Re: what can be done about 'in order to have your advice...'

2001-07-25 Thread Jost Krieger 

On Tue, Jul 24, 2001 at 10:58:10AM -0400, [EMAIL PROTECTED] wrote:
> 
> Can anyone help me figure out a way to handle this recent virus?
> 
> It typically tags email in body:
>'...in order to have your advice...'
> 
> and sends random attachments .2 to 2Mb in size.
> 
> We're getting a lot of these already, and I'm worried
> that a flood will jam us up, amounting to a DOS.  At the very
> least, this is going to cost us a lot of bandwidth $$$.
> 
> Seems to me the only way to stop it is to scan the body before 
> the mail is accepted.  Yeech.  And as soon as we get variations on
> '...in order to have your advice...' it will be just about
> indistinguishable from normal email with attachments.

If it helps, I process the header with

^Content-Type:.*_Outlook_Express_message_boundary   virus   W32/Sircam-A-Virus

Now just find a place to put that (my implementation is not site-portable).

And no, it won't block real Outlook Express mails.

Jost
-- 
| [EMAIL PROTECTED]  Please help stamp out spam! |
| Postmaster, JAPH, resident answer machine  am RZ der RUB |
| Pluralitas non est ponenda sine necessitate  |
| William of Ockham (1285-1347/49) |

Re: High Volume....

2001-07-03 Thread Jost Krieger 

On Tue, Jul 03, 2001 at 09:11:33AM +0200, Peter van Dijk wrote:
> On Mon, Jul 02, 2001 at 11:37:03AM +0200, Xavier Pegenaute wrote:
> > Hi all..
> > 
> > i can try any prime number for hashing ..? ( is limited?)
> 
> You can try any number, but anything over 1/1000th of your queuesize
> is overkill.

I thought it would be better to take a number about the square root of the
top queue size, which minimizes search length on a classical file system.

For 23000 your on the order of 151, which happens to look prime.

Jost
-- 
| [EMAIL PROTECTED]  Please help stamp out spam! |
| Postmaster, JAPH, resident answer machine  am RZ der RUB |
| Pluralitas non est ponenda sine necessitate  |
| William of Ockham (1285-1347/49) |

Re: Why conf-split prime?

2001-06-22 Thread Jost Krieger 

On Thu, Jun 21, 2001 at 02:25:52PM -0400, Russell Nelson wrote:
>  > speed.  However, why should this number be prime, why not have 12 or 16
>  > directories?
> 
> Because it's a hash.  If your hash isn't prime, you fill your hash
> buckets unevenly.

I think we are spreading urban legends here.

AFAIK, the primality is for double hashing in conflict resolution.
Nothing of that kind is going on here.

Jost
-- 
| [EMAIL PROTECTED]  Please help stamp out spam! |
| Postmaster, JAPH, resident answer machine  am RZ der RUB |
| Pluralitas non est ponenda sine necessitate  |
| William of Ockham (1285-1347/49) |

Re: smtp auth failures

2001-06-20 Thread Jost Krieger 

On Tue, Jun 19, 2001 at 09:38:37PM +, Nick (Keith) Fish wrote:
> joc wrote:
> 
> >There it is. any wise thoughts here?
> > 
> > Thanks
> > John
> 
> Encourage your customers to use non-broken MUA.  Our company refuses to
> support anything other than Outlook Express, Netscape Messenger, and our
> own web-based e-mailing service.  You might try that: promoting a
> web-based e-mail service they can access FROM ANYWHERE IN THE WORLD!  That
> always makes them giddy. :-)

And which of these is the non-broken MUA?

SCNR

Jost
-- 
| [EMAIL PROTECTED]  Please help stamp out spam! |
| Postmaster, JAPH, resident answer machine  am RZ der RUB |
| Pluralitas non est ponenda sine necessitate  |
| William of Ockham (1285-1347/49) |

Bug? in qmail-inject: QMAILINJECT=f ruins resent mails

2001-05-03 Thread Jost . Krieger 

As old unix "MUA"s have the habit of providing a from line
of "[EMAIL PROTECTED]" and, even with new MUAs, user can't be
bothered to configure them correctly, we set up the following
environment variables in /etc/profile and such:

QMAILHOST
QMAILUSER
QMAILINJECT=f

This usually works nicely for the vintage MUAs, and doesn't
do anything bad with sensible MUAs like mutt or Gnus.

But: If you are resending a message to someone else with a sensible
MUA, it will add Resent-From: etc. headers.

Then qmail-inject goes ahead and removes the original From: header
(beacuse of QMAILINJECT=f) and looks if it must add a new Resent-From:
header (it doesn't need to) and the mail is sent without any From: header
at all.

So:

1. If you are using a sensible client, be smart enough to unset
   QMAILINJECT.
2. qmail-inject could be enhanced by making the process of removing
   and adding headers more symmetrical.
3. It could be termed a bug because qmail-inject shouldn't produce
   a non-RFC 2?822 message, with no regard to the setting of
   QMAILINJECT.

Jost
-- 
| [EMAIL PROTECTED]  Please help stamp out spam! |
| Postmaster, JAPH, resident answer machine  am RZ der RUB |
| Pluralitas non est ponenda sine necessitate  |
| William of Ockham (1285-1347/49) |

Re: Where is tai64nfrac

2001-04-17 Thread Jost . Krieger 

On Thu, Apr 12, 2001 at 04:17:47PM +0100, [EMAIL PROTECTED] wrote:
> For instance at:
> 
> http://sunsite.dk/qmail/tai64nfrac
> 
> or
> 
> http://qmail.sst.com.br/tai64nfrac
> 

AFAIK, (this version) of tai64nfrac is broken, because

   printf("%lu.%lu ", seconds, nanoseconds);

suppresses leading zeroes in the fractional part.

Jost
-- 
| [EMAIL PROTECTED]  Please help stamp out spam! |
| Postmaster, JAPH, resident answer machine  am RZ der RUB |
| Pluralitas non est ponenda sine necessitate  |
| William of Ockham (1285-1347/49) |

Re: double bounce policy

2000-09-26 Thread Jost Krieger 

On Sat, Sep 23, 2000 at 12:06:13AM +0300, Jos Okhuijsen wrote:

> What is your policy for double bounces? 
> Users come and go, and always seem to leave subscriptions open, and produce bounces. 
> Most of these bounces doublebounce. 
> Do you write to the postmaster of these domains? (Seems to have no effect. )
> Or just blacklist?  (and possible handicap other users?)
> Or just accept the fact that return-addresses usually don't work?

I check all double-bounces when I find time.

Spams are redirected to my spam-handling factory :-)
Postmasters not accepting bounces are LARTed.
Local users producing mail loops are educated.
Same for local users sending enormous mails.
Addressing problems are fixed.
The (small) rest is dropped.

Jost
-- 
| [EMAIL PROTECTED]  Please help stamp out spam! |
| Postmaster, JAPH, resident answer machine  am RZ der RUB |
| Pluralitas non est ponenda sine necessitate  |
| William of Ockham (1285-1347/49) |

Re: qmail syntax problem

2000-09-20 Thread Jost Krieger 

On Wed, Sep 20, 2000 at 12:39:31PM +0200, Magnus Bodin wrote:

> Show us your contents of 
> 
> /var/qmail/control/me
> 
> and (if it exists)
> 
> cat /var/qmail/control/helohost

And (wild guess) make sure there are no CRs in them like after transferring
from a windoze machine in binary mode.

Jost
-- 
| [EMAIL PROTECTED]  Please help stamp out spam! |
| Postmaster, JAPH, resident answer machine  am RZ der RUB |
| Pluralitas non est ponenda sine necessitate  |
| William of Ockham (1285-1347/49) |

Re: Questions...

2000-09-13 Thread Jost Krieger 

On Tue, Sep 12, 2000 at 04:32:52PM -0400, Michael T. Babcock wrote:

> For the sake of answering the original questionner w.r.t. reasoning, from
> RFC974 (which is standard 0014):
> 
>Note that the algorithm to delete irrelevant RRs breaks if LOCAL has
>a alias and the alias is listed in the MX records for REMOTE.  (E.g.
>REMOTE has an MX of ALIAS, where ALIAS has a CNAME of LOCAL).  This
>can be avoided if aliases are never used in the data section of MX
>RRs.
> 
> cf. http://www.faqs.org/rfcs/rfc974.html
> 
> This is the only mention of the non-use of CNAMEs in the mail standards.

Mail standards aren't the only standards. The origin of all this fuss
is probably RFC1034 (also part of STD 13):

3.6.2. Aliases and canonical names

...

CNAME RRs cause special action in DNS software.  When a name server
fails to find a desired RR in the resource set associated with the
domain name, it checks to see if the resource set consists of a CNAME
record with a matching class.  If so, the name server includes the CNAME
record in the response and restarts the query at the domain name
specified in the data field of the CNAME record.  The one exception to
this rule is that queries which match the CNAME type are not restarted.

For example, suppose a name server was processing a query with for USC-
ISIC.ARPA, asking for type A information, and had the following resource
records:

USC-ISIC.ARPA   IN  CNAME   C.ISI.EDU

C.ISI.EDU   IN  A   10.0.0.52

Both of these RRs would be returned in the response to the type A query,
while a type CNAME or * query should return just the CNAME.

Domain names in RRs which point at another name should always point at
the primary name and not the alias.  This avoids extra indirections in
accessing information.  For example, the address to name RR for the
above host should be:

52.0.0.10.IN-ADDR.ARPA  IN  PTR C.ISI.EDU

rather than pointing at USC-ISIC.ARPA.  Of course, by the robustness
principle, domain software should not fail when presented with CNAME
chains or loops; CNAME chains should be followed and CNAME loops
signalled as an error.

Jost
-- 
| [EMAIL PROTECTED]  Please help stamp out spam! |
| Postmaster, JAPH, resident answer machine  am RZ der RUB |
| Pluralitas non est ponenda sine necessitate  |
| William of Ockham (1285-1347/49) |

Re: Why qmail can not receive hotmail messages?

2000-09-07 Thread Jost Krieger 

On Thu, Sep 07, 2000 at 01:48:00AM -0400, Adam McKenna wrote:

> 2) It is *not* the frigging MX record.  That has nothing to do with it.  Any
> mailer that breaks when there is only an A record is a broken mailer.

And who says so? I'm sure every mailer SHOULD fall back to the A record,
but the RFCs don't demand it.

Jost
-- 
| [EMAIL PROTECTED]  Please help stamp out spam! |
| Postmaster, JAPH, resident answer machine  am RZ der RUB |
| Pluralitas non est ponenda sine necessitate  |
| William of Ockham (1285-1347/49) |

Re: Mail Protocol Issue: BCC only?

2000-08-30 Thread Jost Krieger 

On Wed, Aug 30, 2000 at 08:10:29AM -0400, Scott Sharkey wrote:

> I asked a few weeks ago about known issues with qmail not delivering
> BCC messages.

I don't think that there is such a problem *in general*.
Unfortunately, I don't have your previous message handy.

> After investigating further, the client is claiming 
> that the messages that are not delivered have ONLY a BCC (no to, no
> cc).  In a quick reading of RFC822, it appears that there is some
> ambiguity to the spec (surprise!)... a "destination" is required, 
> where destination is defined as a To:, CC: or Bcc:.  But, it also 
> says that the Bcc: can be put only on the author's copy, or on
> all Bcc recipients copies, but NOT on To: or CC: recipient copies
> of the message.  It's optional in the first two cases.

Your analysis is correct. The only part of qmail that handles this
is qmail-inject, and it handles this case correctly by always removing
the Bcc: header and inserting a dummy, but valid Cc: header if no
Addresses are left:

   if (!htypeseen[H_TO] && !htypeseen[H_CC])
 puts("Cc: recipient list not shown: ;\n");

The rest of qmail couldn't care less about the contents of
previous headers. qmail will happily deliver an incoming mail with no
headers at all. It will insert its own Received: headers, of course.

The only way I can think of that qmail may drop a Bcc: mail is the
following:

An external Bcc mail comes in without any destination headers and
is fed to some script that tries to reinsert the mail without giving
new destination addresses, but that would be nonsensical, I think.

> So, in theory, a message with a BCC only would have no To:, CC:,
> or Bcc: headers, at least in some cases.  Question is, is the
> message then a "legal" message, or would qmail just drop it since
> there is no "destination"?  I know Dan is a stickler for observing
> correct protocol (I agree with him), but I'm not sure if this is
> a bug or "expected behavior".

There's also the important point of "being liberal in what you accept".

Could you please (re-)provide some more details, maybe it is a MUA problem.

Jost
-- 
| [EMAIL PROTECTED]  Please help stamp out spam! |
| Postmaster, JAPH, resident answer machine  am RZ der RUB |
| Pluralitas non est ponenda sine necessitate  |
| William of Ockham (1285-1347/49) |

Re: SPAM From <> (was Re: Re: from: <> ???)

2000-08-22 Thread Jost Krieger 

On Mon, Aug 21, 2000 at 04:46:32PM -0700, Aaron L. Meehan wrote:

> Yes, well, in my experience the cons of blocking null senders far
> outweigh the pros.  The vast majority of spam is sent with forged
> addresses, or take-your-pick blasted free email provider addresses.
> I've been trying to convice once particular NT ISP here in Oregon of
> this fact for nearly three years.  
> 
> How they can allow their users to send lots of mail--to such places as
> AOL, any network for that matter that has external mail gateways that
> forward to internal hosts--and when it bounces NOT know about it is
> beyond me.  I think it must just be ignorance of how SMTP works.

I'm not sure if this is relevant here, but in my opinion every Postmaster
who intentionally refuses mail because of empty envelope senders should
get fired for incompetence.

Reason: This breaks one of the base concepts of Internet mail.
If you have configured your client correctly, and no disc crashes
come in the way, for every mail you send you either get an error or it
gets delivered (somewhere).

The empty envelope sender is prescribed for bounces (RFC 1123), and if
someone refuses such mails, he denies his users the information that
their mail has failed. Not to mention I find those thing in my double-
bounce folder (along with the spams). If I have time, I forward the mail
to the user and something unfriendly to the postmaster.

You can imagine what I think about MTA authors that even make this setting
the default.

Another mystery in this area is why some people think they must *relay*
these mails for everyone ...

The original question, however, was about
From: <>
in the header.

That, on the contrary, is illegal in RFC and a sure sign of spam.
Unfortunately, you only see it when you have taken the mail (in standard qmail).

Jost
-- 
| [EMAIL PROTECTED]  Please help stamp out spam! |
| Postmaster, JAPH, resident answer machine  am RZ der RUB |
| Pluralitas non est ponenda sine necessitate  |
| William of Ockham (1285-1347/49) |

(spam-) Tagging incoming mail (was: Pass on tcpserver environment variables to qmail-queue, possible?)

1999-03-01 Thread Jost Krieger 

> "Peter" == Peter van Dijk <[EMAIL PROTECTED]> writes:


 > How about something like FAQ 5.5?

Here there be dragons. (Also known as "Been there, done that").

For various reasons I can't reject spam on the incoming mailhost, but
I'd like to tag likely Mails with something like

X-Spam-Tag: type blacklist field From origin rzrub trigger 
[EMAIL PROTECTED] action complain issuer sunu450.rz.ruhr-uni-bochum.de

I jumped onto 5.5, put

:allow,RELAYCLIENT="@UCEcheck",DENYMAIL="DNSCHECK"

into my rules file, and was happy for an hour.

Then I noticed that I just had started relaying for everyone.
Why do you think the env var is named "RELAYCLIENT" ?

I plugged this in the script, but someone used me to do
relay-rejecting spam :-(

I now see only two possibilities:

1. Two instances of qmail.
2. A patch to qmail-smtpd, introducing NORELAYCLIENT.

Actually I did 2., but I still have to check the effects ...

Anybody got a better idea?

Jost
-- 
| [EMAIL PROTECTED]  Please help stamp out spam! |
| Postmaster, JAPH, resident answer machine  am RZ der RUB |
| non sunt multiplicanda entia praeter necessitatem|
| William of Ockham (1285-1347/49) |

Re: MAILHOST and envelope sender

1999-01-20 Thread Jost Krieger 

On Wed, Jan 20, 1999 at 05:41:06PM +0100, Harald Hanche-Olsen wrote:
 
> In other words, it basically runs
> 
>   /usr/lib/sendmail -oi -f USER -oem -edb -t
> 
> where USER is your login name.

Right, from the manpage of qmail-inject:

 -fsender
  Pass sender  to  qmail-queue  as  the  envelope  sender
  address.   This  overrides Return-Path and all environ-
  ment variables.

Jost
-- 
| [EMAIL PROTECTED]  Please help stamp out spam! |
| Postmaster, JAPH, resident answer machine  am RZ der RUB |
| non sunt multiplicanda entia praeter necessitatem|
| William of Ockham (1285-1347/49) |