Re: [qmailtoaster] domainkeys guide
I've done some testing with yahoo, and this is what I've found: .) yahoo to toaster seems to work fine with domain keys. I see yahoo's signature in the header, and it was accepted ok. .) toaster directly to yahoo with dk signature works. Message goes into bulk yahoo folder, I think because toaster is on a dynamic IP address. .) toaster using smtproutes (I presume with dk is still signing) via outbound.mailhop.org (a dyndns.org service) works. Message goes into inbox yahoo folder. I don't see a way on yahoo to inspect headers, so I'm presuming a little here. I have a test in progress with cox.net where I'll be able to inspect headers. I expect it will be ok too. BL, domainkeys work ok with smtproutes (at least through dyndns's mailhop). It's still possible that some ISPs *may* screw things up, but they shouldn't (in theory). If anyone would care to explain in more detail why this works, or comes across a case where it doesn't, I'm all ears. I'm guessing that DK signatures reflect some, but not all header information. Note, I'm running the current (1.3) toaster on CentOS4.3. Eric Shubes wrote: Ok, I think I'm getting it. My understanding is that the DK signature is generated from the header and the body, so any additions/alterations would invalidate the signature. So I tend to agree with you. If that's the case, though, then what DynDNS told me is wrong. I'm hesitant to question them, as they're pretty sharp with this stuff too. I'm wondering how this *could* work. Maybe certain (routing related) header entries aren't included in the signature. That would almost need to be the case, given server farms and requirements of very large companies. Otherwise, key (especially private) distribution could be a nightmare. Anywise, no sense in speculating. I should be seeing failures in a day or two if this indeed doesn't work. Stay tuned... Erik Espinoza wrote: DomainKeys only works if your server talks directly to the destination server. If you force all your mail via your isp server using smtproutes, then their server will add some headers which will in turn invalidate all your DomainKey signatures. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] domainkeys guide
I gave up on domainkeys signing in my server since my ISP (optonline) alters the header thus invalidating my domainkeys signature. Both yahoo and gmail header shows bad domainkeys. I had alot of help from Erik with this and came up with the solution that the use of smtproutes with domainkeys does not work, I think it was on wikipedia too. Thanks, John. On Sat, August 5, 2006 11:10 am, Eric \Shubes\ wrote: I've done some testing with yahoo, and this is what I've found: .) yahoo to toaster seems to work fine with domain keys. I see yahoo's signature in the header, and it was accepted ok. .) toaster directly to yahoo with dk signature works. Message goes into bulk yahoo folder, I think because toaster is on a dynamic IP address. .) toaster using smtproutes (I presume with dk is still signing) via outbound.mailhop.org (a dyndns.org service) works. Message goes into inbox yahoo folder. I don't see a way on yahoo to inspect headers, so I'm presuming a little here. I have a test in progress with cox.net where I'll be able to inspect headers. I expect it will be ok too. BL, domainkeys work ok with smtproutes (at least through dyndns's mailhop). It's still possible that some ISPs *may* screw things up, but they shouldn't (in theory). If anyone would care to explain in more detail why this works, or comes across a case where it doesn't, I'm all ears. I'm guessing that DK signatures reflect some, but not all header information. Note, I'm running the current (1.3) toaster on CentOS4.3. Eric Shubes wrote: Ok, I think I'm getting it. My understanding is that the DK signature is generated from the header and the body, so any additions/alterations would invalidate the signature. So I tend to agree with you. If that's the case, though, then what DynDNS told me is wrong. I'm hesitant to question them, as they're pretty sharp with this stuff too. I'm wondering how this *could* work. Maybe certain (routing related) header entries aren't included in the signature. That would almost need to be the case, given server farms and requirements of very large companies. Otherwise, key (especially private) distribution could be a nightmare. Anywise, no sense in speculating. I should be seeing failures in a day or two if this indeed doesn't work. Stay tuned... Erik Espinoza wrote: DomainKeys only works if your server talks directly to the destination server. If you force all your mail via your isp server using smtproutes, then their server will add some headers which will in turn invalidate all your DomainKey signatures. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - .how soon not now becomes never. _martin luther - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] Simscanner, Spamassassin Clamav don't work
Hi Dear All I got problem with my new mail server toaster I install Mandriva 2006 club edition with new qmailtoaster package everything looks good until i check email header from squirrelmail that indicated simscan, spamassassin clamav did'nt scan email at all email header is like this Received: (qmail 9252 invoked by uid 89); 6 Aug 2006 02:54:59 - Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; d=mail..com; b=HKC2Gpjgn50yfOhxrsyykSw4M5ZnriPv+Ng2K0U8EySfUwccDmwQZOFCN75UtNOw ; Received: from unknown (HELO localhost) (127.0.0.1) by localhost with SMTP; 6 Aug 2006 02:54:59 - Received: from 127.0.0.1 (SquirrelMail authenticated user [EMAIL PROTECTED]) by localhost with HTTP; Sat, 5 Aug 2006 22:54:59 -0400 (EDT) Message-ID: [EMAIL PROTECTED] Date: Sat, 5 Aug 2006 22:54:59 -0400 (EDT) Subject: a From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] User-Agent: SquirrelMail/1.4.7-1.3.2mdk MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal my package is like this [EMAIL PROTECTED] qtms-install]# rpm -qa | grep toaster daemontools-toaster-0.76-1.3.1mdk autorespond-toaster-2.0.4-1.3.1mdk qmail-pop3d-toaster-1.03-1.3.5mdk qmailmrtg-toaster-4.2-1.3.1mdk spamassassin-toaster-3.1.3-1.3.1mdk vpopmail-toaster-5.4.13-1.3.1mdk courier-authlib-toaster-0.58-1.3.1mdk ezmlm-toaster-0.53.324-1.3.1mdk maildrop-toaster-2.0.2-1.3.1mdk clamav-toaster-0.88.3-1.3.2mdk libdomainkeys-toaster-0.68-1.3.1mdk courier-imap-toaster-4.1.1-1.3.2mdk ezmlm-cgi-toaster-0.53.324-1.3.1mdk ripmime-toaster-1.4.0.6-1.3.1mdk maildrop-toaster-devel-2.0.2-1.3.1mdk vqadmin-toaster-2.3.4-1.3.1mdk qmail-toaster-1.03-1.3.5mdk qmailadmin-toaster-1.2.9-1.3.1mdk squirrelmail-toaster-1.4.7-1.3.2mdk simscan-toaster-1.2-1.3.1mdk ucspi-tcp-toaster-0.88-1.3.1mdk control-panel-toaster-0.5-1.3.1mdk isoqlog-toaster-2.1-1.3.1mdk my mail server status is like this [EMAIL PROTECTED] qtms-install]# qmailctl stat authlib: up (pid 12060) 3860 seconds clamd: up (pid 12034) 3860 seconds imap4: up (pid 12038) 3860 seconds imap4-ssl: up (pid 12061) 3860 seconds pop3: up (pid 12036) 3860 seconds pop3-ssl: up (pid 12041) 3860 seconds send: up (pid 11999) 3860 seconds smtp: up (pid 12012) 3860 seconds spamd: up (pid 12032) 3860 seconds authlib/log: up (pid 12059) 3860 seconds clamd/log: up (pid 12035) 3860 seconds imap4/log: up (pid 12040) 3860 seconds imap4-ssl/log: up (pid 12039) 3860 seconds pop3/log: up (pid 12037) 3860 seconds pop3-ssl/log: up (pid 12042) 3860 seconds send/log: up (pid 12029) 3860 seconds smtp/log: up (pid 12030) 3860 seconds spamd/log: up (pid 12033) 3860 seconds my simscan-toaster.spec is like this user = clamav qmail directory = /var/qmail work directory = /var/qmail/simscan control directory = /var/qmail/control qmail queue program = /var/qmail/bin/qmail-queue clamdscan program = /usr/bin/clamdscan clamav scan = ON trophie scanning = OFF attachement scan = ON ripmime program = /usr/bin/ripmime custom smtp reject = ON drop message = ON regex scanner = ON quarantine processing = OFF domain based checking = ON add received header = ON spam scanning = ON spamc program = /usr/bin/spamc spamc arguments = spamc user = OFF authenticated users scanned = OFF spam passthru = OFF spam hits = 10 Current simcontrol config -- :clam=yes,spam=yes,spam_hits=10,attach=.mp3:.src:.bat:.pif %configure --enable-user=clamav --enable-ripmime=/usr/bin/ripmime --enable-spam --enable-spam-hits=10 --disable-spam-passthru --enable-dropmsg --enable-regex --enable-per-domain --enable-attach --enable-received --enable-clamavdb-path=/usr/share/clamav --enable-custom-smtp-reject my /etc/tcprules.d/tcp.smtp 127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJKfh,QMAILQUEUE=/var/qmail/bin/simscan,DKQUEUE=/var/qmail/bin/qmail- queue.orig,DKSIGN=/var/qmail/control/domainkeys/%/private my /var/qmail/control/simcontrol :clam=yes,spam=yes,spam_hits=10,attach=.mp3:.src:.bat:.pif my /var/qmail/control/ssattach .exe:.com:.bat:.hta:.vbs:.lnk:.pif:.scr any help is welcome thanks
Re: [qmailtoaster] Simscanner, Spamassassin Clamav don't work
Hi Dear All I got problem with my new mail server toaster From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Firdaus, afaict that is your problem at the moment...local deliveries are not scanned for nasties...you wouldn't spam/infect yourself or your boss...would you? send a mail from outside your domain (from your gmail account) to [EMAIL PROTECTED], then you shoud see *Received: by simscan 1.2.0 ppid: 7463, pid: 7465, t: 2.2745s scanners: attach: 1.2.0 clamav: 0.88.3/m:39/d:1635 spam: 3.1.3* appear in the header. then you know it's all good. i think i am gonna hop over to the wiki and add this, because it seems to be a faq. so maybe it needs to be added somewhere. i think it should go on the install doc. because newbies like myself seem to print that out and follow it to the bitter end as our new grail. one of the first things a new server master wants to do is test out scanning functions. seems to make sense to document it somewhere. fuzz - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] smtp session timeouts
Citando Eric \Shubes\ [EMAIL PROTECTED]: I've that problem after a spamassassin update. worked fine for a few days and afterwords bayes db just trashed.. I flushed it and restarted and all went OK! also after this i started to run spamassassin with -x as i read somewhere, can�t realy recall where, and it all runned smooth from then on. greets Zsoft Jake Vickers wrote: Eric Shubes wrote: I think my problem is spamassassin. I turned it off for a while, and didn't see any problem. What are the permissions? I've seen these get messed up sometimes; they should be owned by vpopmail:vchkpw The best way to clear them would (at least this worked for me), delete them (or move them), touch the files to recreate, change permissions, then run spamassassin -D --lint. Hope that helps some. Permissions looked ok. I simply renamed /home/vpopmail/.spamassassin to .spamassassin.old then ran spamassassin -D --lint. Everything came back ok, and spamassassin automatically recreated the directory. Looks better so far. Hope that does it, overnight should tell. This problem's been driving me bonkers! Thanks loads, Jake. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] UPDATE RELEASED: spamassassin-toaster-3.1.4-1.3.2.src.rpm
Greetings, I have released an updated spamassassin package. It is available at the usual site: http://devel.qmailtoaster.com/ The only change is an upgrade to spamassassin 3.1.4. Thanks, Erik - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Simscanner, Spamassassin Clamav don't work
On 8/5/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi Dear All I got problem with my new mail server toaster From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]Firdaus,afaict that is your problem at the moment...local deliveries are not scanned for nasties...you wouldn't spam/infect yourself or yourboss...would you? yes off course but in my old qmailtoaster server my server will scan local deliveries , i have read change log but no information indicated that info. i hope this is for a moment cause my client still use microsoft software that weak system of virus send a mail from outside your domain (from your gmail account) to [EMAIL PROTECTED], then you shoud see*Received: by simscan 1.2.0 ppid: 7463, pid: 7465, t: 2.2745s scanners: attach: 1.2.0 clamav: 0.88.3/m:39/d:1635 spam: 3.1.3*appear in the header.then you know it's all good. i think i am gonna hop over to the wiki and add this, because it seems tobe a faq.so maybe it needs to be added somewhere.i think it should goon the install doc.because newbies like myself seem to print that out and follow it to the bitter end as our new grail.one of the first thingsa new server master wants to do is test out scanning functions.seems tomake sense to document it somewhere. ok thanks alot i 'll try yes there is always happen when i install qmailtoaster new package in new version of distro like mandriva, fedora etc i hope erik or nick or something else will put this information in qmailtoaster wiki regards daus
