qmail Digest 17 Jan 2000 11:00:00 -0000 Issue 883
Topics (messages 35552 through 35585):
Server Water Sprinkler
35552 by: Mike
35554 by: Mike
35556 by: Sam
35561 by: Jonathan Herbert
35562 by: Strange
35578 by: Mike
35579 by: Sam
Re: Maildir format
35553 by: Claus F�rber
35557 by: Tim Tsai
35558 by: Ruben van der Leij
35559 by: Tim Tsai
35560 by: richard.illuin.org
35564 by: Delanet Administration
35566 by: Russ Allbery
35571 by: Bruce Guenter
35575 by: Ruben van der Leij
35576 by: Bruce Guenter
forwarding to and from inhouse mail host
35555 by: Larry Luser
Coda and Maildir file store
35563 by: Bruce Guenter
35567 by: Russ Allbery
35573 by: Bruce Guenter
Qmail Security
35565 by: David Anso
35568 by: Russell Nelson
35569 by: Mikael Schmidt
35570 by: schinder.leprss.gsfc.nasa.gov
35572 by: Russ Allbery
35574 by: David Anso
QMAILQUEUE Patch for qmail-1.03
35577 by: Juan E Suris
virtual domains with pop?
35580 by: siffert.siff0002.clipper.net
newbie needs install help
35581 by: nexus9
35582 by: Alexander Jernejcic
About concurrencyremote control file
35583 by: �i�I��
problem with pop3 connexion
35584 by: Pierre-Yves DESLANDES
Good patches to apply to new installations?
35585 by: Niall R. Murphy
Administrivia:
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To bug my human owner, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
|
I was wondering if someone could tell me how to
send mail to one outgoing RehHat server, and make that server round robbin to 10
other smtp servers? I mail about 250,000 emails a night, and the
subscriber base is expected to grow 50 fold over the next 6 months and I am
trying to gear up for it. I just want to send 1 email to one server
somehow have it grab the list off of a SQL database on the same server, and
distribute it to the other 10 as load-balanced as possible for delivery.
Any suggestions. I have like 70 different ideas on the whole project, but
cannot think of a way to accomplish this paticular task.
Thank You,
Mike
|
I thought that I would add that I am also wanting
total redundancy, reliability, and scalability. And that I will have 1
maybe 2 DS-3's for bandwidth.
Any help is greatly appreciated. I read past
postings in the archive, but none seemed to meet my goals.
Thank You,
Mike
----- Original Message -----
Sent: Sunday, January 16, 2000 7:02
AM
Subject: Server Water Sprinkler
I was wondering if someone could tell me how to
send mail to one outgoing RehHat server, and make that server round robbin to
10 other smtp servers? I mail about 250,000 emails a night, and the
subscriber base is expected to grow 50 fold over the next 6 months and I am
trying to gear up for it. I just want to send 1 email to one server
somehow have it grab the list off of a SQL database on the same server, and
distribute it to the other 10 as load-balanced as possible for delivery.
Any suggestions. I have like 70 different ideas on the whole project,
but cannot think of a way to accomplish this paticular task.
Thank You,
Mike
|
On Sun, 16 Jan 2000, Mike wrote:
> I was wondering if someone could tell me how to send mail to one
> outgoing RehHat server, and make that server round robbin to 10 other
> smtp servers? I mail about 250,000 emails a night, and the subscriber
> base is expected to grow 50 fold over the next 6 months and I am
> trying to gear up for it. I just want to send 1 email to one server
> somehow have it grab the list off of a SQL database on the same
> server, and distribute it to the other 10 as load-balanced as possible
> for delivery. Any suggestions. I have like 70 different ideas on the
> whole project, but cannot think of a way to accomplish this paticular
> task.
Add an entry on the RedHat server to smtproutes, that points to an
internal DNS record.
Then, initialize your DNS server and put 10 A records for this hostname.
Each individual message will then be sent to a randomly chosen IP address,
one out of 10, balancing the load.
On Sun, Jan 16, 2000 at 07:02:24AM -0700, Mike wrote:
> I was wondering if someone could tell me how to send mail to one outgoing RehHat
>server, and make that server round robbin to 10 other smtp servers? I mail about
>250,000 emails a night, and the subscriber base is expected to grow 50 fold over the
>next 6 months and I am trying to gear up for it. I just want to send 1 email to one
>server somehow have it grab the list off of a SQL database on the same server, and
>distribute it to the other 10 as load-balanced as possible for delivery. Any
>suggestions. I have like 70 different ideas on the whole project, but cannot think
>of a way to accomplish this paticular task.
Foundry Networks has just what you're looking for.
http://www.foundrynet.com. They make layer 4 switches called ServerIrons
that will load balance, do active failover, etc.
A nicer solution than DNS, which is essentially "load sharing". Plus, the
ServerIron will handle failover in the event that one of your real SMTP
servers dies.
Good luck,
Jonathan
On Sun, 16 Jan 2000, Sam wrote:
> On Sun, 16 Jan 2000, Mike wrote:
> > I was wondering if someone could tell me how to send mail to one
> > outgoing RehHat server, and make that server round robbin to 10 other
> > smtp servers? I mail about 250,000 emails a night, and the subscriber
> Add an entry on the RedHat server to smtproutes, that points to an
> internal DNS record.
> Then, initialize your DNS server and put 10 A records for this hostname.
> Each individual message will then be sent to a randomly chosen IP address,
> one out of 10, balancing the load.
Qmail makes this kind of trick exceedingly easy; and unsurprisingly, it
works as it ought. I'd go ahead and try what Sam suggests first.
Then, along the same lines, you can use something like a RadWare Fireproof
load balancer which will have the IP (rather than a DNS name) that you put
in smtproutes set up as the virtual address for your pool of outbound mail
servers.
Advantages are that the RadWare (or BigIP or ServerIron or whatevers) can
load balance based on number of connections, bytes, and even give
different weights to the different targets if they're not all quite the
same strength. They will also automatically pull from the pool a
mailserver that fails or is taken down for repair, and bring it back into
use gradually, rather than slamming it the second it goes live. Many of
these products will also fail over between themselves keeping state and
connections alive -- we've tested this with 500 active connections going
full bear on ftp sessions, twiddling away on telnets, and doing your usual
stateful https-without-crypto stuff (i.e., IM). That's overkill for your
application, of course, since qmail will just retry.
They're not cheap -- a failover-redundant/load-sharing pair of the RadWare
Fireproofs goes for around $12000 in the 2 100Mbit ports each
configuration. They can casually handle a full 100Mbit flow with
rapid-fire connects, and, because qmail normally delivers each message in
a separate connect, and the Fireproofs can load-balance by bytes or by
connections, you can tune the balancing to suit your real-world use.
MIND, it's *Nowhere* near as cheap as the DNS approach, but if you want
seriously configurable load-balancing and ability to shift traffic away
from an offline or failing server...
I'm currently converting a 10,000 seat company's firewall and mail service
from DNS and NAT balancing to failover 4-port Fireproofs on top of a
fault-tolerant switch architecture. Because the software making use of
the mail servers is so diverse, in the past, any one of the servers could
get hammered by one client box machine-gunning connections to one IP in
the list, or by one sending a continuous slew of mail through one
pipeline.
It sounds like your use will be much more consistent (Qmail servers
pushing out mail to second-tier transport agent servers). As a result,
the DNS option will probably work ok. If it doesn't work out because of
oddball load imbalances from happenstance, or somesuch, it will be easy to
switch from the DNS model to the load-balancer model -- configure the
balancers, and edit smtproutes.
-M
Michael Brian Scher (MS683/MS3213) Anthropologist, Attorney, Policy Analyst
Mainlining Internet Connectivity for Fun and Profit
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Give me a compiler and a box to run it, and I can move the mail.
If I set this up in DNS, what would happen if an outgoing server in the
cluster went down? Also how effective would the load balancing be?
Thanks again,
Mike
----- Original Message -----
From: Sam <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Sunday, January 16, 2000 9:00 AM
Subject: Re: Server Water Sprinkler
> On Sun, 16 Jan 2000, Mike wrote:
>
> > I was wondering if someone could tell me how to send mail to one
> > outgoing RehHat server, and make that server round robbin to 10 other
> > smtp servers? I mail about 250,000 emails a night, and the subscriber
> > base is expected to grow 50 fold over the next 6 months and I am
> > trying to gear up for it. I just want to send 1 email to one server
> > somehow have it grab the list off of a SQL database on the same
> > server, and distribute it to the other 10 as load-balanced as possible
> > for delivery. Any suggestions. I have like 70 different ideas on the
> > whole project, but cannot think of a way to accomplish this paticular
> > task.
>
> Add an entry on the RedHat server to smtproutes, that points to an
> internal DNS record.
>
> Then, initialize your DNS server and put 10 A records for this hostname.
> Each individual message will then be sent to a randomly chosen IP address,
> one out of 10, balancing the load.
>
On Sun, 16 Jan 2000, Mike wrote:
> If I set this up in DNS, what would happen if an outgoing server in the
> cluster went down? Also how effective would the load balancing be?
>
> > Add an entry on the RedHat server to smtproutes, that points to an
> > internal DNS record.
> >
> > Then, initialize your DNS server and put 10 A records for this hostname.
> > Each individual message will then be sent to a randomly chosen IP address,
> > one out of 10, balancing the load.
Most deliveries will be unaffected. Simple arithmetic shows that 10% of
the time the message will have the unavailable IP address picked. When the
connection attempt fails, the relay will simply switch to another server.
If the unavailable server is still up, but not running SMTP, the
switchover will be almost instantaneous, because it will refuse the
connection immediately. If the server is completely dead, there will be a
delay of about a minute for the connection to time out.
Note that most TCP/IP stacks will allow you to bind multiple IP addresses
to the same interface. If the server is going to be offline, simply bind
its IP address to one of the other available machines, until you fix the
server.
Of course, that machine will now get twice its regular load, so this
should be simply used as a stopgap measure, and if the server is going to
be down for a prolonged period of time, its IP address should simply be
removed from the DNS record until it's fixed.
Bruce Guenter <[EMAIL PROTECTED]> schrieb/wrote:
> First place to start is to figure out what is actually necessary. In a
> lot of cases, POP3 with a few extensions should be perfectly adequate,
> but it is necessary to know what the needs actually are.
I don't think it's a good idea to overload the POP3, which is a last-
step _delivery_ protocol with mailbox access.
> The needs I am aware of include:
> - the basics of POP3 plus...
No, I'd rather start with IMAP, but leave out:
. the requirement that persistent IDs must be numeric and subsequent
(just use opaque strings instead),
. the very complex syntax,
. response fields that are filled in from header fields (instead pass
the header fields raw to the client),
. the variable hierarchy delimiters (instead, use iURL syntax with %-
encoding).
Some simplicifations and changes:
. Instead of namespaces, have "mailboxes" which then have certain types,
. have special folders labelled with out-of-band data for each mailbox.
I.e., don't have a folder "inbox", but an unnamed folder which has the
function inbox. Same for other commonly used folders such as sent,
templates, unsent, drafts etc. The name of that folder is left to the
UA programmers. So you would have user folders and "special" folders.
Some additional features that would be nice:
. regexp search, search for message id.
. server-side filering (optional)
. sending of email (yes!)
. Storage of metadata such as user name etc.
--
Claus Andre Faerber <http://www.faerber.muc.de>
PGP: ID=1024/527CADCD FP=12 20 49 F3 E1 04 9E 9E 25 56 69 A5 C6 A0 C9 DC
What do you guys do for backup's? Do you put two NIC cards in each
server and maintain a separate network for that?
Thanks, from a guy that's about to take that big plunge into a scalable
mail design.
Tim
On Sun, Jan 16, 2000 at 02:56:59AM -0800, Tracy R Reed wrote:
> On Sat, Jan 15, 2000 at 09:41:48AM -0600, Tim Tsai wrote:
> > Russ, what is your definition of a "large" installation? 10k, 100k, 1m
> > users? Just exactly how many lighter-weight servers is practical to
> > manage and upkeep before it's cheaper to buy NetApp's?
>
> As someone who has purchased and maintained a lot of NetApp hardware over the
> last year let me tell you that NetApp is heinously expensive. The head unit
> alone usually goes for around $50k. Then add disks. We have since ditched the
> NetApp solution and re-architected things to use clusters of PC's. We are much
> happier with the cost effectiveness and the reliability. Of course we aren't
> using them for mail but I can think of ways to distribute a large mail load on
> cheap PC's.
On Sun, Jan 16, 2000 at 10:35:09AM -0600, Tim Tsai wrote:
> What do you guys do for backup's? Do you put two NIC cards in each
> server and maintain a separate network for that?
Do you have *a lot* of pc-hardware around? What failed, last time? And
before that?
In my experience power-supplies, drives and memory (in that order) are most
prone to failure. The only dead NIC's or switches I've seen were after a
direct hit by lightning took out a major part of the leased line of a
client.
If you're allready in the habit of buying decent NIC's and switches, I would
worry more about power-supplies and drives, than about network-failures.
A dual NIC-machine looks silly with a burnt out power-supply. :)
--
Ruben
> > What do you guys do for backup's? Do you put two NIC cards in each
> > server and maintain a separate network for that?
>
> Do you have *a lot* of pc-hardware around? What failed, last time? And
> before that?
No, that wasn't why I asked. The main reason for two NIC's is to keep
the backup traffic separated from the regular traffic. Obviously with
NetApp (and other centralized storage) backup is simpler.
Tim
On Sat, 15 Jan 2000, Bruce Guenter wrote:
> On Sat, Jan 15, 2000 at 01:20:05AM -0500, Russell Nelson wrote:
> > What about asynchronous commands and
> > notifications? I'd nuke 'em, myself.
>
> Which of course begs the question about what kinds of events are really
> necessary for a mailbox access protocol. In my admitedly simplistic
> view, I can only think of a "new mail" event.
>
> > As far as I'm concerned,
> > asynchronous notifications can be performed using UDP. No reason to
> > tie up a TCP connection.
>
> Agreed, except for the unreliability of UDP.
in addition, there is no way for the sending application to know if the
receiving application is still running, or even that the same user is sat
at the same machine. Think of a student lab where one has students
rebooting machines instead of closing all applications. By the time one
has put the necessary security information into the protocol one might as
well have used TCP. OTOH using a separate TCP connection to the machine
for events coming from the server makes more sense than embedding them in
the command channel. UDP for user-level-applications has to be a carefully
made decision with more than just a simplistic approach
>
> > And even if you didn't mind doing that, then
> > events of interest could be reported using a prompt which conveyed the
> > same information as "You have a pending event". So you'd either be
> > executing a command, or else you'd be running the "wait for event"
> > command.
>
> Or polling, which the server is likely to have to do anyways to retrieve
> the events.
polling is bad, if only becuse it leads to:
- keeping a TCP connection open (network bandwidth)
- keeping a server process alive (memory, OS resources)
- delays notificiation by (polling interval)/2 in most cases
- waste resources when there is no email.
IMHO if one is going to design a new mail retreival protocol then what is
requireed is something which runs on a single TCP connection is
authenticated securely, and requires the client to register the type of
things it wants to know about then then lets the server send them at its
own rate.
> > > Asynchronous is a total botch. If you want multitasking,
> > then open up another TCP connection.
>
> This leads me to question if it would be a good idea to look at the FTP
> model of opening up a secondary channel (with the option of opening more
> than just one) that transfers exactly one message before closing,
> leaving the initial connection available for command data?
no, this is bad, one looses the adaptive flow control (slow start, etc)
which having only the one connection is worth. What is much better is
including the size explicitly of the transfer at the beginning of the
message and storing messages in network-byte order. then the receiving
application knows the next 4567 bytes (say) are the message, and doesn't
mess with it until it is written to disk. At which point it might choose
to convert it into a local mailbox format. Sending applications are
simplified and there is much less chnagce of the message being damaged in
transit.
RjL
==================================================================
You know that. I know that. But when || Austin, Texas
you talk to a monkey you have to || Email: [EMAIL PROTECTED]
grunt and wave your arms -ck ||
We decided against NetApp for the same reasons, and went with Metastor. Performance
is great, easy to upgrade, and it fit our needs for a reasonable price vs using
seperate file stores for each mail server. I'm sure there are other brands out
there of similar price/performance (we spent maybe 15k for 36gig raid 5, 3 hot
drives, 1 hot spare, and 6 empty slots for new)
For backups I have tape connected to a seperate scsi channel on the NFS server
which has the raid box.
--
Stephen Comoletti
Systems Administrator
Delanet, Inc. http://www.delanet.com
ph: (302) 326-5800 fax: (302) 326-5802
Tim Tsai wrote:
> What do you guys do for backup's? Do you put two NIC cards in each
> server and maintain a separate network for that?
>
> Thanks, from a guy that's about to take that big plunge into a scalable
> mail design.
>
> Tim
>
> On Sun, Jan 16, 2000 at 02:56:59AM -0800, Tracy R Reed wrote:
> > On Sat, Jan 15, 2000 at 09:41:48AM -0600, Tim Tsai wrote:
> > > Russ, what is your definition of a "large" installation? 10k, 100k, 1m
> > > users? Just exactly how many lighter-weight servers is practical to
> > > manage and upkeep before it's cheaper to buy NetApp's?
> >
> > As someone who has purchased and maintained a lot of NetApp hardware over the
> > last year let me tell you that NetApp is heinously expensive. The head unit
> > alone usually goes for around $50k. Then add disks. We have since ditched the
> > NetApp solution and re-architected things to use clusters of PC's. We are much
> > happier with the cost effectiveness and the reliability. Of course we aren't
> > using them for mail but I can think of ways to distribute a large mail load on
> > cheap PC's.
Ruben van der Leij <[EMAIL PROTECTED]> writes:
> On Sun, Jan 16, 2000 at 10:35:09AM -0600, Tim Tsai wrote:
>> What do you guys do for backup's? Do you put two NIC cards in each
>> server and maintain a separate network for that?
We just back up over the same network as we do everything else, early in
the morning. It's a 100Mb fiber trunk, and normal traffic doesn't come
anywhere close to saturating it. Bear in mind that pretty much all of our
users are local and on direct Ethernet connections to the rest of the
campus network, so bandwidth generally isn't much of a concern. Disk
speed is our limiting factor.
> Do you have *a lot* of pc-hardware around? What failed, last time? And
> before that?
> In my experience power-supplies, drives and memory (in that order) are
> most prone to failure. The only dead NIC's or switches I've seen were
> after a direct hit by lightning took out a major part of the leased line
> of a client.
Add in CPU fans as more likely to fail than anything else. PC
manufacturers don't use decent CPU fans. If you use non-PC hardware, you
much more rarely have that problem, but the hardware's a lot more
expensive.
--
Russ Allbery ([EMAIL PROTECTED]) <URL:http://www.eyrie.org/~eagle/>
On Sun, Jan 16, 2000 at 02:09:00PM +0100, Claus F�rber wrote:
> Bruce Guenter <[EMAIL PROTECTED]> schrieb/wrote:
> > First place to start is to figure out what is actually necessary. In a
> > lot of cases, POP3 with a few extensions should be perfectly adequate,
> > but it is necessary to know what the needs actually are.
>
> I don't think it's a good idea to overload the POP3, which is a last-
> step _delivery_ protocol with mailbox access.
I'm thinking in a conceptual sense -- ignore the syntax and everything
else and consider what it provides: a method of listing the contents of
a mailbox (by unique ID), seeing what's new, and transferring the mail
from a single mailbox to a client. No frills. However, more is
necessary. The biggest being that the system should be designed to keep
the mail on the server rather than assuming it should be downloaded.
> No, I'd rather start with IMAP, but leave out:
>
> . the requirement that persistent IDs must be numeric and subsequent
> (just use opaque strings instead),
> . the very complex syntax,
> . response fields that are filled in from header fields (instead pass
> the header fields raw to the client),
Agreed. In otherwords, simplification of the requirements on the
server (and in part, the client).
> . the variable hierarchy delimiters (instead, use iURL syntax with %-
> encoding).
Forgive my ignorance, but how is an "iURL" different from an "URL"?
> Some simplicifations and changes:
>
> . have special folders labelled with out-of-band data for each mailbox.
> I.e., don't have a folder "inbox", but an unnamed folder which has the
> function inbox. Same for other commonly used folders such as sent,
> templates, unsent, drafts etc. The name of that folder is left to the
> UA programmers. So you would have user folders and "special" folders.
Too many special cases. That's not a simplification at all. The
simplification is no special cases for mailbox access. The incoming
mail (for cooperation with other programs) could be the unnamed mailbox,
or a mailbox with a 0-length name.
> Some additional features that would be nice:
>
> . server-side filering (optional)
This seems to be a delivery issue rather than a content retrieval issue.
Besides, the client could examine the headers, and move the mail into a
different folder.
> . Storage of metadata such as user name etc.
Standardized storage of configuration data seems to be a definite
requirement. It should be flexable enough to allow client
implementations to put what they'd like there as well.
--
Bruce Guenter <[EMAIL PROTECTED]> http://em.ca/~bruceg/
On Sun, Jan 16, 2000 at 01:12:39PM -0800, Russ Allbery wrote:
> campus network, so bandwidth generally isn't much of a concern. Disk
> speed is our limiting factor.
Not many people are able to sustain something in the order of 35mbit of
incoming mail. Even that leaves the same bandwidth for backups, and 3 or 4
Megabyte a second means you have an expensive tapedrive.
> Add in CPU fans as more likely to fail than anything else. PC
> manufacturers don't use decent CPU fans. If you use non-PC hardware, you
> much more rarely have that problem, but the hardware's a lot more
> expensive.
We use a 19"-case, which by itself has enough airflow to keep the CPU
running, albeith hot, and we use a decent ball-bearing fan. Preventive
fan-replacement is a prudent step, nevertheless.
I was amazed to see a more or less equal fan inside a netapp, mounted on top
of the CPU. Judging by the amount of noise a netapp makes (in the same
ballpark as a jet-fighter :) it's more an extra precaution than a real
requirement.
--
Ruben
On Sun, Jan 16, 2000 at 05:47:50PM +0000, [EMAIL PROTECTED] wrote:
> > > And even if you didn't mind doing that, then
> > > events of interest could be reported using a prompt which conveyed the
> > > same information as "You have a pending event". So you'd either be
> > > executing a command, or else you'd be running the "wait for event"
> > > command.
> >
> > Or polling, which the server is likely to have to do anyways to retrieve
> > the events.
> polling is bad, if only becuse it leads to:
> - keeping a TCP connection open (network bandwidth)
> - keeping a server process alive (memory, OS resources)
But the methodology described above does exactly this. The question
was, poll the server explicitly, or have the server poll and send
notifications, both over an open channel.
Inactive open connections do not cause significant bandwidth loss, and
server processes should be simple enough to reduce memory pressure.
--
Bruce Guenter <[EMAIL PROTECTED]> http://em.ca/~bruceg/
I'd like my firewall to forward all mail except about 5 addresses (postmaster, root,
etc.) to an inhouse mail host.
All user addresses are managed there so the firewall should simply check whether the
recipient address is in a given list and if not forward the mail using the same local
part of the address. How can I do this?
I should relay all outgoing mail thru the firewall. Is it easier?
----
Email, Calendar, Tones and Icons to your mobile! http://www.iobox.com/
Greetings.
Does anybody have any experience with using the Coda distributed
filesystem with maildir file storage?
I am in a situation where we want to have a pair of mail servers such
that if any one dies, the other can take its place, complete with its
contents. Distributing mail to two servers simultaneously is not a big
deal, but ensuring that those two servers maintain their file store in
sync is. This seems to be an ideal application of Coda, but I'd like to
know if anybody else has had experience with it.
Thanks.
--
Bruce Guenter <[EMAIL PROTECTED]> http://em.ca/~bruceg/
Bruce Guenter <[EMAIL PROTECTED]> writes:
> I am in a situation where we want to have a pair of mail servers such
> that if any one dies, the other can take its place, complete with its
> contents. Distributing mail to two servers simultaneously is not a big
> deal, but ensuring that those two servers maintain their file store in
> sync is. This seems to be an ideal application of Coda, but I'd like to
> know if anybody else has had experience with it.
Coda is similar in principle to AFS, correct? I have no experience with
Coda, but quite a few of us who use AFS have at one point or another tried
to deliver mail into AFS. I believe nearly everyone who was doing that
has now given up on it as being far, far too slow.
--
Russ Allbery ([EMAIL PROTECTED]) <URL:http://www.eyrie.org/~eagle/>
On Sun, Jan 16, 2000 at 01:15:11PM -0800, Russ Allbery wrote:
> Coda is similar in principle to AFS, correct? I have no experience with
> Coda, but quite a few of us who use AFS have at one point or another tried
> to deliver mail into AFS. I believe nearly everyone who was doing that
> has now given up on it as being far, far too slow.
Yes, Coda is similar in principle to AFS, and I had heard the same
concerns raised regarding AFS. My question is specific to Coda, which
purports to be, at least nominally, improved.
--
Bruce Guenter <[EMAIL PROTECTED]> http://em.ca/~bruceg/
I was reading the FAQ that came with qmail and noticed the following:
"Security note: pop3d should be used only within a secure network otherwise
an eavesdropper can steal passwords."
I am looking to move my qmail server out onto the big wide internet, so
should I be using another pop or imap service which is more secure? Any
suggestions?
Regards
David Anso
Network Administrator (daveland.co.nz)
Email: [EMAIL PROTECTED]
David Anso writes:
> I was reading the FAQ that came with qmail and noticed the following:
>
> "Security note: pop3d should be used only within a secure network otherwise
> an eavesdropper can steal passwords."
>
> I am looking to move my qmail server out onto the big wide internet, so
> should I be using another pop or imap service which is more secure? Any
> suggestions?
It's not qmail-pop3d that is insecure. It is the pop3 service itself,
unless you use apop authentication.
--
-russ nelson <[EMAIL PROTECTED]> http://russnelson.com
Crynwr sells support for free software | PGPok | "Ask not what your country
521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | do for you..." -Perry M.
At 22:18 16/01/00 , you wrote:
>David Anso writes:
> > I was reading the FAQ that came with qmail and noticed the following:
> >
> > "Security note: pop3d should be used only within a secure network
> otherwise
> > an eavesdropper can steal passwords."
> >
> > I am looking to move my qmail server out onto the big wide internet, so
> > should I be using another pop or imap service which is more secure? Any
> > suggestions?
>
>It's not qmail-pop3d that is insecure. It is the pop3 service itself,
>unless you use apop authentication.
have qmail-pop3d support for the apop authentication feature?
>--
>-russ nelson <[EMAIL PROTECTED]> http://russnelson.com
>Crynwr sells support for free software | PGPok | "Ask not what your country
>521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to
>Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | do for you..." -Perry M.
Mikael Schmidt <[EMAIL PROTECTED]>
http://teddybear.itsec.nu "When you dream, there are no rules....
Certified Linux Administrator People can fly, anything can happen..."
watata tuoijombade dikombe - Astral Projection
On Sun, Jan 16, 2000 at 10:31:56PM +0100, Mikael Schmidt wrote:
} At 22:18 16/01/00 , you wrote:
} >David Anso writes:
} > > I was reading the FAQ that came with qmail and noticed the following:
} > >
} > > "Security note: pop3d should be used only within a secure network
} > otherwise
} > > an eavesdropper can steal passwords."
} > >
} > > I am looking to move my qmail server out onto the big wide internet, so
} > > should I be using another pop or imap service which is more secure? Any
} > > suggestions?
} >
} >It's not qmail-pop3d that is insecure. It is the pop3 service itself,
} >unless you use apop authentication.
}
} have qmail-pop3d support for the apop authentication feature?
There's a checkpassword replacement by Shinya Ohira that does APOP. I
use it, and it works fine. You can find it at www.qmail.org.
}
} >--
} >-russ nelson <[EMAIL PROTECTED]> http://russnelson.com
} >Crynwr sells support for free software | PGPok | "Ask not what your country
} >521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to
} >Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | do for you..." -Perry M.
}
} Mikael Schmidt <[EMAIL PROTECTED]>
} http://teddybear.itsec.nu "When you dream, there are no rules....
} Certified Linux Administrator People can fly, anything can happen..."
} watata tuoijombade dikombe - Astral Projection
}
--
--------
Paul J. Schinder
NASA Goddard Space Flight Center
[EMAIL PROTECTED]
Russell Nelson <[EMAIL PROTECTED]> writes:
> It's not qmail-pop3d that is insecure. It is the pop3 service itself,
> unless you use apop authentication.
Unless you use some other authentication or some type of transport-level
security. APOP still has other issues (it makes some strong assumptions
about the security of the server). We use Kerberos, for example, and I
know other folks tunnel POP through ssh or use SSL.
Tunneling is nice if you can do it, since you can set it up fairly
transparently. But PCs and Macs generally can't handle tunneling that
well.
--
Russ Allbery ([EMAIL PROTECTED]) <URL:http://www.eyrie.org/~eagle/>
Do you know how I can setup apop authentication, and how it affects clients?
Regards
David Anso
Network Administrator (daveland.co.nz)
Email: [EMAIL PROTECTED]
Ph: 07 870 3955
----- Original Message -----
From: Russell Nelson <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, January 17, 2000 10:18 AM
Subject: Re: Qmail Security
> David Anso writes:
> > I was reading the FAQ that came with qmail and noticed the following:
> >
> > "Security note: pop3d should be used only within a secure network
otherwise
> > an eavesdropper can steal passwords."
> >
> > I am looking to move my qmail server out onto the big wide internet, so
> > should I be using another pop or imap service which is more secure?
Any
> > suggestions?
>
> It's not qmail-pop3d that is insecure. It is the pop3 service itself,
> unless you use apop authentication.
>
> --
> -russ nelson <[EMAIL PROTECTED]> http://russnelson.com
> Crynwr sells support for free software | PGPok | "Ask not what your
country
> 521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people
to
> Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | do for you..." -Perry
M.
>
I am interested in implementing this patch, but I am not sure how to do it.
I am thinking of writing a wrapper around qmail-queue that reads the message
and envelope, does all the necessary changes and forwards it to qmail-queue.
What I don't know how to do is how to setup my wrapper to talk to
qmail-queue after exec'ing it.
Thanks,
Juan
Bruce Guenter wrote 25 Jan 1999:
Greetings.
Appended is a patch to qmail-1.03 that causes any program that would run
qmail-queue to look for an environment variable QMAILQUEUE. If it is
present, it is used in place of the string "bin/qmail-queue" when running
qmail-queue. This could be used, for example, to add a program into the
qmail-smtpd->qmail-queue pipeline that could do filtering, rewrite broken
headers, etc. (this is my planned usage for it).
This has undergone virtually no testing, but it looks so simple that it
almost has to be correct. No warranties, etc. Note that the chdir to
/var/qmail is always done before exec'ing the program.
Does this look like a reasonable thing to do?
--
Bruce Guenter, QCC Communications Corp. EMail: [EMAIL PROTECTED]
Phone: (306)249-0220 WWW: http://www.qcc.sk.ca/~bguenter/
I've got a couple of virtual domains I'll be wanting to control
from my same user directory.
[EMAIL PROTECTED] will be in /home/siffert/Maildir1 (maildir format)
(controlled by .qmail-domain1-default)
[EMAIL PROTECTED] will be in /home/siffert/Maildir2 (maildir format)
(controlled by .qmail-domain2-default)
Can I interact with both of these through qmail-pop3d, even though
they are in the same user directory? I think that would entail the
popserver looking up the location of my Maildirs in my dot-qmail
files, depending on which user of which domain has just logged in.
Much the same way that qmail-local does. Or is qmail pop limited
in this regard? I was hoping to avoid having to set up different
accounts for all the different domains I control. How can I make
this work?
please cc [EMAIL PROTECTED] as I'm not certain my subscription
request went through.
Thanks much,
Curt
|
Greetings. I'm attempting to install/configure
qmail on a solaris 2.6 box. Box is multi-homed with primary interface connected
to the 'net via a cable modem, secondary interface on the 192.168.x.x private
network. Primary address is (for all intents and purposes) static.
I've downloaded the qmail source, and went
through steps 1-8 in the INSTALL document. For various reasons, I chose 'mbox'
so that mail is sent to /var/mail - /var/qmail/rc contains a line: qmail-start
'mbox' splogger qmail
I start qmail with "csh -cf '/var/qmail/rc
&'". Things seem to start with no complaints. Here my problems start -
I run "echo to: nex9 | /var/qmail/bin/qmail-inject". nex9 is a valid
local account. No mail is sent, and the following messages appear in
/var/log/syslog. (www.mattzone.com is a
valid dns cname and points to the same IP address as
d135-12.smfrct.optonline.net). The machine knows itself as www.mattzone.com, although config picked up
the optonline hostname. Just for kicks, I made sure both were in the
/var/qmail/control and rcpthosts files, but I get the same errors with or
without them. Any idea what I've done wrong and how I can get things working?
Thanks in advance!
|
IMHO the delivery-command in /var/qmail/rc schould not be ' mbox' but
./Mailbox
but its only read from the INSTALL.vsm. i use ./Maildir on a
linux-box.
hope that helps
alexander
--
Alexander Jernejcic, E-Mail: [EMAIL PROTECTED]
IntelliNet EDV-Dienstleistungsges.m.b.H., Mariahilferstra�e 103, 1060
Wien
Tel.: 595 23 88, Fax: 595 23 90
http://www.intellinet.at
Ein Unternehmen der IGEL-Gruppe: http://www.igel.at
Urspr�ngliche Nachricht vom 1/17/00, 5:59:50 AM
Autor: "nexus9" <[EMAIL PROTECTED]>
Thema: newbie needs install help
Greetings. I'm attempting to install/configure qmail on a solaris 2.6
box. Box is multi-homed with primary interface connected to the 'net
via a cable modem, secondary interface on the 192.168.x.x private
network. Primary address is (for all intents and purposes) static.
I've downloaded the qmail source, and went through steps 1-8 in the
INSTALL document. For various reasons, I chose 'mbox' so that mail is
sent to /var/mail - /var/qmail/rc contains a line: qmail-start 'mbox'
splogger qmail
I start qmail with "csh -cf '/var/qmail/rc &'". Things seem to start
with no complaints. Here my problems start - I run "echo to: nex9 |
/var/qmail/bin/qmail-inject". nex9 is a valid local account. No mail
is sent, and the following messages appear in /var/log/syslog.
(www.mattzone.com is a valid dns cname and points to the same IP
address as d135-12.smfrct.optonline.net). The machine knows itself as
www.mattzone.com, although config picked up the optonline hostname.
Just for kicks, I made sure both were in the /var/qmail/control and
rcpthosts files, but I get the same errors with or without them. Any
idea what I've done wrong and how I can get things working? Thanks in
advance!
Jan 17 00:20:23 www.mattzone.com qmail: 948086423.975086 status: local
0/10 remote 0/20
Jan 17 00:20:35 www.mattzone.com qmail: 948086435.702191 new msg
221020
Jan 17 00:20:35 www.mattzone.com qmail: 948086435.716218 info msg
221020: bytes 246 from <[EMAIL PROTECTED]> qp 461 uid 0
Jan 17 00:20:35 www.mattzone.com qmail: 948086435.831700 starting
delivery 1: msg 221020 to local [EMAIL PROTECTED]
Jan 17 00:20:35 www.mattzone.com qmail: 948086435.842907 status: local
1/10 remote 0/20
Jan 17 00:20:36 www.mattzone.com qmail: 948086436.292561 new msg
221021
Jan 17 00:20:36 www.mattzone.com qmail: 948086436.305564 info msg
221021: bytes 363 from <[EMAIL PROTECTED]> qp 464 uid
100
Jan 17 00:20:36 www.mattzone.com qmail: 948086436.403626 starting
delivery 2: msg 221021 to local [EMAIL PROTECTED]
Jan 17 00:20:36 www.mattzone.com qmail: 948086436.414855 status: local
2/10 remote 0/20
Jan 17 00:20:36 www.mattzone.com qmail: 948086436.473093 delivery 1:
success: did_0+1+0/qp_464/
Jan 17 00:20:36 www.mattzone.com qmail: 948086436.501891 status: local
1/10 remote 0/20
Jan 17 00:20:36 www.mattzone.com qmail: 948086436.513107 end msg
221020
Jan 17 00:20:36 www.mattzone.com qmail: 948086436.705896 delivery 2:
failure: Sorry,_no_mailbox_here_by_that_name._(#5.1.1)/
Jan 17 00:20:36 www.mattzone.com qmail: 948086436.751937 status: local
0/10 remote 0/20
Jan 17 00:20:36 www.mattzone.com qmail: 948086436.969697 bounce msg
221021 qp 467
Jan 17 00:20:36 www.mattzone.com qmail: 948086436.988667 end msg
221021
Jan 17 00:20:37 www.mattzone.com qmail: 948086437.070830 new msg
221020
Jan 17 00:20:37 www.mattzone.com qmail: 948086437.082937 info msg
221020: bytes 971 from <> qp 467 uid 109
Jan 17 00:20:37 www.mattzone.com qmail: 948086437.191816 starting
delivery 3: msg 221020 to local [EMAIL PROTECTED]
Jan 17 00:20:37 www.mattzone.com qmail: 948086437.203598 status: local
1/10 remote 0/20
Jan 17 00:20:37 www.mattzone.com qmail: 948086437.652929 new msg
221021
Jan 17 00:20:37 www.mattzone.com qmail: 948086437.665601 info msg
221021: bytes 1086 from <> qp 470 uid 103
Jan 17 00:20:37 www.mattzone.com qmail: 948086437.764468 starting
delivery 4: msg 221021 to local [EMAIL PROTECTED]
Jan 17 00:20:37 www.mattzone.com qmail: 948086437.775556 status: local
2/10 remote 0/20
Jan 17 00:20:37 www.mattzone.com qmail: 948086437.784600 delivery 3:
success: did_0+1+0/qp_470/
Jan 17 00:20:37 www.mattzone.com qmail: 948086437.813290 status: local
1/10 remote 0/20
Jan 17 00:20:37 www.mattzone.com qmail: 948086437.823190 end msg
221020
Jan 17 00:20:38 www.mattzone.com qmail: 948086438.075824 delivery 4:
failure: Sorry,_no_mailbox_here_by_that_name._(#5.1.1)/
Jan 17 00:20:38 www.mattzone.com qmail: 948086438.121843 status: local
0/10 remote 0/20
Jan 17 00:20:38 www.mattzone.com qmail: 948086438.338637 bounce msg
221021 qp 473
Jan 17 00:20:38 www.mattzone.com qmail: 948086438.357973 end msg
221021
Jan 17 00:20:38 www.mattzone.com qmail: 948086438.448274 new msg
221020
Jan 17 00:20:38 www.mattzone.com qmail: 948086438.461466 info msg
221020: bytes 1597 from <#@[]> qp 473 uid 109
Jan 17 00:20:38 www.mattzone.com qmail: 948086438.569558 starting
delivery 5: msg 221020 to local
[EMAIL PROTECTED]
Jan 17 00:20:38 www.mattzone.com qmail: 948086438.580933 status: local
1/10 remote 0/20
Jan 17 00:20:39 www.mattzone.com qmail: 948086439.022219 new msg
221021
Jan 17 00:20:39 www.mattzone.com qmail: 948086439.034966 info msg
221021: bytes 1718 from <#@[]> qp 476 uid 103
Jan 17 00:20:39 www.mattzone.com qmail: 948086439.131500 delivery 5:
success: did_0+1+0/qp_476/
Jan 17 00:20:39 www.mattzone.com qmail: 948086439.165537 status: local
0/10 remote 0/20
Jan 17 00:20:39 www.mattzone.com qmail: 948086439.176841 starting
delivery 6: msg 221021 to local [EMAIL PROTECTED]
Jan 17 00:20:39 www.mattzone.com qmail: 948086439.187926 status: local
1/10 remote 0/20
Jan 17 00:20:39 www.mattzone.com qmail: 948086439.198534 end msg
221020
Jan 17 00:20:39 www.mattzone.com qmail: 948086439.491392 delivery 6:
failure: Sorry,_no_mailbox_here_by_that_name._(#5.1.1)/
Jan 17 00:20:39 www.mattzone.com qmail: 948086439.532129 status: local
0/10 remote 0/20
Jan 17 00:20:39 www.mattzone.com qmail: 948086439.542613 triple
bounce: discarding bounce/221021
Jan 17 00:20:39 www.mattzone.com qmail: 948086439.569623 end msg
221021
Deal all:
I would like to provide qmail's SMTP service to our user for outgoing
mail.Our SMTP server's hardware:CPU PII450
RAM 256M,OS:FreeBSD 3.4�CI would like to have maxmius throughput performance
and stabile system.How can i set the control file-concurrencyremote and
concurrencylocal.
Tony Chang
System Engineer
Information Technology Division
Hoshin Gigamedia Center Inc
|
Hi I have a big problem,
I installed sendmail on a mail server and i wanted
to have qmail, so i uninstalled sendmail and install qmail.
I've installed the rpm version of
qmail-1.03+patches-7 with the pop3 and smtp modules.
1. when i check my mailbox with pine, it works but
i can only read it in read-only mode, why ???
2. when i check too my mailbox from a windows
client, i can receive but with imap and in read-only mode too.
3. when i check my mailbox from a windows client,
with pop3 protocol, i have an error : can't get lock.
messages from my /var/log/maillog are
:
Jan 14 17:22:46 postman pop3d: 947866966.173698
tcpserver: fatal: unable to bind : address already used
Jan 14 17:22:48 postman qmail: 947866968.026429
warning: trouble opening local/5/10562; will try again later
If you could explain me what can be
wrong,
Thanks a lot (excuse me for my
english),
Pierre-Yves Deslandes
|
Hi folks,
I'm wondering if there's a recommended list of patches that should be
applied to any new qmail installation. I have unpacked Bruces' RPM
and looked at the patch list there, and from those it seems as if
the following should be applied to any installation:
big-dns
big-todo
bind-interface
and possibly
conredirect
queuevar
showctl
bounce [limit bounce size]
tls
and syncdir for Linux systems.
Anyone know if these might make their way into an intermediate
release of qmail, before 2.0 ?
Thanks,
Niall
--
Niall Richard Murphy: System Operator, Ireland On-Line
--
They said, "You have a blue guitar / You do not play things as they are."
The man replied, "Things as they are / Are changed upon the blue guitar."
---Wallace Stevens
