qmail Digest 17 Jun 2000 10:00:00 -0000 Issue 1035
Topics (messages 43203 through 43241):
Re: Help on qmail-qstat
43203 by: System Administrator
43204 by: Steffan Hoeke
43205 by: System Administrator
secondry mail server setup
43206 by: mandarine
43211 by: Chris Johnson
Re: MX and POP3 on 2 machines
43207 by: Michael T. Babcock
Re: [PATCH] Transparent maildir compression.
43208 by: Michael T. Babcock
43209 by: jedi.claranet.fr
43210 by: John P. Looney (Kate)
Limiting SMTP connections
43212 by: Michael T. Babcock
43214 by: mandarine
tcprules script
43213 by: Michael T. Babcock
43215 by: Michael T. Babcock
43224 by: Kevin Bucknum
Re: Large Mail Cluster Questions
43216 by: DGranath.aol.com
43217 by: markd.bushwire.net
43220 by: Steve Wolfe
43222 by: DGranath.aol.com
43226 by: markd.bushwire.net
Interesting disclosure of domains subscribed to qmail list
43218 by: markd.bushwire.net
43233 by: Markus Stumpf
43241 by: Claus F�rber
ucspi-ipc is now available
43219 by: William E. Baxter
Problems downloading via POP3
43221 by: Andy Grimberg
NT / Qmail interoperation
43223 by: Jackson, Robert
43225 by: markd.bushwire.net
Re: Password problems:
43227 by: Z
43231 by: Chris Johnson
Help with startup Script
43228 by: J�rgen Hoffmann
Ascii art summary
43229 by: Alan Chandler
43230 by: Chris Johnson
Re: mailbox dir
43232 by: Markus Stumpf
Blocking a specific address
43234 by: Bolivar Diaz Galarza
43235 by: Troy Frericks
43236 by: Markus Stumpf
43237 by: Markus Stumpf
43238 by: Bolivar Diaz Galarza
43239 by: Johan Almqvist
queue internals...
43240 by: Ben Beuchler
Administrivia:
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To bug my human owner, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
Hi dave
thanks for your help.
but i have a problem now. i.e. there is no file with that name in the
control directory. just by creating that file, help ?
please let me know as soon as possible.
regards,
On Thu, 15 Jun 2000, Dave Kelly wrote:
> If you have messages in the queue that are 4-5 days old, chances are
> probably good that they are messages that can't be delivered for one reason
> or another. After a week, they should clear themselves out by bouncing to
> postmaster with a message stating why the were undeliverable.
>
> You can change how long stuff remains in the queue by putting the number of
> seconds you want in /var/qmail/control/queuelifetime. The default is
> 604800, which is one week.
>
> -D
Parag Mehta <[EMAIL PROTECTED]>
System Administrator.
Puretech Internet Pvt. Ltd. http://puretech.co.in/
77 Atlanta. Nariman Point.
Mumbai - 400021. India. Tel: +91-22-2833158
============================================================
Support is now available thru our Web Based Support System.
http://support.puretech.co.in
============================================================
On Fri, Jun 16, 2000 at 07:02:55PM +0530, System Administrator wrote:
> Hi dave
>
> thanks for your help.
>
> but i have a problem now. i.e. there is no file with that name in the
> control directory. just by creating that file, help ?
>
> please let me know as soon as possible.
If the file isn't there it defaults to the mentioned 604800, i.e. one week.
If you create the file with a lower value in it, that's the value that will be used.
> regards,
HTH,
Steffan
> On Thu, 15 Jun 2000, Dave Kelly wrote:
>
> > If you have messages in the queue that are 4-5 days old, chances are
> > probably good that they are messages that can't be delivered for one reason
> > or another. After a week, they should clear themselves out by bouncing to
> > postmaster with a message stating why the were undeliverable.
> >
> > You can change how long stuff remains in the queue by putting the number of
> > seconds you want in /var/qmail/control/queuelifetime. The default is
> > 604800, which is one week.
> >
> > -D
>
--
http://therookie.dyndns.org
Hi steffan
thanks for your prompt reply. i will do the necessary.
On Fri, 16 Jun 2000, Steffan Hoeke wrote:
> On Fri, Jun 16, 2000 at 07:02:55PM +0530, System Administrator wrote:
> > please let me know as soon as possible.
> If the file isn't there it defaults to the mentioned 604800, i.e. one week.
> If you create the file with a lower value in it, that's the value that will be used.
>
>
> > regards,
> HTH,
> Steffan
>
Parag Mehta <[EMAIL PROTECTED]>
System Administrator.
Puretech Internet Pvt. Ltd. http://puretech.co.in/
77 Atlanta. Nariman Point.
Mumbai - 400021. India. Tel: +91-22-2833158
============================================================
Support is now available thru our Web Based Support System.
http://support.puretech.co.in
============================================================
Hi there
What is the best way to setup qmail as a secondary mail server for a domain name, ie
something.com has 2 MX records, second MX points to a mail server running qmail.
I need qmail to act as a fallback server, if the first (also qmail :) goes down or si
busy. Whats the best way of doing this so that fallback will accept email and forward
everything to a pop server.
Also, whats the best way to tweak both servers so that the server one has a nice
threashold, and the fallback handles anything above that threashold of incoming mail.
thanks for any help
nicholas
--== Sent via Deja.com http://www.deja.com/ ==--
Before you buy.
On Fri, Jun 16, 2000 at 07:10:52AM -0700, mandarine wrote:
> What is the best way to setup qmail as a secondary mail server for a domain
> name, ie something.com has 2 MX records, second MX points to a mail server
> running qmail. I need qmail to act as a fallback server, if the first (also
> qmail :) goes down or si busy. Whats the best way of doing this so that
> fallback will accept email and forward everything to a pop server.
On the secondary server, put the domains for which you want to receive mail in
rcpthosts, but not in locals or virtualdomains. That's it!
> Also, whats the best way to tweak both servers so that the server one has a
> nice threashold, and the fallback handles anything above that threashold of
> incoming mail.
If you're using tcpserver to run qmail-smtpd, you can use the -c option to
limit the number of incoming connections.
Chris
I'm going to try using a mini-qmail install as per the 'what about
firewalls' section of that page.
> I'm wondering what facilities exist for distributing some of the Qmail
> work across two machines in the following way:
>
> 'mx.ourdomain' accepts connections from the outside world and handles
> receiving mail for all hosted virtual domains.
> 'mstore.ourdomain' receives all the messages from 'mx' that are for the
> virtual domains and stores them for POP3 or IMAP retrieval.
> 'mx.ourdomain' is also the SMTP box for sending messages out to the
> Internet.
--
_____/~-=##=-~\_____
-=+0+=-< Michael T. Babcock >-=+0+=-
~~~~~\_-=##=-_/~~~~~
http://www.linuxsupportline.com/~pgp/ ICQ: 4835018
This would probably be most useful on machines with more CPU than drive
space. Mind you, drive space does tend to be cheaper these days than CPU
time.
I'd be interested in stats on storage difference of 1000 E-mails with and
without the patch, as well as CPU time used with and without. I doubt anyone
has time right now ... but.
Jedi/Sector One wrote:
Here is an experimental patch against Qmail 1.03.
> Messages will be saved in Maildir spools as gzip files, and the POP3
> server uncompresses them on-the-fly.
> It may save a lot of hard disk space (especially on ReiserFS
> partitions with tails) and does not change anything to the POP3 nor SMTP
> protocols.
--
_____/~-=##=-~\_____
-=+0+=-< Michael T. Babcock >-=+0+=-
~~~~~\_-=##=-_/~~~~~
http://www.linuxsupportline.com/~pgp/ ICQ: 4835018
Michael T. Babcock �crit:
> This would probably be most useful on machines with more CPU than drive
> space. Mind you, drive space does tend to be cheaper these days than CPU
> time.
It depends on your email traffic. A small company usually has a single
box for web/ftp/mail/fax/dns and no more than 20 mails per hour. Nobody
will notice the compression CPU overhead, but more disk space will be
available.
And yes, disks are cheap these days, but RAID makes them expensive.
Best regards.
On Fri, Jun 16, 2000 at 02:55:56PM +0000, [EMAIL PROTECTED] mentioned:
> Michael T. Babcock �crit:
> > This would probably be most useful on machines with more CPU than drive
> > space. Mind you, drive space does tend to be cheaper these days than CPU
> > time.
>
> It depends on your email traffic. A small company usually has a single
> box for web/ftp/mail/fax/dns and no more than 20 mails per hour.
> Nobody will notice the compression CPU overhead, but more disk space
> will be available.
> And yes, disks are cheap these days, but RAID makes them expensive.
And it makes a lot of sense if some of your salesmen have 40MB doc files
or powerpoint presentations in their mailboxes every so often.
Kate
--
The words of the unwary are apt to cause needless pain and bloody violence.
- Zen Master Greg
For those who know the SMTP protocol better than I:
If I limit my incoming SMTP connections on a box to something small, say
5, what does happens to further incomings; are they simply ignored, or
NAK'd, or what? And on what % of servers out there will this mean that
the message bounces entirely instead of being retried? Thanks.
Side question: is there some way to get the stats (out of qmailanalog,
etc.) as to how many simultaneous connections were happening on the
various services at various times?
IE:
peak usage: 48 simultaneous connections +/- 3 between 3 and 6 PM
... type of information.
--
_____/~-=##=-~\_____
-=+0+=-< Michael T. Babcock >-=+0+=-
~~~~~\_-=##=-_/~~~~~
http://www.linuxsupportline.com/~pgp/ ICQ: 4835018
the MTA connecting will fail and retry in which ever way it is configured, after
having tried other IN MX on the domain.
nicholas
--
On Fri, 16 Jun 2000 11:19:27 Michael T. Babcock wrote:
>For those who know the SMTP protocol better than I:
>
>If I limit my incoming SMTP connections on a box to something small, say
>5, what does happens to further incomings; are they simply ignored, or
>NAK'd, or what? And on what % of servers out there will this mean that
>the message bounces entirely instead of being retried? Thanks.
>
>Side question: is there some way to get the stats (out of qmailanalog,
>etc.) as to how many simultaneous connections were happening on the
>various services at various times?
>
>IE:
>peak usage: 48 simultaneous connections +/- 3 between 3 and 6 PM
> ... type of information.
>
>--
> _____/~-=##=-~\_____
> -=+0+=-< Michael T. Babcock >-=+0+=-
> ~~~~~\_-=##=-_/~~~~~
>http://www.linuxsupportline.com/~pgp/ ICQ: 4835018
>
>
>
>
--== Sent via Deja.com http://www.deja.com/ ==--
Before you buy.
Does anyone have a quick script to check if a given tcprules file is
newer than the .cdb version and generate the new one if it is? I'm not
a big shell-script person.
In other words, I'll write it in C if I have to ...
--
_____/~-=##=-~\_____
-=+0+=-< Michael T. Babcock >-=+0+=-
~~~~~\_-=##=-_/~~~~~
http://www.linuxsupportline.com/~pgp/ ICQ: 4835018
I need to quit answering myself ...
http://www.linuxsupportline.com/~pgp/linux/newer-0.1.tar.gz
Returns 1 if first file is newer, 2 if second is newer, 0 if neither is.
(I don't know if anyone else wanted this, but ...)
"Michael T. Babcock" wrote:
> Does anyone have a quick script to check if a given tcprules file is
> newer than the .cdb version and generate the new one if it is? I'm not
> a big shell-script person.
>
> In other words, I'll write it in C if I have to ...
--
_____/~-=##=-~\_____
-=+0+=-< Michael T. Babcock >-=+0+=-
~~~~~\_-=##=-_/~~~~~
http://www.linuxsupportline.com/~pgp/ ICQ: 4835018
test also works with the newer than parm
if test file1 -nt file2; then
do something
fi
man test for all the options
-----Original Message-----
From: mbabcock [mailto:mbabcock]On Behalf Of Michael T. Babcock
Sent: Friday, June 16, 2000 11:04 AM
To: qmail list
Subject: Re: tcprules script
I need to quit answering myself ...
http://www.linuxsupportline.com/~pgp/linux/newer-0.1.tar.gz
Returns 1 if first file is newer, 2 if second is newer, 0 if neither is.
(I don't know if anyone else wanted this, but ...)
"Michael T. Babcock" wrote:
> Does anyone have a quick script to check if a given tcprules file is
> newer than the .cdb version and generate the new one if it is? I'm not
> a big shell-script person.
>
> In other words, I'll write it in C if I have to ...
--
_____/~-=##=-~\_____
-=+0+=-< Michael T. Babcock >-=+0+=-
~~~~~\_-=##=-_/~~~~~
http://www.linuxsupportline.com/~pgp/ ICQ: 4835018
I have to grow the system from a capability of 250K
msg/day up to as much as 2.5M/day. I have to add
virus detection, spam filters, and seperation for
an encryption trunk. I'm assuming as many as five boxes
in the cluster - I will have the baseline system
online while I do this and then use the baseline as
a backup when I switch over.
I'm using a home built K7/AMD system because it's half
the price of the of the shelf and I've built a couple
of dozen - and tested them - so far so good...
As far as the 250Kmsg/day estimate per/box - I'm not
sure what going to happen once I turn on the virus
detection and spam filtering. I'd like to test it
before I go online with it also...
>ummm... if you're only doing 250k external messages
>one box should suffice.
On 15 Jun [EMAIL PROTECTED] said:
: I'm setting up a large mail cluster and I'm trying to
: hook up with other people who have done this. I need
: advice on how to cluster boxes for about 250K external
: msg/day. I'm using 750MHz AMD boxes I need an idea
: how many I need - including a backup capability.
: I've only done single server units before and I need
: to find out if there are different firewall configurations that I should
examine...
On Fri, Jun 16, 2000 at 04:13:18PM +0000, [EMAIL PROTECTED] wrote:
> I have to grow the system from a capability of 250K
> msg/day up to as much as 2.5M/day. I have to add
> virus detection, spam filters, and seperation for
> an encryption trunk. I'm assuming as many as five boxes
> in the cluster - I will have the baseline system
> online while I do this and then use the baseline as
> a backup when I switch over.
>
> I'm using a home built K7/AMD system because it's half
> the price of the of the shelf and I've built a couple
> of dozen - and tested them - so far so good...
>
> As far as the 250Kmsg/day estimate per/box - I'm not
> sure what going to happen once I turn on the virus
> detection and spam filtering. I'd like to test it
> before I go online with it also...
You might want to consider a two-staged mail system
where the front/visible ones run your spam filtering
and virus scanning and then forward to your
backend systems that deliver to users mailboxes.
Real virus scanning can be quite a resource intensive
process as it has to crack open attachments, untar and
unzip files searching for nested archives and so on.
Consequently you may find that the system requirements
for a front-end/virus/spam scanner are significantly
different from a backend, mail delivery system.
Regards.
> I have to grow the system from a capability of 250K
> msg/day up to as much as 2.5M/day. I have to add
> virus detection, spam filters, and seperation for
> an encryption trunk. I'm assuming as many as five boxes
> in the cluster - I will have the baseline system
> online while I do this and then use the baseline as
> a backup when I switch over.
I'd guess that in this case, virus scanning may be the crippler. At 2.5
million per day, that's an *average* of 6 per second per machine to scan
and deliver. Accounting for peak traffic periods, each machine could
conceivably have to scan 30-60 messages per second to keep up with traffic.
Depending on the virus scanner, that may (or may not) happen.
You may want to consider dual-processor boards. It's much cheaper to
build the box with BP6 motherboards and dual celerons than to put together
two single-CPU machines. That way, you could at least have two virus
scanning processes going in parallel.
steve
The original estimate was that this would be evenly
split 50/50 in/out. But I don't believe this. Our
marketing/sales guys are really pushing the volume up on the outbound side. And new
services will be added...
I don't think I'll get real numbers
until it's too late. I'm looking for a scalable solution - but part of the scaling has
to be able
to allow me to adapt to a change quickly if I have
to.
If the numbers slide more toward outbound what kind
of configuration change would I need???
>What is the estimated mail volume incoming? And how >much outgoing?
>You say 250K up to 2.5M, but if that's all incoming, >you need to
>do one thing; if it's all outgoing, there's another >set of issues.
On Fri, Jun 16, 2000 at 07:07:51PM +0000, [EMAIL PROTECTED] wrote:
> The original estimate was that this would be evenly
> split 50/50 in/out. But I don't believe this. Our
> marketing/sales guys are really pushing the volume up on the outbound side. And new
>services will be added...
> I don't think I'll get real numbers
> until it's too late. I'm looking for a scalable solution - but part of the scaling
>has to be able
> to allow me to adapt to a change quickly if I have
> to.
>
> If the numbers slide more toward outbound what kind
> of configuration change would I need???
Kida hard to tell as it depends on how the outbound is submitted. But in
general, a remote email consumes less system resources than a local email
delivery.
Regards.
I know, I know, posting to both lists? But, tinydns made this
easy and qmail is the list in question, so...
I was just watching the tinydns logs when I mailed a message to
the qmail mailing list.
All of a sudden the query rate on my reply-address domain shot up as
the log tail slid across the screen. It occurred to me that a lot of
those queries are probably doing reverse lookups or anti-spam
checks ensuring a valid reply domain.
The reason I'm pointing this out is that I find it interesting
that it indirectly exposes some domains which are likely to be
subscribed to the list.
Regards.
[EMAIL PROTECTED] deleted from recipients.
On Fri, Jun 16, 2000 at 09:34:43AM -0700, [EMAIL PROTECTED] wrote:
> I know, I know, posting to both lists? But, tinydns made this
> easy and qmail is the list in question, so...
> The reason I'm pointing this out is that I find it interesting
> that it indirectly exposes some domains which are likely to be
> subscribed to the list.
Nope, not necessarily domains but mailservers handling mail traffic for
users in domains subscribed to the list.
But nevertheless these mail servers are IMHO broken.
As ezmlm replaces the original Sender information with e.g.
[EMAIL PROTECTED]
the only domain that should get DNS queries on rcpt of the message
should be list.cr.yp.to to verify a valid bounce host and probably
the host serving the RDNS space of the mailserver sending out the list
mails.
Checking the content of the From: field for a valid address is IMHO
paranoid and even as a SPAM check it will have too many false positives ;-)
\Maex
--
SpaceNet GmbH | http://www.Space.Net/ | Stress is when you wake
Research & Development | mailto:[EMAIL PROTECTED] | up screaming and you
Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0 | realize you haven't
D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
<[EMAIL PROTECTED]> schrieb/wrote:
> All of a sudden the query rate on my reply-address domain shot up as
> the log tail slid across the screen. It occurred to me that a lot of
> those queries are probably doing reverse lookups or anti-spam
> checks ensuring a valid reply domain.
Actually, that should not happen at all. As soon as the message reaches
the list, its return path is changed to a qmail list bounce address.
Other MTAs should only check _this_ address, so you should not get any
queries at all.
Claus
--
http://www.faerber.muc.de
The message below went to [EMAIL PROTECTED] yesterday. A number of
people I expected to see it evidently did not. Please pardon the
scattershot approach.
W.
----
The ucspi-ipc-0.50 package is now available. Please see the ucspi-ipc
home page:
http://www.superscript.com/ucspi-ipc/intro.html
ucspi-ipc is an UCSPI protocol for the local domain. It requires an
implementation of getpeereid() to allow servers to obtain the
credentials of clients that request connections. It includes tools
similar to those in ucspi-tcp: ipcserver, ipcrules, ipcrulescheck, and
ipcclient. Documentation is available via the ucspi-ipc home page.
The current ucspi-ipc package includes implementations of getpeereid() for:
* Linux kernels that support SO_PEERCRED with getsockopt().
* OpenBSD 2.6 with experimental extensions. I'll make the kernel
modifications available as soon as possible.
There is a mailing list for discussion of ucspi-ipc and other UCSPI
protocols:
[EMAIL PROTECTED]
In a remarkable and amusing coincidence, Bruce Guenter released his
ucspi-unix only yesterday. See
http://em.ca/~bruceg/ucspi-unix/
While ucspi-unix and ucspi-ipc are similar in concept, the
implementations are completely different. For example, ucspi-ipc is a
djblib-based project; that is, it borrows heavily from actual DJB
source code.
Evidently, Bruce and I duplicated one another's efforts to some
degree. If you have registered or implemented an UCSPI protocol,
please share the protocol description with the ucspi mailing list.
The description for ucspi-ipc appears below.
W.
----
IPC UCSPI protocol definition
Copyright 2000
SuperScript Technology, Inc. [EMAIL PROTECTED]
This document defines the IPC protocol for UCSPI-1996 tools. An IPC
client communicates with a IPC server on the same machine through a
local-domain stream socket. The descriptors passed to an UCSPI
application are copies of that socket, dup()ed from a single connect()
or accept().
[address] consists of one argument: [path].
A [path] is a file name associated with a local-domain socket.
The server sets up the following environment variables:
PROTO: the string IPC
IPCLOCALPATH: the local path identifying the local-domain socket
IPCREMOTEPATH: the remote path identifying the local-domain socket
IPCREMOTEEUID: the remote effective user id
IPCREMOTEEGID: the remote effective group id
The client sets up the following environment variables:
PROTO: the string IPC
IPCLOCALPATH: the local path identifying the local-domain socket
I just recently setup a qmail server with vpopmail as the virtual
domain / pop manager. I'm encountering a problem though.
Users with "large" messages >10K are having problems retrieving their
messages. The clients start pulling the messages but get stuck and
eventually timeout on these messages. I've checked tcpdump and I don't
seem to be getting any activety from the server to the clients or
clients to the server once they hit the messages.
here's my pop3d supervise startup:
#!/bin/sh
service=pop3d
.. /usr/lib/qmail/run-functions
uid="`id -u vpopmail`"
gid="`id -g vpopmail`"
hostname="`hostname`"
readdefault concurrency concurrencypop3d 20
readdefault checkpass checkpassword checkpassword
do_ulimits
exec tcpserver -u "$uid" -g "$gid" -c "$concurrency" -v -Hl -t5 -R -X \
-D -x /etc/tcpcontrol/pop3.cdb 0 pop-3 \
/var/qmail/bin/qmail-popup "$hostname" \
$checkpass \
qmail-pop3d Maildir/
This gives me a proccess executing as this:
tcpserver -u 510 -g 502 -c 40 -v -Hl -t5 -R -X -D -x
/etc/tcpcontrol/pop3.cdb 0 pop-3 /var/qmail/bin/qmail-popup mailbot
/home/vpopmail/bin/vchkpw qmail-pop3d Maildir
Any ideas what the solution is?
Thanks,
-Andy-
--
Andrew�J.�Grimberg
Programmer
WebSuite.com
206-988-2233
Currently, we receive our incoming mail via NT Exchange server. We do not
currently use our IBM RS6000 for any internet email purposes (ie, I am in
unfamiliar territory with this project).
Since our core business applications exist on the IBM system, I would like
to develop the application that would form the email message, shell to AIX,
and invoke Qmail which would then send the email to NT Exchange server. My
reasons for this routing are: 1) There are security concerns governed by
the network department over which I have no responsibility; 2) I don't want
any email messages coming back to the RS6000. 3) Since I cannot influence
the security policies, I want to transmit the email to a trusted source
(Exchange) and let that source deal with the firewall, security issues, etc.
Therefore, the RS6000 will only be sending email to the NT Exchange server.
Hopefully, then, the NT Exchange server will then send out the email
appropriately.
I imagine someone is doing this and would appreciate constructive input. If
you've got an installation similar to this and would like to correspond
"offlist", please feel free to email me directly. Thanks.
--robert
[EMAIL PROTECTED]
This is pretty trivial to do. All you need is a standard qmail
install with a single entry in /var/qmail/control/smtproutes which
points to your exchange server.
That way all mail submitted to qmail will be forward via smtp to
your exchange server.
You may want to set concurrencyremote downwards to make
life a little smoother for the NT server.
Regards.
On Fri, Jun 16, 2000 at 01:59:42PM -0500, Jackson, Robert wrote:
> Currently, we receive our incoming mail via NT Exchange server. We do not
> currently use our IBM RS6000 for any internet email purposes (ie, I am in
> unfamiliar territory with this project).
>
> Since our core business applications exist on the IBM system, I would like
> to develop the application that would form the email message, shell to AIX,
> and invoke Qmail which would then send the email to NT Exchange server. My
> reasons for this routing are: 1) There are security concerns governed by
> the network department over which I have no responsibility; 2) I don't want
> any email messages coming back to the RS6000. 3) Since I cannot influence
> the security policies, I want to transmit the email to a trusted source
> (Exchange) and let that source deal with the firewall, security issues, etc.
> Therefore, the RS6000 will only be sending email to the NT Exchange server.
> Hopefully, then, the NT Exchange server will then send out the email
> appropriately.
>
> I imagine someone is doing this and would appreciate constructive input. If
> you've got an installation similar to this and would like to correspond
> "offlist", please feel free to email me directly. Thanks.
>
> --robert
> [EMAIL PROTECTED]
>
well, what i decided to do was switch to qpopper and use the
--enable-home-dir-mail=Mailbox and it worked fine.
now one thing that i don't understand is the rcpthosts file.
it seems like it would be a file that would decide who gets to use
qmail as the SMTP server, but when i try to send a message to somewhere
like freak.net, it tells me that the address is not in the rcpthosts
file. so is this to say where you can send to? do they have something
for address that can use the SMTP server? are they one in the same?
i put '.net' in the rcpthosts file and it sent fine.
thanks,
Z
On Thu, 15 Jun 2000, Chris Johnson wrote:
> On Thu, Jun 15, 2000 at 04:50:37PM -0500, Z wrote:
> > From what I've heard many MUA's don't handle the maildir
> > very easily.
>
> MUAs like mutt, and I believe recent versions of Pine (and if not there are
> patches to make Pine understand maildirs), handle maildirs just fine. Clients
> that use POP to retrieve mail don't know or care what kind of storage you're
> using.
>
> > the exact error message i'm getting is:
> >
> > -ERR this user has no $HOME/Maildir
> >
> > and i can't even have the pop server find it even if i create Maildir.
>
> You'd have to create a maildir called "Mailbox," given the tcpserver invocation
> from your previous message.
>
> > i think i'm going to switch over to qpopper or ipop3d to fix the problem
> > unless someone has another suggestion.
>
> If you don't use maildir delivery, you'll have to use another POP3 server,
> since qmail-pop3d handles only maildirs.
>
> Chris
>
On Fri, Jun 16, 2000 at 03:33:20PM -0500, Z wrote:
> well, what i decided to do was switch to qpopper and use the
> --enable-home-dir-mail=Mailbox and it worked fine.
>
> now one thing that i don't understand is the rcpthosts file.
> it seems like it would be a file that would decide who gets to use
> qmail as the SMTP server, but when i try to send a message to somewhere
> like freak.net, it tells me that the address is not in the rcpthosts
> file. so is this to say where you can send to? do they have something
> for address that can use the SMTP server? are they one in the same?
> i put '.net' in the rcpthosts file and it sent fine.
Don't do that. Read http://www.palomine.net/qmail/relaying.html and
http://www.palomine.net/qmail/selectiverelay.html instead.
Chris
Hi everyone,
first I am new to qmail and I am using qmail with vpopmail and mysql
support. I have several questions: Using the startup-scripts from
www.inter7.com plus the startup scripts from My Life with qmail (of course I
have adjusted the scripts from life with qmail to the needs of vpopmail as
suggested by the authors) leads into an endless loop of
tcpserver fatal error: unable to bind address
messages. Where is my mistake? Scripts are posted at the end of the mail...
Question 2:
How does vpopmail put the mail? If there are no user accounts right? if you
want to have ./Maildir/ support do you have to setup homedirs for every
popaccount? what about dups?
Question 3:
Is there a qmail-pop3d hack out there which supports ./Mailbox formats and
vchkpw?
now to my scripts...
/sbin/init.d/qmail...
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
case "$1" in
start)
echo -n "Starting qmail: svscan"
cd /var/qmail/supervise
env - PATH="$PATH" svscan &
echo $! > /var/run/svscan.pid
echo "."
;;
stop)
echo -n "Stopping qmail: svscan"
kill cat /var/run/svscan.pid echo -n " qmail"
svc -dx /var/qmail/supervise/*
echo -n " logging"
svc -dx /var/qmail/supervise/*/log
echo "."
;;
stat)
cd /var/qmail/supervise
svstat * */log
;;
doqueue|alrm)
echo "Sending ALRM signal to qmail-send."
svc -a /var/qmail/supervise/qmail-send
;;
queue)
qmail-qstat
qmail-qread
;;
reload|hup)
echo "Sending HUP signal to qmail-send."
svc -h /var/qmail/supervise/qmail-send
;;
pause)
echo "Pausing qmail-send"
svc -p /var/qmail/supervise/qmail-send
echo "Pausing qmail-smtpd"
svc -p /var/qmail/supervise/qmail-smtpd
;;
cont)
echo "Continuing qmail-send"
svc -c /var/qmail/supervise/qmail-send
echo "Continuing qmail-smtpd"
svc -c /var/qmail/supervise/qmail-smtpd
;;
restart)
echo "Restarting qmail:"
echo "* Stopping qmail-smtpd."
svc -d /var/qmail/supervise/qmail-smtpd
echo "* Sending qmail-send SIGTERM and restarting."
svc -t /var/qmail/supervise/qmail-send
echo "* Restarting qmail-smtpd."
svc -u /var/qmail/supervise/qmail-smtpd
;;
cdb)
tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
chmod 644 /etc/tcp.smtp*
echo "Reloaded /etc/tcp.smtp."
;;
help)
cat <<HELP
stop -- stops mail service (smtp connections refused, nothing goes out)
start -- starts mail service (smtp connection accepted, mail can go out)
pause -- temporarily stops mail service (connections accepted, nothing
leaves)
cont -- continues paused mail service
stat -- displays status of mail service
cdb -- rebuild the tcpserver cdb file for smtp
restart -- stops and restarts smtp, sends qmail-send a TERM & restarts it
doqueue -- sends qmail-send ALRM, scheduling queued messages for delivery
reload -- sends qmail-send HUP, rereading locals and virtualdomains
queue -- shows status of queue
alrm -- same as doqueue
hup -- same as reload
HELP
;;
*)
echo "Usage: $0
{start|stop|restart|doqueue|reload|stat|pause|cont|cdb|queue|help}"
exit 1
;;
esac
exit 0
-----
/var/qmail/rc...
#!/bin/sh
exec env - PATH="/var/qmail/bin:$PATH" \
qmail-start ./Maildir/
-----
/var/qmail/supervise/qmail-send/run ... and log/run ...
#!/bin/sh
exec /var/qmail/rc
#!/bin/sh
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t
/var/log/qmail
-----
/var/qmail/supervise/qmail-smtpd/run ... and log/run ...
#!/bin/sh
#QMAILDUID= d -u qmaild NOFILESGID= d -g qmaild exec
#/usr/local/bin/softlimit -m 2000000 \
# /usr/local/bin/tcpserver -v -p -x /etc/tcp.smtp.cdb \
# -u $QMAILDUID -g $NOFILESGID 0 smtp /var/qmail/bin/qmail-smtpd 2>&1
env - PATH="/var/qmail/bin:/usr/local/bin" \
tcpserver -H -R -x /etc/tcp.smtp.cdb -c20 -u 507 -g101 0 smtp \
/var/qmail/bin/qmail-smtpd 2>&1 > /dev/null &
#!/bin/sh
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t
/var/log/qmail/smtpd
-----
/var/qmail/supervise/qmail-pop3d/run ... and log/run ...
#!/bin/sh
env - PATH="/var/qmail/bin:/usr/local/bin" \
tcpserver 0 pop3 /var/qmail/bin/qmail-popup mail.byteaction.de \
/var/qmail/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir &
#!/bin/sh
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t
/var/log/qmail/pop3d
-----
Any Help from the pros is highly appreciated
kind regards
Juergen Hoffmann
I am new to this list having just about set up qmail on a home network
linux server for the first time. I spent hours over a number of days
pouring through the documentation and the qmail.org web site looking
for help - and whilst I think I now have a picture NOWHERE could I
find a summary of what all the control files did and in what order so
that I could actually get qmail do what I wanted it to. There were
plenty of simple guides if you wanted to set it up one particular way,
but none of them were quite how I wanted it.
Eventually, in order to understand I drew a flow chart, see below, to
try and help my understand the process. Somewhat nervously I post it
here (nervous because netiquette normally dictates that you lurk for
while - I just was so desparate for this info that I felt it was worth
the risk of making a complete plonker of myself) for two purposes.
1) To get verification that what I have summised is correct, AND
2) If we can get it correct to plead for someone to put it in a
prominent place (like off www.qmail.org ) so that newcomers who come
after me have a model to work with.
----------------------------------------------------------------------
'me' can be used as default for a number of files
do a 'man qmail-control' to get a list
user = login account on system
mail is being sent to [EMAIL PROTECTED] and can enter in two ways
qmail-inject qmail-smtpd
| (use smtpgreeting)
| |
"from"[EMAIL PROTECTED] is RELAYCLIENT defined?-Y-+
or [EMAIL PROTECTED] | |
| N |
| | |
| REJECT MAIL------N-is y.z in 'rcpthosts' |
| | |
| Y |
| | |
| V |
+--------------------------+------------------------------------+
|
set "deliverto" = [EMAIL PROTECTED]
|
+------------------------->|
| |
| V
| qmail-queue
| |
| |
| qmail-send
| |
| if "from" has no @ use 'envnoathost'
| |
| is y.z in 'locals'-Y-----------------+
| | |
| N set "account" = x
| | |
| is any of [EMAIL PROTECTED] in 'virtualdomains' |
| | | |
| N Y |
| | | |
| qmail-rspawn lookup "account" (see below) |
| | add -x to end of |
| qmail-remote "account" |
| | | |
| is y.z in 'smtproute' +--------------->|
| | | |
| N Y qmail-lspawn
| | | |
| lookup MX for y.z | |
| and send lookup route |
| and send is any of "account"
| +-----N-in 'users/assign'
| | |
| set "user" = Y
| part of "account" before '-' |
| | lookup "user"
| | |
| |<----------------+
| |
| is "user" qmailable (not root etc)
| | |
| N Y
| | |
| set "user" = alias |
| | |
| |<-----------------------+
| |
| qmail-local (run as "user")
| |
| is there an appropriate
| .qmail file (based on "account" without "user")
| |
|
| Y N
| | |
| | bounce<-----N-is "account" = "user"
| | |
| | Y
| | |
| empty file?-Y---------------------->|
| | |
| for each line in file write message to
| | | default Maildir/Mbox
| starts with & starts with .
| or letter or /
| | |
| set "deliverto" store in Maildir/Mbox
| line in file
| |
+----------+
NOTE: when looking up virtual domains then the Right Hand Side (after
the :)is prepended to the recipeint address. NOTE if this is blank
the line is treated as though it is not matched in 'virtualdomains' at
all as is passed on to qmail-rspawn even though it might also be
matched by another line
NOTE: 'users/assign' must have a . on the last line AND you must run
qmail-newu whenever it is changed for the change to be noticed (ie it
is not sufficient to restart qmail.
NOTE: you must restart qmail whenever one of 'control files' are
changed.
------------------------------------------------------------------
look forward to comments
(and I am not yet using qmail to send this!)
Alan
[EMAIL PROTECTED]
http://www.chandler.u-net.com
On Fri, Jun 16, 2000 at 11:04:59PM +0100, Alan Chandler wrote:
> NOTE: you must restart qmail whenever one of 'control files' are
> changed.
That's only true for some of them. Lots of them are read for every invocation
of qmail-smtpd or qmail-remote, for example, and qmail-send can be told of new
a locals or virtualdomains file with a SIGHUP.
Chris
On Fri, Jun 16, 2000 at 06:52:49PM +0900, Kristina wrote:
>
> Make sure you have this:
>
> % groupadd -g 110 qmgr ( A group id above 100)
> % useradd -u 120 -g 110 mailuser (A group id above 100)
>
> % chgrp qmgr /home
> % chmod 775 /home
The user "mailuser" is allowed to create file/directories in /home ???
What should that be good for?
Even if you meant /home/mailuser it should read
% chmod 755 /home/mailuser
*
(i.e. no write permission), otherwise a vanilla qmail won't deliver
emails for that user.
\Maex
--
SpaceNet GmbH | http://www.Space.Net/ | Stress is when you wake
Research & Development | mailto:[EMAIL PROTECTED] | up screaming and you
Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0 | realize you haven't
D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
One of my clients does not like to receive e-mail from
exposed.freewebsites.com, how do I block this server? it is ot in the
mail-abuse or orbs.org database....
Bolivar,
Search the FAQ for an explanation of the 'badmailfrom' file.
#
At 07:00 AM 6/16/00 , Bolivar Diaz Galarza wrote:
>One of my clients does not like to receive e-mail from
>exposed.freewebsites.com, how do I block this server? it is ot in the
>mail-abuse or orbs.org database....
>
>Bolivar,
On Fri, Jun 16, 2000 at 07:00:26AM -0500, Bolivar Diaz Galarza wrote:
> One of my clients does not like to receive e-mail from
> exposed.freewebsites.com, how do I block this server? it is ot in the
> mail-abuse or orbs.org database....
There is a patch for qmail-smtpd.c floating around (sorry, I don't
have it handy, and I can't extract one as my qmail-smtpd is *heavily*
patched) that basically checks for a environment variable
BOUNCEMAIL and if set sends back the contents of this variable in
smtp_rcpt() before the "250 ok".
As a way to go modify qmail-smtpd.c
------------------------------------------------------------------------
near "char *relayclient;" add a line
char *bouncemail;
--------------------
near "void err_bmf() { ... }" add a line
void err_bouncemail(s) char *s; { out(s); out(" (#5.7.1)\r\n"); }
--------------------
in setup() before "dohelo()" add a line
bouncemail = env_get("BOUNCEMAIL");
--------------------
in smtp_rcpt() after "if (flagbarf) { ...}" add a line
if (bouncemail) { err_bouncemail(bouncemail); return; }
------------------------------------------------------------------------
This allows using tcprules like:
216.65.1.3:allow,BOUNCEMAIL="521 we do not accept messages from this server"
Please note, that this will not only filter out messages to one of your
client, but affects your qmail system as a whole. It will reject all
messages from 216.65.1.3 (i.e. exposed.freewebsites.com).
If you want the filtering to be client specific the solution depends
on how your client gets his email delivered.
\Maex
--
SpaceNet GmbH | http://www.Space.Net/ | Stress is when you wake
Research & Development | mailto:[EMAIL PROTECTED] | up screaming and you
Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0 | realize you haven't
D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
On Fri, Jun 16, 2000 at 07:07:19PM -0500, Troy Frericks wrote:
> Search the FAQ for an explanation of the 'badmailfrom' file.
This is useless if you try to block a whole server - unless all messages
have a sender address *@domain of course.
\Maex
--
SpaceNet GmbH | http://www.Space.Net/ | Stress is when you wake
Research & Development | mailto:[EMAIL PROTECTED] | up screaming and you
Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0 | realize you haven't
D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
Thanks for the tip, I will try that monday and post the results.
Bolivar,
----- Original Message -----
From: Markus Stumpf <[EMAIL PROTECTED]>
To: Bolivar Diaz Galarza <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, June 16, 2000 7:39 PM
Subject: Re: Blocking a specific address
> On Fri, Jun 16, 2000 at 07:00:26AM -0500, Bolivar Diaz Galarza wrote:
> > One of my clients does not like to receive e-mail from
> > exposed.freewebsites.com, how do I block this server? it is ot in the
> > mail-abuse or orbs.org database....
>
> There is a patch for qmail-smtpd.c floating around (sorry, I don't
> have it handy, and I can't extract one as my qmail-smtpd is *heavily*
> patched) that basically checks for a environment variable
> BOUNCEMAIL and if set sends back the contents of this variable in
> smtp_rcpt() before the "250 ok".
>
> As a way to go modify qmail-smtpd.c
> ------------------------------------------------------------------------
> near "char *relayclient;" add a line
> char *bouncemail;
> --------------------
> near "void err_bmf() { ... }" add a line
> void err_bouncemail(s) char *s; { out(s); out(" (#5.7.1)\r\n"); }
> --------------------
> in setup() before "dohelo()" add a line
> bouncemail = env_get("BOUNCEMAIL");
> --------------------
> in smtp_rcpt() after "if (flagbarf) { ...}" add a line
> if (bouncemail) { err_bouncemail(bouncemail); return; }
> ------------------------------------------------------------------------
>
> This allows using tcprules like:
> 216.65.1.3:allow,BOUNCEMAIL="521 we do not accept messages from this
server"
>
> Please note, that this will not only filter out messages to one of your
> client, but affects your qmail system as a whole. It will reject all
> messages from 216.65.1.3 (i.e. exposed.freewebsites.com).
>
> If you want the filtering to be client specific the solution depends
> on how your client gets his email delivered.
>
> \Maex
>
> --
> SpaceNet GmbH | http://www.Space.Net/ | Stress is when you
wake
> Research & Development | mailto:[EMAIL PROTECTED] | up screaming and
you
> Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0 | realize you
haven't
> D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
>
On Fri, Jun 16, 2000 at 08:14:50AM -0500, Bolivar Diaz Galarza wrote:
> Thanks for the tip, I will try that monday and post the results.
Another way to go is to put the offending host into your smtp.rules or
what it's called in your setup with
10.0.1.1:deny
so they can't even connect. Be sure to rebuild the .cdb file after that.
This will not work if you can't do it on all your MX's, though (which I,
for one, can't - bummer!)
-Johan
--
Johan Almqvist
I'm putting together program to assist in viewing/managing the queue.
Yes, I've seen qmHandle and it is indeed spiffy. I just want to make my
own.
Anyway, in the 'remote' and 'local' files for a queued message, individual
recipients are marked with 'D' if they are done and 'T' if they are still
pending, correct?
Are there any other markers I should be aware of?
Thanks,
Ben
--
The spectre of a polity controlled by the fads and whims of voters who
actually believe that there are significant differences between Bud Lite
and Miller Lite, and who think that professional wrestling is for real, is
naturally alarming to people who don't.
-- Neal Stephenson
