qmail Digest 22 Jul 2000 10:00:00 -0000 Issue 1070
Topics (messages 45122 through 45268):
Re: tcpserver and NAT
45122 by: Reier Pytte
45124 by: Lars Brandi Jensen
45127 by: Lars Brandi Jensen
45135 by: Brett Randall
45136 by: Matthias Henze
45139 by: Vince Vielhaber
45144 by: Dave Sill
45146 by: John White
45150 by: Brett Randall
45153 by: Andre Michaud
45203 by: David Dyer-Bennet
Re: qmail: 964126783.245290 delivery 15092: failure: Sorry,_no_mailbo
x_here_by_that_name._(#5.1.1)
45123 by: ���� �����
Re: 553 error code - MAPS?
45125 by: Vince Vielhaber
Re: orbs.org accuses qmail of mailbomb relaying!
45126 by: Brian Johnson
45129 by: Greg Owen
45132 by: Brian Johnson
45133 by: James Raftery
45137 by: Petr Novotny
45141 by: Frank Tegtmeyer
45142 by: Frank Tegtmeyer
45143 by: Petr Novotny
45145 by: Mark Mentovai
45147 by: John White
45148 by: Frank Tegtmeyer
45151 by: John White
45152 by: Petr Novotny
45156 by: Mark Mentovai
45157 by: Charles Cazabon
45158 by: Greg Owen
45159 by: Petr Novotny
45160 by: John White
45161 by: Mark Mentovai
45162 by: Frank Tegtmeyer
45163 by: Petr Novotny
45164 by: Michael T. Babcock
45165 by: Charles Cazabon
45167 by: Mark Mentovai
45168 by: Frank Tegtmeyer
45169 by: Greg Owen
45170 by: Petr Novotny
45171 by: Charles Cazabon
45172 by: Michael T. Babcock
45173 by: Michael T. Babcock
45174 by: Michael T. Babcock
45175 by: Michael T. Babcock
45176 by: Mark Mentovai
45178 by: Abdul Rehman Gani
45179 by: Petr Novotny
45181 by: John White
45182 by: Frank Tegtmeyer
45183 by: John White
45185 by: John R. Dunning
45186 by: Julian Brown
45187 by: Paul Jarc
45194 by: Dave Sill
45195 by: markd.bushwire.net
45199 by: Frank Tegtmeyer
45200 by: Charles Cazabon
45201 by: Julian Brown
45202 by: Dave Sill
45204 by: Jon Rust
45205 by: Paul Jarc
45206 by: Dave Sill
45207 by: David Dyer-Bennet
45208 by: Dave Sill
45209 by: David Dyer-Bennet
45210 by: David Dyer-Bennet
45212 by: Dave Sill
45213 by: John R. Dunning
45216 by: Dave Sill
45220 by: Dave Sill
45221 by: Paul Farber
45223 by: Adam McKenna
45224 by: Adam McKenna
45225 by: markd.bushwire.net
45228 by: Adam McKenna
45245 by: Russ Allbery
minifaq
45128 by: Mick
45240 by: Steffan Hoeke
45241 by: John van V.
45250 by: asantos
temporary_error_on_maildir_delivery
45130 by: Luis Bezerra
"Unable to fork"
45131 by: Michael T. Babcock
Re: forced queeuing
45134 by: Dave Sill
Re: Slow Slow Mail Delivery, Not Trigger Permissions
45138 by: Dave Sill
45180 by: Julian Brown
45188 by: Dave Sill
45190 by: markd.bushwire.net
45191 by: Julian Brown
45192 by: Julian Brown
45193 by: Robert Sander
45196 by: markd.bushwire.net
45197 by: Dave Sill
45198 by: markd.bushwire.net
Re: [OT] Re: Maildir support for emacs vm
45140 by: Paul Jarc
Re: Maildir support for emacs vm
45149 by: Charles Cazabon
45154 by: Robin S. Socha
45155 by: Dave Sill
45233 by: Erich
45246 by: Russ Allbery
pop3d daemon error
45166 by: Barry Smoke
qq trouble creating files in queue
45177 by: Toens Bueker
Qmailanalog
45184 by: Cedric Fontaine
Re: Maildir support for emacs vm ( and cgi )
45189 by: John van V.
numbers
45211 by: Frank Tegtmeyer
45226 by: Bruce Guenter
TCPserver error
45214 by: Z
45215 by: Ihnen, David
45217 by: Tyler J. Frederick
45218 by: Chris, the Young One
SMTP question.
45219 by: Z
45222 by: Paul Jarc
Re: Unable to send a huge file
45227 by: Aaron L. Meehan
45231 by: John van V.
Init scripts for daemontools 70.1
45229 by: Bruce Edge
more forced queueing
45230 by: mikec.qx.net
45232 by: Dave Sill
45234 by: M.B.
45236 by: Paul Jarc
45243 by: Steffan Hoeke
Permissions Dilemma?
45235 by: Tony Campisi
45263 by: Chris, the Young One
45265 by: asantos
qmqpc load balancing
45237 by: Austad, Jay
45238 by: markd.bushwire.net
45239 by: Paul Jarc
45242 by: markd.bushwire.net
45244 by: Austad, Jay
Data in exel to Vpopmail
45247 by: Javier Vino R.
pop3 outgoing config issue
45248 by: Bruce Edge
45264 by: Chris, the Young One
Can qmail-pop3d run without the qmail smtp server?
45249 by: Stephen Bolinger
45256 by: Ricardo Cerqueira
Re: pop3 outgoing config issue]
45251 by: Bruce Edge
installing new mail server
45252 by: Josh Timberman
45255 by: Steve Wolfe
problem with virtual user
45253 by: Jens Georg
virtual user problem
45254 by: Jens Georg
MDA (maildrop) exit error
45257 by: Subba Rao
Green guy from nowhere need some help...
45258 by: Lukasz Knizewski
virualdomain bouncing
45259 by: lkhanna.hss.hns.com
IDENTD timeout
45260 by: Enrique Vadillo
45261 by: asantos
45266 by: Chris, the Young One
45267 by: David Dyer-Bennet
HylaFax's hfaxd under tcpserver?
45262 by: John Conover
Re: Permissions Dilemma? FIXED!
45268 by: Tony Campisi
Administrivia:
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To bug my human owner, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
have you specifically routed port 25 on the router through to your
mailserver's ip address?
Regards
Reier
----- Original Message -----
From: Lars Brandi Jensen <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: 21. juli 2000 1104
Subject: tcpserver and NAT
Hello
I have set up my qmail ( using tcpserver ) server behind my router
(NAT), and got it working locally with sending and recieving mail. But
global it can send mail out but not recieve mail. I have tried various
things like telnet to port 25 and locally it works. But trying from
outside there is no response at all. So I think it is a problem with my
domain ? or tcpserver. Can anybody help me out?
Lars Brandi Jensen
Reier Pytte wrote:
> have you specifically routed port 25 on the router through to your
> mailserver's ip address?
>
Yes, and also for port 110
> Reier Pytte wrote:
>
> > have you specifically routed port 25 on the router through to your
> > mailserver's ip address?
> >
>
> Yes, and also for port 110
I will explain what I have done until now :
I have my one and only domaine my.dk. My local net is in the IP-range
10.1.x.x.. I have compiled the hole thing according to "Life with qmail"
on a RedHat 6.2. I used ./config-fast my.dk, and enabled realying in
tcp.smtp for 10.1. ( and it is rebuild and so on ). I have set op the
pop server and added the following :
tcpserver -v -R 0 pop3 /var/qmail/bin/qmail-popup my.dk \
/bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir 2>&1 | \
/var/qmail/bin/splogger pop3d &
And cheked /etc/services that the name really is pop3.
I have tried to telnet to port 25 ( telnet 10.1.x.x 25 ) locally and it
works fine. I have send and recived mails locally and it works out fine.
I have send mails outside my net and it works fine. But to recieve mails
from outside isn't working. I have tried to telnet to port 25 from
outside and there was no response ( telnet www.my.dk 25 ).
Any hint's
Lars Brandi Jensen
>there is no MX in my.dk and www.my.dk does not resolve.
I think you will find he was just giving a false domain name as is customary
among system admins...
Brett
At 13:33 21.07.00 +0200, Lars Brandi Jensen wrote:
>I have tried to telnet to port 25 ( telnet 10.1.x.x 25 ) locally and it
>works fine. I have send and recived mails locally and it works out fine.
>I have send mails outside my net and it works fine. But to recieve mails
>from outside isn't working. I have tried to telnet to port 25 from
>outside and there was no response ( telnet www.my.dk 25 ).
there is no MX in my.dk and www.my.dk does not resolve.
Matthias Henze
MH458-RIPE
MHC SoftWare GmbH voice: +49-(0)9533-92006-0
Fichtera 17 fax: +49-(0)9533-92006-6
96274 Itzgrund/Germany e-Mail: [EMAIL PROTECTED]
-----------------------------------------------------
------------- http://www.mhcsoftware.de -----------
On Fri, 21 Jul 2000, Brett Randall wrote:
> >there is no MX in my.dk and www.my.dk does not resolve.
>
> I think you will find he was just giving a false domain name as is customary
> among system admins...
Not customary on this list. Quite often a DNS error can cause mail not
to be delivered. If someone doesn't provide the real name it can't be
checked.
Vince.
--
==========================================================================
Vince Vielhaber -- KA8CSH email: [EMAIL PROTECTED] http://www.pop4.net
128K ISDN from $22.00/mo - 56K Dialup from $16.00/mo at Pop4 Networking
Online Campground Directory http://www.camping-usa.com
Online Giftshop Superstore http://www.cloudninegifts.com
==========================================================================
Lars Brandi Jensen <[EMAIL PROTECTED]> wrote:
>I have tried to telnet to port 25 ( telnet 10.1.x.x 25 ) locally and it
>works fine. I have send and recived mails locally and it works out fine.
>I have send mails outside my net and it works fine. But to recieve mails
>from outside isn't working. I have tried to telnet to port 25 from
>outside and there was no response ( telnet www.my.dk 25 ).
Sounds like your router isn't sending incoming port 25 connections to
your qmail system. This is a NAT/router problem.
-Dave
On Fri, Jul 21, 2000 at 01:33:34PM +0200, Lars Brandi Jensen wrote:
> I have tried to telnet to port 25 ( telnet 10.1.x.x 25 ) locally and it
> works fine. I have send and recived mails locally and it works out fine.
> I have send mails outside my net and it works fine. But to recieve mails
> from outside isn't working. I have tried to telnet to port 25 from
> outside and there was no response ( telnet www.my.dk 25 ).
>
> Any hint's
www.my.dk doesn't resolve.
If that's not your actual domain, how can we diagnose dns problems?
However, you seem to have narrowed this problem down to a router
configuration issue.
Find an example of a port which is being successfully forwarded to
an IP on your lan. Examine the difference between that configuration
and your port 25 configuration.
John
>>I have tried to telnet to port 25 ( telnet 10.1.x.x 25 ) locally and it
>>works fine. I have send and recived mails locally and it works out fine.
>>I have send mails outside my net and it works fine. But to recieve mails
>>from outside isn't working. I have tried to telnet to port 25 from
>>outside and there was no response ( telnet www.my.dk 25 ).
>
>Sounds like your router isn't sending incoming port 25 connections to
>your qmail system. This is a NAT/router problem.
By the way unless you have a really nice router, port forwarding can be a
bugger to do...The ipportfw & ipmasqadm code available for Linux stinks as
far as setting it up goes in a LAN, but maybe try (on an internet-viewable
machine if you have one), using nportredird or redir (both work nicely, but
nportredird has more functionality). Should work with BSD and other
variants... www.freshmeat.net has downloads. Might help, might not...
Brett.
John White wrote:
>
> On Fri, Jul 21, 2000 at 01:33:34PM +0200, Lars Brandi Jensen wrote:
> > I have tried to telnet to port 25 ( telnet 10.1.x.x 25 ) locally and it
> > works fine. I have send and recived mails locally and it works out fine.
> > I have send mails outside my net and it works fine. But to recieve mails
> > from outside isn't working. I have tried to telnet to port 25 from
> > outside and there was no response ( telnet www.my.dk 25 ).
> >
> > Any hint's
>
> www.my.dk doesn't resolve.
>
> If that's not your actual domain, how can we diagnose dns problems?
>
> However, you seem to have narrowed this problem down to a router
> configuration issue.
>
> Find an example of a port which is being successfully forwarded to
> an IP on your lan. Examine the difference between that configuration
> and your port 25 configuration.
>
> John
Hi,
The problem seems to be on the network side. From outside, you cannot
route
the class A network 10.X.X.X.
If you have a firewall, you can try this :
1) In your DNS, set entries to your smtp and pop port,
ex :
mysmtp IN MX myserver
myserver IN A <internet address>
mypop IN A <internet address>
2) in the firewall, NAT <internet address> to the class A
address(10.x.x.x)
and grant access on ports 25 and 100.
Now, your server smtp and pop should be visible from Internet at
<internet address>.
(check carefully to not be an open relay).
To send mail outside, you should pass through the same <internet
address>.
Think paranoid mode in tcpserver...
Hope this help!
Excuse my english :o)
--
Andr� Michaud
Analyste de l'informatique
Direction g�n�rale des t�l�comunications
Conseil du tr�sor
Brett Randall <[EMAIL PROTECTED]> writes on 21 July 2000 at 23:34:02 +1000
> >there is no MX in my.dk and www.my.dk does not resolve.
>
> I think you will find he was just giving a false domain name as is customary
> among system admins...
WHY is it customary? I just don't understand the level of paranoia
that seems to imply. And I've seen, repeatedly, how it prevents
people from helping.
--
Photos: http://dd-b.lighthunters.net/ Minicon: http://www.mnstf.org/minicon
Bookworms: http://ouroboros.demesne.com/ SF: http://www.dd-b.net/dd-b
David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED]
have you updated the assign file?
-----Original Message-----
From: Ricardo Cerqueira [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 21, 2000 2:10 AM
To: [EMAIL PROTECTED]
Subject: Re: qmail: 964126783.245290 delivery 15092: failure:
Sorry,_no_mailbo x_here_by_that_name._(#5.1.1)
On Fri, Jul 21, 2000 at 09:53:38AM +1000, Baden Hughes wrote:
>
> I've looked elsewhere, there's no info on it in the FAQ:
>
> - moved a user home directory from one partition to another, ensuring
> symlinks are updated etc
> - confirm user still exists on system
> - confirm permissions are still set appropriately for all directories
> - persistent error message : qmail: 964126783.245290 delivery 15092:
> failure: Sorry,_no_mailbox_here_by_that_name._(#5.1.1)
>
> Has qmail lost it's list of user homedirs ? How do I put a still existing
> user back into qmail's list of known recipients.
Have you tried changing the home in the passwd file? :)
(just a thought)
RC
--
+-------------------
| Ricardo Cerqueira
| PGP Key fingerprint - B7 05 13 CE 48 0A BF 1E 87 21 83 DB 28 DE 03 42
| Novis - Engenharia ISP / Rede T�cnica
| P�. Duque Saldanha, 1, 7� E / 1050-094 Lisboa / Portugal
| Tel: +351 21 3166700 (24h/dia) - Fax: +351 21 3166701
On Fri, 21 Jul 2000, Thomas Duterme wrote:
> Hi Folks,
>
> Please have a look at the bounce error message below. Does this signify
> that the IP is in MAPS? (every address to the 21.cn domain seems to be
> bouncing) I checked, and indeed, they are blackholed. I don't quite
> understand why *I* can't mail to them though. I thought MAPS worked the
> other way around... ie spammers cannot spam certain mailservers. Any
> clarifications would be appreciated on the 553 error code and its meaning.
No. It means 21CN.COM doesn't like MSIYUYU and it's refusing to deliver
mail to that user. (202.104.32.232 is one of 21cn.com's unnamed mail
servers)
Vince.
>
> Thomas
>
> ******BOUNCE MESSAGE******
>
> Hi. This is the qmail-send program at grendel.madeforchina.com.
> I'm afraid I wasn't able to deliver your message to the following addresses.
> This is a permanent error; I've given up. Sorry it didn't work out.
>
> <[EMAIL PROTECTED]>:
> 202.104.32.232 does not like recipient.
> Remote host said: 553 To <[EMAIL PROTECTED]>, message blocked.
> Giving up on 202.104.32.232.
>
>
--
==========================================================================
Vince Vielhaber -- KA8CSH email: [EMAIL PROTECTED] http://www.pop4.net
128K ISDN from $22.00/mo - 56K Dialup from $16.00/mo at Pop4 Networking
Online Campground Directory http://www.camping-usa.com
Online Giftshop Superstore http://www.cloudninegifts.com
==========================================================================
On Fri, Jul 21, 2000 at 05:04:59PM +0800, Philip, Tim (CNBC Asia) wrote:
> orbs.org recently tested our qmail server, I mailed them and they advised
> that our server could be used as a "proxy mailbomb relay". By this they
> mean that a message with a forged FROM: address and multiple bad
> RCPT TO: addresses will generate multiple non-delivery reports being
> sent to the forged FROM: address. Is it possible to stop this?
>
> This is not a huge problem I'm just interested.
---end quoted text---
sounds like you used the patch that controls relaying by the from address??
if you don't use that patch then that wont be possible
the better (more secure) solution is to use the patch where you have to check
your pop mail before you can send mail. of course that requires the user to
do the right thing
--
Brian Johnson <[EMAIL PROTECTED]>
---
Geek: "I've invented a way to download porn off the internet one
million times faster!"
Marge: "Does anybody really need that much porno?"
Homer: "Mmmmmmm... one million times *droooool!*"
Geek: I can download 5 billion pictures in 7 seconds.
Homer: But I want them now.
> sounds like you used the patch that controls relaying by the
> from address??
No, ORBS is talking about a different thing.
If I want to mailbomb foo.com, and bar.com is running qmail, then I
can connect to bar.com's mail and say:
mail from: <[EMAIL PROTECTED]> (not me, my victim)
rcpt to: <[EMAIL PROTECTED]> (presumed not to exist, will bounce)
rcpt to: <[EMAIL PROTECTED]> (same)
... (and so on)
rcpt to: <[EMAIL PROTECTED]> (same)
data
Subject: ha ha ha
Enjoy this DOS
.
quit
And qmail will send 26 individual bounce messages, one for each
nonexistent recipient at bar.com, back to our victim at foo.com.
I think ORBS is worrying too much, but that's just me.
--
gowen -- Greg Owen -- [EMAIL PROTECTED]
On Fri, Jul 21, 2000 at 09:18:42AM -0400, Greg Owen wrote:
> > sounds like you used the patch that controls relaying by the
> > from address??
>
> No, ORBS is talking about a different thing.
>
> If I want to mailbomb foo.com, and bar.com is running qmail, then I
> can connect to bar.com's mail and say:
>
> mail from: <[EMAIL PROTECTED]> (not me, my victim)
> rcpt to: <[EMAIL PROTECTED]> (presumed not to exist, will bounce)
> rcpt to: <[EMAIL PROTECTED]> (same)
> ... (and so on)
> rcpt to: <[EMAIL PROTECTED]> (same)
> data
> Subject: ha ha ha
>
> Enjoy this DOS
> .
> quit
>
> And qmail will send 26 individual bounce messages, one for each
> nonexistent recipient at bar.com, back to our victim at foo.com.
>
> I think ORBS is worrying too much, but that's just me.
---end quoted text---
oh, I get it.. I agree that they're probably worrying too much, but how should
qmail prevent this? does sendmail handle it differently?
--
Brian Johnson <[EMAIL PROTECTED]>
---
In what language does 'open' mean 'execute the evil contents of a document?
--Les Mikesell
On Fri, Jul 21, 2000 at 09:18:42AM -0400, Greg Owen wrote:
> And qmail will send 26 individual bounce messages, one for each
> nonexistent recipient at bar.com, back to our victim at foo.com.
No it won't:
http://www.ornl.gov/its/archives/mailing-lists/qmail/2000/03/msg00112.html
james
--
James Raftery (JBR54) - Programmer Hostmaster - IE TLD Hostmaster
IE Domain Registry - www.domainregistry.ie - (+353 1) 706 2375
"Managing 4000 customer domains with BIND has been a lot like
herding cats." - Mike Batchelor, on [EMAIL PROTECTED]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 21 Jul 00, at 9:18, Greg Owen wrote:
> No, ORBS is talking about a different thing.
>
> If I want to mailbomb foo.com, and bar.com is running qmail, then I
> can connect to bar.com's mail and say:
>
> mail from: <[EMAIL PROTECTED]> (not me, my victim)
> rcpt to: <[EMAIL PROTECTED]> (presumed not to exist, will bounce)
> rcpt to: <[EMAIL PROTECTED]> (same) ...
> (and so on) rcpt to: <[EMAIL PROTECTED]> (same) data Subject: ha ha
> ha
>
> Enjoy this DOS
> .
> quit
>
> And qmail will send 26 individual bounce messages, one for each
> nonexistent recipient at bar.com, back to our victim at foo.com.
Where did you get this nonsense from? Please go ahead and test;
qmail will return only ONE bounce message specifying all 26
addresses. (I have tried, just now. Why haven't you?)
The only way for this attack to work is to talk to qmail on a
secondary MX (and have primary MX generate 26 distinct
bounces), but then the effect of the mailbomb is probably
diminished by the (allegedly) poor line between secondary and
primary (why would you care about secondary, otherwise?).
> I think ORBS is worrying too much, but that's just me.
Yeah, sure. I mean, there is lot of other DoSes possible. Why
would you care about too-many-emails? Is your computer really
secured against any DoS possible (including DDoS), except
mailbombing?
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60
Comment: http://community.wow.net/grt/qdpgp.html
iQA/AwUBOXhDS1MwP8g7qbw/EQIgZwCfQTI4gwMVLbDzsDTlJcaPJrHWWkUAoOkR
imMdjZjPzZxk9MyMDgC374ID
=g71l
-----END PGP SIGNATURE-----
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
[Tom Waits]
> No it won't:
> http://www.ornl.gov/its/archives/mailing-lists/qmail/2000/03/msg00112.html
This is only true for the case that the receiving mailserver handles the
mail directly. If it relays to another qmail server you have your
amplifier because the first qmail will transmit all copies separately.
Regards, Frank
> The only way for this attack to work is to talk to qmail on a
> secondary MX (and have primary MX generate 26 distinct
> bounces), but then the effect of the mailbomb is probably
> diminished by the (allegedly) poor line between secondary and
> primary (why would you care about secondary, otherwise?).
Secondaries are not the only case. We for example have a system of chained
qmail servers with enough bandwith between them. All go through one
gateway server. All the subdomain systems do not have direct Internet
access.
Internet <--> gateway qmail <---+---> subdomain1 qmail
|
|---> subdomain2 qmail
...
Regards, Frank
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 21 Jul 00, at 15:53, Frank Tegtmeyer wrote:
> Secondaries are not the only case. We for example have a system of
> chained qmail servers with enough bandwith between them. All go
> through one gateway server. All the subdomain systems do not have
> direct Internet access.
Why do you use SMTP between them? Use qmtp or qmqp or
whatever the beast is called, and have the last qmail in the chain
do the expansion (or generate the only bounce).
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60
Comment: http://community.wow.net/grt/qdpgp.html
iQA/AwUBOXhJClMwP8g7qbw/EQLbAQCdE1Bo3zuctW74tWEd54w4i+vvQ7kAoNPT
MvCowCV8J6KkHX+c5qk0r5rB
=2mnb
-----END PGP SIGNATURE-----
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
[Tom Waits]
Petr Novotny wrote:
>The only way for this attack to work is to talk to qmail on a
>secondary MX (and have primary MX generate 26 distinct
>bounces), but then the effect of the mailbomb is probably
>diminished by the (allegedly) poor line between secondary and
>primary (why would you care about secondary, otherwise?).
It's common practice for a non-primary mail server to be networkographically
close to a primary mail server. Often, a primary and one of its backups are
physically right next to each other. In other cases, a backup mail server
is provided by an upstream provider, hopefully, the link between a customer
and its upstream wouldn't be of low quality.
qmail-send's behavior for remote deliveries (which includes how it deals
with qmail-rspawn and qmail-remote) is something that's bothered me for a
while. The system really should manage remote deliveries better. At
present, we have one SMTP connection per remote address. This should at
least be modified to give one SMTP connection for each remote mail server
that needs to be contacted for any given message. The ideal case would
allow for a limited number of SMTP connections (to allow for parallel
delivery) to any remote host at any given time, and the capability to
transfer multiple messages in a single SMTP session.
I understand that qmail's structure makes this difficult, but I don't think
that it should be impossible.
>Yeah, sure. I mean, there is lot of other DoSes possible. Why
>would you care about too-many-emails? Is your computer really
>secured against any DoS possible (including DDoS), except
>mailbombing?
There's a difference between being the target of a denial-of-service attack
and being involved in one as a tool used by an attacker. As participants on
the public Internet, we have to be willing to acknowledge our own
susceptibility to being targets, and take measures to handle them as our
personal or organizational requirements dictate. We must not be willing to
promote abusive activities by knowingly supporting, directly or indirectly,
bad practices.
Mark
--
Do not reply directly to this e-mail address
--
Mark Mentovai
UNIX Engineer
Gillette Global Network
On Fri, Jul 21, 2000 at 09:18:42AM -0400, Greg Owen wrote:
> If I want to mailbomb foo.com, and bar.com is running qmail, then I
> can connect to bar.com's mail and say:
>
> mail from: <[EMAIL PROTECTED]> (not me, my victim)
> rcpt to: <[EMAIL PROTECTED]> (presumed not to exist, will bounce)
> rcpt to: <[EMAIL PROTECTED]> (same)
> ... (and so on)
> rcpt to: <[EMAIL PROTECTED]> (same)
> data
> Subject: ha ha ha
>
> Enjoy this DOS
> .
> quit
>
> And qmail will send 26 individual bounce messages, one for each
> nonexistent recipient at bar.com, back to our victim at foo.com.
Upon what are you basing this conclusion? A real-life test? Or
supposition?
John
> Why do you use SMTP between them? Use qmtp or qmqp or
> whatever the beast is called, and have the last qmail in the chain
> do the expansion (or generate the only bounce).
Does QMTP avoid expansion? At this time it would also require
serialmail or is there a patched qmail-remote with qmtp support?
QMQP is not possible - all servers must be able to queue.
Regards, Frank
On Fri, Jul 21, 2000 at 09:59:35AM -0400, Mark Mentovai wrote:
> qmail-send's behavior for remote deliveries (which includes how it deals
> with qmail-rspawn and qmail-remote) is something that's bothered me for a
> while. The system really should manage remote deliveries better. At
> present, we have one SMTP connection per remote address. This should at
> least be modified to give one SMTP connection for each remote mail server
> that needs to be contacted for any given message. The ideal case would
> allow for a limited number of SMTP connections (to allow for parallel
> delivery) to any remote host at any given time, and the capability to
> transfer multiple messages in a single SMTP session.
>
> I understand that qmail's structure makes this difficult, but I don't think
> that it should be impossible.
qmail's structure make this exceedingly easy.
Add the domain in question to rcpthosts. Add a loop-back entry for
the domain to smtproutes. Add an entry for the domain to virtualhosts.
Create a maildir for the domain. Create a .qmail-default entry for the
domain pointing to the maildir. Use maildirsmtp to transfer all the
mail stored in the maildir to the remote domain over a single smtp
session.
John
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 21 Jul 00, at 9:59, Mark Mentovai wrote:
> There's a difference between being the target of a denial-of-service
> attack and being involved in one as a tool used by an attacker. As
> participants on the public Internet, we have to be willing to
> acknowledge our own susceptibility to being targets, and take measures
> to handle them as our personal or organizational requirements dictate.
> We must not be willing to promote abusive activities by knowingly
> supporting, directly or indirectly, bad practices.
If this is really, really your bother, just use the patch to control the
maximum number of RCPT-TOs for one message.
BTW, you can still be the "tool", even without this amplification.
Let's denote "A" attacker, "B" "tool" and "C" victim. Suppose that
A and B are "stronger" (faster, or just on a faster line) than C (you
can attack only someone weaker). A connects to B's SMTP and
starts sending undeliverable messages with C as the fake sender
at a fast rate; only one RCPT TO per message; B sends the
bounces to C at the same rate, overwhelming C and its connection.
"B" can be any SMTP server which doesn't immediatelly check the
recipient; any secondary MX falls into this category, as many large
SMTPs (with many local users, I mean) like (maybe - I don't know)
aol.com, hotmail.com etc.
Please note that this attack already has nothing to do with qmail at
all: It just shows that SMTP is an inherently weak protocol, due to
lack of authentication. Should we blame qmail from SMTP's
weaknesses? It's an odd thing to do, isn't it?
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60
Comment: http://community.wow.net/grt/qdpgp.html
iQA/AwUBOXhMNlMwP8g7qbw/EQIsHQCfStMYH/McTKr+R38Pl2xO1+XMpp4AnRTE
FwVb6k/Ti+8yIh77q2bMtGIr
=mQ54
-----END PGP SIGNATURE-----
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
[Tom Waits]
John White wrote:
>On Fri, Jul 21, 2000 at 09:59:35AM -0400, Mark Mentovai wrote:
>> qmail-send's behavior for remote deliveries (which includes how it deals
>> with qmail-rspawn and qmail-remote) is something that's bothered me for a
>> while. The system really should manage remote deliveries better. At
>> present, we have one SMTP connection per remote address. This should at
>> least be modified to give one SMTP connection for each remote mail server
>> that needs to be contacted for any given message. The ideal case would
>> allow for a limited number of SMTP connections (to allow for parallel
>> delivery) to any remote host at any given time, and the capability to
>> transfer multiple messages in a single SMTP session.
>>
>> I understand that qmail's structure makes this difficult, but I don't think
>> that it should be impossible.
>
>qmail's structure make this exceedingly easy.
>
>Add the domain in question to rcpthosts. Add a loop-back entry for
>the domain to smtproutes. Add an entry for the domain to virtualhosts.
>Create a maildir for the domain. Create a .qmail-default entry for the
>domain pointing to the maildir. Use maildirsmtp to transfer all the
>mail stored in the maildir to the remote domain over a single smtp
>session.
That's very easy on a host-by-host basis, and I use it for certain setups.
The problem is that there shouldn't be any "domain in question," an MTA
should make efficient use of a limited number of SMTP sessions when
transferring mail to any other MTA.
Mark
--
Do not reply directly to this e-mail address
--
Mark Mentovai
UNIX Engineer
Gillette Global Network
Mark Mentovai <[EMAIL PROTECTED]> wrote:
re: one-SMTP-session-per-recipient
> That's very easy on a host-by-host basis, and I use it for certain setups.
> The problem is that there shouldn't be any "domain in question," an MTA
> should make efficient use of a limited number of SMTP sessions when
> transferring mail to any other MTA.
qmail doesn't do this by default, and manages to use resources much more
efficiently than sendmail, which does this. Why should qmail change?
Charles
--
-----------------------------------------------------------------------
Charles Cazabon <[EMAIL PROTECTED]>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
-----------------------------------------------------------------------
> > And qmail will send 26 individual bounce messages, one for each
> > nonexistent recipient at bar.com, back to our victim at foo.com.
>
> Where did you get this nonsense from? Please go ahead and test;
> qmail will return only ONE bounce message specifying all 26
> addresses. (I have tried, just now. Why haven't you?)
I did test, and it IS true with qmail forwarding in to an internal
mail store from the DMZ. I did not test where the qmail box is the final
delivery box, relay or no, because I'm not set up for that here. If it'll
make you happy, though...
<clickety click>
Yup. If you have one qmail box forwarding to a second qmail box
which is the mail store, you get this amplification.
> The only way for this attack to work is to talk to qmail on a
> secondary MX (and have primary MX generate 26 distinct
> bounces), but then the effect of the mailbomb is probably
> diminished by the (allegedly) poor line between secondary and
> primary (why would you care about secondary, otherwise?).
Lots of other reasons.
1) Many sites will have a relay machine in the DMZ which talks with
Internet hosts, and an internal mail store that only talks to the relay
machine. It's a pretty standard firewall layout. It improves security and
performance.
2) Some sites will have 1+n mail relays in the DMZ, so that a hard
drive failure won't knock mail out, and so that maintenance and upgrades are
non-disruptive.
3) Some sites have multiple high-bandwidth lines, and will have mail
relays at various sites. Think co-lo. If you're paying through the nose to
have your web servers at a hardened high-availability installation, why
wouldn't you throw a secondary or tertiary MX out there for redundancy? In
such a case, the bandwith on your secondary is BETTER than on your primary.
This attack doesn't work if you have a single mail server which is
your mail store and your primary internet SMTP conduit. I'd run something
like that at home, but not at work. Of course, I'm a little funny when it
comes to redundancy; I prefer having it over not having it.
> > I think ORBS is worrying too much, but that's just me.
>
> Yeah, sure. I mean, there is lot of other DoSes possible. Why
> would you care about too-many-emails? Is your computer really
> secured against any DoS possible (including DDoS), except
> mailbombing?
The big thing with this DOS is the multiplication. If you enter 100
bogus recipients at a total traffic of <1k, and enter one data component
equaling 1 meg, then at the cost of 1meg+1k you have created an attack
equaling 100 meg of data. DOS attacks in general usually focus more on
"many tiny packets," because they're harder to block. This attack creates
less, but larger, packets, and from less sources - which makes it easier to
block, which makes it less useful as a DOS, which is why I think ORBS is
worrying too much.
--
gowen -- Greg Owen -- [EMAIL PROTECTED]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 21 Jul 00, at 10:30, Mark Mentovai wrote:
> The problem is that there shouldn't be any "domain in
> question," an MTA should make efficient use of a limited number of
> SMTP sessions when transferring mail to any other MTA.
This horse has been beaten to death. What do you mean by
"should"? And why "limited number"?
My MTA should get the messages out as soon as possible. I have
seen the benchmarks, and I know that my MTA does exactly that.
Of course, your MTA might have different priorities. Nobody
coerced you into using qmail, right?
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60
Comment: http://community.wow.net/grt/qdpgp.html
iQA/AwUBOXhSNFMwP8g7qbw/EQLxrACfVABZ94Cpm+wdynbxjNf2/SgfWx8An2Za
KZUHBRRf58xxK7umBkQoxNtW
=Vbig
-----END PGP SIGNATURE-----
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
[Tom Waits]
On Fri, Jul 21, 2000 at 10:30:41AM -0400, Mark Mentovai wrote:
> That's very easy on a host-by-host basis, and I use it for certain setups.
> The problem is that there shouldn't be any "domain in question," an MTA
> should make efficient use of a limited number of SMTP sessions when
> transferring mail to any other MTA.
Why?
I'm not trying to be too much of a smartass here, but you're
projecting your ideas about nice network usage onto the
smtp protocol, which doesn't demand it.
How is this accumulation supposed to occur? Per queue injection?
Over a time period? How long of a time period? As long as we're
being good neighbors, should the mta lookup the mx for each
recipient and accumulate by mx? What should we do if the dns
gives us a 0 ttl for the mx?
While you ponder the answer to those questions, qmail will have
delivered the mail.
John
Petr Novotny wrote:
>BTW, you can still be the "tool", even without this amplification.
>Let's denote "A" attacker, "B" "tool" and "C" victim. Suppose that
>A and B are "stronger" (faster, or just on a faster line) than C (you
>can attack only someone weaker). A connects to B's SMTP and
>starts sending undeliverable messages with C as the fake sender
>at a fast rate; only one RCPT TO per message; B sends the
>bounces to C at the same rate, overwhelming C and its connection.
>
>"B" can be any SMTP server which doesn't immediatelly check the
>recipient; any secondary MX falls into this category, as many large
>SMTPs (with many local users, I mean) like (maybe - I don't know)
>aol.com, hotmail.com etc.
>
>
>Please note that this attack already has nothing to do with qmail at
>all: It just shows that SMTP is an inherently weak protocol, due to
>lack of authentication. Should we blame qmail from SMTP's
>weaknesses? It's an odd thing to do, isn't it?
It is indeed, which is why I wonder why you bring it up. I wasn't blaming
qmail for one of SMTP's shortcomings, I was blaming it for the initial
attack in question, the way that it manages outgoing SMTP sessions, and by
extension, the way that it makes it relatively simple to amplify a single
message into multiple bounces. The point is that SMTP allows for many bad
practices that can and should be avoided in implementations. This is one of
them. I apologize if I was unclear.
Mark
--
Do not reply directly to this e-mail address
--
Mark Mentovai
UNIX Engineer
Gillette Global Network
> qmail doesn't do this by default, and manages to use resources much more
> efficiently than sendmail, which does this. Why should qmail change?
It does break one of the basic rules on the Internet that many people fell
ist still important. It produces bad reputation (based only on this one
fact, ignoring all the other good things about qmail) for qmail and
sometimes it's author. This is often extended to administrators using
qmail.
Not that I do care about this - but it also hinders qmails spreading and
that's a thing we could care about.
Regards, Frank
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 21 Jul 00, at 16:47, Frank Tegtmeyer wrote:
> > qmail doesn't do this by default, and manages to use resources much
> > more efficiently than sendmail, which does this. Why should qmail
> > change?
>
> It does break one of the basic rules on the Internet that many people
> fell ist still important.
Which rule is it? 95% of the people on the internet care about
speed, not bandwidth consumption or resource usage. How many
people have you observed saying "I am pulling down all the nifty
graphics from my website - it consumes too much resources."?
Pray do tell.
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60
Comment: http://community.wow.net/grt/qdpgp.html
iQA/AwUBOXhVdlMwP8g7qbw/EQILDACfbE9O5eRQjl321OEbOlSdcbvat10AniRB
aWf1mqpDHbiGtuNdBAJWzsMX
=iFi9
-----END PGP SIGNATURE-----
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
[Tom Waits]
I would have to agree with the multiple connections == bad neighbour behaviour
(if this is true).
I might encourage re-ordering of sends to have parallel, per-MX queues ...
msg1 -> mx1 (in progress)
msg2 -> mx2 (start another process)
msg3 -> mx1 (queue and send on same connection as #1 when #1 is done)
msg4 -> mx3 (start another process)
msg5 -> mx2 (queue and send on same connection as #2 when #2 is done)
> ------------ HERE IS WHAT ORBS.ORG SAID ABOUT QMAIL: ------------
>
> Kick Qmail's author.
>
> To be honest, I regard qmail as a bit of a dog. It's great for mailing
> lists, but as a general purpose MTA it has too many bad habits.
>
> Apart from the accept, then process issue it also:
>
> Only sends one RCPT TO:<> per message, even if multiple recipients are at
> the same MX.
>
> Opens as many connections to a remote server as it can in order to deliver
> those individual messages in parallel.
>
> It results in temporary denial of service attacks and huge amounts of
> unnecessary bandwidth consumption. The program is designed around a
> mentality of "I will deliver the mail _now_, _no matter what_", instead of
> being a nice network neighbour and treating smtp as low priority data which
> is given sensible backoff algorithms.
Frank Tegtmeyer <[EMAIL PROTECTED]> wrote:
>
> > qmail doesn't do this by default, and manages to use resources much more
> > efficiently than sendmail, which does this. Why should qmail change?
>
> It does break one of the basic rules on the Internet that many people fell
> ist still important. It produces bad reputation (based only on this one
> fact, ignoring all the other good things about qmail) for qmail and
> sometimes it's author.
Only by the ignorant. The only things that an MTA's reputation should be
affected by are its security, reliability, and efficiency, in that order.
qmail wins hands-down in virtually any real-world situtation. Therefore
I trust DJB's design decisions.
Charles
--
-----------------------------------------------------------------------
Charles Cazabon <[EMAIL PROTECTED]>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
-----------------------------------------------------------------------
Petr Novotny wrote:
>On 21 Jul 00, at 10:30, Mark Mentovai wrote:
>
>> The problem is that there shouldn't be any "domain in
>> question," an MTA should make efficient use of a limited number of
>> SMTP sessions when transferring mail to any other MTA.
>
>This horse has been beaten to death. What do you mean by
>"should"? And why "limited number"?
I use "should" in the same manner that it is used in the documents which
define the very standards and practices over which we are arguing. In order
to be a good 'net neighbor, an MTA (note that I am not singling any MTA out
here) should not open 25 SMTP connections to the same host to transfer the
same message specifying a different destination address each time when it
can just as easily open a single connection and specify 25 destination
addresses.
>My MTA should get the messages out as soon as possible. I have
>seen the benchmarks, and I know that my MTA does exactly that.
Is it as fast as possible? In the situation above, what I suggest should
happen is actually faster and makes better use of network resources than
qmail's current implementation.
>Of course, your MTA might have different priorities. Nobody
>coerced you into using qmail, right?
I use qmail because it meets most of my needs better than anything else I've
seen or used. That doesn't mean I have to accept everything that it does as
the best possible implementation given current standards and practices. If
we all were to do that, very little progress would be made. Never assume
that there is no room for improvement.
Am I really the only one that feels this way? Does nobody else agree with
me or recognize my concerns? Are my suggestions really so far out there
that everyone is willing to write me off as a radical? I didn't think so,
but it may be the case. If I'm the only person reading who is interested in
discussing improvements, then I might as well thank you all for listening to
me as long as you have and give up.
Mark
--
Do not reply directly to this e-mail address
--
Mark Mentovai
UNIX Engineer
Gillette Global Network
> 95% of the people on the internet care about
> speed, not bandwidth consumption or resource usage.
Of course. That's why and for security I do use qmail.
> people have you observed saying "I am pulling down all the nifty
> graphics from my website - it consumes too much resources."?
The receiver (user) is able to do it.
A properly managed mail receiving system may do it too - this is the point
most people overlook. There add false statements about qmail's "hammering"
receiving systems. I think, you know the most used arguments against
qmail.
It only would be nice to eliminate the worst of them.
Regards, Frank
> oh, I get it.. I agree that they're probably worrying too
> much, but how should qmail prevent this? does sendmail
> handle it differently?
If N recipients at a site are getting the same exact message, you
enter multiple RCPT TO lines and one DATA entry. If N recipients at a site
are getting N different messages, you use RSET to reuse the existing SMTP
connection (something I've never fully trusted the PC-mail-store vendors to
get right, quite frankly). Sendmail defaults to doing the former, but not
the latter, if I recall (and I don't, 'cause I haven't screwed with sendmail
for years, so don't get on my case if I'm wrong.)
Qmail gets better performance by opening multiple connections in
parallel. ORBS thinks that this is too greedy of an algorithm. Presumably
they'd rather save the bandwidth for more useful business traffic like
Napster or Quake. I find it hard to see how someone working at an
organization dedicated to protecting the mail infrastructure can say
something like "treating smtp as low priority data."
--
gowen -- Greg Owen -- [EMAIL PROTECTED]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 21 Jul 00, at 10:58, Mark Mentovai wrote:
> >My MTA should get the messages out as soon as possible. I have
> >seen the benchmarks, and I know that my MTA does exactly that.
>
> Is it as fast as possible? In the situation above, what I suggest
> should happen is actually faster and makes better use of network
> resources than qmail's current implementation.
I really suggest you to sift through the archives first. My MTA really
does faster, even in this situation: The round-trip times around here
are too long. The less round-trips, the faster the mail gets through.
Easy as that.
> Am I really the only one that feels this way? Does nobody else agree
> with me or recognize my concerns? Are my suggestions really so far
> out there that everyone is willing to write me off as a radical?
It's not that; but we've seen the points you raise quite a few times.
It took me quite some time to verify the facts and remove the
mental blocks - a year ago, I'd back you up with most of your
concerns.
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60
Comment: http://community.wow.net/grt/qdpgp.html
iQA/AwUBOXhZxVMwP8g7qbw/EQKtiwCfSyQff2m3B6AXm8uUDfx+Ys52lqIAnje7
I3+va25QS2bt7WAQ22cb+toC
=ECc7
-----END PGP SIGNATURE-----
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
[Tom Waits]
Mark Mentovai <[EMAIL PROTECTED]> wrote:
>
> I use "should" in the same manner that it is used in the documents which
> define the very standards and practices over which we are arguing. In order
> to be a good 'net neighbor, an MTA (note that I am not singling any MTA out
> here) should not open 25 SMTP connections to the same host to transfer the
> same message specifying a different destination address each time when it
> can just as easily open a single connection and specify 25 destination
> addresses.
[...]
> Is it as fast as possible? In the situation above, what I suggest should
> happen is actually faster and makes better use of network resources than
> qmail's current implementation.
"Measure; don't speculate" -- DJB.
Real world tests show that in most instances, qmail will deliver its
multiple copies of an email with multiple recipients at the same MX
faster than sendmail will with its single-copy, multiple RCPT strategy.
And qmail uses less system resources in the process. Also, by not tying
up an SMTP session for an extended period of time, one could argue that
qmail is more network-friendly for it.
The problem with re-using the same SMTP session for multiple messages, etc,
is the high-latency inherent in the protocol. DJB found an easy way around
that.
Charles
--
-----------------------------------------------------------------------
Charles Cazabon <[EMAIL PROTECTED]>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
-----------------------------------------------------------------------
The issue of bandwidth management is the #1 issue for higher level ISPs
right now. Obviously you don't read the trade magazines or talk to those
persons.
The move to lower bandwidth consumption of websites in general has picked up
speed as well. Many many sites and organisations are taking a stand to
reduce bandwidth use of websites and the Internet in general.
Bandwidth consumption on the Internet is important enough that most routers
and software routers (including Linux) now include options to make use of
RED (random early detection) in their queuing systems to drop IP packets and
cause TCP streams to slow down and not fill their pipes. Major routers are
clogging and locking up at major websites. This is a real issue. If you
think opening a few dozen connections to a major ISP who has to handle
thousands is not going to make a difference, think again.
NOTE:
Mind you, I think a simple solution includes adding an option to drop
incoming connections (on tcpserver) from IPs that already have connections
open.
Petr Novotny wrote:
> > It does break one of the basic rules on the Internet that many people
> > fell ist still important.
>
> Which rule is it? 95% of the people on the internet care about
> speed, not bandwidth consumption or resource usage. How many
> people have you observed saying "I am pulling down all the nifty
> graphics from my website - it consumes too much resources."?
John White wrote:
> On Fri, Jul 21, 2000 at 10:30:41AM -0400, Mark Mentovai wrote:
> > That's very easy on a host-by-host basis, and I use it for certain setups.
> > The problem is that there shouldn't be any "domain in question," an MTA
> > should make efficient use of a limited number of SMTP sessions when
> > transferring mail to any other MTA.
>
> I'm not trying to be too much of a smartass here, but you're
> projecting your ideas about nice network usage onto the
> smtp protocol, which doesn't demand it.
And DJB has already proposed other protocol solutions that don't handle this
issue either. That said, your comment is moot. SMTP has lots of problems, why
_not_ solve them?
> How is this accumulation supposed to occur? Per queue injection?
> Over a time period? How long of a time period? As long as we're
> being good neighbors, should the mta lookup the mx for each
> recipient and accumulate by mx? What should we do if the dns
> gives us a 0 ttl for the mx?
Accumulation as long as a connection is open to the foreign MTA. That was easy.
> While you ponder the answer to those questions, qmail will have
> delivered the mail.
Or crashed a mailserver.
Don't get me wrong. I like Qmail for the most part. I just think there's
room for improvement. And room for less attitude ... hint.
Petr Novotny wrote:
> > The problem is that there shouldn't be any "domain in
> > question," an MTA should make efficient use of a limited number of
> > SMTP sessions when transferring mail to any other MTA.
>
> This horse has been beaten to death. What do you mean by
> "should"? And why "limited number"?
To be friendly to your neighbours ...
> Of course, your MTA might have different priorities. Nobody
> coerced you into using qmail, right?
No, but if qmail is making the deliveries to another MTA, that MTA doesn't
have much choice about whether its going to accept deliveries from Qmail or
not, so why not make Qmail a nice neighbour while we're at it?
There's nothing wrong with using intelligent queuing to reorder messages and
reduce session #'s. If just getting the mail out FAST is all that matters,
fine. But that's NOT all that matters.
I agree.
But I think we're both just labelled as radicals for wanting better than the
best there is.
Microsoft ended up with good software at some point in time ... best of its
class even ... then stopped making it better.
Hint ;-).
Mark Mentovai wrote:
> I use qmail because it meets most of my needs better than anything else I've
> seen or used. That doesn't mean I have to accept everything that it does as
> the best possible implementation given current standards and practices. If
> we all were to do that, very little progress would be made. Never assume
> that there is no room for improvement.
>
> Am I really the only one that feels this way? Does nobody else agree with
> me or recognize my concerns? Are my suggestions really so far out there
> that everyone is willing to write me off as a radical? I didn't think so,
> but it may be the case. If I'm the only person reading who is interested in
> discussing improvements, then I might as well thank you all for listening to
> me as long as you have and give up.
John White wrote:
>On Fri, Jul 21, 2000 at 10:30:41AM -0400, Mark Mentovai wrote:
>> That's very easy on a host-by-host basis, and I use it for certain setups.
>> The problem is that there shouldn't be any "domain in question," an MTA
>> should make efficient use of a limited number of SMTP sessions when
>> transferring mail to any other MTA.
>
>Why?
>
>I'm not trying to be too much of a smartass here, but you're
>projecting your ideas about nice network usage onto the
>smtp protocol, which doesn't demand it.
Why not? You can have your cake and eat it too. Efficient network
utilization doesn't mean delayed or slow delivery.
>How is this accumulation supposed to occur? Per queue injection?
>Over a time period? How long of a time period? As long as we're
>being good neighbors, should the mta lookup the mx for each
>recipient and accumulate by mx? What should we do if the dns
>gives us a 0 ttl for the mx?
None of the above. Let me give a loose description of what my idea of an
efficient and fast MTA can do:
When an MTA receives a message that should be sent out remotely, it should
determine, in order of preference, which remote hosts are candidates for
relaying the message. It should then attempt delivery to the
best-preference host it can find, unless a certain number of active SMTP
sessions to that host are already open. (This number can be one, or it can
be something else small in the interests of allowing for parallel delivery.
It should not be unlimited.) If there are already too many active SMTP
sessions to the remote host, the message should wait until one of those
sessions has finished transferring a message. Instead of closing the SMTP
session, the sender would then transfer the new, waiting message. When a
new message hits the queue and a delivery is attempted, any other messages
in the queue waiting to be delivered to the same host should also be sent
across the same session, or set of sessions.
An MTA should not split the same message up into multiple messages when
transferring them beyond reason. Although RFC 821 recommends that an SMTP
server implementation place no arbitrary limitation on the number of
recipients per message, it mandates that mail servers must be able to
process up to 100 recipients. If an MTA receives a message with 100
recipients with the same MX, there is no reason to transfer the message to
the remote mail exchanger 100 times.
Mark
--
Do not reply directly to this e-mail address
--
Mark Mentovai
UNIX Engineer
Gillette Global Network
> From: Mark Mentovai [mailto:[EMAIL PROTECTED]]
>
>
> I use "should" in the same manner that it is used in the documents which
> define the very standards and practices over which we are
> arguing. In order
> to be a good 'net neighbor, an MTA (note that I am not singling
> any MTA out
> here) should not open 25 SMTP connections to the same host to transfer the
> same message specifying a different destination address each time when it
> can just as easily open a single connection and specify 25 destination
> addresses.
I have to agree with Mark on this. I also saw this behaviour of qmail's as
not too serious, especially given djb's arguments about email traffic vs web
traffic (sorry no url), but we did have what might be called a pathalogical
case - a user mailing the a 1 MB file to 10 people at his office, every day.
>From the company admin pov it looked we were trying to DoS him (they are
running a NAI based virus checker on the incoming mailer). We had to get the
user to send mail via our secondary mailer (an NT system running Mailsite).
>
[snip]
>
> Am I really the only one that feels this way? Does nobody else agree with
> me or recognize my concerns? Are my suggestions really so far out there
> that everyone is willing to write me off as a radical? I didn't think so,
> but it may be the case. If I'm the only person reading who is
> interested in
> discussing improvements, then I might as well thank you all for
> listening to
> me as long as you have and give up.
I share your views. It really is the only area of concern for me wrt qmail.
I think that limiting the number of simultaneous smtp connections to a
particular host would eleviate my concerns.
Regards
Abdul
>
> Mark
>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 21 Jul 00, at 11:17, Michael T. Babcock wrote:
> > While you ponder the answer to those questions, qmail will have
> > delivered the mail.
>
> Or crashed a mailserver.
Please stop that. When was the last time you saw a crashed
mailserver due to getting too many mails? And what was the
software?
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60
Comment: http://community.wow.net/grt/qdpgp.html
iQA/AwUBOXheO1MwP8g7qbw/EQLgvwCfS9278E2uqJpiFISpHWXdKJ98hPkAoJvc
TVbYy0Weh8GL8M2mda3QZQQS
=nFIG
-----END PGP SIGNATURE-----
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
[Tom Waits]
On Fri, Jul 21, 2000 at 11:20:00AM -0400, Michael T. Babcock wrote:
> No, but if qmail is making the deliveries to another MTA, that MTA doesn't
> have much choice about whether its going to accept deliveries from Qmail or
> not, so why not make Qmail a nice neighbour while we're at it?
What are you talking about? You make it sound like MTAs have no
choice but to accept new smtp connections until they crash. I know
of at least one MTA which doesn't act like this. I question whether
any MTA which -does- act like this should be in use.
> There's nothing wrong with using intelligent queuing to reorder messages and
> reduce session #'s.
Sure there is. It creates overhead.
> If just getting the mail out FAST is all that matters,
> fine. But that's NOT all that matters.
To be blunt, I don't mind taking a look at the code changes you're
proposing. Where are they?
John
> The problem with re-using the same SMTP session for multiple messages, etc,
> is the high-latency inherent in the protocol. DJB found an easy way around
> that.
That's not, what we are talking about. It's about creating multiple
messages when it is really ONE with many receivers going to ONE
destination. It may be that it is not a common case, but there are sites
(mine is among them :) where this IS a very common case.
If that multiplies with large sized messages (also common here - please
forget hints about educating users to use other protocols ...)
qmail's delivery strategy is problematic.
Regards, Frank
On Fri, Jul 21, 2000 at 11:23:45AM -0400, Mark Mentovai wrote:
> >How is this accumulation supposed to occur? Per queue injection?
> >Over a time period? How long of a time period? As long as we're
> >being good neighbors, should the mta lookup the mx for each
> >recipient and accumulate by mx? What should we do if the dns
> >gives us a 0 ttl for the mx?
>
> None of the above. Let me give a loose description of what my idea of an
> efficient and fast MTA can do:
>
> When an MTA receives a message that should be sent out remotely, it should
> determine, in order of preference, which remote hosts are candidates for
> relaying the message. It should then attempt delivery to the
> best-preference host it can find, unless a certain number of active SMTP
> sessions to that host are already open. (This number can be one, or it can
> be something else small in the interests of allowing for parallel delivery.
> It should not be unlimited.) If there are already too many active SMTP
> sessions to the remote host, the message should wait until one of those
> sessions has finished transferring a message. Instead of closing the SMTP
> session, the sender would then transfer the new, waiting message. When a
> new message hits the queue and a delivery is attempted, any other messages
> in the queue waiting to be delivered to the same host should also be sent
> across the same session, or set of sessions.
>
> An MTA should not split the same message up into multiple messages when
> transferring them beyond reason. Although RFC 821 recommends that an SMTP
> server implementation place no arbitrary limitation on the number of
> recipients per message, it mandates that mail servers must be able to
> process up to 100 recipients. If an MTA receives a message with 100
> recipients with the same MX, there is no reason to transfer the message to
> the remote mail exchanger 100 times.
That's nice. Where's your implementation? I don't mind testing your
patches to qmail if you'll send them to me.
John
From: Mark Mentovai <[EMAIL PROTECTED]>
Date: Fri, 21 Jul 2000 10:58:15 -0400 (EDT)
[...]
I use qmail because it meets most of my needs better than anything else I've
seen or used. That doesn't mean I have to accept everything that it does as
the best possible implementation given current standards and practices. If
we all were to do that, very little progress would be made. Never assume
that there is no room for improvement.
I agree.
Am I really the only one that feels this way?
Nope.
I like qmail a lot. It's way easier to deal with than sendmail, and
does a good job for my purposes. There are some things which I wish
it did differently. This business of not bothering to consolidate
deliveries of recipients at a common host (or mx) into a common
connection is one of them.
I agree completely. Running an ISP can teach you that people care
significantly less about even their web sites than they do their e-mail.
How many times have you heard the 'I lost a piece of a e-mail and I could
have potentially lost $10,000 because of your ISP!' I'm sorry, but Mail is
the highest priority, without a doubt. Customers take it extremely
personally if any e-mail is lost. That's how I weigh e-mail in the scheme
of things. Which service is more likely to tick users off if it dies?
E-mail. Which service will generate the most calls if it is even remotely
slow? E-mail. You really can't argue with that. Even in corporate lans,
people will be much more of a pain if their e-mail stops working as opposed
to let's say web access.
Regards,
Julian
----- Original Message -----
From: Greg Owen <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, July 21, 2000 11:03 AM
Subject: RE: orbs.org accuses qmail of mailbomb relaying!
> > oh, I get it.. I agree that they're probably worrying too
> > much, but how should qmail prevent this? does sendmail
> > handle it differently?
>
> If N recipients at a site are getting the same exact message, you
> enter multiple RCPT TO lines and one DATA entry. If N recipients at a
site
> are getting N different messages, you use RSET to reuse the existing SMTP
> connection (something I've never fully trusted the PC-mail-store vendors
to
> get right, quite frankly). Sendmail defaults to doing the former, but not
> the latter, if I recall (and I don't, 'cause I haven't screwed with
sendmail
> for years, so don't get on my case if I'm wrong.)
>
> Qmail gets better performance by opening multiple connections in
> parallel. ORBS thinks that this is too greedy of an algorithm.
Presumably
> they'd rather save the bandwidth for more useful business traffic like
> Napster or Quake. I find it hard to see how someone working at an
> organization dedicated to protecting the mail infrastructure can say
> something like "treating smtp as low priority data."
>
> --
> gowen -- Greg Owen -- [EMAIL PROTECTED]
>
Mark Mentovai <[EMAIL PROTECTED]> writes:
> If an MTA receives a message with 100 recipients with the same MX,
> there is no reason to transfer the message to the remote mail
> exchanger 100 times.
Yes, there is: per-recipient VERPs. You may not see this as
outweighing the bandwidth issue, but it's still a reason in favor of
individual transfers, given the limits of SMTP.
paul
This topic has been beaten to death on the list at various times in
the past. Please go read:
http://Web.InfoAve.Net/~dsill/lwq.html#multi-rcpt
Before you post another message in this thread.
-Dave
I'm not really going to re-enter this recurring fray, but it is
amusing to note that web browsers open multiple connections at once
in an effort to speed up their perceived performance. I don't see
much push to stop that sort of greedy behaviour.
They also repeatedly fetch exactly the same data. Does anyone
care to calculate how many times the exact same stream of bits, let's
say the home page of amazon.com, has been sent down their connection
over the last six months?
> > Qmail gets better performance by opening multiple connections in
> > parallel. ORBS thinks that this is too greedy of an algorithm.
A greedy ant maybe, but rarely relevant compared to that
800lb gorilla/hydra combo, we call web-browsing.
As others have repeatedly said, if you're in that rare situation that
demands something different, use it, or write it. qmail was never
designed to meet every requirement out their and the author has made
it abundantly clear which ones are important to him.
Regards.
> Yes, there is: per-recipient VERPs.
If VERPs are used you have different senders. So bundling receivers of
the same message at one host is a non issue at all (at least with SMTP).
Regards, Frank
Frank Tegtmeyer <[EMAIL PROTECTED]> wrote:
>
> > The problem with re-using the same SMTP session for multiple messages, etc,
> > is the high-latency inherent in the protocol. DJB found an easy way around
> > that.
> If that multiplies with large sized messages (also common here - please
> forget hints about educating users to use other protocols ...)
> qmail's delivery strategy is problematic.
No, it's not. If you don't want to receive fifty simultaneous connections
for delivering mail, configure your MTA to not open that many sessions.
A few people have done the math; MTAs which aggregate recipients to save
bandwidth tend to have more overhead network bandwith (additional MX lookups,
etc), and the savings is not as great as a first guess might make it look.
It has to be a pretty pathological case (large mail, many recipients at
one MX) for it to be consistently faster.
Charles
--
-----------------------------------------------------------------------
Charles Cazabon <[EMAIL PROTECTED]>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
-----------------------------------------------------------------------
Now that we're on the subject of Qmail. (Well, the whole list is but.. )
When I try to add to assign, and recompile with qmail-newu.. I've done this
a lot.. I have about 4000 users in there now with the syntax:
=domain-com-user:popuser:888:888:/var/qmail/domains/d/domain-com/user:::
I for some reason keep getting 'mailbox does not exist' errors. I'm quite
certain the syntax is correct is there any quirk you guys are aware of in
using this kind of setup? I many domains on the same mailserver aliased
through assign.
Regards,
Julian
----- Original Message -----
From: Dave Sill <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, July 21, 2000 12:20 PM
Subject: RE: orbs.org accuses qmail of mailbomb relaying!
> This topic has been beaten to death on the list at various times in
> the past. Please go read:
>
> http://Web.InfoAve.Net/~dsill/lwq.html#multi-rcpt
>
> Before you post another message in this thread.
>
> -Dave
>
Mark Mentovai <[EMAIL PROTECTED]> wrote:
>qmail-send's behavior for remote deliveries (which includes how it deals
>with qmail-rspawn and qmail-remote) is something that's bothered me for a
>while. The system really should manage remote deliveries better. At
>present, we have one SMTP connection per remote address. This should at
>least be modified to give one SMTP connection for each remote mail server
>that needs to be contacted for any given message. The ideal case would
>allow for a limited number of SMTP connections (to allow for parallel
>delivery) to any remote host at any given time, and the capability to
>transfer multiple messages in a single SMTP session.
What you want, apparently, is Postfix. See www.postfix.org.
>There's a difference between being the target of a denial-of-service attack
>and being involved in one as a tool used by an attacker. As participants on
>the public Internet, we have to be willing to acknowledge our own
>susceptibility to being targets, and take measures to handle them as our
>personal or organizational requirements dictate. We must not be willing to
>promote abusive activities by knowingly supporting, directly or indirectly,
>bad practices.
Do you have any evidence that qmail has been used in this manner? If
so, present it. Otherwise, this is a tempest in a teapot.
-Dave
On Fri, Jul 21, 2000 at 11:20:00AM -0400, Michael T. Babcock wrote:
> Don't get me wrong. I like Qmail for the most part. I just think there's
> room for improvement. And room for less attitude ... hint.
>
> Petr Novotny wrote:
>
> > > The problem is that there shouldn't be any "domain in
> > > question," an MTA should make efficient use of a limited number of
> > > SMTP sessions when transferring mail to any other MTA.
> >
> > This horse has been beaten to death. What do you mean by
> > "should"? And why "limited number"?
>
> To be friendly to your neighbours ...
Why is the onus on qmail here? If I'm an MTA dropping off mail to
another MTA, I'm going to send the mail as fast as the other MTA accepts
it. If Other MTA needs to slow it down, it should do so. There's no
reason for me to make assumptions about how many SMTP connections and
messages I can send to another MTA.
jon
"Frank Tegtmeyer" <[EMAIL PROTECTED]> writes:
> > Yes, there is: per-recipient VERPs.
>
> If VERPs are used you have different senders. So bundling receivers of
> the same message at one host is a non issue at all (at least with SMTP).
That's my point: VERPs are good, but using them requires sending one
copy of a message for each recipient. So if you wanted to send a
single copy with multiple recipients, you'd have to sacrifice VERPs.
paul
"Michael T. Babcock" <[EMAIL PROTECTED]> wrote:
>Petr Novotny wrote:
>>
>> This horse has been beaten to death. What do you mean by
>> "should"? And why "limited number"?
>
>To be friendly to your neighbours ...
Ah... And are your HTTP, FTP, etc. clients and servers also "friendly
to your neighbours"? Or do they do their job as quickly as they can?
And are you providing services to your neighbors or your users?
>> Of course, your MTA might have different priorities. Nobody
>> coerced you into using qmail, right?
>
>No, but if qmail is making the deliveries to another MTA, that MTA doesn't
>have much choice about whether its going to accept deliveries from Qmail or
>not,
Of course it does.
>so why not make Qmail a nice neighbour while we're at it?
Not mine, thank you.
>There's nothing wrong with using intelligent queuing to reorder messages and
>reduce session #'s.
"wrong"? No, of course not. Unless you're trying to do VERP's or
deliver messages as quickly as possible. And you don't mind the
additional complexity and the bugs--security and otherwise--that come
with it.
>If just getting the mail out FAST is all that matters,
>fine. But that's NOT all that matters.
It's not *all* that matters. It's also important to do it reliably,
securely, and RFC-legally. Thankfully, qmail accomplishes this.
-Dave
Michael T. Babcock <[EMAIL PROTECTED]> writes on 21 July 2000 at 10:55:39
-0400
> I would have to agree with the multiple connections == bad neighbour behaviour
> (if this is true).
>
> I might encourage re-ordering of sends to have parallel, per-MX queues ...
>
> msg1 -> mx1 (in progress)
> msg2 -> mx2 (start another process)
> msg3 -> mx1 (queue and send on same connection as #1 when #1 is done)
> msg4 -> mx3 (start another process)
> msg5 -> mx2 (queue and send on same connection as #2 when #2 is done)
This is very hard to do, and expensive. And it would slow down mail
delivery, both overall and to each destination. And it would increase
disk IO. Why would one want to do this?
--
Photos: http://dd-b.lighthunters.net/ Minicon: http://www.mnstf.org/minicon
Bookworms: http://ouroboros.demesne.com/ SF: http://www.dd-b.net/dd-b
David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED]
"Frank Tegtmeyer" <[EMAIL PROTECTED]> wrote:
>If VERPs are used you have different senders.
Different *envelope* senders, yes: that's how VERP works. But the
originator is one entity (a user or a mail list handler).
>So bundling receivers of
>the same message at one host is a non issue at all (at least with SMTP).
Assume you have one message sent to many recipients on a single
host. With VERP, since the envelope return path contains the
recipient's encoded address, each message *much* be delivered
separately. Without VERP, the message can be sent once with multiple
RCPT's.
-Dave
Michael T. Babcock <[EMAIL PROTECTED]> writes on 21 July 2000 at 11:20:00
-0400
> No, but if qmail is making the deliveries to another MTA, that MTA doesn't
> have much choice about whether its going to accept deliveries from Qmail or
> not, so why not make Qmail a nice neighbour while we're at it?
*My* nice neighbors deliver their mail to me as quickly as possible.
I have configured my system to not accept more connections than I'm
willing / able to handle. I know how many that is. They do not.
> There's nothing wrong with using intelligent queuing to reorder messages and
> reduce session #'s. If just getting the mail out FAST is all that matters,
> fine. But that's NOT all that matters.
What else matters *which is improved by what you call "intelligent
queueing"*? Profile / measure, don't speculate. What is the cost of
that improvement in other areas? Is it worth it?
--
Photos: http://dd-b.lighthunters.net/ Minicon: http://www.mnstf.org/minicon
Bookworms: http://ouroboros.demesne.com/ SF: http://www.dd-b.net/dd-b
David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED]
John R. Dunning <[EMAIL PROTECTED]> writes on 21 July 2000 at 15:40:59 -0000
> I like qmail a lot. It's way easier to deal with than sendmail, and
> does a good job for my purposes. There are some things which I wish
> it did differently. This business of not bothering to consolidate
> deliveries of recipients at a common host (or mx) into a common
> connection is one of them.
How would you suggest that this be performed without destroying the
simple, secure, structure of qmail? And what would the cost in
increased DNS traffic and increased disk bandwidth be?
That is, have you considered this carefully enough to be able to make
an actual proposal on how to do it, or are you just blowing smoke and
assuming it's easy and cheap?
--
Photos: http://dd-b.lighthunters.net/ Minicon: http://www.mnstf.org/minicon
Bookworms: http://ouroboros.demesne.com/ SF: http://www.dd-b.net/dd-b
David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED]
Mark Mentovai <[EMAIL PROTECTED]> wrote:
>Why not? You can have your cake and eat it too. Efficient network
>utilization doesn't mean delayed or slow delivery.
Say you have 100 different messages to deliver to various users at
AOL. Which will be faster:
1) Opening one connection to a single AOL MX and feeding them through
single-file, or
2) Opening N connections to M AOL MX's and feeding one message to
each?
Answer: 2
Now say you have one message to deliver to 5000 recipients at various
locations. Which will be faster:
1) Sorting the list by MX or domain name, opening a single connection
to each, and feeding one or more messages through single-file, or
2) Opening N connections to N recipient's MX's, delivering one
message through each connection?
Answer: 2
>When an MTA receives a message that should be sent out remotely, it should
>determine, in order of preference, which remote hosts are candidates for
>relaying the message. It should then attempt delivery to the
>best-preference host it can find, unless a certain number of active SMTP
>sessions to that host are already open.
There's a lot of up-front DNS lookup overhead there. Even Postfix,
which tries to be neighborly, only sorts by FQDN.
>(This number can be one, or it can
>be something else small in the interests of allowing for parallel delivery.
>It should not be unlimited.) If there are already too many active SMTP
>sessions to the remote host, the message should wait until one of those
>sessions has finished transferring a message. Instead of closing the SMTP
>session, the sender would then transfer the new, waiting message. When a
>new message hits the queue and a delivery is attempted, any other messages
>in the queue waiting to be delivered to the same host should also be sent
>across the same session, or set of sessions.
That's ten times as complicated as qmail's
one-qmail-remote-per-delivery method. If you can write such a complex
beast as correctly, reliably, efficiently, and securely as
qmail-rspawn/qmail-remote, by all means, do so. I will bow to your
greatness as I do to DJB's.
>An MTA should not split the same message up into multiple messages when
>transferring them beyond reason. Although RFC 821 recommends that an SMTP
>server implementation place no arbitrary limitation on the number of
>recipients per message, it mandates that mail servers must be able to
>process up to 100 recipients. If an MTA receives a message with 100
>recipients with the same MX, there is no reason to transfer the message to
>the remote mail exchanger 100 times.
One good reason: VERP.
-Dave
From: "David Dyer-Bennet" <[EMAIL PROTECTED]>
Date: Fri, 21 Jul 2000 12:07:21 -0500 (CDT)
[...]
That is, have you considered this carefully enough to be able to make
an actual proposal on how to do it, or are you just blowing smoke and
assuming it's easy and cheap?
I have considered the problem, as well as various solutions, and I
believe that the ability to behave in the way being bandied about
would constitute an improvement. I've been hacking software far too
long to assume that anything is easy and cheap.
As has been pointed out already, this topic has been beaten to death
repeatedly; for his own reasons, DJB has chosen not to implement that
feature. Lots of people on the list agree with him, some do not.
That's fine. qmail is a good piece of work, it's not a requirement
for everyone to believe that it's a perfect piece of work.
If you're really interested in a discussion, as opposed to making
provocative remarks, let's take it off the list, I think everybody
else is tired of hearing the argument.
Mark Mentovai <[EMAIL PROTECTED]> wrote:
>I use "should" in the same manner that it is used in the documents which
>define the very standards and practices over which we are arguing. In order
>to be a good 'net neighbor, an MTA (note that I am not singling any MTA out
>here) should not open 25 SMTP connections to the same host to transfer the
>same message specifying a different destination address each time when it
>can just as easily open a single connection and specify 25 destination
>addresses.
And which RFC says that? What is the universal "maximum simultaneous
SMTP connections" constant? It seems odd not to allow more capable
systems to use more connections to speed the flow of mail. Imagine if
AOL could only keep one (or ten or 100) SMTP connection(s) open to
Earthlink/Mindspring.
>Is it as fast as possible? In the situation above, what I suggest should
>happen is actually faster and makes better use of network resources than
>qmail's current implementation.
You *are* familiar with the concept of latency and aware of the number
of round trips that SMTP requires?
>I use qmail because it meets most of my needs better than anything else I've
>seen or used. That doesn't mean I have to accept everything that it does as
>the best possible implementation given current standards and practices. If
>we all were to do that, very little progress would be made. Never assume
>that there is no room for improvement.
Hah. It is DJB's ability to see past the limitations of existing
practices that led to the quantum performance improvements in
qmail. And that's nothing compared to the improvements possible with
the IM2000 infrastructure he proposed here yesterday. qmail 1.x is not
going to change. Dan's already thought more about this issue for qmail
2.x than all of us combined, so we should probably wait and see what
it does before we go off half cocked. And for really fundamental
improvements to the e-mail infrastructure, IM2000 is the place to
direct your efforts.
>Am I really the only one that feels this way?
No, Wieste Venema agrees with you.
>Does nobody else agree with me or recognize my concerns?
I'm sure you're not alone, but as someone who's lived with qmail for
five years, I have to say that the periodic Chicken Little cries that
the sky is falling simply have no basis in reality. If the single-RCPT
issue is a make-or-break for you, use Postfix instead. It's pretty
darned good, too.
-Dave
"Michael T. Babcock" <[EMAIL PROTECTED]> wrote:
>Microsoft ended up with good software at some point in time ... best of its
>class even ... then stopped making it better.
For a second there I thought you were serious. Ha, ha. Good one.
-Dave
Should read - "Microsft purchased, then has no internal talent nor desire
to improve"
I have 3 words for you -Microsoft Exchange Server-NNNNNOOOOOOooooooo.....
Paul Farber
Farber Technology
[EMAIL PROTECTED]
Ph 570-628-5303
Fax 570-628-5545
On Fri, 21 Jul 2000, Dave Sill wrote:
> "Michael T. Babcock" <[EMAIL PROTECTED]> wrote:
>
> >Microsoft ended up with good software at some point in time ... best of its
> >class even ... then stopped making it better.
>
> For a second there I thought you were serious. Ha, ha. Good one.
>
> -Dave
>
On Fri, Jul 21, 2000 at 04:47:15PM +0200, Frank Tegtmeyer wrote:
>
> > qmail doesn't do this by default, and manages to use resources much more
> > efficiently than sendmail, which does this. Why should qmail change?
>
> It does break one of the basic rules on the Internet that many people fell
> ist still important. It produces bad reputation (based only on this one
> fact, ignoring all the other good things about qmail) for qmail and
> sometimes it's author. This is often extended to administrators using
> qmail.
What it does is make sendmail look bad. qmail can easily handle a flood of
incoming connections (if it is being run through tcpserver). It will coolly
defer all incoming connections until a slot opens up. IMHO this is an
important feature, and the fact that sendmail doesn't handle incoming
connections as gracefully is not an excuse to bash qmail.
--Adam
On Fri, Jul 21, 2000 at 11:17:32AM -0400, Michael T. Babcock wrote:
> And DJB has already proposed other protocol solutions that don't handle this
> issue either. That said, your comment is moot. SMTP has lots of problems, why
> _not_ solve them?
This isn't a problem with SMTP -- It's a problem with MTA's that don't handle
lots of incoming connections very well. The fact that a majority of people
on the Internet are running such MTA's is not a concern of mine and it
shouldn't be a concern of Dan's. If they want better connection handling,
they should either request the feature in sendmail or upgrade to something
better.
--Adam
> This isn't a problem with SMTP -- It's a problem with MTA's that don't handle
> lots of incoming connections very well. The fact that a majority of people
> on the Internet are running such MTA's is not a concern of mine and ...
And that number has been in steady decline over the last 3-4 years, btw. It
will not long before they are in the minority if the trends continue.
Regards.
On Fri, Jul 21, 2000 at 10:58:15AM -0400, Mark Mentovai wrote:
> Am I really the only one that feels this way? Does nobody else agree with
> me or recognize my concerns? Are my suggestions really so far out there
> that everyone is willing to write me off as a radical? I didn't think so,
> but it may be the case. If I'm the only person reading who is interested in
> discussing improvements, then I might as well thank you all for listening to
> me as long as you have and give up.
You're not a radical, you're just looking for something that isn't qmail.
The majority of people on this list know how qmail works and are quite happy
with it that way.
--Adam
Petr Novotny <[EMAIL PROTECTED]> writes:
> Please stop that. When was the last time you saw a crashed mailserver
> due to getting too many mails? And what was the software?
It happens with sendmail all the time, which is most of what people are
running.
--
Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/>
I tried to reply Off-List, but the message bounced, so i'll try on-list :)
What exactly are you trying to achieve ?
On Fri, Jul 21, 2000 at 11:08:31PM +1000, Mick wrote:
>
>
--
http://therookie.dyndns.org
If he doesnt relpy, I could use a minifaq !!!
I am building a site to toot the horn of public domain products that have
industrial strength.
Its actually becoming free portal w/o banners and such combining the features
of yahoo! and dejanews, for instance w/ developer support as well.
I'd like to find readers-digest versions of all the uscpi tools, daemontools,
the kind of stuff that resides under the qmail type apps.
The whole site is designed to stimulate new developers into creating stuff
rather than rely on commercial products.
http://puny.vm.com
=====
John van Vlaanderen
#############################################
# CXN, Inc. Contact: [EMAIL PROTECTED] # #
# Proud Sponsor of Perl/Unix of NY #
# http://puny.vm.com #
#############################################
__________________________________________________
Do You Yahoo!?
Get Yahoo! Mail � Free email you can access from anywhere!
http://mail.yahoo.com/
From: Mick <[EMAIL PROTECTED]>
Subject: minifaq
I think that what Mick want's is obvious, and sorely needed in ezmlm...
tough it would be expressed as [EMAIL PROTECTED] or as
[EMAIL PROTECTED] :)
Why should FAQs be standard only in Usenet?
Armando
Anyone knows this error message?
temporary_error_on_maildir_delivery
I use qmail with Mysql
thanks in advance
Luis
I've got a problem:
Jul 21 09:20:10 gw2 smtpd: 964185610.174990 tcpserver: status: 1/50
Jul 21 09:20:10 gw2 smtpd: 964185610.175379 tcpserver: warning: dropping
connection, unable to fork: temporary failure
Jul 21 09:20:10 gw2 smtpd: 964185610.175566 tcpserver: status: 0/50
[EMAIL PROTECTED] wrote:
>Does anyone know if there is a way to force qmail to queue mail rather than
>bouncing it?
No need. It does that automatically.
>i.e., qmail is set to relay all mail to a different mail server.
>But then the mail server process on the second machine goes down, so
>the machine reponds but refuses smtp connections. Qmail begins
>bouncing all incoming mail.
If the machine doesn't respond, the message is deferred (held in the
queue) and the following is logged:
delivery 3426: deferral:
Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/
If your messages are bouncing, it means the remote end is doing
something more than not accepting connections. How about posting one
of the bounces and relevant log clippings?
-Dave
<[EMAIL PROTECTED]> wrote:
>Anyone know why mail delivery could be extremely slow?
1) trigger probs
2) server is busy doing other stuff
3) network probs
4) insufficient hardware (memory, CPU, disk bandwidth)
5) poor connectivity
>My trigger file is setup correctly and I am looking for some really
>really helpful answers, soon *gulp*
We'll need lots more data to be able to diagnose this. E.g.:
1) hardware configuration
2) software configuration (OS, other apps)
3) network configuration
4) output of qmail-showctl, qmail-qstat, vmstat, iostat, top
5) tail of qmail-send log
-Dave
Ok, here's my configuration. If anyone can tell me why I have slow mail
delivery, I checked the Trigger permissions and they are supposedly fine.
Any insight would be so greatly appreciated.
Pentium III 550
256 Megs of Ram
FreeBSD 3.3
Rackspace.Com Network (Multiple OC3 - Peering on several backbones)
Top reports the system as being 97.3% Idle.
Qmail-Qstat reports :
Messages In Queue: 44
Message in Queue but notyet preprocessed: 0
And the number does not drop too quickly. In fact, it takes several hours
for mail to clear out.
Regards,
Julian
----- Original Message -----
From: Dave Sill <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, July 21, 2000 9:36 AM
Subject: Re: Slow Slow Mail Delivery, Not Trigger Permissions
> <[EMAIL PROTECTED]> wrote:
>
> >Anyone know why mail delivery could be extremely slow?
>
> 1) trigger probs
> 2) server is busy doing other stuff
> 3) network probs
> 4) insufficient hardware (memory, CPU, disk bandwidth)
> 5) poor connectivity
>
> >My trigger file is setup correctly and I am looking for some really
> >really helpful answers, soon *gulp*
>
> We'll need lots more data to be able to diagnose this. E.g.:
>
> 1) hardware configuration
> 2) software configuration (OS, other apps)
> 3) network configuration
> 4) output of qmail-showctl, qmail-qstat, vmstat, iostat, top
> 5) tail of qmail-send log
>
> -Dave
>
"Julian Brown" <[EMAIL PROTECTED]> wrote:
>Ok, here's my configuration. If anyone can tell me why I have slow mail
>delivery, I checked the Trigger permissions and they are supposedly fine.
>Any insight would be so greatly appreciated.
>
>Pentium III 550
>256 Megs of Ram
>FreeBSD 3.3
>Rackspace.Com Network (Multiple OC3 - Peering on several backbones)
>
>Top reports the system as being 97.3% Idle.
>Qmail-Qstat reports :
>
>Messages In Queue: 44
>Message in Queue but notyet preprocessed: 0
>
>And the number does not drop too quickly. In fact, it takes several hours
>for mail to clear out.
That's all good information, but I asked for:
>> 1) hardware configuration
>> 2) software configuration (OS, other apps)
>> 3) network configuration
>> 4) output of qmail-showctl, qmail-qstat, vmstat, iostat, top
>> 5) tail of qmail-send log
Why did you stop at #3?
-Dave
On Fri, Jul 21, 2000 at 11:41:55AM -0400, Julian Brown wrote:
> Ok, here's my configuration. If anyone can tell me why I have slow mail
> delivery, I checked the Trigger permissions and they are supposedly fine.
> Any insight would be so greatly appreciated.
>
> Pentium III 550
> 256 Megs of Ram
> FreeBSD 3.3
> Rackspace.Com Network (Multiple OC3 - Peering on several backbones)
>
> Top reports the system as being 97.3% Idle.
> Qmail-Qstat reports :
>
> Messages In Queue: 44
> Message in Queue but notyet preprocessed: 0
>
> And the number does not drop too quickly. In fact, it takes several hours
> for mail to clear out.
As Dave said. We'll need lots more data to diagnose this. Showing us the
logs would be a good start - unsanitized of course. Statements like "does
not drop too quickly" is hardly data - especially when you're talking to
a bunch of MTA techos.
Regards.
>
> Regards,
>
> Julian
>
> ----- Original Message -----
> From: Dave Sill <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, July 21, 2000 9:36 AM
> Subject: Re: Slow Slow Mail Delivery, Not Trigger Permissions
>
>
> > <[EMAIL PROTECTED]> wrote:
> >
> > >Anyone know why mail delivery could be extremely slow?
> >
> > 1) trigger probs
> > 2) server is busy doing other stuff
> > 3) network probs
> > 4) insufficient hardware (memory, CPU, disk bandwidth)
> > 5) poor connectivity
> >
> > >My trigger file is setup correctly and I am looking for some really
> > >really helpful answers, soon *gulp*
> >
> > We'll need lots more data to be able to diagnose this. E.g.:
> >
> > 1) hardware configuration
> > 2) software configuration (OS, other apps)
> > 3) network configuration
> > 4) output of qmail-showctl, qmail-qstat, vmstat, iostat, top
> > 5) tail of qmail-send log
> >
> > -Dave
> >
>
Just because showctl prints out all of my virtualdomains and rcpthosts and
qmail-send is logged under maillog on my system and it's full of tcpserver
stuff. If you can give me something to yank out of the log that is of
interest to you I can grab it. Same with showctl, I'm not sure what you
need from that but I can send whatever you want me to.
J
----- Original Message -----
From: Dave Sill <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, July 21, 2000 11:56 AM
Subject: Re: Slow Slow Mail Delivery, Not Trigger Permissions
> "Julian Brown" <[EMAIL PROTECTED]> wrote:
>
> >Ok, here's my configuration. If anyone can tell me why I have slow mail
> >delivery, I checked the Trigger permissions and they are supposedly fine.
> >Any insight would be so greatly appreciated.
> >
> >Pentium III 550
> >256 Megs of Ram
> >FreeBSD 3.3
> >Rackspace.Com Network (Multiple OC3 - Peering on several backbones)
> >
> >Top reports the system as being 97.3% Idle.
> >Qmail-Qstat reports :
> >
> >Messages In Queue: 44
> >Message in Queue but notyet preprocessed: 0
> >
> >And the number does not drop too quickly. In fact, it takes several
hours
> >for mail to clear out.
>
> That's all good information, but I asked for:
>
> >> 1) hardware configuration
> >> 2) software configuration (OS, other apps)
> >> 3) network configuration
> >> 4) output of qmail-showctl, qmail-qstat, vmstat, iostat, top
> >> 5) tail of qmail-send log
>
> Why did you stop at #3?
>
> -Dave
>
Ok so you guys want me to attach my log or something? If you're sure that's
what you need I would be more than happy. Let me know I'll send it to your
private boxes.
J
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, July 21, 2000 12:02 PM
Subject: Re: Slow Slow Mail Delivery, Not Trigger Permissions
> On Fri, Jul 21, 2000 at 11:41:55AM -0400, Julian Brown wrote:
> > Ok, here's my configuration. If anyone can tell me why I have slow mail
> > delivery, I checked the Trigger permissions and they are supposedly
fine.
> > Any insight would be so greatly appreciated.
> >
> > Pentium III 550
> > 256 Megs of Ram
> > FreeBSD 3.3
> > Rackspace.Com Network (Multiple OC3 - Peering on several backbones)
> >
> > Top reports the system as being 97.3% Idle.
> > Qmail-Qstat reports :
> >
> > Messages In Queue: 44
> > Message in Queue but notyet preprocessed: 0
> >
> > And the number does not drop too quickly. In fact, it takes several
hours
> > for mail to clear out.
>
> As Dave said. We'll need lots more data to diagnose this. Showing us the
> logs would be a good start - unsanitized of course. Statements like "does
> not drop too quickly" is hardly data - especially when you're talking to
> a bunch of MTA techos.
>
> Regards.
>
> >
> > Regards,
> >
> > Julian
> >
> > ----- Original Message -----
> > From: Dave Sill <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Friday, July 21, 2000 9:36 AM
> > Subject: Re: Slow Slow Mail Delivery, Not Trigger Permissions
> >
> >
> > > <[EMAIL PROTECTED]> wrote:
> > >
> > > >Anyone know why mail delivery could be extremely slow?
> > >
> > > 1) trigger probs
> > > 2) server is busy doing other stuff
> > > 3) network probs
> > > 4) insufficient hardware (memory, CPU, disk bandwidth)
> > > 5) poor connectivity
> > >
> > > >My trigger file is setup correctly and I am looking for some really
> > > >really helpful answers, soon *gulp*
> > >
> > > We'll need lots more data to be able to diagnose this. E.g.:
> > >
> > > 1) hardware configuration
> > > 2) software configuration (OS, other apps)
> > > 3) network configuration
> > > 4) output of qmail-showctl, qmail-qstat, vmstat, iostat, top
> > > 5) tail of qmail-send log
> > >
> > > -Dave
> > >
> >
>
On Fri, Jul 21, 2000 at 09:02:34AM -0700, [EMAIL PROTECTED] wrote:
> > Messages In Queue: 44
> > Message in Queue but notyet preprocessed: 0
What does qmail-qread say? Maybe these are just messages that could not
be delivered.
Greetings
--
Robert Sander
Epigenomics AG www.epigenomics.de Kastanienallee 24
+493024345330 10435 Berlin
On Fri, Jul 21, 2000 at 12:26:42PM -0400, Julian Brown wrote:
> Ok so you guys want me to attach my log or something? If you're sure that's
> what you need I would be more than happy. Let me know I'll send it to your
> private boxes.
If you're concerned about their size or which parts are relevant,
the recommended practise is to dump them on a web page and just
email the URL to the list. It might be nice if they were split up
a little bit. The split command does nicely in that regard.
Regards.
"Julian Brown" <[EMAIL PROTECTED]> wrote:
>Ok so you guys want me to attach my log or something? If you're sure that's
>what you need I would be more than happy. Let me know I'll send it to your
>private boxes.
No, I don't want a copy of your entire mail log. If you can't post the
last 30 lines or so to the list, I guess you'll have to investigate
other options like hiring a consultant, figuring it out yourself, or
switching to another MTA.
-Dave
On Fri, Jul 21, 2000 at 12:23:59PM -0400, Julian Brown wrote:
> Just because showctl prints out all of my virtualdomains and rcpthosts and
> qmail-send is logged under maillog on my system and it's full of tcpserver
> stuff. If you can give me something to yank out of the log that is of
> interest to you I can grab it. Same with showctl, I'm not sure what you
> need from that but I can send whatever you want me to.
That's part of the reason why Dave (and his FAQ) recommend providing
as much info as you can. No one yet knows what is relevant. It's
hard to provide too much information in such circumstances, as different
readers have probably formulated potential causes and each will
look at different info to start with. Almost certainly one of them
will be right. Do you want each reader to be able to test their theories
easily by maximizing what they are told or do you want to discourage them
by making them "work" the information out of you?
Regards.
Fabrice Scemama <[EMAIL PROTECTED]> writes:
> I think I'd love to find a small Howto explaining how
> to fully enjoy mail with both emacs and qmail.
> Any idea?
FWIW, I'm working on nnmaildir.el for Gnus. You get the Gnus user
interface wrapped around a maildir backend for delivery and storage of
mail. There's an incomplete but working version at
<URL:http://multivac.cwru.edu/prj/nnmaildir.el>. There will be
incompatible changes coming soon, so you may not want to migrate
completely, but feel free to play with it. [OP: Gnus's MIME support
isn't as good as VM's yet AFAIK, but I'm a few versions behind on
Gnus, so it may be farther along than I'm aware of.]
paul
Erich <[EMAIL PROTECTED]> wrote:
>
> I've been using qmail for a long time, with Maildir and rmail. I use
> the mdmovemail program which is available on the Qmail site, and it
> works fine with rmail.
>
> Now, however, it is time for me to upgrade to a MUA with better
> support for MIME. It seems like the best choice for emacs is vm.
Not to start a mailer holy war, but you might want to try Mutt -- it's
MIME support is excellent, along with pgp/gpg support, and total
configurability. Try www.mutt.org.
Charles
--
-----------------------------------------------------------------------
Charles Cazabon <[EMAIL PROTECTED]>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
-----------------------------------------------------------------------
* Charles Cazabon <[EMAIL PROTECTED]> [000721 10:12]:
> Erich <[EMAIL PROTECTED]> wrote:
> > Now, however, it is time for me to upgrade to a MUA with better
> > support for MIME. It seems like the best choice for emacs is vm.
Nope, Gnus. It supports maildir as a mailsource and alpha support for
maildir as a select method is here.
> Not to start a mailer holy war, but you might want to try Mutt -- it's
> MIME support is excellent, along with pgp/gpg support, and total
> configurability. Try www.mutt.org.
There are many good reasons for mutt - but it's the inferior tool when
it comes to flexibility and features. Gnus is a proper superset of all
MUAs and NRs I know. http://www.gnus.org/, http://socha.net/Gnus/
Charles Cazabon <[EMAIL PROTECTED]> wrote:
>Not to start a mailer holy war,
Uh oh.
>but you might want to try Mutt -- it's
>MIME support is excellent, along with pgp/gpg support, and total
>configurability. Try www.mutt.org.
Mutt is a fine mailer. Really. I use it at home and occasionally at
work, but its MIME support doesn't compare to VM's: it can't display
in-line images or HTML/rich-text because it's character-based.
-Dave
If I were starting out now, I would probably use something like Mutt,
but... MUST... USE.. EMACS!!!!
emacs is a pain to learn, but once you start, you can't stop.
e
--
This message was my two cents worth. Please deposit two cents into my
e-gold account by following this link:
http://rootworks.com/twocentsworth.cgi?102861
275A B627 1826 D627 ED35 B8DF 7DDE 4428 0F5C 4454
Dave Sill <[EMAIL PROTECTED]> writes:
> Mutt is a fine mailer. Really. I use it at home and occasionally at
> work, but its MIME support doesn't compare to VM's: it can't display
> in-line images or HTML/rich-text because it's character-based.
And current Gnus is another quantum leap ahead of VM. (I don't even mind
HTML e-mail as much any more; w3 mode does a nice job of it. And it does
an excellent job handling inline images, and a fantastic job of handling
multiple character sets.)
--
Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/>
what is causing this...and how much later is it talking about?
I'm on Bruce's rpm.....this has been working fine for months...now I can't
restart, or stop then start the daemon.
Redhat 6.0 system.
/etc/rc.d/init.d/pop3d start
Starting pop3d: pop3d/log (will be started later) pop3d (will be started
later)
done.
Hi *,
qmail-1.03 with bigtodo- and the big-queue-patch gives
this error-message, when I relay mails with smtpstone
through it.
root@xxxx:~# qmail-qstat
messages in queue: 1221
messages in queue but not yet preprocessed: 77
Hints, where to look for a solution?
By
T�ns
--
Linux. The dot in /.
I ve just installed qmailanalog and daemontools on my server.... Could you
please just help me on I can get good daily report of qmail usage with
multilog ?
What shall I do exactly ???
Is there a FAQ on this ?
Thank you
I'm doing pretty well w/ my cgi MUAs.
Weak on features, but thats only temporary. I've been learning from Yahoo!
which is weak because of performance latency, but I am going to graft together
a bunch of cgi MUAs into perl modules, adding folder support, etc.
Along w/ that I want to add calendar service, a support tool grafted from
faq-0matic, to the delight of the author, photo gallery, experimental
personal-data-mining, you name it.
If interested, its a free s/w portal attempt, along w/ a perl, OS and advocacy
group centered in NYC, the reputed (and dirty) navel of the universe.
http://puny.vm.com
=====
John van Vlaanderen
#############################################
# CXN, Inc. Contact: [EMAIL PROTECTED] # #
# Proud Sponsor of Perl/Unix of NY #
# http://puny.vm.com #
#############################################
__________________________________________________
Do You Yahoo!?
Get Yahoo! Mail � Free email you can access from anywhere!
http://mail.yahoo.com/
Does anyone have a pointer to a comparison of qmail/sendmail/postfix/...
that is done at a real world server over a longer period of time?
It should include bandwith use (including DNS) and performance data.
The only thing I remember were some graphs about mailer timings (DNS
lookup, start of delivery and so on). That doesn't give the real world
picture everyone is talking about.
Regards, Frank
On Fri, Jul 21, 2000 at 07:10:08PM +0200, Frank Tegtmeyer wrote:
> Does anyone have a pointer to a comparison of qmail/sendmail/postfix/...
> that is done at a real world server over a longer period of time?
In the real world, you will not find two sites with identical input load
so that you can compare their output load. That is what benchmarks are
for.
> It should include bandwith use (including DNS) and performance data.
What kind of numbers do you want to see here? Packet-level bandwidth
numbers, or the kind of numbers qmailanalog can produce? I run qmail on
our corporate firewall as a transparent proxy for ALL SMTP mail going in
or out of our network. That firewall also hosts our DNS cache. Right
now we only have about 40-50 client sites behind the firewall, but it
generates 10MB of qmail logs in under 10 days, and the same amount of
dnscache logs in under 2 days for client lookups and 4 days for local
(ie qmail) lookups. This (at this moment) represents 11204 messages to
13470 recipients, totalling 428,035,016 message bytes and 517,887,116
delivered bytes. You want stats? I've got 'em, at least for qmail.
This site will never run sendmail.
By year's end, we are looking to massively scale up the number of client
sites, possibly by an order of magnitude. I think I might have to make
my multilog limits a bit larger...
> The only thing I remember were some graphs about mailer timings (DNS
> lookup, start of delivery and so on). That doesn't give the real world
> picture everyone is talking about.
I believe the graphs you are referring to are the ones at
http://www.kyoto.wide.ad.jp/mta/eval1/eindex.html
This person has gone to a fair amount of work to characterize how
various MTAs deliver messages to mailing lists. However, this is not
exactly what you are asking, and the graphs presented there are
confusing sometimes due to differences in the scales between graphs.
--
Bruce Guenter <[EMAIL PROTECTED]> http://em.ca/~bruceg/
PGP signature
i'm getting the following tcpserver error:
[root@myserver /var/qmail/control]# tcpserver -x/etc/tcp.smtp.cdb -u513
-g513 0 smtp /var/qmail/bin/qmail-smtpd &
[1] 4307
tcpserver: fatal: unable to bind: address already used
[1] Exit 111 tcpserver -x/etc/tcp.smtp.cdb -u513 -g513
0 smtp /var/qmail/bin/qmail-smtpd
[root@myserver /var/qmail/control]#
i've done a ps -aux | grep tcp and don't see it running anywhere.
my /etc/tcp.smtp is:
127.:allow,RELAYCLIENT=""
216.160.248.:allow,RELAYCLIENT=""
216.160.240.:allow,RELAYCLIENT=""
10.1.1.:allow,RELAYCLIENT=""
192.168.1.:allow, RELAYCLIENT=""
:allow
any help would be great.
ZZ
Your inetd or some other process is already bound to the smtp port
David
-----Original Message-----
From: Z [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 21, 2000 10:26 AM
To: [EMAIL PROTECTED]
Subject: TCPserver error
i'm getting the following tcpserver error:
[root@myserver /var/qmail/control]# tcpserver -x/etc/tcp.smtp.cdb -u513
-g513 0 smtp /var/qmail/bin/qmail-smtpd &
[1] 4307
tcpserver: fatal: unable to bind: address already used
[1] Exit 111 tcpserver -x/etc/tcp.smtp.cdb -u513 -g513
0 smtp /var/qmail/bin/qmail-smtpd
[root@myserver /var/qmail/control]#
i've done a ps -aux | grep tcp and don't see it running anywhere.
my /etc/tcp.smtp is:
127.:allow,RELAYCLIENT=""
216.160.248.:allow,RELAYCLIENT=""
216.160.240.:allow,RELAYCLIENT=""
10.1.1.:allow,RELAYCLIENT=""
192.168.1.:allow, RELAYCLIENT=""
:allow
any help would be great.
ZZ
You can do (with some versions of the nettools package, on linux at
least) "netstat -anp | grep LISTEN" and that will show you all ports
listening, and the -p options tells the process that is listening
- T
On Fri, 21 Jul 2000, Z wrote:
> i'm getting the following tcpserver error:
>
> [root@myserver /var/qmail/control]# tcpserver -x/etc/tcp.smtp.cdb -u513
> -g513 0 smtp /var/qmail/bin/qmail-smtpd &
> [1] 4307
> tcpserver: fatal: unable to bind: address already used
> [1] Exit 111 tcpserver -x/etc/tcp.smtp.cdb -u513 -g513
> 0 smtp /var/qmail/bin/qmail-smtpd
> [root@myserver /var/qmail/control]#
>
> i've done a ps -aux | grep tcp and don't see it running anywhere.
>
> my /etc/tcp.smtp is:
> 127.:allow,RELAYCLIENT=""
> 216.160.248.:allow,RELAYCLIENT=""
> 216.160.240.:allow,RELAYCLIENT=""
> 10.1.1.:allow,RELAYCLIENT=""
> 192.168.1.:allow, RELAYCLIENT=""
> :allow
>
> any help would be great.
>
> ZZ
>
--
Tyler J. Frederick
Systems Administrator
Sportsline.com, Inc.
On Fri, Jul 21, 2000 at 12:26:25PM -0500, Z wrote:
! [root@myserver /var/qmail/control]# tcpserver -x/etc/tcp.smtp.cdb -u513 -g513 0 smtp
/var/qmail/bin/qmail-smtpd &
! tcpserver: fatal: unable to bind: address already used
Well, see if sendmail is still running, or whether you have an smtp
line in /etc/inetd.conf (if you run inetd). It can be due to other
programs, though---all that's said is that some program hogged port
25 on interface 0.0.0.0.
---Chris K.
--
Chris, the Young One |_ but what's a dropped message between friends?
Auckland, New Zealand |_ this is UDP, not TCP after all ;) ---John H.
http://cloud9.hedgee.com/ |_ Robinson, IV
PGP: 0xCCC6114E/0x706A6AAD |_
I was wondering if there was a way that I can have SMTP do a database
lookup in order to find out where the mail should be delivered.
What i mean is let's say that the SMTP server gets a request for
[EMAIL PROTECTED] I need it to search in a mySQL database
with the extracted information (bob, barker, myserver). Thanks.
ZZ
Z <[EMAIL PROTECTED]> writes:
> I was wondering if there was a way that I can have SMTP do a database
> lookup in order to find out where the mail should be delivered.
> What i mean is let's say that the SMTP server gets a request for
> [EMAIL PROTECTED] I need it to search in a mySQL database
> with the extracted information (bob, barker, myserver).
This question has nothing to do with SMTP; it's about delivery, not
receipt. qmail won't do a database lookup on the fly, but you can use
virtual domains and extract your database information into your
/var/qmail/users/assign file to get the same functionality.
paul
Quoting Ismal Hisham Darus ([EMAIL PROTECTED]):
> Hi,
>
> I don't know where the problem is .. but in my my case, we have two
> qmail servers server0 and server1 (not using inetd.. of course :)).
> When somebody send files exceeding 2.5mb, he get a bouce mail stating
> that :
>
> Remote host said: 552 Requested mail action aborted: exceeded storage
> allocation.
Ismal, showing us the mail logs in such situations is usually a good
idea. If others had seen the recipient address, you would have had
your answer very quickly.
Anyway, as others stated, that message isn't output by qmail. I
_have_ seen that particular annoying message before: it's output by
hotmail.com's mail servers when you send an email to someone there
that has exceeded their mail quota.
The quota is quite small at hotmail and other free mail providers, and
they outright *bounce* mail when it's exceeded.
Aaron
> The quota is quite small at hotmail and other free mail providers, and
> they outright *bounce* mail when it's exceeded.
Not mine, http://puny.vm.com is qmail compliant... and non-bannarized. ;)
I have sqwebmail and a home rolled perl cgi, oMail.
Dont all rush onboard though, I'm still security testing ;)
=====
John van Vlaanderen
#############################################
# CXN, Inc. Contact: [EMAIL PROTECTED] # #
# Proud Sponsor of Perl/Unix of NY #
# http://puny.vm.com #
#############################################
__________________________________________________
Do You Yahoo!?
Get Yahoo! Mail � Free email you can access from anywhere!
http://mail.yahoo.com/
Are there any initscripts packages that are already setup to work with the new
daemontools?
TIA, Bruce.
Ok, I have been digging and digging, but to no avail as of yet. How can I force qmail
to arbitrarily queue /all/ outgoing mail and deliver nothing until I "flip the switch"
back, so to speak. Also, on the original subject, is there perhaps a way to make
qmail retry sending messages rejected by the next server in line several times a la
deferred mail?
Thanks
Mike Culbertson
>>> On Thu, Jul 20 2000 21:55:30 GMT-0400,
>>> [EMAIL PROTECTED] said:
>
>M> Does anyone know if there is a way to force qmail to queue mail rather
>M> than bouncing it? i.e., qmail is set to relay all mail to a different
>M> mail server. But then the mail server process on the second machine
>M> goes down, so the machine reponds but refuses smtp connections. Qmail
>M> begins bouncing all incoming mail.
>
> The only way I know is to force qmail to queue *all* outgoing mail all
> the time. I then use rsync and ssh to move the files to my ISP, and
> feed each one to their outgoing mail queue. Give a shout if you're
> interested.
>
[EMAIL PROTECTED] wrote:
>Ok, I have been digging and digging, but to no avail as of yet. How
>can I force qmail to arbitrarily queue /all/ outgoing mail and
>deliver nothing until I "flip the switch" back, so to speak.
To stop delivery, set concurrencyremote and concurrencylocal to 0,
restart qmail. To re-enable delivery, set them back to the desired
values.
>Also,
>on the original subject, is there perhaps a way to make qmail retry
>sending messages rejected by the next server in line several times a
>la deferred mail?
No.
-Dave
I had a similar question a while back to which Russell was
kind enough to suggest a fix:
to queue all *inbound mail* just modify qmail-getpw to _exit(111).
What I did to it was check if an indicator file is present in
/var/qmail/control and exit(111) and the email message
goes to the queue.
[EMAIL PROTECTED]
NetZero
Mail/Sys/Network Admin
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Friday, July 21, 2000 8:20 AM
> To: [EMAIL PROTECTED]
> Subject: more forced queueing
>
> Ok, I have been digging and digging, but to no avail as of
> yet. How can I force qmail to arbitrarily queue /all/
> outgoing mail and deliver nothing until I "flip the switch"
> back, so to speak. Also, on the original subject, is there
> perhaps a way to make qmail retry sending messages rejected
> by the next server in line several times a la deferred mail?
>
> Thanks
>
> Mike Culbertson
>
_____NetZero Free Internet Access and Email______
http://www.netzero.net/download/index.html
"M.B." <[EMAIL PROTECTED]> writes:
> I had a similar question a while back to which Russell was
> kind enough to suggest a fix:
>
> to queue all *inbound mail* just modify qmail-getpw to _exit(111).
Note that this won't take effect for addresses listed in users/assign.
qmail-lspawn invokes qmail-getpw only if it can't find a matching
entry in users/assign (well, users/cdb, technically).
paul
On Fri, Jul 21, 2000 at 07:10:37PM +0000, [EMAIL PROTECTED] wrote:
> Ok, I have been digging and digging, but to no avail as of yet. How can I force
>qmail to arbitrarily queue /all/ outgoing mail and deliver nothing until I "flip the
>switch" back, so to speak. Also, on the original subject, is there perhaps a way to
>make qmail retry sending messages rejected by the next server in line several times a
>la deferred mail?
>
Try http://web.infoave.net/~dsill/lwq.html
Look for the startup script and note the 'pause' option ;)
> Thanks
>
> Mike Culbertson
HTH,
Steffan
--
http://therookie.dyndns.org
When I set up my Sendmail box last year I added all of my users in
'userconf' as POP accounts (mail only). Approx 250. As I'm attempting to add
Maildir folders under their /home/name directories, I cannot chown Maildir.
For example:
drwx------ 5 root popusers 1024 Jul 21 11:22 Maildir
[root@mail2 /home/al.koch]# chown -R al.koch /home/al.koch/Maildir
chown: al.koch: invalid user
Will I have to remove all my users and add them as regular users?
thanks,
tony.campisi
On Fri, Jul 21, 2000 at 02:42:29PM -0500, Tony Campisi wrote:
! [root@mail2 /home/al.koch]# chown -R al.koch /home/al.koch/Maildir
! chown: al.koch: invalid user
Try chown -R al.koch: /home/al.koch/Maildir
^--- colon there
It may or may not work. Colon is now the preferred separator between
user and group, but historically the dot has been used for that, and
so it's still supported for compatibility.
What operating system do you use? If it's free software, I can look
at the source code and see whether the above works...
---Chris K.
--
Chris, the Young One |_ Never brag about how your machines haven't been
Auckland, New Zealand |_ hacked, or your code hasn't been broken. It's
http://cloud9.hedgee.com/ |_ guaranteed to bring the wrong kind of
PGP: 0xCCC6114E/0x706A6AAD |_ attention. ---Neil Schneider
From: Tony Campisi <[EMAIL PROTECTED]>
>Will I have to remove all my users and add them as regular users?
Only users mentioned in /etc/passwd can own directories, AFAIK.
Also, dots in the user's name may give problems with qmail. I'd suggest
vpopmail (http://www.inter7.com) as a perhaps simpler way of keeping your
current mail addresses.
Armando
Instead of having qmqpc picking the first available server, I would like it
to load balance between all servers I have listed as QMQP servers. In
qmail-qmqpc.c on line 153, it says:
i = 0;
for (j = 0;j < servers.len;++j)
if (!servers.s[j]) {
doit(servers.s + i);
i = j + 1;
}
Would it work if I change it to:
i = 0;
for (j = 0;j < servers.len;++j)
i = (servers.len*1.0)*rand()/(RAND_MAX+1.0);
if (!servers.s[j]) {
doit(servers.s + i);
}
This way, "i" will be a random number from 0 to (servers.len-1).
----------
Jay Austad
Network Administrator
CBS Marketwatch
612.817.1271
[EMAIL PROTECTED]
http://cbs.marketwatch.com
http://www.bigcharts.com
Almost. Note that 'i' has to point to the start of the \0 terminated
string that 'j' is currently scanning. servers.s is a series of \0
terminated strings. You need to do some work to make sure that i, is
pointing that the start of the string that j randomizes into.
Regards.
On Fri, Jul 21, 2000 at 03:10:58PM -0500, Austad, Jay wrote:
> Instead of having qmqpc picking the first available server, I would like it
> to load balance between all servers I have listed as QMQP servers. In
> qmail-qmqpc.c on line 153, it says:
> i = 0;
> for (j = 0;j < servers.len;++j)
> if (!servers.s[j]) {
> doit(servers.s + i);
> i = j + 1;
> }
>
>
> Would it work if I change it to:
> i = 0;
> for (j = 0;j < servers.len;++j)
> i = (servers.len*1.0)*rand()/(RAND_MAX+1.0);
> if (!servers.s[j]) {
> doit(servers.s + i);
> }
>
> This way, "i" will be a random number from 0 to (servers.len-1).
>
>
> ----------
> Jay Austad
> Network Administrator
> CBS Marketwatch
> 612.817.1271
> [EMAIL PROTECTED]
> http://cbs.marketwatch.com
> http://www.bigcharts.com
>
>
[EMAIL PROTECTED] writes:
> On Fri, Jul 21, 2000 at 03:10:58PM -0500, Austad, Jay wrote:
> > Instead of having qmqpc picking the first available server, I would like it
> > to load balance between all servers I have listed as QMQP servers.
...
> > This way, "i" will be a random number from 0 to (servers.len-1).
>
> Almost. Note that 'i' has to point to the start of the \0 terminated
> string that 'j' is currently scanning. servers.s is a series of \0
> terminated strings. You need to do some work to make sure that i, is
> pointing that the start of the string that j randomizes into.
Also note that if you choose one at random every time, you just might
choose the same one, which happens to be down, every time. It'd be
better to rotate the list by a random number of entries, and then step
through it normally.
paul
On Fri, Jul 21, 2000 at 04:35:57PM -0400, Paul Jarc wrote:
> [EMAIL PROTECTED] writes:
> > On Fri, Jul 21, 2000 at 03:10:58PM -0500, Austad, Jay wrote:
> > > Instead of having qmqpc picking the first available server, I would like it
> > > to load balance between all servers I have listed as QMQP servers.
> ...
> > > This way, "i" will be a random number from 0 to (servers.len-1).
> >
> > Almost. Note that 'i' has to point to the start of the \0 terminated
> > string that 'j' is currently scanning. servers.s is a series of \0
> > terminated strings. You need to do some work to make sure that i, is
> > pointing that the start of the string that j randomizes into.
>
> Also note that if you choose one at random every time, you just might
> choose the same one, which happens to be down, every time. It'd be
> better to rotate the list by a random number of entries, and then step
> through it normally.
I think he as trying to randomize the start point and cycle thru the
list as qmqpc does now. So even if he hits the same starting point,
it'll still find a good server. Leastwise that's what I was originally
trying to show with the posted code-fragment.
Regards.
Even if it does hit a down server twice, it'll still just randomize and try
again hopefully hitting one that's not down. This shouldn't lose any mail
and shouldn't take much, if any, extra system resources.
So the actual string that 'j' scans looks something like this:
192.168.20.1\0192.168.20.2\0192.168.20.3
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 21, 2000 3:44 PM
To: [EMAIL PROTECTED]
Subject: Re: qmqpc load balancing
On Fri, Jul 21, 2000 at 04:35:57PM -0400, Paul Jarc wrote:
> [EMAIL PROTECTED] writes:
> > On Fri, Jul 21, 2000 at 03:10:58PM -0500, Austad, Jay wrote:
> > > Instead of having qmqpc picking the first available server, I would
like it
> > > to load balance between all servers I have listed as QMQP servers.
> ...
> > > This way, "i" will be a random number from 0 to (servers.len-1).
> >
> > Almost. Note that 'i' has to point to the start of the \0 terminated
> > string that 'j' is currently scanning. servers.s is a series of \0
> > terminated strings. You need to do some work to make sure that i, is
> > pointing that the start of the string that j randomizes into.
>
> Also note that if you choose one at random every time, you just might
> choose the same one, which happens to be down, every time. It'd be
> better to rotate the list by a random number of entries, and then step
> through it normally.
I think he as trying to randomize the start point and cycle thru the
list as qmqpc does now. So even if he hits the same starting point,
it'll still find a good server. Leastwise that's what I was originally
trying to show with the posted code-fragment.
Regards.
|
HI !
I have a big table in MS exel with de login and pass, How can
I do to import from VPOPMAIL all the users ?
I hope so u can help me
JVino
|
I can send a message to a remote host using:
echo to: [EMAIL PROTECTED] | /var/qmail/bin/qmail-inject
but I cannot do so from a pop3 MUA, netsacpe.
When I try I get a dialog:
Sorry that's not in my list of rtpchosts (#5.7.1)
If I add remote.com to rtpchosts it works, but I should not have to add every
possible mail host on the 'net in this file.
Is this a qmail-pop3d issue? If so where do I tell it to forward mail to
unknown hosts.
Thanks, bruce.
On Fri, Jul 21, 2000 at 03:56:41PM -0700, Bruce Edge wrote:
! but I cannot do so from a pop3 MUA, netsacpe.
That's because Netscape uses your SMTP daemon to inject mail. See below.
! If I add remote.com to rtpchosts it works, but I should not have to add every
! possible mail host on the 'net in this file.
No, don't do that. If you add enough domains there, your machine becomes
an open relay.
! Is this a qmail-pop3d issue? If so where do I tell it to forward mail to
! unknown hosts.
If you use tcpserver to serve qmail-smtpd, then in its rules file, have
something like (assuming your IP address is 10.1.2.3):
10.1.2.3:allow,RELAYCLIENT=""
This will allow SMTP connections from 10.1.2.3 to send to any domain.
---Chris K.
--
Chris, the Young One |_ If you can't afford a backup system, you can't
Auckland, New Zealand |_ afford to have important data on your computer.
http://cloud9.hedgee.com/ |_ ---Tracy R. Reed
PGP: 0xCCC6114E/0x706A6AAD |_
Is is possible to run the qmail-popup and qmail-pop3d applications without the
qmail smtp server? Can the pop server be run as a daemon rather than from
inetd or tcpserver?
Thanks!
-Stephen Bolinger
On Fri, Jul 21, 2000 at 03:56:46PM -0700, Stephen Bolinger wrote:
> Is is possible to run the qmail-popup and qmail-pop3d applications without the
> qmail smtp server? Can the pop server be run as a daemon rather than from
> inetd or tcpserver?
Yes, and no.
But... Keep in mind qmail-pop3d only works with maildirs.
RC
--
+-------------------
| Ricardo Cerqueira
| PGP Key fingerprint - B7 05 13 CE 48 0A BF 1E 87 21 83 DB 28 DE 03 42
| Novis - Engenharia ISP / Rede T�cnica
| P�. Duque Saldanha, 1, 7� E / 1050-094 Lisboa / Portugal
| Tel: +351 21 3166700 (24h/dia) - Fax: +351 21 3166701
Never mind, just found:
tcprules tcp.smtp.cdb tcp.smtp.tmp < qmail-smtpd
Bruce Edge wrote:
>
> I can send a message to a remote host using:
>
> echo to: [EMAIL PROTECTED] | /var/qmail/bin/qmail-inject
>
> but I cannot do so from a pop3 MUA, netsacpe.
>
> When I try I get a dialog:
> Sorry that's not in my list of rtpchosts (#5.7.1)
>
> If I add remote.com to rtpchosts it works, but I should not have to add every
> possible mail host on the 'net in this file.
>
> Is this a qmail-pop3d issue? If so where do I tell it to forward mail to
> unknown hosts.
>
> Thanks, bruce.
Greetings,
I am revamping the mail system to run qmail on a dedicated server as the
current set up is quite ugly. Right now most users are getting their mail via
IMAP and one or two (self included) using POP3. Everyone is using Netscape
Messenger for their MUA (except one or two, mutt or pine instead).
I envisioned mounting the user directories on the mail server to deliver to
maildirs (after all, it's better than mbox over NFS!). Is there a
module/add-on/patch/something to allow Messenger to read maildir format?
Or is there an IMAP server that would work well for this scenario? A small
number of users will still use IMAP for laptop use while on the road. Most
everyone will be switched to POP3 or, if possible, just read their mail with
netscape from the Maildir.
I appreciate any responses, advice or ideas.
Thank you.
--
Joshua Timberman Enhanced Software Technologies, Inc.
System Administrator http://www.estinc.com
[EMAIL PROTECTED] 602.470.1115
> I envisioned mounting the user directories on the mail server to deliver
to
> maildirs (after all, it's better than mbox over NFS!). Is there a
> module/add-on/patch/something to allow Messenger to read maildir format?
>
> Or is there an IMAP server that would work well for this scenario? A
small
> number of users will still use IMAP for laptop use while on the road.
Most
> everyone will be switched to POP3 or, if possible, just read their mail
with
> netscape from the Maildir.
>
> I appreciate any responses, advice or ideas.
www.qmail.org has a link to the patched IMAP source, it works quite well
for us. That way, your users can be completely oblivious to the change.
= )
steve
hi,
i have a little confusing problem with qmail:
i can send email to [EMAIL PROTECTED] (where bob is a real user), but i cannot
send email to i.e. [EMAIL PROTECTED] where bobby is a virtual user. somebody
can help me please ? this works sometimes, but after rebooting the machine
i.e. sometimes i get a "sorry, no mailbox ...." message.
i asked this before and thought i fixed it, but this problem shows up
again and again.
--
regards,
jens
---------------------------------------------------------------------------
department computer science, university of dortmund
linux ... life's too short for reboots!
hi,
i have strange things happening here with my mailserver:
i have the following set up in .../control/virtualdomains
domain.com:georg
www.domain.com:georg
domain2.com:georg
www.domain2.com:georg
i can send emails without trouble to <anything>@www.domain.com.
qmail delivers this to georg-<anything>@www.mydomain.com. ok !
same for domain2.com and www.domain2.com !
now, trying to send anything to <anything>@mydomain.com fails,
EXCEPT for [EMAIL PROTECTED], with georg being a real existing local
user !
i have checked the .qmail files. they are ok and the question now is,
why does it work for @www.mydomain.com (www can be replaced by any other
valid subdomain - works for all!), but NOT for @mydomain.com ???
i have some other domains set up on my server and it works perfectly
for i.e. mydomain2.com and www.mydomain2.com.
where do i have to start my investigations ?????? where is the translations
from <anything> to georg-<anything> done ? i think in /control/virtualdomains,
right ?
i have no more ideas where to look !
--
regards,
jens
---------------------------------------------------------------------------
department computer science, university of dortmund
linux ... life's too short for reboots!
I have been getting the following error message from fetchmail.
Jul 15 12:51:39 myhost fetchmail[13004]: MDA exited abnormally or returned nonzero
status
This error message is happening 15 minutes or so.
I have upgraded maildrop and fetchmail to the most current versions and the error
still continues. How do I find out why maildrop is exiting?
My .fetchmailrc has the following entry.
user "subb3" with pass "secretpass" is subba here and wants mda
"/usr/local/bin/maildrop -d subba"
Now that puts maildrop in delivery mode. Since maildrop does not do any logging in
delivery
mode is there any other way I can modify the maildrop invocation, that will do logging.
I would like log to a file and not to standard error.
Thank you once again.
--
Subba Rao
[EMAIL PROTECTED]
http://pws.prserv.net/truemax/
=> Time is relative. Here is a new way to look at time. <=
http://www.smcinnovations.com
Sorry to spam this list with lame email. Unfortunately i'm having
difficulty with full instalation on qmail at Red Hat 6.2.
To this date i thought managed to install succesfully qmail, followin
instructions in INSTALL file. I even managed to update procmail so he puts
mail dow to Mailfox file. The problem is that i can only send mails, and
receive mails only from the same adress as my computer. Any other mail do
not even show in maillogs.
To solve this problem i installed tcpserver, made corrections to start
scripts., as the instruction says... and guess what.. nothing has changed.
Can anyone send me mail on priv, what should i correct to make qmail
working.
Thax in advance
compleately green in linux... Lukas
i m using qmail server and some of the domains r in locals and some r in
virtualdomains file.
Now my problem is that when ever i send a mail to a invalid user but to a
valid domain which is there in local ie to [EMAIL PROTECTED] , i get
a bounce message that user is not there in relaymail from file.
But if i send a mail to invalid@virtualdomain , i never get a bounce
message , qmail server forward that mail to my relay mail server which is
an another server and defined in smtproute file.
can anybody pl tell me is there anyway to get a bounce back message if i m
sending a mail to invalid user of virtualdomain.....
regards
lokesh
Is there a config somewhere so i can decrease identd timeout to something
less than 30 seconds? my qmail server is attempting to connect to identd
ports of every remote host that opens a port 25 connection to it, and
frequently these hosts are behind firewalls blocking identd ports (tcp/113).
I can of course change the source code: (line 46 of tcp-env.c):
timeout = 30;
ZMailer has a 3/4 secs timeout, which i believe is acceptable,
why in hell would qmail need a 30 sec (or so) identd timeout?
Anyone willing to explain?
Enrique-
From: Enrique Vadillo <[EMAIL PROTECTED]>
>Is there a config somewhere so i can decrease identd timeout to something
>less than 30 seconds? my qmail server is attempting to connect to identd
>ports of every remote host that opens a port 25 connection to it, and
>frequently these hosts are behind firewalls blocking identd ports
(tcp/113).
Of course, the first question is if you care about the identd from the
remote host. If you don't, simply add -R to the tcpserver command line, that
will supress the ident query.
Armando
On Fri, Jul 21, 2000 at 10:21:38PM -0500, Enrique Vadillo wrote:
! I can of course change the source code: (line 46 of tcp-env.c):
!
! timeout = 30;
If you're playing with tcp-env, the man page says there's a switch
called -t which seems to do what you want; check it out.
---Chris K.
--
Chris, the Young One |_ If you can't afford a backup system, you can't
Auckland, New Zealand |_ afford to have important data on your computer.
http://cloud9.hedgee.com/ |_ ---Tracy R. Reed
PGP: 0xCCC6114E/0x706A6AAD |_
Enrique Vadillo <[EMAIL PROTECTED]> writes on 21 July 2000 at 22:21:38 -0500
> Is there a config somewhere so i can decrease identd timeout to something
> less than 30 seconds? my qmail server is attempting to connect to identd
> ports of every remote host that opens a port 25 connection to it, and
> frequently these hosts are behind firewalls blocking identd ports (tcp/113).
>
> I can of course change the source code: (line 46 of tcp-env.c):
>
> timeout = 30;
>
> ZMailer has a 3/4 secs timeout, which i believe is acceptable,
> why in hell would qmail need a 30 sec (or so) identd timeout?
>
> Anyone willing to explain?
man tcpserver :
-r (Default.) Attempt to obtain TCPREMOTEINFO from
the remote host.
-R Do not attempt to obtain TCPREMOTEINFO from the
remote host.
-ttimeout
Give up on the TCPREMOTEINFO connection attempt
after timeout seconds. Default: 26.
--
Photos: http://dd-b.lighthunters.net/ Minicon: http://www.mnstf.org/minicon
Bookworms: http://ouroboros.demesne.com/ SF: http://www.dd-b.net/dd-b
David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED]
Has anyone tried to get HylaFax's hfaxd running under tcpserver?
Thanks,
John
--
John Conover Tel. 408.370.2688 [EMAIL PROTECTED]
631 Lamont Ct. Cel. 408.772.7733
Campbell, CA 95008 Fax. 408.379.9602 http://www.johncon.com
> Try chown -R al.koch: /home/al.koch/Maildir
> ^--- colon there
>
> It may or may not work. Colon is now the preferred separator between
> user and group, but historically the dot has been used for that, and
> so it's still supported for compatibility.
===
chown -R al.koch: /home/al.koch/Maildir WORKS!
drwx------ 5 al.koch popusers 1024 Jul 21 11:22 Maildir
Another person on the X-mas list. Thanks to Armando as well! woo hoo
tony.campisi
