qmail Digest 30 Jun 1999 10:00:00 -0000 Issue 687
Topics (messages 27243 through 27290):
follow:How do I fix up messages from broken SMTP clients?
27243 by: Russell Nelson <[EMAIL PROTECTED]>
unsuscribe
27244 by: Christian Tremblay <[EMAIL PROTECTED]>
27245 by: "Scott D. Yelich" <[EMAIL PROTECTED]>
27246 by: "Adam D. McKenna" <[EMAIL PROTECTED]>
27255 by: Robbie Walker <[EMAIL PROTECTED]>
27263 by: xs <[EMAIL PROTECTED]>
27265 by: "Aaron L. Meehan" <[EMAIL PROTECTED]>
Ownership of qmail control files.
27247 by: Richard Aldridge <[EMAIL PROTECTED]>
27249 by: Russell Nelson <[EMAIL PROTECTED]>
27250 by: Stefan Paletta <[EMAIL PROTECTED]>
27287 by: Richard Aldridge <[EMAIL PROTECTED]>
Perhaps I missed it the first time ...
27248 by: "Scott D. Yelich" <[EMAIL PROTECTED]>
27251 by: Bruno Wolff III <[EMAIL PROTECTED]>
27252 by: "Adam D. McKenna" <[EMAIL PROTECTED]>
27256 by: "Scott D. Yelich" <[EMAIL PROTECTED]>
27258 by: "Adam D. McKenna" <[EMAIL PROTECTED]>
27259 by: [EMAIL PROTECTED]
27262 by: "Alex Miller" <[EMAIL PROTECTED]>
27264 by: John Gonzalez/netMDC admin <[EMAIL PROTECTED]>
27270 by: "Fred Lindberg" <[EMAIL PROTECTED]>
27271 by: "Scott D. Yelich" <[EMAIL PROTECTED]>
27272 by: John Gonzalez/netMDC admin <[EMAIL PROTECTED]>
27273 by: "Scott D. Yelich" <[EMAIL PROTECTED]>
27275 by: John Gonzalez/netMDC admin <[EMAIL PROTECTED]>
27276 by: "Chris Garrigues" <[EMAIL PROTECTED]>
27285 by: Andre Oppermann <[EMAIL PROTECTED]>
DNS error
27253 by: Robbie Walker <[EMAIL PROTECTED]>
27257 by: "Soffen, Matthew" <[EMAIL PROTECTED]>
troubles with maildir2smtp
27254 by: [EMAIL PROTECTED]
Big delays
27260 by: Juan Carlos Castro y Castro <[EMAIL PROTECTED]>
27261 by: Juan Carlos Castro y Castro <[EMAIL PROTECTED]>
27266 by: "Adam D. McKenna" <[EMAIL PROTECTED]>
27267 by: Dave Sill <[EMAIL PROTECTED]>
SCO 5.0.5 qmail-1.03 outgoing email problem
27268 by: [EMAIL PROTECTED]
omfmipd + Mrs. Brisby smtpd auth
27269 by: Aaron Nabil <[EMAIL PROTECTED]>
Mail Queue
27274 by: "Tony D'Andrade" <[EMAIL PROTECTED]>
remove
27277 by: Joshua Caskey <[EMAIL PROTECTED]>
27279 by: Scott Schwartz <[EMAIL PROTECTED]>
27280 by: Justin Bell <[EMAIL PROTECTED]>
Quick & dirty way to filter attachment
27278 by: "Noel Mistula" <[EMAIL PROTECTED]>
HTTP/FTP retrieval via email
27281 by: Tillman <[EMAIL PROTECTED]>
special headers in this list
27282 by: [EMAIL PROTECTED]
27286 by: Andre Oppermann <[EMAIL PROTECTED]>
the qmail book
27283 by: Eddie Irvine <[EMAIL PROTECTED]>
Latest M$ Exchange and Virus-walls
27284 by: "Kent Nilsen" <[EMAIL PROTECTED]>
27289 by: Stefaan A Eeckels <[EMAIL PROTECTED]>
Problem: smtproutes entry obviously ignored ?
27288 by: [EMAIL PROTECTED] (Juergen Kuersch)
incoming message size quota
27290 by: Varga Robert <[EMAIL PROTECTED]>
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To bug my human owner, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
Hideki Kubo writes:
> The functions not supported with ofmipd are provided in qmail-smtpd judging
> from my examining.
Okay, fair enough. The problem is that OFMIP is not SMTP. Client
machines needing their messages repaired should be configured to use
an ofmipd. ESMTP, badmailfrom, rcpthosts, databytes, and hop counting
are not necessary for OFMIP. And munging incoming messages is not
possible with SMTP, since the RFC says it's not necessary.
--
-russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson
Crynwr supports Open Source(tm) Software| PGPok | Government schools are so
521 Pleasant Valley Rd. | +1 315 268 1925 voice | bad that any rank amateur
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | can outdo them. Homeschool!
(1) Did anyone answer this? What should be done for a site that has
multiple PTRs -- as this appears to confuse qmail -- see (a).
(2) What do people do for sites where tcp-env refuses to allow a
connect -- but which seem to attempt to reconnect quite often -- see (b).
(a)
;; ANSWER SECTION:
30.160.221.216.in-addr.arpa. 11h22m24s IN PTR cobalt.
30.160.221.216.in-addr.arpa. 11h22m24s IN PTR cobalt.propagation.net.
Jun 26 01:10:23 ns1 tcp-env[4348]: warning: can't verify hostname:
gethostbyname(cobalt) failed
Jun 26 01:10:23 ns1 tcp-env[4348]: refused connect from 216.221.160.30
(b)
Jun 27 21:37:17 spy.org tcp-env[27990]: refused connect from 209.233.130.35
Jun 28 11:39:47 spy.org tcp-env[2295]: refused connect from 209.233.130.35
Jun 29 06:04:23 spy.org tcp-env[591]: refused connect from 209.233.130.35
(many more per day)...
Jun 27 03:37:33 spy.org tcp-env[21610]: warning: can't verify hostname: gethostb
yname(209-233-130-35.cc-inc.com) failed
Jun 27 03:37:33 spy.org tcp-env[21610]: refused connect from 209.233.130.35
Scott
On Tue, Jun 29, 1999 at 08:51:12AM -0600, Scott D. Yelich wrote:
> (1) Did anyone answer this? What should be done for a site that has
> multiple PTRs -- as this appears to confuse qmail -- see (a).
I find it amusing that Dan himself took the time to reply to you and you
didn't even read it. Are you sure you really want help?
> (2) What do people do for sites where tcp-env refuses to allow a
> connect -- but which seem to attempt to reconnect quite often -- see (b).
>
> (a)
> ;; ANSWER SECTION:
> 30.160.221.216.in-addr.arpa. 11h22m24s IN PTR cobalt.
> 30.160.221.216.in-addr.arpa. 11h22m24s IN PTR cobalt.propagation.net.
I also still can't figure out why you "need" to do this. People have asked
but you have not responded.
>
> Jun 26 01:10:23 ns1 tcp-env[4348]: warning: can't verify hostname:
>gethostbyname(cobalt) failed
> Jun 26 01:10:23 ns1 tcp-env[4348]: refused connect from 216.221.160.30
>
> (b)
> Jun 27 21:37:17 spy.org tcp-env[27990]: refused connect from 209.233.130.35
> Jun 28 11:39:47 spy.org tcp-env[2295]: refused connect from 209.233.130.35
> Jun 29 06:04:23 spy.org tcp-env[591]: refused connect from 209.233.130.35
> (many more per day)...
>
> Jun 27 03:37:33 spy.org tcp-env[21610]: warning: can't verify hostname: gethostb
> yname(209-233-130-35.cc-inc.com) failed
> Jun 27 03:37:33 spy.org tcp-env[21610]: refused connect from 209.233.130.35
--Adam
I may be very wrong... but something strikes me as odd about the first PTR
entry. I don't think it needs a period at the end. Since it denotes a host
on the domain, not a complete hostname. I wish I hadn't lent my DNS/BIND
book to my brother. IIRC, the period is necessary on full domain names but
wrong for host names in the referenced domain.
>;; ANSWER SECTION:
>30.160.221.216.in-addr.arpa. 11h22m24s IN PTR cobalt.
^
|should this be here?
>30.160.221.216.in-addr.arpa. 11h22m24s IN PTR cobalt.propagation.net.
______________________
NovaMetrix Development
Robbie Walker, head muckety-muck
and programmer
P.O. Box 635 or 910-653-4006
106-B S. Main St 800-773-5647
Tabor City, NC 28463 910-653-2052 FAX
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.2
iQA/AwUBN3jobTrJV5JQYcnnEQITmgCeO+rtFZfmw96GRp0g01gt3nveD2MAoJ9v
XExAjeS2VwXi5ZwgrXDmYf/W
=Q4I7
-----END PGP SIGNATURE-----
doot
read down
end
*-H-O-M-E----------*--W-O-R-K------------*--P-L-A-Y----------*
|_Greg Albrecht____|_Atlantic Internet___|_UNDEF Networks____|
|_Florida, USA_____|_Boca Raton, FL______|_Coral Springs, FL_|
|_xs(at)undef.net__|_www.aibusiness.net__|_www.undef.net_____|
|_Ham/Geek_________|_System Admin________|_System Admin______|
|_KF4MKT___________|_(888)-537-9550 x242_|_(954)224-6172_____|
*------------------*---------------------*-------------------*
On Tue, 29 Jun 1999, Robbie Walker wrote:
> I may be very wrong... but something strikes me as odd about the first PTR
> entry. I don't think it needs a period at the end. Since it denotes a host
> on the domain, not a complete hostname. I wish I hadn't lent my DNS/BIND
> book to my brother. IIRC, the period is necessary on full domain names but
> wrong for host names in the referenced domain.
>
> >;; ANSWER SECTION:
> >30.160.221.216.in-addr.arpa. 11h22m24s IN PTR cobalt.
> ^
> |should this be here?
^-------------------------------------------------------^
|
`-shouldn't be there at all....
> >30.160.221.216.in-addr.arpa. 11h22m24s IN PTR cobalt.propagation.net.
>
>
> ______________________
> NovaMetrix Development
> Robbie Walker, head muckety-muck
> and programmer
>
> P.O. Box 635 or 910-653-4006
> 106-B S. Main St 800-773-5647
> Tabor City, NC 28463 910-653-2052 FAX
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP for Personal Privacy 5.5.2
>
> iQA/AwUBN3jobTrJV5JQYcnnEQITmgCeO+rtFZfmw96GRp0g01gt3nveD2MAoJ9v
> XExAjeS2VwXi5ZwgrXDmYf/W
> =Q4I7
> -----END PGP SIGNATURE-----
>
Quoting Robbie Walker ([EMAIL PROTECTED]):
> I may be very wrong... but something strikes me as odd about the first PTR
> entry. I don't think it needs a period at the end. Since it denotes a host
> on the domain, not a complete hostname. I wish I hadn't lent my DNS/BIND
> book to my brother. IIRC, the period is necessary on full domain names but
> wrong for host names in the referenced domain.
>
> >;; ANSWER SECTION:
> >30.160.221.216.in-addr.arpa. 11h22m24s IN PTR cobalt.
> ^
> |should this be here?
If $ORIGIN is set to "propagation.net" in the zone file then yes it
can be removed. If not, then 216.221.160.30 would end up resolving to
cobalt.160.221.216.in-addr.arpa, which is not good :) I've seen that
too many times, however..
I'll jump on the redundancy bandwagon and say, again, that the first PTR
record there just needs to be dropped totally, in favor of the second one
which is below. Also, Scott, it's tcp wrappers that is doing this! Not
tcp-env nor anything to do with qmail (also said in a previous post).
> >30.160.221.216.in-addr.arpa. 11h22m24s IN PTR cobalt.propagation.net.
Aaron
A quick question for you....
Is it necessary for the qmail control files to be owned by root ?
Thanks,
Rich Aldridge,
Internet Systems Engineer,
Cable Internet.
Richard Aldridge writes:
> A quick question for you....
>
> Is it necessary for the qmail control files to be owned by root ?
No. It's only necessary that they be readable by all the qmail uids
which need to read them.
--
-russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson
Crynwr supports Open Source(tm) Software| PGPok | Government schools are so
521 Pleasant Valley Rd. | +1 315 268 1925 voice | bad that any rank amateur
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | can outdo them. Homeschool!
Richard Aldridge wrote/schrieb/scribsit:
> Is it necessary for the qmail control files to be owned by root ?
No.
They need to readable by the qmail accounts (qmaild qmailr etc.)
and should not be world writable. ;-)
Stefan
Thanks for the help, guys.
Regards,
Rich Aldridge.
Cable Internet.
Perhaps I missed the responses regarding the following the first time
they went out to the list -- and if so, I'm sorry...
On Tue, 29 Jun 1999, Adam D. McKenna wrote:
> On Tue, Jun 29, 1999 at 08:51:12AM -0600, Scott D. Yelich wrote:
> > (1) Did anyone answer this? What should be done for a site that has
> > multiple PTRs -- as this appears to confuse qmail -- see (a).
> I find it amusing that Dan himself took the time to reply to you and you
> didn't even read it. Are you sure you really want help?
I'm sorry... I must have overlooked it. I get upwards of 300 emails a
day -- quite a few from this list. I do apologize that I missed this.
Oh, btw ... did I mentioned that I have been the target of malicious
computer crackers for the last month who are completely hell bent on
destroying every computer I have on the Internet? I'm sure you don't
care. My mail has been down (and I have had to reconfigure and
re-install every computer that I have) and add 4 redundant firewalls to
my *home* network. Maybe I actually received the response and I just
didn't see the it -- worse has happened. I'm sure you don't care and
you are happy to get your insult in.
> > (2) What do people do for sites where tcp-env refuses to allow a
> > connect -- but which seem to attempt to reconnect quite often -- see (b).
> >
> > (a)
> > ;; ANSWER SECTION:
> > 30.160.221.216.in-addr.arpa. 11h22m24s IN PTR cobalt.
> > 30.160.221.216.in-addr.arpa. 11h22m24s IN PTR cobalt.propagation.net.
> I also still can't figure out why you "need" to do this. People have asked
> but you have not responded.
(1) *I* am not doing this.
(2) *I* have seen all of (1) response/thread that said something along
the lines of "bind allows it, so it must be valid" ... you know, BIND
allows for an MX to be a CNAME .... so it also must be ...
(3) I am simply asking again because I obviously missed it.
If you have any good things to say or any help, I'd appreciate the
feedback. If all you care to do is insult someone (who is just not in
the mood to deal with it), well, we can take it to private messages and
we can go at it.
Scott
ps: Thank you for taking the time to respond to me personally, Dan. I
will attempt to find your respond in the archives of this list.
On Tue, Jun 29, 1999 at 09:07:46AM -0600,
"Scott D. Yelich" <[EMAIL PROTECTED]> wrote:
>
>
> Perhaps I missed the responses regarding the following the first time
> they went out to the list -- and if so, I'm sorry...
The June archives for the list can be found at:
http://www.ornl.gov/its/archives/mailing-lists/qmail/1999/06/maillist.html
On Tue, Jun 29, 1999 at 09:07:46AM -0600, Scott D. Yelich wrote:
> I'm sorry... I must have overlooked it. I get upwards of 300 emails a
> day -- quite a few from this list. I do apologize that I missed this.
I dunno about you but when I ask a question in a public forum I usually
actively look for responses. To not even make a cursory check before asking
again is rude to everyone on this list, and especially the people who
responded the first time.
> Oh, btw ... did I mentioned that I have been the target of malicious
> computer crackers for the last month who are completely hell bent on
> destroying every computer I have on the Internet? I'm sure you don't
> care. My mail has been down (and I have had to reconfigure and
> re-install every computer that I have) and add 4 redundant firewalls to
> my *home* network. Maybe I actually received the response and I just
> didn't see the it -- worse has happened. I'm sure you don't care and
> you are happy to get your insult in.
I wonder what you could have done to piss someone off this badly.
--Adam
On Tue, 29 Jun 1999, Adam D. McKenna wrote:
> I dunno about you but when I ask a question in a public forum I usually
> actively look for responses. To not even make a cursory check before asking
> again is rude to everyone on this list, and especially the people who
> responded the first time.
cursory...
http://www.ornl.gov/its/archives/mailing-lists/qmail/1999/06/maillist.html
search for my name
find "Qmail Qs"
search for the next occurrence...
it doesn't re-occur.
> I wonder what you could have done to piss someone off this badly.
Whack Kevin Mitnick? Make the script kiddies look even more pathetic
than they are (ie: see upcoming NYT article[s]). I hope you are not one
of those ``FREE KEVIN'' kiddies? tchrist of #perl doesn't like me
either -- but that's probably just because I'm a bigger asshole than he
is online and he's just jealous or has a crush on me -- I just can't
tell.
Scott
ps: I had a DNS question about why MX hosts couldn't be CNAMEs.
Everyone seems to say "READ THE RFC" -- but no one seems to know which
one? Perhaps they haven't actually really read the RFCs themselves? I
was lucky enough to get a message back from an/the author of BIND9 --
and I appreciate it. But, the question still remains -- why is a MX
that is a CNAME a bad thing? Sorry to be pedantic.
On Tue, Jun 29, 1999 at 09:36:00AM -0600, Scott D. Yelich wrote:
>
>
> On Tue, 29 Jun 1999, Adam D. McKenna wrote:
> > I dunno about you but when I ask a question in a public forum I usually
> > actively look for responses. To not even make a cursory check before asking
> > again is rude to everyone on this list, and especially the people who
> > responded the first time.
>
> cursory...
>
> http://www.ornl.gov/its/archives/mailing-lists/qmail/1999/06/maillist.html
> search for my name
> find "Qmail Qs"
> search for the next occurrence...
> it doesn't re-occur.
That's because the topic wasn't "Qmail Qs", it was "PTR issue / question", and
you received seven replies, the last of which was from Mr. Bernstein.
> > I wonder what you could have done to piss someone off this badly.
>
> Whack Kevin Mitnick? Make the script kiddies look even more pathetic
> than they are (ie: see upcoming NYT article[s]). I hope you are not one
> of those ``FREE KEVIN'' kiddies? tchrist of #perl doesn't like me
> either -- but that's probably just because I'm a bigger asshole than he
> is online and he's just jealous or has a crush on me -- I just can't
> tell.
Not that this is an appropriate forum for this discussion, but are you saying
that you support the government holding Kevin Mitnick for four years without
bail or trial?
> ps: I had a DNS question about why MX hosts couldn't be CNAMEs.
> Everyone seems to say "READ THE RFC" -- but no one seems to know which
> one? Perhaps they haven't actually really read the RFCs themselves? I
> was lucky enough to get a message back from an/the author of BIND9 --
> and I appreciate it. But, the question still remains -- why is a MX
> that is a CNAME a bad thing? Sorry to be pedantic.
Mailing List Archive Search Results
Documents 1 to 10 of 81 documents containing: mx And record And cname And dns
1. Mail, CNAME, A records, and MX
http://www.ornl.gov/its/archives/mailing-lists/qmail/1999/03/msg01291.html - size:
4773 bytes
2. Re: DNS and connection refusal
http://www.ornl.gov/its/archives/mailing-lists/qmail/1997/09/msg00945.html - size:
4523 bytes
Hmm, the second hit exactly answers your question. Gee that was hard.
--Adam
"Scott D. Yelich" <[EMAIL PROTECTED]> writes:
> On Tue, 29 Jun 1999, Adam D. McKenna wrote:
> > I wonder what you could have done to piss someone off this badly.
>
[blah blah blah]
Let's see, now. You post a question. DJB answers it. You post again,
whining that nobody had answered you. Then you explain yourself by
further whining that you can't find the answer in your deluge of
email, and that hackers are beating you up.
Why ask again, if you know you can't find the answer? Since the answer
was in your mailbox, and can be found using 1) grep, 2) a threading
mailreader, or 3) procmail, why would you ask for a second answer
that, presumably, you would also not find in your overstuffed mailbox?
And why SHOULD anyone care about your hacker troubles, and your lack
of a firewall, and your overwhelming email traffic? Would you like
someone to read your email to you, or build you a firewall?
You really are an idiot.
--
A whip for the horse, a bridle for the ass, and a rod for the fool's
back. --Proverbs 26:3
> And why SHOULD anyone care about your hacker troubles, and your lack
> of a firewall, and your overwhelming email traffic? Would you like
> someone to read your email to you, or build you a firewall?
Well, I certainly do. He seemed to describe already having "4 redundant
firewalls" whatever that means.
My system has a firewall on it, which was installed when I first got my
Linux setup. I have done everything myself except for this firewall. For
several days now I've been reading up on Unix security and firewalls, since
it seems that my firewall is controlling ports that are handled by the
tcpserver that I installed with QMail. I think that the restrictions of the
firewall are the reason I was getting side-effect problems when installing
the Memphis RPM, such as the default behavior of telnet changing!
I am "functioning", that is I can run QMail and EZMLM (but not remote pop3)
but I am very much studying the issue of UNIX security and QMail setups.
Also, I am working closely with a client www.hatewatch.org who keeps track
of hate sites on the internet, (racist sites, anti-women, anti-gay, etc.)
My expectation is that my security needs in conjunction with internet
services will be very high, so I WANT to hear the horror stories. Other
peoples problems are my problems.
Alex (my brain hurts from reading so many words) Miller
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, June 29, 1999 12:19 PM
> To: Scott D. Yelich
> Cc: Qmail List
> Subject: Re: Perhaps I missed it the first time ...
>
>
> "Scott D. Yelich" <[EMAIL PROTECTED]> writes:
>
> > On Tue, 29 Jun 1999, Adam D. McKenna wrote:
> > > I wonder what you could have done to piss someone off this badly.
> >
> [blah blah blah]
>
> Let's see, now. You post a question. DJB answers it. You post again,
> whining that nobody had answered you. Then you explain yourself by
> further whining that you can't find the answer in your deluge of
> email, and that hackers are beating you up.
>
> Why ask again, if you know you can't find the answer? Since the answer
> was in your mailbox, and can be found using 1) grep, 2) a threading
> mailreader, or 3) procmail, why would you ask for a second answer
> that, presumably, you would also not find in your overstuffed mailbox?
>
> And why SHOULD anyone care about your hacker troubles, and your lack
> of a firewall, and your overwhelming email traffic? Would you like
> someone to read your email to you, or build you a firewall?
>
> You really are an idiot.
>
> --
> A whip for the horse, a bridle for the ass, and a rod for the fool's
> back. --Proverbs 26:3
>
On Tue, 29 Jun 1999, Alex Miller wrote:
>My expectation is that my security needs in conjunction with internet
>services will be very high, so I WANT to hear the horror stories. Other
>peoples problems are my problems.
>
>Alex (my brain hurts from reading so many words) Miller
You may want to hear his horror stories, but I sure as hell dont, and it's
off topic for this list.
you need to subscribe to the following:
hack-track
bugtraq
cert
among others.
_ __ _____ __ _________
______________ /_______ ___ ____ /______ John Gonzalez/Net.Tech
__ __ \ __ \ __/_ __ `__ \/ __ /_ ___/ MDC Computers/netMDC!
_ / / / `__/ /_ / / / / / / /_/ / / /__ (505)437-7600/fax-437-3052
/_/ /_/\___/\__/ /_/ /_/ /_/\__,_/ \___/ http://www.netmdc.com
[---------------------------------------------[system info]-----------]
11:05am up 144 days, 18:08, 3 users, load average: 0.22, 0.17, 0.10
Not carrying out the same conversation using different irrelevant
subjects (the one above and "unsubscribe") also helps you and others
track the replies to your questions.
I certainly wouldn't look under any of these for an answer about PTR
records.
-Sincerely, Fred
(Frederik Lindberg, Infectious Diseases, WashU, St. Louis, MO, USA)
On Tue, 29 Jun 1999, Alex Miller wrote:
> > And why SHOULD anyone care about your hacker troubles, and your lack
> > of a firewall, and your overwhelming email traffic? Would you like
> > someone to read your email to you, or build you a firewall?
> Well, I certainly do. He seemed to describe already having "4 redundant
> firewalls" whatever that means.
John from NM doesn't want to hear about off topic cracker headaches.
It's ok, John, they'll be coming your way soon enough. I'm sure he is
aware of Rt 66 and the happy hacker. It's lame when you call an ISP for
weeks wondering why you can't get your email or something and all they
will tell you is that they're doing maintenance or upgrades and it will
be back real soon now -- when the truth is they've been cracked.
> My system has a firewall on it, which was installed when I first got my
> Linux setup. I have done everything myself except for this firewall. For
> several days now I've been reading up on Unix security and firewalls, since
> it seems that my firewall is controlling ports that are handled by the
> tcpserver that I installed with QMail. I think that the restrictions of the
> firewall are the reason I was getting side-effect problems when installing
> the Memphis RPM, such as the default behavior of telnet changing!
This list appears to he a very low tollerance for many things and also
has a very narrow definition of what is on topic. To me, getting qmail
working with/through a firewall is on topic. The hows and the whys of
needing a firewall can easily be ignored.
Along those lines, I previously asked about having qmail masquerade as
the domain and strip out all (specified) headers on the mail relay hub
as this This would help hide internal information. So, guys, tell me
what machine I am on now... see, I want to stop that information from
getting out. I do remember the response to that one -- thanks guys --
it just seemed really complicated -- as soon as the other issues are
taken care of, I will probably try to implment that qmail solution on a
test machine.
Your system has a firewall on it, because you have linux. I run
Solaris. In fact, I run Solaris 7. I have not found a decent/free
firewall that will help protect each machine individually like
ipfw/ipfwadm(ipchains) will protect a linux machine. Since I am an
idiot, I'm sure the people on this list will quickly point out where I
am wrong about this -- but that is fine, because then I will benefit
from this information. I am also not made of money. I didn't have a
slew of PCs sitting around ready for a firewall to be put on them.
I had a single firewall in place, but it does little good if there are
still open holes past the firewall (ie: remote DNS shell to a linux box
in the next apartment, remote statd for sparc, remote ttdb for sparc,
someone logs into a machine on this net from offsite and the offsite is
compromised such that the repeat use password is not captured, etc.) and
then the net is flat (allows sniffing or attacks to other hosts that
were previously blocked at the firewall), etc.
> I am "functioning", that is I can run QMail and EZMLM (but not remote pop3)
> but I am very much studying the issue of UNIX security and QMail setups.
> Also, I am working closely with a client www.hatewatch.org who keeps track
> of hate sites on the internet, (racist sites, anti-women, anti-gay, etc.)
> My expectation is that my security needs in conjunction with internet
> services will be very high, so I WANT to hear the horror stories. Other
> peoples problems are my problems.
Well, you will probably be a target at some point. I am a target for
various reasons. I really doesn't matter why -- the kiddies like to
play and the authorities don't care and are impotent anyway.
What are redundant firewalls? Sorry, I don't know the terminology for
it -- it's the fact that I don't just have one border firewall
(anymore), but several and several borders. If a kiddie gets inside
the net, it's still not possible to talk to other hosts inside the net
or sniff the entire net.
You have linux on your box and a firewall -- are you also using dialup
and a single dynamic or static IP? I have a class C... currently with 9
machines in my apartment and at least that many in the next (I also have
remote pop as well as dialup) -- any one of these machines could be
compromised and lead to an attack from within the network.
If nothing else, if you remove rcphosts or are an open relay -- they
depending on how much mail you send out and where you send it, you might
become listed on the spamemer's open-relay lists.
It isn't considered a security issue for qmail -- but if users can write
a .qmail file (ie: no shell, but ftp), they might as well have a shell.
Does sendwhale still allow piping to a program/shell?
> Alex (my brain hurts from reading so many words) Miller
Alex, we can take it to private messages. I can certainly help you with
your remote pop or any other firewall issue[s] you might have. I'm sure
you're aware of all the remote pop issues of the past. Anyway, if
you're interested in chatting, please send me a message.
Scott
On Tue, 29 Jun 1999, Scott D. Yelich wrote:
>On Tue, 29 Jun 1999, Alex Miller wrote:
>> > And why SHOULD anyone care about your hacker troubles, and your lack
>> > of a firewall, and your overwhelming email traffic? Would you like
>> > someone to read your email to you, or build you a firewall?
>> Well, I certainly do. He seemed to describe already having "4 redundant
>> firewalls" whatever that means.
>
>John from NM doesn't want to hear about off topic cracker headaches.
>It's ok, John, they'll be coming your way soon enough. I'm sure he is
>aware of Rt 66 and the happy hacker. It's lame when you call an ISP for
>weeks wondering why you can't get your email or something and all they
>will tell you is that they're doing maintenance or upgrades and it will
>be back real soon now -- when the truth is they've been cracked.
<much snipped for brevity>
It really doesnt matter what i want to hear about or not. That's not what
this list is about. I dont care that he has been hacked 1,000,000 times by
1,000,000 different hackers. I dont care if he has 1,000,000 different
redudant firewalls all in a row. I dont care if 1,000,000 different credit
card numbers were stolen from an ISP. They are off topic for this list. If
you want to shoot private messages back and forth, fine with me, but
please dont drag the rest of the list in with you. This is a qmail list,
not a hack-track list, not a firewall help list.
There are appropriate places for discussion of those topics, and they
exist so you dont have to discuss those on lists where it is
inappropriate.
This really isnt rocket science, or am i just that far off the deep end?
_ __ _____ __ _________
______________ /_______ ___ ____ /______ John Gonzalez/Net.Tech
__ __ \ __ \ __/_ __ `__ \/ __ /_ ___/ MDC Computers/netMDC!
_ / / / `__/ /_ / / / / / / /_/ / / /__ (505)437-7600/fax-437-3052
/_/ /_/\___/\__/ /_/ /_/ /_/\__,_/ \___/ http://www.netmdc.com
[---------------------------------------------[system info]-----------]
5:45pm up 145 days, 48 min, 3 users, load average: 0.07, 0.07, 0.08
> There are appropriate places for discussion of those topics, and they
> exist so you dont have to discuss those on lists where it is
> inappropriate.
Well, now we certainly are off topic. John -- I talk in many forums.
It seems each has its own designs on what is appropriate and what is
not. Many forums, the want to know *why* you are doing something, in
case they can point out better or alternative ways or second guess what
you are intending to do. Other forums, they only want the cut'n'dry,
yet, if you don't give enough information, then there is a flurry of
chatter about elaboration.
I have yet to enter the wonderful world of procmail -- but I'm sure you
have it running. Please just procmail me to dev null if I irk you so
much.
Many people on this list have been sending me private messages and I
have truly appreciated the dialogues. I'm trying to remember, but I
think I met one of my best contacts regarding these kiddies from this
list.
Scott
On Tue, 29 Jun 1999, Scott D. Yelich wrote:
>Well, now we certainly are off topic. John -- I talk in many forums.
>It seems each has its own designs on what is appropriate and what is
>not. Many forums, the want to know *why* you are doing something, in
>case they can point out better or alternative ways or second guess what
>you are intending to do. Other forums, they only want the cut'n'dry,
>yet, if you don't give enough information, then there is a flurry of
>chatter about elaboration.
You didnt address anything i said. What does that have to do with qmail,
and this list?
>Many people on this list have been sending me private messages and I
>have truly appreciated the dialogues. I'm trying to remember, but I
>think I met one of my best contacts regarding these kiddies from this
>list.
>
>Scott
I'm afraid i completely dont understand this paragraph? What is it that
you are trying to say? Who called the list kiddies?
I'm not trying to win a pissing contest here, but i felt that it needed to
be said that the discussion that is going on, is way off topic. Now we
have wandered off even farther, this will be my final post in this thread.
_ __ _____ __ _________
______________ /_______ ___ ____ /______ John Gonzalez/Net.Tech
__ __ \ __ \ __/_ __ `__ \/ __ /_ ___/ MDC Computers/netMDC!
_ / / / `__/ /_ / / / / / / /_/ / / /__ (505)437-7600/fax-437-3052
/_/ /_/\___/\__/ /_/ /_/ /_/\__,_/ \___/ http://www.netmdc.com
[---------------------------------------------[system info]-----------]
6:00pm up 145 days, 1:03, 3 users, load average: 0.26, 0.20, 0.14
Now children....can't we just try to get along? This debate is even worse
than the messages that John was complaining about the first place.
Chris
--
Chris Garrigues virCIO
+1 512 432 4046 4314 Avenue C O-
http://www.DeepEddy.Com/~cwg/ Austin, TX 78751-3709
+1 512 374 0500
My email address is an experiment in SPAM elimination. For an
explanation of what we're doing, see http://www.DeepEddy.Com/tms.html
Nobody ever got fired for buying Microsoft,
but they could get fired for relying on Microsoft.
PGP signature
Scott D. Yelich wrote:
-snip-
> Your system has a firewall on it, because you have linux. I run
> Solaris. In fact, I run Solaris 7. I have not found a decent/free
> firewall that will help protect each machine individually like
> ipfw/ipfwadm(ipchains) will protect a linux machine. Since I am an
> idiot, I'm sure the people on this list will quickly point out where I
> am wrong about this -- but that is fine, because then I will benefit
> from this information. I am also not made of money. I didn't have a
> slew of PCs sitting around ready for a firewall to be put on them.
Check out IPFilter on http://cheops.anu.edu.au/~avalon/. It's also
for Solaris, free and very secure, it's the default Firewall on
OpenBSD.
--
Andre
Jacob, you wrote:
>Thank you very much I think you are right,
>I have changed the DNS entry as you suggested.
>I though still have an error.
>I am working on a test machine.
>which is not connected to the net,
>and the differences will only be updated later today.
>to the online machine.
>[root@dhamma qmail-1.03]# ./config
>Your hostname is dhamma.metta.lk.
>soft error
>Sorry, I couldn't find your host's canonical name in DNS.
>You will have to set up control/me yourself.
>--------------------------------------------------------------
>I modified as per your suggestion, but did not have a good result
>The machine is a test machine which is not conneted to the NET
>I shall update the DNS in the main machine later today.
>
>perhaps you might get a different result if if you say
>
>dig all metta.lk @tradenetsl.lk
Jacob, this is way beyond my meager skills. You should probably set up
control/me as follows dhamma.metta.lk and move on. I'm not sure why the DNS
isn't resolving your domain/host properly, but something definitely seems
odd. Good Luck.
Robbie Walker
800-773-5647
- -----BEGIN GEEK CODE BLOCK-----
Version: 3.1.2
GCM d- s+:++ a- C+++ UL++++ P++ L+++ E--- W+++ N+
o? K- w---(++) !O M++ !V PS--(+) PE++ Y+ PGP++
t++ 5+ X+ R+ tv b++ DI++ D++ G++ e h--- r+++ y+++
- ------END GEEK CODE BLOCK------
[President Clinton] boasts about 186,000 people denied firearms under the
Brady Law rules. The Brady Law has been in force for three years. In that
time, they have prosecuted seven people and put three of them in prison.
You know, the President has entertained more felons than that at
fundraising coffees in the White House, for Pete's sake."
-- Charlton Heston, FOX News Sunday, 18 May 1997
"A system of licensing and registration is the perfect device to deny gun
ownership to the bourgeoisie."
-- Vladimir Ilyich Lenin
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.2
iQA/AwUBN3jnSTrJV5JQYcnnEQLXygCfdOsb6G6a16IfGDbICp90wPbQ510AoMlL
xDAx/kbuseW02e4pLO0rEQR8
=gPCU
-----END PGP SIGNATURE-----
Here is the DNS error:
# nslookup dhamma.metta.lk
Server: localhost
Address: 127.0.0.1
Non-authoritative answer:
Name: metta.lk
Address: 204.143.107.46
Aliases: dhamma.metta.lk
# nslookup 204.143.107.46
Server: localhost
Address: 127.0.0.1
*** localhost can't find 204.143.107.46: Non-existent host/domain
This means the reverse DNS is not set. You may not have any means to do
this either (some ISP's want full control over the reverse DNS). So if
you contact your ISP, they may be able to update (O.K., create) your
entry.
> -----Original Message-----
> From: Robbie Walker [SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, June 29, 1999 11:33 AM
> To: Jacob (Mettavihari)
> Cc: [EMAIL PROTECTED]
> Subject: Re: DNS error
>
> Jacob, you wrote:
> >Thank you very much I think you are right,
> >I have changed the DNS entry as you suggested.
> >I though still have an error.
> >I am working on a test machine.
> >which is not connected to the net,
> >and the differences will only be updated later today.
> >to the online machine.
>
> >[root@dhamma qmail-1.03]# ./config
> >Your hostname is dhamma.metta.lk.
> >soft error
> >Sorry, I couldn't find your host's canonical name in DNS.
> >You will have to set up control/me yourself.
> >--------------------------------------------------------------
> >I modified as per your suggestion, but did not have a good result
> >The machine is a test machine which is not conneted to the NET
> >I shall update the DNS in the main machine later today.
> >
> >perhaps you might get a different result if if you say
> >
> >dig all metta.lk @tradenetsl.lk
>
> Jacob, this is way beyond my meager skills. You should probably set up
> control/me as follows dhamma.metta.lk and move on. I'm not sure why
> the DNS
> isn't resolving your domain/host properly, but something definitely
> seems
> odd. Good Luck.
> Robbie Walker
> 800-773-5647
>
> - -----BEGIN GEEK CODE BLOCK-----
> Version: 3.1.2
> GCM d- s+:++ a- C+++ UL++++ P++ L+++ E--- W+++ N+
> o? K- w---(++) !O M++ !V PS--(+) PE++ Y+ PGP++
> t++ 5+ X+ R+ tv b++ DI++ D++ G++ e h--- r+++ y+++
> - ------END GEEK CODE BLOCK------
>
> [President Clinton] boasts about 186,000 people denied firearms under
> the
> Brady Law rules. The Brady Law has been in force for three years. In
> that
> time, they have prosecuted seven people and put three of them in
> prison.
> You know, the President has entertained more felons than that at
> fundraising coffees in the White House, for Pete's sake."
> -- Charlton Heston, FOX News Sunday, 18 May 1997
>
> "A system of licensing and registration is the perfect device to deny
> gun
> ownership to the bourgeoisie."
> -- Vladimir Ilyich Lenin
> -----BEGIN PGP SIGNATURE-----
> Version: PGP for Personal Privacy 5.5.2
>
> iQA/AwUBN3jnSTrJV5JQYcnnEQLXygCfdOsb6G6a16IfGDbICp90wPbQ510AoMlL
> xDAx/kbuseW02e4pLO0rEQR8
> =gPCU
> -----END PGP SIGNATURE-----
Hi there.
I have some troubles dealing with serialmail on a redhat 6.0
First, i used this machine on a LAN connectected to the internet, but now i have to
use a ppp link to connect to the net.
I try to configure qmail as described in Djalil Chafa�'s french tutorial.
Local delivery looks good, and even remote delivery with the outbox dir and using
maildir2smtp. Well, it is not so good: it works if i use mutt and with
maildirsmtp ~alias/pppdir alias-ppp- mail.libertysurf.fr melmoth.penguinpowered.com
2>> /var/log/maildir2smtp.log
melmoth.penguinpowered.com is NOT my domain (it s another computer of mine) but i dont
know what is my real name (as it may change on each connection) and i know this
machine is always online. I have tryed sometimes with localhost.localdomain and this
seems to works too (guess i ll chosse this one).
Troubles begins when i try to use another mua. I want to use arrow. But i cannot send
any mail. Here is what maildir2smtp.log says:
maildirserial: info: new/930666614.1151.localhost.localdomain bounced: 195.154.210.35
said: 553 <melmoth>... Domain name required
There is one difference in the header of mail sent locally with mutt and others send
with arrow.
Mutt headers:
>From [EMAIL PROTECTED] Tue Jun 29 15:31:10 1999
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 1762 invoked by uid 500); 29 Jun 1999 15:31:10 -0000
From: [EMAIL PROTECTED]
Arrow hearers:
>From melmoth Tue Jun 29 15:30:44 1999
Return-Path: <melmoth>
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 1754 invoked from network); 29 Jun 1999 15:30:43 -0000
Received: from softdnserror (HELO localhost.localdomain) ([EMAIL PROTECTED])
by softdnserror with SMTP; 29 Jun 1999 15:30:43 -0000
From: [EMAIL PROTECTED]
I run the 2 software with the same user, having some environnement variable set:
USERNAME="melmoth"
MAILHOST=libertysurf.fr
MAILUSER=pierre.amadio
QMAILINJECT=f
QMAILHOST="libertysurf.fr"
I cannot find how to use arrow to send mail. Any help appreciated, like what is the
good variable to assign, or the good doc to read.
Have a nice day.
Pierre Amadio
Hi. We are experiencing extended delays for mail delivery. Messages show
up on our server half an hour after they were sent (regardless of
sending server load) and another hour passes before they reach their
final destination, even if it's at the same server. Where should I start
checking? We are protected agains unauthorized relay.
Thanx,
begin:vcard
n:Castro;Juan
tel;work:540-9100 Ramal 46
x-mozilla-html:FALSE
url:http://www.appi.com.br/~jcastro
org:APPI Inform�tica;Desenvolvimento
adr:;;Av. Ataulfo de Paiva, 135/1410 - Leblon;Rio de Janeiro;RJ;22499-900;Brasil
version:2.1
email;internet:[EMAIL PROTECTED]
title:Consultor
note;quoted-printable:One man alone cannot fight the future. USE LINUX!=0D=0A=0D=0A -- The X Racer
fn:Juan Carlos Castro y Castro
end:vcard
I guess you meant /var/qmail/queue/lock/trigger. Look how the lock directory
was:
-rw------- 1 qmails qmail 0 jun 8 14:46 sendmutex
-rw-r--r-- 1 qmailr qmail 1024 jun 29 13:33 tcpto
prw------- 1 qmails qmail 0 jun 8 14:42 trigger
I changed trigger to 622. Are the others ok?
Thanx,
"Adam D. McKenna" wrote:
> Check permissions on /var/qmail/lock/trigger. it should be mode 622.
>
> --Adam
>
> On Tue, Jun 29, 1999 at 01:39:44PM -0300, Juan Carlos Castro y Castro wrote:
> > Hi. We are experiencing extended delays for mail delivery. Messages show
> > up on our server half an hour after they were sent (regardless of
> > sending server load) and another hour passes before they reach their
> > final destination, even if it's at the same server. Where should I start
> > checking? We are protected agains unauthorized relay.
> >
> > Thanx,
>
> Content-Description: Card for Juan Carlos Castro y Castro
begin:vcard
n:Castro;Juan
tel;work:540-9100 Ramal 46
x-mozilla-html:FALSE
url:http://www.appi.com.br/~jcastro
org:APPI Inform�tica;Desenvolvimento
adr:;;Av. Ataulfo de Paiva, 135/1410 - Leblon;Rio de Janeiro;RJ;22499-900;Brasil
version:2.1
email;internet:[EMAIL PROTECTED]
title:Consultor
note;quoted-printable:One man alone cannot fight the future. USE LINUX!=0D=0A=0D=0A -- The X Racer
fn:Juan Carlos Castro y Castro
end:vcard
On Tue, Jun 29, 1999 at 02:08:38PM -0300, Juan Carlos Castro y Castro wrote:
> I guess you meant /var/qmail/queue/lock/trigger. Look how the lock directory
> was:
>
> -rw------- 1 qmails qmail 0 jun 8 14:46 sendmutex
> -rw-r--r-- 1 qmailr qmail 1024 jun 29 13:33 tcpto
> prw------- 1 qmails qmail 0 jun 8 14:42 trigger
>
> I changed trigger to 622. Are the others ok?
should be..
I'm still a little confused as to the exact reason that this problem
happens... I mean, you would think mail would either get delivered or not
get delivered.. What causes the delay?
--Adam
"Adam D. McKenna" <[EMAIL PROTECTED]> wrote:
>I'm still a little confused as to the exact reason that this problem
>happens... I mean, you would think mail would either get delivered or not
>get delivered.. What causes the delay?
>From INTERNALS:
When qmail-queue has successfully placed a message into the queue, it
pulls a trigger offered by qmail-send. Here is the current triggering
mechanism: lock/trigger is a named pipe. Before scanning todo/,
qmail-send opens lock/trigger O_NDELAY for reading. It then selects for
readability on lock/trigger. qmail-queue pulls the trigger by writing a
byte O_NDELAY to lock/trigger. This makes lock/trigger readable and
wakes up qmail-send. Before scanning todo/ again, qmail-send closes and
reopens lock/trigger.
So qmail-queue uses trigger to tell qmail-send there's a new message
in the queue. If the trigger is hosed, qmail-send has to discover them
itself. Apparently it doesn't check too often.
-Dave
Anyone seen this problem:
Platform: Sco 5.0.5 qmail 1.03
Inbound email works, pop works
Outbound email makes smtp connection but does not deliver the mail.
If the outbound email goes to an invalid email address at a valid
mail server, the mail gets rejected correctly.
With correct remote email address, the qmail-remote process connects
and hangs and finally gets deferred with this error
Connected_to_209.218.8.20_but_connection_died._(#4.4.2)/
We get the same problem on two similarly configured SCO machines.
Anyone have a idea what that this problem is?
Ken Jones
Inter7
I've made the few lines of changes to ofmipd.c to enable "Mrs. Brisby"'s
qmail-smtpd auth patch (which works great, BTW) to drop in and work. I
would have posted them, but I've made a few local changes to the code
itself I didn't want to tease out unless someone was interested.
--
Aaron Nabil
How do i erase all messages in the mail queue ?
thanks in advance
td
Please remove me from the list. If this is the incorrect method to be
removed then please inform me how to do so.
Joshua Caskey <[EMAIL PROTECTED]> writes:
| Please remove me from the list. If this is the incorrect method to be
| removed then please inform me how to do so.
What I've learned about human factors from ezmlm: that mailing lists
do better to have a footer *in the body* of every message that
continually reminds people of what to type in order to get off.
Independently, it's more convenient if they can mail "unsubscribe
user@fqdn" to the list address.
--
Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
On Tue, Jun 29, 1999 at 10:10:41PM -0400, Scott Schwartz wrote:
# Joshua Caskey <[EMAIL PROTECTED]> writes:
# | Please remove me from the list. If this is the incorrect method to be
# | removed then please inform me how to do so.
#
# Independently, it's more convenient if they can mail "unsubscribe
# user@fqdn" to the list address.
wouldnt have worked in this instance, or any of the unsubscribe instances I
have seen. Now, if they just put the word 'unsubscribe' in the subject field
the list software should intercept it....
--
/- [EMAIL PROTECTED] --------------- [EMAIL PROTECTED] -\
|Justin Bell NIC:JB3084| Time and rules are changing. |
|Pearson | Attention span is quickening. |
|Developer | Welcome to the Information Age. |
\-------- http://www.superlibrary.com/people/justin/ ----------/
Hi,
I have a _very_ small script on filtering mails with file attachment.
This will work only on single attachment. However, you can extend
this script to filter multiple attachments
As I have said this is a quick and dirty way to filter attachments.
I'm not a good hack, you can write your own script much much
better than this.
I wrote this because I've been searching the qmail archive and I couldn't
find a single _example_ script for this subject. This posting is directed
to qmail beginners like me. I hope this will be kept in the archive for
future reference.
Thanks,
Noel Mistula
==========================================
#!/bin/bash
#
# qmail -- checkattach
# Author: Noel G. Mistula
# Date: 28 June 1999
#
# This is release under the GNU/GPL.
# This is a very crude program. Use at your own risk.
# This will delete incoming email with executable,
# video and other attachments.
# Just comment/uncomment/add whichever is required.
#
# I use this in a user's .qmail file
# by adding the line
# |/usr/local/bin/checkattach
# before the ./Maildir/
#
# Save this script in /usr/local/bin as checkattach
#
# Check for executable, application and other attachment.
ATTACHTYPE=`grep "Content-Description:" - | gawk {'print $3'} | cut -c 2-`
if [ $ATTACHTYPE != "" ]; then
case $ATTACHTYPE in
Application)
exit 100;;
MS-DOS)
exit 100;;
Video)
exit 100;;
Movie)
exit 100;;
RealAudio)
exit 100;;
Bitmap)
exit 100;;
MP3)
exit 100;;
Wave)
exit 100;;
*)
exit 0;;
esac
fi
exit 0
=============================================
Howdy,
I'm looking at various ways to set up an HTTP/FTP email gateway,
preferably using a simple .qmail file. Here's what I've got so far:
[root][/var/qmail/alias]# cat .qmail-webgate
# This alias is a simple (and probably easy-to-break) web/email gateway
#
# Future note for wget options: -Q1M for a file quota of 1 Megabyte
#
| /usr/local/bin/822field > ./auto/webgate.temp; /usr/bin/wget -O- -i
./auto/webgate.temp > ./auto/webgate.retrieved;
/var/qmail/bin/qmail-inject -- "$SENDER"< ./auto/webgate.retrieved
(The last line wrapped; it's actually all one line).
Note that I'm not cleaning up the temporary files so that I can see what
they're doing before they disappear.
This works in a very simple fashion, in that the user gets the raw HTML
of the page returned to them. Files (whether via HTTP or FTP) don't
work, however. They are retrieved into the temp file, and a blank
message is sent.
I noticed that even when a simple HTML page is retrieved, users can't
use HTML-capable email clients to view it. I suspect, although I'm by no
means an expert in this area, that it has to do with sending the
content-type.
Any idea's on how to implement this, and various ways to make it a
little less "open" (such as requiring a magic key in the body, and
restricting by $SENDER) much appreciated.
- Tillman Hodgson
Is there a way to get the source address of the SMTP connection and the values of the
SMTP "MAIL FROM" and "RCPT TO" commands in the message header?
TIA
Thomas
Everybody wants to go to heaven, but nobody wants to die.
-------------------------------------------------
T h o m a s Z e h e t b a u e r ( TZ251 )
PGP encrypted mail preferred - KeyID 96FFCB89
mail [EMAIL PROTECTED]
-------------------------------------------------
[EMAIL PROTECTED] wrote:
>
> Is there a way to get the source address of the SMTP connection and
> the values of the SMTP "MAIL FROM" and "RCPT TO" commands in the message header?
Only with patching. qmail-ldap makes header like below:
Received: from opi.nrg4u.com (HELO pipeline.ch) ([195.134.128.41])
(envelope-sender <[EMAIL PROTECTED]>)
by opi.flirtbox.ch (qmail-ldap-1.03) with SMTP
for <[EMAIL PROTECTED]>; 30 Jun 1999 08:16:29 -0000
You can get the whole qmail-ldap patch at http://www.nrg4u.com. Make
it and install only qmail-smtpd and you get the special headers.
--
Andre
Been a while since anyone has asked this question.
Is it still happening? Any news? Do tell...
--
Eddie
http://www1.tpgi.com.au/users/eirvine/index.html
________________________________________________
Hello, I'm a happy qmail user, except that we are beginning to have more and
more trouble connecting to people as they install new Exchange servers and
Virus walls. Whenever I try to send mail to one of the above, I get the "deferral:
Connected to ... but greeting failed" message in the log, and the user doesn't
get a warning until 7 days later. I don't know what's wrong with the newest
Exchange except the producer, but the virus-wall forwards the mail to a server
on the local network, which has no DNS address, which again gives me a
headache setting up "smtproutes". I've solved the problems with Exchange by
inserting the DNS name of the mailservers, but not all companies know what
their DNS name is. The virus-wall problem is not yet solved.
Does anyone know of a patch to work around the problem, or to make qmail
accept more shit? It doesn't help me much to explain that qmail follows the
rules and M$ doesn't when my users complain (then why don't you install
Exchange??? etc)
Kent R. Nilsen ([EMAIL PROTECTED])
Norkart AS
Kent,
Any chance you could let me have the addresses of some of these Exchange +
Virus wall setups?
On 30-Jun-99 Kent Nilsen wrote:
> Hello, I'm a happy qmail user, except that we are beginning to have more and
> more trouble connecting to people as they install new Exchange servers and
> Virus walls. Whenever I try to send mail to one of the above, I get the
> "deferral:
> Connected to ... but greeting failed" message in the log, and the user
> doesn't
> get a warning until 7 days later. I don't know what's wrong with the newest
> Exchange except the producer, but the virus-wall forwards the mail to a
> server
> on the local network, which has no DNS address, which again gives me a
> headache setting up "smtproutes". I've solved the problems with Exchange by
> inserting the DNS name of the mailservers, but not all companies know what
> their DNS name is. The virus-wall problem is not yet solved.
Stefaan
--
PGP key available from PGP key servers (http://www.pgp.net/pgpnet/)
___________________________________________________________________
Perfection is reached, not when there is no longer anything to add,
but when there is no longer anything to take away. -- Saint-Exup�ry
Hi there,
on our firewall, I have a smtproutes file like this:
<---snip>
# Mail to Rog1 must be directed to ROG1
rog1.rog.rwth-aachen:rog1.rog.rwth-aachen.de
# Mail to CIP mail hosts uses central RWTH mail relay
cip.rog.rwth-aachen.de:mail.rwth-aachen.de
cip1.rog.rwth-aachen.de:mail.rwth-aachen.de
berlin.rog.rwth-aachen.de:mail.rwth-aachen.de
# Qmos is internal Mail host for eecs and rog domain
eecs.rwth-aachen.de:qmos.rog.rwth-aachen.de
rog.rwth-aachen.de:qmos.rog.rwth-aachen.de
# Qmos is internal Mail host for mail to any other *.rog host
.rog.rwth-aachen.de:qmos.rog.rwth-aachen.de
# Any other mail uses standard MX routing
:
<---snap>
Everything works fine, well, except for mails to <user>@rog1.rog.rwth-aachen.de,
which is still relayed to qmos.rog.rwth-aachen.de, our internal mail host.
Especially forwarding for hosts cip, cip1 and berlin works fine, so my first
guess of problems with the wildcards in the last but one rule was nil.
Split DNS's MX entries for rog1 are
IN MX 10 rog1.rog.rwth-aachen.de.
IN MX 15 qmos.rog.rwth-aachen.de.
Our firewall host is definitely allowed to connect to rog1's SMTP port.
Any hints ?
GRTX
Juergen
I have to related questions:
1. How do I set the maximal incoming message size? And if is possible,
then the maximal outgoing message size?
2. What happens when the user's hard system quota is passed over with the
incoming message? Does the message bounce, or goes to temporary, or the
user gets it? I ask this with normal users not virtual users.
Robert Varga
