qmail Digest 1 Mar 1999 11:00:00 -0000 Issue 566

Topics (messages 22533 through 22546):

qmail-verh-0.01.tar.gz (idiot-proof unsubscribe)
        22533 by: "Fred Lindberg" <[EMAIL PROTECTED]>

checkpoppasswd permissions problems
        22534 by: Paul Gregg <[EMAIL PROTECTED]>

vacation (yet again!)
        22535 by: "Peter Samuel" <[EMAIL PROTECTED]>
        22537 by: "Peter Samuel" <[EMAIL PROTECTED]>

qmail-pop3d problems
        22536 by: Glenn <[EMAIL PROTECTED]>

beOS
        22538 by: xs <[EMAIL PROTECTED]>
        22539 by: Ludwig Pummer <[EMAIL PROTECTED]>
        22546 by: Vince Vielhaber <[EMAIL PROTECTED]>

wildcarded users in virtualdomains?
        22540 by: "Chris Garrigues" <[EMAIL PROTECTED]>
        22542 by: "Chris Garrigues" <[EMAIL PROTECTED]>

queue summary
        22541 by: "Peter Samuel" <[EMAIL PROTECTED]>

Spawn limit
        22543 by: Balazs Nagy <[EMAIL PROTECTED]>

Next MX never used when best MX says 520
        22544 by: Mads E Eilertsen <[EMAIL PROTECTED]>
        22545 by: Harald Hanche-Olsen <[EMAIL PROTECTED]>

Administrivia:

To subscribe to the digest, e-mail:
        [EMAIL PROTECTED]

To unsubscribe from the digest, e-mail:
        [EMAIL PROTECTED]

To bug my human owner, e-mail:
        [EMAIL PROTECTED]

To post to the list, e-mail:
        [EMAIL PROTECTED]


----------------------------------------------------------------------


ftp://ftp.id.wustl.edu/pub/patches/qmail-verh-0.01.tar.gz

6f6a3cfaf7514790f8e63cd08d38c124  qmail-verh-0.01.tar.gz

This package contains two patches for qmail-1.03 + docs. The first
patch causes qmail-remote to replace '##L' with the recipient local
address and `##H' with the recipient host address. This can be used to
construct rfc2369 List-Unsubscribe etc headers that will always have
the correct subscription address. The second patch causes qmail-local
to
do a similar substitution. In this case, a VERP SENDER (ad modum ezmlm)
is required. This works for all delivery modes except program delivery.
See README in the package for more info.

To see what it looks like, subscribe to the [EMAIL PROTECTED] sublist
and look at the posts. You'll find a

List-unsubscribe: <mailto:[EMAIL PROTECTED]>
header.

Same for the daily [EMAIL PROTECTED]

Thanks to Fred Ringel for testing, and others for inspiring.

-Sincerely, Fred

(Frederik Lindberg, Infectious Diseases, WashU, St. Louis, MO, USA)






Sorry - I just saw this by searching the newsgroup for my name....

In article <[EMAIL PROTECTED]> you wrote:
> This is really directed more toward Paul Gregg <[EMAIL PROTECTED]>, but I
> thought the whole list might get some benefit from my mistakes.

> I'm using your checkpoppasswd program derived from the checkpasswd of
> Jedi/Sector One. I've modified it by putting more intuitive messages into
> the syslog messages and got it working, authenticating users at one point,
> but now it's failing with the log message "Couldn't setgid (888)." I'm
> running qmail-pop3d.init with the uid and gid of the qmaild user (81 and 80
> respectively. It was originally root, but I thought that might be a security
> hazard and changed it to the same uid/gid of the other qmail servers. Is
> there a valid reason for having qmail-pop3d run as root? Is it because
> qmail-pop3d has to be able to delete files owned by others? I put qmaild into
> the popuser group (888) but it still failed at the same point.

> Anyone, please advise.

Looks like there is a bit of a mix up here...

You would normally run qmail-popup as root, which would then run checkpoppasswd
as root.
chechpoppasswd checks your password against the poppasswd file and ascertains
the userid and gid of the user which has just logged in.  checkpoppasswd
then sets the uid/gid of itself to that user.  In my single uid system the
uid/gid is always 888/888 (but the numbers are really up to you).
checkpopasswd then sets USER, HOME and SHELL and runs qmail-pop3d under the
uid of the logged in user.

Because the single UID system should always run as uid 888 then you can
happily run qmail-popup via tcpserver with -u888 -g888 if you wish.

I don't because there's no need to.

Paul.




On Fri, 26 Feb 1999, Samuel Dries-Daffner wrote:

> 
> I tried the process below and gathered lots of env files. The first few
> times I did the mail from Outlook it actually worked, but thereafter it
> wouldn't. Also I tried from pine and it worked, every single time!!
> 
> There are differences, as you point out in the ella.mills.edu and
> mills.edu, but these are resolved by local DNS...mail to and from both
> test acct and me, ( and everyone! ) resolves when using ella.mills.edu or
> mills.edu. I am inculding a few env's for your review. Thanks for your
> help!

What does the qmail log say about the failures?

Regards
Peter
----------
Peter Samuel                                [EMAIL PROTECTED]
Technical Consultant                        or at present:
Uniq Professional Services,                 [EMAIL PROTECTED]
a division of X-Direct Pty Ltd
Phone: +61 2 9206 3410                      Fax: +61 2 9281 1301

"If you kill all your unhappy customers, you'll only have happy ones left"





On Sat, 27 Feb 1999 [EMAIL PROTECTED] wrote:

> On Fri, 26 Feb 1999, Peter Samuel wrote:
> 
> >     | env | sort -f > /var/tmp/env.$$
> 
> Of course, you should sit down and ponder the risks for several minutes
> before using this command. If you are on a real multiuser system, you
> should better put the output into a private directory.

Agreed.

Regards
Peter
----------
Peter Samuel                                [EMAIL PROTECTED]
Technical Consultant                        or at present:
Uniq Professional Services,                 [EMAIL PROTECTED]
a division of X-Direct Pty Ltd
Phone: +61 2 9206 3410                      Fax: +61 2 9281 1301

"If you kill all your unhappy customers, you'll only have happy ones left"





Your username is case sensitive in POP.
Telling Netscape: [EMAIL PROTECTED] is different
than telling it [EMAIL PROTECTED], even though
both point to the same email address.

-Glenn
<[EMAIL PROTECTED]>

On Fri, 26 Feb 1999, Niklas Alberth wrote:

> I decided to try qmail-pop3d, but can't get it to work. 
> 
> I'm using Mate Wierdls src.rpm packages for qmail and starts pop3d from his
> init script.
> I've created a qmail-pop3d.cdb in /etc/tcprules.d with 10.0.0.:allow in it.
> (my network at home).
> 
> When I try to access my mail via a pop client (Netscape) I get an errorr
> message: authorization failed, type new password. And I'm sure that I've
> typed the right password. 
> 
> qmail is running on Redhat linux 2.2.1
> 
> --Niklas
> 
> 






hey all, just thought i'd throw this quick blurb in here

(22:38:06)(root@blade)(~)# telnet mail.be.com 25 
Trying 208.243.144.2...
Connected to be.be.com.
Escape character is '^]'.
220 mail.be.com ESMTP
help
214 qmail home page: http://pobox.com/~djb/qmail.html
quit
221 mail.be.com
Connection closed by foreign host.


Looks like they're qmail users. Horay!


end 
\\ Greg Albrecht    ([EMAIL PROTECTED])    \\
 \\ Safari Internet (www.safari.net)    \\
  \\ 1-888-537-9550 ([EMAIL PROTECTED]) \\





At 07:36 PM 2/28/99 , xs wrote:
...
>220 mail.be.com ESMTP
>help
...
>214 qmail home page: http://pobox.com/~djb/qmail.html
>
>Looks like they're qmail users. Horay!

Anyone tried compiling qmail on BeOS? It's supposed to be POSIX compliant...

--Ludwig Pummer ( [EMAIL PROTECTED] ) ICQ UIN: 692441




On Sun, 28 Feb 1999, Ludwig Pummer wrote:

> At 07:36 PM 2/28/99 , xs wrote:
> ...
> >220 mail.be.com ESMTP
> >help
> ...
> >214 qmail home page: http://pobox.com/~djb/qmail.html
> >
> >Looks like they're qmail users. Horay!
> 
> Anyone tried compiling qmail on BeOS? It's supposed to be POSIX compliant...

Dunno, but that mail machine's running *BSD.

Vince.
-- 
==========================================================================
Vince Vielhaber -- KA8CSH   email: [EMAIL PROTECTED]   flame-mail: /dev/null
       # include <std/disclaimers.h>                   TEAM-OS2
        Online Campground Directory    http://www.camping-usa.com
       Online Giftshop Superstore    http://www.cloudninegifts.com
==========================================================================







I'm in the midst of a problem and I can't figure out how to have qmail help me 
out of it.

I now have two mail systems in deepeddy.com: highdive.deepeddy.com is 
co-located somewhere with real connectivity; backstroke.deepeddy.com is my 
system here at home.  I've got some mailing lists on deepend, but most mail 
into the domain is for me on backstroke.  I set things up so that the MX 
records would all point at highdive and installed .qmail and .qmail-default 
files in my directory there which forward my mail to backstroke.

There's a minor annoyance in that when I send mail to 
[EMAIL PROTECTED] it gets bounced via the other system.  This 
minor annoyance just became a major annoyance because highdive is down.  (It's 
a free co-location in another city.)  This means no mail to deepeddy.com is 
working at all since it all points at the down system.  It would be real nice 
if mail to me here would work.

So, this is what I tried to do:

~alias/.qmail-makeitlocal:

        | qmail-inject -f "$SENDER" -- "$[EMAIL PROTECTED]"

/var/qmail/control/virtualdomains:

        [EMAIL PROTECTED]:makeitlocal
        [EMAIL PROTECTED]:makeitlocal

and then fix the DNS to allow mail to get delivered to backstroke as well as 
the now down highdive.

[EMAIL PROTECTED] does the right thing as do things like 
[EMAIL PROTECTED], but it's annoying to have to create so many of these, 
and it can't possibly catch dynamically generated addresses (like this one has 
on it....you'd better either change the host to backstroke.deepeddy.com or 
change the user to cwg-qmail if you expect me to see your reply).

So, how can I get my mail unwedged between now and when I get the highdive 
fixed?

Chris

-- 
Chris Garrigues                 Deep Eddy Internet Consulting
+1 512 432 4046                 609 Deep Eddy Avenue                    O-
http://www.DeepEddy.Com/~cwg/   Austin, TX  78703-4513

  My email address is an experiment in SPAM elimination.  For an
  explanation of what we're doing, see http://www.DeepEddy.Com/tms.html 

    Nobody ever got fired for buying Microsoft,
      but they could get fired for relying on Microsoft.


PGP signature





> From:  Chris Garrigues <[EMAIL PROTECTED]>
> Date:  Mon, 01 Mar 1999 00:29:49 -0600
>
> I'm in the midst of a problem and I can't figure out how to have qmail help
>  me 
> out of it.
> 
> I now have two mail systems in deepeddy.com: highdive.deepeddy.com is 
> co-located somewhere with real connectivity; backstroke.deepeddy.com is my 
> system here at home.  I've got some mailing lists on deepend, but most mail
>  
> into the domain is for me on backstroke.  I set things up so that the MX 
> records would all point at highdive and installed .qmail and .qmail-default
>  
> files in my directory there which forward my mail to backstroke.
> 
> There's a minor annoyance in that when I send mail to 
> [EMAIL PROTECTED] it gets bounced via the other system.  Th
> is 
> minor annoyance just became a major annoyance because highdive is down.  (I
> t's 
> a free co-location in another city.)  This means no mail to deepeddy.com is
>  
> working at all since it all points at the down system.  It would be real ni
> ce 
> if mail to me here would work.
> 
> So, this is what I tried to do:
> 
> ~alias/.qmail-makeitlocal:
> 
>       | qmail-inject -f "$SENDER" -- "$[EMAIL PROTECTED]"
> 
> /var/qmail/control/virtualdomains:
> 
>       [EMAIL PROTECTED]:makeitlocal
>       [EMAIL PROTECTED]:makeitlocal
> 
> and then fix the DNS to allow mail to get delivered to backstroke as well a
> s 
> the now down highdive.
> 
> [EMAIL PROTECTED] does the right thing as do things like 
> [EMAIL PROTECTED], but it's annoying to have to create so many of thes
> e, 
> and it can't possibly catch dynamically generated addresses (like this one 
> has 
> on it....you'd better either change the host to backstroke.deepeddy.com or 
> change the user to cwg-qmail if you expect me to see your reply).
> 
> So, how can I get my mail unwedged between now and when I get the highdive 
> fixed?

Never mind.  I was clearly making things much to complicated.  Solved the 
problem...now I just need the DNS to propagate.

Chris

-- 
Chris Garrigues                 Deep Eddy Internet Consulting
+1 512 432 4046                 609 Deep Eddy Avenue                    O-
http://www.DeepEddy.Com/~cwg/   Austin, TX  78703-4513

  My email address is an experiment in SPAM elimination.  For an
  explanation of what we're doing, see http://www.DeepEddy.Com/tms.html 

    Nobody ever got fired for buying Microsoft,
      but they could get fired for relying on Microsoft.


PGP signature





On Mon, 1 Mar 1999, Anand Buddhdev wrote:

> On Fri, Feb 26, 1999 at 12:47:33PM +1100, Peter Samuel wrote:
> 
> Hello Peter. I have one more suggestion for your program. It expects to
> read the queue by opening a pipe to /var/qmail/bin/qmail-qread. On my
> system I have qmail installed in /usr/local/qmail, so I had to change that
> setting by hand. Perhaps you can make the location of qmail-qread a variable,
> so that in case your script grows, it will not require too many changes.

Eventually these will be Makefile variables - set it once and all of
the programs will know where to find qmail binaries.

> 
> Your script is nice and useful. I'd also like to see your other scripts,
> ie. qstatus.

Follows:

Regards
Peter
----------
Peter Samuel                                [EMAIL PROTECTED]
Technical Consultant                        or at present:
Uniq Professional Services,                 [EMAIL PROTECTED]
a division of X-Direct Pty Ltd
Phone: +61 2 9206 3410                      Fax: +61 2 9281 1301

"If you kill all your unhappy customers, you'll only have happy ones left"

###########################################################################
#!/usr/local/bin/perl -w

use strict;

die("Only the superuser can run this program\n") if $>;

$| = 1;

my $one_shot = 0;
my $queued;
my $unprocessed;
my $locals;
my $remotes;
my $remoteprocs;
my $localprocs;
my $tcpto;
my $loadavg;
my $concurrencylocal;
my $concurrencyremote;

$one_shot = scalar @ARGV;

print << "EOF";
          queue             recipients      processes      tcpto     load
  processed/unprocessed    local/remote    local/remote      ips      avg
EOF

my $count = 0;
my @dial = ("|", "/", "-", "\\");

while (1)
{
    $concurrencylocal = &getconcurrencylocal;
    $concurrencyremote = &getconcurrencyremote;

    &getstats;

    if ($one_shot)
    {
        print "\n";
        exit(0);
    }

    sleep(10);
}

sub getstats
{
    my($sig) = @_;

    $unprocessed = 0;
    $locals = 0;
    $remotes = 0;
    $remoteprocs = 0;
    $localprocs = 0;
    $tcpto = 0;

    ++$count;

    &qstat;
    &qread;
    &processes;
    &tcpto;
    &uptime;

    printf("%s %9d %11d    %5d %6d    %2d/%-2d  %2d/%-2d    %5d    %5.2f\r",
        $dial[$count % 4],
        $queued,
        $unprocessed,
        $locals,
        $remotes,
        $localprocs,
        $concurrencylocal,
        $remoteprocs,
        $concurrencyremote,
        $tcpto,
        $loadavg
    );
}

sub processes
{
    open(PS, "ps -ef 2>/dev/null |");

    while(<PS>)
    {
        ++$remoteprocs if (/qmail-remote/);
        ++$localprocs if (/qmail-local/);
    }

    close(PS);
}

sub qread
{
    my @f;

    open(QREAD, "/var/qmail/bin/qmail-qread 2>/dev/null |");

    while(<QREAD>)
    {
        chomp;
        @f = split(' ');
        ++$remotes if ($f[0] eq "remote");
        ++$locals if ($f[0] eq "local");
    }

    close(QREAD);
}

sub qstat
{
    my @f;

    open(QSTAT, "/var/qmail/bin/qmail-qstat 2>/dev/null |");

    while(<QSTAT>)
    {
        chomp;
        @f = split(' ');

        $queued = $f[3] if (/queue:/);
        $unprocessed = $f[7] if (/not yet/);
    }

    close(QSTAT);
}

sub tcpto
{
    open(TCPTO, "/var/qmail/bin/qmail-tcpto 2>/dev/null |");

    while(<TCPTO>)
    {
        chomp;
        ++$tcpto;
    }

    close(TCPTO);
}

sub uptime
{
    my @f;

    open(UPTIME, "uptime 2>/dev/null |");

    while(<UPTIME>)
    {
        chomp;
        s/\s//g;
        @f = split(/,/);
        @f = split(/:/, $f[3]);
        $loadavg = $f[1];
    }
}

sub getconcurrencylocal
{
    my $file = "/var/qmail/control/concurrencylocal";
    my $default = 10;
    my $value;

    if (
        -e $file
        &&
        -f $file
        &&
        -r $file
       )
    {
        open(LOCAL, "$file");

        while (<LOCAL>)
        {
            chomp;
            $value = $_;
        }

        close(LOCAL);

        return $value if ($value =~ /^\d+$/);
        return $default;
    }
    else
    {
        return $default;
    }
}

sub getconcurrencyremote
{
    my $file = "/var/qmail/control/concurrencyremote";
    my $default = 20;
    my $value;

    if (
        -e $file
        &&
        -f $file
        &&
        -r $file
       )
    {
        open(LOCAL, "$file");

        while (<LOCAL>)
        {
            chomp;
            $value = $_;
        }

        close(LOCAL);

        return $value if ($value =~ /^\d+$/);
        return $default;
    }
    else
    {
        return $default;
    }
}





Hiyas,

Why the spawn limit is hardcoded to 255?  Gives this some performance lost? 
Or this is just for lower load?  I hope not the second one.

Regards: Kevin (Balazs)
-- 
#!/usr/bin/perl -export-a-crypto-system-sig -http://dcs.ex.ac.uk/~aba/rsa
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`






I can't get mail delivered to a specific domain.  The messages just
stay in the queue.

DNS says
  domain    MX   0  host1
  domain    MX   10 host2

host1 says
  520 Connection not authorised from this address.

qmail connects to host1 and says
  deferral: Connected_to_N.N.N.N_but_greeting_failed./... 

qmail seemingly never tries host2.

The administrators of domain says
  - this setup is intentional (sort of firewall/spam control)
  - why isn't your mailer using the second-best MX?
  - others have reported this too.  They use qmail too.

What's wrong here?  The error code?  qmail?

Mads





- Mads E Eilertsen <[EMAIL PROTECTED]>:

| I can't get mail delivered to a specific domain.  The messages just
| stay in the queue.
| 
| DNS says
|   domain    MX   0  host1
|   domain    MX   10 host2
| 
| host1 says
|   520 Connection not authorised from this address.
| 
| qmail connects to host1 and says
|   deferral: Connected_to_N.N.N.N_but_greeting_failed./... 
| 
| qmail seemingly never tries host2.
| 
| The administrators of domain says
|   - this setup is intentional (sort of firewall/spam control)
|   - why isn't your mailer using the second-best MX?
|   - others have reported this too.  They use qmail too.
| 
| What's wrong here?  The error code?  qmail?

I would say that error code is an abuse of the domain naming system.
According to RFC 974, senders are only required to try the
lowest-preference MX(s) before giving up.  Thus, a domain that expects
to be able to reliably receive mail, *must* have its lowest priority
MX set up to accept mail most of the time.

Instead of abusing the DNS MX records as they do, this domain should
set up explicit routes from their MX hosts to the final destination
without involving the DNS in this.

The qmail strategy is to only go on beyond the primary MX(s) if
connection to its (or their) SMTP port fails.  This is not a violation
of any RFC as far as I know, though the wisdom of this approach is a
bit controversial.

- Harald


Reply via email to