Nessus scan results
I got these from Nessus ... a scan of email.careercast.com, running Qmail 1.03. I have to believe they are all non-issues because I saw several threads relating to the way Qmail hadles pipes, but perhaps somebody out there can confirm them all as false alarms. The last ones are probably the ones that are the most worrysome out of all of them. From Nessus: The remote SMTP server did not complain when issued the command : MAIL FROM: root@this_host RCPT TO: |testing This probably means that it is possible to send mail directly to programs, which is a serious threat, since this allows anyone to execute arbitrary command on this host. NOTE : ** This security hole might be a false positive, since some MTAs will not complain to this test, and instead will just drop the message silently ** Solution : upgrade your MTA or change it. Risk factor : High CVE : CAN-1999-0163 . Vulnerability found on port smtp (25/tcp) : The remote SMTP server did not complain when issued the command : MAIL FROM: root@this_host RCPT TO: /tmp/nessus_test This probably means that it is possible to send mail directly to files, which is a serious threat, since this allows anyone to overwrite any file on the remote server. NOTE : ** This security hole might be a false positive, since some MTAs will not complain to this test and will just drop the message silently. Check for the presence of file 'nessus_test' in /tmp ! ** Solution : upgrade your MTA or change it. Risk factor : High CVE : CVE-1999-0096 . Vulnerability found on port smtp (25/tcp) : The remote SMTP server did not complain when issued the command : MAIL FROM: |testing This probably means that it is possible to send mail that will be bounced to a program, which is a serious threat, since this allows anyone to execute arbitrary command on this host. NOTE : ** This security hole might be a false positive, since some MTAs will not complain to this test, but instead just drop the message silently ** Solution : upgrade your MTA or change it. Risk factor : High CVE : CAN-1999-0203 . Vulnerability found on port smtp (25/tcp) : There is a buffer overflow when this MTA is issued the 'HELO' command issued by a too long argument. This problem may allow an attacker to execute arbitrary code on this computer, or to disable your ability to send or receive emails. Solution : contact your vendor for a patch. Risk factor : High CVE : CAN-1999-0284 . Vulnerability found on port smtp (25/tcp) : It was possible to perform a denial of service against the remote Interscan SMTP server by sending it a special long HELO command. This problem allows a cracker to prevent your Interscan SMTP server from handling requests. Solution : contact your vendor for a patch. Risk factor : Serious . Vulnerability found on port smtp (25/tcp) : There is a buffer overflow when this MTA is issued the 'HELO' command issued by a too long argument (12,000 chars) This problem may allow an attacker to execute arbitrary code on this computer, or to disable your ability to send or receive emails. Solution : contact your vendor for a patch. Risk factor : High CVE : CAN-2000-0042 . Vulnerability found on port smtp (25/tcp) : There seem to be a buffer overflow in the remote SMTP server when the server is issued a too long argument to the 'MAIL FROM' command, like : MAIL FROM: AAA[...][EMAIL PROTECTED] Where AAA[...]AAA contains more than 8000 'A's. This problem may allow a cracker to prevent this host to act as a mail host and may even allow him to execute arbitrary code on this sytem. Solution : Contact your vendor for a patch Risk factor : High . Warning found on port smtp (25/tcp) There is a problem in NTMail3, which allows anyone to use it as a mail relay, provided that the source adress is set to ''. This problem allows any spammer to use your mail server to spam the world, thus blacklisting your mailserver, and using your network resources. Risk factor : Medium. Solution : There are no solution provided by the author of NTMail, so you might want to change mail servers CVE : CAN-1999-0819 . Information found on port smtp (25/tcp)
RE: Large messages terminated with error?
I expect the reason I had no responce on this is that as I expected there was nothing wrong with our qmail server. Last night I found a bad hub which was causing packets to be lost at high(er) utilization levels. I think the email pushed it over the limit and perhaps it was sending some kind of bad packets out, thus taking out the T1 and resulting in the error message. Only time and more users coming in to work will really tell for sure, but things look pretty good now. Matt -Original Message- From: Matt Simonsen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 27, 2001 6:31 PM To: Qmail@List. Cr. Yp. To Subject: Large messages terminated with error? Hello all- Some background. I have a Qmail server running RedHat 7.0 version 1.03, along with courier-imap 1.2.3 (just the IMAP part) + vpopmail 4.9.8. It is off-site from our office, and for 130 days the whole email system has been flawless, even through the 3 times our office has changed IPs. Then we recently got a new data line in our office (sDSL to a local router that is connected to a T1) and problems began. Not necessairly the email server's fault, perhaps, but definately related. The only change is that I have changed is that I added our new domain to the tcp.smtp file and then ran tcprules /home/vpopmail/etc/tcp.smtp.cdb /home/vpopmail/etc/tcp.smtp.tmp /home/vpopmail/etc/tcp.smtp. Even without this, though, it sent mail fine since vpopmail does pop authentication. The tcp.smtp file looks like: 127.:allow,RELAYCLIENT= 64.156.209.:allow,RELAYCLIENT= Now for the problem: I cannot send a large (10 mb) message, the kicker is that when I do it also takes our office internet connection down for 30-90 seconds! The only symptoms I have been able to track down is that it appears to transfer at least most of message to the queue on the qmail server (as du -h shows me). Also, outlook 2000 gives an error message saying, TCP/IP connection was unexpectedly terminated by the server. Server responded: '354 go ahead' Account: zMatt @ Careercast.com', SMTP server 'email.careercast.com' Number 0x800ccc0f. Netscape The same time the error appears our data connection dies. We can't even ping the first router. Then it comes up after a short while... I have no idea what is happening here, I don't think our ISP does either. Any help would be greatly appreciated, please let me know if I can provide any more information. Thanks Matt
Large messages terminated with error?
Hello all- Some background. I have a Qmail server running RedHat 7.0 version 1.03, along with courier-imap 1.2.3 (just the IMAP part) + vpopmail 4.9.8. It is off-site from our office, and for 130 days the whole email system has been flawless, even through the 3 times our office has changed IPs. Then we recently got a new data line in our office (sDSL to a local router that is connected to a T1) and problems began. Not necessairly the email server's fault, perhaps, but definately related. The only change is that I have changed is that I added our new domain to the tcp.smtp file and then ran tcprules /home/vpopmail/etc/tcp.smtp.cdb /home/vpopmail/etc/tcp.smtp.tmp /home/vpopmail/etc/tcp.smtp. Even without this, though, it sent mail fine since vpopmail does pop authentication. The tcp.smtp file looks like: 127.:allow,RELAYCLIENT= 64.156.209.:allow,RELAYCLIENT= Now for the problem: I cannot send a large (10 mb) message, the kicker is that when I do it also takes our office internet connection down for 30-90 seconds! The only symptoms I have been able to track down is that it appears to transfer at least most of message to the queue on the qmail server (as du -h shows me). Also, outlook 2000 gives an error message saying, TCP/IP connection was unexpectedly terminated by the server. Server responded: '354 go ahead' Account: zMatt @ Careercast.com', SMTP server 'email.careercast.com' Number 0x800ccc0f. Netscape The same time the error appears our data connection dies. We can't even ping the first router. Then it comes up after a short while... I have no idea what is happening here, I don't think our ISP does either. Any help would be greatly appreciated, please let me know if I can provide any more information. Thanks Matt
RE: QMail and VPOPMAIL on RedHat 7.1
Start with Life With Qmail. -Original Message-From: Darcy Pierlot [mailto:[EMAIL PROTECTED]]Sent: Wednesday, June 20, 2001 2:30 PMTo: [EMAIL PROTECTED]Subject: QMail and VPOPMAIL on RedHat 7.1Importance: High I'm a complete newbie to qmail who is so sick of sendmail's limitations =that I'm looking for alternatives. I've heard a lot of good things about =qmail but i wonder whether someone can point me to a well documented set =of instructions for installing qmail on redhat 7.1 without having lots =of conflicts.I would especially like qmail for it's VPOPMAIL addon that allows =virutal hosting. I am in the webhosting industry and this would be a big =advantage.Can someone help me out with this? I'm also relatively new to linux so =it would be perfect if the documentation/instructions weren't too over =my head... I'm not a newbie bu I haven't done anything really with =programming or some of that crazy C-syntax :) Some day soon i hope!ThanksDarcy Pierlot
Qmail-Inject syntax
I would like to send a message from an account named admin, but with the name CareerCast in the sender field instead of just [EMAIL PROTECTED] It is possible that my terminology here is slightly off, but I hope what I want to do is somewhat clear. I read in the man page that I could set the variables QMAILNAME and QMAILUSER as below, but it doesn't seem to be working when I send test messages to myself. They still say [EMAIL PROTECTED] Any tips? Thanks! Matt Here's my command sequence-- [admin@email admin]$ QMAILUSER=CareerCast [admin@email admin]$ QMAILNAME=CareerCast [admin@email admin]$ echo test | mail [EMAIL PROTECTED] [admin@email admin]$ echo test | /var/qmail/bin/qmail-inject [EMAIL PROTECTED]
Forward copy of message
I need to forward a copy of every message sent to me for the next couple weeks. If I have a .qmail file with: [EMAIL PROTECTED] [EMAIL PROTECTED] #(the account it is sent to...) I don't think it will actually keep a copy for [EMAIL PROTECTED] while forwarding one to [EMAIL PROTECTED] but from the dot-qmail man page I can't figure out what to do. Thanks for any help you can provide. Matt
RE: Case in email address
I always thought that qmail converted the user part of an incoming email to lowercase and then handled it appropriately. Based on other emails, it seems clear that the RFC standard is to preserve case for the user part of the email address. Qmail does this from what I can tell, as far as how delivery locally goes it also appears to me that case is ignored as the RFC recommends. Is there a way to bypass this (not that I will, I just am curious) to have [EMAIL PROTECTED] and [EMAIL PROTECTED] be delivered separately? And is the below process correct? I hope I am not asking questions that people feel are not appropriate for this list- please let me know if so and I will stop this thread. Thanks Matt
RE: Case in email address
There was a statement made that Qmail converts an email to lower-case, but judging by the fact that Qmail can handle those seperately I am guessing this is incorrect. -Original Message- From: Charles Cazabon [mailto:[EMAIL PROTECTED]] Sent: Friday, May 11, 2001 12:32 PM To: Qmail@List. Cr. Yp. To Subject: Re: Case in email address Matt Simonsen [EMAIL PROTECTED] wrote: Is there a way to bypass this (not that I will, I just am curious) to have [EMAIL PROTECTED] and [EMAIL PROTECTED] be delivered separately? Yes, the qmail-users mechanism can be used to do this. And is the below process correct? There was nothing relevant below this in your message; what process? Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Case in email address
How does Qmail deal with case in an email address? From Outlook at least, case does not appear to matter, for example, [EMAIL PROTECTED] and [EMAIL PROTECTED] both deliver to me. Also, what is the official RFC standard for case in an email address. I read in section 3.4.7 of RFC 822 that at least for the from field it does not matter. I have a bet that it doesn't matter I have been told that so many times I have taken it as truth, but have a co-worker who is sure Sendmail is case sensitive. Thanks Matt
RE: Case in email address
For additional information, I have read the man page for addresses. *SLAP* I should have done this first, sorry. It says that case does matter in Qmail (as most of you know probably), yet when I pipe mail to [EMAIL PROTECTED] and [EMAIL PROTECTED] both get delivered to my real account, [EMAIL PROTECTED] What am I missing? By default is case sensitivity disabled for interoperability? I get the impression that case does matter, yet I can't get it to fail. Thanks- Matt -Original Message- From: Matt Simonsen [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 10, 2001 3:14 PM To: Qmail@List. Cr. Yp. To Subject: Case in email address How does Qmail deal with case in an email address? From Outlook at least, case does not appear to matter, for example, [EMAIL PROTECTED] and [EMAIL PROTECTED] both deliver to me. Also, what is the official RFC standard for case in an email address. I read in section 3.4.7 of RFC 822 that at least for the from field it does not matter. I have a bet that it doesn't matter I have been told that so many times I have taken it as truth, but have a co-worker who is sure Sendmail is case sensitive. Thanks Matt
Error 550 message rejected
From what I can tell this message was rejected by the lhh.com server, perhaps an email gateway which was not setup correctly? Can anybody help me translate what this means? Is there anything I can do to fix it from my end? My guess is I just need to talk to their IT group (which is not available right now)- thanks, I just need to be sure I am doing everything I can and that when I talk to them I have enough information. Thanks Matt Simonsen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 05, 2001 3:50 PM To: [EMAIL PROTECTED] Subject: failure notice Hi. This is the qmail-send program at email.careercast.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. [EMAIL PROTECTED]: 207.195.180.22 does not like recipient. Remote host said: 550 Mail relay not allowed at this server Giving up on 207.195.180.22. --- Below this line is a copy of the message. Return-Path: [EMAIL PROTECTED] Received: (qmail 21519 invoked from network); 5 Apr 2001 22:49:54 - Received: from unknown (HELO careercast8) (64.47.230.227) by email.careercast.com with SMTP; 5 Apr 2001 22:49:54 - From: "MIKE CAVALLO" [EMAIL PROTECTED] To: "'David Estrada'" [EMAIL PROTECTED] Subject: RE: Fleet and CareerCast Date: Thu, 5 Apr 2001 15:43:52 -0700 Message-ID: 003d01c0be21$e3ef8fa0$e3e62f40@careercast8 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 In-Reply-To: For some reason your mail service bounced this. Mike Cavallo EVP CareerCast 5963 La Place Court, Suite 309 Carlsbad, CA 92008 760-602-9502 ext. 16 Fax 760-602-9260
Symbolic link to datemail?
First, the problem: we need to send email from our Qmail server using
standard time instead of GMT.
I found a solution to this problem from Dave Sill saying to use datemail...
He says that, "Some people even replace qmail-inject with a symbolic link to
datemail" This is the solution we really need, that is, one where we can
continue to use the qmail-inject command. At this point I have tried both a
symbolic link and actually copying datemail to qmail-inject, but we continue
to get the error message:
[root@wrapguy bin]# /var/qmail/bin/qmail-inject
sendmail: illegal option -- H
sendmail: usage: sendmail [ -t ] [ -fsender ] [ -Fname ] [ -bp ] [ -bs ] [
arg ... ]
My datemail file contains:
#!/bin/sh
# WARNING: This file was auto-generated. Do not edit!
exec /var/qmail/bin/predate /var/qmail/bin/sendmail ${1+"$@"}
Any help would be greatly appreciated.
Thanks
Matt Simonsen
RE: Symbolic link to datemail?
Unfortunately, there is no MUA since qmail-inject is being called from various scripts. Here's the output you requested, Charles. [root@wrapguy bin]# ls -l | grep qmail-inject lrwxrwxrwx1 root qmail 8 Mar 26 10:48 qmail-inject - datemail -rwxr-xr-x1 root qmail 34748 Mar 19 10:44 qmail-inject.orig And the problem again... [root@wrapguy bin]# ./datemail sendmail: illegal option -- a sendmail: usage: sendmail [ -t ] [ -fsender ] [ -Fname ] [ -bp ] [ -bs ] [ arg ... ] And one more potentially useful ls is: [root@wrapguy bin]# ls -l | grep datemail -rwxr-xr-x1 root qmail 126 Mar 19 10:44 datemail lrwxrwxrwx1 root qmail 8 Mar 26 10:48 qmail-inject - datemail Thanks for all the help! I really am stumpted on this one. Matt -Original Message- From: Charles Cazabon [mailto:[EMAIL PROTECTED]] Sent: Monday, March 26, 2001 10:41 AM To: [EMAIL PROTECTED] Subject: Re: Symbolic link to datemail? Matt Simonsen [EMAIL PROTECTED] wrote: First, the problem: we need to send email from our Qmail server using standard time instead of GMT. The right solution is to have your MUA (or your users' MUAs) insert a Date: header before passing the mail on to qmail. qmail will then leave it alone, and it will be in whatever timezone you want. However... I found a solution to this problem from Dave Sill saying to use datemail... He says that, "Some people even replace qmail-inject with a symbolic link to datemail" This is the solution we really need, that is, one where we can continue to use the qmail-inject command. At this point I have tried both a symbolic link and actually copying datemail to qmail-inject, but we continue to get the error message: [root@wrapguy bin]# /var/qmail/bin/qmail-inject sendmail: illegal option -- H sendmail: usage: sendmail [ -t ] [ -fsender ] [ -Fname ] [ -bp ] [ -bs ] [ arg ... ] A sendmail error when calling qmail-inject? Something is screwy. What does `ls -l /var/qmail/bin/qmail-inject` output? It looks like your qmail-inject is a symlink to either the qmail sendmail wrapper, or a real sendmail binary (can't recall enough about the error messages each gives to determine which). Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
RE: Symbolic link to datemail?
Yeah, my script is the one with the added comment -Original Message- From: Ricardo Cerqueira [mailto:[EMAIL PROTECTED]] Sent: Monday, March 26, 2001 11:18 AM To: [EMAIL PROTECTED] Subject: Re: Symbolic link to datemail? On Mon, Mar 26, 2001 at 01:00:15PM -0600, Charles Cazabon wrote: Matt Simonsen [EMAIL PROTECTED] wrote: Yes, this seems funny. Datemail here is a 67-byte Bourne shell script: Actually... I'm running a pristine qmail 1.03 on this machine... datemail is a 126 byte bash script, using /var/qmail/bin/sendmail instead of /usr/bin/sendmail. Considering the size, I'd say his script is exactly the same.
RE: Symbolic link to datemail?
Strange... Try running this by hand:
"/var/qmail/bin/predate /var/qmail/bin/sendmail"
What do you get? The same error? The above line is what datemail does.
Here it is:
[root@wrapguy bin]# /var/qmail/bin/predate /var/qmail/bin/sendmail -t
To: [EMAIL PROTECTED]
Subject: testing
test from wrapguy...
And it worked perfectly while qmail-inject was the standard file. It gave
the below error as soon as I replaced qmail-inject with datemail.
So, to reiterate, here's the problem. When I run the datemail script it
works perfectly, too. But when I add a symbolic link or replace the file
qmail-inject with datemail I get an error. Here's a series of commands that
should clearly show what I mean:
[root@wrapguy bin]# cp datemail qmail-inject
cp: overwrite `qmail-inject'? y
[root@wrapguy bin]# ./qmail-inject
sendmail: illegal option -- a
sendmail: usage: sendmail [ -t ] [ -fsender ] [ -Fname ] [ -bp ] [ -bs ] [
arg ... ]
[root@wrapguy bin]# ls -l | grep qmail-inject
-rwxr-xr-x1 root root 72 Mar 26 11:35 qmail-inject
-rwxr-xr-x1 root root34748 Mar 26 11:22 qmail-inject.orig
[root@wrapguy bin]# cat qmail-inject
#!/bin/sh
exec /var/qmail/bin/predate /var/qmail/bin/sendmail ${1+"$@"}
[root@wrapguy bin]# ./qmail-inject
sendmail: illegal option -- a
sendmail: usage: sendmail [ -t ] [ -fsender ] [ -Fname ] [ -bp ] [ -bs ] [
arg ... ]
Thanks for the help, all-
Matt
RE: Symbolic link to datemail?
After my previous emails, I think it's safe to assume that #1 has been
answered... I believe my datemail script is OK.
As to #2, my symbolic links all point correctly to qmail-inject...
[root@wrapguy bin]# ls -l /usr/lib/sendmail
lrwxrwxrwx1 root root 23 Mar 19 11:12 /usr/lib/sendmail -
/var/qmail/bin/sendmail
[root@wrapguy bin]# ls -l /usr/sbin/sendmail
lrwxrwxrwx1 root root 23 Mar 19 11:12
/usr/sbin/sendmail - /var/qmail/bin/sendmail
I *really* wish that were the problem
-Original Message-
From: Charles Cazabon [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 26, 2001 11:00 AM
To: [EMAIL PROTECTED]
Subject: Re: Symbolic link to datemail?
Matt Simonsen [EMAIL PROTECTED] wrote:
Unfortunately, there is no MUA since qmail-inject is being called from
various scripts. Here's the output you requested, Charles.
[root@wrapguy bin]# ls -l | grep qmail-inject
lrwxrwxrwx1 root qmail 8 Mar 26 10:48 qmail-inject -
datemail
-rwxr-xr-x1 root qmail 34748 Mar 19 10:44 qmail-inject.orig
Okay, this looks alright.
[...]
And one more potentially useful ls is:
[root@wrapguy bin]# ls -l | grep datemail
-rwxr-xr-x1 root qmail 126 Mar 19 10:44 datemail
lrwxrwxrwx1 root qmail 8 Mar 26 10:48 qmail-inject -
datemail
Yes, this seems funny. Datemail here is a 67-byte Bourne shell script:
#!/bin/sh
exec /var/qmail/bin/predate /usr/sbin/sendmail ${1+"$@"}
My questions:
1) What are the contents of your datemail? It's got to be more than here.
2) How much do you want to bet that /usr/sbin/sendmail on your system
is not the qmail sendmail wrapper, but a real sendmail binary? That's
almost certainly the problem here, and would account for the sendmail
error messages you're seeing. If this is the problem, you need to remove
the sendmail binary (or rename it) and replace it with a link to
/var/qmail/bin/sendmail .
Charles
--
---
Charles Cazabon[EMAIL PROTECTED]
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
---
RE: Symbolic link to datemail?
Are you sure? Is this wrong?
http://www.faqts.com/knowledge_base/view.phtml/aid/1167/fid/208
As an aside, on my system /var/qmail/bin/sendmail is not a shell script as
your first sentence seems to imply but a seperate program... I don't know if
this has anything to do with my problems.
-Original Message-
From: Timothy Mayo [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 26, 2001 11:51 AM
To: [EMAIL PROTECTED]
Subject: Re: Symbolic link to datemail?
You cannot replace qmail-inject with a symlink to datemail. datemail uses
/var/qmail/bin/sendmail which simply calls qmail-inject.
Change your original scripts to call datemail directly.
On Mon, Mar 26, 2001 at 11:43:50AM -0800, Matt Simonsen wrote:
Strange... Try running this by hand:
"/var/qmail/bin/predate /var/qmail/bin/sendmail"
What do you get? The same error? The above line is what datemail does.
Here it is:
[root@wrapguy bin]# /var/qmail/bin/predate /var/qmail/bin/sendmail -t
To: [EMAIL PROTECTED]
Subject: testing
test from wrapguy...
And it worked perfectly while qmail-inject was the standard file. It gave
the below error as soon as I replaced qmail-inject with datemail.
So, to reiterate, here's the problem. When I run the datemail script it
works perfectly, too. But when I add a symbolic link or replace the file
qmail-inject with datemail I get an error. Here's a series of commands
that
should clearly show what I mean:
[root@wrapguy bin]# cp datemail qmail-inject
cp: overwrite `qmail-inject'? y
[root@wrapguy bin]# ./qmail-inject
sendmail: illegal option -- a
sendmail: usage: sendmail [ -t ] [ -fsender ] [ -Fname ] [ -bp ] [ -bs ] [
arg ... ]
[root@wrapguy bin]# ls -l | grep qmail-inject
-rwxr-xr-x1 root root 72 Mar 26 11:35 qmail-inject
-rwxr-xr-x1 root root34748 Mar 26 11:22 qmail-inject.orig
[root@wrapguy bin]# cat qmail-inject
#!/bin/sh
exec /var/qmail/bin/predate /var/qmail/bin/sendmail ${1+"$@"}
[root@wrapguy bin]# ./qmail-inject
sendmail: illegal option -- a
sendmail: usage: sendmail [ -t ] [ -fsender ] [ -Fname ] [ -bp ] [ -bs ] [
arg ... ]
Thanks for the help, all-
Matt
--
-
Timothy L. Mayo mailto:[EMAIL PROTECTED]
Senior System Administrator
The National Business Network Inc.
localconnect(sm)
http://www.localconnect.net/
The National Business Network Inc. http://www.nb.net/
One Monroeville Center, Suite 850
Monroeville, PA 15146
(412) 810- Phone
(412) 810-8886 Fax
Qmail users
I used the generic life with qmail install on RedHat Linux. When using the default Linux script it setup the qmail groups using /bin/bash. Should I change this to /bin/false so that they have no shell? In other words, would there be an advantage to doing this? By not assigning passwords to these accounts I assume that this is the end result anyway. Matt winmail.dat
Problems Authenticating with IMAP
Hello all: First, please let me know if I have not included enough information or am posting inappropriately. I belive I have followed the install instructions in each package and have researched thisproblem, but I just don't know enough about these packages to figure it out. I am running Qmail 1.03 using a RedHat 6.2 system. I have 2 virtual domains setup through the VPopMail add-on from Inter7, the server accepts new email for my recipitents and outgoing SMTP works. I then compiled Courier-Imap, it is using the default AUTHMODULES. It starts both the POP and IMAP server from my Qmail script perfectly, I don't see any errors (but perhaps I am not looking in the right place). What is the best way to go about figuring out where my problem is? I have checked the logs, the most helpful thing I could find is from the maillog which shows: Mar 2 01:53:46 eunomia imaplogin: Connection, ip=[:::24.177.136.195] Mar 2 01:53:53 eunomia imaplogin: LOGIN FAILED, ip=[:::24.177.136.195] Mar 2 01:54:01 eunomia imaplogin: LOGIN FAILED, ip=[:::24.177.136.195] Mar 2 01:54:01 eunomia imaplogin: LOGOUT, ip=[:::24.177.136.195] Any suggestions would be greatly appreciated, if you need any more info or details, let me know. Matt Simonsen
Qmail and MX Record change
Sorry this is long, I felt it was important for me to give all these details. We currently have our main mx record for careercast.com pointing to mail.careercast.com (216.39.101.230). This is our old sendmail server which is basically a redirect box which forwards messages to ISP accounts for each user based on the aliases file. I am now bringing email in house and have a Qmail server named email.careercast.com (216.39.101.233). For our beta testers I changed the forwarding address on mail.careercast.com from the ISP to point to their new account on email.careercast.com. It has worked perfectly. This server is running Qmail 1.03 with Vpopmail, the main domain is careercast.com, with a virtual domain for ftp.careercast.com and email.careercast.com so it will accept mail for those addresses, too. In preperation for maving our MX records over I have converted the aliases file from our main email server into .qmail files and placed those in the appropriate location on the new server. It is forwarding mail perfectly to the ISP for users who do not yet have real accounts when email is sent directly to email.careercast.com. Here's the question: I intend to have the MX record for careercast.com changed from mail.careercast.com to email.careercast.com. It seems pretty simple...I don't think users will notice anything different since this server is just a redirect box and either server will be able to forward email to the ISP. Thus, propigation seems like a non-issue. Is there anything else I should be thinking about in making this change? Is there anything to test how this transition will happen? I have tried sending mail to and from it, along with testing the .qmail-files and everything seems good. I have only been a sys admin for this company one month and this is a large project that I want to be sure goes smoothly. Thanks for you time Matt Simonsen
Re: Installation Help Qmail ezMLM
Inter7.com offers professional support, it sounds like that's what you need. Matt Robert OConnor wrote: Hello QMail folks, Is there anyone on the list that would be willing to help me with a qmail installation. My Sysop Bill and I are not familiar with qmail but from what I've read, It's what we need ! We have a RedHat 7.0 box set up already and accessable on the net and the Domain Name A MX pointers are set correctly. We have QMail partially installed but not working. Please send me an email if you can help me and I will call you, set up an account and you can log on to help get this installation up and running. Thank you. -Bob OConnor South China Maine USA
SMTP authentication
Is it possible/adviseable to run a Qmail server to authenticate all relay SMTP traffic so that we can leave the relay open but not allow spammers access? I have Qmail running with Courier IMAP server, my problem is that we have some users with laptops who travel and use different ISPs out of the office and would not be able to get email through out SMTP server. To ask them to change settings may be too much. I have thought of setting up 2 Outlook profiles for them with different outgoing mail servers, but I am hoping there is a way to allow their traffic through via a username and password combo. Thanks Matt
Postmaster alias setup
When testing the postmaster alias in step #7 of the testing man page, I do not know what "use end of file, not dot, to end the message" means. I am trying to send a message "with a completely bad packet" - I typed: /var/qmail/bin/qmail-inject -f nonexistant enter To: unknown enter Subject: testing enter blah enter From here I did a ctrl - c to exit because I was not sure how to proceed. Any help would be appreciated. Thanks Matt
Qmail setup, svscan glitch
All- I'm new to Qmail and installing it for the first time. I have a 'server' install RedHat 6.2 linux box. I have read everything I could find but have run into a glitch. I am installing exactly like the "Life with qmail" document says to and am at step 2.7. I went to test the build by following the instructions at http://cr.yp.to/daemontools/svscan.html#boot . Well, I added the line it said to to the end of my initab which looks like this: # # inittab This file describes how the INIT process should set up # the system in a certain run-level. # # Author: Miquel van Smoorenburg, [EMAIL PROTECTED] # Modified for RHS Linux by Marc Ewing and Donnie Barnes # # Default runlevel. The runlevels used by RHS are: # 0 - halt (Do NOT set initdefault to this) # 1 - Single user mode # 2 - Multiuser, without NFS (The same as 3, if you do not have networking) # 3 - Full multiuser mode # 4 - unused # 5 - X11 # 6 - reboot (Do NOT set initdefault to this) # id:3:initdefault: # System initialization. si::sysinit:/etc/rc.d/rc.sysinit l0:0:wait:/etc/rc.d/rc 0 l1:1:wait:/etc/rc.d/rc 1 l2:2:wait:/etc/rc.d/rc 2 l3:3:wait:/etc/rc.d/rc 3 l4:4:wait:/etc/rc.d/rc 4 l5:5:wait:/etc/rc.d/rc 5 l6:6:wait:/etc/rc.d/rc 6 # Things to run in every runlevel. ud::once:/sbin/update # Trap CTRL-ALT-DELETE ca::ctrlaltdel:/sbin/shutdown -t3 -r now # When our UPS tells us power has failed, assume we have a few minutes # of power left. Schedule a shutdown for 2 minutes from now. # This does, of course, assume you have powerd installed and your # UPS connected and working correctly. pf::powerfail:/sbin/shutdown -f -h +2 "Power Failure; System Shutting Down" # If power was restored before the shutdown kicked in, cancel it. pr:12345:powerokwait:/sbin/shutdown -c "Power Restored; Shutdown Cancelled" # Run gettys in standard runlevels 1:2345:respawn:/sbin/mingetty tty1 2:2345:respawn:/sbin/mingetty tty2 3:2345:respawn:/sbin/mingetty tty3 4:2345:respawn:/sbin/mingetty tty4 5:2345:respawn:/sbin/mingetty tty5 6:2345:respawn:/sbin/mingetty tty6 # Run xdm in runlevel 5 # xdm is now a separate service x:5:respawn:/etc/X11/prefdm -nodaemon #This is for svscan SV:123456:respawn:env - PATH=/usr/local/bin:/usr/sbin:/usr/bin:/bin svscan /servic e /dev/null /dev/console 2/dev/console When I do a "kill -HUP 1" then ps all I get is [root@skip daemontools-0.70]# ps PID TTY TIME CMD 10732 pts/100:00:00 su 10733 pts/100:00:00 bash 13992 pts/100:00:00 ps I am new to this, please help me if you can see what I did wrong. I followed the instructions precisesly so I'm not sure what went wrong. Or maybe it worked and I'm not seeing something... Thanks Matt
RE: Qmail setup, svscan glitch
You're right I'll cope "RTF Man page" to the whiteboard 20 times. Sorry. Matt -Original Message- From: Charles Cazabon [mailto:[EMAIL PROTECTED]] Sent: Friday, February 02, 2001 7:59 AM To: [EMAIL PROTECTED] Subject: Re: Qmail setup, svscan glitch Matt Simonsen [EMAIL PROTECTED] wrote: I'm new to Qmail and installing it for the first time. I have a 'server' install RedHat 6.2 linux box. [...] Well, I added the line it said to to the end of my initab which looks like this: [...] When I do a "kill -HUP 1" then ps all I get is [root@skip daemontools-0.70]# ps PID TTY TIME CMD 10732 pts/100:00:00 su 10733 pts/100:00:00 bash 13992 pts/100:00:00 ps Read the man page for ps. With no arguments, it will only show you processes owned by you. You probably need to do 'ps auxw' to get meaningful results here. This is more of a general Unix newbie question than anything specific to qmail. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
RE: SMTP Question
OK, I'm new here, but I'll reply anyway. Couldn't you use IPChains to filter incoming mail to you machine that says it is from 127.0.0.1? If this is not a good idea, why? -Original Message- From: Mark Delany [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 01, 2001 11:53 AM To: [EMAIL PROTECTED] Subject: Re: SMTP Question On Thu, Feb 01, 2001 at 02:46:22PM -0500, Chris McCoy wrote: I provide free hosting and have a large amount of users everyday. I only have relaying from 127.0.0.1 because of I send an email out for verification from my php signup script. I have this one issue. Someone was trying to send 1000's of emails from a script on the web making the machine thinking its 127.0.0.1 localhost. the only reason i have the 127.0.0.1 for relay is because of sending out that email for verification. other than that i dont need relay. how can i fix this problem so people cant send mail from our server on our web page? any help is greatful. (this is a freebsd machine) thanks. Why not change your php script to submit the email via the qmail-inject command rather than SMTP? Then you can turn off you 127.0.0.1 listener. It's obscurity, but another alternative is put your listener on 127.0.0.2 and create an alias on your loopback interface. Regards.
RE: SMTP Question
I took this message to mean that the script was a hacker located just "on the web" trying to relay with a spoffed IP address, not a user on his own box. If it were the latter I'd certainly start by giving the user the boot... which is it, though? I'm just curious... -Original Message- From: Greg White [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 01, 2001 12:24 PM To: [EMAIL PROTECTED] Subject: Re: SMTP Question On Thu, Feb 01, 2001 at 02:46:22PM -0500, Chris McCoy wrote: I provide free hosting and have a large amount of users everyday. I only have relaying from 127.0.0.1 because of I send an email out for verification from my php signup script. I have this one issue. Someone was trying to send 1000's of emails from a script on the web making the machine thinking its 127.0.0.1 localhost. the only reason i have the 127.0.0.1 for relay is because of sending out that email for verification. other than that i dont need relay. how can i fix this problem so people cant send mail from our server on our web page? any help is greatful. (this is a freebsd machine) thanks. -- Chris McCoy [EMAIL PROTECTED] So, if I understand this right, the mail is actually coming from localhost, because the spam is being generated by a script hosted on the mail machine, right? Ouch. My first inclincation would be to kick that user off my machine, immediately and without notice, and bar him from my network. Dirty spammer. Your AUP does not allow spam, right? Given that this may be difficult or impossible, I think that Mark Delany had the right idea -- use qmail-inject directly, and deny relay for localhost -- Greg White Those who make peaceful revolution impossible will make violent revolution inevitable. -- John F. Kennedy
