Re: more startup fun
Thus spake David Dahl ([EMAIL PROTECTED]): I cannot get qmail to startup properly: Just read the manual and follow the instructions. shutdown and error: = [root@mckenna bin]# /etc/init.d/qmailctl stop Stopping qmail... qmail-smtpd svc: warning: unable to control /service/qmail-smtpd: file does not exist qmail-send svc: warning: unable to control /service/qmail-send: file does not exist Your symbolic links apparently point to a directory that does not exist. listing of /service: == [root@mckenna /service]# ls -lia total 16 32618 drwxr-xr-t3 root qmail4096 Jul 3 12:57 ./ 32613 drwxr-xr-x5 root qmail4096 Jul 3 12:16 ../ 32619 drwxr-xr-x2 root qmail4096 Jul 3 10:20 log/ 32623 lrwxrwxrwx1 root root 32 Jul 3 12:57 qmail-send - /var/qmail/supervise/qmail-send// 32624 lrwxrwxrwx1 root root 33 Jul 3 12:57 qmail-smtpd - /var/qmail/supervise/qmail-smtpd// 32620 -rwxr-xr-x1 root qmail 212 Jul 3 10:16 run* [root@mckenna /service]# I assume you really want them to point to /var/qmail-smtpd or /var/qmail/qmail-smtpd? Felix
Re: sending mail via MS Exchange
Thus spake Bymark, Jan ([EMAIL PROTECTED]): I want my Qmail to be able only to send mail, NOT recieve. My smtp server is a MS Exchange, but that shouldn't be a problem, I hope. I've been looking at following control files: What madness is this?! Why would you have qmail deliver through Exchange? That way you burden Exchange with load it can't handle and you cripple qmail's reliability and RFC compliance. I can understand if people want Exchange to send emails through qmail or to relay to Exchange to hid the legions of security desasters in it, but the other way around?! Felix
Re: Solaris vs. Linux vs. FreeBSD
Thus spake Henning Brauer ([EMAIL PROTECTED]): What's is the best OS for run Qmail (and/or Ezmlm)? What advantage and disadvantage has each one? I'll need send two millions mails per day and I don't know what hard can I buy? :) Kindly ignoring that this is dicussed a thousand times in the past and you can find this in the archives the answer is BSD. qmail relies on some BSD FFS semantics not 100% followed by linux' ext2fs for example. Troll, troll, troll your boat, gently down the stream... ;) The correct answer would have been: If you need to ask which operating system is best, you are too incompetent to run a server on the Internet. Felix
Anyone interested in IPv6 support for qmail?
I'm asking because I consider porting qmail to IPv6. Before someone tells me: I know KAME did a patch. I am not satisfied with their work. Felix
Re: tcpserver: relay iface question
Thus spake GARGIULO Eduardo INGDESI ([EMAIL PROTECTED]): How can I tell tcpserver to relay clients connected from an interface instead of ip addresses? You bind one tcpserver on each interface and give the one on the relay-enabled interface a rule set that always matches. It's that easy.
Re: ANNOUNCE: qmail now works with the diet libc
Thus spake Mark ([EMAIL PROTECTED]): Er, what's the chance of have a ps which compares qmail-popd, qmail-smtp and qmail-remote then? Kinda relevant doncha think? You are right. This is a diet libc pop3: USER PID %CPU %MEM SIZE RSS TTY STAT START TIME COMMAND leitner 3232 0.4 0.05648 3 T15:30 0:00 /var/qmail/bin/qmail-pop3d Maildir root 3229 0.0 0.06848 3 T15:29 0:00 tcpserver 0 pop3 /var/qmail/bin/qmail-popup felix.convergence.de /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir root 3231 0.1 0.02020 3 T15:29 0:00 /var/qmail/bin/qmail-popup felix.convergence.de /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir This is after I logged in and retrieved one message from a Maildir of 151. And this is a diet libc smtpd (without openssl and STARTTLS): USER PID %CPU %MEM SIZE RSS TTY STAT START TIME COMMAND root 3313 0.1 0.03636 3 S15:34 0:00 /var/qmail/bin/qmail-smtpd This is after I connected and dumped a test email of three lines. Compare for yourself. Felix
ANNOUNCE: qmail now works with the diet libc
I recently did a few updates to my diet libc (http://www.fefe.de/dietlibc/) and it can now compile and link qmail. Since the diet libc can also compile and link openssl, the STARTTLS patch also works. What's the difference, you ask? This ps listing is on a box with qmail dynamically linked against the glibc: USER PID %CPU %MEM SIZE RSS TTY STAT START TIME COMMAND qmaill 29527 0.0 0.1 1228 224 ? S N Mar 12 0:16 splogger qmail qmailq 29543 0.0 0.0 1208 104 ? S N Mar 12 0:03 qmail-clean qmailr 29529 0.0 0.1 1216 176 ? S N Mar 12 0:00 qmail-rspawn qmails 29521 0.0 0.1 1260 172 ? S N Mar 12 0:22 qmail-send root 29528 0.0 0.0 121680 ? S N Mar 12 0:08 qmail-lspawn ./Maildir/ And this ps listing is from my home box, statically linked against the diet libc: USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND qmails 103 0.0 0.064 56 ?S18:55 0:00 qmail-send qmaill 109 0.0 0.044 20 ?S18:55 0:00 splogger qmail root 110 0.0 0.036 24 ?S18:55 0:00 qmail-lspawn ./Maildir/ qmailr 111 0.0 0.036 24 ?S18:55 0:00 qmail-rspawn qmailq 112 0.0 0.024 16 ?S18:55 0:00 qmail-clean root 11747 1.0 0.056 40 ?S22:46 0:00 /usr/local/bin/tcpserver -u qmaild -g nofiles 0 smtp /var/qmail/b Please note the drastically reduced memory requirements. As you can see, the process are running for many days on the first box, so unused memory is already swapped out. Not so on the second box. Why is this significant? Because it allows a much larger concurrency on the same hardware. More POP3 users, more concurrent local and remote deliveries, more incoming SMTP connections. How to reproduce. 1. get the current diet libc from CVS, compile and install the diet wrapper program in your $PATH. 2. get qmail, extract and possibly apply your favourite patches. 3. set up conf-cc and conf-ld $ echo diet gcc -pipe -Os -fomit-frame-pointer conf-cc $ echo diet gcc -static -s conf-ld 4. make and make setup qmail as usual. That's it. Good luck! Felix
Re: Oops,I guess Sendmail wasn't secure after all...
Thus spake Boris ([EMAIL PROTECTED]): JA Not quite. More like someone inspects your free car and finds a button JA that can make it explode. Maybe he pushes the button, maybe not. Maybe he JA pushes the button on someone else's car. Are you willing to take that JA risk? I can imagine two situations where that would be the case: either Well, there is no button with a text like press me here -) for the public. Can we _please_ drop this? Boris has shown that his pitiful excuse for knowledge about his computer, his software, the Internet and just about everything else is not worth spending time on. If he does not go by himself, just killfile him and be done with it. This kind of bullshit is discussed with cluon sinks like Boris here hundreds of time every day on Usenet. No need to repeat that here. Thanks. Now: Boris, please crawl back under your stone, and the rest: let's talk about qmail again on the qmail list. Felix
Re: OT - Problems with daemontools 0.70
Thus spake Michael Geier ([EMAIL PROTECTED]): does anyone know why this might be crashing??? Thanks for the help. Crist, since when do people have a email sending allowance who don't know the difference between the compiler gave me an error message and my computer crashed?! Go play with your Outlook somewhere else, willya? BTW: Coincidentally, you asked a FAQ.
Re: qmail does not handle timezones properly? - More Info
Thus spake Patrick Starrenburg ([EMAIL PROTECTED]): = *Test email* Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: (qmail 6078 invoked from network); 13 May 2001 **18:56:24** - [[[ Where does 18: come from ??]]] Received: from unknown (HELO amsmta03-svc.chello.nl) (213.46.240.7) by xxx.homeip.net with SMTP; 13 May 2001 **18:56:24** - Received: from w2kbox by amsmta03-svc.chello.nl (InterMail vK.4.03.02.00 201-232-124) with SMTP id 20010513145513.IXEE12765.amsmta03-svc@w2kbox for [EMAIL PROTECTED]; Sun, 13 May 2001 16:55:13 +0200 Reply-To: [EMAIL PROTECTED] From: Patrick Starrenburg [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Test 16:55 Date: Sun, 13 May 2001 16:55:43 +0200 The date headers is OK. So what you are actually talking about is the Received lines. The date 18:56:24 - is equivalent to the date 16:56:24 +0200, so there is no error whatsoever here. The MTA prints the date as GMT, which actually is a feature, because it allows easy comparison of dates by humans, without having to calculate away time zones. Felix
Re: §K¶OÀ°§A¥IADSL¤Î56K
Thus spake Russ Allbery ([EMAIL PROTECTED]): -BEGIN PGP SIGNED MESSAGE- Am I the only one that this is bugging? According to the headers, someone at the University of Illinois needs to check their machines out. The University of Illinois is where this mailing list is hosted. Received: from 61-216-68-78.hinet-ip.hinet.net (HELO TmpStr) (61.216.68.78) by muncher.math.uic.edu with SMTP; 8 May 2001 22:12:33 - The spammer is sending mail directly from the above dialup account. hinet.net is the place to complain to. It's bad enough that this spammer wastes my bandwidth. Can you please refrain from talking about him and his spam and stop wasting even more bandwidth? Thank you. Felix
Re: A news.newusers.questions's Guide to Qmail
Thus spake Robin S . Socha ([EMAIL PROTECTED]): |Please direct any questions regarding Qmail, dot-forward, fastforward, |and/or EZMLM to Dan Bernstein . Bet they'll never publish my comments... I particularly dislike the comment about Solaris and you having to move cc to cc.sol. What kind of uber-luser has written this incredible heap of bull-crap? I hope the name they put there is a pseudonym. Man, that guy has _really_ lost it. Felix
Re: OT: Vulnerable MUAs ...
begin Frank wrote 644 |grep -iE 'microsoft|eudora' |wc -l 1757 I wonder if it would change some MUA's behaviour or the selection criteria of some IT managers if some big lists/list providers would start to block mail from certain MUAs for self defense. For sure it would bring the lawyers in quickly. And on what grounds would they act in your opinion? Felix
Re: Ban These Exchange Server Users
Thus spake Robert Mudryk ([EMAIL PROTECTED]): If you noticed, all the Virii Reject Messages are from Exchange Servers... QMAIL anti-Virus Scanning like qmail-scanner says [This message was _not_ sent to the originator, as they appear to be a mailing-list or other automated Email message] I'm all for it. People who run Exchange should be systematically banned from communicating with the clueful part of the Internet. Felix
Re: Be all, end all checkpasswd
Thus spake Dan Newcombe ([EMAIL PROTECTED]): So, that is three patches I can think of that I need. Something has me worried that they are gonna start interferring. Why don't you also add a web browser to checkpassword? After all, everybody needs a web browser, right? Sheesh.
Re: A real bouncesaying
Thus spake Johan Almqvist ([EMAIL PROTECTED]): I wonder if anyone has written a real "bouncesaying" (qmails bouncesaying just exits with an exit code that makes qmail-local do the actual bouncing. And what is your problem with that? Felix
Re: multi-thread
Thus spake Jacques Frip' WERNERT ([EMAIL PROTECTED]): ok, on my Solaris, the qmail distribution is "forking" almost 10 to 20 processes per second. Solaris is shunned for its incredibly bad fork performance. Install Sparc-Linux or some BSD variant if that is a problem for you. So I'm trying to work on a threaded qmail-rspawn to avoid so many forks Bad idea. Very bad idea. Felix
Re: multi-thread
Thus spake Mark Delany ([EMAIL PROTECTED]): If all he's trying to achive is reduce forking on his Solaris box, I concur. However if we generalize the question, I don't know that I'd draw the same conclusion. If any area of qmail would benefit for threading, it might be the remote delivery mechanism - currently handled by Batman and Robin, er, sorry, qmail-rspawn and qmail-remote. Nothing benefits from multithreading. It makes the code hard to understand, creates new problems (one thread dies, the whole app dies), kills resource limits, and is not even faster. There is no reason to use multithreading except if you are a marketing guy at Sun or Microsoft and your analysis says that it is cheaper to ram multithreading down people's throats than to fix the insanely huge process creation latency of your broken poor excuse of an operating system. Felix
Re: COmpiling qmail-1.03 under NCR sysr4 (mpras 4.2)
Thus spake Jocelyn Clement ([EMAIL PROTECTED]): Anybody has any luck or experience with this OS. What kind of question is this? Why don't you just try and see if it works? ARGH! Felix
Re: bouncesaying and maildrop
Thus spake David Benfell ([EMAIL PROTECTED]): do with it except try to unsubscribe, as I have. But Debian doesn't use a rational mailing list manager. I try to follow its directions and I still get mail from the lists. I want this killed. Hundreds of people subscribe and unsubscribe on Debian's mailing lists each day. Instead of simply unsubscribing as others, not only do you refuse to talk to them, you want to sabotage them, and you have the audacity to ask us to tell you how?! The nerve! Felix
Re: Bogus Popularity claims (sendmail.org's reply)
Thus spake Stefaan A Eeckels ([EMAIL PROTECTED]): The European Commission just installed a new mail system based on MS Exchange. If you ask me, they deserve it. Everyone deserves the software he is using. AFAIK, NATO is using Exchange, too. May their pain be barely sufferable. Felix
Re: Secure IMAP server
Thus spake Andy Bradford ([EMAIL PROTECTED]): While courier-imap isn't coded in the same style that DJB uses, I do believe that it has been built with security in mind. That is not sufficient. Windows is also built with security in mind, according to Microsoft. I have not done a code audit of Courier. That said, I use the imapd myself. While I would not trust it as much as an imapd from djb, it seems to be the best alternative. Please note that IMAP is a large and complicated protocol. It is difficult to make it right because of the complexity. If you just want to retrieve email, use pop-3. Felix
Re: Qmail Under TCPServer
Thus spake Henning Brauer ([EMAIL PROTECTED]): exit 0 ^^ everything behind exit will never be executed. exit 0 should be the last line in your script. # Starts Apache Web Server /usr/local/apache/bin/apachectl start # Starts Qmail Under TCPSERVER tcpserver -v -u 1010 -g 1010 0 smtp /var/qmail/bin/qmail-smtpd \ 21 | /var/qmail/bin/splogger smtpd 3 Also, tcpserver is in /usr/local/bin per default, which probably is not in the PATH. Felix
Re: A firestorm of protest?
Thus spake Piotr Kasztelowicz ([EMAIL PROTECTED]): If you want to use bloated, unreliable, immensely fat software with a Where I have written, that EACH patch? Only USEFUL patch. The world goes forward! There is no objective measure for the usefulness of a patch. Thus, there will be endless fruitless discussions that make everyone feel bad, and in the end either Dan does not include the patch, which means that it was all for naught, or Dan does include the patch, and then the discussion will also have been for naught since Dan already includes patches he likes without external discussions (the pop3 daemon is based on someone else's code). Felix
Re: A firestorm of protest?
Thus spake Kris Kelley ([EMAIL PROTECTED]): If you want to use bloated, unreliable, immensely fat software with a nice author who will include every patch anyone sends him, switch to Exim. I mean it! Please go away and use Exim. It has all the features anyone could ever want from an MTA, and around 20 million more features. Does Exim also come with a nice mailing list that doesn't demand the exile of people with dissenting opinions? Exim is luser friendly. That's why it is luser software. Felix
Re: A firestorm of protest?
Thus spake David Dyer-Bennet ([EMAIL PROTECTED]): Why? Because a patch implies that something is wrong, and needs to be fixed. However, when someone produces a "patch" for smtp-auth, that implies that qmail-smtpd has a problem that the patch fixes. I'd rather see people steal the necessary parts of Makefile, and Dan's library code, and create a stand-alone "qmail-smtpd-auth" program. A "patch" is also a recognized way to make an upgrade. The word "upgrade" also implies that there is something wrong or inferior with the original qmail. That said, while converting the patches into standalone packages would be better for political reasons, it would make it harder for me to maintain my qmail, because that is basically stock qmail with the AOL-DNS-fix, starttls and another small patch. Merging patches is far easier than merging divergent codebases. So, in effect, the changed policy would force me to download the qmail source code four times, run diff to get patches, and then merge those patches. I don't think political decisions should make life harder for all of us. I'd rather see www.qmail.org be changed so that you would have to click through a banner page that clearly states that none of those patches is necessary to make qmail any more secure, more reliable or faster. Please don't cripple my work with qmail in the vain attempt to make stupid people understand. They won't. That's why they are stupid in the first place. Russ, if you desire, please put a few explaining words over the patch section, and then proceed to ignore the idiots. It will make your life easier and the idiots will die out or move back to Exchange and it will save all of us a lot of stress. Felix
Re: A firestorm of protest?
Thus spake Piotr Kasztelowicz ([EMAIL PROTECTED]): Perhaps then the only change necessary is to change the semantics of the qmail.org site? Instead of "so-and-so has written a patch to...", change it to "addition" or "add-on" or whatever. Qmail ver 1.03 does not already "young" software. How about to suppose Dan to make the new version - perhaps made with cooperation with all peoples, who have created useful patches and additional softwares, so that this all will be included to new version? ARGH NO! GO AWAY, Piotr! The reason why qmail is reliable, fast, secury, easy to maintain and all around a nice piece of software is because Dan does _not_ include everyone's patches and pet features! If you want to use bloated, unreliable, immensely fat software with a nice author who will include every patch anyone sends him, switch to Exim. I mean it! Please go away and use Exim. It has all the features anyone could ever want from an MTA, and around 20 million more features. Felix
Re: In a perfect world
Thus spake Russell Nelson ([EMAIL PROTECTED]): In a perfect world, QMTP would require that a qmtpd accept VERP-formatted envelope senders. And qmail would collate remote deliveries by hostname, and dump all copies of a piece of email to all the recipients at once. I have customers for whom that would be an incredibly good win. Of course, in a perfect world, email would never bounce, so what am I talking about?? Doesn't qmail-qmtpd accept VERPs? Felix
Re: qmail-smtpd-auth
Thus spake Henning Brauer ([EMAIL PROTECTED]): This is completely false. smtp-poplock doesn't require patching the qmail source. You can find a link to it on www.qmail.org. This is a smtp after pop solution, no SMTP AUTH. SMTP AUTH is an SMTP protocol extension allowing clients to authentificate via username+password during the smtp session, not before through pop as with smtp poplock. As everybody could easily see this requires always patching qmail. Why? You could install a smtpd wrapper that answers the smtp auth stuff and updates the pop tcpserver database on the fly. Felix
Re: Qmail with FreeBSD very very slow!
Thus spake [EMAIL PROTECTED] ([EMAIL PROTECTED]): FreeBSD 4.2: 300 Sec FreeBSD 4.0: 70 Sec SuSE Linux : 6 Sec /var/qmail/lock/trigger has the right permission settings! I'm sure something is wrong with *MY* FreeBSD Setup!! Linux mounts the disk asyncronously. Your FreeBSD 4.0 probably has soft updates enabled, while you 4.2 hasn't. Felix
Re: mail() spam question (PHP)!
How to set spam control on mail() function. We allow use mail() for our free hosting. How to set limit use mail() (PHP v4.0.3pl1). Method's of QMAIL plz. Forget it. php allows users to open sockets and send mails without using qmail at all. Felix
Re: Should I try the Qmail-scanner?
Thus spake Einar Bordewich ([EMAIL PROTECTED]): We have been using qmail-scanner several months now, I can highly recomend this solution. We are splitting the load on two dual PIII 700 proc. servers with 512MB each. Virus scanners don't solve the problem. http://www.fefe.de/antivirus/42.zip Felix
Re: Using a RAMDISK for /var/qmail/queue thoughts ?
Thus spake Greg Cope ([EMAIL PROTECTED]): Has anyone any empirical evidence for the speed increases I may expect (as opposed to a fast EIDI (ATA 66, 8.5ms seek) or SCSI system (eg 10k, 5.3 ms seek 25mb/s) ? Why would you expect a speed increase at all? And even if there were one, would anyone notice? Who looks at his email every millisecond and would even notice the improvement? I would suspect that your mail service, like everyone else's, is not limited by disk throughput, but by network throughput. Or are you delivering all those emails locally? Felix
Re: Qmail source files - developer version
Thus spake Alex Kramarov ([EMAIL PROTECTED]): Maybe I am asking on the wrong forum, but boes anybody know, if there is a "developer" version of qmail sources with at lease some remarks and functionality description in the code so it would be more readable ? Or if there is a site that has some description on the way qmail is written. I want to write an addon to qmail, so it could forward mail to another server before it hits the queve, splitted to several copies, one for each recipient domain. I think many could benefit from this feature, in terms of bandwidth conservation. This feature can (and should) be implemented externally, i.e. without editing the qmail sources at all. Just take the qmail-smtpd sources and write a new smtpd. Felix
Re: Attachment-based relaying
Thus spake Brett Randall ([EMAIL PROTECTED]): Hi all, I did a bit of a search in the archives but with no answer to this interesting question. My boss wants to relay all outgoing mail which has large attachments through our other, less used, connection to the Internet. I don't mind placing another mail server on that link, but what I need to know is how to intercept mail that our users send through our mail server, check the size of the mail, and if it exceeds a certain size (say, 5mb), then it relays the mail to another qmail relay, otherwise the current relay treats it as normal outgoing e-mail. Does anyone have ideas as to how I would implement this? TIA Use an smtproute and write a small filter that looks at the size and injects the mail at the proper server. Felix
Re: Attachment-based relaying
Thus spake Brett Randall ([EMAIL PROTECTED]): Use an smtproute and write a small filter that looks at the size and injects the mail at the proper server. Need I say that is kind of obvious... In fact that's basically condensing my original e-mail into a sentence (well done!) But HOW is what I asked. There is no built-in mechanism to filter all incoming email, but there are several virus scanner packets you might want to look at. Or you could patch your smtpd so that it calls filter-inject.pl instead of qmail-inject. You have to write filter-inject yourself, though. Be creative. Many people have thought about doing input and/or output filtering with qmail, but noone has done a generic package AFAIK. Felix
Re: Outlook Express Prank
Thus spake martin langhoff ([EMAIL PROTECTED]): this is not reasonable. Please do be kind with your fellow admins even if they do things you wouldn't do. Dropping a bomb such as that, *knowingly* is very unfriendly. No one deserves being crashed by a prankster, and nobody is expecting such uncivil behaviour in a technical list. Please do you some responsibility towards this tiny community. Thanks. What in the seven hells are you talking about? Who did what prank that caused Outlook to barf and die? And if that happened as you insinuate above, why would you blame him and not Outlook? Doesn't it seem a little idiotic to use Outlook on a mailing list about an Unix MTA? Probably not. Windoze people usually don't blame themselves. Sheesh. Felix
Re: It's been a while...
Thus spake Jean Caron ([EMAIL PROTECTED]): First question, I have to move my mail server behind my firewall (it was in front until now). My goal is to have the firewall accept all mail for the domain, and forward "everything" "as is" to the mail server, inside. A dumb relay, is all I need. Don't do that. It degrades performance and reliability and increases the complexity of the system and with that the risk for security problems. If what your signature is right, i.e. that you are working on network optimization, than you should see why this is a bad idea. Felix
Re: AntiVirus!
Thus spake Stuart Young ([EMAIL PROTECTED]): I disagree with the assertion that virus scanners are non-solutions. On the mail servers I run, I have installed some simple virus scanning software, and it has, up to now, filtered out lots of incoming virii and trojans, as well as a few outgoing virii (which alerted me as to who was infected, and allowed me to advise the IT folks so they could go clean it up). Its not a perfect solution, but its far better than nothing, and results in our location not becoming a source for that kind of garbage. Let me get this straight. Based on the fact that your virus scanner detected a few outgoing virii, you assert not only that it has detected all of them. I don't see how you got "All" out of "filtered out lots of incoming virii and trojans", which clearly does not say it covers everything. Please stop generalizing. Stuart, do you know the difference between "incoming" and "outgoing"? Are you aware of the meaning of "to become"? It implicates that you aren't already. In Europe, Elementary Schools have more professional IT departments than that. IT Departments are there to solve user problems, and to solve company/institution problems. A virus can quite happily be both. I have seen a number of 'network/computer issues' (outside of the office I am in) that have been related to virii causing unpredictable behavior. Ignoring the problem only allows it to fester, and will only make the final cleanup (which will most definitely be the IT Departments problem) much longer, problematic, and far more costly. How much does your company/institution price it's data, and it's down-time? My company does not have downtimes because of viruses. What do you mean with "computer issues"? I don't think I have those in my company. People will only notice the system administrator when something is broken. So, the job of the system administrator is to be invisible. And what operating system your network clients run is not always your decision to make. Of course it is. Otherwise you should leave the company to their doom. Technical decisions have to be made by the technicians who have to work with the stuff later. If that is not the case in your company, it is doomed to failure and misery and in the end it will be blamed on you nonetheless. A virus scanner isn't the whole solution. But it's a part of a solution that is definitely worth investigating. It may not necessarily be part of your solution, but your solution isn't necessarily good for anyone else either. Which part of the reasoning against virus scanners didn't you understand? You repeat exactly the same marketing lingo that the others guys also used. Is there some secret mind control conspiracy abound that makes people repeat phrases like "virus scanners are [...] a solution"? I don't get it. Is none of the Windows users open to rational arguments? Felix
Re: AntiVirus!
Thus spake Milen Petrinski ([EMAIL PROTECTED]): This is the biggest lie of computing: that there is no choice. Everyone has hundreds of options, but the American culture apparently revolves around taking the wrong choice, blaming it on circumstances and whining about the consequences. Just an example: You are installing a new mail server for a company, that uses Windows on their workstations. Than the boss says "What about viruses?" - will you reinstall all the machines,s OSes with *ix and teach them use it? I then tell the boss that his business is doomed unless he wipes Windows off his machines. I did this before and I will do this again. Sometimes the boss then asks me to train users, and as long as he pays me for it, why shouldn't I do it? Felix
[FETCHMAIL-DAEMON@snn.com.pl: ]
People, please subscribe to mailing lists from _stable_ _know to work_ email addresses only. Crap like this is not acceptable, especially not on the mailing lists about MTAs. - Forwarded message from [EMAIL PROTECTED] - Date: Tue, 5 Dec 2000 16:30:30 +0100 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] General SMTP/ESMTP error. Reporting-MTA: dns; localhost Final-Recipient: rfc822; last Last-Attempt-Date: Tue, 05 Dec 2000 16:30:30 +0100 (CET) Action: failed Status: 3.0.0 Diagnostic-Code: 354 Enter mail, end with "." on a line by itself Received: from mx2.ipartners.pl (mx2.ipartners.pl [157.25.193.38]) by ikp.ikp.pl with ESMTP id QAA6995868 for [EMAIL PROTECTED]; Tue, 5 Dec 2000 16:18:36 +0100 (CET) Received: from muncher.math.uic.edu (muncher.math.uic.edu [131.193.178.181]) by mx2.ipartners.pl with SMTP id QAA07432 for [EMAIL PROTECTED]; Tue, 5 Dec 2000 16:16:41 +0100 (CET) (envelope-from [EMAIL PROTECTED]) Received: (qmail 18620 invoked by uid 1002); 5 Dec 2000 14:59:27 - Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm Precedence: bulk Delivered-To: mailing list [EMAIL PROTECTED] Received: (qmail 15155 invoked from network); 5 Dec 2000 14:59:26 - Received: from codeblau.walledcity.de (HELO codeblau.de) ([EMAIL PROTECTED]) by muncher.math.uic.edu with SMTP; 5 Dec 2000 14:59:26 - Received: (qmail 29737 invoked by uid 100); 5 Dec 2000 14:59:40 - Date: Tue, 5 Dec 2000 15:59:40 +0100 From: Felix von Leitner [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: AntiVirus! Message-ID: [EMAIL PROTECTED] Mail-Followup-To: [EMAIL PROTECTED] References: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: [EMAIL PROTECTED]; from [EMAIL PROTECTED] on Tue, Dec 05, 2000 at 12:18:59PM +1100 X-UIDL: 728ab5ae0acb70acb8809d59d0bf47a9 - End forwarded message -
Re: AntiVirus!
Thus spake [EMAIL PROTECTED] ([EMAIL PROTECTED]): I've been thinking of a scheme in which attachments of certain "dangerous" types get mangled, such that the filenames or types are intentionally misdeclared. So the user ends up with a plain base64 text file, which is meaningless, but which he can trivially decode to the original. This places the burden of vigilance back on the user where it belongs, rather than breeding a generation of click-happy users. And if he does decode and run it, and it is a virus, you can point a very accusing finger instead of a palms-up shrug. While this sounds good, it does not solve the problem. This is about shifting the blame, not solving the problem, which is that users run insecure operating systems. As long as people run Windows, there will be a virus and trojan problem. I find it astonishing that people don't sue Microsoft for this. A whole industry thrives on Microsoft's bad code quality. And because most governments use Windows, this is even paid for by tax payer's money. Felix
Re: AntiVirus!
Thus spake Milen Petrinski ([EMAIL PROTECTED]): People will allways use Windows, no matter what the sysadmins say. Then ignore that minority group and don't prolong their agony by giving them access to non-solutions like virus scanners. The "lusers" want buttons, F1 and plug'n'play. Buttons and F1 they can have on all platforms, plug and play has never been farther away from reality as on Windows. The problem is not the OS security - most of the times there is no choise. The man askes for an antivirus softwere, not for compare between OSes. This is the biggest lie of computing: that there is no choice. Everyone has hundreds of options, but the American culture apparently revolves around taking the wrong choice, blaming it on circumstances and whining about the consequences. To be honest: I don't care at all what OS he is using. I just can't stand his whining. Felix
Re: AntiVirus!
Thus spake John W. Lemons III ([EMAIL PROTECTED]): I disagree with the assertion that virus scanners are non-solutions. On the mail servers I run, I have installed some simple virus scanning software, and it has, up to now, filtered out lots of incoming virii and trojans, as well as a few outgoing virii (which alerted me as to who was infected, and allowed me to advise the IT folks so they could go clean it up). Its not a perfect solution, but its far better than nothing, and results in our location not becoming a source for that kind of garbage. Let me get this straight. Based on the fact that your virus scanner detected a few outgoing virii, you assert not only that it has detected all of them. And the role of your IT department is to walk around and clean up virus infections. What kind of institution are you working in? "Mom and Pop's Computer Shop South Bryan's Largest Selection of Colored Floppy Disks!"? In Europe, Elementary Schools have more professional IT departments than that. I understand that you don't use windows, so you are probably not aware that this is not a correct statement. I have installed 5 different new pieces of hardware on my windows 2000 machine in the last few months, and in every case they were recognized and drivers installed and configured with no intervention from me other than to hit the ok buttons when it asked it if I wanted to install them. Please ask your maths teacher for the difference between 5 and all It is not so difficult, really. Everyone has hundreds of options, but the American culture apparently revolves around taking the wrong choice, You can't make that kind of universal statement and have any credibility left. We use windows 2000 on many many machines and it serves us well. One of my favourite sayings is: "Everyone has the computing platform he deserves." And for your statements here, you deserve all the Windows 2000 that you can carry. Felix
Re: AntiVirus!
Thus spake John W. Lemons III ([EMAIL PROTECTED]): Trapped poisoned executable "LOVE-LETTER-FOR-YOU.TXT.vbs". We didn't get a single infected machine. The mail server stopped all of them. True. But you owe the awestruck audience an explanation of what happened to that attachment. Anomy is cool, but ... ;-) It was sent to a holding directory and a messages was sent to the admin account alerting him of the incident. In this case it was so well known it and the others received by that time were simply deleted rather than analyzed, and the senders were notified. Now that is impressive. You knew and could detect iloveyou before all the other people in the world? What kind of psychic are you employing? Or do you have some great artificial intelligence mail server that will treat all attachments that are named ".vbs" like poisoned executables and break your users' mail that way? Felix
Re: AntiVirus!
Thus spake Adam McKenna ([EMAIL PROTECTED]): I find it astonishing that people don't sue Microsoft for this. A whole industry thrives on Microsoft's bad code quality. They can't sue microsoft. They "accepted" a license that says Microsoft isn't responsible blah blah blah. The old lady who microwaved her poodle could sue the oven maker? The woman who burnt herself with coffee at MacDonald's could sue them? And you are telling me Microsoft can not be sued for that weapon of mass destruction they call Windows? Well, obviously everyone has the government they deserve. In Europe, you can't disclaim damages that result from negligence on your part. There is currently a discussion whether Microsoft Germany should be held liable for the damages they did in Germany. That cost alone should drive all Microsofts in Europe into bankruptcy. Felix
Re: AntiVirus!
Thus spake Lipscomb, Al ([EMAIL PROTECTED]): As long as people run Windows, there will be a virus and trojan problem. And Unix is immune to Trojans and worms? Unix is so heterogenous that it is next to impossible to write a portable exploit. It will of course always be possible to exploit people's dim wits, though. Under Unix, people do not work as root. A good attack agent could spread itself using SMTP, RPC, FTP and IRC all at the same time. Yeah, and pigs can fly. The only people who would have a reason to spend the massive amounts of time and money on this purely destructive work are the military. As long as organisations like NATO are using Exchange as email server, I have no fear that they might one day acquire the knowledge to pull something like that off. After all, it's all a bunch of fat bureaucrats. I find it astonishing that people don't sue Microsoft for this. A whole industry thrives on Microsoft's bad code quality. Be careful what you wish for. Once the lawsuits start the Open Source world is getting deeper pockets and therefore becoming a target. Oh yes, please, go ahead and sue the Open Source world. I dare you. Hint: it's not an organisation that produces anything you could sue them for. Except maybe slander ;-) Felix
Re: AntiVirus!
Thus spake Lipscomb, Al ([EMAIL PROTECTED]): See the words "TO THE EXTENT PERMITTED BY APPLICABLE LAW". There are lots of places in this world where the law says the person who wrote it or the person who gave it to you can be held liable no matter what they want to disclaim. It depends on _how_ I was harmed by the product in many cases. Al, please don't talk about stuff you don't understand. It's not a "product", it's free software. And if there was any precedent for taking a software maker to a court for his bad software quality, California would have to declare bankruptcy. Then you have more problems that a few free software hackers. Felix
Re: AntiVirus!
Thus spake John W. Lemons III ([EMAIL PROTECTED]): Based on the fact that your virus scanner detected a few outgoing virii, you assert not only that it has detected all of them. Please quote where I indicated perfection. You said that you are happy that you have not become one of the places that spread virii. By the way, about the discussion about the net worth of virus scanners, please have a look a the email I just got (no, I am not making this up): From [EMAIL PROTECTED] Tue Dec 5 01:32:07 2000 Return-Path: Delivered-To: [EMAIL PROTECTED] Received: (qmail 28608 invoked from network); 5 Dec 2000 00:32:07 - Received: from scream.wlv.netzero.net (HELO mailfw.nzdom) (209.247.163.9) by fefe.de with SMTP; 5 Dec 2000 00:32:07 - Received: from ([255.255.255.255]) by mailfw.nzdom with MailMarshal (3,3,0,0) id D220d; Mon, 04 Dec 2000 16:37:26 -800 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Date: Mon, 04 Dec 2000 16:37:26 -800 Subject: Your e-mail message was blocked MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--=_NextPart_5e5c99df-bbb5-11d4-b9fe-009027858a3a" Content-Length: 723 =_NextPart_5e5c99df-bbb5-11d4-b9fe-009027858a3a Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit NetZero Mail server has stopped the following e-mail for one of the following reasons: * It contains a disallowed subject line, text message, a chain or hoax letter. Message: B000ef930.0001.mml From:[EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: AntiVirus! If you believe the above e-mail to be business related please contact [EMAIL PROTECTED] to arrange for the message to be released to its intended recipients. The blocked e-mail will be automatically deleted after 7 days. =_NextPart_5e5c99df-bbb5-11d4-b9fe-009027858a3a-- What will happen when someone writes a Virus called "the"? Felix
Re: Minimum OS Requirement to run Qmail
Thus spake asantos ([EMAIL PROTECTED]): For this setup, using mysql is even more stupid than in general. mysql adds tons of unnecessary complexity to the system and wastes system resources. Don't whine. Be consistent. Grow up. Have your mama spank you, it's good for the soul (tough *you* might like it). Oh, and get an education: respect your elders. Complexity is in the eye of the beholder. Why should I worry about system resources when the system load doesn't go above 5% ? And I monitor it, of course, I don't just throw crap in the air as you do. Armando, please come back when you know what you are talking about. Complexity has nothing to with the load and although comparing complexity is subjective, it is clear that "a" has less complexity than "a plus mysql". There is no excuse for wasting resources, whether they seem to be available when you install the system or not. If you think otherwise, you are not a good admin and deserve all the mysql that you appear to be running already. If your data are mostly stable, than the probability for data corruption is not as high as for other people with mysql, but it is still there. Whether you want it or not, you have an unnecessary risk of data corruption. Good system engineering means that you minimize the risk for data loss, corruption or unauthorized manipulation while maximizing performance. By installing mysql without need, you violate all of the above points. Whine and insult my mother all you want, you are still a bad admin with bad spelling. Felix
Re: Flaming newbie's makes no sense
Thus spake Jamin Collins ([EMAIL PROTECTED]): I write good software. Others help me. The software gets better. This is a very selfish view. Based on these statements, you only care about software in so much as you can gain from it. This is a key difference between you and I. Jamin, please stop posting drivel. Thanks. Nothing about this view is selfish. The only thing that is important is whether in the end the software is good or not. I write good software. Millions of brain-dead lusers ask dumb questions. I get discouraged and stop supporting my product. Some newbie takes over the project and the quality goes down the drain. Are you trying to say that only you can write quality software, or that no one can match your quality? Jamin, please stop posting drivel. Thanks. Felix
Re: Internal Spam
When I do that, Qmail can't send and log:: Failure: I_(qmail-remote)_was_invoked_improperly._(#5.3.5)/ 1. learn how to quote 2. if you change stuff without understanding it, and that results in problems for you, tough luck. Read the fucking man page for qmail-remote. It clearly states everything you need to know. Felix
Re: Minimum OS Requirement to run Qmail
I am going to setup a dedicated linux box that will run qmail only. What is the most minimum package that I need to install from Red Hat 7.0 to be able to run Qmail? I do not want unnecessary services/daemons running on that box. I will also be installing the web based email package that runs on qmail. If you don't know that, you should not be running any MTA. If you can't find that out yourself, you should not be running any server. No, not even a Quake server. Hire someone who knows what he is doing and get him to do it for you. Felix
Re: Minimum OS Requirement to run Qmail
Thus spake Wesley Wannemacher ([EMAIL PROTECTED]): To get everything running I used the following packages to get everything running: qmail-src courier-imap apache-php3 horde imp mysql-server horde is completely superfluous. If you run a web based email service, then security is obviously not important to you. You can as well run sendmail. If you run mysqsl, stability and reliability are obviously not important to you. You should be running sendmail, Postfix or Exim. Felix
Re: AntiVirus!
Thus spake Visar Emini ([EMAIL PROTECTED]): I have qmail vpopmail running on Linux machine and I was thinking on installing an antivirus on my mailserver, does anyone have any suggestions about this issue?! Forget it. Anti virii don't work. They also introduce new security problems. Felix
Re: 1.04---not
Thus spake Mate Wierdl ([EMAIL PROTECTED]): I just read http://cr.yp.to/im2000.html The ideas there seem extremely demoralizing for somebody trying to write an MTA for the traditional mail infrastructure. Why do you say that? This does not look demoralizing at all to me. In particular, it seems understandable why qmail-1.04 (not to mention qmail-2.00) has not come out. Maybe it never will---and I bet not in the next 6 months. Who said that im2000 has anything to do with qmail? At least: has anybody thought about implementing MXPS: http://cr.yp.to/proto/mxps.txt Several people have. But it is not worth the bother until a noticable part of the Internet uses it. Felix
Re: 1.04---not
Thus spake Mark Delany ([EMAIL PROTECTED]): http://cr.yp.to/proto/mxps.txt Several people have. But it is not worth the bother until a noticable part of the Internet uses it. Shades of the question I used to get when installing a web server: "Why would you bother until a noticable part of Internet uses it?" Lucky I ignored them huh? Even if you use it, you don't get any noticeable advantage from it, because to the user email works the same over SMTP and QMTP. Use what you want, but if you ask me for my opinion, you get my opinion. I don't use mxps because the possible advantage is too small. Felix
Re: Minimum OS Requirement to run Qmail
Thus spake asantos ([EMAIL PROTECTED]): I find MySQL to be reliable and stable. Good luck to you, then. You will need it. I only keep logs for 6 months, so in the last 6 months I've had MySQL 3.22.23 running for vpopmail-3.4.11-2 over qmail-1.03+ezmlm-0.53, managing more than 260 virtual domains (about 500 Maildirs, many of which are "catch-all" accounts for a single domain), with a overall trafic of more than 85000 messages a month, of which roughly 90% are incoming. Not a single failure in the above software. That's on Linux 2.2.14 SMP. Is this the cue for "profile, don't speculate"? If your servers never crash and you never have unexpected hardware failures, mysql may be for you. Mysql users are consistently being bitten by data loss when one of their servers crashes. Mysql is notorious for being "SQL for kids", i.e. fine for playing around but not for production use. Use an SQL database that offers transactional integrity instead. Mysql recently added transactional integrity by integrating Berkeley DB, which is the single database that caused the most data loss on all of my machines combined. I would never use anything relying on Berkeley DB ever again. You just need to look at their source code to see what I mean. But in the end, the choice is yours. But don't whine when you use Mysql and lose all your data eventually. Keep good and current backups. If your data are read-only, then Mysql may even be a prudent choice. Felix
Re: AntiVirus!
Thus spake Jerry Keene ([EMAIL PROTECTED]): Like Felix I'm skeptical about the value of general anti-virii programs running as gatekeepers on Linux servers. Please email yourself an email with http://www.fefe.de/antivirus/42.zip as attachment. Either your antivirus is thorough and DoSses your server (which makes it worthless) or it is misses virii and is worthless because of that. If you decide to use this or a similar approach, you need to make sure that a cron job runs to periodically update the ant-virus .dat files from your scan engine's website. Otherwise your database of antiviral signatures gets obsolete. Signature based detection can never catch current virii. You are victim of used car salespeople selling you snake oil. Felix
Re: AntiVirus!
Thus spake Matt Brown ([EMAIL PROTECTED]): Therefore, signature based scanners CANNOT be a 100% reliable method for preventing viruses. Plus, they are a security risk in themselves. And, they normally even cost money. Felix, you seem to be of the opinion that anything less than 100% effectiveness is worthless? Or is it just that in your opinion signature based scanners are TOO FAR beneath that 100%? If running a virus scanner would be free (i.e. does not reduce security, does not eat up CPU time on the email server, does not use memory, does not cost time and money to maintain) then I would not be against it. But virus scanners are a marketing vehicle for a whole industry that did nothing to prevent any virus I have ever seen anyone close to me me have. And yes, the right solution to viruses is getting rid of the holes they exploit. There is no good reason why the functionality a Word macro virus exploits needs to exist. However, good luck getting Microsoft to fix their broken logic! I don't care about Microsoft and what they fix or don't fix. I don't use their software and document formats. It's that easy. Really. Felix
Re: List Courtesy (was Newbie question)
I may be out of line here. You are. You post off-topic bullshit to a mailing list about qmail. Oh, and you don't even have the decency to comply to the well-established quoting standards when quoting email from others. This is not a "I am willing to help dumb idiots" mailing list. This is more of a self help mailing list. You help yourself and when you have a problem that can not be answered with the docs and search engines, THEN you can come here. Or you can come here to read announcements for new software, new documentation or new tricks regarding qmail. But if you come here, post moronic questions, get beaten for it, and then have the audacity to come back and whine publicly, then you are the most pathetic creature on Earth and deserve to die slowly and painfully. May the flies of a dozen dead camels' asses rest in your armpits! Felix
Re: QMail Support and being a newbie -- my $ .02
Thus spake Jessica U. Gothie ([EMAIL PROTECTED]): I agree that people attempting to install and run mail servers should be fairly technically clued, comfortable with the OS the mail server stuff is to be installed on, and able to read/understand documentation. In an ideal world, this would be the case. We do not live in an ideal world. I understand qmail well enough to offer commercial support for it. To me, this mailing list is the only place where I can get software announcements and which is there to "discuss qmail", as Dan's page states clearly. This mailing list is right now completely useless to me. Apparently the gates of hell have opened and spewed forth millions of undead whose brain has decomposed to a degree that they consider Windows an operating system. And several thousand of them came to the qmail list and made it completely worthless to waste time reading it or even reading the subjects to find emails that are actually worth reading. No, we are not in an ideal world. But there is no reason why Robin shouldn't be allowed to at least have fun with the army of darkness that has invaded here. If a zombie using Outlook (that alone warrants an afterlife in hell) is allowed to post his drivel here, not being able to quote properly, having more spelling errors than words, not being able to state his question in a way that makes an answer even possible,... then Robin is OF COURSE allowed to make fun of him. In public. If a single zombie leaves this list because of that, it was worth it. In the real world, your mail server is crashing every three days, it's on a non-multitasking OS, on proprietary software. It auths out of a flat text file. Oh, and 1200 users are going to jump up and down on your corpse if you don't come up with something pronto. I don't know in what world you are living, but not in mine. None of my production mail servers ever crashed on me. The reason may be that I only touch stuff that I understand. You should try that, too. It really helps. And if you really do have 1200 users, you should hire someone to install qmail for you instead of breaking anything by touching vital systems yourself. Having an incompetent pimple faced fresh-from-windoze-college system administrator install an MTA for 1200 users is so stupid that you deserve all the pain you get for that. Linux scares you and you can barely get it installed and to a reasonably recent patch level. You don't understand users and groups. File permissions are a mystery. You know a teeny bit of C and nothing about Perl but you have the llama book. You don't really understand cron, chmod, chgrp, or adduser. You have JUST figured out how to look at man pages with different numbers. Do you try to repair your engine when your car breaks down and you have no clue? Do you? If your parachute looks like it the tear lines are missing, will you use duct tape and fix it yourself just before you jump? No, of course not! Would you subscribe to some goofy mailing list and pester people whose names you wouldn't even remember about your engine? You would drive to a garage and have an expert look at your problem. And the same should be true for your email setup. There is no excuse for idiotic DIY lusers who need to prove themselves how manly they are by "fixing" your email server. "If Jones can do it, I can do it!" "Look? It says 'easy to use' right here on the box!" For those who never ever asked "what's a compiler?", for those who never deleted /dev/null or other relatively important part of the system, for those who never undertook a project with half-vast clue, for those who never failed to solve a bloody obvious problem without asking for help -- my hat's off to you. Ya'll are smarter, better folk than I am. It's not a question of intelligence. It's a question of ethics and moral. If I have the choice to bother one friend or three hundred people all over the world, and some of them even have to pay just to download the dumb question, I would OF COURSE ask my friend! And it's not just that I don't want to bother people without need. Remember that there are potentially thousands of people on mailing lists. Many of them are just there to get their own dumb questions answered. It is not unheard of that there are conflicting answers, and all of them may be incorrect! For those who are where I was...Try. Try again. Reread the documentation at least twice, hopefully three times. Read the FAQ. Remove and reinstall the software. Do all of the tests that come with the install package. Read the hints at the bottom of the qmail web page, plus check out the other web pages referred to therein. Read the man pages for qmail/tcpserver/whatever. Try again. And again. Restart qmail, just for giggles. Uh, excuse me, but where did you learn your trade? On Windows? Not at all? I am happy that you didn't say we should reboot our servers from time to time, "just to make sure"?
Re: List Courtesy (was Newbie question)
Thus spake Dave Sill ([EMAIL PROTECTED]): I'm not a big fan of newbie smackdowns, though a repeat offendor might warrant one. I think newbies generally respond better to reward than punishment. E.g., instead of: This is a question that I have asked numerous times and I never got a good response for it: Why would you want to help rude newbies? Don't get me wrong: helping newbies is essential for the survival of the knowledge. But if I have the choice, I will not help people who are so dumb that they will probably get killed the next day because they thought pissing on overland power lines is a bright idea. And that includes people who a. are too dumb to state their question properly (this includes bad grammar, bad spelling, bad quoting and obnoxious signatures) b. are too dumb to state their question in the proper forum c. are not friendly (i.e. demand answer instead of being polite) d. whine when someone points their mistakes out to them If someone who matches any of those points wants my help, he has to pay for it. Or, he can be really really friendly to me. Or he can read the documentation that I put on my web page. If that is not sufficient, then that person is out of luck. No, I am not sorry. The former approach *might* work, but is more likely to offend the newbie. The latter is polite and informative. An educated, unoffended newbie is much more likely to want to change his ways. If he doesn't want to change his ways, then he is welcome to examine the inside of my spacious killfile. Noone is obligated to help idiots. In particular, I am not. Felix
Re: List Courtesy (was Newbie question)
How exactly is my MUA broken? Your MTA is not so broken that it could not be fixed if you actually understood what you are doing. Robin chose to be more polite to you than you are to us, so he rather wrote that it's your MUA's fault. Telling someone to RTFM would be helpful, if the manual being referenced as indicated. Say, weren't you the guy who accused Robin of bad spelling? I suggest you should fix your grammar first. When exactly did I call Dave Sill an asshole? I simply made meantion that his HOWTO did not assist in my configuration of qmail. Did you, at any time, consider that this might not be the fault of the documentation but of your own? BTW: It's "mention", not "meantion". This is not a derogatory statement in any fashion. Simply a statement of fact. As for providing clarifications to the document, I very well may once I have qmail configured the way I would like it. What do we have to do to get you and your new-age psycho-babble self-help crap off this list? Please go away and watch a few hundred hours of the fine world-class US "let's all be happy and friendly" mind-control television. That ought to mellow you out a little. What brings me to post? Simple, I like to help people learn more about computing. To me it looks like you enjoy sabotaging other people's means of communication by clogging it with mindless and superfluous off-topic drivel like this very posting. Your discussion of social and meta problems indicates that you looking for topics that nobody understands enough to prove you wrong. Let me assure you: The qmail list is no such place. Why don't you go to soc.* in Usenet? You will meet millions of other people who like to talk about psychology and sociology. Felix
Re: List Courtesy (was Newbie question)
Thus spake Barley ([EMAIL PROTECTED]): Man, this Robin character is nuts. Coder-superiority syndrome big time. Why is it that tech geeks are so sure that their field of knowledge is the only one that indicates general intelligence? Hahaha, you idiot can't even be bothered to use a search engine to look Robin's previous work out to place a proper insult? What kind of pathetic wimp are you, anyway? Robin is not a coder. If Robin is anything like his/her mailing list personality in real life, I'm sure few people would consider him/her nearly as intelligent as he/she considers him/herself. True intelligence is indicated by a broader understanding of things, and the contributions that many different people have to offer. Hahaha, how can someone like _you_ dare to say anything about intelligence? Especially about other people's intelligence?! You wouldn't know intelligence when it fell on your foot! You mentioned Darwinism in a former post, Robin. How exactly is an angry geek who knows a whole lot about electronic boxes, but less than nothing about interacting successfully with the 5 billion other real-live people on the planet suited for survival in a Darwinian sense? Something tells me if you and I were dropped in the wilderness together, I'd be the one coming out alive, if only because I had you skewered on a spit over a fire within the first day. In fact it's hard to envision a role for you at all in any world that wasn't utterly computer-dependant. Robin's day job is not computer related. Now why don't you go answer some questions instead of flaming me back. Show us all how clever you are, Robin. Gregg, why don't you be a good boy and piss off. Go away. Leave. There is nobody here who has any interest in your pathetic flaming. And, now that you showed your real face, noone would help you even if you learned how to spell, how to quote or how to phrase your questions correctly. Begone, parasite. Felix
Re: List Courtesy (was Newbie question)
Thus spake David Dyer-Bennet ([EMAIL PROTECTED]): a. are too dumb to state their question properly (this includes bad grammar, bad spelling, bad quoting and obnoxious signatures) Remembering that English is not the first language for everybody; I make considerably more allowances for somebody who is writing English better than I write German or Russian, than I do for people who obviously just aren't trying. English is not my mother tongue. I expect from others what I expect from myself. I would never post a question in German or ultra-broken Mandarin to a Chinese mailing list. If your English is so bad that your English teacher commited suicide with a flame thrower after reading your essays, then you need more practice and should not post to mailing lists. Buy a few tapes or whatever. If I can't understand your question, I can't answer you. It is in your own interest to phrase it correctly. If he doesn't want to change his ways, then he is welcome to examine the inside of my spacious killfile. Noone is obligated to help idiots. In particular, I am not. True. You're welcome to killfile them, or just ignore the messages. You're certainly not under any obligation. And it's obvious that your attitude will be better if you don't try! If that was a solution, I would be doing it instead of talking about it. The fact is that I still see the hundreds of replies from others, no matter how deep I bury the idiots in my killfile. So not only do they still cause traffic to my SMTP server that I have to pay, they also cost me precious time. So the only real solution is to get rid of the lusers for good. I hope to discourage them by flaming a few of the particularly nasty ones here. Just so you don't get to the point of arguing that it's actively *wrong* to help them (which you haven't yet). If they are rude and you help them, you tell the lurkers that it's OK to be rude because you are helped anyway. And, if I killfile rude lusers, and you answer to them in public, I will still waste time reading your reply, which will quote the question from the idiot so I will still see it. So: yes, I think nobody should answer rude questions. Felix
Re: Flaming newbie's makes no sense
Thus spake Malcolm Silberman ([EMAIL PROTECTED]): I have been watching the many hundreds of lines of silliness over the last day or so. Folks these arguments make no sense. To me its a case of the more newbie's the better. Because, that means more people spread the word, more corporations, more installs, more cock-up's, more success stories, more work for the experts, more input from the field, release 1.04. That's the foundation of the open source movement. I beg to differ. The more newbies get on my nerves as a software author, the more I get discouraged to release new versions because they will attract even more idiots that will pester me to demand help following the idiot-proof documentation. Many a software author got burn-out this way. I am currently mostly developing software that is expressly not targeted at Redhat lusers, because I have no intention to get even more dumb emails. That's the way open source is supposed to work. Maybe. Open Source is for suits like you. Free Software, in contrast, is supposed to work like this: I write good software. Others help me. The software gets better. Currently, it's more like this: I write good software. Millions of brain-dead lusers ask dumb questions. I get discouraged and stop supporting my product. Some newbie takes over the project and the quality goes down the drain. Make it open, spread the word, provide a community of support, encourage others. Soon it can't be stopped - Linux style. I don't care for software that can't be stopped. We had that before with MS-DOS and Windows. I care for high quality software. Forget the grammar, forget the spelling, forget the soup nazi's - realize where the bread is buttered. Kill the newbie's and you kill the product. If they ask a stupid question, ignore it - quite easy really. Bandwidth arguments are a poor excuse. Malcolm, please go back to your business school. Your disguise as open source apostle failed miserably when you took the word "product" in your mouth. I write software, not products. Felix
Re: HELL, STOP IT (was: Re: List Courtesy (was Newbie question))
Thus spake Markus Stumpf ([EMAIL PROTECTED]): - who has the highest crime rate in "western civilation" - where it is forbidden to show naked breasts (you know the things you got your first meal from in your life) on TV, but it is prefectly ok to broadcast a detailed sequence of a man chopping off the head of another man with a chainsaw during children's hour still feel so superior to the rest of the world? Heck, they can't even elect a president ;-) Who can take a country seriously where ten percent of the population are in prison? Felix
Re: HELL, STOP IT (was: Re: List Courtesy (was Newbie question))
Thus spake Barley ([EMAIL PROTECTED]): And that they all talk sweepingly of "genetic superiority"? I thought I was the only one who noticed... It was you who brought that term up. Felix
Re: secrets and lies
Thus spake Raul Miller ([EMAIL PROTECTED]): Picking up a leaflet does not involve making a copy of it. Pulling something off of a web site involves creating a copy on your local machine. Please enlighten me: who bullshitted you Americans into believing that one needs a license to use software? Or that software is patentable? And how did he go about this feat? The bullshit level of this comes close to major religions (who tell you that there is an invisible man in the sky who makes you rot in hell if you believe in other gods, but he also loves you). Incredible. Please put this discussion on a list with people who actually care about the US patent and licensing crap. Thank You. Felix
Re: secrets and lies
Thus spake Mate Wierdl ([EMAIL PROTECTED]): I thought it was possible that Dan would give some hints on his view on secure programming in these notes. Don't talk. Read his code and you will understand. Software is secure iff the architecture and trust model is sound, which you can verify yourself in a few hours. You make software security look easy, and Schneier's book tells me otherwise. Software security _is_ easy. The correct paradigms have been published for decades. It is only non-trivial to write good (and secure) software if you use legacy APIs that make it unnecessarily hard on you. That's why Dan decided to not use many routines from the standard C library. Actually, he has written many notes on his reasoning, you just have to look instead of posting here and thinking that maybe others do the work for you. 1) It seems that systematic (scientific?) testing of qmail or djbdns has not happened---except by Dan. Had you actually read the Schneier, you would know that no testing in the world can prove the security of a system. Testing can only prove that a system is not secure. 2) The only way we could get a hint on the guiding ideas of Dan on secure computing is to read the source code he writes. Or you could read a few books or papers about security. The guidelines are easy and easily understood and implemented. For example, minimizing the trusted computing base and But this is reverse engineering, and is similar to trying to undertand Gauss's ideas by reading his proofs---good luck. Reconstructing the source code from a binary program is reverse engineering. Reading the source code is not. And source code is a formal representation of an algorithm, not a proof. An algorithm would tell you how to prove something. Understanding Gauss by his proofs is like understanding djb by looking at an RPM. It is still possible, by the way, because the man pages are great. Or does everybody on this list who read qmail's sources is writing 100% secure software now? Why don't just read the sources yourself and find out? Does everybody have a clear idea what Dan considers a security problem? A buffer overflow on the stack, for example. For example, he clearly does not care about preventing some DoS attacks. Your oversimplifications border on intention deconstructivism. Read his fscking web pages and find your questions answered. Felix
Re: secrets and lies
Thus spake Mate Wierdl ([EMAIL PROTECTED]): Not really. There are many examples to the contrary---quoted in the book. For example, there were buffer overflows discovered in Kerberos which had been in the code for 10 years, or Mailman had glaring security flows no one noticed for three years. Great. So why are you lamenting here instead of doing such an audit or finding someone who will? You are at a University, for God's sake, where if not there can you find people who would actually be willing to use something like Z? Don't talk. Do. Felix
Re: secrets and lies
Thus spake Mate Wierdl ([EMAIL PROTECTED]): Indeed, it would be interesting what kind of testing he is running on qmail, say (he says there are over 100 tests), and how he is trying to make sure his software is secure. Perhaps his closed to the public cryptography course notes would give a hint. Mate, what kind of problem do you have? What does qmail have to do with cryptography? Do you need a break? Maybe you should go on vacation for a few weeks. Please have a look at the qmail architecture and show me, even if there were buffer overflow in qmail-smtpd, how you would do harm to the system. Please have a look with what privileges the different components run. In any case, Dan's auditing his own software does not mean much in this context. Nobody's audit means much. If the Gartner Group came and declared that they had spent $250 billion on auditing qmail for two years and found it to be secure, would that mean anything? No, of course not. Software security auditing does not work that way. Software is secure iff the architecture and trust model is sound, which you can verify yourself in a few hours. Other concerns like technical errors in the implementation are much less important. And there has not even been one of those in the last years. Can we say with confidence that now Postfix is secure just because the last security problem it had was 2 years ago? Who cares if Postfix is secure? Postfix has several times the size of qmail and there have been several catastrophic errors in the past that could cause mail loss. Nothing the Postfix authors do can restore trust in this software. Again, I beg of you: Don't talk. Do. Felix
Re: secrets and lies
Thus spake Robin S. Socha ([EMAIL PROTECTED]): No. Any audit worth doing would be prohibitively expensive for a freeware project. $1000 wouldn't even begin to cover it, at least for qmail. Doesn't the fact that they are included in OpenBSD (as ports) hint at the fact that some of the OpenBSD guys have had at least a cursory glance at it? The OpenBSD guys lost their credibility as software security authority when they decided to include sendmail as standard MTA. Theo is rumored to have said something like "There were no remote root exploits for two years, so it must be secure now, right?" Felix
Re: RFC822 compliant?
Maybe I can simplify the issue here by asking a question: Is it the consensus here that the following is RFC822 compliant: defaultdomain: empty QMAILDEFAULTDOMAIN="" qmail-inject converts you@somewhere - you@somewhere. (note the period) What kind of experts are you people, anyway? RFC822 specifies the format of email messages, not qmails qualification mechanism. If you are unable to configure your qmail properly, you lose. It's that easy. Even mentioning RFC822 in this context is obnoxious. Felix
Re: Outlook Express
Hi everyone. I use the pop daemon from qmail (qmail-pop3d) and the Outlook Express program is making me crazy. Outlook makes everyone crazy. Get yourself a real email program. One that gives meaningful error messages. What is happening? Read your log files. Felix
Re: people are definately starting to harvest emailadresses on this list...
Thus spake Martin Jespersen ([EMAIL PROTECTED]): Nice to see that people are able to be constructive around here *pats Felix on his little head* While we are talking about "constructive", please construct yourself a gut and shoot yourself, idiot. Felix
Re: Spam elimination solution based on References header
OK, It would appear as if I've just found the first (and lets hope last) error in my spam elimination technique/code. In ~usenet/.qmail-default, the references regex will only work if the message ID is on the same line as the References: string. I've modified the regex (and code) to allow the Message ID to be on any line following the regex before the next colon (:) appears indicating that the next field is now starting. Why are you posting this? Spam traps like this rely on you keeping it to yourself. If enough people start using this, spammers will adjust like they now post from domains that exist and put "Re:" in the subject. Felix
[off-topic] Announcement: minit mailing list created
I created a mailing list for discussions about my planned init system, minit (the name is not final yet. Maybe someone comes up with a better one?). So, if you were waiting for a place to voice your wishes for a small yet feature-complete init system, please send an empty email to [EMAIL PROTECTED] (yes, it's managed by ezmlm). I will create a web page about the project at http://www.fefe.de/minit/ soon. Please don't follow-up to this email. Thanks. Felix
[Linux/x86] dietlibc linked tcpserver
I have made available statically linked x86-linux binaries for tcpserver and tcpclient from ucspi-tcp with my IPv6 patch. You can download them from http://www.fefe.de/ucspi/x86-linux-ucspi-tcp.tar.bz2 and my gpg sig from http://www.fefe.de/ucspi/x86-linux-ucspi-tcp.tar.bz2.sig Why would you want to use those? First, these support IPv6, even on libc5 systems. Second, the memory footprint is very small. These lines are from ps awux. First: the regular binaries: qmaild8778 0.0 0.3 1200 476 ? S Aug 31 0:01 tcpserver -R -u 30 -g 35 0 smtp /var/qmail/bin/qmail-smtpd Second: the new binaries, linked against dietlibc: leitner 9860 0.0 0.06056 ? S22:49 0:00 ./tcpserver -R 127.0.0.1 8000 /var/qmail/bin/qmail-smtpd While these savings are probably not very significant for desktop machines and servers who have plenty of RAM, they are important for embedded Linux people trying to build "pop toasters" or for people who want to run many services on the same machine. I am working on linking daemontools against dietlibc (supervise is already working and the savings are 20k vs. 344k resident. Stay tuned ;-) Felix PS: In case you want to learn more about dietlibc, please go to http://www.fefe.de/dietlibc/ In case you want to learn more about my ipv6 ucspi-tcp patch, please go to http://www.fefe.de/ucspi/
Re: Anyone used IPv6 patch?
Has anyone here used the qmail IPv6 patch? (http://www.rcac.tdi.co.jp/fujiwara/) What kinds of things worked/didn't work/needed a little help? Also did the ucspi-tcp tools handle it ok? Or is there a patch available for them as well? (I can't see anything on the homepage). I didn't try the qmail patch, but I made an IPv6 patch for ucspi-tcp. You can get it at http://www.fefe.de/ucspi/ Felix
Re: Install DB library
Thus spake Allama Hicham ([EMAIL PROTECTED]): I'd like to Install DB library, but when I want to configure it, I have a message like "missing strip, No strip utility found" Where can I found these "strip utility"? Who cares? qmail does not come with and does not need a "DB library" that needs strip. Ask the vendor of your DB library. Felix
Re: daemontools
I see constant disk activity when using daemontools to monitor qmail. I don't. Get yourself a real operating system where the disk cache actually works. svscan does read-only accesses to /services or wherever you configured it to look. If that touches your disk each time, your OS sucks or you have way too little RAM in your machine. I suggest Linux. Felix
Re: Humorous
Thus spake Brad Johnson ([EMAIL PROTECTED]): Is there a solution? I don't see a reason to change anything about this mailing list. People who ask intelligent questions in a nice way will always be helped. I have never seen a friendly and intelligent question ridiculed by people who aren't obvious saboteurs or idiots. Of course, every society has their share of bozos that will post crap in Usenet and on mailing lists. You can't fix that, so you might as well ignore it or regard those people as free entertainment. If your question shows that you read the documentation, thought about the problem yourself and tried the obvious things and it still does not work, then people will be delighted to help you. Talking about people who can't spell, didn't read the manual, post FAQs, can't quote or do other offensive stuff is a complete waste of time. Even following up on their dumb questions is a waste of time. Don't reply. No reply is better than a nasty reply. And if you must send a nasty reply, do it in private email and not on the mailing list. Come on, people, this should be common sense. Now let's stop this worthless thread that has been done a million times on Usenet and will be repeated a milling times on Usenet and use the bandwidth for something better. Now that you all have a lot of new spare time *bg*, you can help me writing IPv6 support for qmail. ;-) Felix PS: Outlook users, please read http://www2.merton.ox.ac.uk/~rejs/outlook.html or http://learn.to/quote (German only, unfortunately) If the style of your message looks ugly, people are less likely to help you. This is a fact. So watch your spelling and grammar!
Re: Stopping user@virtualdomain from receiving mail as user@actualdomain
I got the virtual domain working, users in the virtual domain are able to get mail as "user@virtualdomain". How do I stop the user from getting mail assigned to "user@actualdomain"? $ echo @actualdomain /var/qmail/control/badmailfrom You cannot stop internal mails from being delivered to your actual domain. Or use a filter in your .qmail that prohibits mails not address to virtualdomain. Felix
Re: linuxpeople thread
Thus spake Stephen Bosch ([EMAIL PROTECTED]): [EMAIL PROTECTED] wrote: so at great distress I post these lines : [root@www qmail-1.03]# make setup check /compile qmail-local.c In file included from qmail-local.c:1: /usr/include/sys/types.h:26: features.h: No such file or directory /usr/include/sys/types.h:30: bits/types.h: No such file or directory /usr/include/sys/types.h:123: time.h: No such file or directory In file included from qmail-local.c:2: /usr/include/sys/stat.h:26: features.h: No such file or directory /usr/include/sys/stat.h:28: bits/types.h: No such file or directory /usr/include/sys/stat.h:89: bits/stat.h: No such file or directory make: *** [qmail-local.o] Error 1 I am sorry I included so many but I think you need them all. Ok those files are also on the hard drive. They are all in /usr/i386-glibc21-linux/include/ [to "[EMAIL PROTECTED]": (I just joined and didn't get the original posting)] Fix your fucking system. Oh, and learn how to cut and paste. The first line starts with "./compile", not "/compile". Alternatively, you might edit compile to include "-I/usr/i386-glibc21-linux/include", but then linking will probably fail. I will tell you how to fix that for my low, low rate of $ 1000 a minute. Additional fees may apply. Are you really sure you want the misery of running a mail server on a 486 with only 8 Mb of RAM? I once ran a mail server with server high volume mailing lists on a 386 with 4 Megs RAM. It lasted several months, before we replaced it to get higher response times from the web server that was also running on the box. Felix
Re: qmail performance under Solaris8
Thus spake Nathan J. Mehl ([EMAIL PROTECTED]): Solaris 7 does come with a FS that journals metadata, but no one's ever benchmarked it's performance with a large todo for the list. Well, like I said, it's not necessarily best-of-breed, it's just there, which is a big win over the various free unixes if you're working on a constrained hardware budget. Can you please expand on how an inferior file system for Solaris is in any way "a big win over the various free unixes"? Especially under the assumption of a constrained budget, please. In 1-2 years, when reiserfs/xfs/jfs/ext3 or whatever is integrated into the mainline linux distributions, this will become much less of an issue. (Doesn't really address that LVM portion, but that's probably a lot less critical for most people.) Who cares about "mainstream linux distributions"? Felix
Re: qmail performance under Solaris8
Thus spake Nathan J. Mehl ([EMAIL PROTECTED]): Can you please expand on how an inferior file system for Solaris is in any way "a big win over the various free unixes"? Especially under the assumption of a constrained budget, please. Could we please dispense with the flamebait? The inferiority was noted by yourself, so I don't see a flamebait here. I think I've been pretty clear here: _IF_ you have an environment where filesystem integrity in case of power loss or other catastrophe is paramount, a journalling filesystem is probably going to be a requirement. Solaris X86 happens to offer it, bundled into the core operating system, and is currently free (as in dollars) for most uses. Solaris X86 also happens to support very little mainstream hardware, is an order of magnitude slower than Linux on the same hardware, and the filesystem sucks by tradition -- with or without journaling. As you might know, the journaling code is new in Solaris 7. Previously, Sun would offer licensed code from another vendor (Veritas AFAIK). You wouldn't actually recommend new Sun code to anyone for reliability reasons, would you? Besides, what makes you claim that there is no journaling for free unices? Who cares about "mainstream linux distributions"? I'm not trying to advocate a particular OS here. I'm not complaining about the Linux here, but about the mainstream distributions part. Felix
