qmail Digest 29 Mar 1999 11:00:01 -0000 Issue 594
Topics (messages 23572 through 23590):
serialmail/qmail workaround needed
23572 by: [EMAIL PROTECTED] ()
MTA level rfc822 syntax checking?
23573 by: "Fred Lindberg" <[EMAIL PROTECTED]>
23577 by: "Sam" <[EMAIL PROTECTED]>
23579 by: Russ Allbery <[EMAIL PROTECTED]>
FW: GET ME OFF THIS DAMN LIST
23574 by: "Fred Lindberg" <[EMAIL PROTECTED]>
Virus-check for incoming mails with qmail
23575 by: Sascha Ottolski <[EMAIL PROTECTED]>
23576 by: Sascha Ottolski <[EMAIL PROTECTED]>
23578 by: Sascha Ottolski <[EMAIL PROTECTED]>
23587 by: "Frank Tegtmeyer" <[EMAIL PROTECTED]>
23588 by: "Alex Shipp" <[EMAIL PROTECTED]>
23589 by: John Conover <[EMAIL PROTECTED]>
poor documentation example
23580 by: Jay Soffian <[EMAIL PROTECTED]>
Shadow Passwords
23581 by: Kevin Waterson <[EMAIL PROTECTED]>
23582 by: Chris Johnson <[EMAIL PROTECTED]>
23584 by: "Eric Dahnke"<[EMAIL PROTECTED]>
Melissa Virus
23583 by: Justin Alcorn <[EMAIL PROTECTED]>
Qmail is losing (hiding?) remote mail
23585 by: [EMAIL PROTECTED] (Mike Glover)
23586 by: "Sam" <[EMAIL PROTECTED]>
Simple question!
23590 by: "Nguyen Dang Phuoc Dong" <[EMAIL PROTECTED]>
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To bug my human owner, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
Eric Dahnke ([EMAIL PROTECTED]) wrote: : Hello List, : I've got a dialup client with a qmail/fetchmail/serialmail instalation : acting as their mailgateway. The client wants to restrict some of the : accounts to internal mail use only. : Question is, how can I keep such restricted users' messages from ending : up in serialmail's outgoing pppdir? : (obviously, the restricted user would never receive any external : messages, but he or she would be able to send to any external address : they like, no?) The solution I implemented for a client was to permit all outgoing mail, but restrict incoming mail to only those privileged. It's pretty hard to know the credentials of the person relaying out. SMTP does not provide a way. If you still want to restrict outgoing, if you know their IP addresses, you can block these (unset RELAYCLIENT or firewall them). But it's trivial for a Windoze user to change his PC's IP. -harold
On Fri, 26 Mar 1999 17:10:41 GMT, Sam wrote: >Yes. Spam filtering. I think that this is an excellent idea, and I have >implemented it myself, although my RFC822 checking is probably not as >strict as this particular instance. What I didn't like is that the MTA becomes the strictest enforcer of "content", and that "SPAM filtering" rejects not SPAM but messages that it [the author of the SPAM filter] thinks are syntactically incorrect. For instance, looking for characters with bit 8 set must be _the_ anti-SPAM measure with the lowest sensitivity and specificity. It does work reasonably as a filter against Swedish E-mail, though (sensitivity 5%, specificity bad). -Sincerely, Fred (Frederik Lindberg, Infectious Diseases, WashU, St. Louis, MO, USA)
On Sun, 28 Mar 1999, Fred Lindberg wrote: > What I didn't like is that the MTA becomes the strictest enforcer of > "content", and that "SPAM filtering" rejects not SPAM but messages that > it [the author of the SPAM filter] thinks are syntactically incorrect. > For instance, looking for characters with bit 8 set must be _the_ > anti-SPAM measure with the lowest sensitivity and specificity. It does Perhaps, but 8 bit characters should not be used in RFC822 headers. There's a well defined method for encoding 8 bit characters in the real name portion of an E-mail address.
Sam <[EMAIL PROTECTED]> writes: > Perhaps, but 8 bit characters should not be used in RFC822 headers. > There's a well defined method for encoding 8 bit characters in the real > name portion of an E-mail address. Nonetheless, in Europe, 8-bit characters in headers are very widely used. -- Russ Allbery ([EMAIL PROTECTED]) <URL:http://www.eyrie.org/~eagle/>
>> > it's not just 2 lines. It's 2 lines x # of subscribers x messages per >day. >> > Assuming a "line" is 40 characters, there are 1000 subscribers, and 50 >> > messages per day, that's 4 megabytes per day extra. >I wasn't suggesting 4 megs/day was excessive.. But it's not negligible.. Average message 2K, 40 characters is 2% of traffic for this list. It that isn't negligable, what is? -Sincerely, Fred (Frederik Lindberg, Infectious Diseases, WashU, St. Louis, MO, USA)
Hi, there where several people asking how one could do this, here ist one possible solution. I use the script found on http://satan.oih.rwth-aachen.de/AMaViS/ and a software called AntiVir (http://www.antivir.de). The script is included, sorry about the length. The script is 0.2.0pre1, I didn't switched to pre2 until now. BTW, I did documented what I've done in the script, sorry about the inconvenience. What happens is somewhat simple: run every mail that will be delivered to a user through the script; if it malicious, stop and don't deliver the mail: catchall@lingo ~ % cat .qmail | /usr/sbin/scanmails $SENDER $RECIPIENT ./Maildir/ The things I changed in the script are the positional parameters and the exit code in case a virus was found. If a virus was found the mail is copied somewhere. Here is a little problem with qmail, as it runs with the uid of the receipient. My solution to this is the following: root@lingo /home/antivirus # ls -l total 3 drwx------ 5 antiviru antiviru 1024 Jan 28 01:18 Maildir drwx----wt 2 antiviru antiviru 1024 Feb 23 21:04 mailvirus drwxr-xr-x 2 antiviru antiviru 1024 Jan 28 01:18 public_html I did something similar for the logfile, but it seems as if this is not necessary, don't remember why I did it... root@lingo /home/antivirus # ls -ld /var/log/scanmails/ drwx----wt 2 root root 1024 Jan 28 02:44 /var/log/scanmails/ root@lingo /home/antivirus # ls -l /var/log/scanmails/ total 663 -rw-----w- 1 root root 673943 Mar 28 05:05 logfile I'm sure there was a reason :-) I know that all this is far away from being perfect and idiot proof, but at least on a system without users access to there .qmail files it works ok. I'd be interested to see a solution that checks the mail more centralized wihout the need to use .qmail, and to also check all outgoing traffid. May be some of you knows what to do? Have fun, Sascha
scanmails
Hi, there where several people asking how one could do this, here ist one possible solution. I use the script found on http://satan.oih.rwth-aachen.de/AMaViS/ and a software called AntiVir (http://www.antivir.de). The script is included, sorry about the length. The script is 0.2.0pre1, I didn't switched to pre2 until now. BTW, I did documented what I've done in the script, sorry about the inconvenience. What happens is somewhat simple: run every mail that will be delivered to a user through the script; if it malicious, stop and don't deliver the mail: catchall@lingo ~ % cat .qmail | /usr/sbin/scanmails $SENDER $RECIPIENT ./Maildir/ The things I changed in the script are the positional parameters and the exit code in case a virus was found. If a virus was found the mail is copied somewhere. Here is a little problem with qmail, as it runs with the uid of the receipient. My solution to this is the following: root@lingo /home/antivirus # ls -l total 3 drwx------ 5 antiviru antiviru 1024 Jan 28 01:18 Maildir drwx----wt 2 antiviru antiviru 1024 Feb 23 21:04 mailvirus drwxr-xr-x 2 antiviru antiviru 1024 Jan 28 01:18 public_html I did something similar for the logfile, but it seems as if this is not necessary, don't remember why I did it... root@lingo /home/antivirus # ls -ld /var/log/scanmails/ drwx----wt 2 root root 1024 Jan 28 02:44 /var/log/scanmails/ root@lingo /home/antivirus # ls -l /var/log/scanmails/ total 663 -rw-----w- 1 root root 673943 Mar 28 05:05 logfile I'm sure there was a reason :-) I know that all this is far away from being perfect and idiot proof, but at least on a system without users access to there .qmail files it works ok. I'd be interested to see a solution that checks the mail more centralized wihout the need to use .qmail, and to also check all outgoing traffid. May be some of you knows what to do? Have fun, Sascha
Ups, sorry about sending this one several times, I thing I did some mistake... Sascha
> there where several people asking how one could do this, here ist one possible > solution. I use the script found on http://satan.oih.rwth-aachen.de/AMaViS/ > and a software called AntiVir (http://www.antivir.de). I always refused to do virus scanning at the MTA because of reducing perfomance, possible DoS scenarios and security implications by the used packing programs/virus scanners/scripting glue. Does anyone have experience with MTA virus checking? All I heard of was slowing down mail for a company up to two days. That may be simply an inappropriate machine but it triggers all kinds of alarm in my head. Any comments? Regards, Frank
>Does anyone have experience with MTA virus checking? All I heard of was >slowing down mail for a company up to two days. That may be simply an >inappropriate machine but it triggers all kinds of alarm in my head. We pass all our mail through 3 scanners. For an average sized mail, this takes about 5 seconds elapsed time. ______________________________________________________________________ This message has been checked for viruses by the Star Screening System http://www.star.co.uk
Alex Shipp writes: > > >Does anyone have experience with MTA virus checking? All I heard of was > >slowing down mail for a company up to two days. That may be simply an > >inappropriate machine but it triggers all kinds of alarm in my head. > > > We pass all our mail through 3 scanners. For an average sized mail, > this takes about 5 seconds elapsed time. > FYI, there is a thread going on in the procmail mailing list concerning using procmail to ship any and all attachments to /dev/null. The message is delivered minus any attachments. So the discussion goes, it is selective on a per user basis, (ie., Unix user, pass attachments, MS, don't.) and only if the message is NOT from the local domain. I'm not so sure this is a good idea, but with the frailty of PC secretary software, it might be justified. So the discussion goes, it is done at the MUA delivery, so the MTA can pass it off to other machines on the network that do the scan, cut, and delivery. John -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602 [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
"Mark" == Mark Delany <[EMAIL PROTECTED]> writes: >> But I'm sure djb knows his way is better, so this is all a >> waste of breath now, isn't it. Mark> So lemme get this right. Dan B. has written and made freely Mark> available an MTA that many people like. Russell N. has set Mark> up a web site to help distribute information about that Mark> MTA. Numerous others are running mirrors for the web site Mark> and ftp archives all over the planet. Plenty of people have Mark> made patches and alternative distributions freely Mark> available. Even more people have provided thousands of hours Mark> of free support on this list and Dave S. is running a free Mark> web site that archives this list for future prosperity. I don't think that's fair. I didn't criticize the contributions of any of those people. For what it's worth: Thank you all who help to make the Internet a better place. That includes everyone Mark mentioned. Mark> And the best you have to offer is what? A sarcastic tirade? A tirade? Please. It was one sarcastic remark. I'm glad that Dan has written the software he has. We rely on it daily. And Dan can do whatever the heck he wants with his software. But everyone on this list knows how difficult it can be to convince Dan that there might be a better way. It's a little frustrating sometimes. Thus my remark. In any case, it was inappropriate, so I apologize. Dan often laments about how fractured the Unix world is. Yet his installation method is yet another non-standard installation method I have to deal with. His software is easy to build and install as long as it conforms to his ideas about how software should be built and installed. I'm willing to live with /var/qmail. I am not willing to live with stuffing everything under /usr/local. j. -- Jay Soffian <[EMAIL PROTECTED]> UNIX Systems Administrator 404.572.1941 Cox Interactive Media
I have qmail installed on several machines using Redhat 5.2
Currently passwords are not shadowed.
Will qmail be affected if I shadow the passwordsKevin
On Mon, Mar 29, 1999 at 08:41:29AM +1000, Kevin Waterson wrote: > > I have qmail installed on several machines using Redhat 5.2 > Currently passwords are not shadowed. > Will qmail be affected if I shadow the passwords If you're using qmail-popup/qmail-pop3d and the most recent version of Dan's checkpassword (checkpassword-0.81), then you should be fine with or without shadowed passwords. Chris
>I have qmail installed on several machines using Redhat 5.2 >Currently passwords are not shadowed. >Will qmail be affected if I shadow the passwords I believe you will have to recompile the checkpassword program. Within the INSTALL it says that to install shadow support with linux you must uncomment two lines within the checkpassword Makefile. With RH 5.0 I found that I had to then edit one of those lines to read -lcrypt instead of what was in there. e-mail me privavtely if you have trouble. - eric
How can qmail be configured to bounce anything with a specific header line (In this case, /^Subject: Important Message From/. I've writte a script that can be run thom dot-qmail and returns an error and keeps the message from being delivered, but I need to do it globally for both locally and remotely delivered email. I've just joined the list, so if this is being discussed right now, I'm trying to catch up..... Justin Alcorn -- "Darn These Computers, They're so naughty and complex!" DoD#1511 Cleveland Hts, OH ========================================================= # "See you . . . *out there* - Q # =========================================================
Hi- I've very suddenly started having a very serious problem with my qmail version 1.03. This is what happens. My domain is duluoz.net, the mail exchange machine name is paradise. If I send a message from paradise to a user in the duluoz.net domain, the message is delivered successfully. If I send a message not from paradise (or if I make an smtp connection from paradise) to a duluoz.net or paradise.duluoz.net address, the message is lost. this is what a typical log entry looks like: Mar 28 20:39:18 paradise qmail: 922682358.437321 new msg 42707 Mar 28 20:39:18 paradise qmail: 922682358.437815 info msg 42707: bytes 207 from <> qp 5323 uid 505 Mar 28 20:39:18 paradise qmail: 922682358.502154 starting delivery 2: msg 42707 to local @paradise.duluoz.net Mar 28 20:39:18 paradise qmail: 922682358.502483 status: local 1/10 remote 0/20 Mar 28 20:39:18 paradise qmail: 922682358.504139 delivery 2: success: Mar 28 20:39:18 paradise qmail: 922682358.504277 status: local 0/10 remote 0/20 Mar 28 20:39:18 paradise qmail: 922682358.504381 end msg 42707 My /var/qmail/controls directory is set up with the default values (using .config-fast paradise.duluoz.net), with the exception that I've added "duluoz.net" to both rcpthosts and locals. The problem appeared suddenly after two months of working flawlessly. I have since reinstalled the entire /var/qmail directory from the source code. Any help would be greatly appreciated. -mike
Mike Glover writes: > Hi- > > I've very suddenly started having a very serious problem with my > qmail version 1.03. This is what happens. My domain is duluoz.net, Your DNS is severely broken. Fix it: [news@ny spool]$ dig duluoz.net mx ; <<>> DiG 8.1 <<>> duluoz.net mx ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 6 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUERY SECTION: ;; duluoz.net, type = MX, class = IN ;; ANSWER SECTION: duluoz.net. 23h59m50s IN CNAME paradise.duluoz.net. Investigate why your DNS servers are returning a SERVFAIL, yet still spit out an MX record. That is broken.
Hi all, How to tell Qmail reject any incoming mail from unresolved host/domain? Thanks inadvance! Dong
