qmail Digest 29 Dec 2000 11:00:01 -0000 Issue 1228
Topics (messages 54448 through 54457):
Re: rblsmtpd - notification
54448 by: Markus Stumpf
Re: What does "return address is refused" mean?
54449 by: Markus Stumpf
Re: checkpassword question
54450 by: Markus Stumpf
Re: alias system
54451 by: Markus Stumpf
How sending messages from web site
54452 by: ouldm.linux-at-business.com
Re: RBLSMTPD
54453 by: Markus Stumpf
54454 by: Piotr Kasztelowicz
Re: Xinetd & Qmail & New Problem!
54455 by: Jeff Lacy
config help needed
54456 by: I. Herman
54457 by: I. Herman
Administrivia:
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To bug my human owner, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
On Thu, Dec 28, 2000 at 11:10:37AM +1100, [EMAIL PROTECTED] wrote:
> question is: Is there anyway of notifying the person who sent the
> mail to you through the open relay, with a generic message that
> they were blocked. Say "Your message could not be processed by
> our server." If anyone could help with this it would be much
> appreciated.
rblsmtpd either rejects the message permanently (5xx code) or temporarily
(4xx code). Depending on the option you start rblsmtpd with and assuming
a correctly working smtpd on the sending side, the user will either
get a immediate failure notice on a 5xx code or a delayed one as soon as
the retry interval (typically around a week) of the sending smtpd has expired.
See
<URL:http://cr.yp.to/ucspi-tcp/rblsmtpd.html>
and especially the section on "Temporary errors" and the "-b -B" switches
for more information.
Note: a 4xx code is more "social" but may trigger bugs in some smtpds
(e.g. Microsoft SMTP) causing them to hammer on your smtpd with retries.
See: <URL:http://support.microsoft.com/support/kb/articles/Q224/9/83.ASP>
\Maex
--
SpaceNet AG | http://www.Space.Net/ | Stress is when you wake
Research & Development | mailto:[EMAIL PROTECTED] | up screaming and you
Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0 | realize you haven't
D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
On Wed, Dec 27, 2000 at 05:04:32PM -0800, Dai Yuwen wrote:
> Sometimes my mail will be bounced with the subject "return address is
> refused". What does that mean? I'm using qmail-1.03.
This is not a qmail error message.
If these messages are bounces this may be caused by badly configured
mail servers incorrectly rejecting messages with an empty sender ("<>").
\Maex
--
SpaceNet AG | http://www.Space.Net/ | Stress is when you wake
Research & Development | mailto:[EMAIL PROTECTED] | up screaming and you
Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0 | realize you haven't
D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
On Thu, Dec 28, 2000 at 10:13:56AM +0800, Rick Lu wrote:
> as we all know, there are two super-user functions in checkpassword package: setuid
>&
> setgid.
>
> because qmaild is only a normal user in nofiles group, so he has no privilege to
>call
> these codes. it will show "-ERR authorization failed".
Typically qmail-pop3d is started from tcpserver like:
/usr/local/bin/tcpserver -R -v -c 150 0 pop3 \
/var/qmail/bin/qmail-popup <host.domain> \
/var/qmail/bin/checkpassword \
/var/qmail/bin/qmail-pop3d Maildir 2>&1 \
| /var/qmail/bin/splogger qmail-pop3d 17 &
That is qmail-popup (and checkpassword) is started as root and not as user
qmaild and so everything will just work fine and checkpassword is able
to use the setuid/setgid calls to set the user to the authenticated one.
\Maex
--
SpaceNet AG | http://www.Space.Net/ | Stress is when you wake
Research & Development | mailto:[EMAIL PROTECTED] | up screaming and you
Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0 | realize you haven't
D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
On Thu, Dec 28, 2000 at 04:28:52PM +1100, [EMAIL PROTECTED] wrote:
> I have a .qmail file in my home directory that is .qmail-user and
> it contains the line:
> /usr/home/drew/Maildir2/ where Maildir2 is a seperate Mail
> directory setup than the one we use on the system. Is there
> anyway I can pop mail from this directory or is that an
> impossibility. Anyones input would be much appreciated.
If the user "drew" should authenticate/pop that Maildir2 and /usr/home/drew
is drew's $HOME you could set up another pop3 server on another port
and instead of "Maildir" use "Maildir2" as argument to qmail-pop3d.
However your client must support a non default pop3 port for that setup.
\Maex
--
SpaceNet AG | http://www.Space.Net/ | Stress is when you wake
Research & Development | mailto:[EMAIL PROTECTED] | up screaming and you
Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0 | realize you haven't
D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
Hello,
I'm insttalling Qmail Relay server on Raq3i . I putting my web site, my
http server on this machine.
(only SMTP, no POP! is allowed here, since this machine lies in DMZ and
used only to relaying mails to the
qmail LAN server liying behind a fierwall).
My question is: how I can use qmail to allow users sending messages
from the web site using mail soft like
IMP/HORD or another (any suggestions in this sense is welcome!)?
How users connecting to the my site web from anywhere can get their
messages on the qmail LAN server ?
PS: only my LAN machine IP's are listed in the tcp.smtp file now?
Thanks
On Thu, Dec 28, 2000 at 10:12:48AM +0100, Piotr Kasztelowicz wrote:
> ORBS and like ORBS lists
> there are stupid idea, which makes more evil than good. First of all
> from such as ORBS 'insecure hosts' list" are using all presented on Net
> hacers, who have directly listing of host, which potentialy can
> be used to attack. I'm of opinion, that giving such list public
> is illegal and harmful. I have met such case, that after each test
> made from ORBS was reported hackers proof to destroy my host, therefore
> the access for ORBS on my host has been by my on tcpserver blocked:
This lists are irrelevant for attacks and security through obscurity is
no security at all.
Hackers will find your server regardless whether you are listed in a RBL
list or not. On a freshly setup system with an IP address never assigned
before I had - within a week - 4 complete port scans + 6 additional
scans for relay open mailservers.
Trying to "hide" is useless. Fix your systems. I personally have no mercy
for ppl doing lousy system administration and whining when they get hacked.
If you can't handle all the hosts in your responsibility use at least
some port filters or a firewall or disconnect them by pulling the network
plug.
\Maex
--
SpaceNet AG | http://www.Space.Net/ | Stress is when you wake
Research & Development | mailto:[EMAIL PROTECTED] | up screaming and you
Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0 | realize you haven't
D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
On Thu, 28 Dec 2000, Markus Stumpf wrote:
> This lists are irrelevant for attacks and security through obscurity is
> no security at all.
The peoples, who manages with RBL could inform admin of tested
host prior to begin such tests. If test had presented insecurity or
open relay possibilities, ORBS admins could have informed me about
them first prior to inform all peoples about them to write it
on data base. I'd like to pay your attention to this fact, that
all cases to connect to my smtp to use it other than for sending
or receiving e-mail (for instance to the test without to inform me about
them)
can be taken as hackers proof itself. Additionaly each case such
tests due to more acitivity of hackers. Should I report this without
reaction? I were in such case a bad administrator.
> Hackers will find your server regardless whether you are listed in a RBL
> list or not.
But you can this not excluded, that this listing would have been a good
direction for hackers, because it is public on WWW.
> Trying to "hide" is useless. Fix your systems. I personally have no
mercy ..
This was already made by me in September, when I have begun manage with
this server
(I have under my care more servers), but I will not idle to
look to logs, where are observed logs from ORBS tests' proofs common
with proofs of achieve my server on ftp or telnet. I suppose, that
I'm permited to request from ORBS to use my smtp only for provided
for it use - email sending or receiving. This same I wish me to
stop all tests. I think, I have a rhight to its...
Best Wishes
Piotr Kasztelowicz
---
Piotr Kasztelowicz <[EMAIL PROTECTED]>
[http://www.am.torun.pl/~pekasz]
Thank you very much Andrew! You helped me solve my problem! It couldn't
have been simpler. I am a bozo. I was looking at a all the programs in
/var/qmail/bin, and I learned that qmail didn't really lose my messages. I
guessed that I hadn't started all of qmail correctly, so I ran
'/var/qmail/rc &'. The number of messages in the queue started dropping.
Now I will add rc to my init scripts. Thanks Andrew.
SORRY EVERYONE!
Bozo Jeff
----- Original Message -----
From: "Andrew Richards" <[EMAIL PROTECTED]>
To: "'Jeff Lacy'" <[EMAIL PROTECTED]>
Sent: Thursday, December 28, 2000 12:37 PM
Subject: RE: Xinetd & Qmail & New Problem!
> Jeff,
>
> I think you'll need to post your logs and startup files for the list
members
> to be able to help you.
>
> cheers,
>
> Andrew.
> ----------
> From: Jeff Lacy[SMTP:[EMAIL PROTECTED]]
> Sent: 27 December 2000 21:47
> To: [EMAIL PROTECTED]
> Subject: Xinetd & Qmail & New Problem!
>
> Okay. Thanks everyone who helped me. Qmail accepts mail and things seem
to
> be mostly better. Now I only have problem and I would very very grateful
if
> anyone could help me with it.
>
> After qmail accepts a message from me, I assume it does it thing. Then I
go
> to my mail program (outlook express) and say for check new mail. It asks
> for new mail, via pop3, and it comes back with nothing at all. I don't
know
> how to find the all the messages I send. Qmail is hiding/destroying my
> mail! Could someone please tell me where to look and/or how to fix the
> problem?
>
> .qmail-root and .qmail-postmaster both are:
> jeff
> [EMAIL PROTECTED]
>
>
> ~jeff/.qmail is:
> ./Maildir/
>
> ~jeff/Maildir/ is owned by jeff and is a mail dir so it should work.
>
> Doing an 'echo to:jeff | /var/qmail/bin/qmail-inject' doesn't show up
> anywhere. Email to root get lost too.
>
> Could someone please help me? Thanks everyone :-D
>
> Jeff
>
>
> ----- Original Message -----
> From: "Paco Gracia" <[EMAIL PROTECTED]>
> To: "Jeff Lacy" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Wednesday, December 27, 2000 2:31 AM
> Subject: RE: Xinetd & Qmail
>
>
> > Hello,
> >
> > This set up used to work with qmail and RH7.0. It uses vpopmail so
if
> > you have a standard qmail instalation you'll have to change vchkpw to
use
> > checkpassword.
> >
> > Each service is in one file inside /etc/xinet.d. Read xinet man
pages
> to
> > allow and deny connections, set a maximun number of concurrent
> connections,
> > bind and external ip to an internal ip, configure your logs, etc...
> >
> > tcpserver was the only solution before xinet and it is still the
best
> > solution for advanced qmail instalations. For nothing too complicated
> xinet
> > can do the job perfectly... and it is most straightforward than
tcpserver.
> > So the choice depends on your needs.
> >
> > Bye.
> >
> > /etc/xinet.d/smtp
> >
> > # default: on
> > service smtp
> > {
> > disable = no
> > socket_type = stream
> > protocol = tcp
> > wait = no
> > user = qmaild
> > server = /var/qmail/bin/tcp-env
> > server_args = /var/qmail/bin/qmail-smtpd
> > log_on_success += USERID
> > log_on_failure += USERID
> > }
> >
> >
> > /etc/xinet.d/pop
> >
> > # default: on
> > service pop3
> > {
> > disable = no
> > socket_type = stream
> > wait = no
> > user = root
> > server = /var/qmail/bin/qmail-popup
> > server_args = your.mail.server
> /home/vpopmail/bin/vchkpw
> > /var/qmail/bin/qmail-pop3d Maildir
> > log_on_success += USERID
> > log_on_failure += USERID
> > }
> >
> >
> > ----- Original Message -----
> > From: Jeff Lacy <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Wednesday, December 27, 2000 2:56 AM
> > Subject: Xinetd & Qmail
> >
> >
> > > Hello Everyone,
> > >
> > > I'm new to this list, so please forgive me if this has been asked
> > before
> > > or is really dumb.
> > >
> > > I'm running RH7.0 and I would like to run qmail. I thought I had
it
> > > working once, but I was just calling tcpd from xinetd and that seemed
a
> > > little foolish. I have been messing around with xinetd all day and my
> > > progress has been -42. Qmail accepts messages, but then they just
sort
> of
> > > disappear. I think it all stems from a problem with my xinetd
> > > configuration. I have searched the internet and everything I find is
> > > different from everything else. I am looking for the 'definitive'
thing
> > to
> > > use with xinetd. Hopefully, it should have logging and not use
anything
> > > toooo complex (and allow relaying from my lan).
> > >
> > > I would also really appreciate it if someone would tell me why so
> many
> > > people use tcpserver instead of xinetd. I understand that tcpserver
can
> > be
> > > run continually, but xinetd only starts smtpd (or whatever) when
someone
> > > connects to port 25. I am going to be running a very very (did I
> mention
> > > very) low-volume mail server.
> > >
> > > PLEASE someone, just tell me what to do. Thanks very much in
> advance.
> > > Maybe now I can put down my virtual water gun. Thanks.
> > >
> > > Despairing Jeff
> > >
> > >
> >
>
>
>
>
I just recently
installed qmail and followed the how-to on life w/ qmail. I am at the part
where i start it for the first time, and i am getting the following error
messages:
supervise: fatal:
unable to acquire qmail-send/supervise/lock: temporary failure
supervise:
fatal: unable to acquire log/supervise/lock: temporary failure
supervise:
fatal: unable to acquire qmail-smtpd/supervise/lock: temporary
failure
What can I do to fix
this?
|
all the permittions
are correct, now it's giving me another error...
supervise: fatal:
unable to start log/run: file does not exist
supervise: warning:
unable to rename log/supervise/status.new to status: file does not
exist
supervise: fatal: unable to acquire qmail-smtpd/supervise/lock:
temporary failure
supervise: fatal: unable to acquire log/supervise/lock:
temporary failure
when i check to see
if all my qmail-send and qmail-smtpd have the /log/run in them...they both do,
all run files are executable
Any
ideas?
Izzie
|
