qmail Digest 22 Jan 1999 11:00:14 -0000 Issue 528
Topics (messages 20767 through 20836):
System w/o /etc/passwd
20767 by: Balazs Nagy <[EMAIL PROTECTED]>
Solaris and qmail-remote (was: RE: increasing qmail performance)
20768 by: Andrew Richards <[EMAIL PROTECTED]>
20823 by: Anand Buddhdev <[EMAIL PROTECTED]>
20830 by: "D. J. Bernstein" <[EMAIL PROTECTED]>
20832 by: Russ Allbery <[EMAIL PROTECTED]>
new version of qmail
20769 by: Van Liedekerke Franky <[EMAIL PROTECTED]>
20770 by: Harald Hanche-Olsen <[EMAIL PROTECTED]>
20784 by: Dave Sill <[EMAIL PROTECTED]>
VERH [was VERB]
20771 by: Keith Burdis <[EMAIL PROTECTED]>
20785 by: Bruno Wolff III <[EMAIL PROTECTED]>
20786 by: "Fred Lindberg" <[EMAIL PROTECTED]>
20794 by: Russell Nelson <[EMAIL PROTECTED]>
mbox and maildir
20772 by: "A.Y. Sjarifuddin" <[EMAIL PROTECTED]>
20773 by: Mate Wierdl <[EMAIL PROTECTED]>
ORBS listing qmail hosts?
20774 by: Jeff Hayward <[EMAIL PROTECTED]>
Fw: ORBS Returns
20775 by: "Adam D. McKenna" <[EMAIL PROTECTED]>
20776 by: Jeff Hayward <[EMAIL PROTECTED]>
20789 by: Mate Wierdl <[EMAIL PROTECTED]>
20790 by: Vince Vielhaber <[EMAIL PROTECTED]>
ORBS listing qmail hosts? [maybe not]
20777 by: Jeff Hayward <[EMAIL PROTECTED]>
ORBS Returns
20778 by: "Soffen, Matthew" <[EMAIL PROTECTED]>
20780 by: "Adam D. McKenna" <[EMAIL PROTECTED]>
20781 by: "Adam D. McKenna" <[EMAIL PROTECTED]>
20782 by: "Soffen, Matthew" <[EMAIL PROTECTED]>
20783 by: "Soffen, Matthew" <[EMAIL PROTECTED]>
20788 by: Mate Wierdl <[EMAIL PROTECTED]>
20791 by: Mate Wierdl <[EMAIL PROTECTED]>
20792 by: Justin Bell <[EMAIL PROTECTED]>
Anyone got any ideas?
20779 by: [EMAIL PROTECTED] (Chris Naden)
Netscape and Maildir
20787 by: Steve Vertigan <[EMAIL PROTECTED]>
20831 by: "D. J. Bernstein" <[EMAIL PROTECTED]>
changing the VERP delimiter
20793 by: Tim Pierce <[EMAIL PROTECTED]>
20818 by: Russ Allbery <[EMAIL PROTECTED]>
20819 by: Tim Pierce <[EMAIL PROTECTED]>
20820 by: Russ Allbery <[EMAIL PROTECTED]>
20833 by: "D. J. Bernstein" <[EMAIL PROTECTED]>
20834 by: Harald Hanche-Olsen <[EMAIL PROTECTED]>
Three solutions for spam
20795 by: [EMAIL PROTECTED] (Andy Smith)
20835 by: Russ Allbery <[EMAIL PROTECTED]>
20836 by: Russ Allbery <[EMAIL PROTECTED]>
file descriptors
20796 by: "Jozef Gniadek" <[EMAIL PROTECTED]>
20797 by: "Peter C. Norton" <[EMAIL PROTECTED]>
20798 by: James Smallacombe <[EMAIL PROTECTED]>
No HELO greeting from qmail-send?
20799 by: Daniel Garcia <[EMAIL PROTECTED]>
20801 by: "Timothy L. Mayo" <[EMAIL PROTECTED]>
20805 by: Richard Letts <[EMAIL PROTECTED]>
problem routing message to pipe
20800 by: "Bryan White" <[EMAIL PROTECTED]>
20802 by: Russell Nelson <[EMAIL PROTECTED]>
20804 by: "Bryan White" <[EMAIL PROTECTED]>
20806 by: Russell Nelson <[EMAIL PROTECTED]>
qmail tuning question
20803 by: Bill Parker <[EMAIL PROTECTED]>
qmail and mailing list of Real Audio attachments
20807 by: [EMAIL PROTECTED]
20808 by: Mark Delany <[EMAIL PROTECTED]>
20809 by: "Sam" <[EMAIL PROTECTED]>
QMAIL question
20810 by: Gonzalo S. <[EMAIL PROTECTED]>
20814 by: Stuart Young <[EMAIL PROTECTED]>
qmail-pop3d/child crashed
20811 by: David Ressman <[EMAIL PROTECTED]>
Local delivery and host masquerading, again
20812 by: Niels Jensen <[EMAIL PROTECTED]>
20813 by: "Sam" <[EMAIL PROTECTED]>
20816 by: Russell Nelson <[EMAIL PROTECTED]>
Building new mail system
20815 by: "Robert Adams" <[EMAIL PROTECTED]>
Question about POP3 access
20817 by: "Aijaz A. Ansari" <[EMAIL PROTECTED]>
qmail-popbull.patch
20821 by: Steve Vertigan <[EMAIL PROTECTED]>
20822 by: John Gonzalez/netMDC admin <[EMAIL PROTECTED]>
Some Progress...
20824 by: "D. J. Bernstein" <[EMAIL PROTECTED]>
remember this?
20825 by: "D. J. Bernstein" <[EMAIL PROTECTED]>
HELP ! qmail-pop3d not timing out.
20826 by: "D. J. Bernstein" <[EMAIL PROTECTED]>
pipelining
20827 by: "D. J. Bernstein" <[EMAIL PROTECTED]>
VERB
20828 by: "D. J. Bernstein" <[EMAIL PROTECTED]>
Qmail's user database
20829 by: "D. J. Bernstein" <[EMAIL PROTECTED]>
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
On Wed, 20 Jan 1999, Robert Adams wrote:
> user on the system. Anyone know of a way to get around this? Say, to tell
> qmail to drop all mail to something like /mail/u/s/username?
Virtual hosting. I do the same.
Regards: Jul
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
>>BSD can handle a concurrency of 255 in one qmail-send process, though
>>...snip...
>Yes. Since you're not using Solaris you should be able to fit a huge
>number of qmail-remote processes into 128MB. Make sure to compile
>everything statically.
>---Dan
Hi,
As someone looking at using Qmail on Solaris, what is the issue with
Solaris alluded to above?
cheers,
Andrew Richards.
On Thu, Jan 21, 1999 at 12:20:18PM -0000, Andrew Richards wrote:
> >>BSD can handle a concurrency of 255 in one qmail-send process, though
> >>...snip...
> >Yes. Since you're not using Solaris you should be able to fit a huge
> >number of qmail-remote processes into 128MB. Make sure to compile
> >everything statically.
> >---Dan
>
> Hi,
>
> As someone looking at using Qmail on Solaris, what is the issue with
> Solaris alluded to above?
I'm also considering running qmail on Solaris, and I'd be interested in
knowing what exception to be aware of on Solaris. The Solaris version is
2.5.1
--
Anand
Andrew Richards writes:
> As someone looking at using Qmail on Solaris, what is the issue with
> Solaris alluded to above?
Solaris fritters away quite a bit of memory in each networking process.
This limits the number of simultaneous processes that you can run.
---Dan
D J Bernstein <[EMAIL PROTECTED]> writes:
> Andrew Richards writes:
>> As someone looking at using Qmail on Solaris, what is the issue with
>> Solaris alluded to above?
> Solaris fritters away quite a bit of memory in each networking process.
> This limits the number of simultaneous processes that you can run.
The number I've heard is that setting up a new network TCP connection
requires ~200KB of kernel memory. How much of that is then freed after
the connection is up, I don't know.
--
Russ Allbery ([EMAIL PROTECTED]) <URL:http://www.eyrie.org/~eagle/>
Hi,
just wandering when/if the next version is comming out? I see lots of
patches and fixes that could be bundled together for a new qmail: ldap, uce,
oversize dns, and many more. I always see "qmail 2" mentioned in the mailing
list...
If there was a turn on/off method for these extras, instead of having to
install them as patches...
Franky
- Van Liedekerke Franky <[EMAIL PROTECTED]>:
| just wandering when/if the next version is comming out?
This should probably make it into the FAQ... The obvious answer is
that qmail 2 is released when it is finished. Like most people who
develop free software while having many other commitments, Dan has
obviously learned how dangerous it is to even hint at a release date:
People will begin to take that as a promise, no matter how careful
your choice of words. And when the inevitable happens and the release
date slips, people get annoyed. Better not to say anything.
Of course, I do not speak for Dan in this matter. It's just a general
observation that anybody could make for themselves.
- Harald
Van Liedekerke Franky <[EMAIL PROTECTED]> wrote:
>
>just wandering when/if the next version is comming out? I see lots of
>patches and fixes that could be bundled together for a new qmail: ldap, uce,
>oversize dns, and many more. I always see "qmail 2" mentioned in the mailing
>list...
>If there was a turn on/off method for these extras, instead of having to
>install them as patches...
I would be surprised to see many of these add-ons bundled into a
future version of qmail.
-Dave
On Thu 1999-01-21 (04:40), Russell Nelson wrote:
> Fred Lindberg writes:
> > On 19 Jan 1999 20:11:56 -0000, Russell Nelson wrote:
> >
> > >Okay, VERP has solved the bounce problem. Now we need VERB (Variable
> > >Envelope Recipient in Body) to solve the unsubscribe problem.
> > >Basically, we need qmail-remote to merge the envelope recipient into
> > >the message somewhere. The problem, of course, is *where* to insert
> >
> > I think the substitution idea is good, but putting it into the message
> > is Not Good (TM). qmail should not under any circumstances corrupt the
> > message, which might contain any character sequence.
>
> Right, that's the conundrum. It has to be in the body to be useful,
> yet it cannot be in the body. Maybe a magical header which means
> "When you see X, substitute the envelope recipient"? Like this:
>
> VERB-Substitute: 4jiu%8@#l
>
> No header, no body munging.
How about a header like:
X-Append: To unsubscribe send mail to: qmail-unsubsribe-$USER=$[EMAIL PROTECTED]
And then the contents of that header get appended to the end of the message.
That way you don't actually have to alter the contents of the message at all.
- Keith
> -russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson
--
Keith Burdis - MSc (Com Sci) - Rhodes University, South Africa
Email : [EMAIL PROTECTED]
WWW : http://www.rucus.ru.ac.za/~keith/
IRC : Panthras JAPH
"Any technology sufficiently advanced is indistinguishable from a perl script"
Standard disclaimer.
---
On Wed, Jan 20, 1999 at 09:11:00AM -0600,
Fred Lindberg <[EMAIL PROTECTED]> wrote:
> On 19 Jan 1999 20:11:56 -0000, Russell Nelson wrote:
>
> There is rfc2069 which describes how to put unsubscribe info into
> headers. I think putting it there, maybe doing VERH expansion like VERP
> -@[] or separate tokens for LOCAL and HOST? The flag controlling this
> could be if VERP is used for the message.
I think you mean RFC 2369 (The Use of URLs as Meta-Syntax for Core Mail List
Commands and their Transport through Message Header Fields). RFC 2069 is
the HTTP RFC.
On Thu, 21 Jan 1999 10:26:54 -0600, Bruno Wolff III wrote:
>I think you mean RFC 2369 (The Use of URLs as Meta-Syntax for Core Mail List
>Commands and their Transport through Message Header Fields). RFC 2069 is
>the HTTP RFC.
Sorry ... Yes. Thanks!
It's a standards-track rfc and proposes the headers
(List-post/unsubscribe, etc) and that MUA support them via a
user-friendly interface. Thus, to unsubscribe you click the
"unsubscribe" button. I've been told (but haven't confirmed) that there
are plans for Mutt to support this. The discussion on header bloat vs
stry posts is pretty reasonable. The mechanism is general enough to
support also MLMs that rely on subject/body commands.
It's trivial to implement in ezmlm (DIR/headeradd), _provided that_
qmail can do the substitution. qmail could limit substitution to the
header (good) and maybe to "List-*" headers (although it might be nice
to leave it a more general mechanism). There are certain downsides to a
general mechanism: You could have "To: #U#@#H#" and defeat a set of
spam filters, but IMHO, this shouldn't deter from making qmail better.
-Sincerely, Fred
(Frederik Lindberg, Infectious Diseases, WashU, St. Louis, MO, USA)
Keith Burdis writes:
> How about a header like:
>
> X-Append: To unsubscribe send mail to: qmail-unsubsribe-$USER=$[EMAIL PROTECTED]
>
> And then the contents of that header get appended to the end of the message.
> That way you don't actually have to alter the contents of the message at all.
As Fred Lindberg pointed out, that breaks multipart/alternative
messages, but heck, they're broken anyway, if you ask me.
--
-russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson
Crynwr supports Open Source(tm) Software| PGPok | There is good evidence
521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
Dear All,
Once again, I'd like to know how to setup dot-qmail to be able using
both maildir and mailbox in every home directory?
Thanks
On Thu, Jan 21, 1999 at 08:39:48PM +0700, A.Y. Sjarifuddin wrote:
> Dear All,
>
> Once again, I'd like to know how to setup dot-qmail to be able using
> both maildir and mailbox in every home directory?
./Mailbox
./Maildir/
--
---
Mate Wierdl | Dept. of Math. Sciences | University of Memphis
As you may know the ORBS "open relay" listing service is back in
business. There is a thread on news.admin.net-abuse.email (ref:
Message-Id: <785s3a$[EMAIL PROTECTED]>) which hints that ORBS
will be listing qmail sites due to the "bounce to forged sender"
attack that Russ noted here some time ago.
Is anyone seeing their qmail host being listed in ORBS for that
reason?
-- Jeff Hayward
For those who are not fans of obscurity, here is the news post that was
referred to RE: ORBS
--Adam
-----Original Message-----
From: Paul Schmehl <TINLC#[EMAIL PROTECTED]>
Newsgroups: news.admin.net-abuse.email
Date: Wednesday, January 20, 1999 7:02 PM
Subject: Re: ORBS Returns
:On 21 Jan 1999 00:24:10 GMT, [EMAIL PROTECTED] (Andrew
:Gideon) felt it essential to add to the discussion:
:
:[snip]
:
:> 2. Why is scam.xcf.berkeley.edu (128.32.43.201) listed?
:
:Perhaps because all it takes is a little creativity to relay through
:it? All I'd have to do is find a legitimate party for the RCPT TO:
:line, and I can mail to as many people as I want.
:
:>telnet 128.32.43.201 25
:>Trying 128.32.43.201...
:>Connected to 128.32.43.201.
:>Escape character is '^]'.
:>220 scam.xcf.berkeley.edu ESMTP
:>HELO testing
:>250 scam.xcf.berkeley.edu
:>MAIL FROM: testing
:>250 ok
:>RCPT TO: [EMAIL PROTECTED]
:>553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
:>MAIL TO: [EMAIL PROTECTED]
:>250 ok
:>DATA
:>503 RCPT first (#5.5.1)
:>RCPT TO: testing
:>250 ok
:>DATA
:>354 go ahead
:>Testing for open relay
:>.
:>250 ok 916876400 qp 11121
:>QUIT
:>221 scam.xcf.berkeley.edu
:>Connection closed by foreign host.
:>
:>Return-Path: <>
:>Received: from poteidaia.utdallas.edu (null-smtp.utdallas.edu
[192.168.1.1])
:> by area51.utdallas.edu (8.9.1/8.9.1/cyrus-2.1) with ESMTP id RAA20900
:> for <[EMAIL PROTECTED]>; Wed, 20 Jan 1999 17:47:59 -0600 (CST)
:>Received: from scam.xcf.berkeley.edu (scam.XCF.Berkeley.EDU
[128.32.43.201])
:> by poteidaia.utdallas.edu (8.9.1/8.9.1/null-3.5) with SMTP id RAA12136
:> for <[EMAIL PROTECTED]>; Wed, 20 Jan 1999 17:52:08 -0600 (CST)
:>Message-Id: <[EMAIL PROTECTED]>
:>Received: (qmail 11129 invoked for bounce); 20 Jan 1999 23:53:20 -0000
:>Date: 20 Jan 1999 23:53:20 -0000
:>From: [EMAIL PROTECTED]
:>To: [EMAIL PROTECTED]
:>Subject: failure notice
:>
:>Hi. This is the qmail-send program at scam.xcf.berkeley.edu.
:>I'm afraid I wasn't able to deliver your message to the following
addresses.
:>This is a permanent error; I've given up. Sorry it didn't work out.
:>
:><[EMAIL PROTECTED]>:
:>Sorry, no mailbox here by that name. (#5.1.1)
:>
:>--- Below this line is a copy of the message.
:>
:>Return-Path: <[EMAIL PROTECTED]>
:>Received: (qmail 11121 invoked from network); 20 Jan 1999 23:53:10 -0000
:>Received: from inca.utdallas.edu (HELO testing) ([EMAIL PROTECTED])
:> by scam.xcf.berkeley.edu with SMTP; 20 Jan 1999 23:53:10 -0000
:>Testing for open relay
:
:http://www.utdallas.edu/~pauls/ (Paul Schmehl)
:Technical Support Services Manager
:University of Texas at Dallas
:Texas resident. Don't mess with Texas.
Sorry, I had assumed that folks are generally competent enough to
retrieve the article from, say, dejanews given the message-id. Three
clicks, 1 cut/paste. My error. -- Jeff
On Thu, 21 Jan 1999, Adam D. McKenna wrote:
For those who are not fans of obscurity, here is the news post that was
referred to RE: ORBS
For those who are not fans of obscurity, here is the news post that was
referred to RE: ORBS
How does that post show that a qmail host is an open relay? Qmail
simply sent a bounce to the envelope sender about an unknown local
mailbox. Perhaps the poster thought that if qmail-smtpd does not give
an error during the conversation then it is willing to relay.
Mate
On Thu, 21 Jan 1999, Mate Wierdl wrote:
>
> For those who are not fans of obscurity, here is the news post that was
> referred to RE: ORBS
>
> How does that post show that a qmail host is an open relay? Qmail
> simply sent a bounce to the envelope sender about an unknown local
> mailbox. Perhaps the poster thought that if qmail-smtpd does not give
> an error during the conversation then it is willing to relay.
The impression I got was that he had no clue as to what he was doing
at the time.
Vince.
--
==========================================================================
Vince Vielhaber -- KA8CSH email: [EMAIL PROTECTED] flame-mail: /dev/null
# include <std/disclaimers.h> TEAM-OS2
Online Searchable Campground Listings http://www.camping-usa.com
"There is no outfit less entitled to lecture me about bloat
than the federal government" -- Tony Snow
==========================================================================
Sorry to follow up my own post but I note that as of now ORBS
(http://www.orbs.org) is *not* listing the host mentioned in the
referenced usenet article, so this may have been a false alarm.
-- Jeff
I just tried this little "exploit" on the qmail 1.01 machine at my
house:
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.soffen.com ESMTP
HELO testing
250-mail.soffen.com
250-PIPELINING
250 8BITMIME
MAIL FROM:<testing>
250 ok
RCPT TO: <[EMAIL PROTECTED]>
553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
MAIL TO: <[EMAIL PROTECTED]>
503 one MAIL per message (#5.5.1)
So between this exmaple and the fact that his qmail seems to have been
hacked so that it allows the directive MAIL TO to work, I don't know
what to believe. This is a vanilla qmail setup with only the GMT to
LOCAL time patch applied.
Matt Soffen
Webmaster - http://www.iso-ne.com/
==============================================
Boss - "My boss says we need some eunuch programmers."
Dilbert - "I think he means UNIX and I already know UNIX."
Boss - "Well, if the company nurse comes by, tell her I said
never mind."
- Dilbert -
==============================================
> ----------
> From: Adam D. McKenna[SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, January 21, 1999 10:49 AM
> To: [EMAIL PROTECTED]
> Subject: Fw: ORBS Returns
>
> For those who are not fans of obscurity, here is the news post that
> was
> referred to RE: ORBS
>
> --Adam
>
> -----Original Message-----
> From: Paul Schmehl <TINLC#[EMAIL PROTECTED]>
> Newsgroups: news.admin.net-abuse.email
> Date: Wednesday, January 20, 1999 7:02 PM
> Subject: Re: ORBS Returns
>
>
> :On 21 Jan 1999 00:24:10 GMT, [EMAIL PROTECTED]
> (Andrew
> :Gideon) felt it essential to add to the discussion:
> :
> :[snip]
> :
> :> 2. Why is scam.xcf.berkeley.edu (128.32.43.201) listed?
> :
> :Perhaps because all it takes is a little creativity to relay through
> :it? All I'd have to do is find a legitimate party for the RCPT TO:
> :line, and I can mail to as many people as I want.
> :
> :>telnet 128.32.43.201 25
> :>Trying 128.32.43.201...
> :>Connected to 128.32.43.201.
> :>Escape character is '^]'.
> :>220 scam.xcf.berkeley.edu ESMTP
> :>HELO testing
> :>250 scam.xcf.berkeley.edu
> :>MAIL FROM: testing
> :>250 ok
> :>RCPT TO: [EMAIL PROTECTED]
> :>553 sorry, that domain isn't in my list of allowed rcpthosts
> (#5.7.1)
> :>MAIL TO: [EMAIL PROTECTED]
> :>250 ok
> :>DATA
> :>503 RCPT first (#5.5.1)
> :>RCPT TO: testing
> :>250 ok
> :>DATA
> :>354 go ahead
> :>Testing for open relay
> :>.
> :>250 ok 916876400 qp 11121
> :>QUIT
> :>221 scam.xcf.berkeley.edu
> :>Connection closed by foreign host.
> :>
> :>Return-Path: <>
> :>Received: from poteidaia.utdallas.edu (null-smtp.utdallas.edu
> [192.168.1.1])
> :> by area51.utdallas.edu (8.9.1/8.9.1/cyrus-2.1) with ESMTP id
> RAA20900
> :> for <[EMAIL PROTECTED]>; Wed, 20 Jan 1999 17:47:59 -0600
> (CST)
> :>Received: from scam.xcf.berkeley.edu (scam.XCF.Berkeley.EDU
> [128.32.43.201])
> :> by poteidaia.utdallas.edu (8.9.1/8.9.1/null-3.5) with SMTP id
> RAA12136
> :> for <[EMAIL PROTECTED]>; Wed, 20 Jan 1999 17:52:08 -0600 (CST)
> :>Message-Id: <[EMAIL PROTECTED]>
> :>Received: (qmail 11129 invoked for bounce); 20 Jan 1999 23:53:20
> -0000
> :>Date: 20 Jan 1999 23:53:20 -0000
> :>From: [EMAIL PROTECTED]
> :>To: [EMAIL PROTECTED]
> :>Subject: failure notice
> :>
> :>Hi. This is the qmail-send program at scam.xcf.berkeley.edu.
> :>I'm afraid I wasn't able to deliver your message to the following
> addresses.
> :>This is a permanent error; I've given up. Sorry it didn't work out.
> :>
> :><[EMAIL PROTECTED]>:
> :>Sorry, no mailbox here by that name. (#5.1.1)
> :>
> :>--- Below this line is a copy of the message.
> :>
> :>Return-Path: <[EMAIL PROTECTED]>
> :>Received: (qmail 11121 invoked from network); 20 Jan 1999 23:53:10
> -0000
> :>Received: from inca.utdallas.edu (HELO testing)
> ([EMAIL PROTECTED])
> :> by scam.xcf.berkeley.edu with SMTP; 20 Jan 1999 23:53:10 -0000
> :>Testing for open relay
> :
> :http://www.utdallas.edu/~pauls/ (Paul Schmehl)
> :Technical Support Services Manager
> :University of Texas at Dallas
> :Texas resident. Don't mess with Texas.
>
>
>
>
I don't know what the guy's problem is. It says quite clearly in RFC821
that the MAIL command can only be used to set the return-path. I've replied
via news.
I hate it when clueless people start admining things like this.
--Adam
From: Soffen, Matthew <[EMAIL PROTECTED]>
:RCPT TO: <[EMAIL PROTECTED]>
:553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
:MAIL TO: <[EMAIL PROTECTED]>
:503 one MAIL per message (#5.5.1)
This was probably changed later on because the RFC says that the MAIL
command should clear both the forward and return-path buffers.
MAIL (MAIL)
[snip]
This command clears the reverse-path buffer, the
forward-path buffer, and the mail data buffer; and inserts
the reverse-path information from this command into the
reverse-path buffer.
--Adam
As I said, I think that his qmail has been hacked (by someone who didn't
know what they were doing).
Matt Soffen
Webmaster - http://www.iso-ne.com/
==============================================
Boss - "My boss says we need some eunuch programmers."
Dilbert - "I think he means UNIX and I already know UNIX."
Boss - "Well, if the company nurse comes by, tell her I said
never mind."
- Dilbert -
==============================================
> ----------
> From: Adam D. McKenna[SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, January 21, 1999 11:14 AM
> To: [EMAIL PROTECTED]
> Subject: Re: ORBS Returns
>
> I don't know what the guy's problem is. It says quite clearly in
> RFC821
> that the MAIL command can only be used to set the return-path. I've
> replied
> via news.
>
> I hate it when clueless people start admining things like this.
>
> --Adam
>
>
Ok.. It must have been changed in qmail 1.02 or 1.03 (Sorry.. Then I
guess it wasn't hacked).
Matt Soffen
Webmaster - http://www.iso-ne.com/
==============================================
Boss - "My boss says we need some eunuch programmers."
Dilbert - "I think he means UNIX and I already know UNIX."
Boss - "Well, if the company nurse comes by, tell her I said
never mind."
- Dilbert -
==============================================
> ----------
> From: Adam D. McKenna[SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, January 21, 1999 11:16 AM
> To: [EMAIL PROTECTED]
> Subject: Re: ORBS Returns
>
> From: Soffen, Matthew <[EMAIL PROTECTED]>
>
>
> :RCPT TO: <[EMAIL PROTECTED]>
> :553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
> :MAIL TO: <[EMAIL PROTECTED]>
> :503 one MAIL per message (#5.5.1)
>
> This was probably changed later on because the RFC says that the MAIL
> command should clear both the forward and return-path buffers.
>
> MAIL (MAIL)
> [snip]
> This command clears the reverse-path buffer, the
> forward-path buffer, and the mail data buffer; and inserts
> the reverse-path information from this command into the
> reverse-path buffer.
>
> --Adam
>
>
So between this exmaple and the fact that his qmail seems to have been
hacked so that it allows the directive MAIL TO to work, I don't know
what to believe.
I think `mail to' is interpreted as `mail from' under qmail-smtpd.
You can even use `mail cookie' if you want to, like
mail cookie: [EMAIL PROTECTED]
Similarly for `rcpt to'.
Here is a sample conversation:
$ telnet thales 25
Trying 141.225.37.221...
Connected to thales.memphis.edu.
Escape character is '^]'.
220 thales.memphis.edu ESMTP
mail cookie: [EMAIL PROTECTED]
250 ok
rcpt relaygoodies: [EMAIL PROTECTED]
250 ok
data
354 go ahead
to: [EMAIL PROTECTED]
Subject: funny stuff
blah
.
250 ok 916937857 qp 2470
quit
221 thales.memphis.edu
Connection closed by foreign host.
Here is the resulting message
>From [EMAIL PROTECTED] Thu Jan 21 16:57:37 1999
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 2470 invoked from network); 21 Jan 1999 16:57:04 -0000
Received: from wierdlmpc.msci.memphis.edu ([EMAIL PROTECTED])
by thales.memphis.edu with SMTP; 21 Jan 1999 16:57:04 -0000
to: [EMAIL PROTECTED]
Subject: funny stuff
blah
Mate
:RCPT TO: <[EMAIL PROTECTED]>
:553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
:MAIL TO: <[EMAIL PROTECTED]>
:503 one MAIL per message (#5.5.1)
I do not get this in 1.03 anymore (I can specify as many MAIL as I want).
Mate
On Thu, Jan 21, 1999 at 11:46:06AM -0600, Mate Wierdl wrote:
#
# :RCPT TO: <[EMAIL PROTECTED]>
# :553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
# :MAIL TO: <[EMAIL PROTECTED]>
# :503 one MAIL per message (#5.5.1)
#
# I do not get this in 1.03 anymore (I can specify as many MAIL as I want).
#
correct, but it seems that ever MAIL command clears the queue/whatever in the
session, and every MAIL argument seems to be interpreted asa MAIL FROM:
--
/- [EMAIL PROTECTED] --------------- [EMAIL PROTECTED] -\
|Justin Bell NIC:JB3084| Time and rules are changing. |
|Pearson | Attention span is quickening. |
|Developer | Welcome to the Information Age. |
\-------- http://www.superlibrary.com/people/justin/ ----------/
This may not be the appropriate list, but does
anyone have an explanation for a fully working and
stable version of pine on a system where pine.conf
does not appear to exist? I'm stumped.
~Chris
I just converted a system to qmail wtih Maildir delivery. Most clients seem
fine but one client rang up who said that Netscape would connect, start
downloading headers and then hang. I assumed this was to do with Netscapes
inaccurate progress bar and a large message but later that day got a call
from one of the other administrators who said that Maildir/new was empty but
there were files in Maildir/cur. I suggested copying the files to new and
seeing if she could download then which I assume worked as I didn't hear
back. Does anyone know what would cause this?
This is a little embarrassing as I assured them it would be an unoticeable
transition and I also managed to bounce some virtual domain mail :-(. On
the bright side the previous admin munged *all* the aliases and virtual
domains on a sendmail install on a new machine so I haven't been drawn and
quartered yet.
Regards,
--Steve
Steve Vertigan writes:
> Most clients seem
> fine but one client rang up who said that Netscape would connect, start
> downloading headers and then hang.
Perhaps there was noise on the modem line. If it happens again, you
could use tcpdump or ucspi-tcp/recordio to see what's actually being
transmitted through the POP connection.
---Dan
[ I sent this to qmail-help a month or so ago, but had no response. ]
I'm using qmail as the outbound mail agent on a machine that runs
sendmail for incoming mail. I would like to modify qmail to use "+"
in constructing per-recipient VERPs on outgoing mail. That's
necessary to make sendmail accept the bounces, and would permit me to
hack SmartList to take advantage of VERPs for accurate bounce
processing.
I thought that changing conf-break would change the character used to
construct VERPs. However, it looks like conf-break only affects the
delimiter that qmail-smtpd looks for on incoming messages. No matter
what's in conf-break, VERPs are still constructed with "-" as the
delimiter.
Is this intentional? It doesn't seem to make sense to me, and I'd
like to know what I'm missing.
--
Regards,
Tim Pierce
RootsWeb Genealogical Data Cooperative
system obfuscator and hack-of-all-trades
--
Regards,
Tim Pierce
RootsWeb Genealogical Data Cooperative
system obfuscator and hack-of-all-trades
Tim Pierce <[EMAIL PROTECTED]> writes:
> [ I sent this to qmail-help a month or so ago, but had no response. ]
I'm not sure where that address goes, off-hand, but this is probably a
better one.
> I'm using qmail as the outbound mail agent on a machine that runs
> sendmail for incoming mail. I would like to modify qmail to use "+" in
> constructing per-recipient VERPs on outgoing mail. That's necessary to
> make sendmail accept the bounces, and would permit me to hack SmartList
> to take advantage of VERPs for accurate bounce processing.
> I thought that changing conf-break would change the character used to
> construct VERPs. However, it looks like conf-break only affects the
> delimiter that qmail-smtpd looks for on incoming messages. No matter
> what's in conf-break, VERPs are still constructed with "-" as the
> delimiter.
Hm. I'm not entirely sure what you're seeing here, since it isn't quite
the way that I believe VERPs work. qmail-send translates a return address
of the form:
list-bounces-@host-@[]
to:
list-bounces-recipbox=reciphost@host
and it uses the presence of -@[] to decide whether to do that. The -@[]
string is fixed (hard-coded in qmail-send.c), but the - there shouldn't
matter because it's stripped. The VERP process doesn't appear to add any
other break characters; instead, it uses the characters already in the
address.
So if you just fix whatever it is that you're using to send mail so that
instead of generating return addresses of the form:
list-bounces-@host-@[]
it generates them as:
list+bounces+@host-@[]
I believe you'll immediately get what you want.
--
Russ Allbery ([EMAIL PROTECTED]) <URL:http://www.eyrie.org/~eagle/>
On Thu, Jan 21, 1999 at 09:26:55PM -0800, Russ Allbery wrote:
> So if you just fix whatever it is that you're using to send mail so that
> instead of generating return addresses of the form:
>
> list-bounces-@host-@[]
>
> it generates them as:
>
> list+bounces+@host-@[]
>
> I believe you'll immediately get what you want.
Mail is sent with a wrapper around qmail-inject, with an environment
of:
QMAILSUSER = list-request
QMAILSHOST = rootsweb.com
QMAILINJECT = r
Am I doing it the wrong way? This is the only reference to VERPs I
could find in the qmail-inject, qmail-send, qmail, qmail-smtpd
etc. man pages.
--
Regards,
Tim Pierce
RootsWeb Genealogical Data Cooperative
system obfuscator and hack-of-all-trades
Tim Pierce <[EMAIL PROTECTED]> writes:
> Mail is sent with a wrapper around qmail-inject, with an environment of:
> QMAILSUSER = list-request
> QMAILSHOST = rootsweb.com
> QMAILINJECT = r
> Am I doing it the wrong way? This is the only reference to VERPs I
> could find in the qmail-inject, qmail-send, qmail, qmail-smtpd etc. man
> pages.
addresses(5) has some more information. Yup, looks like a bug in
qmail-inject, which appears to be unconditionally adding - rather than
using conf-break. The following patch should fix it.
WARNING: Untested.
--- qmail-1.03/Makefile.orig Mon Jun 15 03:53:16 1998
+++ qmail-1.03/Makefile Thu Jan 21 22:07:12 1999
@@ -1139,12 +1139,12 @@
load qmail-inject.o headerbody.o hfield.o newfield.o quote.o now.o \
control.o date822fmt.o constmap.o qmail.o case.a fd.a wait.a open.a \
getln.a sig.a getopt.a datetime.a token822.o env.a stralloc.a alloc.a \
-substdio.a error.a str.a fs.a auto_qmail.o
+substdio.a error.a str.a fs.a auto_break.o auto_qmail.o
./load qmail-inject headerbody.o hfield.o newfield.o \
quote.o now.o control.o date822fmt.o constmap.o qmail.o \
case.a fd.a wait.a open.a getln.a sig.a getopt.a datetime.a \
token822.o env.a stralloc.a alloc.a substdio.a error.a \
- str.a fs.a auto_qmail.o
+ str.a fs.a auto_break.o auto_qmail.o
qmail-inject.0: \
qmail-inject.8
@@ -1155,7 +1155,8 @@
subfd.h substdio.h sgetopt.h subgetopt.h getln.h alloc.h str.h fmt.h \
hfield.h token822.h gen_alloc.h control.h env.h gen_alloc.h \
gen_allocdefs.h error.h qmail.h substdio.h now.h datetime.h exit.h \
-quote.h headerbody.h auto_qmail.h newfield.h stralloc.h constmap.h
+quote.h headerbody.h auto_break.h auto_qmail.h newfield.h stralloc.h \
+constmap.h
./compile qmail-inject.c
qmail-limits.0: \
--- qmail-1.03/qmail-inject.c.orig Mon Jun 15 03:53:16 1998
+++ qmail-1.03/qmail-inject.c Thu Jan 21 22:06:13 1999
@@ -19,6 +19,7 @@
#include "exit.h"
#include "quote.h"
#include "headerbody.h"
+#include "auto_break.h"
#include "auto_qmail.h"
#include "newfield.h"
#include "constmap.h"
@@ -479,13 +480,13 @@
if (!stralloc_copys(&hackedruser,mailruser)) die_nomem();
if (flaghackmess)
{
- if (!stralloc_cats(&hackedruser,"-")) die_nomem();
+ if (!stralloc_cats(&hackedruser,auto_break)) die_nomem();
if (!stralloc_catb(&hackedruser,strnum,fmt_ulong(strnum,(unsigned long)
starttime))) die_nomem();
if (!stralloc_cats(&hackedruser,".")) die_nomem();
if (!stralloc_catb(&hackedruser,strnum,fmt_ulong(strnum,(unsigned long)
getpid()))) die_nomem();
}
if (flaghackrecip)
- if (!stralloc_cats(&hackedruser,"-")) die_nomem();
+ if (!stralloc_cats(&hackedruser,auto_break)) die_nomem();
if (!token822_ready(&drp,10)) die_nomem();
drp.len = 0;
drp.t[drp.len].type = TOKEN822_ATOM;
--
Russ Allbery ([EMAIL PROTECTED]) <URL:http://www.eyrie.org/~eagle/>
Tim Pierce writes:
> Is this intentional?
Yes. Dash-separated extensions are used in the .qmail-*-default
mechanism, qmail-inject VERPs, ezmlm VERPs, etc.
conf-break is the default user-ext delimiter. It doesn't affect the use
of dashes inside extensions.
---Dan
- "D. J. Bernstein" <[EMAIL PROTECTED]>:
| Tim Pierce writes:
| > Is this intentional?
|
| Yes. Dash-separated extensions are used in the .qmail-*-default
| mechanism, qmail-inject VERPs, ezmlm VERPs, etc.
|
| conf-break is the default user-ext delimiter. It doesn't affect the use
| of dashes inside extensions.
And here lies a trap for the unwary (one that I have fallen in
myself) if you, like us, use a nonstandard conf-break character:
We use + at out site. Putting virtual.dom:foo in virtualdomains and
expecting to control this by ~alias/.qmail-foo-default does not work.
Instead, you must put virtual.dom:alias+foo in virtualdomains, and it
will work. This has the added benefit of not inadvertently giving
away the virtual domain should you ever create a user foo, so I
generally recommend using alias-foo in virtualdomains even for those
sites with a standard conf-break.
- Harald
On 19 Jan 1999 16:05:32 -0800, Russ Allbery <[EMAIL PROTECTED]> wrote:
>Racer X <[EMAIL PROTECTED]> writes:
>
>>> Of course there is. Blocking port 25 for all their dialup lines is a
>>> simple router configuration. Re-enabling it on a customer-by-customer
>>> basis on dynamic dialups requires software to interact with the
>>> terminal authentication server that they'd probably have to write
>>> themselves.
>
>> Wrong. It simply requires you to use Radius and network equipment that
>> allows you to send back filters in your Radius authentication.
>
>Good, I'm glad to hear that it's improved. (It certainly used to be the
>case that this was hard.) So how many ISPs are going to be willing to do
>this? The cost that I was talking about is not only programming effort
>(thankfully apparently not an issue) but also administrative overhead.
>(See below.)
FWIW we have one customer with a number of standard dial-up accounts for
their employees. At their request we use this method to filter their access
even though they have dynamic IP addresses. We'd probably do what has been
suggested (disallow port 25 access then re-enable for those few that really
need it), but we don't see much direct spamming from dial-ups here. Maybe
it is because of per-minute charging on local calls in the UK, maybe it is
because most of our customers are business rather than domestic, I do not
know.
The point is, this isn't too difficult and there isn't too much
administrative overhead. However I agree with you that it isn't maybe the
best solution.
>The only *real* solution is to provide sufficient economic or legal
>disincentive (because that's the only thing people actually listen to) to
>stop spamming in the first place. Cleanup charges, laws that allow people
>to collect damages... that's what's going to make it go away. But in a
>world where ISPs routinely give out free trial accounts and certain large
>ISPs refuse as a matter of policy to even check credit card numbers to see
>if they belong to people who were previously kicked off for spamming,
>trying to do anything *real* about spam is almost a lost cause.
I agree. But it's difficult to put this kind of thing in place. It needs a
lot of co-operation between ISPs. I agree it needs to happen, but getting
there might be difficult. ;-)
--
Andy J. Smith ... <[EMAIL PROTECTED]> ... <http://www.strugglers.net/andy>
Mail to [EMAIL PROTECTED] for PGP Key, or check the key servers ......
KeyID: 0xBF15490B FP: 0E42 36CB 5295 1E14 5360 6622 2099 B64C BF15 490B
"The nice thing about Windows is: It doesn't just crash, it displays a
dialog box and lets you press 'OK' first."
-- Arno Schaefer
This and the next message will be the last I'll send to the list on this
topic, as I think we're getting away from qmail. I'll be happy to
continue discussion off-line, though. (Warning: I'm laggy about answering
e-mail quite frequently.)
Racer X <[EMAIL PROTECTED]> writes:
> "Administrative overhead" is not a valid point. Any ISP with more than
> a handful of accounts will have different types of accounts they sell.
> Static IP, ISDN, POP only, hourly rates vs. fixed rates... Adding a rate
> class for "relay permitted" is no more bother than any of these other
> accounts.
I'm not so certain adding a new type of account is that lightweight of an
operation, given the numerous different places in tracking databases that
such information may have to be maintained. But you certainly know more
about that than I do. It's *really* good to hear that Radius makes this a
lot easier from the technical side than I thought.
> Spam filtering may well result in the loss of legitimate email.
> Blocking outbound SMTP connections will not, as the mail will never be
> sent in the first place.
But blocking outbound SMTP connections doesn't seem to serve much purpose
unless you also do spam filtering, or am I missing something? Is there a
practical difference between letting customers spam directly and letting
customers spam through your mail relay apart from the utility of having a
choke point where you can track and cut them off?
> Let's keep these two techniques distinct. I am pretty opposed to doing
> any kind of filtering after a message is received, but I'm not so
> opposed to refusing connections or sending back an error code to
> mailservers I don't like.
I had assumed from your previous message about the reasons why you use a
relay machine rather than letting customers send mail directly that you
were doing some sort of spam prevention or backoff on that relay.
(Backoff may not lose legitimate mail, unless the person is trying to send
so much mail that it exceeds the queue period.)
> ISP's don't give out free accounts as a matter of policy; they do it
> because customers demand it. To be competitive in our marketplace, we
> HAVE to let customers give our basic service a trial before they commit
> to it.
Yeah, I understand that. I think it really, really sucks from an abuse
prevention perspective, though. More even than letting people play
whack-a-mole, it means that the obvious solution is to start maintaining
shared blacklists of customers and credit card numbers, a solution almost
worse than the disease from some perspectives.
> If you're purchasing service from us, that's an implicit assumption that
> we provide some sort of reliable service. Perhaps it's not guaranteed
> or insured, but you can assume that either your message will go through
> or that it will be returned to you with some sort of error code.
Well, I help run a moderate-volume mail system, and I'd be pretty leery of
saying that about any large mail system. In my experience, there are just
too many things that can go wrong that can cause the person to neither get
their mail sent nor get a response.
There are *many* ISPs who I would trust to provide reliable IP
connectivity but wouldn't want any data I cared about anywhere near their
servers. I know nothing about your business whatsoever, but I can't
believe that feeling's all that uncommon. Networking infrastructure is a
whole different ballgame than system infrastructure.
> If you DON'T trust us to handle mail correctly, then how do you trust us
> to handle your network connectivity correctly? I realize the two things
> are different, but if you trust us to give you an IP address when you
> want it then it seems you should trust us to send your mail for you.
This is the part I disagree with. The skills required in keeping a
network running are more and more divergent from the skills required in
keeping servers running. I'm an amateur network tech at best; I wouldn't
trust me to keep a large IP network working, but I do trust me to keep a
mail system running.
> If this isn't the case, you can lease a line from a backbone provider
> and do whatever you want. We make no bones about the fact that we are
> not a backbone.
Right, understood there. It's just that a lot of people do use dialup
providers as sort of a "miniature" backbone, for sometimes very good
reasons.
> "Less service" to whom? Because of the time we saved tracking down
> spam, we were able to bring up a chat server, which our research showed
> was much more in demand than being able to send outgoing email directly.
Less service to the people who want to send mail and can run their own
chatservers? :) (OOC, and feel free to answer this off-line or not
answer it at all, what chatserver did you use?)
> It's a trade-off, sure, but we've made more of our customers happy with
> the trade-off. I don't see how an ISP can operate any other way, and I
> don't see how it's providing less service.
Definition of trade-off. You're providing less service in one way to
provide more service in another.
I'm sorry to come across as picking on you. I'm really not. I'm being
cynical and grouchy more than anything else.
--
Russ Allbery ([EMAIL PROTECTED]) <URL:http://www.eyrie.org/~eagle/>
Racer X <[EMAIL PROTECTED]> writes:
> It is not a "net" reduction in service, because we've taken the time
> savings and put them back into either bringing up some other service or
> making some other service better. It is therefore a "net" increase in
> the level of service provided.
I think I can cede ground and agree with you here.
> Okay, well, we all KNOW that it's a shame to have to do this. It's a
> shame that we need passwords, and session limits, and idle timers,
> and... But the fact of the matter is that we NEED a lot of this stuff,
> and that the reasons WHY they suck really aren't relevant when compared
> to the reasons why we need them.
Except that the reasons why you need them are necessary and important
information when it comes to finding alternate solutions. Here's what I'm
specifically afraid of: This solution becoming the standard and then
everyone thinking there's no way ports can be unblocked, even after we end
up with some better solution for spam.
Little known fact: Usenet spam is dropping noticeably. Plus more widely
known facts: The number of open e-mail relays is dropping steadily, even
if it's still quite large. Vendors are shipping with relaying off by
default. New MTAs are pretty unanimous in their restriction of relaying.
We're actually winning this fight on a lot of different fronts, and I
really don't want to see necessary short-term measures become cast in
stone if the world successfully changes down the road.
> As such, I don't see your point in complaining if you aren't going to
> offer some other possible solution.
Fair enough.
> This is a trade-off, one that has benefitted us enormously while costing
> us relatively little. It is something we can pass on to our customers
> in the form of cost savings or additional services. If you can't call
> this a "feature," at least don't call it a "reduction in service."
It is a reduction in service, though. A given service, namely IP
connectivity on port 25, is no longer available. That's a reduction by
definition. Whether or not it's balanced by other expansions in service
doesn't change the fact that that specifically is a reduction.
--
Russ Allbery ([EMAIL PROTECTED]) <URL:http://www.eyrie.org/~eagle/>
Hi folks
Maybe this is out of topic. On sun with solaris 2.5.1 are running mail
server and web server, I got error msg, something like ' out of file descriptors,
too many open files'......
What I should do?, how I may to increase file descriptors?, if this is posible...
Any ideas......
Jozef
On Thu, Jan 21, 1999 at 02:25:16PM -0500, Jozef Gniadek wrote:
> Hi folks
> Maybe this is out of topic. On sun with solaris 2.5.1 are running mail
> server and web server, I got error msg, something like ' out of file descriptors,
> too many open files'......
> What I should do?, how I may to increase file descriptors?, if this is posible...
First, try starting qmail with the max # of file descriptors increased
from the default maximum of 64 that solaris sets. You can do this
with the ulimit builtin in most ksh-style shells, or with the limit
command in csh-like shells.
If that's not enough, find out what resources are available in the
/etc/system file under 2.5.1. In 2.6, to up the # of descriptors can
be upped by adding the following to /etc/system:
set rlim_fd_max=1024
set rlim_fd_cur=128
After you restart your system and tell it to relink your kernel, you
will have 1024 FD's available, and 128 per process. You can increase
this with ulimit afterwards.
-Peter
On Thu, 21 Jan 1999, Peter C. Norton wrote:
> On Thu, Jan 21, 1999 at 02:25:16PM -0500, Jozef Gniadek wrote:
> > Hi folks
> > Maybe this is out of topic. On sun with solaris 2.5.1 are running mail
> > server and web server, I got error msg, something like ' out of file descriptors,
> > too many open files'......
> > What I should do?, how I may to increase file descriptors?, if this is posible...
>
>
> First, try starting qmail with the max # of file descriptors increased
> from the default maximum of 64 that solaris sets. You can do this
> with the ulimit builtin in most ksh-style shells, or with the limit
> command in csh-like shells.
>
> If that's not enough, find out what resources are available in the
> /etc/system file under 2.5.1. In 2.6, to up the # of descriptors can
> be upped by adding the following to /etc/system:
I recall having this problem with Solaris 2.5. I had to add a ulimit
command to one of my rc files, because it had some kind of exceptionally
low default for file descriptors. Check man ulimit....
James Smallacombe Internet Access for The Delaware
[EMAIL PROTECTED] Valley in PA, NJ and DE
PlantageNet Internet Ltd. http://www.pil.net
=====================================================================
ISPF 2.0b, The Forum for ISPs by ISPs. San Diego, CA, March 8-10 '99
Three days of clues, news, and views from the industry's best and
brightest. http://www.ispf.com for information and registration.
=====================================================================
hi,
I sent few hundred emails, after few days I got almost all of them back
with the same error below :
Hi. This is the qmail-send program at .
I'm afraid I wasn't able to deliver your message to the following
addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<[EMAIL PROTECTED]>:
Connected to 207.217.120.121 but my name was rejected.
Remote host said: 501 HELO requires domain address
I'm not going to try again; this message has been in the queue too long.
My control/locals file is complete containing all my mail aliases,
canonical name and "localhost".
The control/me has the "true" name of my machine, even looking at the
message above, I see my hostname missing.
Her's is some output of qmail-showctl:
badmailfrom: (Default.) Any MAIL FROM is allowed.
bouncefrom: (Default.) Bounce user name is MAILER-DAEMON.
bouncehost: (Default.) Bounce host name is samplemania.easynet.fr.
concurrencylocal: (Default.) Local concurrency is 10.
concurrencyremote: (Default.) Remote concurrency is 20.
databytes: (Default.) SMTP DATA limit is 0 bytes.
defaultdomain: Default domain name is hispacioweb.net.
defaulthost: (Default.) Default host name is samplemania.easynet.fr.
doublebouncehost: (Default.) 2B recipient host: samplemania.easynet.fr.
doublebounceto: (Default.) 2B recipient user: postmaster.
envnoathost: (Default.) Presumed domain name is samplemania.easynet.fr.
helohost: (Default.) SMTP client HELO host name is
samplemania.easynet.fr.
idhost: (Default.) Message-ID host name is samplemania.easynet.fr.
localiphost: (Default.) Local IP address becomes samplemania.easynet.fr.
Sorry if it's stupid but :
what's happening?
Thanks for your help
Daniel
On Thu, 21 Jan 1999, Daniel Garcia wrote:
[snip]
> helohost: (Default.) SMTP client HELO host name is
> samplemania.easynet.fr.
>
Is this really on 2 lines in the output? Mine is on one. Check
control/me for an empty line at the top of the file. There should NOT be
one.
---------------------------------
Timothy L. Mayo mailto:[EMAIL PROTECTED]
Senior Systems Manager
localconnect(sm)
http://www.localconnect.net/
The National Business Network Inc. http://www.nb.net/
One Monroeville Center, Suite 850
Monroeville, PA 15146
(412) 810-8888 Phone
(412) 810-8886 Fax
On Thu, 21 Jan 1999, Daniel Garcia wrote:
> hi,
> I sent few hundred emails, after few days I got almost all of them back
> with the same error below :
>
>
>
> Hi. This is the qmail-send program at .
> I'm afraid I wasn't able to deliver your message to the following
> addresses.
> This is a permanent error; I've given up. Sorry it didn't work out.
>
> <[EMAIL PROTECTED]>:
> Connected to 207.217.120.121 but my name was rejected.
> Remote host said: 501 HELO requires domain address
> I'm not going to try again; this message has been in the queue too long.
>
well.. it may have been that that machine was sending an invalid 5xx
response to HELO (it's not doing that at the moment). since this invalid
qmail assumes the remote system is broken and will be fixed sometime in the
future, and will retry the message
Richard
I am having an odd problem routing a message to a pipe.
There is a file /var/qmail/alias/.qmail-eztest that contains:
|/home/arcamax/ezinesub
&[EMAIL PROTECTED]
The intent is to forward mail that ezinesub rejects to the specified user.
This works fine. There are actually several identical alias files for
different lists. However I was developing a new version of ezinesub and
created this .qmail-eztest to test it. Not wanting to interfere with
ongoing operations I changed the first line of this one file to
|/home/bryan/bin/ezinesub
The file ownership and permissions were identical to /home/arcamax/ezinesub.
My problem that mail to this alias just sits in the queue.
If I move the program to /home/arcamax/ezsubbeta and change the alias
accordingly, it works. I guess I can continue to do that but I would like
to understand why.
Any clues?
Bryan White
ArcaMax Inc.
Yorktown VA
www.arcamax.com
Bryan White writes:
> I am having an odd problem routing a message to a pipe.
>
> There is a file /var/qmail/alias/.qmail-eztest that contains:
> |/home/arcamax/ezinesub
> &[EMAIL PROTECTED]
>
> The intent is to forward mail that ezinesub rejects to the specified user.
> This works fine. There are actually several identical alias files for
> different lists. However I was developing a new version of ezinesub and
> created this .qmail-eztest to test it. Not wanting to interfere with
> ongoing operations I changed the first line of this one file to
> |/home/bryan/bin/ezinesub
> The file ownership and permissions were identical to /home/arcamax/ezinesub.
> My problem that mail to this alias just sits in the queue.
The obvious question being "What's in the log file"?
Check permissions on all the subdirectories.
--
-russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson
Crynwr supports Open Source(tm) Software| PGPok | There is good evidence
521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
> > I am having an odd problem routing a message to a pipe.
> >
> > There is a file /var/qmail/alias/.qmail-eztest that contains:
> > |/home/arcamax/ezinesub
> > &[EMAIL PROTECTED]
> >
> > The intent is to forward mail that ezinesub rejects to the specified
user.
> > This works fine. There are actually several identical alias files for
> > different lists. However I was developing a new version of ezinesub and
> > created this .qmail-eztest to test it. Not wanting to interfere with
> > ongoing operations I changed the first line of this one file to
> > |/home/bryan/bin/ezinesub
> > The file ownership and permissions were identical to
/home/arcamax/ezinesub.
> > My problem that mail to this alias just sits in the queue.
>
>The obvious question being "What's in the log file"?
>
>Check permissions on all the subdirectories.
Bingo! /home/bryan was 770 and thus 'alias' had no access. I should have
checked the log file in the first place. Sorry.
Bryan White writes:
> Bingo! /home/bryan was 770 and thus 'alias' had no access. I should have
> checked the log file in the first place. Sorry.
You gotta watch that if you're using qmail-getpw as well. qmail-getpw
is trusted about as far as qmail-lspawn can throw it (that is, not
very far), so it runs as qmailp. qmailp owns no files, so it can only
access what anybody can access. And if it can't access somebody's
home directory (e.g. a directory above a home directory is 770), it
presumes that they are not a valid target for email.
--
-russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson
Crynwr supports Open Source(tm) Software| PGPok | There is good evidence
521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
I have a question regarding the following message...To start, let me give
you some details, I have a box which runs OpenLinux 1.2 (Caldera) that has
qmail v1.03 installed, and is known to UUNET as a mail exchanger.
The other day, UUNET's DNS server(s) crapped out, so mail had a tough time
going no where, but i figured that if i just assigned the ip address of the
box, remote mail clients (Eudora, Outlook, etc) could go in and
send/receive mail).
Now, i don't think this is the proper way to handle this problem, since i
would have to re-work smtp and pop3 servers everytime UUNET's DNS goes
down. In addition, i got the following message back from qmail:
74 uid 7796
Jan 21 08:16:32 odie qmail: 916935392.464177 starting delivery 2868: msg
356439 to remote [EMAIL PROTECTED]
Jan 21 08:16:32 odie qmail: 916935392.464698 status: local 0/10 remote 1/20
Jan 21 08:16:32 odie qmail: 916935392.464698 status: local 0/10 remote 1/20
Jan 21 08:16:32 odie qmail: 916935392.751479 delivery 2868: failure:
Sorry._Although_I'm_listed_as_a_best-reference_MX_or_A_for_that_host,
/it_isn't_in_my_control/locals_file,_so_I_don't_treat_it_as_local._(#5.4.6)/
The IP address above is a real one (static), but can i get some suggestions
as to how to improve this situation (I am using tcpserver 0.84, btw to
process smtp and pop3d)
Any help or knowledge would be welcome...
-Bill
Has anyone had experience with qmail and the sending of large attachments
like Real Audio to mailing lists 500 or so recipients? Other than the
huge bandwidth suck am I likely to run into anything other than the
usual MUA confusion?
Some mailing list software gets really confused. How about ezmlm?
Thanks,
cfm
--
Christopher F. Miller, Publisher [EMAIL PROTECTED]
MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039
1.207.657.5078 (MTRF 3-5pm) http://www.maine.com/
I can't think of any reason why either ezmlm or qmail would get confused by
large outbound mails. Additionally, I've never seen any of them get confused
by large mails either.
Regards.
At 06:25 PM 1/21/99 -0500, [EMAIL PROTECTED] wrote:
>
>Has anyone had experience with qmail and the sending of large attachments
>like Real Audio to mailing lists 500 or so recipients? Other than the
>huge bandwidth suck am I likely to run into anything other than the
>usual MUA confusion?
>
>Some mailing list software gets really confused. How about ezmlm?
>
>Thanks,
>
>cfm
>
>--
>
>Christopher F. Miller, Publisher [EMAIL PROTECTED]
>MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039
>1.207.657.5078 (MTRF 3-5pm) http://www.maine.com/
>
>
[EMAIL PROTECTED] writes:
>
> Has anyone had experience with qmail and the sending of large attachments
> like Real Audio to mailing lists 500 or so recipients? Other than the
> huge bandwidth suck am I likely to run into anything other than the
> usual MUA confusion?
>
> Some mailing list software gets really confused. How about ezmlm?
Generally, as long as you feed all the addresses to a single qmail-inject,
a bandwidth suck is all you should expect.
Hi All..
I have a question about the SINGLE-UID-HOWTO.TXT file.. if anyone has read' it..
I can get QMAIL-POP3D to authenticate the 'Virtual POP3 account' with no problems...
but my only problem is when u try to email this 'virtual account'.. qmail-smtpd
rejects it with the error 'no mailbox here by that name'.
Any suggestions why QMAIL doesnt check to see if i have virtual domains ??
Thanks..
Regards,
Gonzalo
At 22:45 22/01/99 +1100, Gonzalo S. wrote:
>I have a question about the SINGLE-UID-HOWTO.TXT file.. if anyone has
read' it..
>
>I can get QMAIL-POP3D to authenticate the 'Virtual POP3 account' with no
>problems... but my only problem is when u try to email this 'virtual
account'.. >qmail-smtpd rejects it with the error 'no mailbox here by that
name'.
Make sure that the file user/assign has been processed into a cdb. You need
to run bin/qmail-newu to create (or update) the cdb.
I'm running that setup here at the moment (moving to something slightly
different soon enuff, but that's another story), and it works fine.
Stuart Young - [EMAIL PROTECTED] - [EMAIL PROTECTED]
(aka Cefiar) - http://amarok.glasswings.com.au/
[All opinions expressed in the above message are my]
[own and not necessarily the views of my employer..]
Hi there. I recently cut over from sendmail to qmail and have been
very pleased with the results so far. We seem to only have on problem:
We're getting complaints from customers (so far using only eudora) that
they'll start to download their messages (as little as 5, as many as 200)
and the session will fail with an "Ack!! Child Crashed" message 3 or 4
times before they can get their mail.
I put the poplogger script in the mix, but it doesn't tell me much that's
of any use:
916956264.864208 username: started with: 28 + 1
916956464.729901 username: started with: 28 + 1
916956593.752613 username: started with: 28 + 1
916956624.711091 username: started with: 28 + 1
916956640.591945 username: ended with: 0 + 1
I get nothing else logged. Has anyone run into this before? Any ideas
would be greatly appreciated.
>>On Mon, 18 Jan 1999, Niels Jensen wrote:
>>
>> So, some of my control files are:
>>
> me: f64.work.com
>> locals: f64.work.com (to define local addresses)
>> defaultdomain: work.com
>> defaulthost: sonic.net (my ISP)
>> plusdomain: work.com
>> smtproutes: :mail.sonic.net
>>
>> If I send mail to myself using the local-local test from TEST.deliver,
>> the mail is delivered remotely to the sonic mailserver, because sonic.net
>> is added to my username. How do I get qmail to stop doing this?
>
>That's because your defaulthost is sonic.net. When qmail-inject sends
>an email to an address without a host, it adds the default host (see
>qmail-inject manpage).
>
>Change it to f64.work.com.
If I do this, then when I mail stuff remotely through my ISP's
mailserver, the return address for me is my work address, which I
do not want. Somehow I have to make qmail change my address to
[EMAIL PROTECTED] whenever mail is sent rmotely, and keep it to
nielsj, or [EMAIL PROTECTED] when mail is sent locally.
Thanks,
Niels Jensen
Niels Jensen writes:
> If I do this, then when I mail stuff remotely through my ISP's
> mailserver, the return address for me is my work address, which I
> do not want. Somehow I have to make qmail change my address to
> [EMAIL PROTECTED] whenever mail is sent rmotely, and keep it to
> nielsj, or [EMAIL PROTECTED] when mail is sent locally.
What if the same message is addressed to both a local and a remote address?
What should be the return address then?
Frankly, these kind of features are really your MUA's job, not the MTA's.
Have your mail software generate the correct return address.
Niels Jensen writes:
> If I do this, then when I mail stuff remotely through my ISP's
> mailserver, the return address for me is my work address, which I
> do not want. Somehow I have to make qmail change my address to
> [EMAIL PROTECTED] whenever mail is sent rmotely, and keep it to
> nielsj, or [EMAIL PROTECTED] when mail is sent locally.
virtualdomains to the rescue!
echo '|forward $DEFAULT' >~alias/.qmail-foobar-default
echo '[EMAIL PROTECTED]:alias-foobar' >>/var/qmail/control/virtualdomains
(repeat this step for any other local users.)
--
-russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson
Crynwr supports Open Source(tm) Software| PGPok | There is good evidence
521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
Hello all,
We're putting together a new box to handle mail.. thought I would pick your
brains a little for advice. Hopefully someone has done this already.
We are planning on using 4x9gig Cheetahs in a RAID 0+1 configuration..
Currently we are looking at two RAID-RAID controllers.
1) Mylex 2 CHANNEL RAID W-U SCSI DACSXI
2) CMD CRD-5440 or CRD-5500's
Few questions.. can anyone recommend one of the above controllers over the
other? If so, for what reasons. Does the RAID 0+1 seem like the way to go?
Or should we go with something like RAID 5?
The reason we aren't going with something like the DPT controllers is that
you have to boot to DOS to fix a failure... which isn't good imho. Any other
controller/setup recommendations are welcome..
TIA,
Jason
---
Robert J. Adams [EMAIL PROTECTED] http://www.siscom.net
Looking to outsource news? http://www.newshosting.com
SISCOM Network Administration - President, SISCOM Inc.
Phone: 888-4-SISCOM 937-222-8150 FAX: 937-222-8153
On Thu, Jan 07, 1999 at 11:34:40PM -0600, Aijaz A. Ansari wrote:
...
> However, I cannot send mail from within MSOE to domain names that I do
> not host (specifically anyone at interaccess.com). I get the common
> `sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)'
...
>
> My questions are:
> 1) To do this, do I have to know in advance what the IP addresses for
> which I want to allow relaying are?
...
I got this to work.
To all of you who responded to me and helped me out, thanks.
The rest of this email is a description of how I got this to work (for
others who might have the same questions) as well as a question about
logging with qmail-pop3d.
1) Read David Harris' page on smtp-poplock (at
http://www.davideous.com/smtp-poplock/ ).
2) Download and install smtp-poplock.tar.gz.
3) There is a typo in the README file in the smtp-poplock
distribution:
The lines that contain the inetd.conf configuration have a typo:
the path should start with '/usr/src/smtp-poplock/' and not
'/usr/src/smtp-poploc/'. At two in the morning, it's easy to miss
that one :).
4) For some reason, I couldn't get qmail-pop3d to create log entries
in any of the log files in /var/logs. I wanted to use qmail-pop3d
so that I could use Maildir, but after trying in vain for a couple
of hours to find log entries upon succesful pop authorization, I
decided to use the copy of in.pop3d I had that went to ~/Mailbox.
QUESTION: If anyone knows how to generate log entries when
qmail-pop3d is being used, please let me know; I'd feel much more
comfortable using that instead of in.pop3d.
The in.pop3d I use generates log entries in /var/log/secure
5) Because the entries were logged to secure, I changed the entry in
/etc/syslog.conf from what Harris recommended to:
authpriv.* |/var/log/maillog-fifo
6) Due to the nature of the log files I had to change the 'next
unless' lines in /usr/src/smtp-poplock/readlog to:
next unless /in.pop3d/;
next unless /(\d+\.\d+.\d+.\d+)/;
7) Finally (and this took me FOREVER to figure out), the lines in
/usr/src/smtp-poplock/README that are supposed to go into
inetd.conf just didn't work for me; the relaylock program was never
being invoked. I'm running RedHat 5.2 and not RedHat 5.1, on which
Harris had tested this.
Through trial and error I realized that I had to insert tcpd as the
first program in the list of programs that get executed. So now,
my smtp line in inetd.conf looks like: [on one line]
smtp stream tcp nowait qmaild /usr/sbin/tcpd /var/qmail/bin/tcp-env
/usr/src/smtp-poplock/relaylock /var/qmail/bin/qmail-smtpd
I feel I learned a lot through this entire endeavor, and although I'm
no expert, I don't see why this kind of solution would not work for
Linux distributions other than Redhat. The main step is to find a
pop3 daemon that enters log entries upon successful authorization.
Again, I'd like to thank everyone who responded and also David Harris.
Sincerely,
Aijaz Ansari.
I'm interested in installing Russ's qmail-popbull.patch but my knowledge of
c is about limited to "make install". The only information given on the
site is a link to the file itself so could someone tell me what to do with
it?
Regards,
--Steve
I'm not sure what the patch is -- i've never used/researched it, but it's
probaby just that, a patch :)
You need to man the 'patch' program, it's a diff and probably changes some
of the default code for a qmail-1.0X (make sure you use the proper version
the patch was designed for)
man patch should answer all your questions.
On Fri, 22 Jan 1999, Steve Vertigan wrote:
-| I'm interested in installing Russ's qmail-popbull.patch but my knowledge of
-| c is about limited to "make install". The only information given on the
-| site is a link to the file itself so could someone tell me what to do with
-| it?
-|
-| Regards,
-| --Steve
-|
-|
_ __ _____ __ _________
______________ /_______ ___ ____ /______ John Gonzalez/Net.Tech
__ __ \ __ \ __/_ __ `__ \/ __ /_ ___/ MDC Computers/netMDC!
_ / / / `__/ /_ / / / / / / /_/ / / /__ (505)437-7600/fax-437-3052
/_/ /_/\___/\__/ /_/ /_/ /_/\__,_/ \___/ http://www.netmdc.com
[---------------------------------------------[system info]-----------]
12:25am up 103 days, 4:04, 3 users, load average: 0.06, 0.06, 0.07
Craig Burley writes:
> It hadn't occurred to me to look for the phrase "envelope sender address"
> or recognize that (when re-skimming the page) as meaning "Return-Path",
> as I haven't memorized all the email terminology yet.
The new-inject documentation is more straightforward. You could solve
your problem with new-inject by putting
=deer.jcb-sc.com:jcb-sc.com
into control/rewrite.
---Dan
Steve Vertigan writes:
> I think he's more interested suing the bastards rather than jumping
> through hoops trying to delete their mail.
Especially if suing them turns out to make money. :-)
Send a message to [EMAIL PROTECTED] if you're
interested in helping out.
---Dan
Clients are allowed to take any amount of time as long as they aren't
idle. The qmail-pop3d timeout is for each packet of data.
R Aldridge writes:
> # strace -p 20490
> oldselect(2, NULL, [1], NULL, {236, 460000} <unfinished ...>
Evidently qmail-pop3d is waiting for buffer space to write data. If you
wait long enough you will see either a timeout or a successful write.
---Dan
Dave Sill writes:
> But does it support it on the client side?
maildirsmtp supports PIPELINING.
For general-purpose clients, the costs of EHLO are more severe, and the
benefits of PIPELINING are much smaller.
---Dan
Russell Nelson writes:
> Okay, VERP has solved the bounce problem. Now we need VERB (Variable
> Envelope Recipient in Body) to solve the unsubscribe problem.
No. Solving the unsubscribe problem means putting a reliable
``unsubscribe'' feature into MUAs. This doesn't require per-recipient
customizations; the MUA can simply save the subscription confirmation
under the appropriate list ID.
---Dan
Andrew Richards writes:
> - How long would it take to rebuild a file for, say, 100000 users
> on a powerful machine (say good Sun or dual-Pentium)?
Roughly 5 seconds. Try it and see for yourself.
> - Is Qmail tied to using cdb as its mailbox-lookup mechanism,
> or could a back-end database be used, to accept new users
> on the fly without having to rebuild a 'static' database periodically?
You can run any program you want from ~alias/.qmail-default.
---Dan
