RE: ip logging
>Unfortunately, qmail-smtpd logs nothing itself, and tcpserver only logs >connections and exit status of qmail-smtpd. There is therefore no surefire >way to correlate entries in the qmail-smtpd log and the qmail-send logs. >However, it is rarely critical -- qmail-analog can determine from the >qmail-send log alone which messages arrived over the network. Yeah, I agree. I was really mostly hoping to find that there was something qmailanalog-esque that could read the qmail-smtpd(tcpserver) log and rank/show IP connection info. >Various people have posted patches to qmail-smtpd to make it log more >information. You could also do it by writing a wrapper around qmail-queue >(used only by qmail-smtpd, not qmail-inject or forward, etc) which logs >various info. I have seen these as well, they are fine if you are viewing the logs manually, but I'm shooting for totals and averages. Like I said, I'm not opposed to writing a log parser to handle that log, but I'm kind of surprised that there isn't one already. Is erybody using header info currently to track down spammer machine IPs? I'd would prefer to be able to see which IP connected how many times and when myself... Thanks for the info Charles. Mike Culbertson
RE: Question MX ..cjk
> I want my emails to go to my both emails Servers.. for backup reasons > MX1 and MX2. You cannot accomplish this with your MX records. If you add two or more machines as MX records, with the same priority, they will be treated like round-robin DNS entries and mail will flow to both servers...back and forth between the two, not each mail going to both. That is generally best used when you have mail relays or a similar setup where mail does not reside on the machines listed in the MX records. If one has a higher priority (lower number), it will be preferenced by outside mail systems, and will receive the majority of the mail for your domain. No matter what you do, however, there is no DNS entry that will cause an outside machine to send a message to more than one server instead of just one. Best bet for you most likely is to set up some kind of auto-forward system where each machine will send a copy to the other whenever it receives a mail. This may be a little tricky to do, but I would imagine it is possible. Or even better, maybe just use cron to automatically tar up the maildirs, or some other backup strategy. Mike Culbertson
Re: smtp relay testing w/ abuse.net
>i install qmail follow the lifewithqmail direction >my server is running properly >how can i make my qmail server can accept all relay test until relay test 17 >what should i do with the configuration ? >is my server secure ? As far as I know, you cannot make qmail get all the way to test 17. However, it really does not matter, because also as far as I know, a properly configured qmail system will pass all the tests in reality. As Lars pointed out, qmail /appears/ to accept the mail, but in fact it would never be delivered. This I know for a fact, and it is the same with several tests after that, which I have done manually. Lastly...Is your server secure? I don't know. If you did a proper install of qmail, that component should be fine. I recommend you try the tests manually and see what you find. Good luck. Mike Culbertson
ip logging
This has been a modestly common subject, but after scouring the lists repeatedly, I have seen no complete answer. Actually getting the IPs logged is no problem...I am using the LWQ style multilog logging, getting info from tcpserver. The question I have yet to see answered is: What now? I have seen no discernable way to easily correlate the data found in the qmail-send logs and the tcpserver\qmail-smtpd logs. Is there a tool availble that I have missed? I wouldn't be opposed to writing one, but better to find out first. Thanks. Mike Culbertson
filtering by sender
I have a question that has as of yet remained unanswered. Is it possible to filter or forward mail based on envelope sender and/or sender IP. things I know: 1. I know you can block sender IPs with tcpserver, but that rejects the connection, I need to set up an auto-response. 2. I know I can use my own rbl database w/ rblsmtpd, once again, that returns error codes, I need to collect some of this bad mail 3. I have seen several anti-spam patches. see the stuff about error codes -^ 4. this would be modestly easy with procmail or similar, but all mail would have to be "delivered" to procmail for processing, then back to qmail for remote sending. I don't want the extra load, these are not large machines. 5. qmail offers about 9 million features for filtering by recipient, all I need is one or two to filter by sender to make this work. 6. these are relay machines (PRIVATE, spam bad, duh) recipients are not local, this is handled in the smtproutes control file. 7. I can't figure out how to use aliases to direct mail based on anything about the sender, though it may be painfully simple. things I need: 1. the ability to not just smtp reject this bad mail, (based primarily on envelope sender, but perhaps also sender IP), but to essentially process it and dump it to a dummy account with an autoresponder. 2. I DON'T NEED AN AUTORESPONDER, thanks anyway WHY: We had been the victim of spammer abuse of our mailserver until I got here, because the last admin left it wide open. OK, I fixed the relaying. Now, we are constantly bombarded with spam destined to numerous legitimate internal accounts. RBL you say? No, My company services ~75000 active end-users. There are literally thousands of domains that queries/support mails come from. Most of us know that often the server that the mail comes from is often not the originator of the mail itself. As a company, we simply cannot arbitrarily block a quantity of mail servers that may end up being the source of legitimate mails from our customers (our services are EXTREMELY time dependant, and a single mail can be "worth" quite a bit of money to a user). So, I am left needing a method to block mail, but still offer an immediate, very clear method to tell a sender that their mail did not go through. I do not expect all of our users to decipher an smtp error message, I have to assume the lowest common denominator. Mega thanks in advance to all who read through this damn sob story ;) and thanks again to those who went through my last few, I love this list. Mike Culbertson [EMAIL PROTECTED]
more spam bouncing
After some thought, perhaps I shoud clarify what I am trying to do. I have looked and looked, and seems most every feature for filtering relies on .qmail files, or something like procmail. I would like to determine if there is a way to avoid both of these. Since the machines in question with this problem are relays (private relays in case you are wondering), there are no home directories for me to add .qmail files to. Also, since they don't hold mail locally, with procmail, the path would be: sender > qmail > procmail > qmail > relay target host which would signifigantly increase the load required to send each piece of mail on to it's destination. I don't want to send every piece of mail through procmail (or similar) if I don't have to. What would be great would be to have qmail-smtpd catch the HELO or MAIL FROM address the sender gives (a la badmailfrom) and do something, like perhaps dump the mail to a local account for further processing, or initiate a bounce, anything other than just an smtp reject. This way, good mail would travel clean on through the relay without being subject to any additional filtering, and only mail matching a bad domain would get handled further. This may be entirely out of the realm of capability within the parameters I have described, I'm not sure. It just seems there must be some way to fanagle qmail itself into reacting to the sender domain. If this answer is painfully obvious, feel free to slap me, but I'd rather know regardless :) Mike Culbertson
spam/other custom bouncing
I am attempting to figure out the best way to set up an auto-response (bounce, in a manner of speaking) triggered by sender domain, in order to facilitate not just rejecting specific domains, but auto-answering mail from them. The situation is as follows: My company receives mail from vary large number of different domains, most legitimate, but some notorious spammers, and some a combo of both. The problem is that I am uncomfortable just adding a domain to "badmailfrom", as I have to be really careful blocking out entire domains lest I block out some legitimate users. badmailfrom only provides an smtp rejection, and I cannot guarantee that an end-user could figure out what happened. Therefore, I would like to maintain a list of domains a la badmailfrom, but rather than doing an smtp reject, an autoreponse would result (your mail has been reject because , please contact etc. etc. ). This way, legitimate users on "banned" domains would have an opportunity to notify us and get unbanned. It seems simple on the surface, but most every filter I have found so far relies on RBLs (love em, but far too arbitrary for this task), or receiver address/domain (it's all coming to the same domain, I need to filter by sender domain). I am sure there must be a fairly simple way to complete this, but I'm not having a lot of luck so far. Any help/thoughts would be greatly appreciated. Thanks in advance. Mike Culbertson sysadmin P.S. The qmail boxes in question are acting as relays only, I am trying to avoid using procmail to filter all deliveries, as 99.9% is sent onwards to another host, not locally. Don't want to double-process the mail if I don't have to, rather have qmail handle all the filtering alone if possible.
