qmail Digest 2 Sep 1999 10:00:00 -0000 Issue 747
Topics (messages 29693 through 29728):
stack execution?
29693 by: [EMAIL PROTECTED] ()
29703 by: Russ Allbery <[EMAIL PROTECTED]>
Qmail Null??
29694 by: Tomasz Papszun <[EMAIL PROTECTED]>
Absolutely no bouncing...
29695 by: Stefan Paletta <[EMAIL PROTECTED]>
email postage
29696 by: "Daniluk, Cris" <[EMAIL PROTECTED]>
tcpserver
29697 by: "Daniluk, Cris" <[EMAIL PROTECTED]>
29698 by: Anand Buddhdev <[EMAIL PROTECTED]>
Mail.com blacklisting
29699 by: "David Dyer-Bennet" <[EMAIL PROTECTED]>
29702 by: Russ Allbery <[EMAIL PROTECTED]>
29704 by: Sam <[EMAIL PROTECTED]>
29705 by: "Einar Bordewich" <[EMAIL PROTECTED]>
29706 by: "David Harris" <[EMAIL PROTECTED]>
29708 by: "Einar Bordewich" <[EMAIL PROTECTED]>
29719 by: Sam <[EMAIL PROTECTED]>
29720 by: "Scott D. Yelich" <[EMAIL PROTECTED]>
qmail-pop3d
29700 by: "Philip Jocks" <[EMAIL PROTECTED]>
Cyrus deliver w/ wildcards in QMail
29701 by: Angus Robertson <[EMAIL PROTECTED]>
The word from Mail.com
29707 by: Russell Nelson <[EMAIL PROTECTED]>
29709 by: Justin Bell <[EMAIL PROTECTED]>
29710 by: Justin Bell <[EMAIL PROTECTED]>
29712 by: "Soffen, Matthew" <[EMAIL PROTECTED]>
29713 by: "Adam D . McKenna" <[EMAIL PROTECTED]>
.qmail-ext deliver to recepient and another maildir
29711 by: "Stephen C. Comoletti" <[EMAIL PROTECTED]>
Lobby mail.com
29714 by: "David Harris" <[EMAIL PROTECTED]>
29716 by: Russell Nelson <[EMAIL PROTECTED]>
29717 by: Russell Nelson <[EMAIL PROTECTED]>
29726 by: Fabrice Scemama <[EMAIL PROTECTED]>
29728 by: Robert Varga <[EMAIL PROTECTED]>
How to queue messages for later delivery
29715 by: "Filippos Slavik" <[EMAIL PROTECTED]>
29718 by: Marco Leeflang <[EMAIL PROTECTED]>
29724 by: Anand Buddhdev <[EMAIL PROTECTED]>
29725 by: "Filippos Slavik" <[EMAIL PROTECTED]>
29727 by: Anand Buddhdev <[EMAIL PROTECTED]>
Fact: Hotmail routes their email through the internet!
29721 by: Magnus Bodin <[EMAIL PROTECTED]>
29722 by: Sam <[EMAIL PROTECTED]>
SMTP Authentication
29723 by: [EMAIL PROTECTED]
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To bug my human owner, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
Fred Backman ([EMAIL PROTECTED]) wrote: : Does qmail (1.00) execute any code on the stack? It is an OS issue if stack pages are marked executable. Normal user-land programs don't get a say in this. Your OS might or might not execute code on the stack, but regardless, it doesn't involve qmail code. -harold
Fred Backman <[EMAIL PROTECTED]> writes: > Does qmail (1.00) execute any code on the stack? Not on Solaris, at least. I've been running qmail for quite some time with executable stack turned off and haven't seen any trouble. -- Russ Allbery ([EMAIL PROTECTED]) <URL:http://www.eyrie.org/~eagle/>
On Tue, 31 Aug 1999 at 7:58:38 -0400, [EMAIL PROTECTED] wrote: > > can anyone shed a bit of light on why I would get the following error while > trying to send mail through my Qmail SMTP server from an SMTP client- "SMTP > ERROR- Server responded (NULL) Contact your network admin for assistance. I don't know about this one. > I also can not receive incoming messages on that server- I get a bounce > back from the secondary MX server saying: > > ----- Transcript of session follows ----- > 451 <[EMAIL PROTECTED]>... reply: read error from mail.z100.com. > 553 postal.pfmc.net. config error: mail loops back to me (MX problem?) > ... while talking to mailhost2.pfmc.net.: > >>> RCPT To:<[EMAIL PROTECTED]> > <<< 550 <[EMAIL PROTECTED]>... Relaying denied > 550 <[EMAIL PROTECTED]>... User unknown Probably some problem with rcpthosts. Apparently mailhost2.pfmc.net's MTA doesn't know that it must accept mail for z100.com. Has it got z100.com in its rcpthosts file? BTW, MX record for z100.com isn't quite proper: $ host -t mx z100.com z100.com MX 20 postal.globix.net z100.com MX 30 mailhost2.pfmc.net !!! z100.com MX host mailhost2.pfmc.net is not canonical z100.com MX 10 mail.z100.com It should be mail-relay.nyc.globix.net instead mailhost2.pfmc.net. Though, I'm not definitely positive about what I've written above as I'm a little mazed with all these postal.pfmc.net, mailhost2.pfmc.net - which one causes the problem. If you write exactly from which host you send a message, to which one it is tried to be delivered, excerpts from bounce message and from logs - I can try to say more. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
Jaye Mathisen wrote/schrieb/scribsit: > I want to deliver to a program, but regardless of whether or not the > program exists, is executable, or accessible, or crashes, or whatever, I > don't want any kind of bounce message returning. It should be sufficient to do an "exit 0" after your program: |/some/flaky/program ; exit 0 Stefan
Title: RE: email postage"Back in the day," most services charged for email by the line. I remember on a few systems (Compuserve being one) they started to let you have the subject line for free. To exploit their generosity, we would type our entire email messages in the subject line. Not very asthetic, but very cheap.
Anyway, the moral of the story is, it used to be a pay-for system and nobody used it. It's free, everyone uses it. If you're gonna charge me for email, why wouldn't I just fax you instead? Even if its long distance, it's still cheap.
> -----Original Message-----
> From: Racer X [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, August 31, 1999 12:38 AM
> To: [EMAIL PROTECTED]
> Subject: email postage
>
>
> I'm wondering if anyone knows of any sort of protocol or
> system built to
> handle "email postage." I'm of the belief that as long as email is an
> essentially free service, people will always find a way to
> abuse it, and I'd
> like to know if there's any sort of work going on in this
> area, research,
> etc.
>
> Before you ask - no, I don't think the USPS has any business
> charging for
> email, nor any other governmental entity. I'm talking about
> doing this on a
> private, per-host basis, with the possibility of peering agreements,
> pay-as-you-go for email transmission, automated exchange of
> payment info,
> etc.
>
> Just bored at work and looking for something to fool around
> with. I've got
> a feeling QMTP could probably do something with this pretty
> easily. I've no
> idea how you'd be able to integrate MUA's.
>
> shag
> =====
> Judd Bourgeois | CNM Network +1 (805) 520-7170
> Software Architect | 1900 Los Angeles Avenue, 2nd Floor
> [EMAIL PROTECTED] | Simi Valley, CA 93065
>
> Quidquid latine dictum sit, altum viditur.
>
>
>
Title: tcpserverWhat is the max connections you can set for tcpserver? Currently we are running about 500, but we are going to turn it up to 1000 today to increase performance. Does tcpserver have any objections to this? Also, perhaps foremost, from a scalability standpoint--will it hit a performance bottleneck and back up?
Cris Daniluk
MicroStrategy
On Wed, Sep 01, 1999 at 09:28:52AM -0400, Daniluk, Cris wrote: > What is the max connections you can set for tcpserver? Currently we > are running about 500, but we are going to turn it up to 1000 today to > increase performance. Does tcpserver have any objections to this? > Also, perhaps foremost, from a scalability standpoint--will it hit a > performance bottleneck and back up? tcpserver shouldn't have any problems, but your OS must be able to cope with 1000 incoming connections, ie. you should have enough file descriptors, memory, etc. -- See complete headers for more info
Jay D. Dyson <[EMAIL PROTECTED]> writes on 31 August 1999 at 19:47:44 -0700 > -----BEGIN PGP SIGNED MESSAGE----- > > On Tue, 31 Aug 1999, Justin Bell wrote: > > > OK, so Mail.com and all it's domains have in their infinite wisdon have > > decided to blacklist me due to the fact that > > http://maps.vix.com/tsi/new-rlytest.cgi?ADDR=iq-ss5.iquest.net > > > > shows my machine as a possible relay, and because my machine processes > > at least 80,000 mailing list recipients per day and they received 472 > > messages in one hour. > > > > Any idea on how to make it look secure? > > That is something of an sore issue for me, too. I've manually > attempted the relay tests that the rlytest script does and none of them > were successful (ones that did appear successful ended in internal bounces > with no relaying performed). However, I think some coding is in order to > make it apparent that Qmail *does* pass the 17-point inspection that the > rlytest script performs. Okay, I just tried the URL given above. Here's what it said about possibly being vulnerable: Relay test 6 >>> RSET <<< 250 flushed >>> MAIL FROM:<[EMAIL PROTECTED]> <<< 250 ok >>> RCPT TO:<[EMAIL PROTECTED]> <<< 250 ok Relay test result Uh oh, host appeared to accept a message for relay. The host may reject this message internally, however What it said is exactly true -- I did accept the message. And the very next line points out that this may not be a problem. If people are actually blacklisting based on this test, of course, they're idiots, and we need to beat them about the head and shoulders. -- David Dyer-Bennet ***NOTE ADDRESS CHANGES*** [EMAIL PROTECTED] http://dd-b.lighthunters.net/ (photos) Minicon: http://www.mnstf.org/minicon http://www.dd-b.net/dd-b (sf) http://ouroboros.demesne.com/ Ouroboros Bookworms Join the 20th century before it's too late!
Sam <[EMAIL PROTECTED]> writes: > The problem is not relay checking per se, but the real problem is that > qmail-smtpd does not check whether the local address is valid, before > accepting the message. Doesn't Postfix also behave in the same way? Seems to me that pretty much any MTA whose port 25 listener is running unprivileged is going to have the same problem unless you want to periodically build a database of valid addresses or require that all information necessary to determine whether a given address is valid be world-readable on the system. -- Russ Allbery ([EMAIL PROTECTED]) <URL:http://www.eyrie.org/~eagle/>
Russ Allbery writes: > Doesn't Postfix also behave in the same way? Seems to me that pretty much > any MTA whose port 25 listener is running unprivileged is going to have > the same problem I don't think so. getpwnam() will tell you if a userid is valid, or not, no matter what userid you're running as. > unless you want to periodically build a database of valid > addresses or require that all information necessary to determine whether a > given address is valid be world-readable on the system. Well, it is: /etc/passwd is world readable. Now, for Qmail, there's also an issue of dot-qmail files. Well, let's say that I've been there and done that, and brought back pictures. These kinds of things are very much possible. At the very least, you can attempt to stat the .qmail file, and return an invalid user if it fails with ENOENT. You can differentiate between that, and EPERM, which you'll get if the home directory is not globally executable. -- Sam
I'm very interested in this issue, specially since we recently started to check request to our mailservers against rbl.maps.vix.com and relays.orbs.org. I've missed that functionality in qmail to reject the user in the first session attempt, and not to mention all the bounces. Please let me know if someone comes up with a patch that implements this functionality. regards ------------------------------------------------------------------- IDG New Media Einar Bordewich System Manager Phone: +47 2205 3034 E-Mail: [EMAIL PROTECTED] ------------------------------------------------------------------- ----- Original Message ----- From: Sam <[EMAIL PROTECTED]> Cc: Qmail List <[EMAIL PROTECTED]> Sent: Wednesday, September 01, 1999 5:47 AM Subject: Re: Mail.com blacklisting > Jay D. Dyson writes: > > > I think the folks at vix.com and abuse.net are *far* from > > "idiots." I'm also currently attempting to acquire the source for the > > new-rlytest.cgi script to perform modifications that will demonstrate that > > Qmail doesn't relay. Even so, I think it would be good for Qmail to > > outright reject such relay hacks. I'd rather have a 553 than a load of > > internal bounces in my logfiles. > > The problem is not relay checking per se, but the real problem is that > qmail-smtpd does not check whether the local address is valid, before > accepting the message. The relay check that gets accepted looks like an > address in the local domain, so the message is accepted. Only afterwards > does Qmail figure out that the local address doesn't exist, and the mail is > bounced. > > > > -- > Sam > >
Sam [mailto:[EMAIL PROTECTED]] wrote: > Russ Allbery writes: > > Doesn't Postfix also behave in the same way? Seems to me that pretty much > > any MTA whose port 25 listener is running unprivileged is going to have > > the same problem > > getpwnam() will tell you if a userid is valid, or not, no matter what > userid you're running as. > > > unless you want to periodically build a database of valid > > addresses or require that all information necessary to determine whether a > > given address is valid be world-readable on the system. > > Well, it is: /etc/passwd is world readable. > > Now, for Qmail, there's also an issue of dot-qmail files. Well, let's say > that I've been there and done that, and brought back pictures. These kinds > of things are very much possible. > > At the very least, you can attempt to stat the .qmail file, and return an > invalid user if it fails with ENOENT. You can differentiate between that, > and EPERM, which you'll get if the home directory is not globally > executable. Sam proposed a way to deal with checking to see if a userid is valid or not and possibly checking for their .qmail file. But how would one deal with: virtual domains ~alias/.qmail-default -> fastforward database ~virtualdomainuser/.qmail-default -> fastforward database You can just do some "simple checking".. there's too much complexity in the way that qmail handles the mail. Yes, you could toss all of this functionality into qmail-smtpd, but then you break down the beautiful boundaries between the different handler programs. The mail.com people have to figure out that they are using an idiot test. Warping qmail into meeting this test would be not possible without destroying qmail, IMO. - David Harris Principal Engineer, DRH Internet Services
We build the virtualuserdomains,locals,rcpthosts and assign file from an Informix SQL database that we authenticate the users against. It's an easy match to generate a list of legal addresses that qmail-smtpd could check against. Anyway I think the database should be build from assign and virtualdomains file, since this is up to date and is the most common solution? or easiest to convert to. In a virtualdomain solution, you have all the data you need to generate a list of legal addresses from these files. The different default entries in the assign file should come up as @somedomain.com in the list allowing any address at that domain "to enter". This because you already have configured qmail to actually deliver mail to any user at that domain, and in that way made [EMAIL PROTECTED] a legal address. ------------------------------------------------------------------- IDG New Media Einar Bordewich System Manager Phone: +47 2205 3034 E-Mail: [EMAIL PROTECTED] ------------------------------------------------------------------- ----- Original Message ----- From: David Harris <[EMAIL PROTECTED]> To: Sam <[EMAIL PROTECTED]> Cc: Qmail List <[EMAIL PROTECTED]> Sent: Wednesday, September 01, 1999 6:54 PM Subject: RE: Mail.com blacklisting > > Sam [mailto:[EMAIL PROTECTED]] wrote: > > Russ Allbery writes: > > > Doesn't Postfix also behave in the same way? Seems to me that pretty much > > > any MTA whose port 25 listener is running unprivileged is going to have > > > the same problem > > > > getpwnam() will tell you if a userid is valid, or not, no matter what > > userid you're running as. > > > > > unless you want to periodically build a database of valid > > > addresses or require that all information necessary to determine whether a > > > given address is valid be world-readable on the system. > > > > Well, it is: /etc/passwd is world readable. > > > > Now, for Qmail, there's also an issue of dot-qmail files. Well, let's say > > that I've been there and done that, and brought back pictures. These kinds > > of things are very much possible. > > > > At the very least, you can attempt to stat the .qmail file, and return an > > invalid user if it fails with ENOENT. You can differentiate between that, > > and EPERM, which you'll get if the home directory is not globally > > executable. > > Sam proposed a way to deal with checking to see if a userid is valid or not and > possibly checking for their .qmail file. But how would one deal with: > > virtual domains > ~alias/.qmail-default -> fastforward database > ~virtualdomainuser/.qmail-default -> fastforward database > > You can just do some "simple checking".. there's too much complexity in the way > that qmail handles the mail. Yes, you could toss all of this functionality into > qmail-smtpd, but then you break down the beautiful boundaries between the > different handler programs. > > The mail.com people have to figure out that they are using an idiot test. > Warping qmail into meeting this test would be not possible without destroying > qmail, IMO. > > - David Harris > Principal Engineer, DRH Internet Services > > >
David Harris writes: > > You can just do some "simple checking".. there's too much complexity in the way > that qmail handles the mail. Yes, you could toss all of this functionality into > qmail-smtpd, but then you break down the beautiful boundaries between the > different handler programs. I tossed about 50 lines of code into qmail-smtpd.c, making it reject unknown local recipients, whether they are real recipients, or aliases, or qmail-users (although I haven't tested that, but it should work because I'm not testing it myself, but I'm linking against the same module qmail-local does to check for that). Of course, if you have an external program that determines the validity of a local address, that's a completely separate issue. And the only reason you DO have an external program for that is because Qmail itself lacks the needed functionality, so you're forced to put it into an external module. "Beautiful boundaries between the different handler programs" sounds nice in principle. In practice, however, sooner or later you reach the point where further modularization adds nothing of value, but increases obfuscation and confusion. -- Sam
-----BEGIN PGP SIGNED MESSAGE----- On Wed, 1 Sep 1999, Sam wrote: > "Beautiful boundaries between the different handler programs" sounds nice > in principle. In practice, however, sooner or later you reach the point > where further modularization adds nothing of value, but increases > obfuscation and confusion. Amen. Scott -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBN82nCB4PLs9vCOqdAQGIRwQAucTkFmbFaQb0600tW7LhGz/0faz+meOp iC4UZVSjKVfEa1eNvQEsnUGMdP2ajXtHX7cDItTtpN7qHkDjdmJeTCrwfbK1rSj0 9Bni8Ut9erme5Ky/qUKwrzDGhFThfEALanBRM/UboGqBgOfFPOtvgb8OGhoyLN0h ysla1Uim1fM= =mbCd -----END PGP SIGNATURE-----
I want to run qmail-pop3d under tcpserver and when i try to fetch mail from qmail-pop3d, i get the message "-ERR unable to scan $HOME/Maildir" can someone tell me, which qmail-user tries to access the Maildir, or what else i could have forgot? Thanks! Philip Jocks Q-Seven Systems
Hey, Anyone know how I could deliver to Cyrus-IMAP using wildcards? Is this the right approach, or is there a better way? ----- /var/qmail/control/virtualdomains: mail.foo.com:mail-foo-com /var/qmail/users/assign: =mail-foo-com-fred:cyrus:100:10:/qmail-cyrus::: . /qmail-cyrus/.qmail: |preline -f /usr/cyrus/bin/deliver -a fred fred ----- Is there any way to exchange "fred" for a user wildcard? Thanks, angus
A friend with some clout contacted mail.com and reports: > They claim that they do not block based on relaytest, but they do refer to it > and some people may mistakenly believe that's the reason. So there you have it. If you're being blocked by Mail.com, it's not because you failed rlytest because of a sendmail-specific test. -- -russ nelson <[EMAIL PROTECTED]> http://russnelson.com Crynwr sells support for free software | PGPok | Government schools are so 521 Pleasant Valley Rd. | +1 315 268 1925 voice | bad that any rank amateur Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | can outdo them. Homeschool!
On Wed, Sep 01, 1999 at 01:22:32PM -0400, Russell Nelson wrote: # A friend with some clout contacted mail.com and reports: # # > They claim that they do not block based on relaytest, but they do refer to it # > and some people may mistakenly believe that's the reason. # # So there you have it. If you're being blocked by Mail.com, it's not # because you failed rlytest because of a sendmail-specific test. # > From: "Mail.com Abuse" <[EMAIL PROTECTED]> > Date: Tue, 31 Aug 1999 22:09:54 -0400 > To: Justin Bell <[EMAIL PROTECTED]> > Subject: Re: blacklisted? > > Justin > > On Thu Jul 15, we received a high volume of traffic from 206.246.140.165 > (iq-ss5.iquest.net). Specifically, we got 472 messages in an hour. If you > check http://maps.vix.com/tsi/new-rlytest.cgi?ADDR=iq-ss5.iquest.net you > will see that this machine is an open relay. We therefore blocked it. If > you secure this machine, we will be glad to unblock it. as can be seen here, no, they did not claim that that is why it was blacklisted, but that the host is an open relay. of course, their own mail servers do not get past test TWO themselves. -- /- [EMAIL PROTECTED] --------------- [EMAIL PROTECTED] -\ |Justin Bell NIC:JB3084| Time and rules are changing. | |Pearson | Attention span is quickening. | |Developer | Welcome to the Information Age. | \-------- http://www.superlibrary.com/people/justin/ ----------/
On Wed, Sep 01, 1999 at 12:44:22PM -0700, Ben Kosse wrote: # > > From: "Mail.com Abuse" <[EMAIL PROTECTED]> # > > Date: Tue, 31 Aug 1999 22:09:54 -0400 # > > To: Justin Bell <[EMAIL PROTECTED]> # > > Subject: Re: blacklisted? # > > # > > Justin # > > # > > On Thu Jul 15, we received a high volume of traffic from # > 206.246.140.165 # > > (iq-ss5.iquest.net). Specifically, we got 472 messages in # > an hour. If you # > > check # > http://maps.vix.com/tsi/new-rlytest.cgi?ADDR=iq-ss5.iquest.net you # > > will see that this machine is an open relay. We therefore # > blocked it. If # > > you secure this machine, we will be glad to unblock it. # > # > as can be seen here, no, they did not claim that that is why it was # > blacklisted, but that the host is an open relay. # > # > of course, their own mail servers do not get past test TWO themselves. # # I'd like to point out that they're saying, based solely on the failure of # test 7, they claim that iq-ss5.iquest.net is an open relay and thus needs # blocking. exactly! If that did not get across the first time, they are blocking my mail server because it fails test 7, of course, I have since added [EMAIL PROTECTED] to the badmailfrom which lets the machine pass all the tests.... Justin -- /- [EMAIL PROTECTED] --------------- [EMAIL PROTECTED] -\ |Justin Bell NIC:JB3084| Time and rules are changing. | |Pearson | Attention span is quickening. | |Developer | Welcome to the Information Age. | \-------- http://www.superlibrary.com/people/justin/ ----------/
It looks to me that many machines running qmail will die on test 6. I tried my personal email server, one I do consulting for, the one at abuse.net, and muncher.math.uic.edu. It looks like all of them fail at Test 6. However when I ran the test on vix's mailer, it passed all the tests. The only reason it passes is that it checks the sender address BEFORE attempting to deliver. I also ran the test on Sendmail.org's server. It passes as well. I have a question though, how valid is testing "[EMAIL PROTECTED]" to see if the address fails/rejected ? The mail server would HAVE to process the % hack. Its NOT necessarily a valid test on all servers. Its only appropriate to test this on servers who HAVE the % hack enabled. Comments ? Matt Soffen > -----Original Message----- > From: Justin Bell [SMTP:[EMAIL PROTECTED]] > Sent: Wednesday, September 01, 1999 4:01 PM > To: Ben Kosse > Cc: [EMAIL PROTECTED] > Subject: Re: The word from Mail.com > > On Wed, Sep 01, 1999 at 12:44:22PM -0700, Ben Kosse wrote: > # > > From: "Mail.com Abuse" <[EMAIL PROTECTED]> > # > > Date: Tue, 31 Aug 1999 22:09:54 -0400 > # > > To: Justin Bell <[EMAIL PROTECTED]> > # > > Subject: Re: blacklisted? > # > > > # > > Justin > # > > > # > > On Thu Jul 15, we received a high volume of traffic from > # > 206.246.140.165 > # > > (iq-ss5.iquest.net). Specifically, we got 472 messages in > # > an hour. If you > # > > check > # > http://maps.vix.com/tsi/new-rlytest.cgi?ADDR=iq-ss5.iquest.net you > # > > will see that this machine is an open relay. We therefore > # > blocked it. If > # > > you secure this machine, we will be glad to unblock it. > # > > # > as can be seen here, no, they did not claim that that is why it > was > # > blacklisted, but that the host is an open relay. > # > > # > of course, their own mail servers do not get past test TWO > themselves. > # > # I'd like to point out that they're saying, based solely on the > failure of > # test 7, they claim that iq-ss5.iquest.net is an open relay and thus > needs > # blocking. > > exactly! If that did not get across the first time, they are blocking > my mail > server because it fails test 7, of course, I have since added > [EMAIL PROTECTED] to the badmailfrom which lets the machine > pass all > the tests.... > > Justin > > -- > /- [EMAIL PROTECTED] --------------- [EMAIL PROTECTED] -\ > |Justin Bell NIC:JB3084| Time and rules are changing. | > |Pearson | Attention span is quickening. | > |Developer | Welcome to the Information Age. | > \-------- http://www.superlibrary.com/people/justin/ ----------/
On Wed, Sep 01, 1999 at 04:49:40PM -0400, Soffen, Matthew wrote: > It looks to me that many machines running qmail will die on test 6. > > I tried my personal email server, one I do consulting for, the one at > abuse.net, and muncher.math.uic.edu. It looks like all of them fail at > Test 6. > > However when I ran the test on vix's mailer, it passed all the tests. > The only reason it passes is that it checks the sender address BEFORE > attempting to deliver. I also ran the test on Sendmail.org's server. > It passes as well. > > I have a question though, how valid is testing > "[EMAIL PROTECTED]" to see if the address > fails/rejected ? > The mail server would HAVE to process the % hack. Its NOT necessarily a > valid test on all servers. Its only appropriate to test this on servers > who HAVE the % hack enabled. > > Comments ? > > Matt Soffen As stated many times before, the only valid proof that a relay test has worked is a delivered message. If the message doesn't get delivered, then the relay test didn't work. Period. --Adam
I know this has been asked before, however I've been unable to find it in the archives. I need to be able to deliver incomming mail for user A to the maildir for both user A and user B. I've tried a few things with the .qmail-A file, and ended up with a few mail loops and undeliverable errors. Anyone able to give the correct syntax for this? Thanks and regards, -- Stephen Comoletti Systems Administrator Delanet, Inc. http://www.delanet.com ph: (302) 326-5800 fax: (302) 326-5802
Hi, I know there are a _bunch_ of mail administrators out there on this list, and we have worked very hard to create secure installations of qmail so that our machines will not be abused for spamming. By blocking a mail server based on a flawed test mail.com poses a threat to the Internet and (eventually) to MY mail server. I propose that we lobby them to change their policy. If YOU are concerned about this, I propose that you read the following form letter and if you agree, cut-and-paste it into your favorite e-mail client and send it off to mail.com. Or, write your own letter if you like. If we can make them realize that people care about this problem, then we have a good change of getting it fixed. ### to: "mail.com abuse helpdesk" <[EMAIL PROTECTED]> cc: "mail.com corporate address" <[EMAIL PROTECTED]> >From reading the qmail discussion list ([EMAIL PROTECTED]) I have heard that you blocked the 206.246.140.165 mail server from sending mail to your system and explained the blocking in the following manner: > From: "Mail.com Abuse" <[EMAIL PROTECTED]> > Date: Tue, 31 Aug 1999 22:09:54 -0400 > To: Justin Bell <[EMAIL PROTECTED]> > Subject: Re: blacklisted? > > Justin > > On Thu Jul 15, we received a high volume of traffic from 206.246.140.165 > (iq-ss5.iquest.net). Specifically, we got 472 messages in an hour. If you > check http://maps.vix.com/tsi/new-rlytest.cgi?ADDR=iq-ss5.iquest.net you > will see that this machine is an open relay. We therefore blocked it. If > you secure this machine, we will be glad to unblock it. I don't have any relation to this particular mail server or its administrator, but I do have a problem with your policy. You have blocked this mail server because you claim that it is an open relay when if fact it is not. Test number seven on the http://maps.vix.com/tsi/new-rlytest.cgi (which you cite as your reason for blocking this mail server) is fatally flawed. It only tests to see if the test message to <relaytest%mail-abuse.org@[x.x.x.x]> is accepted by the mail server. However, mail servers which have separate SMTP listening processes such as Qmail and Postfix will accept e-mails of this sort and bounce them once the delivery process starts delivering the mail. The language of the warning even admits this where it says: "Uh oh, host appeared to accept a message for relay. The host may reject this message internally, however". I have an interest in this matter because I have worked hard to secure my mail server from unauthorized relaying in an effort to be a good steward on the Internet and protect my machine from abuse. Companies like yours that incorrectly assume a mail server is insecure based on a flawed test and block access pose a threat to my business and the internet as a whole. I ask that you review your open-relay evaluation policy and un-block any mail servers that you have incorrectly blocked. YOUR NAME HERE ### - David Harris Principal Engineer, DRH Internet Services
David Harris writes: > > On Thu Jul 15, we received a high volume of traffic from 206.246.140.165 > > (iq-ss5.iquest.net). Specifically, we got 472 messages in an hour. If you > > check http://maps.vix.com/tsi/new-rlytest.cgi?ADDR=iq-ss5.iquest.net you > > will see that this machine is an open relay. We therefore blocked it. If > > you secure this machine, we will be glad to unblock it. Apparently, even though they say this, they don't mean it. From subsequent communications with Mail.com, I have been told that they selected iquest.net strictly on the basis of a high volume of email. In addition, to be helpful, they run rlytest on the host, and tell the administrator if it fails. Since I believe in individual action, not politics, I'm going to write my own relay tester which actually attempts to relay the mail, and reports on whether the relay succeeded or not. This'll take a few days, though, because I'm off to Hershey, PA on a 4-H Teen Council trip with my daughter this evening. -- -russ nelson <[EMAIL PROTECTED]> http://russnelson.com Crynwr sells support for free software | PGPok | Government schools are so 521 Pleasant Valley Rd. | +1 315 268 1925 voice | bad that any rank amateur Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | can outdo them. Homeschool!
David Harris writes: > Test number seven on the http://maps.vix.com/tsi/new-rlytest.cgi (which you > cite as your reason for blocking this mail server) is fatally flawed. So are tests 6, 10, 12, 16, and 17. All of them presume a certain interpretation of the local part of the address -- an interpretation which only sendmail is likely to make. -- -russ nelson <[EMAIL PROTECTED]> http://russnelson.com Crynwr sells support for free software | PGPok | Government schools are so 521 Pleasant Valley Rd. | +1 315 268 1925 voice | bad that any rank amateur Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | can outdo them. Homeschool!
Reading that mail.com thread, I must consider that lots of honnest mail admins get annoyed, and that I still receive a huge number of spams every day. Sometimes, when you put too many security devices in your home, you get more annoyed than possible burglars -- and finally get burgled anyway. The whole mail.com purpose seems paranoid and more and less stupid to me. Just my 2 pence. On Wed, 1 Sep 1999, Russell Nelson wrote: > David Harris writes: > > Test number seven on the http://maps.vix.com/tsi/new-rlytest.cgi (which you > > cite as your reason for blocking this mail server) is fatally flawed. > > So are tests 6, 10, 12, 16, and 17. All of them presume a certain > interpretation of the local part of the address -- an interpretation > which only sendmail is likely to make. > > -- > -russ nelson <[EMAIL PROTECTED]> http://russnelson.com > Crynwr sells support for free software | PGPok | Government schools are so > 521 Pleasant Valley Rd. | +1 315 268 1925 voice | bad that any rank amateur > Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | can outdo them. Homeschool! > > >
On Thu, 2 Sep 1999, Fabrice Scemama wrote: > Reading that mail.com thread, I must consider that lots of honnest > mail admins get annoyed, and that I still receive a huge number of spams > every day. Sometimes, when you put too many security devices in your > home, you get more annoyed than possible burglars -- and finally > get burgled anyway. The whole mail.com purpose seems paranoid and > more and less stupid to me. Just my 2 pence. Unfortunately as far as I see, mail.com is blocking the site not because it is an open relay, but de facto because they have a lot of users who are subscribed to the mailing lists maintained on the blocked site and they received too many messages, and they just cite the test as a justification of their action. And this can even be interpreted to a form of censorship, if we want to be ridiculous. Robert Varga
Filippos Slavik
Part of the SIAMS's implementation development team. For more
information, please check http://www.siams.net
e-mail : [EMAIL PROTECTED]
################################################################
"The software said 'runs on Win95 or better,' so I installed
it on Linux..."
i use the holdremote patch for this and use a little script started by cron look at : qmail holdremote patch
Filippos Slavik wrote:
Hello, I'm searching the archives of the qmail list, but I can't find the correct answer. My problem is the following: I want my smtp server, which delivers my mails through big.isp smtp (** i use /var/qmail/control/smtproutes**), to queue all outgoing messages and try make a smtp connection each n seconds. Offcourse this is the case of lan qmail smtp server connecting to the internet using a dialup connection. In my current setup, qmail-smtp once a message is available for delivery, is trying to connect to the big.isp smtp server. If the ppp connection is not up, qmail-smtp puts the message in the queue for later delivery. When the connection cames up, I issue a ALRM signal to the qmail-send process to reschedule it's outgoing messages for delivery. Althought this approach works for me, it makes me some problems (diald*) -> So I'd like to ask, can I make qmail-send DO NOT try to make a immediate delivery ? Best RegardsFilippos Slavik ################################################################
Filippos Slavik
Part of the SIAMS's implementation development team. For more
information, please check http://www.siams.nete-mail : [EMAIL PROTECTED]
################################################################
"The software said 'runs on Win95 or better,' so I installed
it on Linux..."
On Wed, Sep 01, 1999 at 11:26:35PM +0300, Filippos Slavik wrote: You can also put the value "0" in control/concurrencyremote so that qmail will not do remote deliveries. Then, when your link comes up, delete the control/concurrencyremote file, and kill and restart qmail-sned (using svc is easy). After the deliveries are done, you can echo 0 into the control/concurrenyremote file again, and kill and restart qmail-send. > Hello, I'm searching the archives of the qmail list, but I can't find > the correct answer. My problem is the following: > > I want my smtp server, which delivers my mails through big.isp smtp > (** i use /var/qmail/control/smtproutes**), to queue all outgoing > messages and try make a smtp connection each n seconds. Offcourse this > is the case of lan qmail smtp server connecting to the internet using > a dialup connection. In my current setup, qmail-smtp once a message is > available for delivery, is trying to connect to the big.isp smtp > server. If the ppp connection is not up, qmail-smtp puts the message > in the queue for later delivery. When the connection cames up, I issue > a ALRM signal to the qmail-send process to reschedule it's outgoing > messages for delivery. Althought this approach works for me, it makes > me some problems (diald*) -> So I'd like to ask, can I make > qmail-send DO NOT try to make a immediate delivery ? -- See complete headers for more info
I have already solved my problem, by using the the holdremote patch, as Marco Leeflang pointed me. Anyway, from your mail I see that the /control/concurrencyremote approach is more-less the same thing as the holdremote feature, so since is the same thing why the holdremote patch exists at all ?? Best Regards Filippos Slavik ################################################################ Filippos Slavik Part of the SIAMS's implementation development team. For more information, please check http://www.siams.net e-mail : [EMAIL PROTECTED] ################################################################ "The software said 'runs on Win95 or better,' so I installed it on Linux..." ----- Original Message ----- From: Anand Buddhdev <[EMAIL PROTECTED]> To: Filippos Slavik <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, September 02, 1999 9:52 AM Subject: Re: How to queue messages for later delivery > On Wed, Sep 01, 1999 at 11:26:35PM +0300, Filippos Slavik wrote: > > You can also put the value "0" in control/concurrencyremote so that > qmail will not do remote deliveries. Then, when your link comes up, > delete the control/concurrencyremote file, and kill and restart > qmail-sned (using svc is easy). After the deliveries are done, you can > echo 0 into the control/concurrenyremote file again, and kill and > restart qmail-send. > > > Hello, I'm searching the archives of the qmail list, but I can't find > > the correct answer. My problem is the following: > > > > I want my smtp server, which delivers my mails through big.isp smtp > > (** i use /var/qmail/control/smtproutes**), to queue all outgoing > > messages and try make a smtp connection each n seconds. Offcourse this > > is the case of lan qmail smtp server connecting to the internet using > > a dialup connection. In my current setup, qmail-smtp once a message is > > available for delivery, is trying to connect to the big.isp smtp > > server. If the ppp connection is not up, qmail-smtp puts the message > > in the queue for later delivery. When the connection cames up, I issue > > a ALRM signal to the qmail-send process to reschedule it's outgoing > > messages for delivery. Althought this approach works for me, it makes > > me some problems (diald*) -> So I'd like to ask, can I make > > qmail-send DO NOT try to make a immediate delivery ? > > -- > See complete headers for more info >
On Thu, Sep 02, 1999 at 09:13:21AM +0300, Filippos Slavik wrote: I'm not sure. I do remember that the author of this patch had some sort of objection to the idea of varying the concurrency, so he instead wrote a patch to qmail-send. > I have already solved my problem, by using the the holdremote patch, as > Marco Leeflang pointed me. Anyway, from your mail I see that the > /control/concurrencyremote approach is more-less the same thing as the > holdremote feature, so since is the same thing why the holdremote patch > exists at all ?? -- See complete headers for more info
Since we've discussed hotmail here before as they use qmail for the secure part of their service (the outgoing mail), I just felt that I had to share this utterly stupedious quote from yesterdays Manchester Guardian: "Email sent throught Hotmail differs from most others emails because it is routed through the internet." - Victor Keegan, in "G2", The Manchester Guardian, 1 September 1999, explaining the security flaws in Microsoft's Hotmail service. /magnus -- http://x42.com/ - most useless 1998!
Magnus Bodin writes: > > Since we've discussed hotmail here before as they use qmail for the > secure part of their service (the outgoing mail), I just felt > that I had to share this utterly stupedious quote from yesterdays > Manchester Guardian: > > > "Email sent throught Hotmail differs from most others emails because > it is routed through the internet." > > - Victor Keegan, in "G2", The Manchester Guardian, 1 September 1999, > explaining the security flaws in Microsoft's Hotmail service. Who's he? I'll best he's on Microsoft's payroll. Microsoft has absolutely no clue what Internet is all about. Look what I just found: $ telnet mail.mpsnet.com.mx smtp Trying 200.4.48.14... Connected to mail.mpsnet.com.mx. Escape character is '^]'. 220-mpsnet.com.mx Microsoft SMTP MAIL ready at Wed, 1 Sep 1999 23:59:06 -0500 220 ESMTP spoken here EHLO stupid_server 250-mpsnet.com.mx Hello [207.99.6.104] 250-PIPELINING 250-SIZE 250 8bitmime MAIL FROM:<[EMAIL PROTECTED]> BODY=7BIT 553 Unrecognized command Very funny. You can almost see that '8bitmime' token being put in there as an afterthought, without having the tiniest gram of a clue as to what it's supposed to mean. -- Sam
Hi We have Installed Qmail and configured . It is Working fine. Now we need to Authenticate SMTP connections. How to go about? Is there any way to authenticate using unix password /etc/passwd While I was going through archives I saw SMTP authentication using RADIUS. Please give the details about configuration of Radius. Also I want to know Is there any standard front end for QMAIL.(Web based mail client) Please send us details Thanks [EMAIL PROTECTED] N.Saravanan DSQ Software Limited Chennai INDIA 600 035
