qmail Digest 2 Jul 2000 10:00:01 -0000 Issue 1050
Topics (messages 44000 through 44037):
Can't find my log file
44000 by: Lou Hevly
44011 by: Steffan Hoeke
Bounce questions
44001 by: Ian Layton
Help! :(
44002 by: Andy Coates
44009 by: Steffan Hoeke
44010 by: Andy Coates
44012 by: Steffan Hoeke
44014 by: Andy Coates
44015 by: Steffan Hoeke
Re: virtual user
44003 by: Juan E Suris
Re: qmail-ldap file permissions
44004 by: clemensF
Re: two questions
44005 by: clemensF
very slow delivery
44006 by: Mirko Koenig
44017 by: Magnus Bodin
Re: qmailq problem
44007 by: clemensF
44008 by: Steffan Hoeke
[[EMAIL PROTECTED]: Re: digest version?]
44013 by: Steffan Hoeke
Unable to fork (WAS Help! :( )
44016 by: Andy Coates
URGENT!!! HELP!!! HP-UX fault
44018 by: Kvazimodo
Emend LWQ? was Re: Can't find my log file
44019 by: Lou Hevly
Dot-forward did not work suddenly
44020 by: Edward Tsang
The most secure POP server
44021 by: Roberto Samarone Ara�jo (RSA)
44022 by: Irwan Hadi
44023 by: Brett Randall
44024 by: Irwan Hadi
44025 by: amir
44026 by: Dave Granath
44027 by: Adam McKenna
44028 by: Brett Randall
44029 by: Brian D. Winters
44030 by: Adam McKenna
44031 by: Adam McKenna
44032 by: Mark Mentovai
44033 by: Brett Randall
44034 by: asantos
44037 by: Thomas Neumann
Limit email file seize for some users
44035 by: qmail.col7.metta.lk
44036 by: Steffan Hoeke
Administrivia:
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To bug my human owner, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
Greetings: Sorry to ask so basic a question, but after installing qmail successfully following LWQ, I'm unable to find my log file. `ps` shows that multilog is being invoked: qmaill 541 0.0 1.1 1092 356 ? S 14:42 0:00 /usr/local/bin/multilog t /var/log/qmail qmaill 542 0.0 1.0 1084 328 ? S 14:42 0:00 /usr/local/bin/multilog t /var/log/qmail/smtpd In these two directories (/var/log/qmail and /var/log/qmail/smtpd) I can find no log files. I also looked in /var/qmail/supervise/ and /var/qmail/supervise/*/log The doc says: "The log directory is specified on the multilog command line, so you can find it by examining your qmail startup script." I used the startup script from LWQ, but I don`t see where it tells me where the log directory is. I'm running on Linux 2.0.36. Thanks. -- All the best (Ad�u-siau), Lou Hevly [EMAIL PROTECTED] http://www.visca.com
On Sat, Jul 01, 2000 at 12:12:26PM +0100, Lou Hevly wrote: > Greetings: > > Sorry to ask so basic a question, but after installing qmail successfully following >LWQ, I'm unable to find my log file. `ps` shows that multilog is being invoked: > > qmaill 541 0.0 1.1 1092 356 ? S 14:42 0:00 /usr/local/bin/multilog t >/var/log/qmail All of qmail-send's activity is logged in /var/log/qmail/current > qmaill 542 0.0 1.0 1084 328 ? S 14:42 0:00 /usr/local/bin/multilog t >/var/log/qmail/smtpd All of qmail-smptd's activity is logged in /var/log/qmail/smptd/current > The doc says: > > "The log directory is specified on the multilog command line, so you can find it by >examining your qmail startup script." i.e. the /var/log/qmail and /var/log/qmail/smtpd directories .... > I used the startup script from LWQ, but I don`t see where it tells me where the log >directory is. See above ;-) > Thanks. > Lou Hevly HTH, Steffan BTW: please set the margins to 80 chars, makes replying easier ..... -- http://therookie.dyndns.org
Thank you for all the comments I received about my previous question. I am now needing to make a program that will analyses bounced messages from Qmail and be able to distinguish between hard (permanent bounces) and soft (temporary) bounces. Is there any standard out there on how to recognize the difference. Also, I would like this program to execute upon delivery of a bounce message. I believe it's possible but I'm not sure how. Thank you Ian
Hi, I've been playing with dot-forward, and now my whole qmail system doesn't want to deliver messages. I don't know if they're related, or whether something else is wrong - but no one is getting any mail!?!? Basically I installed the dot-forward package and set this at my /var/qmail/rc: exec env - PATH="/var/qmail/bin:$PATH" \ qmail-start '|dot-forward .forward ./Maildir/' splogger qmail & But that didn't work, so I thought i'd set it back to normal whilst I look into the matter, so my rc is now: exec env - PATH="/var/qmail/bin:$PATH" \ qmail-start ./Maildir/ splogger qmail & Thing is, mail is being received, but not delivered. qmail-qstat shows: messages in queue: 6 messages in queue but not yet preprocessed: 0 And qmail is running again after I stopped it. Any ideas what I've done to stop it working? At least messages aren't being lost, but I need to get the mail out to my users :-( TIA, Andy.
On Sat, Jul 01, 2000 at 02:49:35PM +0100, Andy Coates wrote: > Hi, > > I've been playing with dot-forward, and now my whole qmail system doesn't > want to deliver messages. I don't know if they're related, or whether > something else is wrong - but no one is getting any mail!?!? > > Basically I installed the dot-forward package and set this at my > /var/qmail/rc: > > exec env - PATH="/var/qmail/bin:$PATH" \ > qmail-start '|dot-forward .forward > ./Maildir/' splogger qmail & > > But that didn't work, so I thought i'd set it back to normal whilst I look > into the matter, so my rc is now: > exec env - PATH="/var/qmail/bin:$PATH" \ > qmail-start ./Maildir/ splogger qmail & > > Thing is, mail is being received, but not delivered. qmail-qstat shows: > messages in queue: 6 > messages in queue but not yet preprocessed: 0 > > And qmail is running again after I stopped it. Any ideas what I've done to > stop it working? > > At least messages aren't being lost, but I need to get the mail out to my > users :-( > > TIA, > Andy. What do the logs say? (tm) I'm also a bit curious why there's a & in your rc file .... Greetz, Steffan -- http://therookie.dyndns.org
----- Original Message ----- From: "Steffan Hoeke" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, July 01, 2000 5:14 PM Subject: Re: Help! :( > On Sat, Jul 01, 2000 at 02:49:35PM +0100, Andy Coates wrote: > > Hi, > > > > I've been playing with dot-forward, and now my whole qmail system doesn't > > want to deliver messages. I don't know if they're related, or whether > > something else is wrong - but no one is getting any mail!?!? > > > > Basically I installed the dot-forward package and set this at my > > /var/qmail/rc: > > > > exec env - PATH="/var/qmail/bin:$PATH" \ > > qmail-start '|dot-forward .forward > > ./Maildir/' splogger qmail & > > > > But that didn't work, so I thought i'd set it back to normal whilst I look > > into the matter, so my rc is now: > > exec env - PATH="/var/qmail/bin:$PATH" \ > > qmail-start ./Maildir/ splogger qmail & > > > > Thing is, mail is being received, but not delivered. qmail-qstat shows: > > messages in queue: 6 > > messages in queue but not yet preprocessed: 0 > > > > And qmail is running again after I stopped it. Any ideas what I've done to > > stop it working? > > > > At least messages aren't being lost, but I need to get the mail out to my > > users :-( > > > > TIA, > > Andy. > What do the logs say? (tm) > > I'm also a bit curious why there's a & in your rc file .... The & is what was in the /var/qmail/boot example files, I used /var/qmail/boot/maildir for my RC. As for the logs, nothing. (a little odd again). Andy.
On Sat, Jul 01, 2000 at 05:35:26PM +0100, Andy Coates wrote: > ----- Original Message ----- > From: "Steffan Hoeke" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Saturday, July 01, 2000 5:14 PM > Subject: Re: Help! :( > > > > On Sat, Jul 01, 2000 at 02:49:35PM +0100, Andy Coates wrote: > > > Hi, > > > > > > I've been playing with dot-forward, and now my whole qmail system > > > doesn't > > > want to deliver messages. I don't know if they're related, or whether > > > something else is wrong - but no one is getting any mail!?!? [snipped] > > > At least messages aren't being lost, but I need to get the mail out to > > > my users :-( > > > > > > TIA, > > > Andy. > > What do the logs say? (tm) > > > > I'm also a bit curious why there's a & in your rc file .... > > The & is what was in the /var/qmail/boot example files, I used > /var/qmail/boot/maildir for my RC. Ok, i'm just getting used to running qmail supervised, so i forgot :-0 > As for the logs, nothing. (a little odd again). Nothing, as in there's no entries in the log, or Nothing, as in there's nothing of interest in the log ? > Andy. Steffan -- http://therookie.dyndns.org
----- Original Message ----- From: "Steffan Hoeke" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, July 01, 2000 5:54 PM Subject: Re: Help! :( > On Sat, Jul 01, 2000 at 05:35:26PM +0100, Andy Coates wrote: > > ----- Original Message ----- > > From: "Steffan Hoeke" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Saturday, July 01, 2000 5:14 PM > > Subject: Re: Help! :( > > > > > > > On Sat, Jul 01, 2000 at 02:49:35PM +0100, Andy Coates wrote: > > > > Hi, > > > > > > > > I've been playing with dot-forward, and now my whole qmail system > > > > doesn't > > > > want to deliver messages. I don't know if they're related, or whether > > > > something else is wrong - but no one is getting any mail!?!? > [snipped] > > > > At least messages aren't being lost, but I need to get the mail out to > > > > my users :-( > > > > > > > > TIA, > > > > Andy. > > > What do the logs say? (tm) > > > > > > I'm also a bit curious why there's a & in your rc file .... > > > > The & is what was in the /var/qmail/boot example files, I used > > /var/qmail/boot/maildir for my RC. > Ok, i'm just getting used to running qmail supervised, so i forgot :-0 > > > As for the logs, nothing. (a little odd again). > Nothing, as in there's no entries in the log, or > Nothing, as in there's nothing of interest in the log ? Nothing as in there's no entries (i'm looking in /var/log/messages, which is hopefully the right place). Any ideas? Andy.
On Sat, Jul 01, 2000 at 06:27:26PM +0100, Andy Coates wrote: > ----- Original Message ----- > From: "Steffan Hoeke" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Saturday, July 01, 2000 5:54 PM > Subject: Re: Help! :( > > > > On Sat, Jul 01, 2000 at 05:35:26PM +0100, Andy Coates wrote: > > > ----- Original Message ----- > > > From: "Steffan Hoeke" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Saturday, July 01, 2000 5:14 PM > > > Subject: Re: Help! :( > > > > > > > > > > On Sat, Jul 01, 2000 at 02:49:35PM +0100, Andy Coates wrote: > > > > > Hi, > > > > > [Snipped another bit] > > > > I'm also a bit curious why there's a & in your rc file .... > > > > > > The & is what was in the /var/qmail/boot example files, I used > > > /var/qmail/boot/maildir for my RC. > > Ok, i'm just getting used to running qmail supervised, so i forgot :-0 > > > > > As for the logs, nothing. (a little odd again). > > Nothing, as in there's no entries in the log, or > > Nothing, as in there's nothing of interest in the log ? > > Nothing as in there's no entries (i'm looking in /var/log/messages, which is > hopefully the right place). Ehhm, when i used splogger it was /var/log/maillog ..... > Any ideas? > > Andy. > -- http://therookie.dyndns.org
> > i have a virtual domain barkada.com in my qmail machine. then i want to > make a virtual user with that domain. there is a user kaibigan but i did > not activate nery as a user in the machine. but i want it like this if > somebody send to [EMAIL PROTECTED] the email will automatically send to > [EMAIL PROTECTED] > > i add barkada.com in my rcpthosts > > then in the virtualdomain i add > > barkada.com:nery > > and in my kaibigan/.qmail file i added also > > &[EMAIL PROTECTED] > > then when i tried to send to [EMAIL PROTECTED] i got this error. > > Hi. This is the qmail-send program at qmail.pinoyswapcentral.com. > I'm afraid I wasn't able to deliver your message to the following addresses. > This is a permanent error; I've given up. Sorry it didn't work out. > > <[EMAIL PROTECTED]>: > Sorry, no mailbox here by that name. (#5.1.1) > > --- Below this line is a copy of the message. > > what is my mistake here? > > in sendmail i can do this in my /etc/virtusertable file as > > [EMAIL PROTECTED] [EMAIL PROTECTED] > > thanks! > your virtualdomain entry should look like this: barkada.com:kaibigan and in ~kaibigan/.qmail-nery: [EMAIL PROTECTED] and you also need ~kaibigan/.qmail-kaibigan, which contains the desired delivery for [EMAIL PROTECTED] JES
> prashant: > can some one tell me what file permissions are required > for > 1> ~Home/Maildir > 2> Maildir > 3> cur > 4> new > 5> tmp 700. the 'x' bit lets programs search a directory. clemens
> Clifford Thurber: > #!/bin/sh > exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail exec setuidgid qmaill multilog t !tai64nlocal /var/log/qmail ...would make multilog pipe safe loggs (loggs that were safely closed) through tai64nlocal automatically, so that these loggs contain "standard" timestamps. clemens
hi i'm running qmail and first there were no problems. but after a while qmail is getting very slow. now the delivery and sending of messages takes 20 min. i write a message eg. in pine send it and then have to wait up to 20 min till its delivered. if i recieve mail with fetchmail it takes also up to 20 min the mail is deliverd to local. i've no network. only a standalone pc. even mail to myself takes up to 20 min. i didn't change anything in my opinion. the error accours suddenly ;-) ok i think i must have changed something but i don't know what. the mails are getting in the queue and are preprocessed correctly, but then it takes up to 20min they are delivered. i will be very happy if you could help me. mirko home : http://stud.fbi.fh-darmstadt.de/~koenig
On Sat, Jul 01, 2000 at 05:09:47PM +0200, Mirko Koenig wrote: > now the delivery and sending of messages takes 20 min. > i write a message eg. in pine send it and then have to wait up to 20 min > till its delivered. check the permissions of "/var/qmail/queue/lock/trigger" # ls -l /var/qmail/queue/lock/ total 1 -rw------- 1 qmails qmail 0 Mar 2 1999 sendmutex -rw-r--r-- 1 qmailr qmail 1024 Jul 1 19:58 tcpto prw--w--w- 1 qmails qmail 0 Jul 1 20:58 trigger ^^^^^^^^^^ If it doesn't is "prw--w--w-", then do a "make setup" from the qmail source library again. /magnus -- http://x42.com/
> Ben Beuchler: > And is there a particular reason so many people neglect to look at their > logs when trying to research a problem? good question, actually. the loggs give very good and simple diagnostics, it must have something to do with the way information is identified. we have the time stamps, which have to be converted by tai64nlocal in order for people to see that they indicate *current* trouble. i have noticed people setting unreasonably large values for the log sizes and their number. then there's definitly the need to make sense of the long-term queue-id of the delivery messages and the status line at the end (1_0_0). i'd like to see it at a prominent place in the INSTALL files, maybe. clemens
On Sat, Jul 01, 2000 at 06:10:38PM +0200, clemensF wrote: > > Ben Beuchler: > > > And is there a particular reason so many people neglect to look at their > > logs when trying to research a problem? [snipped a bit] > number. then there's definitly the need to make sense of the long-term > queue-id of the delivery messages and the status line at the end (1_0_0). > i'd like to see it at a prominent place in the INSTALL files, maybe. What *does* the last number in @40000000395b7d5233ba0ecc delivery 123: success: did_1+0+0/ stand for ? The first number is a local delivery The second number is a remote delivery The third number is ...... ? > clemens TIA, Steffan -- http://therookie.dyndns.org
By request ... ----- Forwarded message from Ira Abramov <[EMAIL PROTECTED]> ----- Date: Sat, 1 Jul 2000 20:16:54 +0300 (IDT) From: Ira Abramov <[EMAIL PROTECTED]> To: Steffan Hoeke <[EMAIL PROTECTED]> Subject: Re: digest version? On Sat, 1 Jul 2000, Steffan Hoeke wrote: > On Sat, Jul 01, 2000 at 08:12:31PM +0300, Ira Abramov wrote: > > > > > > > > On Fri, Jun 30, 2000 at 05:54:18PM -0000, [EMAIL PROTECTED] wrote: > > > > > > > > Is there a digest version of this mailing list? > > > Nope, sorry .... > > > Since it's a veryhigh volume list IMHO it wouldn't be advisable > > > > I read it on digest. subscribe on egroups.com/group/djb-qmail > Hmmm. I thought [EMAIL PROTECTED] was the only source ..... nope, but apperently I can't post since I'm not subscribed directly to dan's machine. plese forward the URL to the main list, thanks! -- Ira Abramov (@- Gnu/Linux, Free Speech, RFC 1855 whois: IA58 //\ Peace, Love, Music, Slow Food www.scso.com v_/_ Citroens, Camels, Penguins, Cats ----- End forwarded message ----- -- http://therookie.dyndns.org
> > > > > On Sat, Jul 01, 2000 at 02:49:35PM +0100, Andy Coates wrote: > > > > > > Hi, > > > > > > > [Snipped another bit] > > > > > I'm also a bit curious why there's a & in your rc file .... > > > > > > > > The & is what was in the /var/qmail/boot example files, I used > > > > /var/qmail/boot/maildir for my RC. > > > Ok, i'm just getting used to running qmail supervised, so i forgot :-0 > > > > > > > As for the logs, nothing. (a little odd again). > > > Nothing, as in there's no entries in the log, or > > > Nothing, as in there's nothing of interest in the log ? > > > > Nothing as in there's no entries (i'm looking in /var/log/messages, which is > > hopefully the right place). > Ehhm, when i used splogger it was /var/log/maillog ..... DOH!!! (I hate it when that happens..) Looking at the RIGHT log reveals: Jul 1 18:40:26 wolverine qmail: 962473226.726133 status: local 1/10 remote 0/20 Jul 1 18:40:26 wolverine qmail: 962473226.731877 delivery 69: deferral: Unable_to_fork:_temporary_failure._(# 4.3.0)/ Now why is it saying that... any more ideas? Thanks, Andy.
Hello ppl! I have HP-UX web1 B.11.00 U 9000/800 610339382 unlimited-user license my qmail start script runs Ok, but qmail stops. When I restart qmail deamon manualy it keeps runing. here is what I run: #!/sbin/sh # # /etc/rc*.d/S**qmail - Start/Stop the qmail daemon # PATH=/usr/bin:/bin:/var/qmail/bin:/var/qmail/conf:$PATH case $1 in "start") # csh -cf '/var/qmail/rc &' && echo -n ' qmail' csh -cf '/var/qmail/bin/qmail-start ./Mailbox splogger qmail &' && echo -n ' qmail' sleep 10 ;; "stop") pid=`/usr/bin/ps -e | /usr/bin/grep qmail-send | /usr/bin/sed -e 's/^ *//' -e 's/ .*//'` if test "$pid" then kill $pid fi ;; "start_msg") echo "Starting qmail" ;; "stop_msg") echo "Stopping qmail" ;; *) echo "usage: /sbin/init.d/qmail {start|stop}" ;; esac Any ideas? ================================ Regards, Eldar Imangulov ([EMAIL PROTECTED]) http://www.netcity.ru/
At 18:42 01/07/00 +0200, Steffan Hoeke wrote: >On Sat, Jul 01, 2000 at 12:12:26PM +0100, Lou Hevly wrote: >> Sorry to ask so basic a question, but after installing qmail successfully >> following LWQ, I'm unable to find my log file. `ps` shows that multilog is >> being >invoked... <snip> >"All of qmail-send's activity is logged in /var/log/qmail/current" Yes indeed. Thank you very much. Still, the excellent LWQ *does* say: "The log directory is specified on the multilog command line, so you can find it by examining your qmail startup script." Unless I'm misinterpreting the meaning of 'log directory', /var/log/qmail/ isn't mentioned anywhere in the startup script suggested in LWQ. And because many questions are asked on this list by those who haven't bothered to check their log files, might I, humble beginner though I be, suggest that LWQ be emended with Steffan Hoeke's answer to me (quoted above)? -- All the best (Ad�u-siau), Lou Hevly [EMAIL PROTECTED] http://www.visca.com
qmail-start '|dot-forward .forward
./Maildir/'Anyone can give me some advice?On the other hand, did dot qmail support following usage?.qmail in user a directory/home/usera/Maildir/I tried to use above syntax, however, qmail always append the host domain and making the delivery unsuccessful.Example: [EMAIL PROTECTED]Regards,Edward.
Hi , I'm installing the Qmail so , I would like to know the most secure POP server to install and that doesn't have problems with Maildir . Roberto Samarone Araujo
At 10:58 PM 7/1/00 -0300, RSA wrote: >Hi , > > I'm installing the Qmail so , I would like to know the most secure POP >server to install and that doesn't have problems with Maildir . how' bout qmail-pop3d ?
> > I'm installing the Qmail so , I would like to know the
> most secure POP
> >server to install and that doesn't have problems with Maildir .
>
> how' bout qmail-pop3d ?
I was thinking of suggesting that one but it isn't very secure...
Brett
Manager
InterPlanetary Solutions
http://ipsware.com/
At 11:59 AM 7/2/00 +1000, Brett Randall wrote: > > > I'm installing the Qmail so , I would like to know the > > most secure POP > > >server to install and that doesn't have problems with Maildir . > > > > how' bout qmail-pop3d ? > >I was thinking of suggesting that one but it isn't very secure... can you give the explanation why qmail-pop3d is not secure ? Should then we combined SSL with POP ? to make it more secure ?
Irwan Hadi <[EMAIL PROTECTED]> wrote: >At 11:59 AM 7/2/00 +1000, Brett Randall wrote: >> > > I'm installing the Qmail so , I would like to know the >> > most secure POP >> > >server to install and that doesn't have problems with Maildir . >> > >> > how' bout qmail-pop3d ? >> >>I was thinking of suggesting that one but it isn't very secure... > >can you give the explanation why qmail-pop3d is not secure ? >Should then we combined SSL with POP ? to make it more secure ? I think he meant that passwords will be sent in cleartext over the network w/o encryption. This is actually a problem with the POP protocol. But, qmail-pop3d is secure. How do you plan on using SSL with POP? I know that SSL and IMAP work nicely together, but SSL and POP, never heard about that... maybe some SSL proxying techniques??? Amir ____________________________________________ InfoTeen.com - email, chat, message boards, and much more. Go to http://www.infoteen.com
I thought that qmail-pop3d still passed it's passwords in the clear??? If it does and the server is not inside a firewall anyone outside could snoop your connection requests etc... Irwan Hadi <[EMAIL PROTECTED]> wrote: >At 11:59 AM 7/2/00 +1000, Brett Randall wrote: >> > > I'm installing the Qmail so , I would like to know the >> > most secure POP >> > >server to install and that doesn't have problems with Maildir . >> > >> > how' bout qmail-pop3d ? >> >>I was thinking of suggesting that one but it isn't very secure... > >can you give the explanation why qmail-pop3d is not secure ? >Should then we combined SSL with POP ? to make it more secure ? I think he meant that passwords will be sent in cleartext over the network w/o encryption. This is actually a problem with the POP protocol. But, qmail-pop3d is secure. How do you plan on using SSL with POP? I know that SSL and IMAP work nicely together, but SSL and POP, never heard about that... maybe some SSL proxying techniques??? Amir ____________________________________________ InfoTeen.com - email, chat, message boards, and much more. Go to http://www.infoteen.com
On Sat, Jul 01, 2000 at 08:34:18PM -0600, Irwan Hadi wrote: > At 11:59 AM 7/2/00 +1000, Brett Randall wrote: > > > > I'm installing the Qmail so , I would like to know the > > > most secure POP > > > >server to install and that doesn't have problems with Maildir . > > > > > > how' bout qmail-pop3d ? > > > >I was thinking of suggesting that one but it isn't very secure... > > can you give the explanation why qmail-pop3d is not secure ? > Should then we combined SSL with POP ? to make it more secure ? The poster said that qmail-pop3d is insecure, not the POP3 protocol. I, for one, would like to see him elucidate or defend his statement. --Adam
Ok, here's the deal:
qmail-pop3d is NOT secure, nor are most other standard POP3 daemons. POP passwords are sent in cleartext and are not encrypted. They can be viewed by people snooping a connection (although this is not as easy as it sounds). A way of fixing this insecurity is to use SSL, an option many POP3 clients (including most Microsoft ones, and Netscape, AFAIK) offer (in Advanced options usually). They perform the POP3 operations over the Secure Socket Layer (that is SSL), however this requires quite some config which I personally have never done before, but I have heard of people doing it.
Look into it
Brett
Manager
InterPlanetary Solutions
http://ipsware.com/
On Sun, Jul 02, 2000 at 02:56:18AM +0000, amir wrote: > How do you plan on using SSL with POP? I know that SSL and IMAP work nicely >together, but SSL and POP, never heard about that... maybe some SSL proxying >techniques??? It works exactly the same as SSL and IMAP. You can encapsulate any TCP connection in an SSL tunnel. This includes IMAP, POP3, telnet, or even ssh or another SSL session, although the last two are pretty pointless. Some servers have built in support for SSL, or you can tack it on yourself. I use a program called sslwrap in conjuction with qmail-pop3. I believe another freely available program is called stunnel(?). When proxying like this typically you restrict connections to port 110 to localhost, and then sslwrap (or whatever) proxies between an open port 995 (the port assigned for pop3s) and the protected port 110. Brian
On Sun, Jul 02, 2000 at 01:23:20PM +1000, Brett Randall wrote: > Ok, here's the deal: > > qmail-pop3d is NOT secure, nor are most other standard POP3 daemons. POP > passwords are sent in cleartext and are not encrypted. They can be viewed by > people snooping a connection (although this is not as easy as it sounds). A > way of fixing this insecurity is to use SSL, an option many POP3 clients > (including most Microsoft ones, and Netscape, AFAIK) offer (in Advanced > options usually). They perform the POP3 operations over the Secure Socket > Layer (that is SSL), however this requires quite some config which I > personally have never done before, but I have heard of people doing it. Nice cover. So when you said "I was thinking of suggesting THAT ONE but IT isn't very secure", you were actually talking about the POP3 protocol and not qmail-pop3d specifically? If that's the case then why did you reply at all, and in such an ambiguous way? You certainly didn't answer the poster's question. --Adam
On Sat, Jul 01, 2000 at 10:58:17PM -0300, Roberto Samarone Ara�jo (RSA) wrote: > Hi , > > I'm installing the Qmail so , I would like to know the most secure POP > server to install and that doesn't have problems with Maildir . > > Roberto Samarone Araujo Robert, Your best bet is qmail-pop3d+vpopmail which will enable you to give your customers pop3 accounts without actually giving them accounts on your UNIX system. If the passwords and mail are passing over the internet, you could wrap the pop3 service with sslwrap or stunnel, two popular packages which will wrap any service with SSL. --Adam
Brian D. Winters wrote: >It works exactly the same as SSL and IMAP. You can encapsulate any >TCP connection in an SSL tunnel. This includes IMAP, POP3, telnet, or >even ssh or another SSL session, although the last two are pretty >pointless. > >Some servers have built in support for SSL, or you can tack it on >yourself. I use a program called sslwrap in conjuction with >qmail-pop3. I believe another freely available program is called >stunnel(?). When proxying like this typically you restrict >connections to port 110 to localhost, and then sslwrap (or whatever) >proxies between an open port 995 (the port assigned for pop3s) and the >protected port 110. This is no longer the preferred way to do it, see RFC 2595 (not yet a standard, but it's on its way). This RFC defines a STLS POP3 command which initiates TLS (essentially a new and fancy name for SSL, TLSv1 is almost identical to SSLv3) communication. A similar command (STARTTLS) is defined for IMAP. The definition for accomplishing the same thing over SMTP (using the STARTTLS command) is provided in RFC 2487. qmail can be made to support TLS in accordance with RFC 2487 by applying a patch at http://www.esat.kuleuven.ac.be/~vermeule/qmail/tls.patch . To my knowledge, at this time, no such patch can be applied to add RFC 2595 support to qmail-pop3d. Such a project would be harder to accomplish because of the more modular nature of qmail-pop3d: qmail-popup and qmail-pop3d both interact with the client over the network. This is something I've been thinking about, and if I ever get a chance, something I'd like to try to attack. Mark -- Do not reply directly to this e-mail address -- Mark Mentovai UNIX Engineer Gillette Global Network
> Nice cover. So when you said "I was thinking of suggesting THAT > ONE but IT > isn't very secure", you were actually talking about the POP3 > protocol and not > qmail-pop3d specifically? If that's the case then why did you > reply at all, > and in such an ambiguous way? You certainly didn't answer the poster's > question. Well yeah, but I wanted to see what would come of it. SSL I have never used and it never came to mind until someone mentioned it. I was just making a statement in general about standard use of qmail-pop3d. Anyway, thanks for clarification :> Brett Manager InterPlanetary Solutions http://ipsware.com/ <http://ipsware.com/>
From: Brett Randall <[EMAIL PROTECTED]> > >I was thinking of suggesting that one but it isn't very secure... > Ah, these guys can't take a joke :) However, again we find ourselves with the language problem. When Roberto Samarone Araujo says "secure", possibly he is associating the word "secure" in a diferent context from English. In fact, the Portuguese word "seguro" has a meaning more related to "stable" than to "secure". In Spanish, I think "seguro" means "sure". Quite different, isn't it? So, Roberto, I suggest that you take Adam McKenna suggestion and use qmail-pop3d. I'm not so sure about vpopmail, tough: depending on your installation, possibly the added complexity of vpopmail will result in less "estabilidade" e "seguran�a" that a straight qmail install. Armando
"Brett Randall" <[EMAIL PROTECTED]> writes: > Ok, here's the deal: > > qmail-pop3d is NOT secure, nor are most other standard POP3 daemons. POP > passwords are sent in cleartext and are not encrypted. They can be viewed by > people snooping a connection (although this is not as easy as it sounds). A > way of fixing this insecurity is to use SSL, [...] As long as you're only concerned about the password and not about the security of the message content itself you can also do APOP, but this is an issue with checkpassword and not qmail-pop3d itself. Many of our users, including myself, prefer APOP. If I want a secure message body I use PGP. -t
Hi I would like to limit some of my users to file seizes not above 1 MB How do I implement that. Thanks Jacob
On Sun, Jul 02, 2000 at 09:47:45AM +0600, [EMAIL PROTECTED] wrote: > Hi > > I would like to limit some of my users to file seizes not above 1 MB > > How do I implement that. man qmail-smtpd: databytes Maximum number of bytes allowed in a message, or 0 for no limit. Default: 0. If a message exceeds this limit, qmail-smtpd returns a permanent error code to the client; in contrast, if the disk is full or qmail-smtpd hits a resource limit, qmail-smtpd returns a temporary error code. databytes counts bytes as stored on disk, not as transmitted through the network. It does not count the qmail-smtpd Received line, the qmail-queue Received line, or the envelope. If the environment variable DATABYTES is set, it overrides databytes. AFAIK there's no easy way to implement a per-user basis. Or you'd have to try to experiment with setting DATABYTES in tcprules/ tcpserver. databytes should be in /var/qmail/control .... > Thanks > Jacob HTH, Steffan -- http://therookie.dyndns.org
