qmail Digest 27 Jun 1999 10:00:01 -0000 Issue 684
Topics (messages 27177 through 27187):
PTR issue / question
27177 by: Richard Letts <[EMAIL PROTECTED]>
27179 by: "Sam" <[EMAIL PROTECTED]>
27180 by: [EMAIL PROTECTED]
27181 by: Varga Robert <[EMAIL PROTECTED]>
27185 by: "Scott D. Yelich" <[EMAIL PROTECTED]>
Secondary MX Delivery Problems (Returns)
27178 by: Richard Letts <[EMAIL PROTECTED]>
qmail-pop3d.init
27182 by: Frederik Lindberg <[EMAIL PROTECTED]>
Problems with tcpserver for relaying
27183 by: Diego Puertas <[EMAIL PROTECTED]>
27184 by: Chris Johnson <[EMAIL PROTECTED]>
where is checkpassword and ucspi-tcp?
27186 by: Denis Voitneko <[EMAIL PROTECTED]>
how to apply the AOL patch?
27187 by: Denis Voitneko <[EMAIL PROTECTED]>
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To bug my human owner, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
On Sat, 26 Jun 1999, Scott D. Yelich wrote:
> Jun 26 01:10:23 ns1 tcp-env[4348]: warning: can't verify hostname:
>gethostbyname(cobalt) failed
> Jun 26 01:10:23 ns1 tcp-env[4348]: refused connect from 216.221.160.30
>
> dig -x output...
> ;; ANSWER SECTION:
> 30.160.221.216.in-addr.arpa. 11h22m24s IN PTR cobalt.
> 30.160.221.216.in-addr.arpa. 11h22m24s IN PTR cobalt.propagation.net.
>
> Since I don't know... I'm asking... is that reverse pointer for that
> host wrong? It can't be just cobalt. and/or there can't be two?
yes. it might be (on a private network using IP, but this isn't).
there can only be one.
RjL
On Sat, 26 Jun 1999, Scott D. Yelich wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
>
>
> Jun 26 01:10:23 ns1 tcp-env[4348]: warning: can't verify hostname:
>gethostbyname(cobalt) failed
> Jun 26 01:10:23 ns1 tcp-env[4348]: refused connect from 216.221.160.30
>
> dig -x output...
> ;; ANSWER SECTION:
> 30.160.221.216.in-addr.arpa. 11h22m24s IN PTR cobalt.
> 30.160.221.216.in-addr.arpa. 11h22m24s IN PTR cobalt.propagation.net.
>
>
> Since I don't know... I'm asking... is that reverse pointer for that
> host wrong? It can't be just cobalt. and/or there can't be two?
Correct. Well, there can be two, actually, and nobody will complain as
long as all PTRs are valid. Here, one of them is broken, and that's what
tcp-env is complaining about.
Richard Letts wrote:
> On Sat, 26 Jun 1999, Scott D. Yelich wrote:
>
> > Jun 26 01:10:23 ns1 tcp-env[4348]: warning: can't verify hostname:
>gethostbyname(cobalt) failed
> > Jun 26 01:10:23 ns1 tcp-env[4348]: refused connect from 216.221.160.30
> >
> > dig -x output...
> > ;; ANSWER SECTION:
> > 30.160.221.216.in-addr.arpa. 11h22m24s IN PTR cobalt.
> > 30.160.221.216.in-addr.arpa. 11h22m24s IN PTR cobalt.propagation.net.
> >
> > Since I don't know... I'm asking... is that reverse pointer for that
> > host wrong? It can't be just cobalt. and/or there can't be two?
>
> yes. it might be (on a private network using IP, but this isn't).
> there can only be one.
There CAN be more than one. I've used as many as 7 PTR's on one IP before.
Maybe there's not _supposed_ _to_ be, but it _can_ be. Maybe qmail won't
support more than one, but it can get more than one. I did get all 7 PTRs
and the above example shows that the 2 records do come through. So why
would BIND support it if it's not supposed to be?
--
Phil Howard | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
phil | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
at | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
ipal | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
dot | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
net | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
On Sat, 26 Jun 1999 [EMAIL PROTECTED] wrote:
>
> There CAN be more than one. I've used as many as 7 PTR's on one IP before.
> Maybe there's not _supposed_ _to_ be, but it _can_ be. Maybe qmail won't
> support more than one, but it can get more than one. I did get all 7 PTRs
> and the above example shows that the 2 records do come through. So why
> would BIND support it if it's not supposed to be?
But what use?
How do you receive it correctly?
A PTR record is used to get the name belonging to an ip address. This
means that if an address has more than one, than which do you receive it?
If it is given back randomly, then it is unreliable, for selectively
allowing access according to that.
If always the same one is given back, then you don't get the others, hence
no use...
If all is given back, then you always has to choose of them, and it just
don't feel right to me, anyway.
Robert Varga
-----BEGIN PGP SIGNED MESSAGE-----
On Sat, 26 Jun 1999 [EMAIL PROTECTED] wrote:
> > > Jun 26 01:10:23 ns1 tcp-env[4348]: warning: can't verify hostname:
>gethostbyname(cobalt) failed
> > > Jun 26 01:10:23 ns1 tcp-env[4348]: refused connect from 216.221.160.30
> > > dig -x output...
> > > ;; ANSWER SECTION:
> > > 30.160.221.216.in-addr.arpa. 11h22m24s IN PTR cobalt.
> > > 30.160.221.216.in-addr.arpa. 11h22m24s IN PTR cobalt.propagation.net.
> > > Since I don't know... I'm asking... is that reverse pointer for that
> > > host wrong? It can't be just cobalt. and/or there can't be two?
> > yes. it might be (on a private network using IP, but this isn't).
> > there can only be one.
> There CAN be more than one. I've used as many as 7 PTR's on one IP before.
> Maybe there's not _supposed_ _to_ be, but it _can_ be. Maybe qmail won't
> support more than one, but it can get more than one. I did get all 7 PTRs
> and the above example shows that the 2 records do come through. So why
> would BIND support it if it's not supposed to be?
Well, I don't want to get into a pissing contest -- but I hate to make
hacks on software (ie: qmail/tcp-env) to allow a special case to work.
I'm going to wait and continue to investigate if this is a tcp-env snafu
or a loose bind implementation, etc.
Scott
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBN3VboB4PLs9vCOqdAQGUIwQAymeOxvWLEEx8HrVxw9tAvROmn7gwC8Eu
5ZSvpD9JeTQyjIoFP6WD00hjienJy323PFoPVd1mEdPMg5iXVpOYI1O7tkTIE57g
TsKH/ct2vmn/oY7KLgtfZafd0BpPzDpke9rfeYrKTkvaD7Lqw2xWaFnFVIeFjN9u
lU8DVhXZHys=
=o0sd
-----END PGP SIGNATURE-----
On Sat, 26 Jun 1999, Karl Lellman wrote:
> Richard,
>
> Thanks for that info.... working on the theory that I've never ever modified
> qmail source before, can you explain which file I need to change and
> recompile and also whether this is an existing line that I'm changing or a
> new one that I'm adding (I know I sound pretty simple here, but I just want
> to get it right the first time)?
I'm afraid my comments were particulary carefully phrased so that if you
could find the routine you would know how to chnage it. I'm concerned
about suggesting you apply 'hack's such as this to your qmail installation
without first testing them. I don't have time to test them here, and if
they don't work I'm concerned that you won't be able to test them at your
end, forcing me into testing the changes here. I don't have time to test
the changes here. really. I'm moving continents shortly.
so once again, you modify the routine smtp() near the top of it changing
one line to return if the greeting message fails instead of dying.
I wrote:
> if (smtpcode() != 220) { close(&smtpto); return; };
>
> near the top should probably do the trick.
the alternative is to install qmail on your firewall as an
application-layer proxy. this is by far the best engineering solution
RjL
==================================================================
The problems of the world || Fax: +44 870 0521198
can't be solved by fixing || Email: [EMAIL PROTECTED]
the working -- C. Daniluk || Phone: +44 385 275 394
> Second: what do you think would happen (in less than half of a second) if
> qmail-pop3d would be exceuted before qmail?
Third: Why do you think qmail-pop3d depends on qmail running? All it does
is pop messages from users' Maildirs. You can use it e.g. to give pop3
access to files placed into the Maildir by anyone/anything.
-Sincerely, Fred
Frederik Lindberg, Inf. Dis, WashU, St. Louis, MO
I am trying to implement selective relay for a range of IP adresses, so
when I execute the following command:
/usr/local/bin/tcpserver -R -x/etc/tcprules.d/qmail-smtpd.cdb \
-c100 -u81 -g80 0 smtp /var/qmail/bin/qmail-smtpd &
to activate tcpserver, tcpserver returns this error:
tcpserver: fatal: unable to bind: address allready used
I have allready created the .cdb file with tcprules, comented the smtp
line in inet.d and restarted it.
�What is the problem?
Thanks
On Sat, Jun 26, 1999 at 04:07:10PM -0400, Diego Puertas wrote:
> I am trying to implement selective relay for a range of IP adresses, so
> when I execute the following command:
>
> /usr/local/bin/tcpserver -R -x/etc/tcprules.d/qmail-smtpd.cdb \
> -c100 -u81 -g80 0 smtp /var/qmail/bin/qmail-smtpd &
>
> to activate tcpserver, tcpserver returns this error:
>
> tcpserver: fatal: unable to bind: address allready used
>
> I have allready created the .cdb file with tcprules, comented the smtp
> line in inet.d and restarted it.
Something is already listening on port 25. You have sendmail running, you're
already running an instance of tcpserver on port 25, or something in inetd.conf
is configured to listen to port 25.
Chris
I am in the process of getting a pop3d working on my box. I've been
trying to get checkpassword and ucspi-tcp from the sites listed on
qmail.org but they're dead. Is there an alternative place I can get
these packages from?
Denis
I tried cat <patchfile> | patch -p0 but it would not work. What's the
proper way?
