qmail Digest 11 Jan 2001 11:00:00 -0000 Issue 1241
Topics (messages 54980 through 55027):
Re: Dot in email adress
54980 by: Robin S. Socha
54981 by: Jason Brooke
54983 by: brahe
54996 by: Jurjen Oskam
54997 by: Russell Nelson
no return-path
54982 by: octave klaba
54984 by: Alex Pennace
Hy
54985 by: Seby
54986 by: Robin S. Socha
54987 by: Jose AP Celestino
54988 by: Jason Brooke
54989 by: Jose AP Celestino
54990 by: Noah Sematimba
54991 by: Wilson, Frank
54992 by: Brian Longwe
54993 by: Robin S. Socha
54998 by: Russell Nelson
QMTP sublist
54994 by: Peter van Dijk
SMTP AUTH Patch
54995 by: Eric M. Johnston
John Levine's book cancelled?
54999 by: David Geller
QMTP running on sources.redhat.com
55000 by: Ian Lance Taylor
55018 by: Russell Nelson
badmailfrom for qmail-qmtpd
55001 by: Peter van Dijk
55005 by: Peter van Dijk
Was my qmail hacked?
55002 by: Chris Gray
55003 by: Mark Delany
55004 by: paul.anastrophe.com
55006 by: Chris Gray
How do I use binmail (aka mail(1))
55007 by: Medi Montaseri
55008 by: Paul Jarc
Re: allowing relay for certain hosts only
55009 by: Raphael Deimel
qmail-1.03-6.src.rpm
55010 by: Keith Smith
55020 by: Andy Bradford
howto hiding header
55011 by: kh
55012 by: Mark Delany
55015 by: Kurth Bemis
speed of machines
55013 by: Ross Davis - Data Anywhere
55017 by: David Dyer-Bennet
Re: addition to qmail init script
55014 by: Mate Wierdl
qmail-smtpd-auth
55016 by: Bjorn Nilsen
problem creating single user id
55019 by: vishwanath kalbagilmath
problem creating virtual user accounts
55021 by: vishwanath kalbagilmath
how to obtain Email UID
55022 by: email.mcmug.org
#4.3.0 error
55023 by: Jes�s Arn�iz
User unkown in maillog
55024 by: ouldm.linux-at-business.com
users
55025 by: Rohit Gupta
55026 by: Robin S. Socha
tcpserver: fatal:, cat, svc commands not found
55027 by: Ould
Administrivia:
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To bug my human owner, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
* Boz Crowther <[EMAIL PROTECTED]> [010110 00:05]:
> I'd say you'd have better luck getting people to stop giving newbies
> snotty answers on mailing lists designed to help them.
Sorry, Boz, but there does not seem to be a news2mail gateway for
alt.rec.suicide. And you /are/ aware of whom you just tried
(unsuccessfully and in a tear-duct-straining way) to flame, aren't you?
Well, the wheel is still spinning, but this hamster is dead. Tata...
hey, that reminds me of the time you tried to flame me on-list in response
to an off-list email I sent you - attempting to use another person's quoted
comments as though they were mine - funny stuff
I guess that's when you found alt.rec.suicide
jason
> Sorry, Boz, but there does not seem to be a news2mail gateway for
> alt.rec.suicide. And you /are/ aware of whom you just tried
> (unsuccessfully and in a tear-duct-straining way) to flame, aren't you?
> Well, the wheel is still spinning, but this hamster is dead. Tata...
On Tue, Jan 09, 2001 at 09:03:44PM -0800, Boz Crowther wrote:
> I'd say you'd have better luck getting people to stop giving newbies snotty
> answers on mailing lists designed to help them.
Big misunderstanding. This list isn't designed to help newbies, it is for
discussions regarding qmail.
We are all helping newbies, _if_ they have done their homework and reag the
documentation. As we aren't paid support stuff we can expect they've done
that.
On Tue, 9 Jan 2001 21:03:44 -0800, "Boz Crowther"
<[EMAIL PROTECTED]> wrote:
>I'd say you'd have better luck getting people to stop giving newbies snotty
>answers on mailing lists designed to help them.
This mailing list (and mailing lists in general) isn't designed to
answer questions that are already answered IN THE DOCUMENTATION.
If you can't RTFM, you shouldn't be doing it. Spoonfeeding the answer
won't 'help' this person, it will only lead to more problems in the
end.
end
--
Jurjen Oskam * carnivore! * http://www.stupendous.org/ for PGP key
assassinate nuclear iraq clinton kill bomb USA eta ira cia fbi nsa kill
president wall street ruin economy disrupt phonenetwork atomic bomb sarin
nerve gas bin laden military -*- DVD Decryption at www.stupendous.org -*-
Robin S. Socha writes:
> * Boz Crowther <[EMAIL PROTECTED]> [010110 00:05]:
> > I'd say you'd have better luck getting people to stop giving newbies
> > snotty answers on mailing lists designed to help them.
>
> Sorry, Boz, but there does not seem to be a news2mail gateway for
> alt.rec.suicide. And you /are/ aware of whom you just tried
> (unsuccessfully and in a tear-duct-straining way) to flame, aren't you?
Was he flaming me? I didn't feel flameed. I mean, not only did I
answer the guy's question, but I also told him how he could get his
system audited by a Professionally Written program as well.
--
-russ nelson <[EMAIL PROTECTED]> http://russnelson.com | Government is the
Crynwr sells support for free software | PGPok | fictitious entity by which
521 Pleasant Valley Rd. | +1 315 268 1925 voice | everyone seeks to live at
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | everyone else's expense.
Hi,
2 questions:
- how can I deny all emails without Return-Path:
like this: Return-Path: <>
- is it a good idea ?
The problem I have is to deny this kind of email.
I tried badmailfrom but it does not work
# cat badmailfrom
[EMAIL PROTECTED]
thanks for help
Octave
Return-Path: <>
Received: ..........
Date: Wed, 10 Jan 2001 12:41:03 +0100
Message-Id: <[EMAIL PROTECTED]>
Received: (qmail 22047 invoked from network); 10 Jan 2001 11:29:19 -0000
From: Hahaha <[EMAIL PROTECTED]>
Subject: Blanche neige et ...les sexe nains
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="--VE6F4X6V496F"
X-UIDL: b42fd9e128c7015395ffd2b3a4d95b82
Amicalement,
oCtAvE
On Wed, Jan 10, 2001 at 12:56:29PM +0100, octave klaba wrote:
> Hi,
> 2 questions:
> - how can I deny all emails without Return-Path:
> like this: Return-Path: <>
> - is it a good idea ?
Don't do that. You need to accept mail from null envelope senders, as
those are bounce messages (bouncing those will irk many postmasters
around the net).
Can i see what mails i'm reciving at a moment...
Seby...
* Seby <[EMAIL PROTECTED]> [010110 07:48]:
> Can i see what mails i'm reciving at a moment...
man 1 crystal_ball
Otherwise, read the qbiff man page and say biff y.
On Wed, Jan 10, 2001 at 02:43:59PM +0200, Seby wrote:
> Can i see what mails i'm reciving at a moment...
>
> Seby...
>
Greetings.
qmail-qstat - summarize status of mail queue
man qmail-qstat
--
Jose AP Celestino <[EMAIL PROTECTED]>
http://www.sapo.pt
-----------------------------------------------------------
QUOTD: "Every morning I read the obituaries; if my name's not there,
I go to work."
tail the end of the appropriate logfile
jason
> Can i see what mails i'm reciving at a moment...
>
> Seby...
>
>
Sorry, I meant qmail-qread
:)
On Wed, Jan 10, 2001 at 01:20:52PM +0000, Jose AP Celestino wrote:
> On Wed, Jan 10, 2001 at 02:43:59PM +0200, Seby wrote:
> > Can i see what mails i'm reciving at a moment...
> >
> > Seby...
> >
>
> Greetings.
>
> qmail-qstat - summarize status of mail queue
>
> man qmail-qstat
>
>
> --
> Jose AP Celestino <[EMAIL PROTECTED]>
> http://www.sapo.pt
> -----------------------------------------------------------
> QUOTD: "Every morning I read the obituaries; if my name's not there,
> I go to work."
--
Jose AP Celestino <[EMAIL PROTECTED]> || SAPO / PTM.COM
Administração de Sistemas / Operações || http://www.sapo.pt
-----------------------------------------------------------
Air is water with holes in it.
tail -f /var/log/maillog
On Wed, 10 Jan 2001, Robin S. Socha wrote:
> * Seby <[EMAIL PROTECTED]> [010110 07:48]:
> > Can i see what mails i'm reciving at a moment...
>
> man 1 crystal_ball
>
> Otherwise, read the qbiff man page and say biff y.
>
>
unsubscribe
-----Opprinnelig melding-----
Fra: Noah Sematimba [mailto:[EMAIL PROTECTED]]
Sendt: 10. januar 2006 16:23
Til: Robin S. Socha
Kopi: [EMAIL PROTECTED]
Emne: Re: Hy
tail -f /var/log/maillog
On Wed, 10 Jan 2001, Robin S. Socha wrote:
> * Seby <[EMAIL PROTECTED]> [010110 07:48]:
> > Can i see what mails i'm reciving at a moment...
>
> man 1 crystal_ball
>
> Otherwise, read the qbiff man page and say biff y.
>
>
the default maillog is not very detailed. you might want to use splogger to
get more detail in your log files
Brian
> -----Original Message-----
> From: Noah Sematimba [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, January 10, 2006 6:23 PM
> To: Robin S. Socha
> Cc: [EMAIL PROTECTED]
> Subject: Re: Hy
>
>
> tail -f /var/log/maillog
>
> On Wed, 10 Jan 2001, Robin S. Socha wrote:
>
> > * Seby <[EMAIL PROTECTED]> [010110 07:48]:
> > > Can i see what mails i'm reciving at a moment...
> >
> > man 1 crystal_ball
> >
> > Otherwise, read the qbiff man page and say biff y.
> >
> >
>
>
* Brian Longwe <[EMAIL PROTECTED]> [010110 10:55]:
> Noah Sematimba [mailto:[EMAIL PROTECTED]]
> > On Wed, 10 Jan 2001, Robin S. Socha wrote:
> > > * Seby <[EMAIL PROTECTED]> [010110 07:48]:
> > > > Can i see what mails i'm reciving at a moment...
> > > man 1 crystal_ball
> > > Otherwise, read the qbiff man page and say biff y.
> > tail -f /var/log/maillog
> the default maillog is not very detailed. you might want to use
> splogger to get more detail in your log files
Use multilog and read the tail manpage. OpOutlook: If I wanted to be
Cc:'ed, I would have said that.
Seby writes:
> Can i see what mails i'm reciving at a moment...
You mean email that hasn't been successfully queued yet? Well, you
could look for invocations of qmail-queue, but you can't see what
email they're currently receiving. What exactly *do* you mean?
--
-russ nelson <[EMAIL PROTECTED]> http://russnelson.com | Government is the
Crynwr sells support for free software | PGPok | fictitious entity by which
521 Pleasant Valley Rd. | +1 315 268 1925 voice | everyone seeks to live at
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | everyone else's expense.
QMTP-delivering sublist up and running. Send to
[EMAIL PROTECTED] to use it.
The host does SMTP too, if you feel like just using a closer sublist
and not even care about QMTP.
Will create more sublists as people show demand.
Greetz, Peter.
Hi,
I've authored YAQSAP (Yet Another qmail SMTP AUTH Patch) which is a bit
more DJBized than the others right now in that it uses DJB's libraries
exclusively. Functionally, it's not all that different from Krzysztof
Dabrowski's version except that it sets TCPREMOTEINFO to the
authenticated username for logging in a Received header.
Mr. Dabrowski has expressed an interest in merging my patch into his
efforts, something which I find reasonable. Until then, if you happen
to use it, please let me know how it works out.
Thanks,
Eric
qmail-auth-20010105.tar.gz
Just got this from Amazon. :(
>>
Hello from Amazon.com.
We are sorry to report that the release of the following
item has been cancelled:
John R. Levine, et al "Q-Mail"
Though we had expected to be able to send this item to you, we've
since found that it will not be released after all. Please accept
our sincerest apologies for any inconvenience we have caused you.
We have cancelled this item from your order.
<<
Anyone know what happened?
- David
I installed QMTP on sources.redhat.com. sources.redhat.com, formerly
sourceware.cygnus.com, is the host of a number of free software
projects, including gcc, gdb, and the GNU binutils. It sends out over
100,000 e-mail messages per day.
The system has received exactly one mail message via QMTP (from me).
It has sent maybe twenty mail messages via QMTP, mostly to me, but
also a couple to one other person.
Russ, thanks for writing the QMTP patches. Now, when are you going to
start using QMTP to send out FSB?
Ian
Ian Lance Taylor writes:
> Russ, thanks for writing the QMTP patches. Now, when are you going to
> start using QMTP to send out FSB?
:) Good point. Okay, the [EMAIL PROTECTED] list, the
[EMAIL PROTECTED] list, the [EMAIL PROTECTED] list, and the mgetty
list are all being delivered via qmtpd.
I've got a customer who's delivering ten million messages a day or so.
Once we've got more confidence in the code I'll install it on his
server. Or servers, rather. :)
Now, who wants to work on cqmtp (compressed quick mail transport
protocol)? :) No reason why you couldn't run gzip on the whole chunk
before sending it off.
--
-russ nelson <[EMAIL PROTECTED]> http://russnelson.com | Government is the
Crynwr sells support for free software | PGPok | fictitious entity by which
521 Pleasant Valley Rd. | +1 315 268 1925 voice | everyone seeks to live at
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | everyone else's expense.
I patched qmail-qmtpd to respect badmailfrom like qmail-smtpd does.
Also fixed qmail-qmtpd.8 and qmail-control.9.
The patch is on Johan's QMTP page,
http://www.almqvist.net/johan/qmail/qmail-qmtpc.html
Greetz, Peter.
On Wed, Jan 10, 2001 at 09:30:48PM +0100, Peter van Dijk wrote:
> I patched qmail-qmtpd to respect badmailfrom like qmail-smtpd does.
> Also fixed qmail-qmtpd.8 and qmail-control.9.
>
> The patch is on Johan's QMTP page,
> http://www.almqvist.net/johan/qmail/qmail-qmtpc.html
Johan apparently did something wrong, the patch itself 403's.
It's on http://www.dataloss.net/qmtpd-badmailfrom-1.1.patch for now.
Greetz, Peter.
Hi. I'm generating emails through PHP scripts. Recently I sent a single
personalised message to 15 private list members. They each received 500-800
identical copies over a 4 to 5 hour period in 3 or 4 batches.
Could anyone help me solve this? I suspect human intervention as the
previous day an email-related database received 3 identical records
containing the words, MORONS, LOOSERS (spelling!) and ANOTHER_SCHEME,
together with my own email address.
Yes, I had previously tested that script and later ran the same script with
myself as each of the 15 recipients. There were no problems. The email
headers don't show anything unusual.
Any help or pointers much appreciated.
Chris Gray
NetRover, Inc.
On Wed, Jan 10, 2001 at 03:40:35PM -0500, Chris Gray wrote:
> Hi. I'm generating emails through PHP scripts. Recently I sent a single
> personalised message to 15 private list members. They each received 500-800
> identical copies over a 4 to 5 hour period in 3 or 4 batches.
>
> Could anyone help me solve this? I suspect human intervention as the
> previous day an email-related database received 3 identical records
> containing the words, MORONS, LOOSERS (spelling!) and ANOTHER_SCHEME,
> together with my own email address.
>
> Yes, I had previously tested that script and later ran the same script with
> myself as each of the 15 recipients. There were no problems. The email
> headers don't show anything unusual.
>
> Any help or pointers much appreciated.
Well, lemme see...
You've given no examples of the "identical emails" so we can't help by
looking at those.
You've given no relevant log entries showing the multiple delivery
attempts to the addresses in question, so we can't help by looking at
these.
You haven't shown us the headers that "don't show anything unusual" so
we can't confirm that your guess is correct.
You've given no information about:
o your operating system
o your qmail install
o what sort of access other people have to these scripts
o what your php scripts look like
o who has access to those scripts - can a web server get at them?
Come to think of it, all you really said is "something went wrong, can
you help?". Surely you don't think that's enough information, do you?
If you do, I highly recommend that you pay someone to look into the
problem for you.
Furthermore, you've posted what appears to be a general security
problem. That your system or script has been compromised almost
certainly has nothing to do with qmail. What makes you think it's a
problem with qmail rather than say, your OS, or your PHP scripts, or
your database, or your users?
Regards.
Mark Delany writes:
> o your operating system
> o your qmail install
> o what sort of access other people have to these scripts
> o what your php scripts look likealmost
o what version of php you are running (several exploits in older
versions out there)
---------------------------------
Paul Theodoropoulos
[EMAIL PROTECTED]
Senior Unix Systems Administrator
Syntactically Subversive Services, Inc.
http://www.anastrophe.net
Downtime Is Not An Option
Hi Mark:
Thanks for your reply.
I see I have a lot of work to do. Unfortunately I'm not a web server
technical guy, JUST a programmer.
Maybe I shouldn't have assumed that qmail was where I should start looking
but it seemed reasonably to a non-technical person that qmail was sending my
PHP generated email to the outside world.
> That your system or script has been compromised almost
> certainly has nothing to do with qmail
So my question should have been,
"How can my system be tampered with to force qmail to send out 10,000 bogus
emails?"
Here is the PHP script. I have run similar scripts through the same web
server with no problems. I echoed each email correctly to my browser screen
and have a copy of the screen output from the offending occurance which
shows a single email being generated for each of the 15 recipients as
expected. Don't tell me the hacker bothered to fake that as well.
<?
// send email to these people
$tu[0] = "curious~[EMAIL PROTECTED]";
$tu[1] = "curious~[EMAIL PROTECTED]";
$tu[2] = "curious~[EMAIL PROTECTED]";
$tu[3] = "curious~[EMAIL PROTECTED]";
$tu[4] = "curious~[EMAIL PROTECTED]";
$tu[5] = "curious~[EMAIL PROTECTED]";
$tu[6] = "curious~[EMAIL PROTECTED]";
$tu[7] = "curious~[EMAIL PROTECTED]";
$tu[8] = "curious~[EMAIL PROTECTED]";
$tu[9] = "curious~[EMAIL PROTECTED]";
$tu[10] = "curious~[EMAIL PROTECTED]";
$tu[11] = "curious~[EMAIL PROTECTED]";
$tu[12] = "curious~[EMAIL PROTECTED]";
$tu[13] = "curious~[EMAIL PROTECTED]";
$tu[14] = "curious~[EMAIL PROTECTED]";
for ($j=0;$j<15;$j++) {
$NM = explode("~",$tu[$j]);
echo "$NM[0] ~ $NM[1]<p>";
$name = $NM[0];
$mail = $NM[1];
// ==============================================================
$message="
Hey $name!
Blah Blah Blah
Best regards,
Chris Gray
";
mail($mail,"GoldGame News",$message,"From: [EMAIL PROTECTED]");
// ==============================================================
echo "$message<p>";
} // end for j=1 to n
?>
Here are some of the headers:
The job was run in the early afternoon of Jan 7th. I remember being
surprised at the time that it took so long to execute. Maybe a couple of
minutes??
Return-Path: [EMAIL PROTECTED]
Received: from hedo5.netrover.com (hedo5.netrover.com [205.209.16.80]) by
river.netrover.com (8.9.3+Sun/8.7.3) with SMTP id TAA09543 for
<[EMAIL PROTECTED]>; Sun, 7 Jan 2001 19:29:24 -0500 (EST)
X-Envelope-From: [EMAIL PROTECTED]
X-Envelope-To: <[EMAIL PROTECTED]>
Received: (qmail 30238 invoked by uid 2526); 8 Jan 2001 01:26:14 -0000
Date: 8 Jan 2001 01:26:14 -0000
Message-ID: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: GoldGame News
From: [EMAIL PROTECTED]
X-UIDL: U'F!!;$W!!ae[!!\i["!
Return-Path: [EMAIL PROTECTED]
Received: from hedo5.netrover.com (hedo5.netrover.com [205.209.16.80]) by
river.netrover.com (8.9.3+Sun/8.7.3) with SMTP id NAA13581 for
<[EMAIL PROTECTED]>; Sun, 7 Jan 2001 13:55:26 -0500 (EST)
X-Envelope-From: [EMAIL PROTECTED]
X-Envelope-To: <[EMAIL PROTECTED]>
Received: (qmail 28606 invoked by uid 2526); 7 Jan 2001 19:52:18 -0000
Date: 7 Jan 2001 19:52:18 -0000
Message-ID: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: GoldGame News
From: [EMAIL PROTECTED]
X-UIDL: 9-J!!E3c"!'$N!!ICN"!
Return-Path: [EMAIL PROTECTED]
Received: from hedo5.netrover.com (hedo5.netrover.com [205.209.16.80]) by
river.netrover.com (8.9.3+Sun/8.7.3) with SMTP id OAA29607 for
<[EMAIL PROTECTED]>; Sun, 7 Jan 2001 14:58:27 -0500 (EST)
X-Envelope-From: [EMAIL PROTECTED]
X-Envelope-To: <[EMAIL PROTECTED]>
Received: (qmail 2256 invoked by uid 2526); 7 Jan 2001 20:55:18 -0000
Date: 7 Jan 2001 20:55:18 -0000
Message-ID: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: GoldGame News
From: [EMAIL PROTECTED]
X-UIDL: BFR"!B%1"!T+M!!<;d!!
Return-Path: [EMAIL PROTECTED]
Received: from hedo5.netrover.com (hedo5.netrover.com [205.209.16.80]) by
river.netrover.com (8.9.3+Sun/8.7.3) with SMTP id OAA29725 for
<[EMAIL PROTECTED]>; Sun, 7 Jan 2001 14:58:49 -0500 (EST)
X-Envelope-From: [EMAIL PROTECTED]
X-Envelope-To: <[EMAIL PROTECTED]>
Received: (qmail 2325 invoked by uid 2526); 7 Jan 2001 20:55:41 -0000
Date: 7 Jan 2001 20:55:41 -0000
Message-ID: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: GoldGame News
From: [EMAIL PROTECTED]
X-UIDL: K\_"!B?[!!T[J"!T`c"!
Return-Path: [EMAIL PROTECTED]
Received: from hedo5.netrover.com (hedo5.netrover.com [205.209.16.80]) by
river.netrover.com (8.9.3+Sun/8.7.3) with SMTP id PAA01609 for
<[EMAIL PROTECTED]>; Sun, 7 Jan 2001 15:02:56 -0500 (EST)
X-Envelope-From: [EMAIL PROTECTED]
X-Envelope-To: <[EMAIL PROTECTED]>
Received: (qmail 5604 invoked by uid 2526); 7 Jan 2001 20:59:37 -0000
Date: 7 Jan 2001 20:59:37 -0000
Message-ID: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: GoldGame News
From: [EMAIL PROTECTED]
X-UIDL: pBi!![JS!!i&E"!)=V!!
> What makes you think it's a
> problem with qmail rather than say, your OS, or your PHP scripts, or
> your database, or your users?
I never said it was a qmail problem. I asked how qmail could be hacked.
Anyway, simply by elimination.
Users?
Are you serious! Do I have to show you the snarly and occasionally humorous
messages I received from them? I received 100's of these bogus emails
myself. Would you like me to send them to you? heheheheheheh
Database?
This email application doesn't use one, yet. The recipients were hard-coded
for testing purposes.
PHP script?
How can PHP generate 10,000 emails from a simple 15 iteration FOR loop?
Maybe the 'explode' function exploded?
The PHP mail() function may have gone beserk but only on that single
occasion, but if it did why would the 10,000 emails get sent in 3 or 4
batches spread over 6 hours? Well it's possible... I know an NT box takes
several seconds to send out an email as I've often watched a batch job
scrolling in a DOS window.
Hmm... maybe I should go and bug the PHP people...
But wait a minute! Don't forget the hacked entries in my database the day
before. Just a coincidence?
The OS?
Well you've got me there <g>
All I know is it's a SUN Unix box with some PLESK software package that
handles the web-hosting.
I don't want to ask our techs for more information as I suspect one of them
is the culprit.
I know the PHP/mySQL versions but that shouldn't help too much.
This is commercial web-hosting from a successful fair-sized Canadian-wide
ISP with supposedly tight security, except for the inside techs.
Could the OS generate 10,000 different values in the email headers? I'm not
a headers guru.
I'm not suggesting that qmail is flakey. I just want to know if and how it
can be manipulated by a malicious user. I know nothing about email servers.
I assume it gets input from PHP then fires a data stream out through a port.
> You've given no relevant log entries showing the multiple delivery
> attempts to the addresses in question
I only have access to my own domain directory. I never thought of looking in
there. I'll try that.
Thanks,
Chris
----- Original Message -----
From: Mark Delany <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, January 10, 2001 3:58 PM
Subject: Re: Was my qmail hacked?
> On Wed, Jan 10, 2001 at 03:40:35PM -0500, Chris Gray wrote:
> > Hi. I'm generating emails through PHP scripts. Recently I sent a single
> > personalised message to 15 private list members. They each received
500-800
> > identical copies over a 4 to 5 hour period in 3 or 4 batches.
> >
> > Could anyone help me solve this? I suspect human intervention as the
> > previous day an email-related database received 3 identical records
> > containing the words, MORONS, LOOSERS (spelling!) and ANOTHER_SCHEME,
> > together with my own email address.
> >
> > Yes, I had previously tested that script and later ran the same script
with
> > myself as each of the 15 recipients. There were no problems. The email
> > headers don't show anything unusual.
> >
> > Any help or pointers much appreciated.
>
> Well, lemme see...
>
> You've given no examples of the "identical emails" so we can't help by
> looking at those.
>
> You've given no relevant log entries showing the multiple delivery
> attempts to the addresses in question, so we can't help by looking at
> these.
>
> You haven't shown us the headers that "don't show anything unusual" so
> we can't confirm that your guess is correct.
>
>
> You've given no information about:
>
> o your operating system
> o your qmail install
> o what sort of access other people have to these scripts
> o what your php scripts look like
> o who has access to those scripts - can a web server get at them?
>
>
> Come to think of it, all you really said is "something went wrong, can
> you help?". Surely you don't think that's enough information, do you?
> If you do, I highly recommend that you pay someone to look into the
> problem for you.
>
> Furthermore, you've posted what appears to be a general security
> problem. That your system or script has been compromised almost
> certainly has nothing to do with qmail. What makes you think it's a
> problem with qmail rather than say, your OS, or your PHP scripts, or
> your database, or your users?
>
>
>
> Regards.
>
I have installed Qmail on a Linux box and working fine.
However cron uses mail(1) (or binmail) to send the output to owners of
cron jobs.
Testing 'mail user' does not currently work. I have replaced
sendmail(1d) but sending 'mail user@domain' works.
Question, do I have to modify control/local or some other control file
to be able to use 'mail user' ?
Here is some more data
My hostname is 'samba.sc.prepass.com'
control/me contains mail.sc.prepass.com as mail is a CNAME to samba
control/locals contain 'sc.prepass.com' and '.sc.prepass.com'
Should I change smtproutes or me or locals to achieve what I want?
Thanks
--
=======================================================================
Medi Montaseri, [EMAIL PROTECTED], 408-450-7114
Lockheed Martin IMS (Prepass), IT/Operations, Software Eng.
=======================================================================
Medi Montaseri <[EMAIL PROTECTED]> writes:
> My hostname is 'samba.sc.prepass.com'
> control/me contains mail.sc.prepass.com as mail is a CNAME to samba
> control/locals contain 'sc.prepass.com' and '.sc.prepass.com'
I don't think locals lets you use wildcards like that. You have to
list every domain explicitly. If you have no defaultdomain, it
defaults to your me, which is not included in your locals. So you can
either provide a defaultdomain that is in your locals, or include your
me in your locals - which you should probably do anyway.
paul
|
Hi all!
Here's a program for everyone interested
in:
I had the problem that my mailserver had to relay
mail from my masqueraded lan and at the same time not to allow spammers from
outside to relay with qmail
So I quickly wrote this program (and named it
SelectiveRelay), which simply sets the environment vars if a client's IP matches
a given subnet mask
I hope it can help someone else too.
Raphael Deimel
p.s.: i'm not subscribed in this
list
|
Hi All,
I am trying to install qmail on Caldera eServer 2.3.
1) I downloaded the file qmail-1.03-6.src.rpm onto my win98 machine.
2) copied to Linux box into directory /rpm_qmail
3) rpm -i qmail-1.03-6.src.rpm
4) cd /usr/src/OpenLinux/SPEC
5) rpm -bb qmail.spec
6) cd /usr/src/OpenLinux/RPMS/i386
7) rpm -U qmail-1.03-6.i386.rpm
I received an error ""Shadow-Utils is needed by qmail-1.03-6
I'm stumped.
Any help appreciated.
Keith Smith
Thus said "Keith Smith" on Wed, 10 Jan 2001 18:56:09 MST:
> I received an error ""Shadow-Utils is needed by qmail-1.03-6
Sounds like you need to install the shadow-utils RPM...
Andy
--
[-----------[system uptime]--------------------------------------------]
10:41pm up 70 days, 1:02, 6 users, load average: 1.36, 1.22, 1.14
|
I'm using the fastforward alias, and note that the
header of the email has added several header "Delived-To:
[EMAIL PROTECTED]" because I have a few level alias for a same user, my
question is how do I hide the header generated by fastforward alias, I mean hide
the header "Delivered-To: ".
thanks
ckh :)
|
On Thu, Jan 11, 2001 at 09:50:51AM +0800, kh wrote:
> I'm using the fastforward alias, and note that the header of the email has added
>several header "Delived-To: [EMAIL PROTECTED]" because I have a few level
>alias for a same user, my question is how do I hide the header generated by
>fastforward alias, I mean hide the header "Delivered-To: ".
That header is important as it's used for fool-proof loop
detection. If you remove it you risk looping email on your
server. Consequently qmail has no standard provision for removing it,
so you have to write a filter with perl/awk at the point of final
delivery.
Is the loop risk worth the assumed benefit? Btw. What benefit are you
trying to get by removing them? Perhaps it can be achieved in some
other way?
Regards.
At 09:50 AM 1/11/2001 +0800, kh wrote:
are you hosting domains? i had this silly thing in my head that i didn't
want the end users to know that they didn't have thier own mail server. so
- i created a user called forwarder and put the .qmail files for the
domains in there. it makes things easy to track...and i found that in the
end - no body really cares what's in the header.
~kurth
>I'm using the fastforward alias, and note that the header of the email has
>added several header "Delived-To: [EMAIL PROTECTED]" because I have
>a few level alias for a same user, my question is how do I hide the header
>generated by fastforward alias, I mean hide the header "Delivered-To: ".
>thanks
>
>ckh :)
I am about to take over the hosting of a website and want know if my 2 mail
servers are going to be able to handle the volume.
They are two P166's with 64M ram and plenty of disk space. There are about
2000 emails per day going through the existing mail server. My servers will
be on a dedicated 10MB connection.
How may mails a day should I be able to handle?
Thanks in advance
Ross Davis
Ross Davis - Data Anywhere <[EMAIL PROTECTED]> writes on 10 January 2001 at
18:20:16 -0800
> I am about to take over the hosting of a website and want know if my 2 mail
> servers are going to be able to handle the volume.
>
> They are two P166's with 64M ram and plenty of disk space. There are about
> 2000 emails per day going through the existing mail server. My servers will
> be on a dedicated 10MB connection.
>
> How may mails a day should I be able to handle?
I wouldn't want to estimate what the upper limit wil be like. I will
say that I've handled something like 20 times that much mail in a day
on a single Cyrix 166 with 96M ram, though.
In fact, the upper limit might quite possibly end up depending on disk
throughput, and you say nothing about your disk subsystem. However,
for your 2000 emails, don't sweat it.
--
David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED]
SF: http://www.dd-b.net/dd-b/ Minicon: http://www.mnstf.org/minicon/
Photos: http://dd-b.lighthunters.net/
> If you want a generic copy of the setup I use, I've got it in
> http://qmail.org/service.tar.gz .
Is it intentional that there is no rules file used for pop3d ?
Mate
I'm considering patching qmail with the qmail-smtpd-auth patch. The reason
is that the roaming user pop before smtp function in vpopmail doesn't work
very well with my clients mail clients. In particular if Outlook has mail in
the Outbox it will always send that first no matter what. It does not have
the option to just check pop.
I am rather nervous about patching rock solid qmail with a 3rd party patch.
So I'm interested in what experience people have had with it and if it works
well. Also if it works well with vpopmail which I also depend on.
cheers,
Bjorn
--
Bjorn Nilsen <[EMAIL PROTECTED]>
Manux Solutions Ltd
Ph +64 3 343 2031 Fax +64 3 343 3064
Level 1, 39 Leslie Hills Drive, Riccarton
PO Box 3074 Christchurch
hello all,
I have installed qmail and its running pretty fine.
I have lots of users in my domain, Having one shell
account per user account is not feasible, So how do i
change to a single system account and still have
thousands of user account.
I do not use pop to retr mails, i have my own
mechanism for that, all i want is when mail comes from
other domains i want mails to be placed into user
account even though he/she is not owning shell account
or system account.
And i just want to know how to tune Timeouts for
sending mails to out side domains like the one
sendmail has in sendmail.cf file and how do i
forcibely push the mails out like "sendmail -q -v" in
qmail.
Please do inform me as soon as possible.
Thanx a lot
-vishwanath
__________________________________________________
Do You Yahoo!?
Yahoo! Photos - Share your holiday photos online!
http://photos.yahoo.com/
Dear all,
I have shifted sendmail to qmail and its working fine.
Right now am having shell accounts to all users, i
want it done with single common user shell account and
many virtual user accounts, hope you are getting my
problem.
I tried creating an account called popusr, then i
created directory /home/vishoo with 700 permission,
with a .qmail file in it contaning
/home/vishoo/Mailbox.
I have updated /user/assign as
=vishoo:popusr:uid:gid:/home/vishoo:::
and also build a cdb file by running qmail-newu.
After doing all these the mail i sent to vishoo is
appearing in ~alias/Mailbox.
How to make mails sent vishoo appear in
/home/vishoo/Mailbox, should i need to say aslias some
where, kindly help... asap.
Thanx
vishwanath
__________________________________________________
Do You Yahoo!?
Yahoo! Photos - Share your holiday photos online!
http://photos.yahoo.com/
i using Maildir format for store email
how imap know the UID of the email?
if my maildir directory have a lot of email.. such as over 500.
Nick
--
_______________________________________________
Get your free email from http://www.mcmug.org/webmail.html
@mcmug.org @mcdull.net
DOWNLOAD McMug 2001 Calendar la.. .
http://www.mcmug.org
Powered by Outblaze
Hi everyone!
I use qmail-1.03, vpopmail and qmailadmin. When I create a new virtual domain and I
try to send some
message to a pop account of it I get the next message from the server:
Jan 9 11:58:34 main qmail: 979037914.190687 delivery 5299: deferral:
Unable_to_switch_to_/home/vpopmail/domains/dominio.com:_access_denied._(#4.3.0)/
I see that the directory wasn't created with appropiate permission to vpopmail, so I
change it by
hand leaving it as other domains (that work) are. But it fails again. I'm not sure if
it is a
problem due to vpopmail or qmail.
If someone now something about the problem or the error I get please let me know it.
Best Regards.
--
Jesús Arnáiz <[EMAIL PROTECTED]>
Departamento de Sistemas - ARCOMEDIA.COM
Hello,
I can note send messages from my webmail (Horde/IMP) to myself or any
user in my domaine.
No problem to sent messages for other domaines, that works fine .
In the following the output of the sendmail (Qmail wrappers) maillog on
the Relay machine (where
Horde/IMP, Qmail, apache are installed) and that of my LAN mail server
(Courrier-IMPA, users's account, Qmail). Just trying to sent messages to
myself is loggged as:
Relay machine maillog file:
-------------------
Jan 11 09:19:34 phoenix sendmail[1960]: JAA01960:
Authentication-Warning:
phoenix.linuxatbusiness.com.linux-lab.com: httpd set sender to
[EMAIL PROTECTED] using -f
Jan 11 09:19:34 phoenix sendmail[1960]: JAA01960:
[EMAIL PROTECTED],
delay=00:00:00, mailer=local, stat=User unknown
Jan 11 09:19:34 phoenix sendmail[1960]: JAA01960:
[EMAIL PROTECTED], size=321, class=0, pri=30321, nrcpts=1,
msgid=<[EMAIL PROTECTED]>,
relay=httpd@localhost
Jan 11 09:19:34 phoenix sendmail[1960]: JAA01960:
[EMAIL PROTECTED],
delay=00:00:00, mailer=local, stat=User unknown
Jan 11 09:19:34 phoenix sendmail[1960]: JAA01960: JAB01960: postmaster
notify:
User unknown
Jan 11 09:19:34 phoenix sendmail[1960]: JAB01960: to=admin,
delay=00:00:00,
xdelay=00:00:00, mailer=local, stat=Sent
Lan machine maillog file:
------------------
Jan 11 09:37:20 andromede imaplogin: Connection, ip=[::ffff:10.1.7.200]
Jan 11 09:37:20 andromede imaplogin: LOGIN, user=ouldm,
ip=[::ffff:10.1.7.200]
Jan 11 09:37:20 andromede imaplogin: LOGOUT, user=ouldm,
ip=[::ffff:10.1.7.20
NOTE: Relay and Lan servers are separated by firewall which allows
POP, IMAP
trafic betwen the two machines, 10.1.7.200 is the firewall ip.
I don't anderstand the origine of problem, thank you for any help.
|
Is there any way out i can maintain enormous users
without actually creating separate accounts for each
|
* Rohit Gupta <[EMAIL PROTECTED]> [010111 04:30]:
> Is there any way out i can maintain enormous users without actually
> creating separate accounts for each
Use vpopmail or vmailmgr to manage virtual accounts. All of this and
more could have been found on the excellent http://qmail.org/ page.
Hello,
In the following several errors I always find when restart,
stop, start qmail script I got from LWQ. There is also a
part of this script of interest.
I don't find what is the problem. The provlem arises
particularly on Cobalt Raq3. In spite of this thigns works
(tcpserver is running, sent/receive messages).
Can anyone helps to fixe this?
[root@phoenix qmail-smtpd]# /etc/rc.d/init.d/qmail restart
Restarting qmail:
* Stopping qmail-smtpd.
/etc/rc.d/init.d/qmail: svc: command not found
* Sending qmail-send SIGTERM and restarting.
/etc/rc.d/init.d/qmail: svc: command not found
* Restarting qmail-smtpd.
/etc/rc.d/init.d/qmail: svc: command not found
[root@phoenix qmail-smtpd]# /etc/rc.d/init.d/qmail stop
/etc/rc.d/init.d/qmail: cat: command not found
/etc/rc.d/init.d/qmail: rm: command not found
Stopping qmail: svscan/etc/rc.d/init.d/qmail: cat: command
not found
qmail/etc/rc.d/init.d/qmail: svc: command not found
logging/etc/rc.d/init.d/qmail: svc: command not found
.
[root@phoenix qmail-smtpd]# /etc/rc.d/init.d/qmail start
Starting qmail: svscan/etc/rc.d/init.d/qmail: env: command
not found
tcpserver: fatal: unable to figure out port number for
smtpd
----------------------
#!/bin/sh
PATH=/var/qmail/bin
export PATH
case "$1" in
start)
echo -n "Starting qmail: svscan"
cd /var/qmail/supervise
env - PATH="$PATH" svscan
echo $! > /var/run/svscan.pid
echo "."
/usr/local/bin/tcpserver -v -u 501 -g 500 0 smtpd
/var/qmail/bin/qmail-smtpd \
2>&1 smtpd 3 &
echo $! > /var/lock/subsys/qmail-smtpd
;;
stop)
kill `cat /var/lock/subsys/qmail-smtpd`
rm -f /var/lock/subsys/qmail-smtpd
echo -n "Stopping qmail: svscan"
kill `cat /var/run/svscan.pid`
echo -n " qmail"
svc -dx /var/qmail/supervise/*
echo -n " logging"
svc -dx /var/qmail/supervise/*/log
echo "."
;;
stat)
cd /var/qmail/supervise
svstat * */log
;;
doqueue|alrm)
echo "Sending ALRM signal to qmail-send."
svc -a /var/qmail/supervise/qmail-send
;;
queue)
qmail-qstat
qmail-qread
;;
reload|hup)
echo "Sending HUP signal to qmail-send."
svc -h /var/qmail/supervise/qmail-send
Thanks
__________________________________________________
Do You Yahoo!?
Yahoo! Photos - Share your holiday photos online!
http://photos.yahoo.com/
