Re: login length...
Check the ownership/existence of the home directories(where Maildir/Mailbox are located). Joe. - Original Message - From: "Daniel Fenert" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, June 20, 2001 9:55 AM Subject: login length... > Is there some strict login length defined in qmail? > I'm using qmail+mysql patches, and i'm transfering domains from M$ Exchange > (which dies ones a week :) and have user with 33 character login... > > I've changed column 'id' length to 63, and inserted this user, but qmail > refuses to accept mail for this person and sais "sorry, no mailbox here by > that name"... > > Any suggestions? > > -- > Daniel Fenert--==> [EMAIL PROTECTED] <==-- > ==-P o w e r e d--b y--S l a c k w a r e-=-ICQ #37739641-== > When people agree with me I always feel that I must be wrong > ===- http://daniellek.linux.krakow.pl/ -===< +48604628083 > >
Re: Suspending an POP3 account.
Agreed. But if you work somewhere where accounts comes up with a long list of guys to disconnect every fortnight and you haven't completed that new POP that the boss wanted set up 3 weeks ago.. it can be quite annoying. I find the database the laziest way of doing it :-) Cheers. - Original Message - From: "MarkD" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, June 13, 2001 10:50 AM Subject: Re: Suspending an POP3 account. > On Wed, Jun 13, 2001 at 09:42:04AM +0300, Joe allegedly wrote: > > Changing permissions can be quite messy. Imagine where you have to do it for > > 1000 or more then when they pay you change them allover again. Best is to > > change authentication method from passwd file to database. The default > > tables have a suspend colum... > > Well, lemme see now... > > You have to have a process that creates a user, yes? That (at least) > entails making some file system entries and setting the permissions > appropriately. > > And you have to have a process that removes a user, after all, users > do disappear, yes? That (at least) entails removing some file system > entries. > > And so now we have this disable process, yes? And you're saying it's > messy because that involves changes to the file system? > > That doesn't follow. Changing user states intimately involves the file > system. > > > I think that diddling with an authentication mechanism has the > downside of giving very poor feedback to the user. Pop clients > notoriously mask error messages and an incorrect password message will > rarely be interpreted by the user as an "I haven't paid my bill" > message. It certainly won't be interpreted by the POP client that way. > > I still think a good method is to rename the Maildir and create a > temporary Maildir with an single mail that tells them precisely what > the problem is. If you have to touch the file system this is no big > deal and the resultant message to the user - if worded correctly - > will not be vulnerable to misinterpretation. > > > Regards. > > > > > > > Joe. > > - Original Message - > > From: "Reid Sutherland" <[EMAIL PROTECTED]> > > To: "Joshua Nichols" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > > Sent: Tuesday, June 12, 2001 3:48 AM > > Subject: Re: Suspending an POP3 account. > > > > > > > > > > > > (lack of payment) clients when using a passwd/shadow > > > > > authentication method. > > > > > > > > > > Any ideas on a solution? > > > > > > > > > > > > > Though different checkpassword and pop programs will handle the problem > > > > differently, changing the _permissions_ on the ~Maildir/* so the owner > > > > doesn't have read access will work. That is, typical Maildir perms are > > > 700, > > > > change it to 300. > > > > > > > > All mail will be delivered as usual, but the pop account will not work. > > > If > > > > the user has telnet access, they will be able to circumvent this, but in > > a > > > > situation where you have "expiring" pop accounts, I'm assuming they > > don't. > > > > > > > > I imagine you could easily set the return error so that the user's mta > > > tells > > > > them they're delinquent. It's not everyday the problem is a permission > > > > denied read on the Maildir. > > > > > > > > > > This sounds really good too. This will give them a more descriptive error > > > instead of password error as suggested before. A password error will > > often > > > simply mean that and end up confusing the client in most cases. But a > > > permission denied error could result in them thinking, 'Hey, maybe I > > should > > > pay my bill on time next time'. Thanks for the tip. > > > > > > -reid > > > > > > > > > > > >
Re: backup mail server help
Alternatively you can run two SMTP servers and one POP server. Do NAT for the two and export the partition with Maildirs(at the pop server) to the SMTP servers through NFS. The two servers seem to be one to the outside world. NFS can be insecure though. Joe. - Original Message - From: "Henning Brauer" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, June 09, 2001 4:15 AM Subject: Re: backup mail server help > On Fri, Jun 08, 2001 at 04:33:49PM -0700, Hank Wethington wrote: > > What I'd like to accomplish is if Server A is unavailable, then mail goes to > > server B. Once A is back up, server B sends the mail back to server A. Does > > On server B, add all domains in question to rcpthosts, but NOT to locals or > virtualdomains. That's it ;-)) > > -- > * Henning Brauer, [EMAIL PROTECTED], http://www.bsws.de * > * Roedingsmarkt 14, 20459 Hamburg, Germany * > Unix is very simple, but it takes a genius to understand the simplicity. > (Dennis Ritchie) >
Re: Suspending an POP3 account.
Changing permissions can be quite messy. Imagine where you have to do it for 1000 or more then when they pay you change them allover again. Best is to change authentication method from passwd file to database. The default tables have a suspend colum... Joe. - Original Message - From: "Reid Sutherland" <[EMAIL PROTECTED]> To: "Joshua Nichols" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, June 12, 2001 3:48 AM Subject: Re: Suspending an POP3 account. > > > > (lack of payment) clients when using a passwd/shadow > > > authentication method. > > > > > > Any ideas on a solution? > > > > > > > Though different checkpassword and pop programs will handle the problem > > differently, changing the _permissions_ on the ~Maildir/* so the owner > > doesn't have read access will work. That is, typical Maildir perms are > 700, > > change it to 300. > > > > All mail will be delivered as usual, but the pop account will not work. > If > > the user has telnet access, they will be able to circumvent this, but in a > > situation where you have "expiring" pop accounts, I'm assuming they don't. > > > > I imagine you could easily set the return error so that the user's mta > tells > > them they're delinquent. It's not everyday the problem is a permission > > denied read on the Maildir. > > > > This sounds really good too. This will give them a more descriptive error > instead of password error as suggested before. A password error will often > simply mean that and end up confusing the client in most cases. But a > permission denied error could result in them thinking, 'Hey, maybe I should > pay my bill on time next time'. Thanks for the tip. > > -reid > > >
vmailmgr pop pop3d logging with multilog
I have qmail + vmailmgr set up and working, qmail pop accesses are being logged via daemontools and multilog and end up in /var/log/qmail/pop3d/current. i can get /etc/vmailmgr/checkvpw-postexec to write to a file (/tmp/vm), but I can't make its output show up in the pop3d logs via multilog (by changing the >> /tmp/vm to >&2 as suggested in the archives of the vmailmgr list ). I expect lines like this: Thu May 31 12:19:43 EDT 2001 /etc/vmailmgr/checkvpw-postexec u:janitors v:joe m:./users/joe h:/home/janitors to show up in /var/log/qmail/pop3d/current ... am i looking in the wrong place? Here are what my files look like: /etc/vmailmgr/checkvpw-postexec : #!/bin/sh echo `date` $0 $1 $2 u:$USER v:$VUSER m:$MAILDIR h:$HOME >&2 echo `date` $0 $1 $2 u:$USER v:$VUSER m:$MAILDIR h:$HOME >> /tmp/vm /var/qmail/supervise/qmail-pop3d/run : #!/bin/sh /usr/local/bin/softlimit -m 200 \ /usr/local/bin/tcpserver -v -R 0 110 /var/qmail/bin/qmail-popup \ FQDN /usr/local/bin/checkvpw /var/qmail/bin/qmail-pop3d Mailbox/ 2>&1 /var/qmail/supervise/qmail-pop3d/log : #!/bin/sh exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail/pop3d __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/
RE: [announcement] VQadmin new version 1.3 available
Is this a replacement for qmailadmin? The docs on this program are kinda scarce? Anyway I tried to setup a test site so I could see what it did but it is complaining about not finding my crypt.h file while building. If someone could enlighten me a little bit about how this is going to help me out I would appreciate it. Thanks, Joe BTW. I will submit a patch once I figure out why it is not building on my box. FreeBSD 4.2, vpopmail-4.9.8(mysql). -Original Message- From: Ken Jones [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 13, 2001 3:37 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [announcement] VQadmin new version 1.3 available A new version of vqadmin is now available. vqadmin-1.3 Virtual Qmail Web Administrator (VqAdmin) is a CGI Web program to allow virtual email hosting machine administators to add, delete, and modify virtually hosted email domains and users using vpopmail. Authentication is provided by ACLs and the Apache htpasswd method. Machine Administrators can add/delete virtual email domains, and tech users can admin user email accounts such as setting passwords, disk quotas, and privileges. Requires: qmail http://cr.yp.to/qmail.html vpopmail http://www.inter7.com/vpopmail/ Changes http://www.vpopmail.cx/vqadmin-ChangeLog Download http://www.vpopmail.cx/vqadmin-1.3.tar.gz Changes: 1) fixed problem with creating new domains 2) Added autoconf / automake scripts. The install procedure is now: ./configure make make install 3) Added support for creating virtual email domains under any /etc/passwd user. The default is vpopmail. 4) configure/Makefile automatically detects which libraries and headers to link. 5) New INSTALL documentation Cheers, Ken Jones inter7
RE: vpopmail and qmail installed outside /var/qmail
run: ./configure --help from inside the source directory. you will see: --enable-qmaildir=dir directory where qmail is installed. in the list of enable options. Joe -Original Message- From: Jesús Arnáiz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 13, 2001 1:31 PM To: qmail Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: vpopmail and qmail installed outside /var/qmail Hi! I have installed qmail outside /var/qmail and I see vpopmail don't work, if I create a symbolic link from /var/qmail to it, the program works. Can anybody tell me how to install vpopmail if qmail is in a different directory of /var/qmail? Thanks in advance. -- Jesús Arnáiz 0z0ne Inc I+D/IT Manager http://www.0z0ne.com mailto:[EMAIL PROTECTED]
Re: Virtual hosts
Actually, i would like to put everything in a database. Any ideas? - Original Message - From: "Pawel Garbowski" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, March 10, 2001 7:01 PM Subject: Re: Virtual hosts > Hello, > > * Joe <[EMAIL PROTECTED]> [010310 16:53] wrote: > > I have a qmail system running on RH6.2. User accounts are in a mysql database.I'm using Ian patterson's checkpassword-mysql-2.0.0pre1patch and takeshi's qmail-1.03-mysql-0.6.6 patch. However, I have been trying to implement virtual domains by putting the domains name in the virtualhosts table( as per ians instructions) without success. Any mail sent to the virtual domain bounces with the error "Sorry. Although I'm listed as a best-preference MX or A for that host, > > it isn't in my control/locals file, so I don't treat it as local. (#5.4.6)". Anybody got an idea where i could be going wrong? > > Wrap yours lines... > > put all yours virtualdomains in control/locals file > > greets, > > p. > > -- > pawel garbowski > [EMAIL PROTECTED] > >
Virtual hosts
I have a qmail system running on RH6.2. User accounts are in a mysql database.I'm using Ian patterson's checkpassword-mysql-2.0.0pre1patch and takeshi's qmail-1.03-mysql-0.6.6 patch. However, I have been trying to implement virtual domains by putting the domains name in the virtualhosts table( as per ians instructions) without success. Any mail sent to the virtual domain bounces with the error "Sorry. Although I'm listed as a best-preference MX or A for that host,it isn't in my control/locals file, so I don't treat it as local. (#5.4.6)". Anybody got an idea where i could be going wrong? Joe
Re: [vmailmgr] virtual alias can't receive mail SOLVED
Ah, after creating virtualdomains, I needed to remove the domain from control/locals now it's working. --- Joe Janitor <[EMAIL PROTECTED]> wrote: > Qmail is installed, and properly receives email to > users with full accounts and Mailbox files in their > $HOME. > > I installed vmailmgr and want to run virtualdomains > (multiple domains, multiple IPs, multiple virtual > users per domain). > > PROBLEM: > Outside mail to virtual aliases bounces saying > "Sorry, > no mailbox here by that name." > > INFO: > I created /var/qmail/control/virtualdomains with: > .mydomain.com:aw > > I did the following: > useradd aw > su - aw > vsetup > vadduser herman > edit /etc/inetd.conf and add > pop-3 stream tcp nowait root > /var/qmail/bin/qmail-popup qmail-popup mydomain.com > /usr/local/bin/checkvpw /var/qmail/bin/qmail-pop3d > Mailbox > > restart inetd (using init.d script) > restart qmail (using init.d script) > > > > __ > Do You Yahoo!? > Get email at your own domain with Yahoo! Mail. > http://personal.mail.yahoo.com/ __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/
[vmailmgr] email to virtual user bounces
Qmail is installed, and properly receives email to users with full accounts and Mailbox files in their $HOME. I installed vmailmgr and want to run virtualdomains (multiple domains, multiple IPs, multiple virtual users per domain). PROBLEM: Outside mail to virtual aliases bounces saying "Sorry, no mailbox here by that name." INFO: I created /var/qmail/control/virtualdomains with: .mydomain.com:aw I did the following: useradd aw su - aw vsetup vadduser herman edit /etc/inetd.conf and add pop-3 stream tcp nowait root /var/qmail/bin/qmail-popup qmail-popup mydomain.com /usr/local/bin/checkvpw /var/qmail/bin/qmail-pop3d Mailbox restart inetd (using init.d script) restart qmail (using init.d script) __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/
Re: procmail problems (RH6.2) SOLVED (?)
--- Dave Sill <[EMAIL PROTECTED]> wrote: > Joe Janitor <[EMAIL PROTECTED]> wrote: > > >I made some modifications to the homedir files: > > > >$HOME/.qmail now has > >| preline /usr/bin/procmail -m > /home/joe/.procmailrc > > > >(the -m file was previously mis-named) > > > >and $HOME/.procmailrc has > >PATH=/bin:/usr/bin:/usr/bin:$PATH > >ORGMAIL=$HOME/Mailbox > >MAILDIR=$HOME/mail > >DEFAULT=$HOME/Mailbox #completely optional > >LOGFILE=$MAILDIR/procmail.log > > > >Does this mean I have to have these two files in > >every home directory!? > > No. First, procmail doesn't need the -m flag. See > the procmail section > in LWQ: > > http://www.lifewithqmail.org/lwq.html#procmail > > Also, if you want delivery via procmail to be the > default, specify > that on the qmail-start command line, or in the > control/defaultdelivery file if you installed using > LWQ. I think I was already doing this, my /etc/rc.d/init.d/qmail script called qmail-start '|preline procmail' splogger qmail & > Finally, you can specify a systemwide default > procmailrc in > /etc/procmailrc. I read about that, but since that file didn't already exist on my system, I wondered if it would be looked for at all (if I created it). I never got around to testing it. > >And does it also mean that any > >user can screw his mail up by accidentally deleting > >these files? I have to say, though this works, I'm > not > >particularly comfortable with it... > > You can't really save your users from themselves... But you can make it harder for them to auto-hank... In any case, I've since downloaded the procmail source, edited src/authenticate.c to include #define MAILSPOOLHOME "/Mailbox" and recompiled. Now it works great without any $HOME/.qmail or $HOME/.procmailrc or /etc/procmailrc Thanks for writing. Joe __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/
Re: procmail problems (RH6.2) SOLVED (?)
I made some modifications to the homedir files: $HOME/.qmail now has | preline /usr/bin/procmail -m /home/joe/.procmailrc (the -m file was previously mis-named) and $HOME/.procmailrc has PATH=/bin:/usr/bin:/usr/bin:$PATH ORGMAIL=$HOME/Mailbox MAILDIR=$HOME/mail DEFAULT=$HOME/Mailbox #completely optional LOGFILE=$MAILDIR/procmail.log Does this mean I have to have these two files in every home directory!? And does it also mean that any user can screw his mail up by accidentally deleting these files? I have to say, though this works, I'm not particularly comfortable with it... Joe --- Joe Janitor <[EMAIL PROTECTED]> wrote: > I'm having trouble with qmail and procmail. I've > read > the FAQ and the list archives, but am still unsure > what > to do. I'm using a Linux RedHat 6.2 system. > > installed qmail. > outgoing mail works. > incoming mail (from outside) bounces (unknown user) > local mail won't be delivered, i.e.... > when I try (from the machine in question): > $ mail joe > Subject: testing > testing > . > Cc: > $ > > I end up with /var/spool/mail/joe (a symlink to > /home/joe/Mailbox) being > renamed as BOGUS.joe.1jLB and a new FILE called > /var/spool/mail/joe > containing the "testing" message. > > I read in INSTALL.mbox the following: > A few mail programs are unable to handle symbolic > links, so you will > have to configure them to look at ~user/Mailbox > directly: >* procmail: Change SYSTEM_MBOX in config.h and > recompile; or, with > recent versions, define MAILSPOOLHOME in > src/authenticate.c. > > but I don't know where to find config.h or > authenticate.c... do I have to download the procmail > source and recompile after these edits? (There has > to > be an easier way!) > > I tried adding ~joe/.qmail-test1 containing: > |preline procmail -m /home/awilber/.procmailrc > and ~joe/.procmail containing > PATH=/bin:/usr/bin:/usr/bin:$PATH > ORGMAIL=$HOME/Mailbox > MAILDIR=$HOME/mail > DEFAULT=$HOME/Mailbox #completely optional > LOGFILE=$MAILDIR/procmail.log > > this didn't work. > > I'm lost. > > Thanks, > Joe > > __ > Do You Yahoo!? > Get email at your own domain with Yahoo! Mail. > http://personal.mail.yahoo.com/ __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/
procmail problems (RH6.2)
I'm having trouble with qmail and procmail. I've read the FAQ and the list archives, but am still unsure what to do. I'm using a Linux RedHat 6.2 system. installed qmail. outgoing mail works. incoming mail (from outside) bounces (unknown user) local mail won't be delivered, i.e when I try (from the machine in question): $ mail joe Subject: testing testing . Cc: $ I end up with /var/spool/mail/joe (a symlink to /home/joe/Mailbox) being renamed as BOGUS.joe.1jLB and a new FILE called /var/spool/mail/joe containing the "testing" message. I read in INSTALL.mbox the following: A few mail programs are unable to handle symbolic links, so you will have to configure them to look at ~user/Mailbox directly: * procmail: Change SYSTEM_MBOX in config.h and recompile; or, with recent versions, define MAILSPOOLHOME in src/authenticate.c. but I don't know where to find config.h or authenticate.c... do I have to download the procmail source and recompile after these edits? (There has to be an easier way!) I tried adding ~joe/.qmail-test1 containing: |preline procmail -m /home/awilber/.procmailrc and ~joe/.procmail containing PATH=/bin:/usr/bin:/usr/bin:$PATH ORGMAIL=$HOME/Mailbox MAILDIR=$HOME/mail DEFAULT=$HOME/Mailbox #completely optional LOGFILE=$MAILDIR/procmail.log this didn't work. I'm lost. Thanks, Joe __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/
Qmail not processing queue.
I have a qmail installation on Redhat 6.2. I am using takeshi's MySQL+Qmail patches to allow authent. from MySql. However, my queue is not being processed untill i reboot the server. Seems like qmail-send is dying on me somehow. Logs show mail from local server and remote servers are getting to the queue. Does anyone have a fix for this? I'm kind of new to qmail... JOe
RE: smtp-auth && supervise problem?
Resolved the problem myself (finally ...): Was a startup-skrip problem: problematic: QMAILDUID=`id -u qmaild` (--> returns a number on my box) NOFILESGID=`id -g qmaild` exec /usr/local/bin/softlimit -m 1 /usr/local/bin/tcpserver -R -v -p -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" -u "$QMAILDUID " -g "$NOFILESGID" 0 smtp /var/qmail/bin/qmail-smtpd home/vpopmail/bin/vchkpw /bin/true /bin/cmd5checkpw /bin/true 2>&1 working solution: QMAILDUID=qmaild NOFILESGID=nofiles exec /usr/local/bin/softlimit -m 1 /usr/local/bin/tcpserver -R -v -p -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" -u "$QMAILDUID " -g "$NOFILESGID" 0 smtp /var/qmail/bin/qmail-smtpd home/vpopmail/bin/vchkpw /bin/true /bin/cmd5checkpw /bin/true 2>&1 Later Joe
smtp-auth && supervise problem?
Hi I have qmail 1.03 running with vpopmail. I patched qmail-smtpd with esmtp-tls and smtp-auth. When I run it "stand-alone" (not supervised) it works perfectly, authentification via vpopmail-passwdfiles etc. when I want to run it via svscan / supervise, I can't authenticate myself. My username/password is always rejected. Any ideas why? it works when I start qmail-smtpd by: #/usr/local/bin/softlimit -m 1 /usr/local/bin/tcpserver -R -v -p -x /etc/tcp.smtp.cdb -c 2000 -u qmaild -g nofiles 0 smtp /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true /bin/cmd5checkpw /bin/true 2>&1 run-file for svscan (note: the command executed is exactly the same as above) #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` exec /usr/local/bin/softlimit -m 1 /usr/local/bin/tcpserver -R -v -p -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true /bin/cmd5checkpw /bin/true 2>&1 Thanx Joe
RE: orbs.org accuses qmail of mailbomb relaying!
Greg Owen writes: > > In the main, though, you've laid out yet another argument > > against secondary MX. > But even if you got rid of secondary MXs, there's another > scenario this attacks, one which most basic firewall design courses > and books recommend: using a mail relay as a bastion host in the DMZ > to disallow direct access from the Internet to the mail store. You have not read the qmail documentation provided by DJB. In it, he provides explicit directions on exactly how to set up a bastion host: a single qmail server on the DMZ listening to port 25 talking to 1 or more qmail servers on the inside via qmqp. NOT smtp. Therefore, any other use of qmail in a relay situation was not considered part of the design and is thus deprecated (i.e., use at your own risk). DJB writes very compact documentation. You have to throw out any assumptions that you may be carrying forward from other pieces of software and actually read every single word he writes--they are all important for correctly interpreting his design goals. > For example, people running Exchange or Notes (and many do, for > various good or bad reasons) may not want that box directly on the > Internet, open to SYN flooding, DOS attacks, and buffer overflow > attempts. qmail makes the perfect intermediate relay - high > performance, high security, high reliability. If the bastion host is > attacked, internal mail isn't directly affected, which is a good > thing. Relaying to Exchange or Notes was not part of the qmail design goals. Qmail is not unique in not handling this situation and any expectation that you carry that it would be useful in this situation is incorrect. /Joe
Re: orbs.org accuses qmail of mailbomb relaying!
Russ Allbery writes: > Michael T Babcock <[EMAIL PROTECTED]> writes: > > > Considering the number of useful patches that aren't part of the qmail > > distribution that the average qmail admin seems to be using, I disagree. > > I disagree with the contention that the *average* qmail admin is using any > patches at all, if by average you mean the mode, and possibly even the > median. I agree with Russ. I have never felt the need to install or even consider a patch to the main Qmail code. I feel that there is a small minority of list members who cannot resist trying every third-party patch that comes along without understanding how it will *break* Qmail. Then they complain about broken behavior caused by ill-considered patches. /Joe
Re: orbs.org accuses qmail of mailbomb relaying!
Michael T. Babcock writes: > You've just missed a point of Qmail though. If a major point of > Qmail's existence is to provide reliable E-mail delivery, then this > _must_ include cooperating with other MTAs (without violating > standards) at least enough to keep from crashing / giving them > headaches so that we don't 'encourage' them to lose mail ... (through > failures of their own). You *REALLY* don't understand the point of Qmail. Qmail is designed to be standards compliant, fast, reliable and secure. Your belief seems to be that the designer of Qmail only cared about reliability. That is demonstrably false, by DJB's own admission. Nothing in the design or implementation of Qmail was there ever consideration given to causing or preventing broken implementations of SMTP from crashing. They are broken, therefore they *should* crash. > If we're the 'intelligent' ones and the secure ones, we should > probably be working around their failures where we can, to keep > _mail_ secure, not just mail on Qmail servers. Now you have gone and changed the subject to secure e-mail. There is no such thing in the defined SMTP protocol. Security is an add-on and has nothing to do with Qmail. /Joe
Re: Re[4]: The most secure POP server
Scott Gifford writes: > Gabriel Ambuehl <[EMAIL PROTECTED]> writes: > > > Hello Scott, > > > > Monday, July 03, 2000, 5:54:00 PM, you wrote: > > >> May anyone explain me what sense a SSL tunnel for POP3 does have (I've > > >> been wondering about that for long...)? > > > [ ... ] > > > To protect the POP password. > > > > But wouldn't it be way easier to just use APOP? Or does that one have > > its own security implications? > > The only particularly nasty implication of using APOP are that it > requires that the server have the password stored in plaintext. The > security aspect of that is that if somebody can steal the password > file from a system, they have direct access to all accounts, compared > to storing one-way hashes of passwords, which would make them run > crack first and they still wouldn't get well-chosen passwords. The > maintainability aspect is that standard UNIX passwords aren't stored > in plaintext, so you can't use APOP to authenticate against a standard > UNIX passwd file. The APOP password only controls access to the e-mail POP account. It DOES NOT have anything to do with a UNIX login account! In fact, if you allow both shell and pop access, snooping the POP password gives you the shell password, whereas you can set a single APOP password that gives access to e-mail and has absolutely nothing to do with shell access. Thus, in spite of (or because of) the clear-text APOP password storage on the server, you cannot compromise anything except e-mail by discovering the APOP password. > POP over SSL solves both of these, by making no changes to the POP > protocol, but just encrypting the whole session. SSL for e-mail (especially POP) is extreme overkill, causing untold client and server configuration difficulties for little or no effect, seeing as SMTP is unencrypted... /Joe
Re: New to Qmail, please help
ls -l: -rw-r--r-- 1 root root 51 Jun 22 17:54 /var/qmail/control/locals -- cat: domain.org mail.domain.org -- If it helps any, I'm running with the qmail-ldap patch (which is the primary reason I'm using qmail, I need that kind of builtin LDAP support), but I haven't changed the default setting to deliver to local if not found in LDAP. --- Johan Almqvist <[EMAIL PROTECTED]> wrote: > Are you absolutely, perfectly positive that the locals file is in the > right > location with the right permissions? In other words, mail them so we can > see. > > On Thu, Jun 22, 2000 at 03:39:29PM -0700, Joe DiLascio wrote: > > Greetings > > > > I've followed the INSTALL instructions, my MX records are straight, > and I > > don't know where to go from here. > > > > Given the domain 'domain.org' and the machine 'mail.domain.org': > > > > I have both the hostname and domain name in 'rcpthosts' and 'locals', > but > > mail sent to domain.org is bounced with "Although I am the best MX, > that > > domain isn't in control/locals" ... which I'm very certain is not > true. > > > > Any help would be greatly appreciated. > > > > Joe DiLascio > > > > __ > > Do You Yahoo!? > > Get Yahoo! Mail - Free email you can access from anywhere! > > http://mail.yahoo.com/ > > > -Johan > -- > Johan Almqvist __ Do You Yahoo!? Get Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/
New to Qmail, please help
Greetings I've followed the INSTALL instructions, my MX records are straight, and I don't know where to go from here. Given the domain 'domain.org' and the machine 'mail.domain.org': I have both the hostname and domain name in 'rcpthosts' and 'locals', but mail sent to domain.org is bounced with "Although I am the best MX, that domain isn't in control/locals" ... which I'm very certain is not true. Any help would be greatly appreciated. Joe DiLascio __ Do You Yahoo!? Get Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/
Install question
Hi all, Am running RH 6.2, and attempting my first install of qmail. Looking at the readme for qmail-run and it talks about a 'functions rpm'. What is this? I can find no reference on RedHat's website and a search of the faq and archives for this list don'tshow anything. Am I making this harder than it is? TIA, Joe
fetchmail + qmail, socket error
Hi all, I encounter the follow problem. Can anyone drop hints for me. My configuration: Red Hat : 6.0+CLE v0.8 qmail:1.03 fetchmail: 5.0 I setup dialup on demand for crond to retrieve mail from ISP through fetchmail. Every thing is work properly. However, if i retrivev a mail which the size is greater(1M). The fetchmail will come up with socket error Query Status=2 By fetchmail FAQ, I have set the following in my ppp options file mtu 552 mru 552 but the error still occur. Can anyone know why? Joe
qmail-lspawn patch ?
I saw a posting about a patch for qmail-lspawn which passed both localuser and localdomain to qmail-getpw. I don't suppose anyone knows the location of it? Thanks in advance, Joseph Edwards
Help testing the installation
Hi, I am new in linux. After gathering infomration , I fins qmail is very powerful and eay to config. However, I encounter the following problem . Can u help me solve it? The Problem is: I can build and install the qmail but I cannot success in following the guideline in TEST.deliver. I am follow the sequence mention in the INSTALL and read through the INSTALL.* from the TEST.deliver: when i run the /var/qmail/rc it will has four process but i only get one "qmail-lspawn" I also fail in the local mail delivery. Can u tell how figure what mistake I have made? Also I don't understand the idea that decscride in mbox , Maildir and Mailbox which one should I choose, since I need to maintan POP server for Ms windoms client. Thanks Joe
More setup questions
Hello, I am setting up qmail on a RedHat Linux 6.1 machine. I am using life with qmail's installation directions. I posted a message yesterday and I am still a little confused. I have 3 questions (for now); QUESTION #1: The instructions say there should be a file named INSTALL.ids in the source directory. I couldn't find it, so per the instructions I added: alias:*:7790:2108::/var/qmail/alias:/bin/true qmaild:*:7791:2108::/var/qmail:/bin/true qmaill:*:7792:2108::/var/qmail:/bin/true qmailp:*:7793:2108::/var/qmail:/bin/true qmailq:*:7794:2107::/var/qmail:/bin/true qmailr:*:7795:2107::/var/qmail:/bin/true qmails:*:7796:2107::/var/qmail:/bin/true to the /etc/passwd file. I did the "make setup check" command and the "./config-fast the.full.hostname" command. Both seemed to work fine. NOW, I have a file named INSTALL.ids in the /usr/local/src/qmail/qmail-1.03/ directory. So, should I edit that file now? QUESTION #2: I am getting ready to install ucspi-tcp and daemontools, but I am not sure what they do, or if I really need to do so. Can anyone help with this? QUESTION #3: I've read forward in the instructions and I see that I will add users like the following: =address:user:uid:gid:directory:dash:extension: The instructions say that the directory /var/qmail/users contains a series of configuration files, but mine is empty (the directory contains no files). Am I to create the config files, or will they be setup later? I am extremely confused about this portion of the setup. Any help would be greatly appreciated. Thanks for your patience with a newbie.I am sure I will have more questions later. Thanks, Joe Millay
Adding Users when Installing (NEWBIE)
Hello, I am installing qmail on a box with RedHat 6.1 as the OS. I am following LQW's instructions. I have downloaded the source for qmail, ucspi, and daemontools. I am to the section where I create users and groups, but I am confused (VERY confused). I cannot find the "INSTALL.ids" file. Nor do I understand the lines of the script: pw useradd alias -g nofiles -d /var/qmail/alias -s /nonexistent pw useradd qmaild -g nofiles -d /var/qmail -s /nonexistent Am I to substitute the username somewhere in the lines above? The instructions say to edit /etc/group if INSTALL.ids is not installed. OK. I find that, but I do not understand: qmaild:*:7791:2108:: /var/qmail/:bin/true Where is the user name located in this line? Am I missing something in the instructions? Thanks for any help, I really, really appreciate it. By the way--I am installing this on a test machine, just like the instructions suggest. :) Thanks, Joe Millay
Re: init.d qmail sript on solaris
Bin Zhang writes: > > I have the same problem. Please let me know if you get > an answer. Thanks. > > Bin > > Quoting Max Shaposhnikov <[EMAIL PROTECTED]>: > > > i have strange problems with qmail smtp startup on my sun solaris 7 > > machine... > > when i reboot sun qmail start but won't work properly > > if i do > > qmail stop > > qmail start > > all is work just fine... > > > > init script: > > > > PATH=$PATH:/usr/bin:/usr/local/bin:/var/qmail/bin:usr/sbin /usr/sbin For what its worth, here is my qmail startup script running on Solaris 7: #!/sbin/sh # case "$1" in 'start') if [ -f /var/qmail/rc ]; then (/var/qmail/rc &) /usr/local/bin/tcpserver -R -v -x /etc/tcp.smtp.cdb \ -u 1003 -g 103 0 smtp \ /var/qmail/bin/qmail-smtpd 2>&1 \ | /usr/local/bin/accustamp \ | /usr/local/bin/setuser qmaill /usr/local/bin/cyclog \ /var/log/smtpd & fi ;; 'stop') /usr/bin/pkill -x -u 0 qmail-send /usr/bin/pkill -u 0 -f '0 smtp' ;; *) echo "Usage: $0 { start | stop }" exit 1 ;; esac exit 0
Why Are Virtual Domains So Difficult??
I think that the existing documentation is much too complex for most situations. The FAQ points out a very simple solution, which becomes very complex as soon as more than one virtual domain is used. I think that DJB intends people to use fastforward, since he insists that a standard qmail distrubution includes fastforward and dotforward. Therefore, the fastforward solution is to do the following: for each virtual.domain do echo "virtual.domain:alias" >>control/virtualdomains echo "virtual.domain" >>control/rcpthosts done echo "| fastforward /etc/alias.cdb" >/var/qmail/alias/.qmail-default Now go set up /etc/alias according to the fastforward documentation. You can now use the fastforward wild cards to arbitrarily forward various combinations of [EMAIL PROTECTED], to arbitrary places. You can even import your snedmail alias database intact. So, why doesn't LWQ or qmail-1.03/FAQ mention this? The fastforward package doesn't even mention it. /Joe CDR Inc writes: > When I first started setting up my RH 6.1 Linux Box, I had thought that > setting up Virtual Domains and such would be easy. I figured that with all > the hoopala of Linux as a Server, it would be very well documented as to how > to set up virtual domains and such. After looking around a while, I came to > discover that it is NOT well documented. Maybe I was just looking in the > wrong place, but the documentation for setting up virtual stuff is not very > prevelant... So I changed my thinking.. I figured my application is unique > and it will be tough going setting it up. A Net Friend turned me on to > QMAIL, saying it would be a good program to set up Virtual Domains... > > But now I see all the questions on this list about setting up virtual > domains and such and I am thinking that I am NOT alone.. That others have > the same setup and problems I do.. > > So here is my question.. Why is there not more support for Virtual Domains > and such in Qmail?? SUre there is a blurb in the FAQ about it, I have seen > some kludges and such. I have gotten one really fine script about it, but > my own inexperience screwed that up.. > > Is there anything out there about setting up Virtual Domains in QMAIL that a > relatively inexperienced Linux Born Again Virgin can follow? I would think > with all the post I have seen of late re: this problem that there would be > some easy to follow info on how to set these up.. > > > Michale > M I S >
Re: RCPT aggregation
Sam writes: > On 16 Nov 1999, Joe Kelsey wrote: > > > Sam writes: > > > On 16 Nov 1999, Joe Kelsey wrote: > > > > > > > Sam writes: > > > > > On Mon, 15 Nov 1999, Mark Evans wrote: > > > > > > > > > > > This assumes that the recieving MTA will process multiple > > > > > > RCPT messages in exactly the same way as those with a > > > > > > single RCPT. e.g. the MTA might impose progressive delays > > > > > > in the transaction for every RCPT given to it or attempt > > > > > > to deliver a message with multiple RCPT's at a lower > > > > > > priority. > > > > > > > > > > This is silly. Originally, batching multiple RCPTs for the > > > > > same domain WAS the default behavior of all the MTAs on the > > > > > Internet. > > > > > > > > And just exactly what evidence do you base this unfounded > > > > conclusion on? > > > > > > A little program called "sendmail". Perhaps you've heard of it. > > > > When sendmail was first written it did *not* do RCPT aggregation. > > When sendmail was first written, SMTP did not exist. As SMTP became > established, sendmail was written to support it, in such a fashion. Sorry Sam. Check your facts again. Once again, you are wrong. Based on Eric Allman's statements in "A Quarter Century of UNIX" by Peter Salus, (referred to to aid me in my recollections of the time), delivermail originally was written to bridge between uucp-mail, berknet-mail and ARPANET mail. When 4.2BSD was being released (i.e., 4.1a, 4.1b, 4.1c, and certainly after the conversion of the ARPANET to TCP/IP), Eric wrote the next version of delivermail, renaming to sendmail and providing SMTP support. I worked at an installation supporting each of these interim BSD releases and distinctly remember that the first version of sendmail did *not* do RCPT aggregation. delivermail certainly never did, since it never actually delivered the mail, only handed it off to other programs for transport. Remember, 4.0BSD and 4.1BSD came with delivermail and BerkNet. TCP/IP wasn't put in until 4.1a. Somewhere along the way to 4.2, delivermail was replaced by sendmail. So, when delivermail was written, Berkeley was struggling with multiple network protocols (ARPANET, BerkNet, uucp) and also struggling with the conversion of the ARPANET from NCP to TCP/IP. It is unknown (without asking Eric for exact dates) whether or not SMTP existed when delivermail was written. SMTP was *very* well established when delivermail was renamed sendmail, since, by fiat, SMTP was the *only* mail transport protocol on the ARPANET. Remember also that the RFC process proceeds by first defining preliminary protocols which are implemented at least twice before the protocol can be signed off. Just because the date on the RFC says 1982 doesn't mean that the protocol wasn't in use for multiple years prior to that date! I personally recall sending mail via telnet to port 25 well before the advent of sendmail (obviously, I typed the SMTP protocol commands by hand, reading from the RFC, again prior to the final release of the document.) /Joe
Re: RCPT aggregation
Sam writes: > On 16 Nov 1999, Joe Kelsey wrote: > > > Sam writes: > > > On Mon, 15 Nov 1999, Mark Evans wrote: > > > > > > > This assumes that the recieving MTA will process multiple RCPT messages > > > > in exactly the same way as those with a single RCPT. e.g. the MTA might > > > > impose progressive delays in the transaction for every RCPT given to it > > > > or attempt to deliver a message with multiple RCPT's at a lower priority. > > > > > > This is silly. Originally, batching multiple RCPTs for the same domain > > > WAS the default behavior of all the MTAs on the Internet. > > > > And just exactly what evidence do you base this unfounded conclusion on? > > A little program called "sendmail". Perhaps you've heard of it. When sendmail was first written it did *not* do RCPT aggregation. That was implemented later, as an optimization. In 1982 sendmail was by far and away in the *minority* of MTA's in operation on the Internet. The rapid spread of 4.2BSD UNIX systems (1983) soon changed that. /Joe
Re: RCPT aggregation
Sam writes: > On Mon, 15 Nov 1999, Mark Evans wrote: > > > This assumes that the recieving MTA will process multiple RCPT messages > > in exactly the same way as those with a single RCPT. e.g. the MTA might > > impose progressive delays in the transaction for every RCPT given to it > > or attempt to deliver a message with multiple RCPT's at a lower priority. > > This is silly. Originally, batching multiple RCPTs for the same domain > WAS the default behavior of all the MTAs on the Internet. And just exactly what evidence do you base this unfounded conclusion on? Please enumerate the MTA's which had this "orogonal" behavior and what period of time they existed. Make sure that you are not able to name a single counter-example for that time period, otherwise your statement is a blatant lie. /Joe
qmail on Linux
Hello, I have installed Red Hat Linux 6.1 and included sendmail. Now, I think I want to go with qmail, and have read the installation FAQ and the docuemtn the FAQ instructed me to read about stopping sendmail. My question is: Would it be better to re-install Linux without sendmail and then install qmail? I have not configured sendmail, so suppose it is a wash. But, I am new to this email-server thing and I don't want sendmail to interfere with qmail. Any thoughts would be appreciated. By the way, this list is great. I've been on it for only one day, perused the archives, etc and have learned so much. Thank you, Joe Millay
bin mail on Solaris 7.
G. Ryan Fawcett writes: > Well internet email works great but I have a problems using bin mail to > deliver locally. I've compile everything but I don't have the qial to alias > to binmail so how do i set it up to put the mail ins /var/mail/spool/usr. > Anyone does this Use the default qmail delivery to ~/Mailbox. Here is my /var/qmail/rc #!/bin/sh # Using cyclog to send the log to /var/log/qmail. # Using qmail-local to deliver messages to ~/Mailbox by default. exec env - PATH="/var/qmail/bin:$PATH" \ qmail-start ./Mailbox /usr/local/bin/accustamp \ | /usr/local/bin/setuser qmaill /usr/local/bin/cyclog /var/log/qmail Then, you put a symbolic link in /var/mail for each luser: shutdown all mail processing for i in list of users do if [ -f /var/mail/$i ] then mv /var/mail/$i /home/$i/Mailbox fi ln -s /home/$i/Mailbox /var/mail/$i done /Joe
Calling all qmail / mailman admins ...
[previously posted to the "mailman users" list] Try as I might, I still don't have qmail and mailman playing nice together. If anyone has pulled this stunt off, or is currently trying to figure it out (like I am), could you please contact me? I'd like to discuss in an offline e-mail thread all the nuances (above and beyond what's in README.QMAIL) and then post what will hopefully be the definitive "steps to configure" for qmail/mailman. Not that I object to discussing it here (I don't) but if it will help keep the signal/noise ratio down ... :-) -- Joe D'Andrea AT&T Laboratories
usage of qmail-local
I am trying to write a wrapper function to assign directories to a number of mailing lists (created by ezmlm), before, i was putting a line in assign file of qmail for each mailing list like this +joe-testing:joe:uid:gid:directory of the dot-qmail files:-:testing: which works well and it handles the bounce messages as well, what i am doing now is that i have putted a line in the assign file +:joe:uid:gid:/mailinglist:-:: where /mailinglist is the directory of the wrapper function and a .qmail-default file calling the wrapper function in this directory |/mailinglist/mailinglist.pl in this wrapper function, it will find out which directory the mailing list's dot-qmail files are and calling qmail-local again to deliver the messages. I have no problem to receive messages by this wrapper function, which it can still distribute mailing list messages to subscribers, but when there is a bounce message from a invalid email address, it seems the bounce messages have never reach the right .qmail files and it has nothing in the bounce directory, that means the wrapper function has failed to deliver the bounce messages to the mailing list. I think i have mis-used the qmail-local program, does anyone has any idea how can i use qmail-local to have the same results as i putted the +joe-testing:joe:uid:gid:directory of the dot-qmail files:-:testing: in assign file? Thanks Joe
Qmail and Cyrus-IMAP
Ok, this question was offered in this list thousent times certainly but I have no sollution for the following: I need the qmail-cyprus-patch. All my attempts to get 'http://www.periapt.com/qmail-cyrus/' end with an error 404. Does anyone know an other URL for this patch and where can I get a good beginner-guidance, possibly in german? By the way I try to get QMail 1.03 and Cyrus-imap-1.6.10 to work together. thx. Greetings, Joe --- cu Joe Sollich | [EMAIL PROTECTED] P/O-Box 2303 | PGP-Key & Homepage: 32095 Bad Salzuflen, Germany | http://members.tripod.de/joes_homepage
Re: Howto
I just can't stand listening to Scott prattle on endlessly about his own ignorance anymore... Scott D. Yelich writes: > > Has anyone else noticed anything similar to the following on this list: > > (1) DJB writes his software his way and he doesn't give a sh!t about > anyone else's opinion when he is set in his? Even if he is wrong? Even > if he has been proven to be wrong? Even if he's being obstinant, > apparently, for no other reason other than to be stubbornly fascist? and > it's now rubbing off on the list? Dan writes his software the best way. Please enlighten us as to where he is wrong. You seem to have all the answers, please let us know. > (2) This list expects everyone to be an expert in everything (including > qmail) inherently and has this as a prerequesite to existing... Anyone who chooses to try to install and configure ANY MTA must by definition be an expert system administrator and able to "go with the flow" and think on their feet. RTFM and when that doesn't work, RTFS. Scott, you have proven over and over that you attempt to do things without even referencing the FAQ. I followed the directions in the FAQ and the various INSTALL, etc. files and had absolutely no trouble installing and running qmail in under 3 hours on Solaris 7. Yes, I even found the conf-cc and conf-ld files and fixed them myself without pissing and moaning on the list---in fact, I wasn't aware of the list when I did it! > (3) If one is not an expert and speaks publically on the list, the > overly belligerent and pugnacious list has a habit of tearing them a new > virtual bodily orifice? The overly beligerence and pugnacity is all in your mind. You come here and prove your ignorance every time you post. You respond to simple answers with anger and whining. You have shown no desire to even try to fix what you perceive to be mistakes. Put up or shut up. > (4) If that same person then makes anything less than a godly effort to > solve every problem affecting the universe, oh and qmail as well, then > they are berated into the oblivion of obscurity? You don't need to make a godly effort. Just show by your own words that you have some understanding of the concepts involved in networking. You continually express ignorance of the most basic subjects, such as how to search through the RFC index to find the appropriate RFC. Everyone has to go through the same pain---the index just isn't that good. But, the RFC's themselves are fairly small and it really doesn't take much time to find what you need. You obviously do not want to spend any of your oh so precious time doing any research on your own though. > (5) If that person returns from oblivion with suggestions that just > might make qmail a better place - they are then subjected to repeated > ridicule for any perceived weakness in their character simply for > attempting to help make the (qmail) world a better place? You have never made a single constructive suggestion on this list. I am waiting for your first suggestion. What is it? > On a personal note, I'm sure you're all just so excited to be reading > all of this -- but I'm not talking to myself here. Up until now I've > generally been attempting to be nice on this list... I help those who > post questions with private messages so I don't have to receive sh!t > from the vultures that circle their mboxes waiting for qmail list fodder > to arrive -- like ant lions waiting for the ant members of this mailing > list to post. > > I stated before that if (so many) people keep saying the same thing[s] > over and over about qmail and specifically its documentation problems or > the qmail list, that just perhaps there might just be something that may > need attention somewhere. If DJB refuses to be reasonable, it doesn't > mean the rest either have to be insane zealots or be converted -- some > people aren't in this for the Jihad of the those who feel they are > mentally superior. > > Although people may not appreciate my (repeated) questions -- this is an > open forum -- I do not deserve to be treated as I have and neither does > anyone else who has received the typical and appalling treatment this > list lashes out repeatedly. > > Alex, you do please continue to learn about your system and try to help > others. Do not let this list get you down convince you otherwise. > > Does anyone have the url for postfix handy? People that I've been > speaking with to try to get qmail help tell me that they've given up on > qmail and this list and have been quite happy with postfix. > > Scott > > /Joe
Homebrew list performance?
I am using an existing perl script to generate messages, and send them (from the script), basically one at a time. Performance is slow, (a basic qmail installation performs not better than sendmail) although I have not yet done any tweaking at all. Question: Is it neccessary to use a "qmail format" mailing list to take advantage of concurrency? If so, I'll have to modify the perl script. I'd just like to know before I go twiddling all the knobs on qmail. Thanks, Joe
RE: OpenSMTP - another approach
That's what /dev/null is for. Joe > -Original Message- > From: Bruno Wolff III [mailto:[EMAIL PROTECTED]] > Sent: Friday, April 30, 1999 11:14 AM > To: Petr Novotny; [EMAIL PROTECTED] > Subject: Re: OpenSMTP - another approach > > > On Fri, Apr 30, 1999 at 12:20:52PM +0100, > Petr Novotny <[EMAIL PROTECTED]> wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > > > 1. SMTP relay looks kind of open - and relay attempts are > > > > accepted (not sent out, just accepted). > > > > > > I think you're going to end up in RBL sites with that. > > > > No I won't - if I bounce the mail within 10 or 20 or whatever minutes > > after accepting it. If I understand correctly, ORBS allows "accept > > and bounce after" kind of approach. > > You won't end up on the rbl, but whoever reads your postmaster mail > is not going to be happy if a spammer tries to relay through you. >
qmail-getpw
So what does qmail-lspawn pass to qmail-getpw as local? "user" of "user@domain" Joe
directory hashing algorithim
So I need a good directory hashing algorithim beyond last/first name for example. Maildir is located under the users home directory. I want their homedir location to be something that would distribute the load more evenly, instead of something like /home/smith/joe/Maildir. Any suggestions? Joe
RE: Qmail and tcpserver bootup script
Type "whereis tcpserver" and use the full pathname to tcpserver that it gives you. problem fixed Joe > -Original Message- > From: Jeff Lush [mailto:[EMAIL PROTECTED]] > Sent: Monday, April 19, 1999 11:25 AM > To: [EMAIL PROTECTED] > Subject: Qmail and tcpserver bootup script > > > Hello all, > > I am a bit of a newbie to Unix and installed qmail for the first time this > weekend on FreeBSD 3.1. Installation and configuration was really very > straight forward. In no time I had setup selective relaying for my LAN and > pop3 with checkpassword (kudos to everyone with documentation on these > topics, without you people like me would be lost!). My only problem is: > > As the FAQs and docs require, I added two lines to my startup script: > > 1) "tcpserver -R -x/usr/local/etc/tcp.smtp.cdb -u82 -g81 0 smtp > /var/qmail/bin/qmail-smtpd &" > > 2) "tcpserver 0 110 /var/qmail/bin qmail-popup MYHOST \ > /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir &" > > I added these into the rc.conf file under /etc. > > When the machine reboots, I get an error near the end of the script saying > "tcpserver not found"; however, when I manually key in the commands at the > prompt, they work fine. > > I suspect I have placed the tcpserver commands into the wrong boot script, > but I am not sure which others to use. > > Any assistance on this would be greatly appreciated. > > Thanks, > > Jeff Lush > mailto:[EMAIL PROTECTED] >
POP security question
Hello all, When a pop user logs in to check mail, they send their user password in clear text over the network. So, a pop user account could be comprimised, and is therefore unsecure. On a mail server I administer, I set all of the qmail user accounts shell to be /bin/false which disallows a direct login by the user. This is fine with me since none of my email accounts will every log in. This seems secure, but is it enough? Is there more that one can do to secure pop accounts? -- Joseph R. JunkinDatafree Corporation [EMAIL PROTECTED] http://www.datacrawler.com
Anybody having Problems running on RH 2.2.5?
Hi all. I have had my qmail server running without hitch on the linux 2.0.36 and then 2.2.0 for some time. Absolutely flawless. Last thursday I reloaded my server and installed 2.2.5. Everything was fine until yesterday. It seems the pop3d is flaky, seems to crash or something. I will do a closer eval but was just wondering if anyone has been running on this kernel and had any problems? - Joseph R. JunkinDatafree Corporation [EMAIL PROTECTED] http://www.datacrawler.com
Help with logfile?
Hi all. Running on Redhat 5.2 with the 2.2.5 kernel upgrade. Something went batty with qmail yesterday and I am not sure why. Every time I tried to send a message the system would spawn multiple smtp and queue processes. These would remain listed indefinitely and the message never set. I think it may have had something to do with the pop3d in inetd. At any rate, it is operational again. But, when I was trouble shooting the problem I moved and then blew away /var/log/maillog. I expected another to be created instantly. One did not appear, so I touch'd a new one and it remains empty after a day. I ran a grep in the /var/log directory and found no other logs for qmail operations. It was all running just fine before I blew it away. Does anybody know what I have done here? Where is the directive for the log file? - Joseph R. JunkinDatafree Corporation [EMAIL PROTECTED] http://www.datacrawler.com
Re: 500.000+ users mailserver
Ok so I am probably going to catch heck for this, but there is an LDAP patch for qmail. It says it is alpha, but that is BS it works GREAT. Here is our set up. 1 Master LDAP server 4 Qmail-LDAP servers with LDAP slave servers on each 1 Netapp as the mail store Of course we don't have 500,000 users but this should be NO PROBLEM at all for this system, and if it is, just add more Qmail servers or Netapps where they are needed. Joe Mark Delany wrote: > At 14:23 4/03/99 -0800, Russ Allbery wrote: > >Peter van Dijk <[EMAIL PROTECTED]> writes: > > > >> What I meant to say was: NIS has the same limitations as your OS. If > >> your OS limits uids at 64K, NIS won't limit you any further, neither > >> will it help you break that barrier. > > > >Right. If you're running SunOS, you do have to worry about >32K UIDs. > >And you still have to worry about >64K UIDs in most operating systems; > >support for larger things is pretty spotty. > > Indeed. Of course if the core OS supports >64K, and qmail does, then on a > dedicated mail system it really doesn't matter if a bunch of external stuff > doesn't work too well as it's hardly, if ever, used. > > Regards.
Re: Helping a guy out with qmail
Hi Peter, Thanks, I'm that guy that dogbert2 (on irc) was helping out. Anyhow, im not sure if im running a DNS server or not, how can i find out? What all should i have comfingured (name the files and what should be in em), so i can double check mine to make sure mine are correct Thanks, AMD_ >From [EMAIL PROTECTED] Fri Feb 12 05:00:29 1999 >Received: (qmail 21145 invoked by uid 1002); 12 Feb 1999 12:59:56 - >Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm >Precedence: bulk >Delivered-To: mailing list [EMAIL PROTECTED] >Received: (qmail 27125 invoked from network); 12 Feb 1999 12:59:56 - >Received: from finch-post-10.mail.demon.net (HELO post.mail.demon.net) (194.217.242.38) > by muncher.math.uic.edu with SMTP; 12 Feb 1999 12:59:56 - >Received: from [212.228.2.223] (helo=[212.228.2.223]) > by post.mail.demon.net with esmtp (Exim 2.12 #1) > id 10BICR-00056x-00; Fri, 12 Feb 1999 13:00:03 + >X-Sender: [EMAIL PROTECTED] >Message-Id:>In-Reply-To: <[EMAIL PROTECTED]> >Mime-Version: 1.0 >Content-Type: text/plain; charset="us-ascii" >x-my-website: http://www.gradwell.com/ >Date: Fri, 12 Feb 1999 12:55:32 + >To: Bill Parker <[EMAIL PROTECTED]>, [EMAIL PROTECTED] >From: Peter Gradwell <[EMAIL PROTECTED]> >Subject: Re: Helping a guy out with qmail > >At 5:46 pm -0800 11/2/99, Bill Parker wrote: >>Hello all, >> >> I am trying to give a guy some assistance with qmail, he is running a >>linux box which is on a private network (i.e. the FQDN is NOT known to the >>internet)...now when he sends mail with Outlook Express (on his lan to the >>Linux box) he gets the following: >> >>heres the error (i think, im look in /var/log/qmail) >>918783025.254361 info msg 147722: bytes 2293 from <#@[]> qp 31505 uid 86 >>918783025.331852 starting delivery 9: msg 147722 to remote postmaster@ >>918783025.334195 status: local 0/10 remote 1/20 >>918783025.875727 delivery 9: failure: >>Sorry,_I_couldn't_find_any_host_named_._(#5.1.2)/ >>918783025.879945 status: local 0/10 remote 0/20 >>918783025.884383 triple bounce: discarding bounce/147722 >>918783025.885949 end msg 147722 > >are you running a local dns on the private network? > >you need a dns server on the local network so that qmail can look up this domain, even if the >domain is not visible on the internet. > >I refer you to http://www.gradwell.com/help/connect/ >which, even if it's not linux/qmail specific, should help you get the idea. > >Peter. > > >-- >gradwell dot com ltd - writing the bits of the web you don't see >online @ http://www.gradwell.com/ mailto:[EMAIL PROTECTED] > >"To look back all the time is boring. Excitement lies in tomorrow" > > > __ Get Your Private, Free Email at http://www.hotmail.com
RE: Tarpitting
I just finished one last week, I have to get my bosses approval to relase it though. Joe > -Original Message- > From: Chris Johnson [mailto:[EMAIL PROTECTED]] > Sent: Thursday, February 11, 1999 10:33 AM > To: [EMAIL PROTECTED] > Subject: Tarpitting > > > There was some discussion a while back about tarpitting. If you > don't know what > that is (I didn't when it first came up), it's the process of > inserting a small > sleep in an SMTP session for each RCPT TO after some set number > of RCPT TOs. > The idea is to thwart spammers who would hand your SMTP server a > single message > with a long list of RCPT TOs. > > The subject originally came up in a discussion of ways to run an > open relay > safely (I didn't suggest it, and I don't do that kind of thing), > but it could > also be useful in keeping your own dial-up customers from using > you as a spam > relay. > > I've made a simple patch to qmail-smtpd to allow it to do > tarpitting. There are > two control files involved: control/tarpitcount and control/tarpitdelay. > tarpitcount is the number of RCPT TOs you accept before you start > tarpitting, > and tarpitdelay is the number of seconds of delay to introduce after each > message. tarpitcount defaults to 0 (which means no tarpitting), > and tarpitdelay > defaults to 5. If NOTARPIT is set in the environment (perhaps by > tcpserver) > then no tarpitting is done. (I had considered doing this the other way > around--no tarpitting would be done unless TARPIT was set, irrespective of > control/tarpitcount. Any suggestions on this point?) > > If anyone is interested, it's at > http://www.palomine.net/qmail/tarpit.patch. > I'm not vouching for > the effectiveness of doing tarpitting or whether it's a > good thing to do to your customers, but there was some interest > in it, so there > it is. > > Chris >
Tarpitting patch
I have some code that does tarpitting, but this is very sad to say, I have never created a patch before, and I don't know how to do it. I just can't get diff to do things right, someone want to help me.
RE: Filters with qmail
i sent him an email because we are going to be doing EXACTLY what he will be doing. 1: All of our clients are using Outlook or Outlook Express, this is a requirement, since it checks pop before it does any smtp transactions. 2: All our clients are using SSL 3: I will be releasing a first run tarpit patch sometime late today, early tommorow, that will make them pay should they figure out 1 and 2, and give you time to hunt them down. VERY simple and it will close you down pretty damn well considering that most spammers have the brainpower of a twig. Joe > -Original Message- > From: Sam [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, February 03, 1999 4:44 PM > Cc: [EMAIL PROTECTED] > Subject: Re: Filters with qmail > > > Matt Garrett writes: > > > Look. I very much doubt that Martin Staael <[EMAIL PROTECTED]> REALLY > > wants to run an open relay. What most ISPs want to allow are > > Actually, he thinks he does. As I mentioned earlier, usually there's an > inquiry of this kind about once a month on this list. > > These organizations provide either web hosting, or other non-dialup > services, and they do not maintain any dialup facilities on their own. > Their clients have their own dialup accounts with separate ISPs. For some > reason he believes that his clients cannot use the mail relays from their > own ISPs, and are required to use his. Either that, or he does > sell dialup > access, but believes that his clients should be allowed to access his mail > servers from other ISPs. > > What these people are not realizing is that this business model is simply > no longer compatible with the way that the Internet is right now. This > kind of a setup - open relaying for everyone - might've been > acceptable and > the norm some time ago, but these days, it no longer is. They > can't expect > to enforce their own business model onto the rest of the Internet, they > must somehow fit their business model within the established > guidelines and > requirements, that's it. There are many technical solutions > available that > will allow his customers to authenticate themselves, and he should simply > choose the best one for his situation. >
SSL
Has anybody managed to get an SSL wrapper around Qmail-SMTP and POP-3D?? If so let me know. Joe
RE: Three solutions for spam
Dude, I don't normally chime in on flame wars, especially one's that have no place being on a qmail mailing list, but if they are that bad, get some capital investment and put them out of buisness. I started an ISP years ago, and it bombed miserably, mainly because at the time I was the only one who had some clue what was going on in our company, and I tons more know how than before. Sounds like you could put them out of buisness in no time. Incidentally, blocking dialup IP's is a BAD idea, the best way to stop SPAM relay is to do tarpitting. Here is a very simple and comical interaction between a spammer using a dialup and any relay out there: Server: Hi I am an SMTP server Client: How ya doing my name is spam Server: ok spam go ahead and send whatever you want through me Client: ok here comes message 1 Server: ok Client: Message 2 Server: ok. Many messages later Server thinking to itself: Hmmm...It is very odd that this client should be sending this many copies of one mail to all these different people, I am at a hundred already, let's start puting in a 5 second pause between accepting them. Client: message 100 Server: Oh wait hold on a sec *twiddle*...3...2...1... Ok I am ready Client: Message 101 Server: Oh wait hold on a sec Server thinking to itself: MUHAHAHA if this guy is a real spammer and has 100,000 emails like a typical spammer it should take him 5.78125 days MUHAHAHA!!! Hey it's a monday! >:) Joe > -Original Message- > From: Sam [mailto:[EMAIL PROTECTED]] > Sent: Monday, February 01, 1999 4:45 PM > Cc: [EMAIL PROTECTED] > Subject: Re: Three solutions for spam > > > Dave Sill writes: > > > "Racer X" <[EMAIL PROTECTED]> wrote: > > > > > >Actually, his real problem is that he continues to patronize an ISP who > > >doesn't provide him with adequate services. The ISP is not at fault > > >here. > > > > ISP's don't grow on trees, at least outside of U.S. metropolitan > > areas. > > Well, that sucks then. > > > It's easy for you to say "use a different ISP", but not so easy for > > some of us to take that advice. Care to cover my long distance charges > > so I can switch? > > There's an old proverb, that goes something like this: > > "Life stinks." > > I think it was even a movie, once (a rather bad one, as I recall). You > have no civil or any kind of a right to high quality Internet access, and > if the only thing that's available to you is some substandard setup like > that, well, you'll just have to wait until your choices improve. >
RE: two questions about set-up
Hmmm Maybe I can play with it and turn it into a real tarpit, I am rather rough when it comes to C programing, let me take a look when I get it. Also what do you mean by hosts.allow, I have come up to speed on qmail pretty quickly, but I don't remember any mention of hosts.allow > -Original Message- > From: John R Levine [mailto:[EMAIL PROTECTED]] > Sent: Thursday, January 28, 1999 4:51 PM > To: Russell Nelson > Cc: [EMAIL PROTECTED] > Subject: Re: two questions about set-up > > > > > Question two. Can someone suggest a way that I can get qmail to do > > > tarpitting, or at least point me to a good wrapper to do tarpitting?? > > > > John Levine has such a thing. He's deep in the throes of finishing a > > book, and I don't know if he kibos, so I'll CC: him just to get his > > attention. > > I have a small patch that sticks sleeps in front of each read call in > qmail-smtpd. It's not a real tarpit, but it does slow spammers down. > > It's controlled by a TARPIT environment variable that I set in > hosts.allow. Will package it up and send it along. > > Regards, > John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet > for Dummies", > Information Superhighwayman wanna-be, http://iecc.com/johnl, > Sewer Commissioner > Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E > 9E A6 36 A3 47 >
RE: Multiple outgoing messages
Hey some of us youngins weren't around for the low bandwidth (modem) email days, which is what UUCP was created for. I couldn't even begin to tell you how to set up UUCP it my life depended on it. >:) The funny part about this is that I am old enough to remeber a pre-web Internet. Anyway he is correct that is the best way to do it. Unfortunately qmail won't do that, only one I know of is the beast, Sendmail. > -Original Message- > From: cap [mailto:[EMAIL PROTECTED]] > Sent: Thursday, January 28, 1999 4:46 PM > To: [EMAIL PROTECTED] > Subject: Re: Multiple outgoing messages > > > > > > Mark Carpenter writes: > > > Thanks. I was affraid of that. Drat! I finally got > everything working > > > together, too. Any suggestions for a package that would be good in > > > this situation. The boss isn't going to let that fly. > > > > Well, if bandwidth is really at a premium at your site, you should > > consider compressing your outgoing email. In principle, it's possible > > to write a program which collates messages out of a maildir (after > > it's been put there by a wildcard smtproute delivering into the > > maildir), compresses them, uploads them to your server, decompresses > > them, and mails them, but I don't know of any. Unfortunately the > > matching code to compress incoming mail before downloading it also > > doesn't exist. > > > That would be uucp. > > Batched mail with compression on both ends. Remember we have a lot more > bandwidth than we used to and uucp was made for that(low bandwidh) > situation. >
FW: Multiple outgoing messages
Please don't use postfix, as if I remember correctly it is not OSS in the sense that anytime IBM feels like it they can tell you to buy it or stop using it.in other words they let everybody on the internet help add little tidbits to it then they can say to you...well pay for this or stop using itNOW! Not a good thing > -Original Message- > From: Mark Carpenter [mailto:[EMAIL PROTECTED]] > Sent: Thursday, January 28, 1999 4:30 PM > To: [EMAIL PROTECTED] > Subject: Re: Multiple outgoing messages > > > > [EMAIL PROTECTED] wrote: > > > > > >Thanks. I was affraid of that. Drat! I finally got everything working > > >together, too. Any suggestions for a package that would be good in > > >this situation. The boss isn't going to let that fly. > > > > If qmail doesn't fit, try Postfix. It's still beta, though. See > > www.postfix.org. > > > > (See Wietse, I'm not a mindless qmail fan. :-) > > > > -Dave > > > > Will Postfix allow me to send a single message with multiple > recipients to my ISP via SMTP and have them handle the delivery? > > Thanks, > Mark >
RE: two questions about set-up
What has this got to do with this subject thread?? Please create you own subject thread so as not to confuse the others. Joe > -Original Message- > From: Scott D. Yelich [mailto:[EMAIL PROTECTED]] > Sent: Thursday, January 28, 1999 4:32 PM > To: Joe Garcia > Cc: qmail-general > Subject: RE: two questions about set-up > > > > Is the list slow today? > > I have a system where qmail-popup has been working fine... > > inetd sez: > pop3 stream tcp nowait root /usr/sbin/tcpd /var/qmail/bin/qmail-popup > qmail-popup spy.org /bin/checkpassword /var/qmail/bin/qmail-pop3d > Maildir > > Now whenever I try to use pop, even with an account with a password that > has been verified with FTP, I receive: > > -ERR authorization failed > > > *sigh* Is there any way to debug this without resorting to guessing > at what might have changed or what might be confusing qmail? > > Scott >
RE: two questions about set-up
> > Question two. Can someone suggest a way that I can get qmail to do > > tarpitting, or at least point me to a good wrapper to do tarpitting?? > > What's tarpitting? Tarpitting is when a spammer tries to send a bunch, say 100,000, of mail messages through your server. When that spammer reaches N messages sent, the MTA starts to put in X number of seconds pause before it will accept the next one for processing. For example, a spammer hits me with 100,000 mail messages when he reaches the 100th message I start putting in a 5 second pause between accepting messages. This means that it would take him 5.78125 days to send all 100,000. Very effective at making him pay for sending spam through you. This combined with pop before smtp pretty much locks out spammers from your site while still allowing clients who are spread out through the internet to use it. Joe
When the book coming out Russell??
What is the ETA of the book nowadays Russell??
two questions about set-up
Question one. If I set up ~/control/me to read foo.bar for all servers in a multi-server environment (more that one host doing relay for a domain) is it possible to screw up the message id, or should I not use ~/control/me and set up idhost, domainhost, etc. individually?? Question two. Can someone suggest a way that I can get qmail to do tarpitting, or at least point me to a good wrapper to do tarpitting?? Joe
message size
How do I limit the size of messages going outbound and/or inbound? Joe
limiting the size of outbound mail
How would I limit the size of email that a user can send out through qmail. I don't want my users send out their favorite pictures to their buddies over email. Joe
RE: Some performance numbers
*Snip* > > Since you already have a Netapp, mount the same mailstore volume from both > of your servers, and then load-balance the incoming mail between the two. > Storing mail in a Maildir over NFS is perfectly safe, and you > don't need to > bother with LDAP. > How do the two machines know that the incoming mail is a local user without a central database to look them up in?? Even if I don't use LDAP I would have to use NIS, NIS+ or some sort of replicated database. Joe
RE: Some performance numbers
> -Original Message- > From: Joe Garcia [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, January 13, 1999 2:35 PM > To: qmail-general > Subject: RE: Some performance numbers > > > Maybe I should state this with more detail. We are looking to use several > qmail servers for incoming mail and several for outgoing, this is > mainly for > redundency. The inbound servers are all hooked up to a nice > NetApp 720 via > NFS. When a connection to an SMTP port is requested from the > outside world, > the firewall sends that request to one of the incoming machines. It knows Opps the "It" above refers to Qmail server that recieves the mail > where to put it cause it talks to the local LDAP server on that Opps again the first "it" refers to the mail message > machine. I > know that the LDAP server is the slowest part here, but does this > seem like > a viable and fast configuration or have I just been starring at > the monitor > for too long again. > > Joe > > > -Original Message- > > From: Joe Garcia [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, January 13, 1999 11:54 AM > > To: qmail-general > > Subject: Some performance numbers > > > > > > Is there any place that I can get some performance numbers > > besides what Dan > > has. My boss says that these are probably very subjective. > > > > > > Joe > > >
RE: Some performance numbers
Maybe I should state this with more detail. We are looking to use several qmail servers for incoming mail and several for outgoing, this is mainly for redundency. The inbound servers are all hooked up to a nice NetApp 720 via NFS. When a connection to an SMTP port is requested from the outside world, the firewall sends that request to one of the incoming machines. It knows where to put it cause it talks to the local LDAP server on that machine. I know that the LDAP server is the slowest part here, but does this seem like a viable and fast configuration or have I just been starring at the monitor for too long again. Joe > -Original Message- > From: Joe Garcia [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, January 13, 1999 11:54 AM > To: qmail-general > Subject: Some performance numbers > > > Is there any place that I can get some performance numbers > besides what Dan > has. My boss says that these are probably very subjective. > > > Joe >
Some performance numbers
Is there any place that I can get some performance numbers besides what Dan has. My boss says that these are probably very subjective. Joe
Flat users file
This is just another newbie question. I have qmail set up so that the mail users are only mail users not real system users, they get their mail via pop. Only problem I have with this is that they are stored in flat files, and lookups can get very slow once you start getting alot of users. Is there something out there that allows for a db lookup?? Joe