Re: [qmailtoaster] Firewall
Yeah I saw that tar file they offer. I wanted to use it with chef and just feed shorewall some include files. Will see how it goes. Cheers, Sebastian On 17.07.2014, at 22:48, M sysad...@tricubemedia.com wrote: Shorewall firewall is based on iptables so it should work. and this script gets its data from : DLROOT=http://www.ipdeny.com/ipblocks/data/countries; Dave M On 7/17/2014 10:28 AM, Sebastian Grewe wrote: Hey Dave, That's one great script there. I will have to check for that ipdeny.com list - maybe I can also add it to shorewall somehow. Cheers, Sebastian On 16.07.2014, at 21:02, M sysad...@tricubemedia.com wrote: Hi list, recently i had a request for a VM for one of our qmailers. Subsequently , after deployment, we found the VM to be compromised, so hackers got in before I could secure the qmail VM. I rebuilt the VM, and added My firewall rules , and sent it off again. No probs this time. I was asked if they could share the firewall rules, No probs, but I looked for a way to block by country. Here is what I found, and modified for our qmail needs ( rules etc ) Thanks go to the original script writer, I merely modified it. Firewall script , so you can block specific countries, eg China ( ISO cn ) working as of July 16th 2014 ***No offense meant to any countries listed here, for demo purposes only*** Do a ISO country code look up for your needs Tested on qmail-Centos5, and qmail-Centos6. Should work an other iptables type firewalls Install Setup. *** Backup your existing firewall script. *** Centos5 qmail install ( cp /etc/rc.d/firewall.ruleset /etc.rc.d/firewall.org ) Centos6 qmail install ( cp /etc/sysconfig/iptables /etc/sysconfig/iptables.org ) copy script to your server, make executable ( chmod +x country_block.sh ) Edit file, and modify to your needs. specific areas ISO=af cn kr # Set your own ports you need , these are set for a standard qmail install..remove 3306 if you dont do database sync`s ALLOWPORTS=22,25,80,110,143,443,465,587,993,995,3306 #Set your subnet ALLOWSUBNET=192.168.0.0/255.255.0.0 Run script ./country_block.sh Wait until complete. check it added the rules, iptables -L -n, you should see a whole bunch of countrydrop lines Centos 5 Qmail installs Save iptables to your /etc/rc.d/firewall.ruleset /sbin/iptables-save /etc/rc.d/firewall.ruleset Stop and start firewall firewall down firewall up Check again iptables -L -n Centos 6 Qmail installs Save iptables to your /etc/sysconfig/iptables /sbin/iptables-save /etc/sysconfig/iptables Some say this may cause slowness on the email server, I have not found that to be the case. Based on My ruleset ( thousands of entries ) I have been running the rules for years. Dave M country_block.sh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Prevent sender from spoofing email address
On 7/17/2014 7:32 PM, Hasan Akgöz wrote: Hi Guys; allows SMTP authenticated users to put a fake email address in an email's sender field and the email is sent successfully .How to enforce sender/from address to be “logged_u...@test.com mailto:logged_u...@test.com” in Qmailtoaster ? Hasan: I have brought this up before, and there are certain situations where you NEED for a single auth'd user to be able to send mail as anyone. Specifically, when you're using QMT as a filter or smart-host. So the short answer to your query is that it cannot be done. Once you are authenticated to the qmail-smtp program, it will take any email from you -- including email that is spoofed... Dan McAllister PS: I am with you if you believe there should be a way to configure that -- but that is not an option that I am aware of currently. -- IT4SOHO, LLC 33 - 4th Street N, Suite 211 St. Petersburg, FL 33701-3806 CALL TOLL FREE: 877-IT4SOHO 877-484-7646 Phone 727-647-7646 Local 727-490-4394 Fax We have support plans for QMail!
Re: [qmailtoaster] Numerous copies of emails
On 7/18/2014 12:46 AM, Bharath Chari wrote: The same thing happened to me, but it seems to have resolved itself. Again, only from the list. Bharath On 07/18/2014 12:58 AM, Cecil Yother, Jr. wrote: Same is happening to me. On 07/17/2014 12:41 PM, Finn Buhelt wrote: Hi List (Eric). Have any of You any idea why I sometimes is getting numerous copies of some of the emails from the qmailtoaster-list ? In my experience, this happens most often when there is a delivery problem -- often a message is rejected but still delivered. (One of the most egregious and common of these are the DKIM signature failures that send bounce-like messages back to the user... yet the message is actually delivered.) I'm not sure who manages the list server these days, but the send log file there should be checked. My guess is that 400 (or even 500) type error messages are resulting in a re-send even though the first came through just fine. Just my thoughts Dan -- IT4SOHO, LLC 33 - 4th Street N, Suite 211 St. Petersburg, FL 33701-3806 CALL TOLL FREE: 877-IT4SOHO 877-484-7646 Phone 727-647-7646 Local 727-490-4394 Fax We have support plans for QMail!
RE: [qmailtoaster] Prevent sender from spoofing email address
Even I’m thinking this patch is needed. While searching I found one old patch for the same, but don’t know can we integrate the same in qmailtoaster. http://translate.google.co.in/translate?hl=en http://translate.google.co.in/translate?hl=ensl=tru=http://www.endersys.com.tr/blog/2009/12/16/qmail-from-address-and-smtp-auth-username-check-patch/prev=/search%3Fq%3Dqmail-from-address-and-smtp-auth-username-check-patch/%26client%3Dfirefox-a%26hs%3DKig%26rls%3Dorg.mozilla:en-US:official sl=tru=http://www.endersys.com.tr/blog/2009/12/16/qmail-from-address-and-smtp-auth-username-check-patch/prev=/search%3Fq%3Dqmail-from-address-and-smtp-auth-username-check-patch/%26client%3Dfirefox-a%26hs%3DKig%26rls%3Dorg.mozilla:en-US:official If anyone can look in this may be that is great. Amit Dalia From: Dan McAllister [mailto:q...@it4soho.com] Sent: 18 July 2014 18:44 To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Prevent sender from spoofing email address On 7/17/2014 7:32 PM, Hasan Akgöz wrote: Hi Guys; allows SMTP authenticated users to put a fake email address in an email's sender field and the email is sent successfully .How to enforce sender/from address to be “logged_u...@test.com mailto:logged_u...@test.com ” in Qmailtoaster ? Hasan: I have brought this up before, and there are certain situations where you NEED for a single auth'd user to be able to send mail as anyone. Specifically, when you're using QMT as a filter or smart-host. So the short answer to your query is that it cannot be done. Once you are authenticated to the qmail-smtp program, it will take any email from you -- including email that is spoofed... Dan McAllister PS: I am with you if you believe there should be a way to configure that -- but that is not an option that I am aware of currently. -- IT4SOHO, LLC 33 - 4th Street N, Suite 211 St. Petersburg, FL 33701-3806 CALL TOLL FREE: 877-IT4SOHO 877-484-7646 Phone 727-647-7646 Local 727-490-4394 Fax We have support plans for QMail! --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com
[qmailtoaster] Re: stripped attachments...part II
On 07/17/2014 01:32 PM, Eric Broch wrote: I have a query into the dovecot user's group concerning the implementation of 'any' spam filter, including DSPAM, in the dovecot-lda process as their site does not make it obvious to me how to do it. There's a plugin for that. I mentioned it either here or on the devel list recently. I think it's called anti-spam. I've found a source for Maildrop (standalone) in the event it is no longer supported by QMT and in the interim: 1) wget http://dl.atrpms.net/el6-i386/atrpms/stable/atrpms-repo-6-7.el6.i686.rpm 2) rpm -Uvh atrpms*.rpm 3) yum install maildrop I don't have a problem keeping maildrop around. It's rather large for what it does, but so what? Even after it's no longer a part of the stock QMT (if indeed that ever happens), I imagine that it will remain in the repos in a deprecated state. I've thought about wading into the DSPAM code myself as it has worked so well for me, and still is. If we have someone (or two) who wants to maintain the sources, I wouldn't be adverse to include it in the QMT 'family' of software. Thanks! -- -Eric 'shubes' - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: Firewall
On 07/17/2014 03:33 PM, Tony White wrote: FYI Dan I am getting 4 emails in my inbox again. I think this is a problem with the list server. I'll look into it when I get a chance, perhaps this weekend. -- -Eric 'shubes' - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: Numerous copies of emails
That's in my arena. I'll get it fixed when I get a chance, hopefully this weekend. -- -Eric 'shubes' On 07/18/2014 06:17 AM, Dan McAllister wrote: On 7/18/2014 12:46 AM, Bharath Chari wrote: The same thing happened to me, but it seems to have resolved itself. Again, only from the list. Bharath On 07/18/2014 12:58 AM, Cecil Yother, Jr. wrote: Same is happening to me. On 07/17/2014 12:41 PM, Finn Buhelt wrote: Hi List (Eric). Have any of You any idea why I sometimes is getting numerous copies of some of the emails from the qmailtoaster-list ? In my experience, this happens most often when there is a delivery problem -- often a message is rejected but still delivered. (One of the most egregious and common of these are the DKIM signature failures that send bounce-like messages back to the user... yet the message is actually delivered.) I'm not sure who manages the list server these days, but the send log file there should be checked. My guess is that 400 (or even 500) type error messages are resulting in a re-send even though the first came through just fine. Just my thoughts Dan -- IT4SOHO, LLC 33 - 4th Street N, Suite 211 St. Petersburg, FL 33701-3806 CALL TOLL FREE: 877-IT4SOHO 877-484-7646 Phone 727-647-7646 Local 727-490-4394 Fax We have support plans for QMail! - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: Prevent sender from spoofing email address
I looked at this briefly, and determined it's not suitable for QMT. If something like this ever practical, it would need to be configrable on a per-user basis, as Dan sugggested. A few thoughts about this. First such a thing would be contrary to RFCs (not this this is a be-all end-all reason). Secondly, this moves in a direction that is actually *less* secure. A more secure setup would have the authentication ID be *different* than the email address. That way, malicious imposters would need to acquire the login id *and* password in order to crack an account. So you see, having a login ID that's different from the email address is actually a good thing, from a security stand point. Note, the authentication ID is frequently included in the message header, so it's not entirely hidden. I'm looking into that as well though, in a way that the last-4 of a credit card number is printed on receipts. If indeed the authentication ID is even really needed in message headers. Along the lines of controlling spoofing, it might be practical for a submission server to inquire from an authentication server, which sending addresses are allowed to be used by a given account. This could be specified as a list, and using wildcards. In that manner, some control of spoofing addresses would be practical. I'm curious to know if there's a way to do this with postfix. Anyone care to look into this? I know we have some postfix converts lurking here (and I truely appreciate that!). ;) Thanks. -- -Eric 'shubes' On 07/18/2014 06:37 AM, Amit Dalia wrote: Even I’m thinking this patch is needed. While searching I found one old patch for the same, but don’t know can we integrate the same in qmailtoaster. http://translate.google.co.in/translate?hl=ensl=tru=http://www.endersys.com.tr/blog/2009/12/16/qmail-from-address-and-smtp-auth-username-check-patch/prev=/search%3Fq%3Dqmail-from-address-and-smtp-auth-username-check-patch/%26client%3Dfirefox-a%26hs%3DKig%26rls%3Dorg.mozilla:en-US:official If anyone can look in this may be that is great. *Amit Dalia * *From:*Dan McAllister [mailto:q...@it4soho.com] *Sent:* 18 July 2014 18:44 *To:* qmailtoaster-list@qmailtoaster.com *Subject:* Re: [qmailtoaster] Prevent sender from spoofing email address On 7/17/2014 7:32 PM, Hasan Akgöz wrote: Hi Guys; allows SMTP authenticated users to put a fake email address in an email's sender field and the email is sent successfully ..How to enforce sender/from address to be “logged_u...@test.com mailto:logged_u...@test.com” in Qmailtoaster ? Hasan: I have brought this up before, and there are certain situations where you NEED for a single auth'd user to be able to send mail as anyone. Specifically, when you're using QMT as a filter or smart-host. So the short answer to your query is that it cannot be done. Once you are authenticated to the qmail-smtp program, it will take any email from you -- including email that is spoofed... Dan McAllister PS: I am with you if you believe there should be a way to configure that -- but that is not an option that I am aware of currently. -- IT4SOHO, LLC 33 - 4th Street N, Suite 211 St. Petersburg, FL 33701-3806 CALL TOLL FREE: 877-IT4SOHO 877-484-7646 Phone 727-647-7646 Local 727-490-4394 Fax We have support plans for QMail! http://www.avast.com/ This email is free from viruses and malware because avast! Antivirus http://www.avast.com/ protection is active. - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Firewall
I also downloaded their tar file, of all the countries IP`s, Just wondering, maybe I will look at modifying the script, so it looks on local drive for “ DLROOT” instead of trolling their website, as I used to use this a long time ago, and found many of the files inside the tar to be zero bytes. Will let everyone know what I find. Dave M From: Sebastian Grewe Sent: Friday, July 18, 2014 12:43 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Firewall Yeah I saw that tar file they offer. I wanted to use it with chef and just feed shorewall some include files. Will see how it goes. Cheers, Sebastian On 17.07.2014, at 22:48, M sysad...@tricubemedia.com wrote: Shorewall firewall is based on iptables so it should work. and this script gets its data from : DLROOT=http://www.ipdeny.com/ipblocks/data/countries; Dave M On 7/17/2014 10:28 AM, Sebastian Grewe wrote: Hey Dave, That's one great script there. I will have to check for that ipdeny.com list - maybe I can also add it to shorewall somehow. Cheers, Sebastian On 16.07.2014, at 21:02, M sysad...@tricubemedia.com wrote: Hi list, recently i had a request for a VM for one of our qmailers. Subsequently , after deployment, we found the VM to be compromised, so hackers got in before I could secure the qmail VM. I rebuilt the VM, and added My firewall rules , and sent it off again. No probs this time. I was asked if they could share the firewall rules, No probs, but I looked for a way to block by country. Here is what I found, and modified for our qmail needs ( rules etc ) Thanks go to the original script writer, I merely modified it. Firewall script , so you can block specific countries, eg China ( ISO cn ) working as of July 16th 2014 ***No offense meant to any countries listed here, for demo purposes only*** Do a ISO country code look up for your needs Tested on qmail-Centos5, and qmail-Centos6. Should work an other iptables type firewalls Install Setup. *** Backup your existing firewall script. *** Centos5 qmail install ( cp /etc/rc.d/firewall.ruleset /etc.rc.d/firewall.org ) Centos6 qmail install ( cp /etc/sysconfig/iptables /etc/sysconfig/iptables.org ) copy script to your server, make executable ( chmod +x country_block.sh ) Edit file, and modify to your needs. specific areas ISO=af cn kr # Set your own ports you need , these are set for a standard qmail install..remove 3306 if you dont do database sync`s ALLOWPORTS=22,25,80,110,143,443,465,587,993,995,3306 #Set your subnet ALLOWSUBNET=192.168.0.0/255.255.0.0 Run script ./country_block.sh Wait until complete. check it added the rules, iptables -L -n, you should see a whole bunch of countrydrop lines Centos 5 Qmail installs Save iptables to your /etc/rc.d/firewall.ruleset /sbin/iptables-save /etc/rc.d/firewall.ruleset Stop and start firewall firewall down firewall up Check again iptables -L -n Centos 6 Qmail installs Save iptables to your /etc/sysconfig/iptables /sbin/iptables-save /etc/sysconfig/iptables Some say this may cause slowness on the email server, I have not found that to be the case. Based on My ruleset ( thousands of entries ) I have been running the rules for years. Dave M country_block.sh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Firewall
Well, maybe we cant: “ YOU MAY NOT RE-DISTRIBUTE OUR IP ZONE FILES. HOWEVER, YOU CAN LINK TO OUR IP COUNTRY ZONE FILES FOLDER ACCESSABLE AT http://www.ipdeny.com/ipblocks/data/countries, BUT NOT TO THE FILES DIRECTLY,*UNLESS YOU COMPLY WITH FAIR USAGE LIMITS POLICY*. “ Also ,I found their zip file of all zones to be zero bytes. Dave M On 7/18/2014 12:59 PM, Me wrote: I also downloaded their tar file, of all the countries IP`s, Just wondering, maybe I will look at modifying the script, so it looks on local drive for “ DLROOT” instead of trolling their website, as I used to use this a long time ago, and found many of the files inside the tar to be zero bytes. Will let everyone know what I find. Dave M *From:* Sebastian Grewe mailto:sebast...@grewe.ca *Sent:* Friday, July 18, 2014 12:43 AM *To:* qmailtoaster-list@qmailtoaster.com mailto:qmailtoaster-list@qmailtoaster.com *Subject:* Re: [qmailtoaster] Firewall Yeah I saw that tar file they offer. I wanted to use it with chef and just feed shorewall some include files. Will see how it goes. Cheers, Sebastian On 17.07.2014, at 22:48, M sysad...@tricubemedia.com mailto:sysad...@tricubemedia.com wrote: Shorewall firewall is based on iptables so it should work. and this script gets its data from : DLROOT=*http://www.ipdeny.com/ipblocks/data/countries*; Dave M On 7/17/2014 10:28 AM, Sebastian Grewe wrote: Hey Dave, That's one great script there. I will have to check for that ipdeny.com http://ipdeny.com list - maybe I can also add it to shorewall somehow. Cheers, Sebastian On 16.07.2014, at 21:02, M sysad...@tricubemedia.com mailto:sysad...@tricubemedia.com wrote: Hi list*, *recently**i had a request for a VM for one of our qmailers. Subsequently , after deployment, we found the VM to be compromised, so hackers got in before I could secure the qmail VM. I rebuilt the VM, and added My firewall rules , and sent it off again. No probs this time. I was asked if they could share the firewall rules, No probs, but I looked for a way to block by country. Here is what I found, and modified for our qmail needs ( rules etc ) Thanks go to the original script writer, I merely modified it. Firewall script , so you can block specific countries, eg China ( ISO cn ) working as of July 16th 2014 * ***No offense meant to any countries listed here, for demo purposes only** Do a ISO country code look up for your needs *Tested on qmail-Centos5, and qmail-Centos6.* Should work an other iptables type firewalls *Install Setup.* * Backup your existing firewall script. *** Centos5 qmail install ( *cp /etc/rc.d/firewall.ruleset /etc.rc.d/firewall.org http://firewall.org***) Centos6 qmail install ( *cp /etc/sysconfig/iptables /etc/sysconfig/iptables.org http://iptables.org* ) copy script to your server, make executable ( *chmod +x country_block.sh* ) *Edit file, and modify to your needs.* specific areas *ISO=af cn kr * # Set your own ports you need , these are set for a standard qmail install..remove 3306 if you dont do database sync`s *ALLOWPORTS=22,25,80,110,143,443,465,587,993,995,3306 #Set your subnet ALLOWSUBNET=192.168.0.0/255.255.0.0* Run script *./country_block.sh* Wait until complete. check it added the rules, *iptables -L -n*, you should see a whole bunch of countrydrop lines _*Centos 5 Qmail installs*_ Save iptables to your /etc/rc.d/firewall.ruleset */sbin/iptables-save /etc/rc.d/firewall.ruleset* Stop and start firewall *firewall down** **firewall up* Check again *iptables -L -n* _*Centos 6 Qmail installs*_ Save iptables to your /etc/sysconfig/iptables */sbin/iptables-save /etc/sysconfig/iptables* Some say this may cause slowness on the email server, I have not found that to be the case. Based on My ruleset ( thousands of entries ) I have been running the rules for years. Dave M country_block.sh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com mailto:qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Firewall
I guess the referrer has to match. Otherwise they serve an empty file. I wouldn't distribute the files but rather let Chef download them. Not sure if that's the same thing though and would also fall under that restriction. Cheers, Sebastian On 18.07.2014, at 21:41, M sysad...@tricubemedia.com wrote: Well, maybe we cant: “ YOU MAY NOT RE-DISTRIBUTE OUR IP ZONE FILES. HOWEVER, YOU CAN LINK TO OUR IP COUNTRY ZONE FILES FOLDER ACCESSABLE AT http://www.ipdeny.com/ipblocks/data/countries, BUT NOT TO THE FILES DIRECTLY, UNLESS YOU COMPLY WITH FAIR USAGE LIMITS POLICY. “ Also ,I found their zip file of all zones to be zero bytes. Dave M On 7/18/2014 12:59 PM, Me wrote: I also downloaded their tar file, of all the countries IP`s, Just wondering, maybe I will look at modifying the script, so it looks on local drive for “ DLROOT” instead of trolling their website, as I used to use this a long time ago, and found many of the files inside the tar to be zero bytes. Will let everyone know what I find. Dave M From: Sebastian Grewe Sent: Friday, July 18, 2014 12:43 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Firewall Yeah I saw that tar file they offer. I wanted to use it with chef and just feed shorewall some include files. Will see how it goes. Cheers, Sebastian On 17.07.2014, at 22:48, M sysad...@tricubemedia.com wrote: Shorewall firewall is based on iptables so it should work. and this script gets its data from : DLROOT=http://www.ipdeny.com/ipblocks/data/countries; Dave M On 7/17/2014 10:28 AM, Sebastian Grewe wrote: Hey Dave, That's one great script there. I will have to check for that ipdeny.com list - maybe I can also add it to shorewall somehow. Cheers, Sebastian On 16.07.2014, at 21:02, M sysad...@tricubemedia.com wrote: Hi list, recently i had a request for a VM for one of our qmailers. Subsequently , after deployment, we found the VM to be compromised, so hackers got in before I could secure the qmail VM. I rebuilt the VM, and added My firewall rules , and sent it off again. No probs this time. I was asked if they could share the firewall rules, No probs, but I looked for a way to block by country. Here is what I found, and modified for our qmail needs ( rules etc ) Thanks go to the original script writer, I merely modified it. Firewall script , so you can block specific countries, eg China ( ISO cn ) working as of July 16th 2014 ***No offense meant to any countries listed here, for demo purposes only*** Do a ISO country code look up for your needs Tested on qmail-Centos5, and qmail-Centos6. Should work an other iptables type firewalls Install Setup. *** Backup your existing firewall script. *** Centos5 qmail install ( cp /etc/rc.d/firewall.ruleset /etc.rc.d/firewall.org ) Centos6 qmail install ( cp /etc/sysconfig/iptables /etc/sysconfig/iptables.org ) copy script to your server, make executable ( chmod +x country_block.sh ) Edit file, and modify to your needs. specific areas ISO=af cn kr # Set your own ports you need , these are set for a standard qmail install..remove 3306 if you dont do database sync`s ALLOWPORTS=22,25,80,110,143,443,465,587,993,995,3306 #Set your subnet ALLOWSUBNET=192.168.0.0/255.255.0.0 Run script ./country_block.sh Wait until complete. check it added the rules, iptables -L -n, you should see a whole bunch of countrydrop lines Centos 5 Qmail installs Save iptables to your /etc/rc.d/firewall.ruleset /sbin/iptables-save /etc/rc.d/firewall.ruleset Stop and start firewall firewall down firewall up Check again iptables -L -n Centos 6 Qmail installs Save iptables to your /etc/sysconfig/iptables /sbin/iptables-save /etc/sysconfig/iptables Some say this may cause slowness on the email server, I have not found that to be the case. Based on My ruleset ( thousands of entries ) I have been running the rules for years. Dave M country_block.sh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Firewall
As a test only ( I honestly did remove the files after testing ) I modified the script, and added all countries ISO code, yup blocked the planet. In turn the script does download all zone files. Put script back to normal *ISO=af cn kr * Temporarily I moved them to /var/zones directory edited script again, from ISO=af cn kr to ISO=de from DLROOT=*http://www.ipdeny.com/ipblocks/data/countries*; to DLROOT=*/var/zones* runscript and it does seek out the files in /var/zones So It does work from a local directory as well Dave M
[qmailtoaster] Question about lists (other than ezmlm)
Ok, I know STOCK QMT comes with mlm -- but I also recall others talking about other list management tools for QMT I have a client that wants to use a mail list (tens of thousands of entries, he says -- I've warned him of the blacklist risk!) What are our other alternatives? Thanks, Dan -- IT4SOHO, LLC 33 - 4th Street N, Suite 211 St. Petersburg, FL 33701-3806 CALL TOLL FREE: 877-IT4SOHO 877-484-7646 Phone 727-647-7646 Local 727-490-4394 Fax We have support plans for QMail! - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Firewall
Well, I contacted ipdeny.com Here is their updated Fair Use Policy *IP*deny fair Usage Limits policy Last reviewed: March 4, 2012 In order to offer equal and quality service to all public users IPDENY.COM has implemented fair usage limits policy with the following resource download limits: * no more than 5000 zone downloads per day per IP * no more than 5 concurrent connections per IP * we suggest doing a wait for 0.5 to 1 second between each request We do not impose any hard limits and we do understand that sometimes you need to fetch files more often due to your script testing or anything similar. This policy was created for bad people who are abusing our service. By using IPDENY.COM web site and data you also agree to our Terms of Service http://ipdeny.com/tos.php (TOS) and that you are familiar with our Copyright notice http://ipdeny.com/copyright.php and Privacy Policy http://ipdeny.com/privacy.php. *As their are only 243 zone files*, then that does not break their 5000 zone limit. I have the zones again, and zipped them up if any one wants them, or admins can I add to an email here, the file size is only 308kb let me know if I can post the zip file here as an attachment Dave M
[qmailtoaster] Re: Firewall
On 07/18/2014 01:32 PM, M wrote: Well, I contacted ipdeny.com Here is their updated Fair Use Policy *IP*deny fair Usage Limits policy Last reviewed: March 4, 2012 In order to offer equal and quality service to all public users IPDENY.COM has implemented fair usage limits policy with the following resource download limits: * no more than 5000 zone downloads per day per IP * no more than 5 concurrent connections per IP * we suggest doing a wait for 0.5 to 1 second between each request We do not impose any hard limits and we do understand that sometimes you need to fetch files more often due to your script testing or anything similar. This policy was created for bad people who are abusing our service. By using IPDENY.COM web site and data you also agree to our Terms of Service http://ipdeny.com/tos.php (TOS) and that you are familiar with our Copyright notice http://ipdeny.com/copyright.php and Privacy Policy http://ipdeny.com/privacy.php. *As their are only 243 zone files*, then that does not break their 5000 zone limit. I have the zones again, and zipped them up if any one wants them, or admins can I add to an email here, the file size is only 308kb let me know if I can post the zip file here as an attachment Dave M If it fits their fair use policy, would it be appropriate to put it on the mirrors? If so, how might it fit into the directory structure there? Thanks. -- -Eric 'shubes' - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: Question about lists (other than ezmlm)
On 07/18/2014 01:13 PM, Dan McAllister wrote: Ok, I know STOCK QMT comes with mlm -- but I also recall others talking about other list management tools for QMT I have a client that wants to use a mail list (tens of thousands of entries, he says -- I've warned him of the blacklist risk!) What are our other alternatives? Thanks, Dan I use mailman. There's a wiki page on how to set it up. I hope to make mailman the stock QMT offering at some point in the future. -- -Eric 'shubes' - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Question about lists (other than ezmlm)
Dan McAllister wrote: Ok, I know STOCK QMT comes with mlm -- but I also recall others talking about other list management tools for QMT I have a client that wants to use a mail list (tens of thousands of entries, he says -- I've warned him of the blacklist risk!) What are our other alternatives? If you're running CentOS ... which you presumably are ... you can use 'yum' to install 'mailman'. There's no specific integration with QMT, but in my experience they play fairly nicely together. In a past life, I did a whole 'mailman' setup by hand, including installing from source. _That_ I do not recommend. But my recollection is that using 'yum' to get it going was pretty painless. While 'mailman' has an interface that only Richard Stallman could love, once it's installed it requires minimal attention. Your mileage may vary. Angus - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com