppiamdn <[EMAIL PROTECTED]>
21628 by: ppiamdn <[EMAIL PROTECTED]>
21629 by: ppiamdn <[EMAIL PROTECTED]>
21632 by: ppiamdn <[EMAIL PROTECTED]>
21633 by: ppiamdn <[EMAIL PROTECTED]>
three questions on var-qmail
21636 by: ppiamdn <[EMAIL PROTECTED]>
21638 by: ppiamdn <[EMAIL PROTECTED]>
Email addresses with .'s in
21639 by: ppiamdn <[EMAIL PROTECTED]>
21640 by: ppiamdn <[EMAIL PROTECTED]>
Incomplete Message Headers
21645 by: Russell Nelson <[EMAIL PROTECTED]>
Problems with qmail+fetchmail+mailx
21646 by: Andrei Kulakov <[EMAIL PROTECTED]>
RFC incompliance in qmail-remote
21647 by: Anand Buddhdev <[EMAIL PROTECTED]>
Maildir format and IMAP servers
21649 by: "������� ������������" <[EMAIL PROTECTED]>
OT-Thug's life was(Re: Three solutions for spam)
21651 by: mgibbins <[EMAIL PROTECTED]>
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To bug my human owner, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
On 1 Feb 1999, Russell Nelson wrote:
> Mike Holling writes:
> > Seems like the only folks who think it's OK to ban SMTP from dialups are
> > those who don't need to use such a setup themselves.
>
> If you want a reliable email system, you won't send mail from a
> dialup. Why are we having this discussion?
Perhaps because your assumption isn't that obvious. Why do u say that mail
from dialup isn't reliable?
Why we are having this discussion? probably because some people, like to
categorize people who send mail through dial up as spammers.
--
Tiago Pascoal ([EMAIL PROTECTED]) FAX : +351-1-7273394
Politicamente incorrecto, e membro (nao muito) proeminente da geracao rasca.
> Why we are having this discussion? probably because some people, like to
> categorize people who send mail through dial up as spammers.
It's not a case of categorizing. The problem is that those who do send
mail directly from a dialup cannot be _distinguished_ from a spammer.
It's not an issue of whether or not it is a dialup. It is an issue of
whether or not it is an address with a generic or anonymous name associated
with it, which dialup ports generally have. By getting a fixed address
with a real name (even a 3rd level domain name is fine) and real MX records,
then it won't look like what we have been referring to as "dialup".
And if it takes political changes in your country to allow that to happen,
then that's what you'll need to do. My guess, however, is that perhaps it
can be expedited by contacting the right people and simply getting some
technical competency in place at the levels where management decisions are
being made.
In the mean time, the rest of the world is not going to wait for you to
catch up.
--
Phil Howard | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
phil | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
at | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
ipal | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
dot | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
net | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
On Sun, 7 Feb 1999 [EMAIL PROTECTED] wrote:
> > Why we are having this discussion? probably because some people, like to
> > categorize people who send mail through dial up as spammers.
>
> It's not a case of categorizing. The problem is that those who do send
> mail directly from a dialup cannot be _distinguished_ from a spammer.
Then why should they be automatically labelled as spammers? Also, people
who send mail through relays cannot be distinguished from spammers also.
> It's not an issue of whether or not it is a dialup. It is an issue of
> whether or not it is an address with a generic or anonymous name associated
> with it, which dialup ports generally have. By getting a fixed address
Can u define anonymous?? (something that doesn't isn't reversed resolved?)
> with a real name (even a 3rd level domain name is fine) and real MX records,
> then it won't look like what we have been referring to as "dialup".
I don't understand also,why they should have MX records also.
> And if it takes political changes in your country to allow that to happen,
> then that's what you'll need to do. My guess, however, is that perhaps it
> can be expedited by contacting the right people and simply getting some
> technical competency in place at the levels where management decisions are
> being made.
Isn't that a bit little lyrical?
> In the mean time, the rest of the world is not going to wait for you to
> catch up.
As long as they are reasonable, i don't see any reason to. :-)
--
Tiago Pascoal ([EMAIL PROTECTED]) FAX : +351-1-7273394
Politicamente incorrecto, e membro (nao muito) proeminente da geracao rasca.
> > > Why we are having this discussion? probably because some people, like to
> > > categorize people who send mail through dial up as spammers.
> >
> > It's not a case of categorizing. The problem is that those who do send
> > mail directly from a dialup cannot be _distinguished_ from a spammer.
>
> Then why should they be automatically labelled as spammers? Also, people
> who send mail through relays cannot be distinguished from spammers also.
Read what I said. That is the answer to your question. What you need
to do is make your network connection somehow look different than what a
spammer appears to look like. If you are standing in a crowd of spammers,
and you wear the same clothes that all the spammers wear, and you have
the same hat as all the spammers have, and you grin the same way that all
the spammers grin, then how are we to know you are not a spammer? You need
to make yourself distinguishable from spammers. That's your responsibility
regardless whether your ISP or government makes it hard for you.
> > It's not an issue of whether or not it is a dialup. It is an issue of
> > whether or not it is an address with a generic or anonymous name associated
> > with it, which dialup ports generally have. By getting a fixed address
>
> Can u define anonymous?? (something that doesn't isn't reversed resolved?)
Yes I can. If there is no reverse name, that is anonymous. Also, if there
is a reverse name, but it has a generic pattern with number sequences and
does not identify any particular domain other than the ISP, then that, too,
is anonymous.
> > with a real name (even a 3rd level domain name is fine) and real MX records,
> > then it won't look like what we have been referring to as "dialup".
>
> I don't understand also,why they should have MX records also.
If you register a domain and have the network address number reverse resolve
to that name, then it will not appear anonymous and will distinguish you
from the spammers. If a spammer does the same thing, you will still be
distinguished from the spammer because the domain names are different.
If a spammer gets a domain name so as to not appear anonymous, and then
spams me, I can block just that domain name (and not yours).
MX records are another level of showing a degree of authenticity. It is
not perfect, but it raises the probability (at least for the time being)
that the host name is not the source of a spammer.
> > And if it takes political changes in your country to allow that to happen,
> > then that's what you'll need to do. My guess, however, is that perhaps it
> > can be expedited by contacting the right people and simply getting some
> > technical competency in place at the levels where management decisions are
> > being made.
>
> Isn't that a bit little lyrical?
I live in Texas. It's not practical for me to go there to persuade them to
correct their operational procedures to allow you the means to make yourself
appear on the internet as not a spammer. You live there, speak the language,
know the culture, and have some idea how business and government functions
there. You are in a much better position to deal with it than I am.
> > In the mean time, the rest of the world is not going to wait for you to
> > catch up.
>
> As long as they are reasonable, i don't see any reason to. :-)
The world is moving along with the intent to leave spammers behind. If you
don't catch up, you'll be behind there with the spammers. It's not where I
would want to be.
--
Phil Howard | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
phil | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
at | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
ipal | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
dot | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
net | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
> > Can u define anonymous?? (something that doesn't isn't reversed resolved?)
>
> Yes I can. If there is no reverse name, that is anonymous. Also, if there
> is a reverse name, but it has a generic pattern with number sequences and
> does not identify any particular domain other than the ISP, then that, too,
> is anonymous.
Just as I've feared, someone has already made the leap from "known analog
dialup pool" to "anything that looks like a dialup pool". This includes
ADSL and cablemodem pools as well.
> with a real name (even a 3rd level domain name is fine) and real
> MX records, then it won't look like what we have been referring to
> as "dialup".
Hmm, just to spite this idea, I may have all the dialups I administer
resolve to names that don't look like generic dialups:
"cat.du.example.com", "parrot.du.example.com". If you're going to make it
harder for me to send mail from my dedicated non-dialup IP that happens to
"look" like a dialup to you, then I'll make it harder for you to generate
a pattern that effectively filters dialup hostnames. It's easier for me
to take steps to break your system and make it ineffective, than jump thru
extra hoops so the computer connecting to your mailer has a hostname you
like.
- Mike
Mike Holling wrote:
> > > Can u define anonymous?? (something that doesn't isn't reversed resolved?)
> >
> > Yes I can. If there is no reverse name, that is anonymous. Also, if there
> > is a reverse name, but it has a generic pattern with number sequences and
> > does not identify any particular domain other than the ISP, then that, too,
> > is anonymous.
>
> Just as I've feared, someone has already made the leap from "known analog
> dialup pool" to "anything that looks like a dialup pool". This includes
> ADSL and cablemodem pools as well.
It's not a leap at all. Having called it "dialup" in the first place was
simply incorrect. The problem is that these are "anonymous unauthenticated
sources". Analog dialup, ISDN dialup, *DSL, cable modem, and even T1, can
all fall into this category.
Note that I say "can". None of these circuit technologies actually has to
be "anonymous unauthenticated". The blocking is not applied to the type of
connection in terms of the physical technology, but rather, it is applied
to the LACK OF authentic identity.
So there's been no leap at all.
> > with a real name (even a 3rd level domain name is fine) and real
> > MX records, then it won't look like what we have been referring to
> > as "dialup".
>
> Hmm, just to spite this idea, I may have all the dialups I administer
> resolve to names that don't look like generic dialups:
> "cat.du.example.com", "parrot.du.example.com". If you're going to make it
> harder for me to send mail from my dedicated non-dialup IP that happens to
> "look" like a dialup to you, then I'll make it harder for you to generate
> a pattern that effectively filters dialup hostnames. It's easier for me
> to take steps to break your system and make it ineffective, than jump thru
> extra hoops so the computer connecting to your mailer has a hostname you
> like.
If I get spam from cat.du.example.com I'll block it. If that IP address is
one that can randomly be assigned to many different people, then sometimes
they will, and sometimes they will not, get mail through if they do direct.
If you have a spammer in your midst, likely they will later end up with the
address for parrot.du.example.com, and spam from there. As soon as I get
spam from parrot.du.example.com, then I will block du.example.com. That
will affect them all. While I won't get to block the first couple of spams
as a result of an unobvious pattern, it will eventually get blocked.
So far I do not block by just there being a pattern. I do block by specific
domains that appear to be spam sources. If the ISP puts those names in a
separate subdomain, I can block them by the subdomain without affecting mail
from their actual mail servers. By that means I can block du.example.com as
soon as I notice that the whole domain is the source. OTOH, if you did not
provide that subdomain "du", then I would have to end up blocking the whole
domain, and it would be your fault for not providing distinctiveness (and for
allowing the spammers to send filth in the first place).
--
Phil Howard | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
phil | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
at | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
ipal | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
dot | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
net | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] writes:
> Why we are having this discussion? probably because some people, like to
> categorize people who send mail through dial up as spammers.
No, it's just the the reasons I hear for allowing mail from dialups
are all specious. If you want to send mail from a dialup, relay it
through a reliable host. If this does not describe your ISP, then
find a different host to relay the mail through.
Tiago, this discussion is tiresome. Your precious dialups are going
to be blocked if they are used to spam, period. It's a done deal; get
used to it. Accept that it is going to happen, and adjust your
expectations.
--
-russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson
Crynwr supports Open Source(tm) Software| PGPok | There is good evidence
521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
>Tiago, this discussion is tiresome. Your precious dialups are going
>to be blocked if they are used to spam, period. It's a done deal; get
>used to it. Accept that it is going to happen, and adjust your
>expectations.
"This discussion is tiresome" is one heck of an understatement.
I don't really mind seeing spam-related discussions on the qmail
mailing list, because I'm something of a newbie here and find the
issues rather interesting. (And I might decide to initiate anti-spam
measures for my new email address at some point soon.)
But it gets *really* ridiculous when knowledgeable people say "people
everywhere will avoid you if you dress like a thug" (the rough
equivalent of blocking likely spam sources based on their "appearance")
and so many of the responses range from "hey, some of us aren't thugs,
but we have a right to dress however we want, and insist you all treat
us exactly the same" to "well, I'll fix *them*, I'm not a thug, but from
now on I'm going to dress like one" to "I'm going to teach *all* the
youngsters, including the thugs, in my neighborhood to dress in fine
clothes, just to make your thug-detection algorithm less useful".
*None* of those responses are useful. None of them, if implemented,
makes the Internet a better place to be. They are, however, exactly
the sort of responses rebellious adolescent children give their parents
when they get advice that offends their delicate egos, advice like "when
you go on an interview for a job involving trust, don't dress like a
thug".
Russ et al are, for the most part, simply trying to *educate* about
how the Internet is responding (sometimes just reacting) to the mountains
of spam, which, as I've said before (elsewhere), are the barnacles on
the ships of Internet commerce.
If you don't agree with this response, please stop complaining about it
*here*. Take it up with the rest of the Internet, e.g. all those sites
(which I haven't looked at much myself) that are actually recommending
and implementing the anti-spam measures you claim you detest, or at
least should not be applied to you (somehow distinguishing you from the
other 5 billion people on the planet, even though you'll take no steps
to offer trustworthy validation of your identity for your outgoing
email).
(If you disagree with the contention that the anti-spam measures
being discussed are being widely implemented, that itself would
be a reasonable topic here, in context. But that doesn't seem to
be an issue in these discussions.)
It all boils down to trust. If you aren't willing to take the steps
necessary to show that you trust the 'net to reliably know who you are
and how to reach you (perhaps through a mutually trusted agent, like
an ISP with a properly administered SMTP), you have *no* right to
expect that you yourself *will* be trusted by default.
Yes, I know it isn't fair that your various setups make it hard for
you to do what you want and present yourself as trustworthy at the
same time.
That's not the problem of the people populating this list, though,
is it?
I think they've already gone well beyond the call of duty by recommending
*several* viable alternatives. Why those recommendations appear to go
completely ignored, I assume is due to the preference of some to
complain rather than adapt.
The issues on *this* list should, I would think, mainly center around
how to implement the various anti-spam tactics and strategies when
qmail and qmail-related technologies are involved.
Whether these strategies themselves are socially acceptable is not
really worthy of so much discussion. Thank goodness the egcs mailing
lists, for example, are not populated with people who constantly claim
that people shouldn't be using C, Fortran, C++, x86 floating-point
arithmetic, or whatever is someone's pet peeve. (And I say this as
someone with a *whole* lot of pet peeves. :)
tq vm, (burley)
Dave Sill wrote:
>
> [EMAIL PROTECTED] wrote:
> >
> >It's an unusual step for a dial-up user to make direct SMTP
> >connections from his system. Examining why they occur, there seem to
> >be 3 cases:
> >
> >1. Misconfiguration. They really should be going through their ISP's
> > mailserver.
> >
> >2. Spamming -- they're doing something they don't want to be visible
> > to their ISP.
> >
> >3. Playing -- situations like home Linux boxes where people want to
> > make the connections direct because they can.
>
> 4. Home networks.
>
> I've got three PC's connected to a 3Com LAN modem: two Winblows boxes
> and a Linux box. Rather than having the scattered MUA's talk to the
> ISP's servers for POP and SMTP service, I'd like them to talk to my
> local server. That way they can send and receive mail even when the
> modem isn't connected or the ISP is down--an all-too-common
> occurrence.
>
> >So it doesn't seem that unreasonable to me to block SMTP from dialup
> >pools. The legitemate users appear to have perfectly reasonable
> >options, and it stops one way of injecting spam.
>
> I disagree. Yes, I could configure my server to pass everything off to
> the ISP's mail hub, but, frankly, I can do a better job of it than
> they can. And switching to a more competant ISP is not an
> option. Where I live, there's only one ISP that's reachable via a
> local call.
>
> Stopping spam is a worthy goal, but one must seriously consider the
> costs associated. Preventing competent people from doing reasonable
> things is not an acceptable cost.
>
> -Dave
Paul J. Schinder wrote:
>
> On Mon, Feb 01, 1999 at 09:43:17AM -0600, [EMAIL PROTECTED] wrote:
> }
> } Speaking of open relay blocking, is the appropriate way to use both
> } RBL and ORBS to invoke rblsmtpd twice? As in
> }
> } /usr/local/bin/tcpserver-qmail -pR -c50 -u70 -g70 \
> } -x/etc/tcp.smtp.cdb \
> } 0 smtp /usr/bin/rblsmtpd -r relays.orbs.org -b /usr/bin/rblsmtpd \
> } -b /var/qmail/bin/qmail-smtpd 2>&1 | /var/qmail/bin/splogger smtpd 3
> }
> } (I put ORBS first on the guess that it would block more connects).
>
> Yes, it is. It's documented that way somewhere, in fact.
>
> }
> } Has anybody been paying attention enough to know whether the RBL is
> } essentially a subset of ORBS? Given the rules and procedures for each
> } as I understand them, it seems entirely possible. That would be my
> } other easy approach -- don't use both, just use ORBS.
>
> No, as I understand it, they use different criteria. MAPS is more a
> "these are proven, documented spammers" while ORBS blocks open relays,
> and so is proactive. I use both (just as above), and there are sites
> that MAPS catches that ORBS don't and vice versa. If you're using
> ORBS, you may want to keep an eye on your logs. There are many work
> related sites that I have to let through the ORBS block, so others may
> be in there that are important to you.
>
> } --
> } David Dyer-Bennet [EMAIL PROTECTED]
> } http://www.ddb.com/~ddb (photos, sf) Minicon: http://www.mnstf.org/minicon
> } http://ouroboros.demesne.com/ The Ouroboros Bookworms
> } Join the 20th century before it's too late!
>
> --
> --------
> Paul J. Schinder
> NASA Goddard Space Flight Center
> [EMAIL PROTECTED]
Paul J. Schinder wrote:
>
> On Mon, Feb 01, 1999 at 09:43:17AM -0600, [EMAIL PROTECTED] wrote:
> }
> } Speaking of open relay blocking, is the appropriate way to use both
> } RBL and ORBS to invoke rblsmtpd twice? As in
> }
> } /usr/local/bin/tcpserver-qmail -pR -c50 -u70 -g70 \
> } -x/etc/tcp.smtp.cdb \
> } 0 smtp /usr/bin/rblsmtpd -r relays.orbs.org -b /usr/bin/rblsmtpd \
> } -b /var/qmail/bin/qmail-smtpd 2>&1 | /var/qmail/bin/splogger smtpd 3
> }
> } (I put ORBS first on the guess that it would block more connects).
>
> Yes, it is. It's documented that way somewhere, in fact.
>
> }
> } Has anybody been paying attention enough to know whether the RBL is
> } essentially a subset of ORBS? Given the rules and procedures for each
> } as I understand them, it seems entirely possible. That would be my
> } other easy approach -- don't use both, just use ORBS.
>
> No, as I understand it, they use different criteria. MAPS is more a
> "these are proven, documented spammers" while ORBS blocks open relays,
> and so is proactive. I use both (just as above), and there are sites
> that MAPS catches that ORBS don't and vice versa. If you're using
> ORBS, you may want to keep an eye on your logs. There are many work
> related sites that I have to let through the ORBS block, so others may
> be in there that are important to you.
>
> } --
> } David Dyer-Bennet [EMAIL PROTECTED]
> } http://www.ddb.com/~ddb (photos, sf) Minicon: http://www.mnstf.org/minicon
> } http://ouroboros.demesne.com/ The Ouroboros Bookworms
> } Join the 20th century before it's too late!
>
> --
> --------
> Paul J. Schinder
> NASA Goddard Space Flight Center
> [EMAIL PROTECTED]
Dave Sill wrote:
>
> [EMAIL PROTECTED] wrote:
> >
> >It's an unusual step for a dial-up user to make direct SMTP
> >connections from his system. Examining why they occur, there seem to
> >be 3 cases:
> >
> >1. Misconfiguration. They really should be going through their ISP's
> > mailserver.
> >
> >2. Spamming -- they're doing something they don't want to be visible
> > to their ISP.
> >
> >3. Playing -- situations like home Linux boxes where people want to
> > make the connections direct because they can.
>
> 4. Home networks.
>
> I've got three PC's connected to a 3Com LAN modem: two Winblows boxes
> and a Linux box. Rather than having the scattered MUA's talk to the
> ISP's servers for POP and SMTP service, I'd like them to talk to my
> local server. That way they can send and receive mail even when the
> modem isn't connected or the ISP is down--an all-too-common
> occurrence.
>
> >So it doesn't seem that unreasonable to me to block SMTP from dialup
> >pools. The legitemate users appear to have perfectly reasonable
> >options, and it stops one way of injecting spam.
>
> I disagree. Yes, I could configure my server to pass everything off to
> the ISP's mail hub, but, frankly, I can do a better job of it than
> they can. And switching to a more competant ISP is not an
> option. Where I live, there's only one ISP that's reachable via a
> local call.
>
> Stopping spam is a worthy goal, but one must seriously consider the
> costs associated. Preventing competent people from doing reasonable
> things is not an acceptable cost.
>
> -Dave
Dave Sill wrote:
>
> [EMAIL PROTECTED] wrote:
> >
> >It's an unusual step for a dial-up user to make direct SMTP
> >connections from his system. Examining why they occur, there seem to
> >be 3 cases:
> >
> >1. Misconfiguration. They really should be going through their ISP's
> > mailserver.
> >
> >2. Spamming -- they're doing something they don't want to be visible
> > to their ISP.
> >
> >3. Playing -- situations like home Linux boxes where people want to
> > make the connections direct because they can.
>
> 4. Home networks.
>
> I've got three PC's connected to a 3Com LAN modem: two Winblows boxes
> and a Linux box. Rather than having the scattered MUA's talk to the
> ISP's servers for POP and SMTP service, I'd like them to talk to my
> local server. That way they can send and receive mail even when the
> modem isn't connected or the ISP is down--an all-too-common
> occurrence.
>
> >So it doesn't seem that unreasonable to me to block SMTP from dialup
> >pools. The legitemate users appear to have perfectly reasonable
> >options, and it stops one way of injecting spam.
>
> I disagree. Yes, I could configure my server to pass everything off to
> the ISP's mail hub, but, frankly, I can do a better job of it than
> they can. And switching to a more competant ISP is not an
> option. Where I live, there's only one ISP that's reachable via a
> local call.
>
> Stopping spam is a worthy goal, but one must seriously consider the
> costs associated. Preventing competent people from doing reasonable
> things is not an acceptable cost.
>
> -Dave
Len Budney wrote:
>
> [EMAIL PROTECTED] wrote:
> > Len Budney <[EMAIL PROTECTED]> wrote:
> > > Modems neither cause nor result from spam--modems and spam merely
> > > correlate.
> >
> > It's an unusual step for a dial-up user to make direct SMTP
> > connections from his system. Examining why they occur, there seem
> > to be 3 cases:
>
> Thanks for a nice, cogent analysis. You did miss one sub-case, though,
> which may generally be a minor issue.
>
> > 2. Spamming -- they're doing something they don't want to be
> > visible to their ISP.
>
> The subcase is:
>
> 2. (b) Privacy/paranoia -- they're doing something _legitimate_ that
> they don't want visible to their provider.
>
> Before I got a static IP at work, I needed to use my employer's server
> to send mail. My employer had a stated policy reserving the right to
> intercept and read mail sent through the company server. They had no
> policy forbidding the use of SMTP without their server, and they had
> no policy against personal email on company time.
>
> Hence, to protect my privacy, I chose to send personal mail from my
> own Linux laptop, circumventing their server.
>
> Yes, I know--that's security through obscurity. I also used PGP, when
> applicable. However, it was a matter of principle with me to at least
> circumvent their stated intention to violate my privacy at will.
>
> Hence, this is also a subtype of:
>
> > 3. Playing -- situations like home Linux boxes where people want to
> > make the connections direct because they can.
> [snip]
> > So it doesn't seem that unreasonable to me to block SMTP from dialup
> > pools. The legitemate users appear to have perfectly reasonable
> > options, and it stops one way of injecting spam.
>
> It is your right, if you are an ISP. It will make many of us Linux
> users sad, because you have forbidden our "playing". It's rather a
> pity, in my opinion.
>
> Len.
>
> --
> 20. The Gestures of the Body must be Suited to the discourse you are upon.
> -- George Washington, "Rules of Civility & Decent Behaviour"
Len Budney wrote:
>
> [EMAIL PROTECTED] wrote:
> > Len Budney <[EMAIL PROTECTED]> wrote:
> > > Modems neither cause nor result from spam--modems and spam merely
> > > correlate.
> >
> > It's an unusual step for a dial-up user to make direct SMTP
> > connections from his system. Examining why they occur, there seem
> > to be 3 cases:
>
> Thanks for a nice, cogent analysis. You did miss one sub-case, though,
> which may generally be a minor issue.
>
> > 2. Spamming -- they're doing something they don't want to be
> > visible to their ISP.
>
> The subcase is:
>
> 2. (b) Privacy/paranoia -- they're doing something _legitimate_ that
> they don't want visible to their provider.
>
> Before I got a static IP at work, I needed to use my employer's server
> to send mail. My employer had a stated policy reserving the right to
> intercept and read mail sent through the company server. They had no
> policy forbidding the use of SMTP without their server, and they had
> no policy against personal email on company time.
>
> Hence, to protect my privacy, I chose to send personal mail from my
> own Linux laptop, circumventing their server.
>
> Yes, I know--that's security through obscurity. I also used PGP, when
> applicable. However, it was a matter of principle with me to at least
> circumvent their stated intention to violate my privacy at will.
>
> Hence, this is also a subtype of:
>
> > 3. Playing -- situations like home Linux boxes where people want to
> > make the connections direct because they can.
> [snip]
> > So it doesn't seem that unreasonable to me to block SMTP from dialup
> > pools. The legitemate users appear to have perfectly reasonable
> > options, and it stops one way of injecting spam.
>
> It is your right, if you are an ISP. It will make many of us Linux
> users sad, because you have forbidden our "playing". It's rather a
> pity, in my opinion.
>
> Len.
>
> --
> 20. The Gestures of the Body must be Suited to the discourse you are upon.
> -- George Washington, "Rules of Civility & Decent Behaviour"
Hi there,
I have a couple of virtual hosting clients, using true ip virtual hosting for their
website and ftp
server.
(Linux 2.0.35 / Slackware 3.6 with multiple ips bound to the card)
Currently qmail is running on my first ip address and it's handling mail for multiple
users.
However, I would like to run their mail off of their ip address, so I can see what
they are doing
bw wise.
Even more brilliant would be to bind qmail to a different virtual device, because then
I could
create a bandwidth limited virtual ethernet card and run mailing lists on there,
whilst allowing
other services full bandwidth.
How anyone have any experience of telling qmail which ip address / device to listen
and operate on?
Thanks
Peter.
--
gradwell dot com ltd - writing the bits of the web you don't see
online @ http://www.gradwell.com/ mailto:[EMAIL PROTECTED]
"To look back all the time is boring. Excitement lies in tomorrow"
Peter Gradwell wrote:
> Currently qmail is running on my first ip address and it's handling mail for
>multiple users.
> However, I would like to run their mail off of their ip address, so I can see what
>they are doing
> bw wise.
>
> Even more brilliant would be to bind qmail to a different virtual device, because
>then I could
> create a bandwidth limited virtual ethernet card and run mailing lists on there,
>whilst allowing
> other services full bandwidth.
>
> How anyone have any experience of telling qmail which ip address / device to listen
>and operate on?
As long as qmail will listen to any IP address on the machine, then it's
just a matter of appropriate MX's to get certain domains to go to certain
addresses, and routing to get certain addresses to go to certain interfaces.
Why would qmail not listen on all interfaces?
--
Phil Howard | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
phil | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
at | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
ipal | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
dot | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
net | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
On Thu, 28 Jan 1999 [EMAIL PROTECTED] wrote:
> > > I do _not_ support "sending mail" by means of an ssh session that invokes the
> > > program to inject mail. Yet such a method could indeed function, and thus make
> > > those who want to use it "legitimate". So I'll decide to not offer that service
> > > (of receiving mail from those who want to send it by ssh) unless I come to see
> > > a business case for offering it.
> >
> > I think this has nothing to do with our discussing matter.
>
> It has everything to do with it. The issue is whether an ISP should be required
> to specifically handle things that are unusual. You might not think your way is
> unusual, but I do.
I don't see, why u are saying that a totally reasonable (doesn't violate
anything) it unsual.
> > > Likewise I don't offer the service of receiving mail that bypasses the normal
> > > delivery mechanisms through the dialup's local mail server.
> >
> > Normal according to what? An RFC? Or to you?
>
> Normal as in most common. It happens to be RFC'd, but that's not my basis. If
> 99% of the market wants to use SSH instead of SMTP, I'd go with that. That's the
> way business works.
is 99% of the market demaning that mail from dial-ups is to be disallowed?
:-)
> > > Are you running your own SMTP server over a dialup to an ISP, bypassing their
> >
> > Yes.
>
> The ISP is utl.pt?
Nope. ist.utl.pt (check www.ist.utl.pt). And not they are not an ISP. They
are a university, i use this service because i need fast access to local
machines, and yes they also happen to provide internet access.
> > > SMTP server because yours runs better? Maybe this is because your ISP's SMTP
> >
> > Yes mine runs better. Because:
> >
> > 1- It runs qmail.
> > 2- the queue only has my own messages, i don't share it with someone else,
> > thus i don't have have to share delivery time with someone else (and
> > believe it, i would have to share it with a lot of people)
> > 3- The smtp relay machine is sometimes overloaded (not to mention down)
> > It handles SMTP, HTTP,shell accounts, pop and who knows what else.
> > 4- I don't trust the admins (it's bad enough, the messages i lose due to
> > bouncing cause of misconfigurations and other 'things')
> > 5- I not exactly when the mail has arrived, if i use the relay i can only
> > hope it has arrived.
>
> I can understand why you want to do what you do. I would want to do so if I were
> in your place, as well. But I also realize others have no obligation to accept
> it like that, since it is not the usual way things are done.
>
> You really really really really really really need to get a better ISP. And "get"
> may be anything from forcing the issue in your government politics to showing to
> your news media of the PTT incompetence.
Send me your address, and i will send u my bills. :-)
> If things are so closed and tight in your country, how is it that you are sure that
> running an SMTP server is even legal and that they just haven't bother to block you,
> yet (perhaps due to incompetence)?
> Another option you might have is to rent a dedicated or colocated server in another
> country and tunnel in. Or I might even consider leasing tunnels into mine. Your
> PTT doesn't block tunnels do they? The vppp program can "tunnel" on any TCP port,
> so it would be pretty hard for them to block it, anyway.
should i go a great extent of trouble (not to mean expenses) to deliver
mail to _some_ people,which find my ways of delivering mail inadequate?
> > > server is clogged with spam? Is static IP and reverse delegation not an option
> > > to make your SMTP server look legitimate?
> >
> > Why isn't my server legitimate?
>
> The exact rule to determine that is not well established. But one way to possibly
> do so is if your server has an MX record. And to be sure your server name is not
> forged, your IP address would need a PTR that names your server, and your A record(s)
Well the only thing that my address doesn't comply, is the MX record, and
i see no need for it either.
> So how do you receive your mail? Does it really come to your server?
Nope. I never said i received mail directly. I only said it _sent_ it
directly.
> > starting delivery 1161: msg 25817 to remote [EMAIL PROTECTED]
> > delivery 1161: success:
> >
>206.97.151.5_accepted_message../Remote_host_said:_250_GAA21302_Message_accepted_for_delivery/
> >
> > It seems your server hasn't any problems with mine.
>
> Because I have not implemented anything to actually block it. I don't even
> have qmail on this server (it's going on another project). Just because I do
> not block something does not mean I offer it. If the costs of not blocking
> it exceed the costs of blocking it, then I will block it. If the profits of
> offering it exceed the loss of not offering it, I will offer it.
Ok, and if you refuse mail from me, i will have to choices, find an
alternative of delivering mail to you, or stop sending mail to you.
That rules applies to anyone who refuses mail from dial up.
--
Tiago Pascoal ([EMAIL PROTECTED]) FAX : +351-1-7273394
Politicamente incorrecto, e membro (nao muito) proeminente da geracao rasca.
[EMAIL PROTECTED] wrote:
> is 99% of the market demaning that mail from dial-ups is to be disallowed?
> :-)
In effect, yes. 99.9% of the market is demanding that their mailbox not be
filled up with spam. Most spam has been coming by way of mail amplified by
open relay mail servers. As those servers are gradually getting closed or
blocked, spammers are discovering that with more sophisticated programs (and
there are some people out there selling them these programs) they can get more
mail out by doing it directly to the MX server for the intended recipient.
Many of them do so from a big server on a high speed connection. For them, I
just block them by their name. Others are small operations that continue to
use dialup accounts. If I block them by name, and it would make sense to do
it for the whole set of names for all the dialups since they can dial in as
any one of them, then that affects everyone. Since the usual _practice_ for
99.999% of legitimate mail originating from a dialup is to first inject it into
the dialup ISPs server, then blocking the dialup directly will have no impact
on that legitimate mail.
> Nope. ist.utl.pt (check www.ist.utl.pt). And not they are not an ISP. They
> are a university, i use this service because i need fast access to local
> machines, and yes they also happen to provide internet access.
Why don't you go show them how to fix their mail server?
> Send me your address, and i will send u my bills. :-)
Send me the price list for the competition, first.
> should i go a great extent of trouble (not to mean expenses) to deliver
> mail to _some_ people,which find my ways of delivering mail inadequate?
It looks like this is going to be the case, all because of spammers.
> > The exact rule to determine that is not well established. But one way to possibly
> > do so is if your server has an MX record. And to be sure your server name is not
> > forged, your IP address would need a PTR that names your server, and your A
>record(s)
>
> Well the only thing that my address doesn't comply, is the MX record, and
> i see no need for it either.
You have a dynamic IP address. A spammer may have been using that very
same IP address just a few minutes before you dial in.
> > So how do you receive your mail? Does it really come to your server?
>
> Nope. I never said i received mail directly. I only said it _sent_ it
> directly.
If you set things up to receive mail directly, then you will be taking the
very actions that distinquish you from spammers, who generally only send
mail. But as long as you connect to some other POP/IMAP server to pick up
mail, your server won't appear to be something any different than a spammer
would appear.
You need to make yourself look different from a spammer.
> Ok, and if you refuse mail from me, i will have to choices, find an
> alternative of delivering mail to you, or stop sending mail to you.
> That rules applies to anyone who refuses mail from dial up.
Yes, that rule applies. Most spammers are ignorant and are just using a
program they buy. If their mail does not go through, they won't know what
to do about it until the programmer sells them a new program. At that
time we will have to see what it is they are doing then, and find a way
to prevent that mail, if possible.
Keep in mind that if the spammers start to use real domain named servers,
we can block them individually by their names. Some actually do this now
(and I actually cut them off when I get spam from them). If you get your
own domain name (some name within ist.utl.pt perhaps, or register a domain
of your own in .pt or .com) and associate that name with a fixed IP address
you use, then you won't look anonymous. And as long as no spam comes from
a server with that name, I won't be blocking it.
--
Phil Howard | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
phil | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
at | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
ipal | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
dot | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
net | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
On Sun, Feb 07, 1999 at 03:06:16PM -0600, [EMAIL PROTECTED] wrote:
[snip]
> If you set things up to receive mail directly, then you will be taking the
> very actions that distinquish you from spammers, who generally only send
> mail. But as long as you connect to some other POP/IMAP server to pick up
> mail, your server won't appear to be something any different than a spammer
> would appear.
Not in all cases, observe I receive mail directly:
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 38896 invoked from network); 7 Feb 1999 21:08:30 -0000
Received: from muncher.math.uic.edu (131.193.178.181)
by nwhn-sh8-port100.snet.net with SMTP; 7 Feb 1999 21:08:30 -0000
Received: (qmail 13784 invoked by uid 1002); 7 Feb 1999 21:06:12 -0000
Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
Precedence: bulk
Delivered-To: mailing list [EMAIL PROTECTED]
Received: (qmail 17451 invoked from network); 7 Feb 1999 21:06:12 -0000
Received: from rigel.ipal.net ([EMAIL PROTECTED])
by muncher.math.uic.edu with SMTP; 7 Feb 1999 21:06:12 -0000
Received: (from phil@localhost)
by rigel.ipal.net (8.8.7/8.8.7) id PAA07225;
Sun, 7 Feb 1999 15:06:17 -0600
that doesn't change the fact that when my machine sends mail it will say:
HELO <some name that maps to a dynamic IP #>
When the dialup pool I use is finally blocked I'll have to go back to
sending outgoing mail via UUCP, however ezmlm bounce processing will no
longer work, since adding :alias+uucp to control/virtualdomains breaks
the VERP'd return-path.
Being on a lot of mailinglists, I should have realized the SPAMers have
gained control of most people, when any single SPAM item generates
neverending threads on how the list should be closed or moderated (and
in the process no one realizing that the argument is a magnitude of
order worse than the SPAM itself).
--
Scott Kenney >|< [EMAIL PROTECTED]
hi *,
i still think about an authentication for incoming and outgoing eMails
through a radius server. At the moment we've got mysql and a radius deamon
running. Could we authenticate our users' emails with this, too?
I think there is a way to get the eMail but how can I tell qMail to look at
the mysql or radius server for the usernames and passwords?
does anyone have a system running in this configuration?
Thx so far,
Michael Bracker, DE
On Sun, Feb 07, 1999 at 09:50:21PM +0100, Michael Bracker wrote:
You can have a ~alias/.qmail-default entry with a program delivery that
looks up usernames in mysql or radius.
For POP authentication, you need to write your own checkpassword that will
query mysql or radius. It's not too difficult, and if you can program in
perl, you should be able to code up a simple one in maybe an hour. When
you're satisfied with it, you could code it in C, or hire a programmer to
convert it to C for you, because a compiled C program would be faster and
smaller than a perl script, especially for large userbases.
> hi *,
>
> i still think about an authentication for incoming and outgoing eMails
> through a radius server. At the moment we've got mysql and a radius deamon
> running. Could we authenticate our users' emails with this, too?
> I think there is a way to get the eMail but how can I tell qMail to look at
> the mysql or radius server for the usernames and passwords?
>
> does anyone have a system running in this configuration?
>
>
> Thx so far,
> Michael Bracker, DE
--
Anand
System Administrator
Africa Online Ltd
http://www.anand.org
Hi,
I'm using cyclog to log all qmail activity.
When I delete all the log files
rm /var/log/qmail/*
it's using, it doesn't seem to recreate them until I restart qmail.
I want to archive my log files daily:
cat /var/log/qmail/* | gzip mylogs.gz
and then delete the old ones
but my rm attempt above doens't seem to be the best way.
What's the best way to archive log files and remove the old ones?
Thanks
Peter.
--
gradwell dot com ltd - writing the bits of the web you don't see
online @ http://www.gradwell.com/ mailto:[EMAIL PROTECTED]
"To look back all the time is boring. Excitement lies in tomorrow"
- Peter Gradwell <[EMAIL PROTECTED]>:
| I'm using cyclog to log all qmail activity.
|
| When I delete all the log files
|
| rm /var/log/qmail/*
|
| it's using, it doesn't seem to recreate them until I restart qmail.
Oh, yes. But you just deleted the *current* log file, and cyclog
won't start a new one until the current one is full. Remember, that
you removed the file doesn't mean it's gone until all open file
descriptors on the file are closed.
cyclog marks its files done by turning off the write permission. So
the cure is to only remove files which are not writable. Just make
sure the qmail startup script does chmod -w /var/log/qmail/* since
there may be a writable file left over since the previous shutdown.
| I want to archive my log files daily:
|
| cat /var/log/qmail/* | gzip mylogs.gz
|
| and then delete the old ones
|
| but my rm attempt above doens't seem to be the best way.
|
| What's the best way to archive log files and remove the old ones?
On one of the machines I maintain, I have cyclog directories
/var/log/qmail and /var/log/smtpd, with corresponding directories
/var/log/qmailz and /var/log/smtpdz containing compressed logs.
User qmaill runs a cron job
15 2 * * * /var/qmail/etc/gzip_logs -quiet
where /var/qmail/etc/gzip_logs is as follows:
#!/bin/sh
if [ " $1 " = " -quiet " ]; then
exec >/dev/null
GZIP="/store/bin/gzip -9"
shift
else
GZIP="/store/bin/gzip -v -9"
fi
for d in qmail smtpd; do
echo Compressing from /var/log/${d} to /var/log/${d}z:
cd /var/log/${d}
[ -d ../${d}z ] || mkdir ../${d}z || exit 1
set -- *
while [ $# -gt 10 ]; do
if [ -w $1 ]; then
echo $1 'is writable; not touching it'
else
${GZIP} $1 && mv ${1}.gz ../${d}z
fi
shift
done
done
You may have to change some path names. Also, note that this job
keeps the last 10 log files uncompressed, for ease in checking the
lateste logs. I run cyclog with the arguments -s304000 -n30; you may
have to adjust these parameters. With a setup like this, there is
always a risk of losing log information if activity suddenly
skyrockets.
- Harald
Hey Guys,
I spent most of yesterday working on switching from sendmail to qmail
and I'm very pleased with the performance. However, I'm having trouble
with just a few nagging things.
To Maildir or, to Mailbox....that is the question.
I like the Maildir idea, but I've been unable to get it working, yet.
It complains that no Maildir has been created, however, one exists. So,
for right now, I'm going with Mailbox..and symlinking to
/var/spool/mail. My question is this:
How can I get the useradd program to automagically set up the symlink?
Or, would I be better advised to just switch to the Maildir format. If
so, could someone provide step by step instructions to do so. I looked
at the install file which mentions it, however, it's not totally clear
on EXACTLY what to do to what files.
Also, is there a way to get the .qmail file autocreated in a user
directory when I add the user? (I may very well be missing some docs
somewhere on that, but I can't find any.)
I have relatively few users right now, so I can play with things.
Please advise.
So far, I love Qmail. I'd love it even more if you guys would help me
get started.
Thanks,
Michael -- The new guy.
--
Michael Bryan
The Radio Cafe, LLC
http://www.radiocafe.com
On Sun, Feb 07, 1999 at 09:50:39PM +0000, Michael Bryan wrote:
> Hey Guys,
>
> I spent most of yesterday working on switching from sendmail to qmail
> and I'm very pleased with the performance. However, I'm having trouble
> with just a few nagging things.
>
> To Maildir or, to Mailbox....that is the question.
Maildir is the answer, pretty much always.
> I like the Maildir idea, but I've been unable to get it working, yet.
> It complains that no Maildir has been created, however, one exists. So,
> for right now, I'm going with Mailbox..and symlinking to
> /var/spool/mail. My question is this:
If the Maildir is there and is the ownership is correct, there shouldn't be any
complaints. Did you use /var/qmail/bin/maildirmake to create the Maildir, and
is it owned by the user? Did you replace ./Mailbox with ./Maildir/ (note the
trailing slash) in /var/qmail/rc (or whatever script you start qmail-send
with)?
> How can I get the useradd program to automagically set up the symlink?
> Or, would I be better advised to just switch to the Maildir format. If
> so, could someone provide step by step instructions to do so. I looked
> at the install file which mentions it, however, it's not totally clear
> on EXACTLY what to do to what files.
As I mentioned above, you need to change ./Mailbox to ./Maildir/ in the script
you use to start qmail-send (probably /var/qmail/rc). Then just be sure that
each user has a Maildir, created by /var/qmail/bin/maildirmake and owned by the
user. The easiest way to do this for new users is to cd to /etc/skel or
/usr/share/skel or wherever your skeleton files for new users are and make the
Maildir there. Then all new users will get one when you useradd them. For
existing users you can use a shell script to create their Maildirs. Once mail
is being delivered to these Maildirs, you can use one of the scripts you'll
find at http://www.qmail.org to convert their existing mailboxes.
> Also, is there a way to get the .qmail file autocreated in a user
> directory when I add the user? (I may very well be missing some docs
> somewhere on that, but I can't find any.)
You don't have to have any .qmail files if your startup script is delivering to
./Maildir/ by defult.
> I have relatively few users right now, so I can play with things.
That being the case, I'd definitely recommend starting right off with maildir.
Chris
I just installed qmailpop3d with tcpserver instead of inetd. Now it takes
about 10 seconds to connect to the pop3 server. I know that the connection
to the server is fast so that isnt the problem. When I uset inetd it was
much fast.
Anyone know what could be the problem here?
Victor
On Sun, Feb 07, 1999 at 11:41:07PM +0100, Victor Regner wrote:
> I just installed qmailpop3d with tcpserver instead of inetd. Now it takes
> about 10 seconds to connect to the pop3 server. I know that the connection
> to the server is fast so that isnt the problem. When I uset inetd it was
> much fast.
Disable host/ident lookups with tcpserver.
(sorry, I'm using an old version, don't have the current switches at
hand).
\Maex
--
SpaceNet GmbH | http://www.Space.Net/ | In a world without
Research & Development | mailto:[EMAIL PROTECTED] | walls and fences,
Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0 | who needs
D-80807 Muenchen | Fax: +49 (89) 32356-299 | Windows and Gates?
On Sun, Feb 07, 1999 at 11:41:07PM +0100, Victor Regner wrote:
> I just installed qmailpop3d with tcpserver instead of inetd. Now it takes
> about 10 seconds to connect to the pop3 server. I know that the connection
> to the server is fast so that isnt the problem. When I uset inetd it was
> much fast.
>
> Anyone know what could be the problem here?
Does it help if you run tcpserver with -H? If so, then the delay is caused by
tcpserver looking up the remote host name. You can either run with -H all the
time to prevent the name lookup, or figure out why your name server is taking
so long to answer.
Chris
Mark Carpenter wrote:
>
> > At 22:40 28/01/99 -0600, Mate Wierdl wrote:
> > >With all the talk about passing mail through serialline: When does a
> > >message with multiple recipients get split?
> >
> > By qmail-send. It makes the decision to split a multi-recipient mail into
> > individual deliveries.
>
> How does qmail-send make the decission to split or not to split?
> Does it always split it? It looks like all mail goes through qmail-
> send at some point.
answer sribe
Matt Garrett wrote:
>
> I seem to be having a bit of trouble getting qmail to recognize e-amil sent to
> my virtual domains. Here is what I've done so far...
>
> 1. Install Qmail 1.03 from binary rpm.
>
> 2. create popuser account/group
> in /etc/passwd> popuser:x:888:888:POP E-Mail User:/var/qmail:/bin/true
> in /etc/group> popuser:x:888:
>
> 3. created popboxes hierarchy, /var/qmail/popboxes/domain-com/users, all
> owned by popuser, in group popuser, all chmoded 0755.
>
> 4. created Maildirs in each e-mail account using maildirmk, chmoded 0755.
>
> 5. created .qmail files in each e-mail account containing "./Maildir/",
> chmoded 0744.
>
> 6. created vitrual domains in ~control/virtualdomains
> domain.com:domain-com
> etc...
>
> 7. added domain.com to ~control/rcpthosts
>
> 8. added e-mail accounts to ~users/assign
> =domain-com-user:popuser:888:888:/var/qmail/popboxes/domain-com/user:::
>
> I don't want any email going to [EMAIL PROTECTED], so there's no need
> to create an email user +domain-com:popuser..., right?
>
> I can email to an account with "[EMAIL PROTECTED]" but not with
> "[EMAIL PROTECTED]" which is the point of the whole exercise. This is with the MX
> set to mail.domain.com and mail being an alias to the canonical name
> me.domain.com.
>
> When everything's working right, I'll just change the alias from
> oldmail.domain.com to me.domain.com. There a problem with my DNS usage?
>
> The POP3 system is working perfectly, and I have /etc/tcprules.d/qmail-smtpd
> set up to allow my customers to mail out and everyone else to mail in, but not
> allow others to relay through me.
>
> I am having trouble getting mailer-daemon, postmaster, and root to be properly
> delivered to my maintenance account, [EMAIL PROTECTED] I have the ~alias/.qmail
> files set up to deliver to ./operator/Maildir/ and in ~alias I have a symbolic
> link of operator -> /home/me, chmoded 0755 and I can receive mail as
> [EMAIL PROTECTED] just fine, but mail to [EMAIL PROTECTED] fails with a
> "Temporary error on maildir delivery (#4.3.0)".
>
> my control files are like as follows:
> defaultdomain:
> domain.com
>
> defaulthost: <- any ideas as to how to have the default host change for each
> domain.com <- virtual domain?
>
> locals:
> localhost
> me.domain.com
> domain.com
> domain.net
>
> me:
> me.domain.com
>
> plusdomain: <- exactly what is this control file used for again?
> domain.com
> domain.net
>
> rcpthosts:
> localhost
> me.domain.com
> domain.com
> domain.net
>
> virtualdomains:
> domain.com:domain-com
> domain.net:domain-net
>
> I'll be adding several other virtual domains once the system is up and
> running, i.e. domain.net, etc.
>
> Anyone care to write man pages for each control file? To call the existing
> documentation for them paltry would be generous.
>
> --
> Matt Garrett, Network Engineer
> Superior Open Systems
> [EMAIL PROTECTED]
rubish
Matt Garrett wrote:
>
> I seem to be having a bit of trouble getting qmail to recognize e-amil sent to
> my virtual domains. Here is what I've done so far...
>
> 1. Install Qmail 1.03 from binary rpm.
>
> 2. create popuser account/group
> in /etc/passwd> popuser:x:888:888:POP E-Mail User:/var/qmail:/bin/true
> in /etc/group> popuser:x:888:
>
> 3. created popboxes hierarchy, /var/qmail/popboxes/domain-com/users, all
> owned by popuser, in group popuser, all chmoded 0755.
>
> 4. created Maildirs in each e-mail account using maildirmk, chmoded 0755.
>
> 5. created .qmail files in each e-mail account containing "./Maildir/",
> chmoded 0744.
>
> 6. created vitrual domains in ~control/virtualdomains
> domain.com:domain-com
> etc...
>
> 7. added domain.com to ~control/rcpthosts
>
> 8. added e-mail accounts to ~users/assign
> =domain-com-user:popuser:888:888:/var/qmail/popboxes/domain-com/user:::
>
> I don't want any email going to [EMAIL PROTECTED], so there's no need
> to create an email user +domain-com:popuser..., right?
>
> I can email to an account with "[EMAIL PROTECTED]" but not with
> "[EMAIL PROTECTED]" which is the point of the whole exercise. This is with the MX
> set to mail.domain.com and mail being an alias to the canonical name
> me.domain.com.
>
> When everything's working right, I'll just change the alias from
> oldmail.domain.com to me.domain.com. There a problem with my DNS usage?
>
> The POP3 system is working perfectly, and I have /etc/tcprules.d/qmail-smtpd
> set up to allow my customers to mail out and everyone else to mail in, but not
> allow others to relay through me.
>
> I am having trouble getting mailer-daemon, postmaster, and root to be properly
> delivered to my maintenance account, [EMAIL PROTECTED] I have the ~alias/.qmail
> files set up to deliver to ./operator/Maildir/ and in ~alias I have a symbolic
> link of operator -> /home/me, chmoded 0755 and I can receive mail as
> [EMAIL PROTECTED] just fine, but mail to [EMAIL PROTECTED] fails with a
> "Temporary error on maildir delivery (#4.3.0)".
>
> my control files are like as follows:
> defaultdomain:
> domain.com
>
> defaulthost: <- any ideas as to how to have the default host change for each
> domain.com <- virtual domain?
>
> locals:
> localhost
> me.domain.com
> domain.com
> domain.net
>
> me:
> me.domain.com
>
> plusdomain: <- exactly what is this control file used for again?
> domain.com
> domain.net
>
> rcpthosts:
> localhost
> me.domain.com
> domain.com
> domain.net
>
> virtualdomains:
> domain.com:domain-com
> domain.net:domain-net
>
> I'll be adding several other virtual domains once the system is up and
> running, i.e. domain.net, etc.
>
> Anyone care to write man pages for each control file? To call the existing
> documentation for them paltry would be generous.
>
> --
> Matt Garrett, Network Engineer
> Superior Open Systems
> [EMAIL PROTECTED]
rubish
Chris Johnson wrote:
>
> On Mon, Feb 01, 1999 at 11:22:28AM +0000, Matt Garrett wrote:
> > I seem to be having a bit of trouble getting qmail to recognize e-amil sent to
> > my virtual domains. Here is what I've done so far...
>
> [snip]
>
> > 6. created vitrual domains in ~control/virtualdomains
> > domain.com:domain-com
> > etc...
>
> [snip]
>
> > locals:
> > localhost
> > me.domain.com
> > domain.com
> > domain.net
>
> If you want a domain to be treated as virtual, you can't have it in locals.
> You should *never* have a particular domain name in both control/locals and
> control/virtualdomains.
>
> Chris
Chris Johnson wrote:
>
> On Mon, Feb 01, 1999 at 11:22:28AM +0000, Matt Garrett wrote:
> > I seem to be having a bit of trouble getting qmail to recognize e-amil sent to
> > my virtual domains. Here is what I've done so far...
>
> [snip]
>
> > 6. created vitrual domains in ~control/virtualdomains
> > domain.com:domain-com
> > etc...
>
> [snip]
>
> > locals:
> > localhost
> > me.domain.com
> > domain.com
> > domain.net
>
> If you want a domain to be treated as virtual, you can't have it in locals.
> You should *never* have a particular domain name in both control/locals and
> control/virtualdomains.
>
> Chris
Balazs Nagy wrote:
>
> Hiyas,
>
> Is there anyone who did benchmarks with MTAs? I cannot convince people who
> know only sendmail or exim ;-)
>
> Regards: Balazs
> --
> #!/usr/bin/perl -export-a-crypto-system-sig -http://dcs.ex.ac.uk/~aba/rsa
> print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
Balazs Nagy wrote:
>
> Hiyas,
>
> Is there anyone who did benchmarks with MTAs? I cannot convince people who
> know only sendmail or exim ;-)
>
> Regards: Balazs
> --
> #!/usr/bin/perl -export-a-crypto-system-sig -http://dcs.ex.ac.uk/~aba/rsa
> print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
Balazs Nagy wrote:
>
> Hiyas,
>
> Is there anyone who did benchmarks with MTAs? I cannot convince people who
> know only sendmail or exim ;-)
>
> Regards: Balazs
> --
> #!/usr/bin/perl -export-a-crypto-system-sig -http://dcs.ex.ac.uk/~aba/rsa
> print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
Eric Dahnke wrote:
>
> Hello,
>
> How do you folks mail system files (say logs for example)?
>
> I can do it from the shell with
>
> mail user -s Subject
> ~r/tmp/filename
> .
>
> But I can't get it to work from a script. I can't figure out how to give
> it the EOF. I've tried everything in the mail man pages, but no luck.
>
> TIA - eric
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com
Eric Dahnke wrote:
>
> Hello,
>
> How do you folks mail system files (say logs for example)?
>
> I can do it from the shell with
>
> mail user -s Subject
> ~r/tmp/filename
> .
>
> But I can't get it to work from a script. I can't figure out how to give
> it the EOF. I've tried everything in the mail man pages, but no luck.
>
> TIA - eric
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com
Russell Nelson wrote:
>
> Eric Dahnke writes:
> > How do you folks mail system files (say logs for example)?
> > mail user -s Subject
> > ~r/tmp/filename
>
> /var/qmail/bin/mailsubj "Subject" user </tmp/filename
>
> --
> -russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson
> Crynwr supports Open Source(tm) Software| PGPok | There is good evidence
> 521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the
> Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
Russell Nelson wrote:
>
> Eric Dahnke writes:
> > How do you folks mail system files (say logs for example)?
> > mail user -s Subject
> > ~r/tmp/filename
>
> /var/qmail/bin/mailsubj "Subject" user </tmp/filename
>
> --
> -russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson
> Crynwr supports Open Source(tm) Software| PGPok | There is good evidence
> 521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the
> Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
Mate Wierdl wrote:
>
> use mailsubj as
>
> mailsubj foo bar < file.you.want.to.mail
>
> See man page for mailsubj.
>
> Mate
Mate Wierdl wrote:
>
> use mailsubj as
>
> mailsubj foo bar < file.you.want.to.mail
>
> See man page for mailsubj.
>
> Mate
Mate Wierdl wrote:
>
> As I am putting on the finishing touches on a var-qmail package, the
> following occured to me:
>
> 1) In BIN.Makefile, I see:
>
> # showing the positions of each byte in the following ten ints:
> # uida, uidd, uidl, uido, uidp, uidq, uidr, uids, gidq, gidn.
>
> Are not these supposed to be auto_uida, auto_uidd ?
>
> 2) If a Makefile is supposed to be put in a var-qmail package, then it
> is also needed that the box doing the installation has make
> installed. On the other hand, I thought one of the purposes of a
> binary package is to be able to install qmail on machines which have
> no productions environment whatsoever.
>
> What if I replace the Makefile with a shellscript?
>
> 3) Describing the compilation environment in BIN.README, is it enough
> if I disclose the gcc and glibc version, or I should list all the
> shared libraries used?
>
> Thx
>
> Mate
Mate Wierdl wrote:
>
> As I am putting on the finishing touches on a var-qmail package, the
> following occured to me:
>
> 1) In BIN.Makefile, I see:
>
> # showing the positions of each byte in the following ten ints:
> # uida, uidd, uidl, uido, uidp, uidq, uidr, uids, gidq, gidn.
>
> Are not these supposed to be auto_uida, auto_uidd ?
>
> 2) If a Makefile is supposed to be put in a var-qmail package, then it
> is also needed that the box doing the installation has make
> installed. On the other hand, I thought one of the purposes of a
> binary package is to be able to install qmail on machines which have
> no productions environment whatsoever.
>
> What if I replace the Makefile with a shellscript?
>
> 3) Describing the compilation environment in BIN.README, is it enough
> if I disclose the gcc and glibc version, or I should list all the
> shared libraries used?
>
> Thx
>
> Mate
John R Levine wrote:
>
> > All agreed, but I still don't understand Russell saying 'slashes
> > were useful to allow subdirectories'.
>
> Slashes in individual user names are indeed not very useful, but they
> can be quite handy for virtual domains. You might put a line in
> control/virtualdomains like this:
>
> blather.com:virtual-blather/m-
>
> so that the mail for [EMAIL PROTECTED] is controlled by
> ~virtual/.qmail-blather/m-fred, putting each domain's qmail files in a
> separate subdirectory.
>
> --
> John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 387 6869
> [EMAIL PROTECTED], Village Trustee and Sewer Commissioner, http://iecc.com/johnl,
> Member, Provisional board, Coalition Against Unsolicited Commercial E-mail
John R Levine wrote:
>
> > All agreed, but I still don't understand Russell saying 'slashes
> > were useful to allow subdirectories'.
>
> Slashes in individual user names are indeed not very useful, but they
> can be quite handy for virtual domains. You might put a line in
> control/virtualdomains like this:
>
> blather.com:virtual-blather/m-
>
> so that the mail for [EMAIL PROTECTED] is controlled by
> ~virtual/.qmail-blather/m-fred, putting each domain's qmail files in a
> separate subdirectory.
>
> --
> John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 387 6869
> [EMAIL PROTECTED], Village Trustee and Sewer Commissioner, http://iecc.com/johnl,
> Member, Provisional board, Coalition Against Unsolicited Commercial E-mail
rubish1111
Bryan White writes:
> |/home/arcamax/ezinesub -e
> # if the above fails then it is forwarded to a human
> &[EMAIL PROTECTED]
I just want to be clear on this: ezinesub exits with 0 if the
mail should be forwarded to a human, and exits with 99 if the
mail was successfully handled by ezinesub. Right? Otherwise, it
won't work the way the comment describes it as working.
> Why don't I always get a "To:" header?
Same reason you sometimes get junk postal mail delivered to you, yet
your name appears nowhere in it. The post office only looks at the
envelope. qmail also only looks at the envelope recipient. The only
time it wades into the RFC822 morass is in qmail-inject, where it has
no choice.
> I am not always clear on what headers are getting added where but obviously
> qmail knows the recipient address. Is there an alternative way of getting
> this info like an environment variable?
Yes. The recipient address is the environment variable "RECIPIENT".
--
-russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson
Crynwr supports Open Source(tm) Software| PGPok | There is good evidence
521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
I'm trying to set up qmail with fetchmail to check pop3 server on
usa.net and send mail through my isp's server, using mailx to
display/edit mail.
My address on mindspring is [EMAIL PROTECTED] and usa.net address
is [EMAIL PROTECTED] (note there's 1 more 'l' in usa.net address).
Mindspring's server is mail.mindspring.com while usa.net's server is
pop.netaddress.com. My hostname is set to silmarill.users.mindspring.com
I followed qmail INSTALL file and "how to make qmail work with dial-up"
at
http://home.earthlink.net/~dougvw/mailqueue.html, installing 2
additional packages they recommend.
My configuration is as follows:
~alias/pppdir
~alias/.qmail-mindspring-silmarill
&[EMAIL PROTECTED]
~alias/.qmail-ppp-default
./pppdir
other aliases as recommended in INSTALL file
in /var/qmail/control
rcpthosts
localhost.mindspring.com
silmarill.user.mindspring.com
virtualdomains
:alias-ppp
[EMAIL PROTECTED]:alias-mindspring
~/.fetchmailrc
poll pop.netaddress.com proto pop3 username sillmarill
password <mypass> forcecr
Locally everything works fine, but when I do:
$ echo to: [EMAIL PROTECTED] | /var/qmail/bin/qmail-inject
I dont' receive the mail in messenger (messenger is works when i send
emails from messenger), even though /var/adm/messages says:
silmarill qmail: <various numbers> delivery 21: success:
204.68.24.19_accepted_message.
When I send mail to [EMAIL PROTECTED] from messenger and try to get
this mail with fetchmail, here's what I see:
$ fetchmail
fetchmail: Syntax error
1 message for sillmarill at pop.netaddress.com (772 octets).
reading message 1 of 1 (772 octets) fetchmail: SMTP listener doesn't
like recipient address `r@localhost'
fetchmail: can't even send to r!
flushed
On Sat, Feb 06, 1999 at 06:25:21PM -0000, D. J. Bernstein wrote:
Exim 2.02 and above also doesn't wait for a reply after sending the QUIT. I
suppose other MTAs too will catch onto this idea soon.
> Peter van Dijk writes:
> > qmail-remote immediately disconnects after sending QUIT. This is in
> > violation with RFC821 section 4.1.1
>
> No, it is not in violation of RFC 821.
>
> RFC 821 _recommends_ that the client send QUIT and wait for the reply
> before closing the connection; but there are cases where sending QUIT is
> impossible, and there are good reasons to avoid waiting for the reply.
--
Anand
System Administrator
Africa Online Ltd
http://www.anand.org
Ok then the question that comes to me is whether qmail-pop3d can support
Mailbox format and how...
Regards,
George.
-----Original Message-----
From: Mark Delany [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 05, 1999 3:28 PM
To: [EMAIL PROTECTED]; 'qmail mailing list'
Subject: Re: Maildir format and IMAP servers
At 03:26 PM 2/5/99 +0200, G?????? ????????????3O3t5/I= wrote:
>Hi Gurus,
>
> Is there any IMAP server that supports Maildir format?
Nup.
Russ Nelson has alluded to such a beast on occassions. But it's a big job
isn't it Russ?
Regards.
On 8 Feb 1999 [EMAIL PROTECTED] wrote:
>
> But it gets *really* ridiculous when knowledgeable people say "people
> everywhere will avoid you if you dress like a thug" (the rough
Listening to the radio this morning on the way to work I overheard an
interesting comment that relates to the above point indirectly. There was
a study done recently looking at the criminal history of victims and
perpetrators. The conclusion of the study was that a significant majority
of victims of crime had prior criminal records.
______
Our OS who art in CPU, UNIX be thy name.
Thy programs run, thy syscalls done,
In kernel as it is in user!
*********************************************
Matthew Gibbins
email : [EMAIL PROTECTED]
