tony don't used RELAYCLIENT=""
xxx.xxx.xxx.xxx:allow,CHKUSER_MAXWRONGRCPT_STRING="400" is enough however the easiest would be : is build a separate tcp.smtp.587.cdb file and disable chkuser all together like what we do. chkuser is a great tool -- but unfortunately customers who authenticate find problems. if you need help let me know rajesh > Hi folks, > Rajesh that is very interesting as I did test this with Thunderbird and > had no issues . > I wonder if there is a replacement for Outlook using OLE for the program > that > uses Outlook to send mail? > If I add > xxx.xxx.xxx.xxx:allow,CHKUSER_MAXWRONGRCPT_STRING="400",RELAYCLIENT="" > to my tcp.smtp will this fix the issue for me temporarily do you think? > > best wishes > Tony White > > On 25/12/2012 12:57, Rajesh M wrote: > >> eric >> >> separating tcprules for smtp and submission works great. we have been >> using this for years. >> >> concerning the error tony is facing >> >> i have noticed in the past that : intrusion threshold error (571 sorry, >> you are violating our security policies) is recd when the number of >> wrong >> recepients gets triggered. >> >> in case of outlook i have noted that it somehow does this >> >> if i add an user in my address book in some cases it converts it into : >> '[email protected]' -- ie with quotes at both ends >> >> you can google : "outlook adds quotes to email address" and you will >> find >> over 50000 results ... :) and there are hundreds of people complaining >> about this stupdity of microsoft. >> >> if an email is sent to the above email id then i get error : invalid >> host >> : abc.com' >> >> note the quote at the end ... >> >> probably this is what triggers the intrusion policy rule >> CHKUSER_MAXWRONGRCPT_STRING >> >> when sending to 300 recepients especially with outlook there is every >> possibility of this issue coming up. >> >> on a side note : i feel that qmailtoaster would need a slight >> modification >> to remove quotes and other non-permitted characters from both ends ie >> starting and ending of the email id to care off such issues of quotes. >> >> rajesh >> >> >>> These are all good things to do to QMT, and I hope to have separate >>> tcprules for smtp and submission ports in the stock QMT at some point. >>> >>> Tony, from what you've indicated though, I expect it's the intrusion >>> threshold rule that's biting you. I'm not certain what triggers this >>> rule, and I could be wrong about this. Hopefully Tonino will clarify >>> things in this regard. >>> >>> Please let us know if changing the CHKUSER_RCPTLIMIT variable gets you >>> going or not. >>> >>> -- >>> -Eric 'shubes' >>> >>> On 12/24/2012 04:53 AM, Rajesh M wrote: >>>> tony >>>> >>>> we faced similar problems and this is what we have done >>>> >>>> in the /var/qmail/supervise >>>> >>>> there are folders smtp and submission >>>> >>>> smtp is for people connecting on port 25 -- primarily external users >>>> if you open smtp/run then you will see a line >>>> TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb" >>>> this tcp.smtp.cdb is generated from the file tcp.smtp >>>> when you run the command >>>> tcprules tcp.smtp.cdb tcp.smtp.tmp < tcp.smtp >>>> tcp.smtp contains the chkuser rules >>>> since you already have spamdyke you don't need to set the maximum >>>> number >>>> of recepients in chkuser >>>> CHKUSER_RCPTLIMIT="150" >>>> >>>> coming to your specific problem is submission >>>> transmission via submission port 587 is authenticated ie your clients >>>> use it >>>> >>>> the submission/run file also uses the >>>> TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb" -- which is by default >>>> this means that you will be compelled to use the same setting for smtp >>>> >>>> however what we have done is make a duplicate of tcp.smtp ie >>>> tcp.smtp.587 >>>> >>>> this allows me to have separate chkuser rules exclusively submission >>>> port. >>>> >>>> next i created cdb file out of it using command >>>> tcprules tcp.smtp.587.cdb tcp.smtp.587.tmp < tcp.smtp.587 >>>> >>>> next i changed the submission/run file to use >>>> TCP_CDB="/etc/tcprules.d/tcp.smtp.587.cdb" >>>> >>>> and i got a separate rule applied for submission port exclusively >>>> >>>> my smtp port has spamdyke and chkuser protecting it while my >>>> authenticated >>>> senders via submission port can enjoy unrestricted services >>>> >>>> if you want one single static ip to have a separate rule then >>>> >>>> you can add this line just above the allow: line in >>>> /etc/tcprules.d/tcp.smtp.587 >>>> >>>> xxx.xxx.xxx.:allow,CHKUSER_RCPTLIMIT="300" >>>> >>>> here xxx.xxx.xxx is the static ip of your customer >>>> >>>> NOTE : we have also compiled chkuser so that we can start or stop >>>> chkuser >>>> using the CHKUSER_START="ALWAYS" OR CHKUSER_START="NONE" >>>> >>>> rajesh >>>> >>>> >>>>> Hi Eric, >>>>> Yes, it is on a static IP and that IP is in the whitelist for >>>>> spamdyke. >>>>> Also they are using the submission port for sending. The client has >>>>> to use M$ Outlook unless you can suggest a an alternative? >>>>> One point is that Outlook seems to attach everything as >>>>> winmail.dat! >>>>> Yet sometimes it attaches as a PDF. >>>>> >>>>> best wishes >>>>> Tony White >>>>> >>>>> Yea Computing Services >>>>> http://www.ycs.com.au >>>>> 4 The Crescent >>>>> Yea >>>>> Victoria >>>>> Australia 3717 >>>>> >>>>> Telephone No's >>>>> VIC : 03 9008 5614 >>>>> FAX : 03 9008 5610 (FAX2Email) >>>>> >>>>> >>>>> >>>>> IMPORTANT NOTICE >>>>> >>>>> This communication including any file attachments is intended solely >>>>> for >>>>> the use of the individual or entity to whom it is addressed. If you >>>>> are >>>>> not the intended recipient, or the person responsible for delivering >>>>> this communication to the intended recipient, please immediately >>>>> notify >>>>> the sender by email and delete the original transmission and its >>>>> contents. Any unauthorised use, dissemination, forwarding, printing >>>>> or >>>>> copying of this communication including file attachments is >>>>> prohibited. >>>>> It is your responsibility to scan this communication including any >>>>> file >>>>> attachments for viruses and other defects. To the extent permitted by >>>>> law, Yea Computing Services and its associates will not be liable for >>>>> any loss or damage arising in any way from this communication >>>>> including >>>>> any file attachments. >>>>> You may not disclose this information to a third party without >>>>> written >>>>> permission from the Author. >>>>> >>>>> On 23/12/2012 03:40, Eric Shubert wrote: >>>>>> I guess it's coming from chkuser after all. 571 is the >>>>>> chkuser_intrusionthreshold_string. >>>>>> >>>>>> I don't see any variable setting for this threshold at >>>>>> http://opensource.interazioni.it/qmail/chkuser/documentation/chkuser_settings.html >>>>>> This would only be helpful though if the user was coming from a >>>>>> specific >>>>>> static IP address. Is this the case? >>>>>> >>>>>> Hey Tonino (chkuser author), any suggestions or insight? >>>>>> >>>>>> Thanks. >>>>>> >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [email protected] >>> For additional commands, e-mail: >>> [email protected] >>> >>> >> >> >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
