RE: [qmailtoaster] rpcbind

[Dan McAllister - QMT DNS]

I personally disable portmap and all RPC services on my servers. Even NFS is 
now at v4 and uses TCP and well-known-ports, not the portmapper.

I have no issues with QMT working in that environment.

 

There are a HOST of other services that come in a startup CentOS 6 or CentOS 7 
install – I ALWAYS inventory my new builds to remove unneeded and unwanted 
services.

 

Best Regard,

 

Dan McAllister

 

 

From: Remo Mattei  
Sent: Tuesday, March 19, 2019 11:33 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] rpcbind

 

I agree. Eric will be the person to go. 

 

Remo

 

 

 

On Tuesday, Mar 19, 2019 at 08:21, Leonardo Porto mailto:leonardo.po...@iw.net.br> > wrote:

Right, but if Toaster doesn't really use it and I don't use NFS or anything 
rpcbind is need for, it's an unnecessary daemon I would uninstall.

 

Em 19/03/2019 12:03, Remo Mattei escreveu:

you can use firewalld to block it by default it should not be open.

 

Remo 

 

 

 

On Tuesday, Mar 19, 2019 at 08:00, Leonardo Porto mailto:leonardo.po...@iw.net.br> > wrote:

Hi everyone,

I received a security alert about Portmap service enabled on my server, I 
checked the daemon rpcbind was installed by Toaster, is it needed?
I am thinking to get rid of it.
Thanks.

Leonardo.

Error! Filename not specified.

RE: Fwd: Re: [qmailtoaster] centos 6

[Dan McAllister - QMT DNS]

I hear ya Andrew! I have a very large QMT that hosts hundreds of domains. One 
of those tenants knows that this is a QMT install, and wanted to have access to 
the vqadmin program -- which WOULD have given them visibility to other domains' 
passwords -- but I deny access to that tool to anyone (I don't even use it)... 
they CAN use the admin role with the standard qmailadmin interface, because 
that is limited to one domain at a time.

I have a list of "superadmins" for that system that have access to the user 
passwords through the shell "vuserinfo" command -- and you have to be elevated 
(root) to run that, so anyone breaking in (hacking) the website (apache user), 
or qmail (qmail, qmaill, or qmailq users) or even vpopmail (vpopmail user) will 
NOT be able to run that command.

I also CHANGE the default passwords for the MySQL database... so if you CAN 
break in, you CANNOT just query the database (because the vpopmail password is 
well known).

So that's been my way to deal with it... your mileage may vary 

Dan


-Original Message-
From: Andrew Swartz  
Sent: Tuesday, October 2, 2018 11:24 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: Fwd: Re: [qmailtoaster] centos 6

Dan,

Excellent explanation. Thank you.

It explains something which I did not report in my email:  I solved this
by trying only the first 16 characters of the long passwords, and sure
enough they validated.  I did not put enough thought into it to realize
that the hashes had been regenerated from the shortened passwords.

This explanation implies that the problem is that the restore script
generates new hashes from the [stored] cleartext passwords.  Seems like
an easy fix would be to just backup/restore the hashes instead of
generating new hashes.

QUESTIONS:
1. What is the format of the stored hash?  Looks like concatenation of
two [atypical] base64 fields.

2. How difficult would it be to remove the cleartext passwords from
vpopmail?  I see the logic of storing the "hint".  But it means that for
systems with multiple admins, all of the admins can view (and therefore
use) most users' passwords.  That is problematic even without
considering the foreign intruder risk.

My security concern for QMT has always been that I've never trusted the
qmail accessories as much as qmail itself.  I remain fairly confident
that an intruder will not enter via port 25 (i.e. through qmail).  But
running the web server (for webmail) markedly increases the risk.

QUESTION: could a webserver SQL-injection retrieve the cleartext passwords?

-Andy



On 10/2/2018 5:02 AM, Dan McAllister - QMT DNS wrote:
> I know I'm "Johnny-come-lately" on this topic, but I can explain the results 
> you're seeing and have seen the same myself:
> 
> The QMT vpopmail default setup saves the hashed password, as well as the 
> first 16-characters of the clear-text password, in the MySQL database. That 
> has already been established. What you probably don't know (or didn't think 
> of) is how those fields are used!
> 
> Consider the following:
>  - First, the length of the hashing algorithm is a fixed length. Different 
> hashes, different lengths (for example: MD5 hashes are always 32 characters, 
> SHA1 hashes have 40 characters, sha512 hashes 128, and so on...)
>  - Second, ONLY the hashed password is used for validation. There is no NEED 
> for the cleartext password in the database, it's there simply because the 
> MySQL database was considered somewhat secure, and the original developers of 
> the QMT realized that about 40% of user problems are caused by NOT KNOWING 
> THEIR PASSWORDS, and being able to GIVE them their existing password was 
> generally easier than resetting it (and hearing complaints that, although you 
> "fixed" their desktop mail, now their phone's weren't getting email!)
>  - Finally, the original designers of QMT assumed people would use long 
> passwords -- it was suggested in the original documentation. Thus, saving 
> only the first 16 characters of the password in cleartext meant you were only 
> REALLY saving a "password hint" vs. the entire password.
> 
> So - when you enter a 75 character password (only slightly absurd these 
> days), and if we assume a sha1 password hash, then the "set password" 
> function hashes your 75 characters into a 40-character SHA1 hash and saves it 
> into the database field that stores up to (magically) 40 characters. (FWIW: 
> when you enter your 2-character password of "ok", the sha1 algorithm ALSO 
> generates a 40 character output!). After is stores the hashed password, it 
> ALSO stores the first 16 characters of the cleartext password -- because 
> that's the length of the field in the database.
> 
> When you try to authenticate, the password you provided is re-hashed 
> (regardless of its length -- although u

RE: Fwd: Re: [qmailtoaster] centos 6

[Dan McAllister - QMT DNS]

I know I'm "Johnny-come-lately" on this topic, but I can explain the results 
you're seeing and have seen the same myself:

The QMT vpopmail default setup saves the hashed password, as well as the first 
16-characters of the clear-text password, in the MySQL database. That has 
already been established. What you probably don't know (or didn't think of) is 
how those fields are used!

Consider the following:
 - First, the length of the hashing algorithm is a fixed length. Different 
hashes, different lengths (for example: MD5 hashes are always 32 characters, 
SHA1 hashes have 40 characters, sha512 hashes 128, and so on...)
 - Second, ONLY the hashed password is used for validation. There is no NEED 
for the cleartext password in the database, it's there simply because the MySQL 
database was considered somewhat secure, and the original developers of the QMT 
realized that about 40% of user problems are caused by NOT KNOWING THEIR 
PASSWORDS, and being able to GIVE them their existing password was generally 
easier than resetting it (and hearing complaints that, although you "fixed" 
their desktop mail, now their phone's weren't getting email!)
 - Finally, the original designers of QMT assumed people would use long 
passwords -- it was suggested in the original documentation. Thus, saving only 
the first 16 characters of the password in cleartext meant you were only REALLY 
saving a "password hint" vs. the entire password.

So - when you enter a 75 character password (only slightly absurd these days), 
and if we assume a sha1 password hash, then the "set password" function hashes 
your 75 characters into a 40-character SHA1 hash and saves it into the database 
field that stores up to (magically) 40 characters. (FWIW: when you enter your 
2-character password of "ok", the sha1 algorithm ALSO generates a 40 character 
output!). After is stores the hashed password, it ALSO stores the first 16 
characters of the cleartext password -- because that's the length of the field 
in the database.

When you try to authenticate, the password you provided is re-hashed 
(regardless of its length -- although usually those fields have 64, 72, or 128 
character field limits - depending on the web-page designer/programmer), and 
those 40 characters (the output of the sha1 hash) are compared to your stored 
hash... there is no query of the cleartext password.

Unfortunately, when you attempt to restore your passwords using just the stored 
cleartext passwords, you will find (not surprisingly) that passwords that were 
longer than the 16 chars generate a totally different hash result! (Interesting 
side-note: you could have told your users that their passwords were unchanged, 
but that they had to stop after the 16th character -- and it would have worked!)

I hope this explains a few things!!

Dan


IT4SOHO, LLC
33 4th St N; STE 211
St. Petersburg, FL 33701
+1-877-IT4SOHO
+1-877-484-7646
For service requests, direct your email to serv...@it4soho.com



-Original Message-
From: Eric Broch 
Sent: Friday, September 28, 2018 1:35 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: Fwd: Re: [qmailtoaster] centos 6

Thanks, Andy. Plain text password have been a part of qt for as long as I've 
been using it. I understand you're concern. I'm not sure about the password 
length issue, I don't remember ever changing (patching) vpopmail like that, but 
I'll look into it.


On 9/27/2018 11:28 PM, Andrew Swartz wrote:
> I recently did the backup/restore and I have one hiccup to report.
>
> A few of the account passwords did not work after backup from centos5
> and restore to centos7.
>
> Took some time to troubleshoot, but I poked around in the vpopmail
> database and figured it out.  It was due to the vpopmail database
> schema, which stores a 16 character password AND its hash.  It allowed
> [and worked with] passwords longer than 16 characters (I'm unsure how).
> But after the backup/restore, all passwords longer than 16 characters
> failed.  Problem was fixed by resetting all of these passwords to new
> ones with the proper length.  Luckily there were not many like this.
> But for a large system, this could be a major pain.
>
> This seems like a bug.  If the max password length is 16 characters,
> then the set-password webpage should reject passwords that are too long.
>
> Also, I'm not sure why it stores a plaintext password in addition to
> its hash.  The modern standard is to store only the hash.  This is
> potentially a major security problem.
>
> -Andy
>
>
> On 9/27/2018 8:57 PM, Tony White wrote:
>> Eric,
>>I now have a working v6 COS qmt, thank you for you help an patience.
>> Now the backup and restore...
>>
>> best wishes
>>Tony White
>>
>> On 28/09/18 14:43, Eric Broch wrote:
>>
>>> changed now
>>>
>>>
>>> On 9/27/2018 10:41 PM, Tony White wrote:
 Eric,
Yes I did run that command.

At stage 3 after manually starting qmail at the end of qt-install.

 Stage 3

 rpm -Uvh

RE: [qmailtoaster] simscan - bad attachment: d

[Dan McAllister - QMT DNS]

Eric - I've been away - looks like an appropriate patch to me.

 

Dan

 

From: Eric Broch  
Sent: Friday, September 21, 2018 2:24 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] simscan - bad attachment: d

 

I'll ask again, is the qmailtoaster community in agreement that the
following patch
  (and here
 ) should be applied to simscan for qmailtoaster:



--- simscan-1.4.0/simscan.c 2011-02-08 16:00:43.579074836 -0200
+++ simscan-1.4.0-fixed/simscan.c 2011-02-08 16:04:24.931075207 -0200
@@ -1735,10 +1735,14 @@
for(i=0;i 2 ) fprintf(stderr, "simscan: checking
attachment %s against %s\n", mydirent->d_name, bk_attachments[i] );
lowerit(mydirent->d_name);
- if ( str_rstr(mydirent->d_name,bk_attachments[i]) == 0 ) {
- strncpy(AttachName, mydirent->d_name, sizeof(AttachName)-1);
- closedir(mydir);
- return(1);
+ if ( strlen(mydirent->d_name) >= strlen(bk_attachments[i]) ) {
+ if ( str_rstr(mydirent->d_name,bk_attachments[i]) == 0 ) {
+ strncpy(AttachName, mydirent->d_name, sizeof(AttachName)-1);
+ closedir(mydir);
+ return(1);
+ }
+ } else {
+ if ( DebugFlag > 2 ) fprintf(stderr, "simscan: attachment
name '%s' (%d) is shorter than '%s' (%d). IGNORED\n",
mydirent->d_name, strlen( mydirent->d_name ), bk_attachments[i],
strlen( bk_attachments[i] ) );
}
}
}



Eric

 

On 9/13/2018 10:02 AM, Michele Federici wrote:

Hi,
I have done various tests and can confirm the presence of the bug.

If the doc attachment created with word 2007 (or other?) is sent through
outlook 2003/2007 (or others?), sometimes ripmime wrong to extract the
various parts of the email by generating a file "d". 

# ripmime --disable-qmail-bounce -i test_outlook.eml -d out_dir_res
# ls -l ./out_dir_res/
-rw-r--r-- 1 root root  0 13 sep 13.32 d
-rw--- 1 root root 442368 13 sep 13.32 mydocument.doc
-rw-r--r-- 1 root root 48 13 sep 13.32 textfile0
-rw-r--r-- 1 root root121 13 sep 13.32 textfile1
-rw-r--r-- 1 root root167 13 sep 13.32 textfile2

The interesting thing is that: this does not happen with all the doc files
but only with some. 

Simscan 1.4.0 (1.qt.el7) analyzes these files and due to a bug blocks the
e-mail with the error "bad attachment: d"

I could not replicate the problem with thunderbird: all the emails sent
arrived without problems. 

Probably the correct solution is to compile simscan with the patch indicated
in the post by Gustavo Castro.

Thank you
Michele

Il 11/09/2018 12:44, Michele Federici ha scritto:

Hi,

I've found this error "Your email was rejected because it contains a bad
attachment: d" in the smtp log.

I read these old post

http://qmailtoaster-list.qmailtoaster.narkive.com/u9RF8MRE/your-email-was-re
jected-because-it-contains-a-bad-attachment-d

http://gcastrop.blogspot.com/2011/02/problemas-con-adjuntos-en-simscan-con.h
tml

but I did not understand if current simscan 1.4.0 (1.qt.el7) is compiled
with the patch.

Can you help me?

Thank you
Michele
- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional
commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  


- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional
commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  





-- 
Eric Broch
White Horse Technical Consulting (WHTC)


---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

RE: [qmailtoaster] COS 6.10 qmt build error.

[Dan McAllister - QMT DNS]

There are quite a few left -- mostly set and forgotten about, but still working 


Dan

-Original Message-
From: Eric Broch 
Sent: Tuesday, September 11, 2018 5:33 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] COS 6.10 qmt build error.

Tony,

And replace

http://mirrors.qmailtoaster.com/current/nodist/qmailtoaster-release-2.0-1.qt.nodist.noarch.rpm


http://mirror2.qmailtoaster.com/current/nodist/qmailtoaster-release-2.0-1.qt.nodist.noarch.rpm



I'm not sure how many qmailtoaster mirrors are left...probably mine
(mirror2) and that's it.


On 9/11/2018 3:26 PM, Eric Broch wrote:
> Have a look here: https://www.qmailtoaster.org/ under CentOS 6
>
> -Eric
>
>
> On 9/11/2018 9:59 AM, Tony White wrote:
>> Hi folks,
>>   Trying to create a new COS6 server.
>>
>> All ok up to qt-bootstrap-2
>> where i get this error
>>
>> qt-bootstrap-2 - installing
>> qmailtoaster-release-2.0-1.qt.nodist.noarch.rpm (repo) ...
>> Retrieving
>> http://mirrors.qmailtoaster.com/current/nodist/qmailtoaster-release-2.0-1.qt.nodist.noarch.rpm
>>
>>
>> curl: (51) SSL: certificate subject name 'monk13.stakehouse.io' does
>> not match target host name 'mirrors.qmailtoaster.com'
>> error: skipping
>> http://mirrors.qmailtoaster.com/current/nodist/qmailtoaster-release-2.0-1.qt.nodist.noarch.rpm
>> - transfer failed
>> qt-bootstrap-2 - installing qmailtoaster-util (scripts) ...
>>
>> Any help appreciated please...
>>
>

--
Eric Broch
White Horse Technical Consulting (WHTC)


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] COS 6.10 qmt build error.

[Dan McAllister - QMT DNS]

Tony:

One of our mirrors is apparently using SSL on their site and don't have a copy 
of OUR SSL Certificate (yes, I have one for qmailtoaster.com)... I'll have to 
research who it is, but I'll try to work with them. In the meantime, I suggest 
simply re-trying... there should be other mirrors that aren't using SSL... tho 
I am confused because your email shows the URL WITHOUT https... SSL should only 
be in play while the URL uses https (not http)...

Dan


-Original Message-
From: Tony White 
Sent: Tuesday, September 11, 2018 12:00 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] COS 6.10 qmt build error.

Hi folks,
   Trying to create a new COS6 server.

All ok up to qt-bootstrap-2
where i get this error

qt-bootstrap-2 - installing qmailtoaster-release-2.0-1.qt.nodist.noarch.rpm 
(repo) ...
Retrieving 
http://mirrors.qmailtoaster.com/current/nodist/qmailtoaster-release-2.0-1.qt.nodist.noarch.rpm


curl: (51) SSL: certificate subject name 'monk13.stakehouse.io' does not match 
target host name 'mirrors.qmailtoaster.com'
error: skipping 
http://mirrors.qmailtoaster.com/current/nodist/qmailtoaster-release-2.0-1.qt.nodist.noarch.rpm
 - transfer failed
qt-bootstrap-2 - installing qmailtoaster-util (scripts) ...

Any help appreciated please...

--
best wishes
   Tony White


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] Rainloop removed squirrelmail

[Dan McAllister - QMT DNS]

Remo



Thanks for the heads up!



I will point out that there are MULTIPLE webmail interfaces that are compatible 
with QMail – SquirrelMail comes pre-packaged with QMToaster, and I always add 
RoundCube mail as an upgrade…



However, did you know that you can run ALL of them simultaneously?



If you want my roundcube client, just log into: https://mail.mydomain.com or 
https://mail.mydomain.com/webmail (I advertise the latter)

If you want my SquirrelMail client, just log into 
https://mail.mydomain.com/smail



You can easily add others – you just have to configure the virtualhosts in your 
apache config properly.



Best Regads,



Dan McAllister

QMT DNS & Mirror Admin



From: Remo Mattei 
Sent: Monday, August 20, 2018 11:13 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Rainloop removed squirrelmail




Hello guys, I installed rainloop and removed squirrelmail looks nice, =
fast, supports lots of options.

Remo



---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

RE: [qmailtoaster] Upgrading openssl in an old Qmailtoaster install

[Dan McAllister - QMT DNS]

I'm normally just a lurker around here anymore -- Eric does such a GREAT job 
helping you guys! Before I forget, GREAT WORK on getting the updated OpenSSL 
package installation instructions out there!

So, I'm going to add my 2-cents worth in today as an EXPLANATION of WHY you 
need to update your QMail server... and I hope you'll see why.

People using OLD versions of Qmail, or any other mail server, are likely to 
have connectivity issues -- especially after June 30!
Why? Because the IEFT  and PCI councils have recommended the SHUTDOWN of SSL 
(all versions -- even SSLv3) by June 30, and moving to REQUIRE TLS v1.1 or 
higher. *MANY ISPs ARE ALREADY REQUIRING TLS 1.2 or HIGHER!*

So, if you're using an OpenSSL stack from CentOS 3, 4, or 5, that's going to be 
a problem unless you are able to upgrade your OpenSSL package.

Why are the old SSL versions being SHUTDOWN? Because they have known 
vulnerabilities and we (the server admin community) have had SEVERAL YEARS now 
to address them.

I just thought you (gentle readers) might want to know the reason WHY your 
15-year-old QMT installation is starting to fail! LOL

Dan McAllister

QMT DNS Admin


-Original Message-
From: Eric Broch [mailto:ebr...@whitehorsetc.com]
Sent: Wednesday, June 27, 2018 12:09 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Upgrading openssl in an old Qmailtoaster install

Have a look at this thread:

https://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg41029.html

IMHO, there were to many packages that were dependent on openssl-9.8 on the 
CentOS 5 box to make this practical.


On 6/26/2018 11:44 PM, Brian Ghidinelli wrote:
>
> I'm running into the same SMTP TLS connection errors as reported by
> Sean Murphy in this email here:
>
> https://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg41115.html
>
>
> Same scenario: old, reliable CentOS 5 box. We need a few more months
> to transition off this box and we're getting an increasing number of
> TLS failures that are hard to fix with notls FQDNs.
>
> I have upgraded our openssl so I'm wondering if it's possible, using
> the source rpm for my very old install, to recompile and provide a new
> SSL library path?
>
> I am not very experienced with rpmbuild and have toyed with the
> qmail-toaster.spec file but I believe I ran into a problem that
> openssl 1.0.2l does not pass the checks for openssl >= 0.9.8. Any
> suggestions for a short term fix?
>
> I believe I would need to recompile and then replace just qmail-smtpd
> and qmail-remote, yes?
>
>
> Brian
>
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>

--
Eric Broch
White Horse Technical Consulting (WHTC)


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] Odd msg numbers in /var/log/qmail/send/current

[Dan McAllister - QMT DNS Admin]

There is nothing unusual about the message numbers: to essentially guarantee a 
unique number, Qmail uses the inode address (inode number) of the file as the 
message number.

Your inodes are being used and released as normal, and there are blocks the get 
reused over and over

 

Dan

 

From: Chris [mailto:boh...@gmail.com] 
Sent: Thursday, January 11, 2018 9:22 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Odd msg numbers in /var/log/qmail/send/current

 

While tracing a message today, I noticed something weird.  A strange 
distribution of message numbers.  running this command:

grep 'end msg' /var/log/qmail/send/current  | awk '{print $4}' | sort | uniq -c 
| sort -n

I got this result, which indicates that I'm not getting an even distribution of 
msg numbers.   I know this isn't a case of some messages getting stuck in the 
queue and having repeated delivery attempts, because I checked for that.  
Anyone else notice this before?

  1 1169605
  1 485974
  1 485993
  1 485994
  1 518835
  1 598620
  1 598621
  1 598622
  1 598623
  1 871911
  2 871910
  3 522872
  3 598618
  3 598619
  4 598617
  5 518834
  5 598612
  5 598615
  6 485973
  7 485972
  7 485991
  7 598614
  8 485971
 10 485970
 11 598608
 12 485990
 12 598611
 13 485968
 13 598600
 14 518833
 14 598613
 15 485989
 16 598606
 16 598610
 17 403440
 17 485969
 17 485988
 21 598609
 33 518832
 41 485987
 47 485965
 51 485975
 53 485983
 54 485967
 55 485986
 59 485977
 60 485966
 61 485985
 87 598607
107 522877
163 160176
168 485978
171 485976
188 485984
240 485981
255 485979
268 598599
280 485982
290 526373
406 485980
559 536520
627 485963
770 160177
   1356 485964

RE: [qmailtoaster] dmarc implementation

[Dan McAllister - QMT DNS Admin]

A couple of things:

1) The QMail DKIM solution works well -- EXCEPT when connecting to other QMail 
DKIM enabled systems, at which point it tends to disallow messages. No one has 
found a fix for this, to the standard is to keep DKIM turned OFF.

2) DMARC is not a security implementation like SPF or DKIM, it is more of a 
reporting and admin tool, the former being the original intent. Your DMARC 
settings tell other servers that they should send reports about failed connects 
to an email address. That way, should you misconfigure your DKIM or SPF 
settings and someone starts blocking your messages, you don't have to wait for 
USERS to complain to know about it!

Thus, DMARC is a purely DNS setting -- there is nothing to do in QMail to 
manage DMARC. If you follow the project lead and leave DKIM turned off, you 
simply indicate as such in your DMARC setting for your domain.

Finally, to my knowledge, only the "Big Guns" have implemented the email-server 
side of DMARC (that is, the side that generates reports and sends them). 
Hotmail/MSN/Outlook.com, Gmail, and Yahoo being the ones I've received reports 
from.

I hope this helps


Dan



-Original Message-
From: Rajesh M [mailto:24x7ser...@24x7server.net] 
Sent: Tuesday, January 2, 2018 1:21 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] dmarc implementation

Eric

2 questions please

Question 1)

the default qmail install points the symlink for qmailqueue to qmail-dk

which i have changed to

qmail-queue -> qmail-queue.orig

Do keep the same setting which is

qmail-queue -> qmail-queue.orig


Question 2)

Could you please send me the corresponding settings required in the tcp.smtp 
file ?

thanks,
rajesh



- Original Message -
From: Eric Broch [mailto:ebr...@whitehorsetc.com]
To: qmailtoaster-list@qmailtoaster.com
Sent: Tue, 2 Jan 2018 08:51:07 -0700
Subject: 

Hi Rajesh,

Thank you! I appreciate your sentiments and hope your New Year brings blessings 
of health and happiness as well.

This is a better link:

http://qmailtoaster.org/dkim.html

which will show you how to implement per domain.

Remember this is only signing messages going out. As of yet there is no dkim 
checking coming in, I'm looking into that.

Eric


On 1/2/2018 7:50 AM, Rajesh M wrote:
> eric,
>
> Wish you a wonderful New Year, full of health and happiness.
>
> I wish to implement  dmarc on my qmailtoaster servers
>
> i am using centos6 64 bit with the latest versions of qmailtoaster
>
> SPF is already being used on my server
>
> Concerning dkim, currently my  qmail-queue is symlinked to 
> qmail-queue.orig and not pointing to qmail-dk
>
> qmail-queue -> qmail-queue.orig
>
> could you please guide me on the implementation of DMARC
>
> i am planning to implement this for all the domains in my server.
>
> I saw this link while searching for a solution.
>
> https://github.com/qmtoaster/dkim
>
> Should i follow these steps as per the above link or would you like recommend 
> some other document.
>
> thanks as always,
> rajesh
>
>
>
>
>
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: 
> qmailtoaster-list-h...@qmailtoaster.com

--
Eric Broch
White Horse Technical Consulting (WHTC)




-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] Fail2ban for Squirrelmail.

[Dan McAllister - QMT DNS Admin]

My understanding of SquirrelMail is old (limited) because so many of my users 
prefer the RoundCube (I offer both)... You get 1 if you go to mail.domain and 
the other if you go to webmail.domain

In any case, I will have to look but I thought SM didn't write system logs when 
users failed on auth... perhaps there is a way to turn that on?
Also, I will want/need a similar solution for RC

Thanks for sharing your config tho!

Dan

-Original Message-
From: CarlC Internet Services Service Desk [mailto:ab...@carlc.com] 
Sent: Friday, December 29, 2017 11:53 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Fail2ban for Squirrelmail.

Dan,

I have it working showing the IP address:

In /etc/fail2ban/jail.conf:

# squirrelmail
[squirrelmail-iptables]
enabled  = true
filter   = squirrelmail
action   = iptables[name=SquirrelMail, port=http, protocol=tcp]
   sendmail-squirrelmail[name=SquirrelMail,dest=ab...@carlc.com, 
sender=ab...@carlc.com] # adjust logpath with Squirrelmail's squirrel_logger 
plugin log logpath  = /var/log/squirrelmail.log maxretry = 5


-Then in /etc/fail2ban/filter.d/squirrelmail.conf


[Definition]

failregex = ^ \[LOGIN_ERROR\].*from : Unknown user or password 
incorrect\.$

ignoreregex =

[Init]

datepattern = ^%%m/%%d/%%Y %%H:%%M:%%S

# DEV NOTES:
#
# Author: Daniel Black

For sendmail-squirrelmail in /etc/fail2ban/action.d, I copied 
sendmail-whois-lines.conf to sendmail-squirrelmail.conf and changed the very 
last line to:

# Path to the log files which contain relevant lines for the abuser IP # 
logpath = /var/log/squirrelmail.log

I hope this helps...
Carl


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] connection issues again.

[Dan McAllister - QMT DNS Admin]

Indeed: my systems use fail2ban on both smtp-auth and imap-auth (which is how 
both squirrelmail and roundcube authenticate) -- the only issue is that you 
have to whitelist/exclude from the test the SquirrelMail server itself 
(127.0.0.1 usually).

I am not aware of (and would love to get info on) detecting the SOURCE IP out 
of squirrelmail or roundcube so I can block the ORIGIN IP for systems attacking 
thru the webserver.

Thanks

Dan



-Original Message-
From: CarlC Internet Services Service Desk [mailto:ab...@carlc.com] 
Sent: Friday, December 29, 2017 10:57 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] connection issues again.

Would FAIL2BAN be an ideal setup here? I use it to control the attacks 
[example: more than 10 failed logins in 1 day, your banned for "X" hours].

Fail2ban also works with the SquirrelMail, Roundcube, etc... I have it setup on 
SMTP, SMTPS, SUBMISSION, POP3s and IMAPs. You can also use FAIL2BAN for SSH and 
ftp. The part I like, you can have fail2ban to send you an email that looks 
like this:

example

The IP 202.62.224.40 has just been banned by Fail2Ban after
10 attempts against pop3.


Lines containing IP:202.62.224.40 in /var/log/maillog

Dec 28 21:49:59 mail7 spamdyke[978]: DENIED_RELAYING from: x...@tea.com to: 
eax...@yahoo.com origin_ip: 202.62.224.40 origin_rdns: solar.ortel.net auth: 
(unknown) encryption: (none) reason: (empty) Dec 28 21:50:24 mail7 
vpopmail[1202]: vchkpw-smtp: null password given Newsletter:202.62.224.40 Dec 
28 21:51:11 mail7 vpopmail[1263]: vchkpw-smtp: null password given 
Company:202.62.224.40 Dec 28 21:51:46 mail7 vpopmail[1324]: vchkpw-smtp: null 
password given root:202.62.224.40 Dec 28 21:52:58 mail7 vpopmail[1451]: 
vchkpw-smtp: null password given temp:202.62.224.40 Dec 28 21:53:18 mail7 
vpopmail[1492]: vchkpw-smtp: null password given Test:202.62.224.40 Dec 28 
21:54:22 mail7 vpopmail[1577]: vchkpw-smtp: null password given 
abuse:202.62.224.40 Dec 28 21:54:42 mail7 vpopmail[1598]: vchkpw-smtp: null 
password given MYSQL:202.62.224.40 Dec 28 21:55:16 mail7 vpopmail[1804]: 
vchkpw-smtp: null password given office:202.62.224.40 Dec 28 21:55:44 mail7 
vpopmail[1844]: vchkpw-smtp: vpopmail user not found customer@:202.62.224.40 
Dec 28 21:56:07 mail7 vpopmail[1870]: vchkpw-smtp: vpopmail user not found 
company@:202.62.224.40 Dec 28 21:56:50 mail7 vpopmail[1920]: vchkpw-smtp: 
vpopmail user not found testing@:202.62.224.40 Dec 28 21:57:19 mail7 
vpopmail[1961]: vchkpw-smtp: vpopmail user not found temp@:202.62.224.40 Dec 28 
21:57:39 mail7 vpopmail[1991]: vchkpw-smtp: vpopmail user not found 
test@:202.62.224.40 Dec 28 21:59:11 mail7 vpopmail[2288]: vchkpw-smtp: vpopmail 
user not found newsletter@:202.62.224.40 Dec 28 21:59:37 mail7 vpopmail[2473]: 
vchkpw-smtp: vpopmail user not found customer@:202.62.224.40 Dec 28 22:00:05 
mail7 vpopmail[2826]: vchkpw-smtp: vpopmail user not found 
company@:202.62.224.40 Dec 28 22:00:49 mail7 vpopmail[2888]: vchkpw-smtp: 
vpopmail user not found testing@:202.62.224.40 Dec 28 22:01:05 mail7 
vpopmail[2919]: vchkpw-smtp: vpopmail user not found postmaster@:202.62.224.40

end example

If needed, I can post a few fail2ban scripts but I'm pretty sure they are 
available on the web for qmail if you search for them.

Carl

-Original Message-
From: A. Galatis [mailto:a...@unet.de]
Sent: Friday, December 29, 2017 10:25 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: AW: [qmailtoaster] connection issues again.

Hi Tony,

i have a script counting authentification errors from ip-addresses.
If an address appears more then my threshhold it is blocked vi iptables.
The log where I count ist he usual maillog.

Andreas

-Ursprüngliche Nachricht-
Von: jin [mailto:jinhit...@gmail.com]
Gesendet: Freitag, 29. Dezember 2017 15:59
An: qmailtoaster-list@qmailtoaster.com
Betreff: Re: [qmailtoaster] connection issues again.

Hi Remo
Are using some kind of autonomous app/scrpt to block them ? If  so, what kind 
of app/script are you using for drop them ?

On 29 Dec 2017 5:19 p.m., "Remo Mattei"  wrote:


Yes I created some rules based on connection time like 30 sec 5 min 30 
min etc. Dropped them.

Il giorno 29 dic 2017, alle ore 06:07, Solo  ha scritto:

Hi Tony.

Yes I see a lot - in my logs I think it's those spammers that tries to
connect to Your server using a lot of different names and end up getting
refused by vpopmail - se my logwatch file below (all ip addresses match
log entries in maillog and vpopmail)

- vpopmail Begin 


No Such User Found:
   4f3c5634.2010906@ - 1 Time(s)
   abc@ - 1 Time(s)
   ada@ - 1 Time(s)
   agenda@ - 1 Time(s)
   am@ - 1 Time(s)
   benson@ - 1 Time(s)
   

[qmailtoaster] DNS services -- ATTN DNS MIRROR ADMINS!

[Dan McAllister - QMT DNS Admin]

NOTE: 

 

If you are a QMailToaster DNS mirror, we need for you to make a change to
your configuration:

 

The OLD IP address of the master DNS server has changed (no longer 71..28)

The new and correct IP address is 47.206.57.8

 

Please update ASAP and email me here ( <mailto:q...@it4soho.com>
q...@it4soho.com) when you do!

 

Thanks,

 

Dan McAllister

RE: [qmailtoaster] Fwd: qmhandle

[Dan McAllister - QMT DNS Admin]

I like Eric's collection there -- I couldn't do my job without qmlog! :)

Dan

-Original Message-
From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Friday, February 17, 2017 10:11 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Fwd: qmhandle

ftp://ftp.qmailtoaster.com/pub/qmail/CentOS7/qmt/plus/qmailtoaster-plus/bin/


On 2/17/2017 7:33 AM, Todor Petrov wrote:
> Hi all,
>
> Can someone tell me how you manage the queue in Centos 7 toaster. 
> There are qmqtool and qmHandle tools missing.
>
> Are there tools for queue management  integrated or should I install 
> them manually? In toaster - Centos 6 are all of management tools 
> integrated.
>
> Best regards,
>
> Todor
>
>
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: 
> qmailtoaster-list-h...@qmailtoaster.com
>

--
Eric Broch, IMSO, DAM, NGOO, DITH, URTS
White Horse Technical Consulting (WHTC)


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] Fwd: qmhandle

[Dan McAllister - QMT DNS Admin]

Qmtool and qmhandle are part of what used to be QmailToasterPlus -- and are not 
"standard".
They are just scripts (and actually in need of some cleaning up -- they can be 
buggy in some cases).

Never the less, you can fetch copies from my file server if you like
http://mirror0.qmailtoaster.com/

Dan

PS: I just put those files out there -- there is a possibility they'll go away 
when the mirrors synch, and it so I'll just put them someplace else.  Let me 
know if they disappear



-Original Message-
From: Todor Petrov [mailto:tpet...@vmobile.eu] 
Sent: Friday, February 17, 2017 9:33 AM
To: qmailtoaster-list 
Subject: [qmailtoaster] Fwd: qmhandle

Hi all,

Can someone tell me how you manage the queue in Centos 7 toaster. There are 
qmqtool and qmHandle tools missing.

Are there tools for queue management  integrated or should I install them 
manually? In toaster - Centos 6 are all of management tools integrated.

Best regards,

Todor


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] SQwebmail

[Dan McAllister - QMT DNS Admin]

Roundcube is the service most of my clients prefer.
It will work with either Courier or Dovecot
It can work side-by-side with other webmail options (that's how I determined
that my clients prefer RC -- I let them choose!

Dan

-Original Message-
From: CarlC Internet Services Service Desk [mailto:ab...@carlc.com] 
Sent: Sunday, February 12, 2017 10:42 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] SQwebmail

For our newer CentOS 7 qmail servers, does anyone have a recommended
procedure to build SQwebmail [and do we need to load Courier? I hope not].
We have squirrelmail working [thank you Eric], but wanted to see what other
webmail type applications we can load, and we have a few users who want to
stay with SQwebmail.

How about Roundcube?

Do these require rebuilding the qmail server [for example: Roundcube
requires --with-pdo-mysql]? Or is it as simple as "yum install roundcube"
and configure to your needs?

Again, Thanks in advance!
Carl




-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] SMTP run script

[Dan McAllister - QMT DNS Admin]

The RUN file for SMTP is (or should be) nearly identical to the one for
SUBMISSION (and, if you're using it, SMTP-SSL).
The differences will be:
 - change port 587 to port 25 (note, your files may show "smtp" or
"submission" in the command line -- I prefer NOT to make it lookup those
values every time!)
 - turn off auth required (note: this is the REQUIRE_AUTH command

One final note: in MY files, I use DIFFERENT SpamDyke settings for each
(smtp, submission, smtp-ssl) -- so in MY case, that would be different too.

Dan McAllister

-Original Message-
From: pe...@peterse-uithuizen.com [mailto:pe...@peterse-uithuizen.com] 
Sent: Friday, February 10, 2017 7:21 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] SMTP run script

Hello all,

does anyone knows where to find a right copy of the script
/var/qmail/supervise/smtp/run?

I screwed the file by accident.

Regards,
Peter

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] question about qmailtoaster and + as a delimiter instead of the default - option

[Dan McAllister - QMT DNS Admin]

Eric:

 

I’m about at my wits end on this server. I’ve tested the RAM, I’ve checked 
EVERYTHING I can think of… and to no avail.

As it turns out, the ripmime error ONLY shows up when an email is submitted to 
the SUBMISSION port and ONLY when SSL is invoked.

Whats more, it fails the submit job, rendering outside clients UINABLE to send 
messages (though internal clients are sending without incident)

 

I’m about to the point of ripping this thing out and migrating the client to a 
new service., but I was wondering if you’d be willing to remote in and look 
things over – maybe I’m missing something simple. (NOTE: This is an OLD config 
– courier and all!)

 

I’d be willing to pay you for your time – but I’ve gotta do SOMETHING with it 
this weekend. My client’s about to pull their hair out over this!

 

Thanks

 

Dan

 

727-213-2280 (my follow-me number – I’m on Eastern time – Florida – and am 
usually up until midnight, and awaken at about 8AM)

 

 

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Friday, February 3, 2017 5:13 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] question about qmailtoaster and + as a delimiter 
instead of the default - option

 

Thanks for clearing it up Dan.

 

On 2/3/2017 3:11 PM, Dan McAllister - QMT DNS Admin wrote:

Just catching up on emails in this box, and have 4 notes on this topic:

1.  The dash being a delimiter is embedded inside of qmail. It was done so 
primarily to help the likes of the ezmlm group management system, but it comes 
in handy in TONS of ways. (For example, I use dan=ms@mydomain as my email at 
live.com so that when SPAM shows up in my inbox having been addresses to 
dan-ms@mydomain, I know that Microsoft has sold my email address (or leaked it 
in a data breach!)).
2.  You cannot change the delimiter in qmail unless you recompile the code. 
It’s not a variable that is set somewhere (AFIK). It’s OLD qmail.
3.  The qmail-users file is designed for use in old-qmail – but we (qmt) 
use qmail with vpopmail – so the folders are located differently. Just an FYI 
for when you go out and read some of the documentation for the format of that 
file.
4.  You CAN accomplish using + as a delimiter by using vpopmail aliases…. 
But that’s not likely what you want at all.

 

Dan

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Friday, February 3, 2017 12:45 PM
To: qmailtoaster-list@qmailtoaster.com 
<mailto:qmailtoaster-list@qmailtoaster.com> 
Subject: Re: [qmailtoaster] question about qmailtoaster and + as a delimiter 
instead of the default - option

 

Perhaps,

This may help, although, honestly, I wouldn't know now how to implement it.

http://www.lifewithqmail.org/lwq.html#qmail-users

Eric

 

On 2/3/2017 10:33 AM, Eric Broch wrote:

Okay, I understand.

I'm not sure how to use a + instead of a -, easily in qmail.

 

On 2/3/2017 9:58 AM, Michiel van Es wrote:

Hi Eric, 

 

I don't want to create a new user but it should be all sent to the same mailbox.
For example test+t...@domain.ltd <mailto:test+t...@domain.ltd>  should go to 
the mailbox of user t...@domain.ltd <mailto:t...@domain.ltd> .

The good thing with the delimiter is that you can use 
user+websitewhereyouveboughtsomethin...@domain.ltd 
<mailto:user+websitewhereyouveboughtsomethin...@domain.ltd>  and it is always 
sent to the u...@domain.ltd <mailto:u...@domain.ltd>  mailbox where the user 
can filter the detail part and sent it to a subfolder and keep track on all 
those websites.

 

Cheers,

 

Michiel

 

2017-02-03 17:27 GMT+01:00 Eric Broch <ebr...@whitehorsetc.com 
<mailto:ebr...@whitehorsetc.com> >:

Hi Michiel

I have to admit that I know nothing about the delimiters in qmail, but as a 
test set up two accounts on my own server:

1) test+t...@mydomain.com <mailto:test+t...@mydomain.com> 

2) test-t...@mydomain.com <mailto:test-t...@mydomain.com> 

qmail accepted mail for both users.

Personally I use Maildrop, but have looked into using Sieve for Dovecot 
'triggered' by its own LDA, 'deliver' here:  
http://www.qmailtoaster.org/notes.html 

originally here: wiki: http://wiki.dovecot.org/LDA/Qmail

Eric

 

On 2/3/2017 9:04 AM, Michiel van Es wrote:

Hi Eric, 

 

Correct. I use sieve to filter on the detail part.

 

Cheers,

 

Michiel

 

2017-02-03 16:27 GMT+01:00 Eric Broch <ebr...@whitehorsetc.com 
<mailto:ebr...@whitehorsetc.com> >:

Hi Michiel,

Are you talking about an address like

test+t...@domain.tld <mailto:test+t...@domain.tld> 

as opposed to

test+t...@domain.tld <mailto:test+t...@domain.tld> 

?

Eric


On 2/3/2017 6:19 AM, Michiel van Es wrote:

Hi,

I am using Postfix/OpenSMTPD which use the + as delimiter which I can filter on 
with sieve (dovecot).
I know that the default delimiter in Qmail is - and if you want to change it, 
you have to recompile Qmail to use + as a delimiter.

My question is: is there an easy way

RE: [qmailtoaster] question about qmailtoaster and + as a delimiter instead of the default - option

[Dan McAllister - QMT DNS Admin]

Just catching up on emails in this box, and have 4 notes on this topic:

1.  The dash being a delimiter is embedded inside of qmail. It was done so 
primarily to help the likes of the ezmlm group management system, but it comes 
in handy in TONS of ways. (For example, I use dan=ms@mydomain as my email at 
live.com so that when SPAM shows up in my inbox having been addresses to 
dan-ms@mydomain, I know that Microsoft has sold my email address (or leaked it 
in a data breach!)).
2.  You cannot change the delimiter in qmail unless you recompile the code. 
It’s not a variable that is set somewhere (AFIK). It’s OLD qmail.
3.  The qmail-users file is designed for use in old-qmail – but we (qmt) 
use qmail with vpopmail – so the folders are located differently. Just an FYI 
for when you go out and read some of the documentation for the format of that 
file.
4.  You CAN accomplish using + as a delimiter by using vpopmail aliases…. 
But that’s not likely what you want at all.

 

Dan

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Friday, February 3, 2017 12:45 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] question about qmailtoaster and + as a delimiter 
instead of the default - option

 

Perhaps,

This may help, although, honestly, I wouldn't know now how to implement it.

http://www.lifewithqmail.org/lwq.html#qmail-users

Eric

 

On 2/3/2017 10:33 AM, Eric Broch wrote:

Okay, I understand.

I'm not sure how to use a + instead of a -, easily in qmail.

 

On 2/3/2017 9:58 AM, Michiel van Es wrote:

Hi Eric, 

 

I don't want to create a new user but it should be all sent to the same mailbox.
For example test+t...@domain.ltd   should go to 
the mailbox of user t...@domain.ltd  .

The good thing with the delimiter is that you can use 
user+websitewhereyouveboughtsomethin...@domain.ltd 
  and it is always 
sent to the u...@domain.ltd   mailbox where the user 
can filter the detail part and sent it to a subfolder and keep track on all 
those websites.

 

Cheers,

 

Michiel

 

2017-02-03 17:27 GMT+01:00 Eric Broch  >:

Hi Michiel

I have to admit that I know nothing about the delimiters in qmail, but as a 
test set up two accounts on my own server:

1) test+t...@mydomain.com  

2) test-t...@mydomain.com  

qmail accepted mail for both users.

Personally I use Maildrop, but have looked into using Sieve for Dovecot 
'triggered' by its own LDA, 'deliver' here:  
http://www.qmailtoaster.org/notes.html 

originally here: wiki: http://wiki.dovecot.org/LDA/Qmail

Eric

 

On 2/3/2017 9:04 AM, Michiel van Es wrote:

Hi Eric, 

 

Correct. I use sieve to filter on the detail part.

 

Cheers,

 

Michiel

 

2017-02-03 16:27 GMT+01:00 Eric Broch  >:

Hi Michiel,

Are you talking about an address like

test+t...@domain.tld  

as opposed to

test+t...@domain.tld  

?

Eric


On 2/3/2017 6:19 AM, Michiel van Es wrote:

Hi,

I am using Postfix/OpenSMTPD which use the + as delimiter which I can filter on 
with sieve (dovecot).
I know that the default delimiter in Qmail is - and if you want to change it, 
you have to recompile Qmail to use + as a delimiter.

My question is: is there an easy way to switch from the - delimiter to + so I 
can keep my current email addresses intact?

Cheers,

Michiel


-- 
Eric Broch, IMSO, DAM, NGOO, DITH, URTS
White Horse Technical Consulting (WHTC)
406.214.6802  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
 
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 
 

 





-- 
Eric Broch, IMSO, DAM, NGOO, DITH, URTS
White Horse Technical Consulting (WHTC)
406.214.6802  

 





-- 
Eric Broch, IMSO, DAM, NGOO, DITH, URTS
White Horse Technical Consulting (WHTC)
406.214.6802





-- 
Eric Broch, IMSO, DAM, NGOO, DITH, URTS
White Horse Technical Consulting (WHTC)
406.214.6802

RE: [qmailtoaster] Been away for a long while...

[Dan McAllister - QMT DNS Admin]

Craig:

 

Yes on both counts – QMT utilizes the VPopMail add-on for virtual domains, and 
ezmlm is part of the default config.

 

Dan McAllister

 

 

From: Craig McLaughlin [mailto:craig.p.mclaugh...@gmail.com] 
Sent: Wednesday, November 9, 2016 3:10 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Been away for a long while...

 

 

... can someone point me to an up to date project status?



... or just answer this question:

Does qmt handle virtual domains & ezmlm for same?

Thanks,

--Craig

RE: [qmailtoaster] Fetchmail install and configure on qmailtoaster system

[Dan McAllister - QMT DNS Admin]

Apologies to the group – my outlook took eric’s email and applied the group 
address to it.

 

My bad (would belong on the developer group anyway!)

 

Dan

 

From: Dan McAllister - QMT DNS Admin [mailto:q...@it4soho.com] 
Sent: Tuesday, November 8, 2016 3:41 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Fetchmail install and configure on qmailtoaster 
system

 

Eric:

 

I took a moment today and looked over your install scripts for QMT on COS 6 and 
noted you had a way to switch between BIND & Daniel’s DJBDNS… to that end, I 
have some thoughts. (I’m assuming you and I – and hopefully a 3rd – can start 
moving forward on re-setting this project in a forward motion!)

 

The use/presence of a DNS “server” in a QMT “server” was an issue Shubes and I 
went around and around on – the gist (from my perspective) being that we (as-in 
the QMT service) don’t need a DNS “server” so-to-speak, rather we need a fast 
and efficient DNS “resolver”. Along those lines, my default COS 6 install uses 
PowerDNS (pdns-recursor from EPEL), and I’ve found it to be REMARKABLY fast and 
light-weight.

 

I have a NUMBER of config settings I think you might agree make sense to be 
defaults. Here are some examples:

-  qmail-smtp on port 25 uses spamdyke to REMOVE SMTPAUTH (so users 
CANNOT submit mail on port 25)

-  qmail-smtp on port 587 is ENABLED by default, and ALLOWS encryption 
and REQUIRES login (SMTPAUTH)

-  qmail-smtp on port 465 is ENABLED by default, and REQUIRES both 
SMTPAUTH and encryption

-  POP and IMAP are enabled by default, but ONLY on the SSL ports (993 
& 993).

-  I install and enable BOTH squirrelmail (mail.domain.com) AND 
roundcube (webmail.domain.com) by default

 

NOTE: I still use COURIER IMAP – tho I’m trying to get into DoveCot on my next 
system.

 

 

More later

 

Dan

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Monday, November 7, 2016 12:52 AM
To: qmailtoaster-list@qmailtoaster.com 
<mailto:qmailtoaster-list@qmailtoaster.com> 
Subject: Re: [qmailtoaster] Fetchmail install and configure on qmailtoaster 
system

 

If I understand you correctly here are some examples (just a little googling): 

Maildrop: https://bbs.archlinux.org/viewtopic.php?id=147058

Dovecot LDA:

poll  with proto POP3
user u...@domain.tld <mailto:u...@domain.tld>  there with pass 
options fetchall
mda "/usr/libexec/dovecot/deliver -d u...@domain.tld <mailto:u...@domain.tld> "
 
 
 
 

 

On 11/6/2016 10:16 PM, Chandran Manikandan wrote:

Dear Friends, 

 

I have running qmailtoaster in centos 6.6 system and kept in datacenter.

 

I am planning to keep one more server in our office with the same domain.

All the emails want to store both server with the same domain .

Is it possible to do fetchmail installation in my local office server to 
configure the same domain with the email accounts.

Anyone have the experience.

Could you help me to provide the installation and configuration steps.

-- 

Thanks, 

Manikandan.C

System Administrator

 

RE: [qmailtoaster] Fetchmail install and configure on qmailtoaster system

[Dan McAllister - QMT DNS Admin]

Eric:

 

I took a moment today and looked over your install scripts for QMT on COS 6 and 
noted you had a way to switch between BIND & Daniel’s DJBDNS… to that end, I 
have some thoughts. (I’m assuming you and I – and hopefully a 3rd – can start 
moving forward on re-setting this project in a forward motion!)

 

The use/presence of a DNS “server” in a QMT “server” was an issue Shubes and I 
went around and around on – the gist (from my perspective) being that we (as-in 
the QMT service) don’t need a DNS “server” so-to-speak, rather we need a fast 
and efficient DNS “resolver”. Along those lines, my default COS 6 install uses 
PowerDNS (pdns-recursor from EPEL), and I’ve found it to be REMARKABLY fast and 
light-weight.

 

I have a NUMBER of config settings I think you might agree make sense to be 
defaults. Here are some examples:

-  qmail-smtp on port 25 uses spamdyke to REMOVE SMTPAUTH (so users 
CANNOT submit mail on port 25)

-  qmail-smtp on port 587 is ENABLED by default, and ALLOWS encryption 
and REQUIRES login (SMTPAUTH)

-  qmail-smtp on port 465 is ENABLED by default, and REQUIRES both 
SMTPAUTH and encryption

-  POP and IMAP are enabled by default, but ONLY on the SSL ports (993 
& 993).

-  I install and enable BOTH squirrelmail (mail.domain.com) AND 
roundcube (webmail.domain.com) by default

 

NOTE: I still use COURIER IMAP – tho I’m trying to get into DoveCot on my next 
system.

 

 

More later

 

Dan

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Monday, November 7, 2016 12:52 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Fetchmail install and configure on qmailtoaster 
system

 

If I understand you correctly here are some examples (just a little googling): 

Maildrop: https://bbs.archlinux.org/viewtopic.php?id=147058

Dovecot LDA:

poll  with proto POP3
user u...@domain.tld   there with pass 
options fetchall
mda "/usr/libexec/dovecot/deliver -d u...@domain.tld  "
 
 
 
 

 

On 11/6/2016 10:16 PM, Chandran Manikandan wrote:

Dear Friends, 

 

I have running qmailtoaster in centos 6.6 system and kept in datacenter.

 

I am planning to keep one more server in our office with the same domain.

All the emails want to store both server with the same domain .

Is it possible to do fetchmail installation in my local office server to 
configure the same domain with the email accounts.

Anyone have the experience.

Could you help me to provide the installation and configuration steps.

-- 

Thanks, 

Manikandan.C

System Administrator

 

RE: [qmailtoaster] concerning updates to qmailtoaster

[Dan McAllister - QMT DNS Admin]

Rajesh & Eric:

I find this thread particularly compelling -- I have 3 different "large" qmail 
servers, each of which hosts more than 20,000 users. One of the most difficult 
items to control is when one of my users gets infected with a "virus" (or other 
type of malware) that then abuses the fact that qmail itself (or, at least not 
QMT) doesn't validate the FROM header entry against the authentication 
credentials.

Years ago, when I spoke to Jake Vickers about it, he claimed it was essentially 
impossible, however since then I have to suspect it is very much possible -- 
because the CHKUSER log entries show (on a single line) the from and auth user 
data.

Not having the time to delve into CHKUSER arguments, I wrote a script that 
checks the CHKUSER entries in the log files and warns (and eventually suspends) 
users who send from different domains than what they logged in as. (I also use 
it to automatically throttle users who send too many emails -- SPAM! I allow 
only 250 SMTP connections a day. :)

It would be an AMAZING help to me if SpamDyke (or CHKUSER) would be able to 
DENY these fraudulent headers INSTANTLY... so let's keep looking at this, if 
you don't mind!

Thanks

Dan McAllister
IT4SOHO

PS: NOTE: It is NECESSARY for some users to be allowed to bypass this check 
(and SPF and other checks) -- in particular for backup mail servers who might 
queue up messages for a server while it is down and deliver them once back up.

-Original Message-
From: Rajesh M [mailto:24x7ser...@24x7server.net] 
Sent: Sunday, July 24, 2016 9:51 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] concerning updates to qmailtoaster

eric

i am using spamdyke5

a new spamdyke.conf was generated which i am using and the qmail services are 
working like normal

my idea was to block email ids where the reply-to (envelope sender) were 
different from authentication domain.

so in my config file i have this since as per spamdyke config it will go 
through all the aspects

reject-sender=not-local
reject-sender=authentication-domain-mismatch
reject-sender=no-mx

however in my thunderbird when using a different reply-to email id it does not 
work.

in whitelist_ip i have only one ip : 127.0.0.0.1

in my whitelist_senders i do  not have the sending domain listed

rajesh

- Original Message -
From: Eric [mailto:ebr...@whitehorsetc.com]
To: qmailtoaster-list@qmailtoaster.com
Sent: Sun, 24 Jul 2016 11:57:17 -0600
Subject: 

Rajesh,

It would be just like any other RPM update. The RPM install will stop and start 
services. With Spamdyke, if you're upgrading to 5, you'll have to run a script 
(below) I provided, but until you run it you're toaster will be rejecting email 
(it only takes a second to run).

Remember if you have special settings in spamdyke.conf backup!


#!/bin/sh
sed -i \
-e 's/reject-missing-sender-mx/reject-sender=no-mx/g' \ -e 
's/rejection-text-missing-sender-mx/rejection-text-sender-no-mx/g' \ -e 
's/reject-identical-sender-recipient/reject-recipient=same-as-sender/g' \ -e 
's/rejection-text-identical-sender-recipient/rejection-text-recipient-same-as-sender/g'
 
\
-e 's/local-domains-file/qmail-rcpthosts-file/g' \ -e 
's/local-domains-entry=/#local-domains-entry=(Add these entries to 
qmail-rcpthosts-file)/g' \ -e 's/morercpthosts/qmail-morercpthosts-cdb/'g 
/etc/spamdyke/spamdyke.conf 

Eric

On 7/24/2016 5:32 AM, Rajesh M wrote:
> hi
>
> i am using qmailtoaster on centos 6
>
> the SRPMS i have are from the old qmail site and a few from 
> ftp.whitehorse
>
> my question was whether i can update dovecot, spamassassin and 
> spamdyke without causing intereference with existing working qmailtoaster, 
> similar to the manner in which i update clam.
>
> i would be shutting down the qmailserver during the updates
>
>
> thanks
> rajesh
>
>
>
>
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: 
> qmailtoaster-list-h...@qmailtoaster.com
>

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] temporarily disable a domain

[Dan McAllister - QMT DNS Admin]

I never saw a reply to this, so I’ll pipe up here

 

When you “lose a domain” but need to keep “supporting” that domain (e.g. so 
users can still get to their old mail), the thing to do is to create a rule 
that forwards messages addressed to that domain to the correct server.

Step 1: Remove the domain from the list of LOCAL DOMAINS (see 
/var/qmail/control/[locals | rcpthosts | virtualdomains]

Step 2: Create a rule to forward mail for that domain to the correct server 
(entry in /var/qmail/control/smtproutes)

 

To explain:

In Step 1 we had to remove the local-delivery mechanism for .tv – that is, 
STOP processing mail received by SMTP as-if we were a valid server for that 
domain

In Step 2 we had to tell the server just what to do with mail from that domain. 
See our wiki (http://wiki.qmailtoaster.com/index.php/Smtproutes) for a full 
explanation of smtproutes, and know that QMT already includes the 
qmail-remote-auth patch mentioned

 

NOTES: 

-  If you still wish to receive mail for that domain, but just forward 
it to the other server, you can do so by restoring the entry in rcpthosts

-  If you are worried about SPF or other types of issues that this kind 
of forwarding can cause, create a “back channel” connection. This takes 
advantage of QMT’s allowing any authorized user to send mail as any user they 
want! To do this, just add account authentication on the end of the smtproutes 
entry.

 

I hope you find this useful

 

Dan McAllister

IT4SOHO

 

 

 

From: Jim Shupert [mailto:jshup...@pps-inc.com] 
Sent: Friday, July 15, 2016 5:21 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] temporarily disable a domain

 

Friends

I wish to temporarily disable or sever a domain on my qmailtoaster

I have 4 domains

.com
.com
.com
.tv   

and .tv is being moved ( maybe )

In truth
the folks who "are" .tv are having thier mail going to a 
rackspace mail providing service /server

so you could say i am losing them as a client ...
they have changed thier A record & the dns
But they are in the same bldging - the users are inside the same router / 
firewall.

( .tv  is a division of a master company that is .com )

my goal is to disable "my" .tv 
so that all the world sees the rackspace .tv 


I see under
Qmail Toaster Admin

http://mailhost..com/mail/vqadmin/toaster.vqadmin?nav=view_domain 
<http://mailhost..com/mail/vqadmin/toaster.vqadmin?nav=view_domain=.tv>
 =.tv

6 check boxes

Disable pop access   
Disable imap access   
Disable dialup access   
Disable change password   
Disable web access   
Disable email relay 

if I check  

Disable pop access   
Disable imap access 
( or all six )

and click   Modify Domain

will "my" .tv  effectively be "turned OFF"

and I could then , if i wish to , unCheck & Modify Domain there by turn it "on"


thanks

sorry this is a wacky Q 

RE: [qmailtoaster] DMARC checking?

[Dan McAllister - QMT DNS Admin]

LOL - Thanks for the "education" about DMARC :)

For the record, I depend heavily on DMARC records -- but 90% of mail servers 
that will even check for SPF, do so with the SPF record in mind, and not the 
DMARC one. As I asserted in my original message, only a few "big guns" are even 
looking at the DMARC records at all, much less providing the response 
mechanisms.

To my knowledge, the DMARC record cannot REPLACE the SPF record (they're both 
just TXT record lookups), but the DMARC record CAN tell a recipient server that 
you are interested in hearing about "bad mail" from your domain(s).
(Most SPF records end with a "~all" -- which is actually an indication that 
you're "just testing SPF" and creating a "soft fail" when it is violated. MY 
SPF records end with "-all" [that would be a DASH instead of a TILDE] -- which 
is an indication that we think we know what we're doing, and if It fails SPF, 
it should be considered a HARD FAIL... what you do with it after that is up to 
the recipient mail server. The supposition is that, someday, most will reject 
or discard HARD FAIL messages, but even in QMail, we have our own options (read 
up on SPF levels), so not everyone is playing by the same rules.)

Generally equivalent statements can be made about DKIM.

In NEITHER case have I seen any kind of documentation on what an organization 
is supposed to do if SPF says to HARD FAIL any disproven sender, but DMARC says 
not to... or the other way around!

So I repeat my assertion that the real VALUE of DMARC is in the back-reporting 
function which I will repeat has helped me numerous times to detect an 
issue BEFORE other mechanisms (like RBLs) have been triggered!

As you might expect, my servers & domains use SPF and DMARC -- and if we had 
better processing (long-standing bug) in QMAIL for DKIM, I would use it too!

Cheers!

Dan McAllister

PS: Perhaps when I retire in a few years I'll fix the DKIM processing and 
create DMARC processing for QMAIL :) 
Most on here don't know it, but I started in SW development tracking missiles 
at CCAFS!


-Original Message-
From: Eric [mailto:ebr...@whitehorsetc.com] 
Sent: Thursday, July 21, 2016 2:05 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] DMARC checking?

Dan,

This is from the DMARC website
(https://dmarc.org/wiki/FAQ#How_does_DMARC_work.2C_briefly.2C_and_in_non-technical_terms.3F):

"How does DMARC work, briefly, and in non-technical terms?"

"A DMARC policy allows a sender to indicate that their messages are protected 
by SPF and/or DKIM, and tells a receiver what to do if neither of those 
authentication methods passes – such as junk or reject the message. DMARC 
removes guesswork from the receiver’s handling of these failed messages, 
limiting or eliminating the user’s exposure to potentially fraudulent & harmful 
messages. DMARC also provides a way for the email receiver to report back to 
the sender about messages that pass and/or fail DMARC evaluation."

And:

"Why is DMARC needed?"

"End users and companies all suffer from the high volume of spam and phishing 
on the Internet. Over the years several methods have been introduced to try and 
identify when mail from (for example) IRS.GOV really is, or really isn’t coming 
from the IRS. However:

 These mechanisms all work in isolation from each other
 Each receiver makes unique decisions about how to evaluate the results
 The legitimate domain owner (e.g. IRS) never gets any feedback

DMARC attempts to address this by providing coordinated, tested methods for:

 Domain owners to:
 Signal that they are using email authentication (SPF, DKIM)
 Provide an email address to gather feedback about messages using their 
domain – legitimate or not
 A policy to apply to messages that fail authentication (report, 
quarantine, reject)

 Email receivers to:
 Be certain a given sending domain is using email authentication
 Consistently evaluate SPF and DKIM along with what the end user sees 
in their inbox
 Determine the domain owner’s preference (report, quarantine or
reject) for messages that do not pass authentication checks
 Provide the domain owner with feedback about messages using their 
domain

A domain owner who has deployed email authentication can begin using DMARC in 
“monitor mode” to collect data from participating receivers. As the data shows 
that their legitimate traffic is passing authentication checks, they can change 
their policy to request that failing messages be quarantined. As they grow 
confident that no legitimate messages are being incorrectly quarantined, they 
can move to a 'reject' policy."

It seems to me that the DMARC website indicates that not only is feedback 
provided for but a message policy (report, quarantine, reject) for failed 
authentication.

Correc

RE: [qmailtoaster] DMARC checking?

[Dan McAllister - QMT DNS Admin]

I'm not sure what you mean by DMARC checking?
Generally, SPF is triggered by the existence of an appropriate DNS entry, while 
a DKIM check would be triggered by a DKIM signature in the header of the 
message.
The point of DMARC isn't to trigger any checking, it is to provide a FEEDBACK 
mechanism to senders whose domains may be being attacked or otherwise abused.
AFIK, only a few MAJOR mail providers are actively providing that feedback -- 
but even so, it's been EXTREMELY valuable to me as an ESP admin! They have 
helped me capture abuse far faster than otherwise possible!

So again, I'm not sure what you're asking for with regards to DMARC

Dan McAllister
IT4SOHO

-Original Message-
From: Eric [mailto:ebr...@whitehorsetc.com] 
Sent: Wednesday, July 20, 2016 12:44 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] DMARC checking?

Jaime,

I'm not sure. It can be run from the command line so I'm wondering if it could 
not be put in a .qmail/.mailfilter file or even implemented with 
Dovecot...somehow?

Eric


On 7/20/2016 9:07 AM, Jaime Lerner wrote:
> Is it possible to set up inbound DMARC checking on a QMT setup?

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] catch all account and the spam

[Dan McAllister - QMT DNS Admin]

The CORRECT way to do this is to create the .qmail-default file with an entry 
that says:

|   /home/vpopmail/bin/vdelivermail   ‘’   delete

 

NOTE: Extra spaces added for readability on “variable width font” readers :)

You will find the DEFAULT entry says “bounce-no-mailbox” where I have delete 
above.

 

I haven’t been following this thread, but I assume you were using an email 
address instead of “bounce-no-mailbox” to create your catchall account? 

If not, that would be the appropriate way to do so.

 

Now I can’t just reply to HOW without adding my 2-cents worth as to why I think 
“bounce-no-mailbox” is the WORST of the options:

-  It allows spammers to “mine” your domain for “good” email addresses 
(which then get sold!)… how? Send a note to a...@yourdomain.com 
<mailto:a...@yourdomain.com> , b...@yourdomain.com <mailto:b...@yourdomain.com> 
, etc. For each one that does NOT get a bounceback, you have a good address! 
SPAM IT!

-  Once your domain is “mature” (been around a few years), your 
“catchall” account will get thousands of emails a day – from spammers trying to 
mine your domain!

 

That means (to me, anyway) that you should DEFAULT to a “delete” policy… if 
they send to a bad email address… oh well, I guess they won’t get a reply! When 
they CHECK with the recipient, they’ll be able to figure it out. But in the 
few, rare instances where there needs to be SOMETHING done with badly addressed 
messages, a catchall account is superior to a “bounce-no-mailbox” option.

 

Those opinions are MINE. Feel free to share in them or oppose them – but their 
only value is the time you have invested in reading them, so treat accordingly.

 

Have a great day all!

 

Dan McAllister

IT4SOHO

 

QMT DNS Admin (or at least I WAS!)

 

 

 

From: Angus McIntyre [mailto:an...@pobox.com] 
Sent: Friday, July 8, 2016 9:49 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] catch all account and the spam

 

On Jul 7, 2016, at 1:10 PM, Jim Shupert <jshup...@pps-inc.com 
<mailto:jshup...@pps-inc.com> > wrote:

I am wondering what a "wise" method of doing the catch all account regarding 
spam might be

To limit the amount of spam that a standard user who is catch all (me for 
example )

I have created a usr named d...@mydom.com <mailto:d...@mydom.com> 
this "usr" has a quota of 40 MB … so it goes over quota in a day or so...
It is ,for the sake of argument , ALL spam.
what are you wise folk doing?

 

Because spammers will spam anything and everything — I have seen spam targeting 
‘email addresses’ that were obviously created by some scraper program so dumb 
that it thought a message ID (something like 
“122324313109.1231...@somedomain.com 
<mailto:122324313109.1231...@somedomain.com> ”) was an email account — I would 
question whether there’s any value in having a catch-all. Better to set up 
.qmail files for the addresses you actually want, and then just send everything 
else to /dev/null.

 

To do that, create a ‘.qmail-default’ file for your domain, enter a ‘#’ 
character on the first line, and then add one blank line after it.

 

If you think that you might some day get useful mail sent to a catch-all 
address, then you’ll probably want to do two things. 

 

One is to set up a cron job that just throws away everything in the catch-all 
account at regular intervals, so that you don’t go over quota and start 
bouncing mail.

 

The other is to use something like procmail to filter the mail coming into the 
catch-all. You can write two kinds of filters. One filter will throw away stuff 
that’s known to be spam (to prevent the mailbox overflowing, and to reduce the 
amount of mail you need to review manually). The other should look for 
particular keywords that indicate something that might be interesting to you, 
and divert that to one of your active mailboxes.

 

Also consider making use of Spamdyke features — for example, rejecting messages 
from domains without valid RDNS — to reduce the amount of spam you need to 
process.

 

Angus

Re: [qmailtoaster] Email security from users

[Dan McAllister]

Yes... and no

The function is a TAP and there is already the "patch" installed in QMT 
(the code comes from INTER7 - same source as VPOPMAIL)


The granularity is available on the domain, down to the user level -- 
but you catch EVERYTHING (inbound and outbound) in the TAP, so you need 
to be somewhat careful (for example, it I "tap" sample.com, and I send 
the data to the email "t...@sample.com" you'll get a loop (and a very 
full hard drive in very short order).


In my experience, all TAPS should be sent to an off-domain email 
address. (That is, if you're tapping DOMAINA.COM -- or even just a user 
on DOMAINA.COM, then the tap account (the account receiving all the 
copies of all the data) must NOT be on DOMAINA.COM!


Otherwise, the wiki page does a fine job of explaining how to use it.

http://wiki.qmailtoaster.com/index.php/Taps

Dan McAllister
IT4SOHO

On 5/22/2016 11:36 PM, Kisakye Alex wrote:


Qmail actually has a module to archive every email going in and out of 
the server. Qtaps if I remember correctly. Please check the wiki for 
this module.


Alex

On May 23, 2016 12:25 PM, "Chandran Manikandan" <tech2m...@gmail.com 
<mailto:tech2m...@gmail.com>> wrote:


Hi lodok,

In archive option should need do in Server or email clients.
If server could you let me know the steps.
Or any other methods to tap the emails for all email.

On Thu, May 12, 2016 at 5:28 PM, <a...@unet.de <mailto:a...@unet.de>>
wrote:

Hi Manikandan,

what do you think about appliances for archiving emails?
If you archive all emails, you keep track of all emails
received and sent,
have the ability to limit and secure access to the archive...

Iodok

> Hi Friends,
>
> I am running centos 6 with qmailtaoster + dovecot and facing
new problems
> with our users.
>
> 1. How can we stop allowing users to permanently delete
mails from our
> mail
> client like Purge or Shift delete?
> We are using Squirrelmail,Outlook and thunderbird email
client
>
> 2  If any employee sends mail from our company email to
their personal
> email we need a mail alert or copy of that email to any
particular email.
> Is there any way?
>
>  3. I want to monitor both outbound and Inbound mails of all
employees .
> It
> needs to be saved for future reference or verification purpose.
>
> Please help and advise required.
>
>
> --
> *Thanks,*
> *Manikandan.C*
> *System Administrator*
>


-
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
<mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com>
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
<mailto:qmailtoaster-list-h...@qmailtoaster.com>




-- 
*Thanks,*

*Manikandan.C*
*System Administrator*

Re: [qmailtoaster] Centos or Debian?

[Dan McAllister]

Eric & Tony:

Just to be clear, I /*have */successfully ported QMT and other server 
apps (including a rather robust Samba 4 as AD server) onto CentOS 7 -- 
and it seems to do just fine as a stand-alone server


_*BUT *_- I don't like running a single monolith server that provides 
all of these services. Instead, I like to create KVM guests that run 
simple sets of apps:

 - A Samba 4 AD controller for auth, DNS (BIND), and DHCP (ISC)
 - A QMT server for email
 - A QMT SmartHost (no REAL users, just available as a private relay)
 - A PDNS server (PowerDNS is my preferred backend for public domains 
-- BIND does the front-end work tho)
 - An Apache server for website (easy to integrate with QMT 
SquirrelMail or RoundCube)

 - A backup server (for my phone systems)
 - Another backup server for my several Linux systems around the world 
(the ones NOT here in FLA)


One of the HUGE benefits of this setup is that I can change the IP 
address on the QMT Relay in case it gets blacklisted. Then, work to 
DELIST the afflicted IP while I'm positive there is no traffic on it! :)


As a result of my difficulties in the networking, KVM, and VNC aspects 
of COS7, I have kept ALL of my other KVM hosts as COS6 -- and am hoping 
something better comes along for COS8 (or something similar).


Dan

PS: Personally, for now I would continue to support QMT on COS6 ONLY 
(only choice being 64 or 32 bit) -- FWIW, some of my KVM client systems 
are 32-bit to help reduce their footprint.




On 3/11/2016 1:08 PM, Eric wrote:

Dan,

I have two CentOS 7 servers up and running in production environments 
and have never seen the issues that you have described. By no means am 
I diminishing what you're saying, though. What you're describing with 
VNC happened regularly on my CentOS 5 servers. I had 6 file servers 
and 2 email servers with CentOS 5 and I regularly had to go through 
the whole ssh(ing) into the machine to fix VNC. Never has this 
happened on CentOS 6 or 7, with me anyway.


After hearing from Tony I was giving some thought to compiling 
binaries for a SysV distribution like the Debian flavor he suggested.


I have to admit that I wasn't aware of the fight over systemd and 
SysV. I've read the links that Tony provided and these two:


http://www.pcworld.com/article/2841873/meet-systemd-the-controversial-project-taking-over-a-linux-distro-near-you.html 


http://blog.jorgenschaefer.de/2014/07/why-systemd.html

and plan to read Debian's reasoning here:

https://wiki.debian.org/Debate/initsystem/systemd

How many people in QMT land are running CentOS7-QMT hosts with success?

Maybe a SysV fork is in order.

EricB


On 3/11/2016 10:29 AM, Dan McAllister wrote:

OK, so I have my own 2-cents worth and experience with systemd...

In a nutshell, I do NOT like it. I have found CentOS 7 to have 
stability issues that are TOTALLY UNACCEPTABLE for a SERVER. (might 
be fine for a desktop, but NOT a server!)


And therein lies the rub -- systemd is designed from the get-go to 
improve the "Desktop Experience" for Linux. Start faster, provide 
feedback faster, do more crap automated, and automatically "filter" 
logs and messages.
All GREAT things for the NOOB running Linux for the first time on a 
desktop so they can run some app...
But most of the RATIONALE for systemd is an anathema to running a 
server!


In my own world, I have a CentOS 7 system running next to a CentOS 6 
system. The COS7 system routinely breaks its network configs 
requiring me to re-run the firewall startup (otherwise, my virtual 
machines networking breaks at LEAST once a week!
On top of that, I usually leave a "console" (not :0) running with a 
firewalled (e.g.: limited access by IP address) VNC connection -- and 
this too BORKS at least once a week (when this fails, I have to ssh 
into the box, stop the vncserver, remove the .X11 folder in /tmp, and 
restart vnc. Not a HUGE chore, but given that I leave that very 
specific interface up so that I can access VMs VERY QUICKLY in an 
emergency, it sucks that often I have to do just that when something 
is going on -- and the delay is frustrating.


So what have I done about it?

Personally, I'm sticking with CentOS 6 for servers. Period. I've 
tried and tried with COS7, and it just isn't right for a server.
I have to think there will wind up being some "splits" in some 
distributions -- separating out server & desktop versions.


Just my thoughts... me, the guy who had QMT running on COS6 for more 
than a YEAR before we (the QMT team) officially supported it... yeah, 
that guy... is DONE with COS7!


We'll have to wait and see what the next rollouts are like from the 
distros -- but for now, COS7 is NOT VIABLE as a server in my opinion.


Dan McAllister
QMT DNS & Mirror Admin (kinda toothless right now, as Eric Schubert 
has been totally MIA and silent for s long now!)




On 3/11/2016 1:16 AM, Tony White wrote:

Eric,
  No problems as I will not use i

Re: [qmailtoaster] Centos or Debian?

[Dan McAllister]

OK, so I have my own 2-cents worth and experience with systemd...

In a nutshell, I do NOT like it. I have found CentOS 7 to have stability 
issues that are TOTALLY UNACCEPTABLE for a SERVER. (might be fine for a 
desktop, but NOT a server!)


And therein lies the rub -- systemd is designed from the get-go to 
improve the "Desktop Experience" for Linux. Start faster, provide 
feedback faster, do more crap automated, and automatically "filter" logs 
and messages.
All GREAT things for the NOOB running Linux for the first time on a 
desktop so they can run some app...

But most of the RATIONALE for systemd is an anathema to running a server!

In my own world, I have a CentOS 7 system running next to a CentOS 6 
system. The COS7 system routinely breaks its network configs requiring 
me to re-run the firewall startup (otherwise, my virtual machines 
networking breaks at LEAST once a week!
On top of that, I usually leave a "console" (not :0) running with a 
firewalled (e.g.: limited access by IP address) VNC connection -- and 
this too BORKS at least once a week (when this fails, I have to ssh into 
the box, stop the vncserver, remove the .X11 folder in /tmp, and restart 
vnc. Not a HUGE chore, but given that I leave that very specific 
interface up so that I can access VMs VERY QUICKLY in an emergency, it 
sucks that often I have to do just that when something is going on -- 
and the delay is frustrating.


So what have I done about it?

Personally, I'm sticking with CentOS 6 for servers. Period. I've tried 
and tried with COS7, and it just isn't right for a server.
I have to think there will wind up being some "splits" in some 
distributions -- separating out server & desktop versions.


Just my thoughts... me, the guy who had QMT running on COS6 for more 
than a YEAR before we (the QMT team) officially supported it... yeah, 
that guy... is DONE with COS7!


We'll have to wait and see what the next rollouts are like from the 
distros -- but for now, COS7 is NOT VIABLE as a server in my opinion.


Dan McAllister
QMT DNS & Mirror Admin (kinda toothless right now, as Eric Schubert has 
been totally MIA and silent for s long now!)




On 3/11/2016 1:16 AM, Tony White wrote:

Eric,
  No problems as I will not use it.
It seems CentOS6 does not have systemd.
I dislike the idea of aggregating everything into
1 process.
We have a VM of CentOS6.7 now and are working
on migrating everything this weekend.
CentOS6 is supported until 2020 I believe so this might
see me out of computing and in my grave. If not then it
at least buys me time to learn a different os that does
not have Systemd.


best wishes
  Tony White

On 11/03/2016 16:41, Eric wrote:


Tony,

Have you had any problems with systemd?

EricB

On 3/10/2016 8:36 PM, Tony White wrote:

Hi,
  Just because "everyone is going that way" does not make it right.
I can quote "If it ain't broke don't fix it!".
There are many distros not migrating to systemd and those that are
seem to me to have a core user group that are spawning or forking a
separate distro that does not use systemd.

http://www.zdnet.com/article/linus-torvalds-and-others-on-linuxs-systemd/ 



http://blog.lusis.org/blog/2014/09/23/end-of-linux/

This may give you some insight. It is a good place to start making your
mind up on the pros and cons of systems.

I chose Debian (Devuan) as there is a site 
http://qmailrocks.thibs.com where
there are instructions on Debian. Essentially this is an up to date 
version of

the old QmailRocks site that died a slow and painful death.

I am happy to converse with anyone but maybe we should do it off 
list as

it is potentially not constructive for QMTers.

I will have  a VM up and running over the weekend for testing.

NB I am not intending to start a big heated discussion I simply 
wanted to

know if anyone had already changed.

best wishes
  Tony White

On 11/03/2016 13:58, Helmut Fritz wrote:

Yeah - I too dislike the new system stuff.  but everything is going 
that way it seems.  You could Gentoo and build it how you like, but 
that is its own set of issues.


-Original Message-
From: Tony White [mailto:t...@ycs.com.au]
Sent: Thursday, March 10, 2016 6:51 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Centos or Debian?

systemd, kthread and all the other rubbish you dont need on a server.
However just found out that Debian as systemd now as well.
So the point is moot.

best wishes
Tony White

On 11/03/2016 13:14, Eric wrote:


Why are you sick of CentOS?

On 3/10/2016 6:57 PM, Tony White wrote:

Hi folks,
   I am sick of CentOS and was hoping someone had been using QMT on
Debian.
   If anyone has done this I would love to hear your experiences.

TIA.



-
To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com

For 

[qmailtoaster] glibc Critical Vulnerability - PLEASE READ!

[Dan McAllister]

Gentle Readers:

Google and Red Hat have independently discovered a *serious 
*vulnerability in glibc, present since the release of version 2.9 -- 
_remote code execution is more than just a __/theoretical /__possibility!_


Detailed technical details are available on the Google security blog at 
/_https://googleonlinesecurity.blogspot.ca/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html_/, 
but essentially, the glibc DNS client side resolver is vulnerable to a 
stack-based buffer overflow when the gettaddrinfo() library function is 
used. (This is the access of the servers listed in /etc/resolv.conf to 
execute DNS lookups - and has /_*NOTHING TO DO*_/ with hosting your own 
DNS server or resolver!)


*If you are running a mail server (QMail or other), you are relying 
HEAVILY on this library ... at EXACTLY the crux of this vulnerability! 
Do yourself a favor and update TODAY (or, at the very least, over the 
weekend!).

*
If you are running RHEL or CentOS 6 or 7, you are likely vulnerable. (If 
you are still on RHEL or CentOS 4 or 5, your procrastination has 
accidentally served you well - you never got the update to 2.9, and so 
while you do have other vulnerabilities, you don't have THIS ONE!).


Red Hat has released a PATCH -- and in 6, you will have to reboot to 
effect the change. Fortunately, in 7 there is a command that will swap 
in the new glibc "live". (See below)


The earliest *PATCHED *versions of glibc for RedHat/CentOS are:
 - RHEL/COS 6 : *glibc-2.12-1.166.el6_7.7 *
 - RHEL/COS 7 : *glibc-2.17-106.el7_2.4 *
NOTE: On 7, you can run the command: _*systemctl daemon-reexec*_ to 
load the updated library, and thus avoid a reboot.


/_*If you haven't updated your system within the past day or two, you 
likely need this patch! *_/A simple _*yum update -y*_ should get you the 
newest version, as the REPOs should all have the latest release by now.

/_*
*_/Have a good weekend! LOL

Dan McAllister
IT4SOHO

PS: Yes, I have over 40 Linux servers that will have to be managed in 
the next 2-3 days... happy working weekend for me!

[qmailtoaster] Script for detecting mail abuse

[Dan McAllister]

all.
You can use the attached script (built very similarly to the 
checkmailfraud.sh) called checkmailabuse.sh to check for users who are 
just plain sending too much mail!
Again, you will need to set your own variables at the top -- where you 
send the SMS (or email) message; what address you're sending it from; 
and at what threshhold will you send the alert.


I hope you find these scripts helpful - they are a central part of how I 
administer so many servers with so many users!


Good Luck!

Dan McAllister



#!/bin/bash
NOTIFY=
NOTIFYFROM=
THRESHHOLD=500
#
# NOTE: Depending upon the version of qmlog you install, the binary may be
#   located in /usr/bin or /usr/sbin. Therefore, we must start by
#   locating the QMLOG program
if [ -x /usr/sbin/qmlog ] ; then
  QMLOG=/usr/sbin/qmlog
elif [ -x /usr/bin/qmlog ] ; then
  QMLOG=/usr/bin/qmlog
else
  echo "$0 requires the program qmlog -- see qmailtoaster wiki to locate a copy"
  exit 99
fi

# remove old temp files
rm -f /tmp/checkmailabuse*

# Get date in both needed formats (with and without dash)
TODAY=$(/bin/date '+%m%d')
if [ $? -eq 1 ] ; then TODAY="$1" ; fi
MON="`echo $TODAY | sed 's/..$//'`" # first 2 digits
DAY="`echo $TODAY | sed 's/^..//'`" # last 2 digits

# Here's the work -- get the submission logs (translating the dates)
# - grep for the actual date because qmlog does a poor job on this
# - look only for rcpt lines and look for who is logging in
# - sort the results so "uniq" can count them
# - re-sort now based on uniq counts
$QMLOG -d $TODAY submission | 
 grep "^$MON-$DAY.*CHKUSER relaying rcpt" | 
 sed 's/.*rcpt: from .*//' | 
 awk -F: '{ print $1 , $2, $3 }' | 
 while read SEND AUTH OTHER ; do 
   echo $AUTH 
 done | 
 sort | 
 uniq -c |
 sort -n |
 while read MCOUNT MSENDER ; do
  if [ $# -eq 0 ] ; then
if [ "$MCOUNT" -gt "$THRESHHOLD" ] ; then
  echo $MCOUNT $MSENDER
fi
  else
echo $MCOUNT $MSENDER
  fi
 done > /tmp/checkmailabusers
#
# To send an alert
#
if [ "`cat /tmp/checkmailabusers | wc -l`" -gt "0" ] ; then
  echo "To: $NOTIFY" > /tmp/checkmailabuse-alert
  echo "From: $NOTIFYFROM">> /tmp/checkmailabuse-alert
  echo "Subject: Abuse Alert on $(hostname)" >> /tmp/checkmailabuse-alert
  echo " " >> /tmp/checkmailabuse-alert
  if [ "$( cat /tmp/checkmailabusers | wc -l )" -lt 5 ] ; then
cat /tmp/checkmailabusers >> /tmp/checkmailabuse-alert
/var/qmail/bin/qmail-inject < /tmp/checkmailabuse-alert
  else
echo "Too many abusers to show... please login to server ASAP!" >> 
/tmp/checkmailabuse-alert
/var/qmail/bin/qmail-inject < /tmp/checkmailabuse-alert
  fi
fi

#!/bin/bash
NOTIFY=
NOTIFYFROM=
THRESHHOLD=500
# NOTE: Depending upon the version of qmlog you install, the binary may be
#   located in /usr/bin or /usr/sbin. Therefore, we must start by
#   locating the QMLOG program
if [ -x /usr/sbin/qmlog ] ; then
  QMLOG=/usr/sbin/qmlog
elif [ -x /usr/bin/qmlog ] ; then
  QMLOG=/usr/bin/qmlog
else
  echo "$0 requires the program qmlog -- see qmailtoaster wiki to locate a copy"
  exit 99
fi

# Get date in both needed formats (with and without dash)
TODAY=$(/bin/date '+%m%d')
if [ $? -eq 1 ] ; then TODAY="$1" ; fi
MON="`echo $TODAY | sed 's/..$//'`" # first 2 digits
DAY="`echo $TODAY | sed 's/^..//'`" # last 2 digits

# remove old temp files
rm -f /tmp/checkmailfraud*

$QMLOG -d $TODAY submission | 
 grep "^$MON-$DAY.*CHKUSER relaying rcpt" | 
 sed 's/.*rcpt: from .*//' | 
 awk -F: '{ print $1 , $2, $3 }' | 
 while read SEND AUTH OTHER ; do 
   SENDDOMAIN="$(echo $SEND | awk -F@ '{ print $2 }')"
   AUTHDOMAIN="$(echo $AUTH | awk -F@ '{ print $2 }')"
   if [ ! -z $AUTHDOMAIN ] ; then
 if [ "$SENDDOMAIN" != "$AUTHDOMAIN" ] ; then 
   echo $SEND $AUTH $OTHER 
 fi
   fi 
 done | 
 sort | 
 uniq -c |
 sort -n |
 while read MCOUNT MSENDER MIMPOSTER ; do
  if [ $# -eq 0 ] ; then
if [ "$MCOUNT" -gt "$THRESHHOLD" ] ; then
  echo $MCOUNT $MSENDER $MIMPOSTER
fi
  else
echo $MCOUNT $MSENDER $MIMPOSTER
  fi
 done > /tmp/checkmailfraudsters
#
# To send an alert
#
if [ "`cat /tmp/checkmailfraudsters | wc -l`" -gt "0" ] ; then
  echo "To: $NOTIFY" > /tmp/checkmailfraud-alert
  echo "From: Mail System <it4s...@it4soho.com>" >> /tmp/checkmailfraud-alert
  echo "Subject: Fraud Alert on $(hostname)" >> /tmp/checkmailfraud-alert
  echo " " >> /tmp/checkmailfraud-alert
  if [ "$( cat /tmp/checkmailfraudsters | wc -l )" -lt 5 ] ; then
cat /tmp/checkmailfraudsters >> /tmp/checkmailfraud-alert
/var/qmail/bin/qmail-inject < /tmp/checkmailfraud-alert
  else
echo "Too many fraudsters to show... please login to server ASAP!" >> 
/tmp/checkmailfraud-alert
/var/qmail/bin/qmail-inject < /tmp/checkmailfraud-alert
  fi
fi

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] hi all, getting the below error

[Dan McAllister]

restart mysql

Dan

On 1/18/2016 10:18 PM, Sree Raj wrote:

Hello all,

Im getting the below error.
Error - no authentication database connection. Initial open.



Regards
Sreeraj R S

On Thu, Jan 14, 2016 at 7:30 AM, Eric > wrote:


Try resetting the postmaster password from the command line.


On 1/13/2016 5:29 AM, Sree Raj wrote:

Hello all,

Greetings:)

I had been facing an error in admin toaster that
domain has no postmaster!!


Regards
Sreeraj R S



-
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Qmailtoaster installation on Centos 7.1

[Dan McAllister]

Just to be sure y'all understand -- CentOS 7 installs with firewalld 
instead of iptables.
If you want to use iptables INSTEAD, you need to disable firewalld 
first, then enable iptables.


NOTE: I *DO* recommend doing this, as iptables is, in my opinion a 
better firewall solution FOR SERVERS.


to disable the firewalld, issue the commands:
 # *systemctl disable firewalld*
 # *systemctl stop firewalld*

Then you will need to install iptables:
 # *yum install iptables*
 # *systemctl enable iptables*
//
 # *systemctl start iptables**
*
Dan McAllister
IT4SOHO

On 10/26/2015 6:12 PM, Eric Broch wrote:

Chandran,

The below section is the firewall rules that are run at install time of QMT for 
CentOS 7 in both the qt_install.sh and qt_grp_install.sh scripts.



# Open ports on firewall
ports=(20 21 22 25 53 80 110 113 143 443 465 587 993 995 3306)
for index in ${!ports[*]}
do
echo -n "Opening port: ${ports[$index]} : "
tput setaf 2
firewall-cmd --zone=public --add-port=${ports[$index]}/tcp --permanent
tput sgr0
done
echo -n "Reload firewall settings : "
tput setaf 2
firewall-cmd --reload
tput sgr0



As far as the qt-backup you'll have to download it from github here 
<https://github.com/QMailToaster/qmailtoaster-util/raw/master/qt-backup>, 
download as follows:
# curl 
https://raw.githubusercontent.com/QMailToaster/qmailtoaster-util/master/qt-backup 
>qt-backup

And, put in the proper location on your server.

Eric



On 10/26/2015 4:40 AM, Eric Broch wrote:

The install should have done iptables already.

On 10/26/2015 4:29 AM, Chandran Manikandan wrote:

Dear Eric,
Thanks for your help.
It was working perfect on centos 7 machine.
But am unable to do qt-backup command. it show the below message. 
should i need to any further thing.


-bash: qt-backup: command not found

Am unable to do the iptables in this machine.
Could you let me know. should i need to do firewalld or iptables.
In which one is good for qmailtoaster

On Mon, Oct 19, 2015 at 12:41 PM, Eric Broch 
<ebr...@whitehorsetc.com <mailto:ebr...@whitehorsetc.com>> wrote:


On 10/18/2015 9:03 PM, Chandran Manikandan wrote:

Hi Folks,

How are you all ?

I have installed Centos 7.1 on my new IBM server machine.

I would like to install qmailtoaster on this machine.

Could anyone have the experience to install it.

Please help me to provide the steps and configuration.

Thanks in advance.

-- 
*Thanks,*

*Manikandan.C*
*System Administrator*


Chandran,

There are two methods now

Method 1)
a) # curl
ftp://ftp.whitehorsetc.com/pub/qmail/CentOS7/qmt/scripts/qt_prep.sh
> qt_prep.sh
b) # chmod 755 qt_prep.sh
c) # sh qt_prep.sh (Automatic reboot)
d) # sh qt_grp_install.sh

Method 2)
a) # curl
ftp://ftp.whitehorsetc.com/pub/qmail/CentOS7/qmt/scripts/qt_prep.sh
> qt_prep.sh
b) # chmod 755 qt_prep.sh
c) # sh qt_prep.sh (Automatic reboot)
d) # sh qt_install.sh
e) # rpm -Uvh

ftp://ftp.whitehorsetc.com/pub/repo/qmt/CentOS/7/current/noarch/whtc-qmt-1-1.qt.el7.noarch.rpm

Updating QMT
yum --enablerepo=whtc-qmt-testing update

Eric





--
*Thanks,*
*Manikandan.C*
*System Administrator*

[qmailtoaster] Request for ideas: limiting outbound traffic

[Dan McAllister]

Greetings QMT faithful.

I have an issue I'd like to throw out there -- I have a small number of 
users (on a server with about 20,000 users) that are abusing the service 
in that they're purposefully sending out huge amounts of mail.


Fortunately, so far none of their email campaigns have resulted in any 
RBL activity, but nearly every large-scale ESP (Email Service Provider) 
has limits set on the number of outbound messages per day (or per hour) 
that can be sent. I think we need the ability to enforce that too, but how?


Ideas?

Thanks in advance

Dan McAllister
IT4SOHO

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] qmailtoaster installation large installation

[Dan McAllister]

I maintain a server with over 35000 users, mostly in Mexico.

The configs are relatively simple -- just scaled for the number of 
users. The "bitch" is in the monitoring for abuse.


Dan

PS: Email me directly for specific questions -- the list is really more 
about generic QMT issues, not specific ones.



On 10/14/2015 5:27 AM, Kisakye Alex wrote:

hello, I had 10,000+ at one point.

Alex

On Wed, Oct 14, 2015 at 3:46 AM, Rajesh M <24x7ser...@24x7server.net 
> wrote:


hello all,

does anybody have a qmailtoaster installation with over 8000 users
in single installation.

we are looking for some basic guidance on this.

rajesh



-
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] queue is flooding user

[Dan McAllister]

Rajesh:

I understand -- and if all the "players" in the email world were 
legitimate, kind, and thoughtful ... there wouldn't be QMail at all, 
because sendmail would still be doing a fine job and the configurations 
therein wouldn't be so hard after all.


But that is not the REAL world. In THIS world, people actively work to 
abuse mail servers -- and many seek little more than the "fun" of 
disabling or at least disrupting mail service... and we (as mail admins) 
need to be PROACTIVE (not just reactive) in mitigating the threats. If I 
wasn't clear in my initial response -- this is what brought you to ask 
the original question in the first place! (Your queues are filling up 
with invalid bounce messages).


That being said, the "bounce-no-mailbox" option is, in my opinion, the 
WORST of the 3 available options. It serves as an open invitation to:
 - shutdown your mail server at-will with bounce and double-bounce 
messages that will clog your queues for days
 - mine your system for valid email addresses (those that do not 
bounce) -- and sell the results to SPAM lists

 - multiple other "attacks" ... this isn't the point of this email...
Sadly, it is also the "default" for our vpopmail implementations.

But, _*there is another option*_ (other than "bounce-no-mailbox" or 
"delete").


   If you fear that you may lose or miss something important, then
   replace the last word with an _*email address*_ (preferably on your
   server so delivery is local). This way messages sent to non-existent
   mailboxes will arrive in a specified mailbox and NOT bounce. You can
   periodically check that mailbox for misaddressed messages -- but be
   prepared to get a LOT of SPAM!

   This has the same benefits as "delete" (from the outside world
   perspective, everything is accepted) but still gives you a place to
   go to check for misdirected messages.

   NOTE: When clients want this, I typically create a "mailbox" that is
   NOT a legitimate Internet mail address. While it may not stay that
   way forever, I use a "non-existent" (so far) *.mail* TLD for these
   "catchall" accounts. So, for example, my client *abc.com* wants a
   catchall account, I configure it as *catch...@abc.com./mail/*//--
   vpopmail has no issue creating the accounts, and the client can
   access the mailbox just fine, but no outside mailer will ever
   succeed in deliberately sending mail to or from that account, and my
   client cannot accidentally send mail from that account.

If I have learned anything from the past 18 years of being an email 
admin it is that nothing is as easy as it seems. AKA: The devil is in 
the details.


If you insist on keeping the "bounce-no-mailbox" option, get yourself 
some qmail queue handling tools (like qmHandle or qmqtool), not to 
mention qfixq -- all of which can be found with a simple google search.


Good luck!

Dan McAllister
IT4SOHO





On 10/9/2015 5:45 AM, Rajesh M wrote:

dan

sorry to contradict but in my personal opinion this is not a good idea  if 
a the sender makes a mistake then my customer will not receive the email and 
nobody will know.

rajesh

- Original Message -
From: Dan McAllister [mailto:q...@it4soho.com]
To: qmailtoaster-list@qmailtoaster.com
Sent: Thu, 8 Oct 2015 15:01:57 -0400
Subject: Re: [qmailtoaster] queue is flooding user

I suspect the queue messages that are stacking up are for the delivery
of the bounce -- which is also likely going to a non-existent user or
domain.

My STRONGEST suggestion is to NOT BOUNCE messages that are directed to
non-existent users!!!
To do this, cd to the top of the domain in vpopmail (e.g.:
/home/vpopmail/domains/)
Then examine the file .qmail-default.
You want the last word to be "delete" not "bounce-no-mailbox"

Dan


On 10/8/2015 2:51 PM, Eric Broch wrote:

No one should be able to get a message in your queue to a non-existent
user unless they're using an account that they've hacked.
Someone correct me if I'm wrong.

On 10/8/2015 12:37 PM, Eric Broch wrote:

Has someone hacked a password?

On 10/8/2015 11:59 AM, Rajesh M wrote:

spammer is emailing a non existent user on my server.

qmailtoaster is accepting the email and then trying to respond back

my queue is flooding because ot this

should'nt chkuser be directly bouncing the email during smtp transaction time 
when email id is not present on the server ?

pl see below the message trapped in my queue. kindly let me know how i could 
prevent these

thanks for your help

rajesh

log files

@40005616a19e352eb154 info msg 1840641: bytes 60095 
from<bonnie.wes...@mjfirm.com>  qp 40028 uid 89
@40005616a19e36a305bc starting delivery 1066: msg 1840641 to 
localposeidonship.com-bandu_p-...@poseidonship.com
@40005616a19e36a328e4 status: local 1/200 remote 60/60
@40005616a19e374ed234 delivery 1066: failure: 
Sorry,_no_mail

Re: [qmailtoaster] How to protect sent items email and Trash folder from users

[Dan McAllister]

OK, so you're in luck in that your mail folders aren't available for 
"general" read/write access.


You can use the ACL capability to make the folders "append only" (chattr 
+a /path/to/folder)
This will allow new messages to be added (new files created), but will 
disallow any files to be removed (deleted messages = deleted files).
Now the BAD news is that I think this would also prevent IMAP from 
marking files as READ or SET FOR DELETION or any other change.

I would certainly be interested to see the results of some testing on this.

Dan

On 9/25/2015 6:42 AM, Havrla wrote:

Heloo,

mkdir /home/backup

/etc/cron.daily/rsync-qmail.sh :

#!/bin/bash
rsync -av  /home/vpopmail/domains /home/backup/





backup all emails from server :-)



Havrla






Dne 25.9.2015 10:35, Chandran Manikandan napsal(a):

Hi Friends,

I need your help of my below.

1. Currently am using Centos 6.6 Final and Qmail toaster,dovecot  on 
our server


2. We are using Outlook,Thunderbird and Squirrel webmail to access 
emails.


3. The help is need for some our senior people sent emails to 
clients. Those emails after their sent moved from their sent item 
folder to their local outlook files(Desktop storage) or removed from 
server.


4. I want to restrict to removed or moved emails from inbox and sent 
items folder


5. Does it any method to forward those emails to particular email 
account on server without their knowledge like Inbox forward option.


6. How to protect those emails.

Could anyone help me.

--
*Thanks,*
*Manikandan.C*
*System Administrator*

Re: [qmailtoaster] test

[Dan McAllister]

The email server (run by Eric Shubert) was down yesterday.

Testing earlier today, it appears to be back up.

Dan

On 9/21/2015 10:51 AM, Havrla wrote:

Havrla,

I'm unable to send to qmailtoaster-list and the qmailtoaster-devel. Are
you able to send to these lists

Eric

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] RE: Shubes

[Dan McAllister]

NOTE: I have not only sent emails, but I have also called on the 
telephone to speak to Eric -- all to no avail.


As hesitant as I am to "steal" a project from anyone, I am prepared to 
move on redirecting the DNS to other servers that can be more actively 
maintained. (Remember, I have control of the DNS servers -- at least as 
defined at the registrar. So, so long as the entries at the registrar 
still point to my servers, we have significant control over the domain).


However, I think a more appropriate location to hold this discussion 
would be the qmailtoaster-devel list (which I have copied).


If you are on the qmailtoaster-devel mail list, please continue the 
discussion there.


Thanks

Dan McAllister
IT4SOHO
QMT DNS/Mirror Admin




On 9/17/2015 10:23 AM, Edwin C wrote:


In the spirit of volunteering, i can provide a vps to the community.  
I have hosting skills.


I also do wordpress websites via my company www.filipinowebservices.com

Let me know how i can help.

On Sep 17, 2015 13:32, "L.A." <pc...@yandex.ru> wrote:
Same here.
Making copy of centos6 for local use now :(
Looks like we need at least two leaders with all access, that will not 
disappear simultaneously.

10.09.2015, 01:32, "Havrla" <hav...@lhotkanet.cz>:

Hello

I'm sorry my English is not good.

I have QMT since 2003, actually 2015 - 2003 = 12 years. That's a long 
time.


I would be very unhappy if the project did not continue

Website of the project seem dead. the only living thing is 
email-list. I was so unhappy after new information on the 
continuation and CentOS7, so I volunteered email-list. Information 
gained and QMT on CentOS7 comfortably installed, without compiling, 
without complications. I configured a přemigroval old QMT. It works. 
I'm happy.
Plenty of other administrators would be happy if the project and 
website relaunched and updated.


I can provide mirror web hosting for the web. I fear the end of QMT 
several years, so I have a backup 
http://www.lhotkanet.cz/mirror/www.qmailtoaster.com/


Good luck finding Eric "Shubes", please choose a successor to 
continue the project. I do not end up project.


History "authors" from website QMT:
2003 - first Miguel Beccari <mailto:miguel.becc...@clikka.com> - web live
2004 - Miguel Beccari <mailto:miguel.becc...@clikka.com> and Nick 
Hemmesch <mailto:n...@ndhsoft.com>  - web live

2005 - Nick Hemmesch - web live <mailto:n...@ndhsoft.com>
2006 - Nick Hemmesch - web live <mailto:n...@ndhsoft.com>
2007 - Nick Hemmesch - web live <mailto:n...@qmailtoaster.com>
2008 - Erik A. Espinoza - web live <mailto:espinoza-qt...@kabewm.com>
2009 - xxx  - no info
2010 - Jake Vickers - web live 
<https://web.archive.org/web/20100102231136/http://qmailtoaster.com/Contact_Me.html>
2011 - Jake Vickers - web live 
<https://web.archive.org/web/20100102231136/http://qmailtoaster.com/Contact_Me.html>
2012 - Jake Vickers 
<https://web.archive.org/web/20121012123212/http://qmailtoaster.com/Contact_Me.html>  
- web last update *09/18/2012* - Updated clamav to 0.97.6
2013 - Jake Vickers  - 
<https://web.archive.org/web/20131027205025/http://www.qmailtoaster.com/Contact_Me.html>web 
frozen
2014 - Jake Vickers - 
<https://web.archive.org/web/20131027205025/http://www.qmailtoaster.com/Contact_Me.html>web 
frozen
2015 - Jake Vickers - 
<https://web.archive.org/web/20131027205025/http://www.qmailtoaster.com/Contact_Me.html>web 
frozen
2016 -> ??? Eric Broch & Dan McAllister ???  web live ??   please 
please 



Thanks
Havrla from Czech Republic





Dne 9.9.2015 19:04, South Computers napsal(a):

Thanks Dan! I will help in any way I can as well, just say the word.

Shubes, hope all is well with you.

Scott

Dan McAllister wrote:

QM Toaster Minions:

I have tried contacting "Shubes" several times over the past few 
months, to no avail. He's either busy or incapacitated. It has been 
since before the new year that he was last heard from here, or 
privately.


I have control of the DNS, so if we want to move anything we can -- 
we just can't make any actual changes to the domain registration. 
The domain registration was renewed this past May, but I strongly 
suspect that was an automated transaction. I am already listed on 
the registration as the Tech ID, so if Eric is incapacitated we 
should be able to convince DynDNS (the registrar) to let us in -- 
but other than renewing it, there really doesn't need to be 
anything changed there.


There are likely also "accounts" (git?) that may need to be 
"recovered".


Never the less, it is time to regain some direction and progress 
... so, I will try again to reach Eric. I am not comfortable just 
"taking" the project from him, but agree that there are many 
changes and updates that need to be incorporated. (Not the least of 
which is both "official&quo

[qmailtoaster] RE: Shubes

[Dan McAllister]

QM Toaster Minions:

I have tried contacting "Shubes" several times over the past few months, 
to no avail. He's either busy or incapacitated. It has been since before 
the new year that he was last heard from here, or privately.


I have control of the DNS, so if we want to move anything we can -- we 
just can't make any actual changes to the domain registration. The 
domain registration was renewed this past May, but I strongly suspect 
that was an automated transaction. I am already listed on the 
registration as the Tech ID, so if Eric is incapacitated we should be 
able to convince DynDNS (the registrar) to let us in -- but other than 
renewing it, there really doesn't need to be anything changed there.


There are likely also "accounts" (git?) that may need to be "recovered".

Never the less, it is time to regain some direction and progress ... so, 
I will try again to reach Eric. I am not comfortable just "taking" the 
project from him, but agree that there are many changes and updates that 
need to be incorporated. (Not the least of which is both "official" COS6 
& COS7 support.)


I have the expertise to take "ownership" of the project, but not really 
that much available time. Never the less, just as Jake (the original 
"master" of the QMT project) chose his successor, I would imagine it 
will be up to Eric to choose his.


Dan McAllister
DNS/Mirror list admin for QMT


On 9/9/2015 12:01 PM, Eric Broch wrote:

Johannes,

Thanks! I'm really not sure how to proceed at this point. I suppose I
should contact EricS again and ask his status. I'm fairly sure that he
gets the email from the qmailtoaster list so if you're out there EricS
please let us know your thoughts and/or status. As QMT lead EricS knows
a heck of a lot more than I do concerning everything Qmail and it would
be sad if he weren't lead of the project any longer as I don't feel
adequate to take the project over. I'm wondering if the wiki like the
mirrors couldn't, or shouldn't, be spread over multiple servers and that
wouldn't burden you with sole responsibility for hosting. This is the
primary reason I would like to get my CentOS 7/QMT rpms to the QMT
mirrors. This way if something were to happen to anyone of us, the
community would not burdened with the prospect of putting everything
back together in their absence. I think it also wise to have multiple
people in the QMT community able to access the domain registrar (and the
QMT domain for the same reason). Anyway, those are my thoughts.

Eric

On 9/7/2015 3:53 AM, Johannes Weberhofer wrote:

Eric,

we should ask Eric Shubert to hand it all over; I could offer to take
over the domain and also the hosting.

Best regards,
Johannes

Am 05.09.2015 um 17:37 schrieb Eric Broch:

Edwin,

IMHO, yes, CentOS 6 is stable. I'm using it in production. I think it
would be a good idea to add it to the wiki.

However, I'm not sure of the wiki's status. Someone's paying for the
domain name, I'm not sure who that is or how long he/she will be
doing so.

EricB



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] error sending : SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small

[Dan McAllister]

It appears you are attempting to send your mail with TLS and your local 
certificate is not valid (DH KEY TOO SMALL).


I usually recommend getting a REAL SSL certificate (vs. self-signed) if 
you're going to be using SSL/TLS security on your systems permanently. 
Its not THAT expensive (see Godaddy.com or most other registrars for deals).


Dan McAllister
IT4SOHO

On 7/21/2015 4:58 PM, Linux wrote:
Hello friends, I have QmailToaster + centos 5.9 and sending emails 
I've been getting some failure notice:



--

mailer-dae...@dominio.com mailto:mailer-dae...@dominio.com
mailer-dae...@dominio.com mailto:mailer-dae...@dominio.com escribió:


Hi. This is the qmail-send program at dominio.com http://dominio.com
I'm afraid I wasn't able to deliver your message to the following
addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

jos...@otherdomain.com mailto:jos...@otherdomain.com:
TLS connect failed: error:14082174:SSL
routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small; connected 
to 191.8.4.132.

I'm not going to try again; this message has been in the queue too long.

---



anyone knows of that is?

Best regards,

Paul

Re: [qmailtoaster] The mail server responded this user has no $HOME/Maildir

[Dan McAllister]

Tony:

I suggest you check your system messages file (/var/log/messages) -- I 
suspect that you have have had a filesystem or drive error on the device 
that holds your /home/vpopmail folder tree. Here's why:
 - When there is a serious error found in the mounted filesystem, 
CentOS (or RHEL) marks the entire filesystem as READ ONLY
 - With the filesystem in read-only mode, your mail system will be 
unable to open new files in the $HOME (which is a folder in 
/home/vpopmail/domains/... tree)


If you are seeing errors there, I shouldn't have to tell you to be 
careful about getting the data into a safe(r) place.


Good Luck

Dan McAllister



On 5/30/2015 11:30 AM, Tony White wrote:

Hi Bharath,
  Ext3 Linux Centos5.



*From:* Bharath Chari qmailtoas...@arachnis.com
*To:* qmailtoaster-list@qmailtoaster.com
*Sent:* Saturday, 30 May 2015, 17:22
*Subject:* Re: [qmailtoaster] The mail server responded this user has 
no $HOME/Maildir


Could be that inode or File descriptor limit had been reached.
What's your file system type?

Bharath

On 05/30/2015 09:18 AM, Tony White wrote:



pop3 Eric.
Strangest thing it just stopped responding that way.
I rebooted the system and it stopped.
I have no idea why it started nor why rebooting stopped it.


*From:* Eric Broch ebr...@whitehorsetc.com 
mailto:ebr...@whitehorsetc.com
*To:* qmailtoaster-list@qmailtoaster.com 
mailto:qmailtoaster-list@qmailtoaster.com

*Sent:* Saturday, 30 May 2015, 14:20
*Subject:* Re: [qmailtoaster] The mail server responded this user has 
no $HOME/Maildir


Which protocol? POP3?

On 5/29/2015 6:32 PM, Tony White wrote:



Update : maunal access tried...

+OK 20725.1432945684@/home/vpopmail/bin/vchkpw
user t...@example.com mailto:t...@example.com
+OK
pass letmeinplease
-ERR this user has no $HOME/Maildir
-ERR unable to write pipe



*From:* Tony White aewhite...@yahoo.com.au 
mailto:aewhite...@yahoo.com.au
*To:* qmailtoaster-list@qmailtoaster.com 
mailto:qmailtoaster-list@qmailtoaster.com 
qmailtoaster-list@qmailtoaster.com 
mailto:qmailtoaster-list@qmailtoaster.com

*Sent:* Saturday, 30 May 2015, 10:26
*Subject:* [qmailtoaster] The mail server responded this user has no 
$HOME/Maildir


Hi folks,
I have no idea what this is but noone can get email.
Trying to retrieve mail generates the error...

Sending of password for u...@example.com mailto:u...@example.com 
did not succeed.

Mail server ServerName responded: this user has no $HOME/Maildir

Anyone any ideas please? I will keep searching the net meanwhile.

TIA.

tony













--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!

[qmailtoaster] Who owns IP 109.74.205.92 (aka: emailto.eu)

[Dan McAllister]

Greetings:

I've posted this query on the DEVEL list a few times, but I haven't 
received a reply. This is a broader list, so perhaps this will work :)


As the Admin for the QMT DNS  Mirror services, I recruited several 
sites that act as DNS servers and Mirror Web servers for the QMT 
project. Unfortunately, I lost the document where I had kept all of the 
lists of who those volunteers are.


I was able to cobble together MOST of the data, and some of the 
volunteers replied when I asked on the DEVEL list.


But the mirror site at emailto.eu (109.74.205.92) remains a mystery to me :)

If you own this site (and are maintaining your mirror), please reply to 
me directly (the reply-to on this message is me) and let me know who you 
are!


Thanks,

Dan McAllister



--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] CNAME lookup failed temporarily. (#4.4.3)

[Dan McAllister]

Yes, that error is usually a DNS issue -- however, sometimes it is an 
issue with the QMT server's DNS resolution.


I've been through this a number of times with people -- your mail server 
has no need of being a DNS server as well, but it will rely HEAVILY on 
whatever DNS server you provide it (usually in /etc/resolv.conf).


One popular option is pdns-resolver (available from EPEL).
 - NOTE: Do not confuse pdns-recursor with pdns -- the recursor is a 
DNS CLIENT (lookup service), not a server... but it's fast and efficient.


One major cause of the CNAME issue is not really based on CNAMEs at all 
-- rather it is a buffer overflow in the response from the DNS 
authoritative server. (DNS replies are supposed to be -- oops, used to 
be -- limited to 5xx characters. Newer updates to the spec have made 
that a larger buffer, but many DNS clients can't handle the overflow, 
and so error out... and the assumption is made that it is a CNAME caused 
error... an assumption that is not always correct.


I hope this helps

Dan
IT4SOHO


On 4/30/2015 9:06 AM, Tony White wrote:

Hi Fabian,
  Turns out it was something like that.
The DNS for the remote mail server was utterly
screwed up. After 40 minutes of testing here to
assure my client it was not my mail server, the DNS
entries for the remote magically fixed them selves
and the clients email left the queue nicely.

  Thank you.

best wishes
  Tony White

On 30/04/2015 22:32, Fabian Santiago wrote:


Maybe related to this:

http://serverfault.com/questions/189366/cname-lookup-failed-temporarily-4-4-3 



???

-

Sincerely,

Fabian Santiago

Sent from my iPhone


On Apr 30, 2015, at 3:52 AM, Tony White t...@ycs.com.au wrote:

CNAME lookup failed temporarily. (#4.4.3)

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com






-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] spf

[Dan McAllister]

A few comments here:

1) The minimal SPF record is common and sufficient in most cases
TXTv=spf1 mx -all

What I mean by common and sufficient is that it works perfectly in 
the cases where:
  - There only valid sources of mail for your domain are your mail 
servers (the ones listed in your MX records)
  - There are no web-sites, database servers, or other sources of 
mail that will appear to come from your domain, but will come from 
another server
  - You are not using a relay, SPAM filter, Smart Host, or other 
3rd party that touches or manages your mail


 2) If you are hosting for more than 1 domain, consider creating an 
importable SPF record:


   _spf.domain.testINTXTv=spf1 -ip4:address ?all

  This will allow you to use the same SPF record in all of your 
hosted domains that looks like:


other-domain.testINTXTv=spf1 
-include:_spf.domain.test -all


   NOTE: The ?all at the end of the includable record says to 
essentially pass on any error number to the next level, then the -all at 
the end of the real (or, outer) SPF record says that this is for real.
   Many samples you'll seen online will end the record with ~all 
instead of -all -- the ~all means you're testing and SPF isn't for 
real for your domain.


   By using the include, you can change your email host's address 
or MX records or you can add a 3rd party SPAM filter or whatever, and 
when you change the _spf record, you'll be changing the value for all of 
your supported domains.


I hope this helps

Dan
IT4SOHO

On 4/29/2015 9:08 AM, Fox Hound wrote:

You only want a txt record. Spf records are deprecated.

- Fox


On Apr 29, 2015, at 10:05 AM, Dave M sysad...@tricubemedia.com wrote:

Aslo ,
from the wiki ( Thanks Eric )

should we have both entries:
By far, the most common entries for an SPF definition will be:

 domain.tld. IN TXT v=spf1 a mx -all
 domain.tld. IN SPF v=spf1 a mx -all



Cheers



On 29/04/2015 7:03 AM, Dave M wrote:
What test to confirm the SPF records ?
Also does anyone have a link to set domainkeys?

Cheers.




On 28/04/2015 4:34 PM, Fabian Santiago wrote:
Dave,

I use this:
v=spf1 mx a ip4:your server's ip -all

An SPF record generator site:
http://www.spfwizard.info

SPF explanation:
http://www.openspf.org/SPF_Record_Syntax


-

Sincerely,

Fabian Santiago

Sent from my iPhone


On Apr 28, 2015, at 4:25 PM, Dave M sysad...@tricubemedia.com wrote:

Is this good enopugh for  SPF record,

v=spf1 mx -all




-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Roundcube

[Dan McAllister]

My only caveat is the same one I tell people who use QMT in general -- 
DO NOT use the default SQL passwords!
You don't have to make them super hard, but leaving them default is just 
ASKING for trouble!


(Yes, roundcube creates and uses a MySQL database of users - separate 
from the vpopmail database.)


Dan McAllister
IT4SOHO

On 4/17/2015 2:15 PM, Dave M wrote:

Thanks for the info Dan,
I to am finding more ofo our users are requesting it be added.

I am running a Centos 6 and 7 VM test boxes, so I will go ahead and 
test further.

Any  caveats to worry about?

Cheers,
Dave M

On 17/04/2015 10:09 AM, Dan McAllister wrote:

Dave:

I offer both on my sites:
 roundcube at mail.domain.com
 squirrelmail at www.domain.com/webmail

MOST of my clients prefer the roundcube...

Just my experience

Dan McAllister
IT4SOHO

On 4/17/2015 2:00 PM, Dave M wrote:
Any one had the opportunity to install roundcube as apposed to 
squirrel mail,

in qmail-toaster Centos 6 or 7

Just looking to see if its possible and worth it.

Cheers

Dave M


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com








-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Roundcube

[Dan McAllister]

Dave:

I offer both on my sites:
 roundcube at mail.domain.com
 squirrelmail at www.domain.com/webmail

MOST of my clients prefer the roundcube...

Just my experience

Dan McAllister
IT4SOHO

On 4/17/2015 2:00 PM, Dave M wrote:
Any one had the opportunity to install roundcube as apposed to 
squirrel mail,

in qmail-toaster Centos 6 or 7

Just looking to see if its possible and worth it.

Cheers

Dave M


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Q7

[Dan McAllister]

On 4/2/2015 5:20 PM, Dave M wrote:

This should make you smile

I have just this minute finished an install of Centos7 to prepare for 
the qmail-toaster install.


After the first update , and reboot, I logged in via ssh

Up pops the security message:

*There were 249 failed login attempts since the last successful login.*

Thankfully the default firewall took care of them

Just be careful doing installs with live external IP, and disabling 
the firewall until you are done


Made me laugh : )


Just a tip --

Instead of leaving your SSH port open, put a connection limit on it:

The following entries are from an iptables config file:

-A INPUT -p tcp --dport   22 -m limit --limit 2/minute  -j ACCEPT
-A INPUT -p tcp --dport   22 -j DROP

You can fail your login attempt twice per minute, then you're dropped 
for the remainder of the minute.
In most cases, they fail the login twice in like a 10-second period, 
fail a few more times (with unsuccessful connections this time) and 
finally quit -- blissfully unaware that they could try 2 more times in 
60 seconds.


The point is, if you're just fat-fingering your SSH password, no worries 
- wait 60 seconds
But if you're trying a brute-force attack, good luck -- instead of 
hundreds of tries per minute, you now get just 2...


Needless to say, you can adjust to your own recipe...

Dan McAllister
IT4SOHO


--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!

Re: [qmailtoaster] releay internal server

[Dan McAllister]

Personally, I do all of my INTERNAL relaying over secure logins...

FIRST, on the server that will be /sending the /internal message, I 
create an SMTPROUTES rule that sends it to my REAL mail server -- but 
here's the kicker: the SMTPROUTES rule says to use port 587 and to use a 
set of CREDENTIALS that are setup for internal mail transfers.


In my case, on the real mail server there is a fake domain called 
INTERNAL.MAIL, with a fake user of INTER-SERVER...
Thus, my internal mail transfers use port 587 with auth credentials of 
inter-ser...@internal.mail...

In other words...

   /var/qmail/control/smtproutes:
   *mydomain.com:realmailserver.mydomain.com:587
   inter-ser...@internal.mail PASSWORD*

I hope this helps

Dan McAllister

On 3/31/2015 7:13 AM, Giuseppe Perna wrote:

Hello everyone,
I have this problem, as some servers in the network start
notifications for emails that have as smtp qmailtoaster
How do I tell qmailtoaster to accept raleay from these servers of my
internal network?

Thank You




--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!

Re: [qmailtoaster] error

[Dan McAllister]

Dave:

It appears there is a stuck qmail-smtp process that is bound to port 
(25 since this is the smtp log file -- but this issue can arise in 
submission [port 587], or smtp-ssl [port 465] if that is enabled as well).


issue a _*pkill -9 qmail-smtp *_command, as that will force-stop all 
current smtp services (on all ports)... the supervise routines will make 
sure that a new qmail-smtp process is started on all of your ports.


Dan
IT4SOHO


On 3/30/2015 11:38 AM, Dave M wrote:

All of a sudden getting this error in smtp logs

tcpserver: fatal: unable to bind: address already used

Anyone seen before

Thanks


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!

Re: [qmailtoaster] error

[Dan McAllister]

Dave:

The reboot was overkill, but I'm glad its working again. (By overkill, I 
mean the doing the pkill -9 would force the hung process to stop (as 
well as any other qmail-smtp processes), then the *supervise *program 
would immediately re-spawn a new one (or new ones) -- rebooting 
essentially killed ALL of the processes... so you fixed it, then 
rebooted which fixed it again grin)


Dan

On 3/30/2015 3:11 PM, Dave M wrote:

Thanks Dan
it was stuck on port 587
killed the process _*pkill -9 qmail-smtp

did reboot all is well again.

Thanks

On 3/30/2015 8:50 AM, Dan McAllister wrote:

Dave:

It appears there is a stuck qmail-smtp process that is bound to 
port (25 since this is the smtp log file -- but this issue can arise 
in submission [port 587], or smtp-ssl [port 465] if that is enabled 
as well).


issue a _*pkill -9 qmail-smtp *_command, as that will force-stop all 
current smtp services (on all ports)... the supervise routines will 
make sure that a new qmail-smtp process is started on all of your ports.


Dan
IT4SOHO


On 3/30/2015 11:38 AM, Dave M wrote:

All of a sudden getting this error in smtp logs

tcpserver: fatal: unable to bind: address already used

Anyone seen before

Thanks


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com





--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
   877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!






--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!

Re: [qmailtoaster] qmailctl restart

[Dan McAllister]

Fabian:

Yes and no -- Submission /**IS**/ SMTP, just on a different port.
So when qmailctl restart kills the qmail-smtp processes, it's also 
killing the submission process.


Dan

PS: Just to elaborate:
 -- *SMTP on port 25* SHOULD be used for receiving messages from 
outsiders for your domain(s). As such, it should have all of your AV, 
SPAM, and other protections enabled. Personally, I specifically DENY 
auth logins and relaying on this port so that my users HAVE to use the 
submission port.
 -- *SMTP on port 587* is called SUBMISSION and SHOULD be used solely 
for relaying messages from authenticated users. As such, you may choose 
to apply a lighter touch on SPAM or other protections.


/How do I configure these differently? /Using *SpamDyke* with different 
config files for each port




On 3/30/2015 4:00 PM, Fabian Santiago wrote:
currently, qmailctl restart only restarts send and smtp. it doesn't 
affect submission and the logging apparatus.


is this right?



--

- Sincerely,

Fabian S.




--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!

Re: [qmailtoaster] QMT/CentOS 6

[Dan McAllister]

Eric:

First, let me say I've been using QMT on COS 6 since long before the new 
install scripts (and binary RPMs) became available. And I suspect I'll 
be a very early adopter of QMT on COS7 as well... Secondly, I'm a firm 
believer in the use of appliances (VMs), and I haven't installed a 
32-bit version of Linux since COS4, *so my experiences are not exactly 
nominal...*


So, that being said: I use BIND (named) 9.8 on some of my QMT on COS 
systems, but I use PDNS (pdns_recursor 3.5) on more.  Still, while I 
/have /seen the buffer (CNAME) error on bind systems, those were older 
versions of BIND -- I can't say as I've ever seen it on BIND 9.8, and 
I've never seen it on any version of PDNS -- I have _never_ experienced 
the mysql library issue you're experiencing. Additionally, I'm not sure 
how the link works -- but unless your BIND is using a MySQL backend, 
there should be no shared relationship between BIND, MySQL, and QMT. (In 
reality, the QMT link to MySQL is really vpopmail's link, unless I'm 
missing something).


Assuming you're on 64-bit COS6:
 - the current version of libmysqlclient.so is 16 (not 15)
 - the location should be SOLELY in /use/lib64/mysql

So it appears there is a MySQL issue ... and you may be chasing the 
wrong rabbit :)


Also, you cannot copy COS5 and COS6 binaries back and forth -- they have 
different dependencies and very different library availabilities.


Just my thoughts...

Dan McAllister
IT4SOHO



On 3/27/2015 3:22 PM, Eric Broch wrote:

QMT/CentOS6 users,

have any of you seen the issue I've described in previous posts:

One issue that I've run into with QMT/CentOS6 on my failover host is
the inability to send email after a restart of the named service when
the nameserver address in /etc/resolv.conf is the IP address of the QMT
host itself. The error in my submission file looks like this:

/home/vpopmail/bin/vchkpw: error while loading shared libraries:
libmysqlclient.so.15: cannot open shared object file: No such file or
directory

Before I wade in over my head does anyone have any ideas why this would
be happening?

Eric

On 3/27/2015 1:00 PM, Dan McAllister wrote:

Yup - several

On 3/27/2015 2:04 PM, Eric Broch wrote:

Is there anyone in the QMT community using QMT/CentOS6 in a production
environment?

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com





-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!

Re: [qmailtoaster] QMT/CentOS 6

[Dan McAllister]

Yup - several

On 3/27/2015 2:04 PM, Eric Broch wrote:

Is there anyone in the QMT community using QMT/CentOS6 in a production
environment?

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Getting my feet wet again / email received stuck in queue

[Dan McAllister]

Fabian:

Look at the output of a //home/vpopmail/bin/vdominfo deviltracks.net/ 
and verify that it looks right -- if not, I would probably use brute 
force and command line the adding of the domain


 # */home/vpopmail/bin/vdeldomain deviltracks.net ;
   /home/vpopmail/bin/vadddomain deviltracks.net *///password///

I learned to stop trusting the vqadmin interface years ago -- must say I 
have yet to regain any trust in it. Perhaps others have other experiences?


Dan
IT4SOHO

On 3/25/2015 8:57 PM, Fabian Santiago wrote:

ok,

here's another issue,

i sent myself two messages. logs look good as far as email being 
scanned and clean. but not delivered. i see that they're stuck in the 
queue.


i have one domain so far, the same as the server's, deviltracks.net 
http://deviltracks.net


mail sent from my gmail account to: postmas...@deviltracks.net 
mailto:postmas...@deviltracks.net


qmail-qread reports the local receiver as:

deviltracks.net-postmas...@deviltracks.net 
mailto:deviltracks.net-postmas...@deviltracks.net


virtualdomains reads:

deviltracks.net:deviltracks.net http://eviltracks.net

i originally added this domain using vqadmin (web). it was my first 
and only domain so far. it is the local actual domain. did i do 
something wrong?



--

- Sincerely,

Fabian S.




--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!

Re: [qmailtoaster] Getting my feet wet again / Best route for deployment of QMT on Centos...

[Dan McAllister]

Pardon me for being Johnny come lately on this, but the softlimit 
issues comes from the now-default way of using TLS when connecting 
(whether via SMTP -- which is ports 25, 587, and possibly 465 -- or IMAP 
[only 143] or POP [only 110]) -- this is the solution to the problem 
that they (they as-in The Internet Gods) added the secure ports for 
SSL connections, but then a large majority of people never used them -- 
so they needed a way to get them to switch without knowing they were 
switching... thus the TLS negotiation being thrown in by new clients and 
servers alike.


When the qmail-smtp program reads the request for TLS communications (or 
if you've forced SSL as you might for port 465), it dynamically loads 
the appropriate libraries... thus crashing your softlimit memory allocation.


The point of this overly-specific notation is that this is a 
long-standing QMT installation weakness.


I hope to have a document ready soon that will give some more guidance 
to new QMT users -- especially NEWBIES.


Dan
IT4SOHO

On 3/25/2015 9:02 PM, Fabian Santiago wrote:

eric,

for me it was the softlimit. my mysql dir contains:

total 3168
drwxr-xr-x  3 root root4096 Mar 25 15:55 .
dr-xr-xr-x 42 root root   20480 Mar 25 15:55 ..
lrwxrwxrwx  1 root root  26 Mar  9  2014 libmysqlclient_r.so.16 - 
libmysqlclient_r.so.16.0.0

-rwxr-xr-x  1 root root 1595240 Feb 12  2014 libmysqlclient_r.so.16.0.0
lrwxrwxrwx  1 root root  24 Mar  9  2014 libmysqlclient.so.16 - 
libmysqlclient.so.16.0.0

-rwxr-xr-x  1 root root 1584680 Feb 12  2014 libmysqlclient.so.16.0.0
-rwxr-xr-x  1 root root   12935 Feb 12  2014 mysqlbug
-rwxr-xr-x  1 root root6399 Feb 12  2014 mysql_config
drwxr-xr-x  2 root root4096 Mar 25 15:55 plugin



On Wed, Mar 25, 2015 at 9:00 PM, Eric Broch ebr...@whitehorsetc.com 
mailto:ebr...@whitehorsetc.com wrote:


Fabian,

Not sure of anymore issues, trying to troubleshoot your issue, I
ran into my own (/home/vpopmail/bin/vchkpw: error while loading
shared libraries: libmysqlclient.so.15: cannot open shared object
file). I thought it was the soft limit but no such luck. Can you
tell me what's in your /usr/lib64/mysql directory?

Eric


On 3/25/2015 6:34 PM, Fabian Santiago wrote:

eric,

i got it; had to increase my softlimit in
/var/qmail/supervise/submission/run

i set it to 1

thanks for your help. now i wonder what else i may find?

On Wed, Mar 25, 2015 at 8:23 PM, Fabian Santiago
fsanti...@garden-life.org mailto:fsanti...@garden-life.org wrote:

eric,

i've been reading around. my os is 64 bit. some people have
complained about that. is that the culprit maybe?

On Wed, Mar 25, 2015 at 8:14 PM, Fabian Santiago
fsanti...@garden-life.org
mailto:fsanti...@garden-life.org wrote:

yes i did:

@400055134e0918cd9df4 tcpserver: ok 2013
mail.deviltracks.net:127.0.0.1:587 :127.0.0.1::35577
@400055134e091a50ea64 tcpserver: end 2013 status 256
@400055134e091a50fa04 tcpserver: status: 0/100
@400055134eba1faa48fc tcpserver: status: 1/100
@400055134eba1fafcb24 tcpserver: pid 2176 from 127.0.0.1
@400055134eba1fb0a1fc tcpserver: ok 2176
mail.deviltracks.net:127.0.0.1:587 :127.0.0.1::35579
@400055134eba20533ee4 tcpserver: end 2176 status 256
@400055134eba20534a9c tcpserver: status: 0/100
@400055134ebb1794facc tcpserver: status: 1/100
@400055134ebb179b5b9c tcpserver: pid 2179 from 127.0.0.1
@400055134ebb179c26bc tcpserver: ok 2179
mail.deviltracks.net:127.0.0.1:587 :127.0.0.1::35581
@400055134ebb1846e994 tcpserver: end 2179 status 256
@400055134ebb1846f164 tcpserver: status: 0/100


On Wed, Mar 25, 2015 at 8:05 PM, Eric Broch
ebr...@whitehorsetc.com
mailto:ebr...@whitehorsetc.com wrote:

Did you look in the submission log
(/var/log/qmail/submission/current)?

On 3/25/2015 5:51 PM, Fabian Santiago wrote:

eric,

no log entries i can see.

squirrel interface reports:
Message not sent. Server replied:

Temporary authentication failure
454 oops, problem with child and I can't auth
(#4.3.0)


and this is centos 6.6.

thanks.

Fabian S.


On Wed, Mar 25, 2015 at 6:11 PM, Eric Broch
ebr...@whitehorsetc.com
mailto:ebr...@whitehorsetc.com wrote:

And, is this the error in the submission/smtp
log (if not could you post it) or the error that
you get at the squirrelmail interface.

 

Re: [qmailtoaster] CentOS5.11 update not working

[Dan McAllister]

I wish I could, but I'm afraid I don't have access to the master repo 
server.


I will, however, write to Eric and ask to be given said access, if 
nothing more than to have some backup.



Dan


On 3/19/2015 4:50 AM, Bharath Chari wrote:
Shouldn't this be promoted to the mirrors? I know EricS is not 
available currently, but Dan may be able to get it on to the master.


Bharath
On 03/19/2015 02:44 AM, Eric Broch wrote:

EriK,

Here's the most recent spamassassin

rpm:
ftp://ftp.whitehorsetc.com/pub/qmail/CentOS5/qmt/srpms/spamassassin-toaster-3.4.0-1.4.4.src.rpm 



srpm:
ftp://ftp.whitehorsetc.com/pub/qmail/CentOS5/qmt/rpms/x86_64/spamassassin-toaster-3.4.0-1.4.4.x86_64.rpm 



EricB


On 3/18/2015 1:05 AM, Erik Wramner wrote:

Thanks a lot, I've been waiting for that!

-Erik

-Original Message-
From: Eric Broch [mailto:ebr...@whitehorsetc.com]
Sent: Sunday, March 15, 2015 1:14 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] CentOS5.11 update not working

Hi Tony,

Here's the CentOS 5 rpm and srpm for ClamAV

rpm:
ftp://ftp.whitehorsetc.com/pub/qmail/CentOS5/qmt/rpms/x86_64/clamav-toaster-0.98.6-1.4.10.x86_64.rpm 


srpm:
ftp://ftp.whitehorsetc.com/pub/qmail/CentOS5/qmt/srpms/clamav-toaster-0.98.6-1.4.10.src.rpm 



I've rolled my own Spamassassin one and have been testing it on my 
server for about 1 1/2 months. I'll get it up on my site as soon as 
I can.


Eric

On 3/12/2015 4:48 PM, Tony White wrote:

Hi Eric,
   Sorry it took so long to get back to you.
Yes, in fact there are what I was referring to!
Is there a way of me getting hold of them please?

Appreciate it very much.

best wishes
   Tony White


On 8/03/2015 07:53, Eric Broch wrote:

On 3/7/2015 12:41 AM, Tony White wrote:

Hi folks,
Have I missed something about no more updates for CentOS5?


No, I don't think so, but what do you need? I've rolled my own
Spamassassin and ClamAV packages for CentOS 5

-
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com





-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com




-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com





-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] remuve domain alias

[Dan McAllister]

First, you need to remove the domain domainpippo.it entirely from your 
setup...


   probably best to use /# //*vdeldomain*//*domainpippo.it*/

Subsequently, re-add the domain as a regular domain...

   /# //*vadddomain domainpippo.it *//postmaster password/

I hope this helps

Dan
IT4SOHO

On 3/3/2015 1:27 PM, Giuseppe Perna wrote:

Hello,
in /var/qmail/users/assign i have domain alias

+domainpippo.it-:domainprincipal.it:89:89:/home/vpopmail/domains/domainprincipal.it:-::

I want to remove the alias and create a mail domain for normal domainpippo.it.
how should I do?
thank you





i have this configuration:

rpm -qa | grep toaster
ucspi-tcp-toaster-0.88-1.3.9
maildrop-toaster-2.0.3-1.3.8
control-panel-toaster-0.5-1.4.0
libdomainkeys-toaster-0.68-1.3.6
qmail-pop3d-toaster-1.03-1.3.22
squirrelmail-toaster-1.4.20-1.3.17
qmailtoaster-plus.repo-0.2-2
vpopmail-toaster-5.4.33-1.4.0
daemontools-toaster-0.76-1.3.6
libsrs2-toaster-1.0.18-1.3.6
courier-authlib-toaster-0.59.2-1.3.10
ripmime-toaster-1.4.0.6-1.3.6
autorespond-toaster-2.0.5-1.4.0
courier-imap-toaster-4.1.2-1.3.10
isoqlog-toaster-2.1-1.3.7
maildrop-toaster-devel-2.0.3-1.3.8
qmailmrtg-toaster-4.2-1.3.7
send-emails-toaster-0.5-1.4.0
spamassassin-toaster-3.3.2-1.4.3
vqadmin-toaster-2.3.7-1.4.1
qmailtoaster-plus-0.3.2-1.4.19
ezmlm-toaster-0.53.324-1.3.6
qmail-toaster-1.03-1.3.22
ezmlm-cgi-toaster-0.53.324-1.3.6
qmailadmin-toaster-1.2.16-1.4.0
simscan-toaster-1.4.0-1.4.0
clamav-toaster-0.97.6-1.4.2









--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!

Re: [qmailtoaster] QMT on CentOS6 64bit Bug in QmailAdmin Change Password and Dovecot Update Lagging

[Dan McAllister]

Actually, I think your prior experience (on what made it work) points us 
in another direction.
Specifically, you said making the password change in qmailadmin worked 
everywhere BUT Dovecot, and restarting Dovecot made it work there too...
This would leave me to believe that Dovecot is caching passwords from 
the MySQL database, and probably has to be told to stop doing so.


Just my thoughts -- I had trouble with Dovecot on a large heavy-use 
server and switched back to courier, so I don't use dovecot myself.


Dan McAllister


On 1/27/2015 8:52 PM, Edwin C wrote:

Yes, there is absolutely nothing in dovecot.log

This has been going on since CentOS5 with the manual switch from 
courier to dovecot.


Seems courier has always worked in password synchronization 
automatically with change in qmailadmin.


But dovecot i have yet to see it work.  Maybe no one has put in the 
functionality yet in qmailadmin?  Maybe just order a restart every 
time a password change is made?


Best wishes,
Edwin

On Jan 27, 2015, at 10:54 PM, Eric Broch ebr...@whitehorsetc.com 
mailto:ebr...@whitehorsetc.com wrote:



Edwin,

Interesting. Have you looked in the dovecot log to see what's going on?

EricB

On 1/27/2015 12:20 AM, Edwin C wrote:
I have installed on a VPS under Linode 1GB Memory 1 CPU a QMT on 
CentOS6 64bit


I found a definite bug in QmailAdmin Change Password with Dovecot 
Update Lagging


So I can go to qmailadmin and change my user password...

...but when I log out and try to login again with the NEW password I 
get an error:


Error: ERROR: Connection dropped by IMAP server.
Query: LOGOUT

I try logging in again and use the OLD password and I get in.

The only time I can get in with the new password is if restart dovecot:

# service dovecot restart

I have repeated this experiment with qmailadmin in squirrelmail and 
from outside just qmailadmin independent.


I also upgraded qmailadmin to testing 
http://mirror3.qmailtoaster.com/testing/CentOS/6/x86_64/qmailadmin-1.2.16-1.qt.el6.x86_64.rpm 



But I still have the same problem with this lag in dovecot updating 
/ synchronizing with a just changed password.


As a work around, I resort to doing a cron job to restart dovecot 
every few minutes just so any change in password will be caught and 
updated.


Maybe the guys in charge of Qmailadmin - Dovecot modules can 
coordinate to get this updating done?


Or if you have a fix, already post it here?

Best wishes,
Edwin






--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!

Re: [qmailtoaster] Stopping links like ransomware before delivery

[Dan McAllister]

Tony:

There are options in simcontrol to disallow certain extensions in 
attachments (by default, they're .mp3, .src, .bat, and .pif) and by 
adding more (say, .exe?) you can block those attachments completely... 
however there is nothing you can do in the /server /(or in the message) 
that will tell (or force) the email client NOT to run an attachment. 
That is totally the purview of the client software. (THIS IS WHY I tell 
my users to NEVER use the preview pane!)


   In the words of Comedian Ron White: *You've all kinds of plastic
   surgery options that can fix all kinds of ugly... but you can't fix
   stupid.*


By which I mean that you cannot possibly engineer enough safeguards to 
prevent users from doing stupid things.


Afraid that's the best advise I've got on this one :)

Dan McAllister
IT4SOHO



On 1/26/2015 10:46 PM, Tony White wrote:

Hi folks,
  Has anyone any idea how to safely change links in emails to force 
them to not autorun?
A client recently had an email that had a link to ransomware which 
encrypted not only

the users local drive but the mapped drives as well.
  Luckily we had a backup from the prior night so not too big a loss. 
It would have been

better to not have the link autorun in the first place.





--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!

Re: [qmailtoaster] Could anyone resolve this webmail issue

[Dan McAllister]

You mention that some users are connected fine -- any chance you're 
running out of IMAP instances? (Yes, there are limits)


Dan
IT4SOHO

On 1/20/2015 6:48 AM, Finn Buhelt wrote:

Hi Manikandan.

A quick search using Google gave this :

http://squirrelmail.org/wiki/MailServerIMAPProblem


Have a look and see if something in here can help solve Your issue.

Cheers
/Finn

Den 20-01-2015 kl. 12:27 skrev ChandranManikandan:

Error: Connection Dropped by IMAP. QUERY Logout


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Forcing authentication (submission) for all users

[Dan McAllister]

If I had my druthers, a stock QMT would come with SpamDyke 
pre-installed... not so much so that I could block a great deal of SPAM, 
but because the SpamDyke control of the qmail-smtp is so easy.


So, here is how *I* do it:
 1) Port 25 (SMTP) is for receiving mail INTO my server ONLY (that is, 
inbound mail TO my users):

 - There are is NO AUTH on this port... PERIOD!
 - There is no relaying on this port either (unless I have an 
smtproutes entry)

 - While I do allow TLS, I do not require it.
Here is my EHLO reply on port 25:

   250-mail.myserver.com - Welcome
   250-STARTTLS
   250-PIPELINING
   250-8BITMIME
   250-SIZE 67108864
   250 X-NOTHING

I accomplish this by setting the *SPAMDYKEFLAGS *entry in the file 
_*/var/qmail/control/smtp/run*_ to show a DIFFERENT config file:


   SPAMDYKE=/usr/local/bin/spamdyke
   SPAMDYKEFLAGS=-f /etc/spamdyke/smtp.conf

Then, in the _*smtp.conf*_ file, I create an entry:

   smtp-auth-level=none

 2) Port 587 (SUBMISSION) is for outbound mail ONLY (that is, outbound 
mail FROM my users):

 - AUTH is required on this port
 - On some servers, I REQUIRE TLS, but on most it is allowed but not 
required.

Here is my EHLO reply on port 587:

   250-mail.myserver.com - Welcome
   250-STARTTLS
   250-PIPELINING
   250-8BITMIME
   250-SIZE 67108864
   250 AUTH LOGIN PLAIN CRAM-MD5

I accomplish this by setting the *SPAMDYKEFLAGS *entry in the file 
_*/var/qmail/control/submission/run*_ to show a DIFFERENT config file:


   SPAMDYKE=/usr/local/bin/spamdyke
   SPAMDYKEFLAGS=-f /etc/spamdyke/submission.conf

Then, in the _*submission*__*.conf*_ file, I create an entry:

   smtp-auth-level=always

NOTE: To REQURE TLS, use always-encrypted instead of just always

 3) On systems that have valid SSL certificates, I have a port 465 
(SMTP-SSL) port open as well

 - AUTH is required on this port
 - I REQUIRE TLS or SSL
I cannot show you the EHLO reply, as I don't have a tool to do the TLS 
decryption for me :)


Still, I accomplish this by setting the *SPAMDYKEFLAGS *entry in the 
file _*/var/qmail/control/smtp-ssl/run*_ to show a DIFFERENT config file:


   SPAMDYKE=/usr/local/bin/spamdyke
   SPAMDYKEFLAGS=-f /etc/spamdyke/smtp-ssl.conf

Then, in the _*smtp-ssl*__*.conf*_ file, I create an entry:

   smtp-auth-level=always-encrypted

So the point is that you can configure SpamDyke to behave totally 
differently on all 3 SMTP ports (25, 587,  if you want, 465) simply by 
setting the config file to be unique in the supervise/run script for 
each port.


I hope this helps others...

Dan McAllister



On 12/15/2014 3:33 PM, Peter Peltonen wrote:

Hi,

I would like to force all users using my toaster to send mail to
authenticate. I've now managed to get Squirrelmail and Horde do that.
But I would like to know how to do this also with other (web)servers
that use the toaster as a smarthost? The other servers are running
Postfix.

Another thing I remember that has been discussed in this list, but
what I couldn't find by searching the archives, was that if all users
authenticate, then one could blacklist all local domains in Spamdyke?
Is that advice still valid (and why should one do it, I'm curious)?

Another thing I'm thinking is about local user accounts on the toaster
server. How are those handled if localhost is not allowed to relay
mail? Do they inject the mail to qmail directly without using smtp?

Regards,
Peter

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!

Re: [qmailtoaster] Forcing authentication (submission) for all users

[Dan McAllister]

OOPS -- I should have pointed out that I use QMail flags to control this 
behavior too...


I have made corrected notations below...

If I had my druthers, a stock QMT would come with SpamDyke 
pre-installed... not so much so that I could block a great deal of SPAM, 
but because the SpamDyke control of the qmail-smtp is so easy.


So, here is how *I* do it:
 1) Port 25 (SMTP) is for receiving mail INTO my server ONLY (that is, 
inbound mail TO my users):

 - There are is NO AUTH on this port... PERIOD!
 - There is no relaying on this port either (unless I have an 
smtproutes entry)

 - While I do allow TLS, I do not require it.
Here is my EHLO reply on port 25:

   250-mail.myserver.com - Welcome
   250-STARTTLS
   250-PIPELINING
   250-8BITMIME
   250-SIZE 67108864
   250 X-NOTHING

I accomplish this by setting the *SPAMDYKEFLAGS *entry in the file 
_*/var/qmail/control/smtp/run*_ to show a DIFFERENT config file. The 
other special settings are shown too:


   SPAMDYKE=/usr/local/bin/spamdyke
   SPAMDYKEFLAGS=-f /etc/spamdyke/smtp.conf
   export SMTPAUTH=0
   export REQURE_AUTH=0
   export SMTPS=0

Then, in the _*spamdyke/*__*smtp.conf*_ file, I create an entry:

   smtp-auth-level=none


 2) Port 587 (SUBMISSION) is for outbound mail ONLY (that is, outbound 
mail FROM my users):

 - AUTH is required on this port
 - On some servers, I REQUIRE TLS, but on most it is allowed but not 
required.

Here is my EHLO reply on port 587:

   250-mail.myserver.com - Welcome
   250-STARTTLS
   250-PIPELINING
   250-8BITMIME
   250-SIZE 67108864
   250 AUTH LOGIN PLAIN CRAM-MD5

I accomplish this by setting the *SPAMDYKEFLAGS *entry in the file 
_*/var/qmail/control/submission/run*_ to show a DIFFERENT config file. 
The other special settings are shown too:


   SPAMDYKE=/usr/local/bin/spamdyke
   SPAMDYKEFLAGS=-f /etc/spamdyke/submission.conf
   export SMTPAUTH=1
   export REQUIRE_AUTH=1
   export SMTPS=0  (or =1 if you want to force SSL/TLS)

Then, in the _*spamdyke/submission*__*.conf*_ file, I make sure the 
smtp-auth-level is NOT SET:


   #smtp-auth-level=none

NOTE: This tells spamdyke to allow qmail to authenticate

 3) On systems that have valid SSL certificates, I have a port 465 
(SMTP-SSL) port open as well

 - AUTH is required on this port
 - I REQUIRE TLS or SSL
I cannot show you the EHLO reply, as I don't have a tool to do the TLS 
decryption for me :)


Still, I accomplish this by setting the *SPAMDYKEFLAGS *entry in the 
file _*/var/qmail/control/smtp-ssl/run*_ to show a DIFFERENT config file:


   SPAMDYKE=/usr/local/bin/spamdyke
   SPAMDYKEFLAGS=-f /etc/spamdyke/smtp-ssl.conf
   export SMTPAUTH=1
   export REQUIRE_AUTH=1
   export SMTPS=1

Then, in the _*spamdyke/smtp-ssl*__*.conf*_ file, I make sure the 
smtp-auth-level is NOT SET:


   #smtp-auth-level=none

NOTE: This tells spamdyke to allow qmail to authenticate


So the point is that you can configure SpamDyke to behave totally 
differently on all 3 SMTP ports (25, 587,  if you want, 465) simply by 
setting the config file to be unique in the supervise/run script for 
each port, and changing some of the environment variables in the 
supervise/run script.


I hope this helps others...

Dan McAllister

--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!

Re: [qmailtoaster] Forcing authentication (submission) for all users

[Dan McAllister]

On 12/18/2014 10:08 AM, Peter Peltonen wrote:

On 12/15/2014 3:33 PM, Peter Peltonen wrote:

Hi,

I would like to force all users using my toaster to send mail to
authenticate. I've now managed to get Squirrelmail and Horde do that.
But I would like to know how to do this also with other (web)servers
that use the toaster as a smarthost? The other servers are running
Postfix.
The solution I posted above will not only force users to authenticate, 
but also force them to use either submission or smtp-ssl to send 
messages. The point to that is you can put all your most sophisticated 
spam-filtering on the port 25 interface, and worry less about the other 2.

Another thing I remember that has been discussed in this list, but
what I couldn't find by searching the archives, was that if all users
authenticate, then one could blacklist all local domains in Spamdyke?
Is that advice still valid (and why should one do it, I'm curious)?
I do not know of any good reason to blacklist local domains -- in fact, 
not only do I not know what this would accomplish, I think it would 
break inter-domain messages.


If someone else can recall the reason or desired affect of this, I'm all 
ears! :)

Another thing I'm thinking is about local user accounts on the toaster
server. How are those handled if localhost is not allowed to relay
mail? Do they inject the mail to qmail directly without using smtp?
Localhost should be allowed to relay mail -- that's how your typical web 
interface works (the open relay is set to 127.0.0.1 in the tcp.smtp 
setting).
Personally, I don't even allow local admins to have shell accounts, 
unless they are experienced Linux user/admins. The dangers are just too 
many. Thus, the only place most of my users have an account is in 
vpopmail (and that is a mailbox account).


Sorry I can't be of more help... the one hole I still am not 
comfortable with is that, once authenticated, a user can send as anyone. 
I wish there was a per-user setting that would allow me to override 
that, but I also wish my mailserver could read my mind and block all the 
messages I don't want to see... I don't think I'll get that anytime 
soon, either! :)


Dan

--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] OT Outlook 2013

[Dan McAllister]

Gilbert:

The list of complaints about Outlook 2013 connecting to anything BUT 
Exchange is long and vociferous. MS really stepped on their middle-leg 
on Outlook 2013! And by all accounts, so long as it works with Exchange, 
they don't really care.


The typical MS response to the particular issue you're having is that 
you should create a new profile and try it.


Sorry to be the bearer of bad news (or news of little help). -- don't 
shoot the messenger!! --


Dan

On 12/3/2014 3:39 PM, Gilbert T. Gutierrez, Jr. wrote:
Has anyone ever had an issue with Outlook connecting to QMT? I have a 
machine that is killing me, it fails if I set it to authenticate POP3 
or IMAP. It either hangs and provides an error or it just says wrong 
username and password. The account works, I know that much because I 
can log into it with other clients on other machines.


Gilbert

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] OT Outlook 2013

[Dan McAllister]

I have a number of clients who have switched back to Office 2010 from 
the 2013 suite. To get the downgrade rights, you have to purchase 
something from MS (not entirely sure what), but you make the purchase on 
a subscription -- and that earns you downgrade rights!


Dan McAllister


On 12/5/2014 1:54 PM, Helmut Fritz wrote:

FWIW, we have stuck with Outlook 2007 at my real job company, no issues.  No
real reason to upgrade to Office 2013 suite (may or may not apply to you).

-Original Message-
From: Dan McAllister [mailto:q...@it4soho.com]
Sent: Friday, December 05, 2014 10:15 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] OT Outlook 2013

Gilbert:

The list of complaints about Outlook 2013 connecting to anything BUT
Exchange is long and vociferous. MS really stepped on their middle-leg on
Outlook 2013! And by all accounts, so long as it works with Exchange, they
don't really care.

The typical MS response to the particular issue you're having is that you
should create a new profile and try it.

Sorry to be the bearer of bad news (or news of little help). -- don't shoot
the messenger!! --

Dan

On 12/3/2014 3:39 PM, Gilbert T. Gutierrez, Jr. wrote:

Has anyone ever had an issue with Outlook connecting to QMT? I have a
machine that is killing me, it fails if I set it to authenticate POP3
or IMAP. It either hangs and provides an error or it just says wrong
username and password. The account works, I know that much because I
can log into it with other clients on other machines.

Gilbert

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com



--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] spam from my own domain

[Dan McAllister]

Rajesh:

You have edited the log file, so I'm forced to suppose -- but most of 
this kind of SPAM that *I* am seeing these days looks like this:


   From: u...@mydomain.com otheru...@actual.spam.source.ru

The message APPEARS to be from u...@mydomain.com, but that is actually 
just the text name given to the FROM account.
The message then passes SPF because the sending host is listed as a 
verified sender for the domain source.ru or wherever it is coming from.


If this isn't the issue, please advise. If you're not comfortable 
posting the actual headers, please feel free to send them directly to me 
(vs. the list) so I can see more clearly what is happening.


Dan McAllister
QMT DNS/Mirror Admin

On 12/4/2014 1:23 AM, Rajesh M wrote:

hi

mydomain.com email service on my server.

i recd a spam from u...@mydomain.com, from the spammer's server.

the mailfrom shows as : u...@mydomain.com

Return-Path: apa...@lackdesign.cz

i use spf qmail spf check at level 2

logically Received-SPF is supposed to show as spf failed, however it is showing 
as pass.

is it because of the envelope sender, ie Return-Path header ?

could you please let me know what additional steps i need to take to prevent 
such spam with mailfrom as my own domain.


Return-Path: apa...@lackdesign.cz
Delivered-To: u...@mydomain.com
Received: (qmail 23216 invoked by uid 89); 3 Dec 2014 12:25:54 -
Received: by simscan 1.4.0 ppid: 23141, pid: 23209, t: 1.2472s
  scanners: attach: 1.4.0 clamav: 0.98.4/m: spam: 3.3.2
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
  ns1.y.com
X-Spam-Level:
X-Spam-Status: No, score=0.9 required=5.0 
tests=HTML_MESSAGE,MIME_HTML_ONLY,T_REMOTE_IMAGE,URI_HEX,headerSPFPASS
  autolearn=disabled version=3.3.2
Received: from unknown (HELO etna.w2hosting.cz) (82.208.49.33)
  by ns1.y.com with SMTP; 3 Dec 2014 12:25:52 -
Received-SPF: pass (ns1.y.com: SPF record at lackdesign.cz designates 
82.208.49.33 as permitted sender)
Received: from etna.w2hosting.cz (localhost.localdomain [127.0.0.1])
  (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
  (No client certificate requested)
  by etna.w2hosting.cz (Postfix) with ESMTPS id 216B0C687F
  for u...@mydomain.com; Wed, 3 Dec 2014 13:25:43 +0100 (CET)
Received: (from apache@localhost)
  by etna.w2hosting.cz (8.14.4/8.14.4/Submit) id sB3CPgqc017685;
  Wed, 3 Dec 2014 13:25:42 +0100
Date: Wed, 3 Dec 2014 13:25:42 +0100
Message-Id: 201412031225.sb3cpgqc017...@etna.w2hosting.cz
X-Authentication-Warning: etna.w2hosting.cz: apache set sender to 
apa...@lackdesign.cz using -f
To: u...@mydomain.com
Subject: [ PayPal ] : About Your Account . #PP-ID = 68872897358073360
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
From: u...@mydomain.com

rajesh




-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!

Re: [qmailtoaster] Re: Need help: How to setup qmailtoaster

[Dan McAllister]

Just to be clear -- I know/knew how to install with the new RPMs -- and 
I think anyone who follows the list would know as well.


But that does not account for NEW USERS. Who generally are looking for a 
way to install QMail into an existing server, and are looking to QMT to 
make that easier.


Dan McAllister
IT4SOHO


On 11/6/2014 9:51 PM, ChandranManikandan wrote:

Hi,
Try below steps to install QMT in Centos 6.5

*_Centos 6.5 64 Bit QMT install_*

1.install CentOS minimal

url : http://mirror.upsi.edu.my/centos/6.5/isos/x86_64/

2. curl 
https://raw.github.com/QMailToaster/qmailtoaster-util/master/qt-bootstrap-1 qt-bootstrap-1


3. sh qt-bootstrap-1

(system will reboot)

4. curl 
https://raw.github.com/QMailToaster/qmailtoaster-util/master/qt-bootstrap-2 qt-bootstrap-2


vi qt-bootstrap-2

Change:

http://mirrors.qmailtoaster.com/*current*/nodist/qmailtoaster-release-2.0-1.qt.nodist.noarch.rpm

To:

http://mirrors.qmailtoaster.com/*testing*/nodist/qmailtoaster-release-2.0-1.qt.nodist.noarch.rpm

5. cd /etc/yum.repos.d

*vi qmailtoaster-nodist.repo*

*Script is below*

**

# qmailtoaster-nodist.repo

#

# The QmailToaster nodist repo supports multiple distros, as well as 
universal


# rpms containing scripts that can be used on any platform or arch.

#

# Packages for specific distros are found by their respective repo file.

#

# The 'current' repos are considered production worthy, aka stable.

# The 'testing' repos are considered beta, and should not be used in 
production.


# The 'devel' repos are considered alpha, and should be used only by 
developers.


#

# Packages in the current repos have all been promoted from testing,

# and signed with the qmailtoaster key.

# If you have installed a package from the testing repo, there is no 
purpose


# in reinstalling it after it's been promoted into current.

#

# Packages in testing have been newly built (they're not development 
copies),


# and are signed with the qmailtoaster key.

#

# Packages in devel may or may not be signed by the developer.

#

# If the mirrorlist= does not work for you, as a fall back you can try 
the


# remarked out baseurl= line instead.

#

# current (stable) packages

[qmailtoaster-current-nodist]

name=QmailToaster current - nodist (universal)

mirrorlist=http://mirrors.qmailtoaster.com/current/nodist/mirror.list

#baseurl=http://mirrors.qmailtoaster.com/current/nodist

enabled=0

gpgcheck=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qmailtoaster

priority=7

# packages being tested, not for production hosts

[qmailtoaster-testing-nodist]

name=QmailToaster testing - nodist (universal)

mirrorlist=http://mirrors.qmailtoaster.com/testing/nodist/mirror.list

#baseurl=http://mirrors.qmailtoaster.com/testing/nodist

enabled=1

gpgcheck=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qmailtoaster

priority=7

# packages being developed, for developer use only

[qmailtoaster-devel-nodist]

name=QmailToaster devel - nodist (universal)

mirrorlist=http://mirrors.qmailtoaster.com/devel/nodist/mirror.list

#baseurl=http://mirrors.qmailtoaster.com/devel/nodist

enabled=0

gpgcheck=0

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-shubes

priority=7

**

{{{ Same in qmailtoaster-dist.repo }}}

*Vi qmailtoaster-dist.repo*

# qmailtoaster-centos.repo

#

# The current repo is considered production worthy, aka stable.

# The testing repo is considered beta, and should not be used in 
production.


# The devel repo is considered alpha, and should be used only by 
developers.


#

[qmailtoaster-current]

name=QmailToaster current - CentOS $releasever

mirrorlist=http://mirrors.qmailtoaster.com/current/CentOS/mirror.list

enabled=0

gpgcheck=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qmailtoaster

priority=7

# packages being tested, not for production hosts

[qmailtoaster-testing]

name=QmailToaster testing - CentOS $releasever

mirrorlist=http://mirrors.qmailtoaster.com/testing/CentOS/mirror.list

enabled=1

gpgcheck=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qmailtoaster

priority=7

# packages being developed, for developer use only

[qmailtoaster-devel]

name=QmailToaster development - CentOS $releasever

mirrorlist=http://mirrors.qmailtoaster.com/devel/CentOS/mirror.list

enabled=0

gpgcheck=0

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-shubes

priority=7

enabled from 1 to 0 in the [qmailtoaster-current] and from 0 to 1 in 
the [qmailtoaster-testing].


save and run yum clean all

6. sh qt-bootstrap-2

7. qt-install

8. Set mysql root password for the following installation option.

8. service dovecot restart and chkconfig dovecot on

*Configure domain*

add a domain:

 /home/vpopmail/bin/vadddomainyour-domain.com  http://your-domain.com  
postmaster-password

Add a user:
 /home/vpopmail/bin/vadduser...@your-domain.com  mailto:y...@your-domain.com  
your-password

**

Edit /etc/php.ini and set register_globals = On
 service httpd restart
  
  
Bring up your browser and go to:

 http://www.your-domain.com

Re: [qmailtoaster] Re: Need help: How to setup qmailtoaster

[Dan McAllister]

Eric:

Might I make a STRONG suggestion that we point potential NEW USERS of 
QMT to this via our website (or some other Google'able location).


I know when I need to do a clean install on a VM a few weeks ago, I 
spent nearly 20 minutes searching in old emails to find the install scripts.


Thanks

Dan




On 11/6/2014 7:40 AM, Eric Shubert wrote:

On 11/05/2014 05:21 AM, Merry Ahuja wrote:

Hi All,

I want to setup qmailtoaster. Can anyone give me steps to install the
same or a link.

Thanks
https://github.com/QMailToaster/qmailtoaster-util/blob/master/README.install 






--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: SpamAssassin (continued)

[Dan McAllister]

On 10/21/2014 10:18 PM, Eric Shubert wrote:

On 10/21/2014 05:45 PM, Dan McAllister wrote:

OK, to review:

  I have a QMT install that doesn't seem to be running SpamAssassin
against inbound mail. I hope here to show what is going on so that
someone can interpret the logs (better than I can).

I have setup a forward on the domain that is not being scanned properly.
Messages go into the account (through what should be a spam/virus
scanner) and then gets bounced back to my regular mail server.

Here are the header entries for the message going into the client's mail
server (remember, log file entries work their way UP -- that is, new log
entries go at the TOP of the header):

*Received:*(qmail 13916 invoked by uid 89); 22 Oct 2014 00:10:45 
-

*Received:*by simscan 1.4.0 ppid: 13908, pid: 13912, t: 0.3950s
  scanners: attach: 1.4.0 clamav: 0.98.1/m:55/d:19525
*Received:*from unknown (HELO b-b-b.com) (u...@it4soho.com
https://mail.it4soho.com/src/compose.php?send_to=dan%40it4soho.com@10.11.12.13)
by
  mail.host.com with ESMTPA; 22 Oct 2014 00:10:45 -

And here are the headers for when the message comes back into my 
server...


*Received:*(qmail 13967 invoked by uid 89); 22 Oct 2014 00:11:03 
-

*Received:*by simscan 1.4.0 ppid: 13952, pid: 13955, t: 3.6881s
  scanners: attach: 1.4.0 clamav: 0.98.1/m:55/d:19525 spam: 
3.3.2

*X-Spam-Checker-Version:*SpamAssassin 3.3.2 (2011-06-06) on
host.it4soho.com
*X-Spam-Level:
*X-Spam-Status:*No, score=3.3 required=5.0
tests=AWL,BAYES_99,HTML_MESSAGE,
  RDNS_NONE autolearn=no version=3.3.2
*Received:*from unknown (HELO a-a-a.com) (1.2.3.4)
  by mail.it4soho.com with SMTP; 22 Oct 2014 00:11:00 -

Note the conspicuous ABSENCE of the X-Spam-* entries that come from
SpamAssassin in the first collection...

Now, when I look at the contents of the spamd log file, I see the same
types of entries I see in the main server that DOES put the headers
where they are expected.

So I am next thinking there is an issue with SpamAssassin itself... but
I have ZERO experience with SA (I have so much else to do, I typically
turn it on and just let it go! Never debugged SA before!) :)

Any help is appreciated..

Dan
IT4SOHO


I'm real glad other have chimed in, because from what you've 
described, I don't really have a clue.


The Received: by simscan line above shows that spamassassin isn't 
being used. Yet your simcontrol says that it should be.


I think EricB may be on to something. Run cdb to activate the latest 
simcontrol file.


Short of that, I'd like to see samples of your spamd log file, and the 
contents of your local.cf configuration file. Maybe something's 
defeating sa there.


Who knows what you did to turn it off??? ;)
The normal way would be to modify the simcontrol file, then run 
qmailctl cdb.


Let us know how you make out.
Thanks.



Agreed - the normal way would be the simcontrol file followed by a CDB 
rebuild... but I checked that first...


Per the OTHER Eric's request:
1) spamd is in the /var/qmail/supervise folder and the run file matches 
my good server

exec /usr/bin/spamd -x -u vpopmail -s stderr 21
2) the contents of the simcontrol file have been posted already, but are:
:clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif
3) per Eric Shubert's request, contents of the spamd log file

   # qmlog spamd | tail
   10-22 09:29:09 Oct 22 09:29:09.397 [7613] info: spamd: connection
   from localhost [127.0.0.1] at port 50523
   10-22 09:29:09 Oct 22 09:29:09.401 [7613] info: spamd: processing
   message 053A7D23649B4DB25B2DBE8718FFE98FE55CF97F@APPSERVER3 for
   clamav:89
   10-22 09:29:09 Oct 22 09:29:09.899 [7613] info: spamd: clean message
   (1.3/5.0) for clamav:89 in 0.5 seconds, 8275 bytes.
   10-22 09:29:09 Oct 22 09:29:09.899 [7613] info: spamd: result: . 1 -
   HTML_MESSAGE,RDNS_NONE
   
scantime=0.5,size=8275,user=clamav,uid=89,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=50523,mid=053A7D23649B4DB25B2DBE8718FFE98FE55CF97F@APPSERVER3,autolearn=no
   10-22 09:29:09 Oct 22 09:29:09.933 [27470] info: prefork: child
   states: II
   10-22 09:29:32 Oct 22 09:29:32.780 [7613] info: spamd: connection
   from localhost [127.0.0.1] at port 50525
   10-22 09:29:32 Oct 22 09:29:32.784 [7613] info: spamd: processing
   message 696d8c8c293aecacc28402d816919...@oesty.com for clamav:89
   10-22 09:29:32 Oct 22 09:29:32.963 [7613] info: spamd: clean message
   (1.2/5.0) for clamav:89 in 0.2 seconds, 9156 bytes.
   10-22 09:29:32 Oct 22 09:29:32.964 [7613] info: spamd: result: . 1 -
   DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,RDNS_NONE
   
scantime=0.2,size=9156,user=clamav,uid=89,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=50525,mid=696d8c8c293aecacc28402d816919...@oesty.com,autolearn=no
   10-22 09:29:32 Oct 22 09:29:32.999 [27470] info: prefork: child
   states: II

I'm learning more and more about simscan

Re: [qmailtoaster] SpamAssassin

[Dan McAllister]

On 10/20/2014 7:20 PM, Eric Broch wrote:

On 10/20/2014 3:48 PM, Dan McAllister wrote:

Question:

Apparently I setup a system previously (some 3-4 years ago?) and
didn't install (or bypassed) spamassassin. How do I know? My sa-stats
is EMPTY!

I recall the client specifically telling me to keep it off, but now he
wants it on -- and I cannot remember how I disabled it.

My simcontrol says
 :clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif

My /etc/mail/spamassassin folder contents look right... sa-check-spamd
has a response time of .425 seconds, so appears good.

Any ideas?

Thanks

Dan McAllister
IT4SOHO






You can also tell if Spamassassin is working by looking at the header of
an email which will look like the following:

Received: by simscan 1.4.0 ppid: 27054, pid: 27056, t: 0.7393s
  scanners: attach: 1.4.0 clamav: 0.98.4/m:55/d:19522 spam: 3.3.2
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
myhost.mydomain.com
X-Spam-Level: *
X-Spam-Status: No, score=1.3 required=5.0 tests=AWL,RDNS_NONE autolearn=no
version=3.3.2



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


I'm getting into simscan, but apparently not spamassassin

Received: (qmail 9099 invoked by uid 89); 21 Oct 2014 12:28:57 -
Received: by simscan 1.4.0 ppid: 9090, pid: 9093, t: 0.1857s scanners:
 attach: 1.4.0 clamav: 0.97.6/m:55/d:19522 spam: 3.3.2
Received: from unknown (HELO mail-yh0-f44.google.com) (209.85.213.44)  by
 cesfl.com with SMTP; 21 Oct 2014 12:28:57 -
Received-SPF: pass (cesfl.com: SPF record at _netblocks.google.com designates 
209.85.213.44 as permitted sender)
Received: by mail-yh0-f44.google.com with SMTP id i57so1339354yha.3for
 it4s...@cesfl.com; Tue, 21 Oct 2014 05:28:51 -0700 (PDT)

Dan



--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] SpamAssassin

[Dan McAllister]

On 10/21/2014 10:04 AM, Johannes Weberhofer wrote:

Am 21.10.2014 um 14:31 schrieb Dan McAllister:

scanners:
  attach: 1.4.0 clamav: 0.97.6/m:55/d:19522 spam: 3.3.2


This lines indicate that you mail has been scanned by simscan using 
clamav 0.97.6 and spamassassin 3.3.2



Johannes:

Actually, the line indicates that the message is SCHEDULED to be scanned 
-- the headers for the results of BOTH appear to be missing.


I may wind up un-installing and re-installing -- but this is a live 
server with heavy use -- I'll have to redirect the traffic for a while 
to do that.


Dan

--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] SpamAssassin (continued)

[Dan McAllister]

OK, to review:

 I have a QMT install that doesn't seem to be running SpamAssassin 
against inbound mail. I hope here to show what is going on so that 
someone can interpret the logs (better than I can).


I have setup a forward on the domain that is not being scanned properly. 
Messages go into the account (through what should be a spam/virus 
scanner) and then gets bounced back to my regular mail server.


Here are the header entries for the message going into the client's mail 
server (remember, log file entries work their way UP -- that is, new log 
entries go at the TOP of the header):


   *Received:*(qmail 13916 invoked by uid 89); 22 Oct 2014 00:10:45 -
   *Received:*by simscan 1.4.0 ppid: 13908, pid: 13912, t: 0.3950s
 scanners: attach: 1.4.0 clamav: 0.98.1/m:55/d:19525
   *Received:*from unknown (HELO b-b-b.com) (u...@it4soho.com
   
https://mail.it4soho.com/src/compose.php?send_to=dan%40it4soho.com@10.11.12.13)
   by
 mail.host.com with ESMTPA; 22 Oct 2014 00:10:45 -

And here are the headers for when the message comes back into my server...

   *Received:*(qmail 13967 invoked by uid 89); 22 Oct 2014 00:11:03 -
   *Received:*by simscan 1.4.0 ppid: 13952, pid: 13955, t: 3.6881s
 scanners: attach: 1.4.0 clamav: 0.98.1/m:55/d:19525 spam: 3.3.2
   *X-Spam-Checker-Version:*SpamAssassin 3.3.2 (2011-06-06) on
   host.it4soho.com
   *X-Spam-Level:
   *X-Spam-Status:*No, score=3.3 required=5.0
   tests=AWL,BAYES_99,HTML_MESSAGE,
 RDNS_NONE autolearn=no version=3.3.2
   *Received:*from unknown (HELO a-a-a.com) (1.2.3.4)
 by mail.it4soho.com with SMTP; 22 Oct 2014 00:11:00 -

Note the conspicuous ABSENCE of the X-Spam-* entries that come from 
SpamAssassin in the first collection...


Now, when I look at the contents of the spamd log file, I see the same 
types of entries I see in the main server that DOES put the headers 
where they are expected.


So I am next thinking there is an issue with SpamAssassin itself... but 
I have ZERO experience with SA (I have so much else to do, I typically 
turn it on and just let it go! Never debugged SA before!) :)


Any help is appreciated..

Dan
IT4SOHO

[qmailtoaster] SpamAssassin

[Dan McAllister]

Question:

Apparently I setup a system previously (some 3-4 years ago?) and didn't 
install (or bypassed) spamassassin. How do I know? My sa-stats is EMPTY!


I recall the client specifically telling me to keep it off, but now he 
wants it on -- and I cannot remember how I disabled it.


My simcontrol says
:clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif

My /etc/mail/spamassassin folder contents look right... sa-check-spamd 
has a response time of .425 seconds, so appears good.


Any ideas?

Thanks

Dan McAllister
IT4SOHO





--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: user and group for vpopmail

[Dan McAllister]

I have an easier fix for the vpopmail vs vchkpw group ids -- make them 
the same number.


Unless some idiot programmer is looking at the NAME vchkpw or vpopmail, 
if you make them both GID 89 (or whatever), then all the checks will 
pass just fine.


Just a thought -- but it is a little after midnight here, so it may be a 
little off...


Dan McAllister
IT4SOHO


On 10/11/2014 11:41 AM, Eric Shubert wrote:

On 10/10/2014 06:15 AM, Quinn Comendant wrote:
I'm migrating a qmailtoaster installed in 2006 to a new server. I've 
come to an issue where the vpopmail-toaster package creates user 
vpopmail with group vchkpw:


{q@oak2/0 bin} groups vpopmail
vpopmail : vchkpw

However, on the old server, the vpopmail user was setup with group 
vpopmail:


{q@oak/0 ~} groups vpopmail
vpopmail : vpopmail

This is a problem because on the new server the vpopmail group was 
never created, and so rsync'ed data doesn't result in having the 
correct group when it arrives.


Was this a design change at one point, and what was the reason for it?


I'm not sure. It's been vchkpw as long as I can recall. I started 
using QMT around May'06 IIRC.



Recommended solution?


I'd simply chgrp -R /home/vpopmail/domains/* vchkpw after the rsync.

Also, is there an official source code repository for QMT? I tried to 
find the history of the vpopmail-toaster.spec to see when this change 
was introduced but didn't see any.


Sure is. It's in the same repo as everything else. You'll see SRPMS 
directories in the current/ and testing/ branches. There's also an 
archive/rpms directory on some of the mirrors, which contains all rpms 
back to Jan'06. If you go to http://mirrors.qmailtoaster.com/archive 
you may or may not find it. It'll always be on 
mirror1.qmailtoaster.com, although downloads from that site won't be 
the quickest.


Thanks for asking. This info should be on the wiki.



Thanks!

Quinn

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com








-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] Send/Receive quotas in QMT

[Dan McAllister]

QMT Enthusiasts:

I am in DESPERATE need of a way to rate-limit certain users on my 
system. Not only would it help me stop a sometimes well-intentioned, but 
otherwise abusive user, but it would also help limit the impact of 
virus-infected clients as well.


Specifically, I would like for there to be a way to limit users to, say, 
250 messages a day.  (We're talking outbound messages here, not inbound)


If it means moving this client away from QMT, so be it -- but I don't 
know of any other mail program that would do this either...


Any ideas?

Dan McAllister

--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] many failure notice - a failed spoof?

[Dan McAllister]

On 8/25/2014 11:27 AM, Jim Shupert wrote:

friends,

I have one user [ MrBlue } who is a valid user on my domain of  
theppjgroup.com


It seems MrBlue has been getting overloaded with failure notices..
I *Think
that someone is sending mail spoofing MrBlue -- but they do not have 
the password  -- so it fails

and My ( actual ) MrBlue then gets a a failure notice.

well,
 my mr blue is red with rage.
I wonder what i can do to relieve some of the pain?

below please find one of the failure notice

Thanks



-Original Message-
From: mailer-dae...@mailhost.theppjgroup.com
[mailto:mailer-dae...@mailhost.theppjgroup.com]
Sent: Friday, August 22, 2014 6:49 AM
To: mrb...@theppjgroup.com
Subject: failure notice

Hi. This is the qmail-send program at mailhost.theppjgroup.com.
I'm afraid I wasn't able to deliver your message to the following 
addresses.

This is a permanent error; I've given up. Sorry it didn't work out.

ca...@hotmail.com:
User and password not set, continuing without authentication.
65.54.188.126 does not like recipient.
Remote host said: 550 Requested action not taken: mailbox unavailable 
Giving

up on 65.54.188.126.

--- Below this line is a copy of the message.

Return-Path: mrb...@theppjgroup.com
Received: (qmail 8984 invoked by uid 89); 22 Aug 2014 10:48:53 -
Received: by simscan 1.3.1 ppid: 8975, pid: 8980, t: 0.3711s
 scanners: attach: 1.3.1 clamav: 0.95.2/m:
Received: from unknown (HELO ?192.168.249.85?)
(mrb...@theppjgroup.com@72.189.129.134)
  by mailhost.theppjgroup.com with ESMTPA; 22 Aug 2014 10:48:53 -
Content-Type: multipart/alternative;
 boundary0847007466868061251==
MIME-Version: 1.0
Message-ID: 53f7202f.2848...@theppjgroup.com
Date: Fri, 22 Aug 2014 13:49:19 +0300
From: KL Gates international mrb...@theppjgroup.com
Subject: Urgent indebtedness notification
To: ca...@hotmail.com

OK - So I want to take this opportunity to educate on the reading of 
Mail Headers


First, new header entries always go to the TOP, so to trace the path of 
a message, start at the bottom (of the header).

In the above example, the message STARTED with a header of:

   Date: Fri, 22 Aug 2014 13:49:19 +0300
   From: KL Gates international mrb...@theppjgroup.com
   Subject: Urgent indebtedness notification
   To: ca...@hotmail.com

At which point, your SMTP server collected it and added:

   Received: from unknown (HELO ?192.168.249.85?)
   (mrb...@theppjgroup.com@72.189.129.134)
  by mailhost.theppjgroup.com with ESMTPA; 22 Aug 2014 10:48:53 -
   Content-Type: multipart/alternative;
 boundary0847007466868061251==
   MIME-Version: 1.0
   Message-ID: 53f7202f.2848...@theppjgroup.com

And HERE is where you'll find how this message is coming in...
The end-user connected to you with a PC (or other client device) that 
had a LOCAL (LAN) IP address of *192.168.249.85*
 - Is this the LAN IP address range of Mr Blue? If not, someone's 
logging into your server from another LAN
The Public IP address of this client system is *72.189.129.134* (That 
is, the public IP address of the source of the SMTP connection)
 - Is this the WAN IP address of Mr Blue's office? Again, if not, 
someone's logging into your mail server with falsified credentials)
The _SMTP AUTH credential provided_ was *mrb...@theppjgroup.com* -- so 
if someone's been hacked, it's Mr. Blue himself!


The remaining headers (moving up) are the internal processing of your QMT:

   Return-Path: mrb...@theppjgroup.com
   Received: (qmail 8984 invoked by uid 89); 22 Aug 2014 10:48:53 -
   Received: by simscan 1.3.1 ppid: 8975, pid: 8980, t: 0.3711s
 scanners: attach: 1.3.1 clamav: 0.95.2/m:

Now you could argue at which point any of these lines gets added, but 
the point in reading a mail header is that you work from the bottom up!


So, while others have suggested MrBlue is being spoofed, or that this is 
back-scatter, I think the proof here is that he may have been HACKED 
(that is, if the LAN and WAN IPs don't match Mr Blue's environment, 
someone is impersonating him - so change the password, pronto!), or that 
he has a MALWARE infection (if those are his addresses). That LAN host 
-- ending in 249.85 -- likely is the system with the malware, so scan 
that system (and change the account password as well).


I hope this helps...

Dan
IT4SOHO

--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!

[qmailtoaster] 553 sorry, your envelope sender has been denied (#5.7.1)

[Dan McAllister]

OK, so this is a curious problem.

I am using a QMT as a smarthost for sending mail -- to be used when any 
of my other servers are blacklisted while I get the blacklist entries 
removed.


ONE user (and only 1 user) is getting bounces of the form:

   Hi. This is the qmail-send program at SMARTHOST FQDN.
   I'm afraid I wasn't able to deliver your message to the following addresses.
   This is a permanent error; I've given up. Sorry it didn't work out.

   u...@domain.tld:
   Delivered with authenticated connection to
   IP Address does not like recipient.
   Remote host said: 553 sorry, your envelope sender has been denied (#5.7.1)
   Giving up on IP Address.

   --- Below this line is a copy of the message.

The smarthost receives the message on port 587 (submission) with an 
authenticated user (used solely for inter-server communications) login - 
thus the authenticated connection... but the error says there is a 
problem with the envelope sender and I'm clueless how this is 
different or unique for this one user.


Unfortunately, neither set of log files seems to shed any light on this 
-- or else I'm looking in the wrong place.


Any ideas anyone?

Dan McAllister


--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!

Re: [qmailtoaster] QMail seems to have stopped reporting delivery failures.

[Dan McAllister]

On 8/21/2014 3:43 AM, Tony White wrote:

Hi folks,
  Has anyone any idea why qmt has stopped reporting delivery failures 
please?
I sent an email this afternoon and watch the log for send. The email 
delivery

attempt was made with a 451 error but nothing resulted in my mailbox.


Tony:

Error numbers in the 400's usually mean retry later
Error numbers in the 500's usually mean it's dead, Jim

Typically, there is no message generated when a 4xx return is 
encountered, as the message is simply re-queued and tried again later. 
(Unless/until the message times out).


I ran into a really nasty problem with this in an Exchange server, 
because the messages to a journalling host (think TAP) were failing due 
to SPAM control, but the errors (because it was a journalling rule) were 
always re-written to a 4xx message -- the result being the send queue 
getting EXTREMELY full!


I hope this helps.

Dan McAllister

--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Spam Question

[Dan McAllister]

Mike:

The ***SPAM*** you are seeing is actually being INSERTED by SpamAssassin 
(or, potentially SpamDyke).  It is not there upon receipt (e.g.: the 
spammer is not self-identifying the message as SPAM -- that's your SPAM 
protection working for you!)


Most clients want SPAM to be /identified/, but not necessarily _BLOCKED 
_(because of the potential for false positives). Thus, in my experience, 
most will create a rule in their mail client (Outlook, Thunderbird, 
etc) that moves messages with the string ***SPAM*** in the subject to 
a junk or spam folder for later perusal.


I hope this is helpful...

Dan McAllister
IT4SOHO


On 8/15/2014 11:46 AM, Mike Tirpak wrote:
For about two weeks now, I have been getting nailed with tons of 
spam.  I even had to drop my spamassassin score a point because so 
much was getting through just under the threshold.  I noticed that 
some of the spam was getting through with *SPAM* in the 
subject line.  I have tried to filter it out with spamassassin's 
subject filter, but asterisks are special characters and seem to be 
hard to match.


Does anyone know how to match an asterisk with spamassassin or is 
there a better way?


- Mike

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!

Re: [qmailtoaster] Logwatch Error

[Dan McAllister]

During the installation of QMail (including QMT), there should have been 
a symbolic link created for sendmail.

The command:
*ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail*
will re-create it, although I think they usually use relative links vs. 
the static link here.


Essentially, all *nix mail systems have hidden dependencies on the 
granddaddy of all mail programs: *sendmail*. In fact, if your program 
sends mail and DOESN'T have such a hidden dependency, you've done 
something wrong. :)


In the case of QMail (and postfix, and many others), the sendmail 
program is nothing more than an interpreter that takes sendmail syntax 
and makes it work in QMail (or postfix, or many others... you get the idea).


Your logwatch will be fine and happy if you execute the command above...

Dan McAllister
IT4SOHO

PS: I am curious -- I just (yesterday) did a fresh install on a VM for 
QMT -- brand new! -- and the link was properly created as:

///# *ls -l `which sendmail`*//
//lrwxrwxrwx 1 root qmail 28 Jun 21  2013 /usr/sbin/sendmail - 
../../var/qmail/bin/sendmail//


/As I said previously, the right way to do the sym-link is relative 
pathing, not absolute --





On 8/7/2014 12:21 AM, Chandran Manikandan wrote:

Hi Folks,

I have centos 6.5 64 bit server with installed qmailtoaster and it's 
run successfully. When i tried to use this command logwatch to watch 
the reports, it's show below error.


Can't exec sendmail: No such file or directory at /usr/sbin/logwatch 
line 1046, TESTFILE line 2.

Can't execute sendmail -t: No such file or directory

Could you anyone help me to rectify this issue. I tried to check above 
file in that line. It is program file. so i did not touch. Thanks in 
advance.



--
*Thanks,*
*Manikandan.C*
*System Administrator*



--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!

[qmailtoaster] Fail2Ban

[Dan McAllister]

I am curious -- has anyone looked into a fail2ban implementation for QMT

One of my larger mail servers is being attacked (from China, currently, 
but when it started in Malaysia and I blocked all malaysian IPs, they 
just moved to another IP) with essentially a brute-force password 
guessing attack on users in one of the domains.


They are using the SUBMISSION port to attempt logins, but I'd like to be 
able to ban SUBMISSION as well as IMAP/POP access (independently, or 
together) based on failed login attempts. (Ideally, same IP fail to 
login on any of those ports more than 5 times in a 5 minute period, and 
I'd like to simply tar-pit the entire IP address for 24 hours or so!)


I'm (as amazing as it sounds) not all that familiar with fail2ban, but 
I've considered it several times and just never had the time to investigate.


Assistance and experiences equally desired! :)

Dan McAllister
QMT DNS/Mirror Admin

--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: keeping Qmail SMTP in DMZ

[Dan McAllister]

It is EXCEPTIONALLY easy to setup QMail as a relay:

_*For inbound traffic relay:*_
 - First, setup a route (in */var/qmail/control/smtproutes*) that 
points your domain(s) to your hidden mail server

Read more about smtproutes on our website (yes, its still there)
  http://wiki.qmailtoaster.com/index.php/Smtproutes
An example entry might be:
/example.com:192.168.1.2/where 192.168.1.2 is the local IP address 
of the hidden mail server
 - Next, add the same domain(s) to your allowed domains (in 
*/var/qmail/control/rcpt**hosts*)

Read more about smtproutes on our website (yes, its still there)
  http://wiki.qmailtoaster.com/index.php/Rcpthosts
An example entry might be:
/example.com/
- 3rd (optional, but _/recommended/_) -- tell your hidden mail server 
to accept PORT 25 connections ONLY from the Smart(Qmail)Host.
 If your hidden mail server is QMail, you could do this in your 
firewall, or tcprules


_*For outbound traffic relay:
*_ - First, do what is necessary on your hidden mail server to send 
all mail to the smart host
   - If that is QMAIL, you will add a DEFAULT entry to your *smtproutes 
*file (see above)

 An example entry might be:
/:192.168.1.3/where 192.168.1.3 is the local IP address of the 
Smart(Qmail) server
 - Then, configure your Smart(Qmail) server to do whatever level of 
scanning of INBOUND mail you want (usually little to none)

This is usually done with an entry in tcprules, for example:
/192.168.1.2:allow,RELAYCLIENT=,SENDER_NOCHECK=1 /

_*Finally:
*_ Configure your Smart(Qmail) server to do whatever SPAM and/or 
AntiVirus scanning you want... and that's it!
_*That's a grand total of 2 to 3 files to edit*_ (except for 
customizations on the scanning itself)


FWIW: I setup QMT as a smarthost on MOST of my clients who have Exchange 
-- cuts the processing load on the Exchange by usually 50-75%, as the 
QMT handles the dumb SPAM much more quickly and efficiently.


I hope this helps!

Dan McAllister




On 8/1/2014 2:03 AM, Sebastian Grewe wrote:
I don't think you need qmail for that. If it's a simple relay that you 
want to run Id probably go for Exim4 or Postfix. They can do this 
simple work easily and there is probably a lot of documentation 
available how to set it up.


For added security you should consider using firewall rules to only 
allow that amazon instance access to it.


Cheers,
Sebastian

On 01.08.2014, at 07:59, Aneesh Hariyappan aneeshk...@gmail.com 
mailto:aneeshk...@gmail.com wrote:



hi seb / eric
we are on the same page... thanks for your answers .. Is it possible 
to setup the mail relay agent in DMZ ? I dont know the full 
capabilities of Qmail . Does QMail have a relay agent ? if so give me 
some help to set it up


cheers!!



On Fri, Aug 1, 2014 at 12:59 AM, Eric Shubert e...@shubes.net 
mailto:e...@shubes.net wrote:


So I guess the answer to his original question is yes. :)

It depends on the circumstances (requirements and constraints) as
to how best to achieve the result.

Thanks Sebastian. I presume Aneesh will reply with any further
questions he might have.

-- 
-Eric 'shubes'



On 07/31/2014 11:20 AM, Sebastian Grewe wrote:

I think they don't wanna take any risk and loop it through an
internal connection. No outside one at all.

Under that aspect I see a relay being useful. It can deal
with nasty stuff instead of the important machine on the LAN.

Could be a security requirement in the company, maybe PCI
compliance ;-)

Cheers,
Sebastian

On 31.07.2014, at 20:08, Eric Shubert e...@shubes.net
mailto:e...@shubes.net wrote:

On 07/31/2014 10:30 AM, Sebastian Grewe wrote:
I think the mail server is not connected to the
internet and does not handle public domain emails.
It only handled email tragic internally. So the cloud
app needs a way in and the idea is to use a simple
public mta that accepts the mail as-is and passes it
on to the internal server which delivers to the user(s).

I think a simple mail relay will do the trick
allowing traffic from that one IP.

Cheers,
Sebastian


I see. I believe you're correct.

Why bother with the relay though? The intranet mail host
could be configured to accept external email only from
the cloud host, as well as intranet connections. Simply
modify the tcp.smtp file accordingly. No?

--
-Eric 'shubes'



-
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail

Re: [qmailtoaster] Re: Prevent sender from spoofing email address

[Dan McAllister]

On 7/27/2014 1:58 AM, Eric Shubert wrote:

On 07/26/2014 09:03 PM, Hasan Akgöz wrote:

I have both postfix and qmail mail servers. smtpd_sender_login_maps (
for postfix) The controlled_envelope_senders table specifies the binding
between a sender envelope address and the SASL login names that own that
address. You can use regex ( pcre ) or mysql tables etc..  for it. in
the meantime Why not suitable for QMT.?


I believe that this is what I described as being practical (without 
knowing of this capability in postfix). It's not suitable for QMT 
largely because it would involve a fairly major change to vpopmail and 
qmail, which is something we simply don't have resources to do. 
Perhaps suitable wasn't the best term to use.


That being said, I think we should add this to the reasons for 
switching to postfix at some point in the future for use as a 
submission server, if not all roles which use smtp (also mx and 
sending, which use smtp).


Another reason for using postfix is that it can be configured to 
throttle outbound messages. This is something that could be patched 
into qmail-remote (as we've discussed and I've even written a spec 
for), but at this point I feel that whatever time is spent doing this 
might be better spent converting to postfix.


Anyone care to share their thoughts about this?

Thanks.

If we switch everything over to postfix, shouldn't we rename the project 
postfix-toaster?


grin

Dan



--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Qmail's handling of same account in both TO: and CC: headers

[Dan McAllister]

Diana:

I have some opinions on this matter that may or may not care to read:

1) Computers are designed to do what we ask them to. When programmers 
and administrators start to get TOO SMART, and second-guess the users, 
problems often arise. When you provide to QMail a message envelope with 
3 recipients, it's going to deliver 3 copies -- regardless of who they 
are addressed to. GMail is consolidating duplicate recipients to reduce 
their storage requirements -- and because they get TONS of SPAM 
addressed in odd ways trying to defeat their security measures. And if 
you think Exchange is so good, try using in-line attachments these days 
(the message will arrive, the attachment dutifully removed because MS 
unilaterally decided in-line attachments cause problems and they won't 
allow them anymore).


2) If the end-users of your business are flummoxed by duplicate e-mail 
messages, you should seriously consider taking away their computers and 
access to email at all. Really? They can deal with the 300 SPAM messages 
in their Junk folders just fine, but might be confused by this 
announcement message appearing more than once.


3) I have one word for your programmer: *UNIQ*
Send the contents of his mail message through *UNIQ *(which will 
combine any 2 or more contiguous lines that are exactly alike into just 
1 line)
The only real drawback would be that triple-spacing (2 blank lines) 
will become double-spacing (1 blank line), etc... but the duplicate 
receipts should be gone!
*UNIQ *is BASIC *nix -- a typical example (in a class) being given this 
list of vegetables in bags on this truck, how many different vegetables 
are there? -- and the answer is a simple sort piped into a uniq (/sort 
file | uniq/) which is then piped into a counting program (usually, wc 
-- to the final command is: /sort file | uniq | wc -l/ )


Just my thoughts...

Dan
IT4SOHO

(Am I being cranky today??)

On 7/24/2014 10:12 AM, Diana Calder wrote:

Wednesday, July 23, 2014, 3:45:47 PM, Angus wrote:


If memory serves correctly, MTAs like qmail do not read the 'To' and 'Cc'
headers at all. The 'To' and 'Cc' fields are written by the MUA (i.e. the
email client) and constitute part of the message text delivered to the
server by the DATA command. The server doesn't look inside that text at
all. The thing that tells it where to deliver the message is an RCPT
command which is sent as part of the SMTP session.

snip

Thank you for that very clear explanation of what's going on behind
the scenes! I hadn't really considered the fact that the mail server
doesn't actually look at the To: and Cc: headers directly. They're all
just RCPT TO: as far as Qmail is concerned.


The first question that comes to my mind is why he's adding the same email
to both 'To' and 'Cc'. That just seems sloppy to me.
Leaving that aside -- maybe he has a reason

I have yet to be offered an actual reason for the behaviour. I'm
thinking laziness. Or, as you suggested, a lack of knowledge.


-- I did a manual telnet session to both a qmail server and to Gmail
to see how they'd handle the case where successive RCPT commands
name the same recipient.
Qmail didn't blink when I told it to deliver to the same recipient three
times, and did indeed deliver three messages. Gmail, on the other hand,
said:
250 2.1.5 OK, duplicate recipients will be consolidated
I haven't found any RFC's at all that specify that this is a required or
even optional behavior. Implementing it does not seem to violate the RFCs
(so long as the server sends a 250 response), but not implementing it
doesn't seem to violate any either.

I couldn't seem to find anything either but I'll freely admit to not
being as familiar with the RFCs as I probably should be.

That's the hazard of being a one-person IT department - when you have
to swap out malfunctioning photocopier coin boxes, troubleshoot
misbehaving receipt printers, maintain Win7 workstations, etc., etc.,
in addition to looking after all of the in-house Windows  Linux
servers, both real  virtual, you tend to know a little bit about a
lot of things but not nearly as much about any one thing as you'd
like and sometimes need. Thank goodness for mailing lists and Google.


I think he's correct that Gmail et all are smart enough to consolidate
duplicate addresses, but that this is not a required behavior and Qmail is
perfectly compliant.

Well, at least Qmail isn't at fault in the sense of not complying
with any RFCs.

I'm of mixed feelings whether I agree with Gmail et al in deciding
to consolidate duplicate recipients. Part of me thinks that it's a
mail server's job to deliver exactly what it's instructed to deliver,
as Qmail currently does, not to second-guess the sender and make its
own decision regarding what to deliver. The rest of me thinks that it
makes sense to consolidate duplicates because mistakes happen and,
after all, who really needs 4 copies of the same message?

I do, however, feel quite strongly that the sending 

Re: [qmailtoaster] One user account can't login to Squirrelmail

[Dan McAllister]

Diana:

Have you looked into the IMAP log file? (should be accessible with a 
qmlog command: *qmlog imap4* -- or if using ssl: *qmlog imap4-ssl*)


I'm guessing the IMAP server is crashing for some reason -- hoping the 
log file will say what.


Dan
IT4SOHO

On 7/23/2014 3:12 PM, Diana Calder wrote:

Wednesday, July 23, 2014, 2:53:08 PM, Kelly wrote:


Is the disable web access box checked if you look at the account in
vqadmin?

No, it isn't. I tried checking it, modifying the account, then
unchecking and modifying the account again, just to make sure. No
change.


On 07/23/2014 13:57, Diana Calder wrote:

I have an odd problem with one user account. When trying to login to
Squirrelmail, the login will hang for several seconds then result in:

ERROR:
ERROR: Connection dropped by IMAP server.
Query: LOGOUT








--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!

Re: [qmailtoaster] Prevent sender from spoofing email address

[Dan McAllister]

On 7/17/2014 7:32 PM, Hasan Akgöz wrote:

Hi Guys;

allows SMTP authenticated users to put a fake email address in an 
email's sender field and the email is sent successfully .How to 
enforce sender/from address to be “logged_u...@test.com 
mailto:logged_u...@test.com” in Qmailtoaster ?


Hasan:

I have brought this up before, and there are certain situations where 
you NEED for a single auth'd user to be able to send mail as anyone. 
Specifically, when you're using QMT as a filter or smart-host.


So the short answer to your query is that it cannot be done. Once you 
are authenticated to the qmail-smtp program, it will take any email from 
you -- including email that is spoofed...


Dan McAllister

PS: I am with you if you believe there should be a way to configure that 
-- but that is not an option that I am aware of currently.


--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!

Re: [qmailtoaster] Numerous copies of emails

[Dan McAllister]

On 7/18/2014 12:46 AM, Bharath Chari wrote:
The same thing happened to me, but it seems to have resolved itself. 
Again, only from the list.


Bharath
On 07/18/2014 12:58 AM, Cecil Yother, Jr. wrote:

Same is happening to me.
On 07/17/2014 12:41 PM, Finn Buhelt wrote:

Hi List (Eric).

Have any of You any idea why I sometimes is getting numerous copies of
some of the emails from the qmailtoaster-list ?

In my experience, this happens most often when there is a delivery 
problem -- often a message is rejected but still delivered. (One of 
the most egregious and common of these are the DKIM signature failures 
that send bounce-like messages back to the user... yet the message is 
actually delivered.)


I'm not sure who manages the list server these days, but the send log 
file there should be checked. My guess is that 400 (or even 500) type 
error messages are resulting in a re-send even though the first came 
through just fine.


Just my thoughts

Dan

--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!

[qmailtoaster] Question about lists (other than ezmlm)

[Dan McAllister]

Ok, I know STOCK QMT comes with mlm -- but I also recall others talking 
about other list management tools for QMT


I have a client that wants to use a mail list (tens of thousands of 
entries, he says -- I've warned him of the blacklist risk!)


What are our other alternatives?

Thanks,

Dan

--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] Log issues

[Dan McAllister]

OK, so I'm probably going to need to be re-schooled on qmail queues 
again, but here's my problem:
 -- my send log (/var/log/qmail/send/current) is filling up with queue 
errors, like:


   @400053c7d1fc328dcf84 warning: trouble opening remote/5/411567;
   will try again later
   @400053c7d1fc328deadc warning: trouble opening remote/19/418274;
   will try again later
   @400053c7d1fc328e024c warning: trouble opening remote/16/410796;
   will try again later
   @400053c7d1fc328e1da4 warning: trouble opening remote/11/411412;
   will try again later

There are far more lines than this, but my log file is so full of them 
I'm considering filtering them :)


qmailctl queue says there is nothing in any queue
qfixq says there are no issues with my queues (they're empty at 11PM -- 
shockingly?)


Any ideas?

Dan McAllister

--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!

[qmailtoaster] Queue problem update -- and TLS issue

[Dan McAllister]

Thanks to Eric for pointing me in the right direction -- upon CLOSE 
inspection, the remote queue itself was owned (properly) by qmails, but 
the queue FOLDERS within were owned by qmailq -- no idea how that came 
to pass, but it has been repaired and my mysterious queue errors appear 
to be gone.


On a separate note, one of my older QMT systems has suddenly stopped 
being able to send mail to *me.com* (Apple)... the error says its a TLS 
failure.


   TLS connect failed: error:100AE081:elliptic curve
   routines:EC_GROUP_new_by_curve_name:unknown groupZConnected to
   17.172.34.70 but connection died. error:100AE081:elliptic curve
   routines:EC_GROUP_new_by_curve_name:unknown group (#4.4.2)


This is a new one for me... curious if anyone else is having issues with 
me.com?


Dan

--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!

Re: [qmailtoaster] Queue problem update -- and TLS issue

[Dan McAllister]

On 7/17/2014 6:30 PM, Angus McIntyre wrote:

Dan McAllister wrote:

On a separate note, one of my older QMT systems has suddenly stopped
being able to send mail to *me.com* (Apple)... the error says its a TLS
failure.

 TLS connect failed: error:100AE081:elliptic curve
 routines:EC_GROUP_new_by_curve_name:unknown groupZConnected to
 17.172.34.70 but connection died. error:100AE081:elliptic curve
 routines:EC_GROUP_new_by_curve_name:unknown group (#4.4.2)

This is a new one for me... curious if anyone else is having issues with
me.com?

Yes, I ran into this just recently. See:

http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg37904.html

for my fumblings, I mean, findings.

Angus


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


Thanks Angus, I'll give it a whirl

Dan

--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Roundcube Survey

[Dan McAllister]

On 5/27/2014 10:28 PM, Eric Shubert wrote:
For those using Roundcube, please be so gracious as to answer a couple 
questions.


Do you use it with nginx? (I expect mostly no answers)

If not, have you used nginx for anything else?

Thank you for your participation. I'm contemplating adding Roundcube 
to the 'stock' QMT. It's been long overdue.



No, I don't use RC with nginx (don't use nginx for anything else either).

Lastly, I think RC would be an excellent addition to QMT -- I run it in 
tandem with SquirrelMail on all of my servers.


Dan McAllister
QMT DNS/Mirror Admin

--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: to catch all or no

[Dan McAllister]

 be 
reasonably certain I'm talking to the real server, as we're expecting to 
trade TCP messages back and forth
 - a bounce is a new message sent back to the person purporting to be 
the sender. I have NO FAITH in the sender's self-reported address, so I 
refuse to use it in ANY automated fashion - including, and especially, 
bounce messages.


===
These are just my thoughts -- but after being an ESP (Email Service 
Provider) for more than 15 years now, I'm pretty strong in my opinions! 
Not that they haven't changed... they have! I used to have a single 
catchall account for ALL of my domains, and I used to have a paid 
staffer whose job was to cull through those emails to see if any could 
be forwarded to their legitimate recipients. What a naive little nave I 
was back then! :^)


I don't represent that I'm right  you're wrong -- I am only 
describing what I do, and attempting to explain why... I'm a firm 
believer in the free market (of ideas AND of money), and firmly believe 
that the Internet would have FAILED if people hadn't bent, poked, 
prodded, and occasionally broken things over the years in the name of 
improvements!


Dan McAllister
IT4SOHO

Anyone else remember ROT13 as a way to encode NSFW content?
Abj vf gur orfg gvzr! :)

On 5/19/2014 5:05 PM, Tonix - Antonio Nati wrote:
Strange, I have an opposite opinion on the most of catch-all and 
delete usage I'm reading here in this thread.


Personally, and as provider of email business, I consider catch-all 
account useful only when you have a new domain, and customer does not 
know which mailboxes were running. So you set up a catchall account 
and start creating all necessary accounts, and stop catch-all when the 
most of accounts are created.


About deleting all email for not existing users, I consider it a bad 
service to customers, as they have legitimate raports with business 
partners, and if someone writes to the wrong address it is correct and 
ethical to report them back that address is wrong, so they can use 
another way to contact the recipient, instead of waiting for never 
coming reply messages.
More, the abuse of deletion and missing respect for RFC forces users 
to ask always for delivery and read receipt, incrementing the volume 
of useless emails.


About signing headers with authenticating sender address, is a must 
because it makes senders responsable for what they are sending, and 
the most of our business customers wants their domain to be used only 
for legitimate emails,


Of course other opinions may be based on different needs, but I think 
respect of RFC should always be at first place, otherwise people will 
look soon for other stable and reliable message delivery methods.


Something I think often about: as email providers, we should look like 
real postmen: we cannot read (intentionally I mean), lose, damage 
others emails. Virus and SPAM must be fought, and apart real viruses 
and real spam all the remaining MUST be delivered. Any not valid 
damage or loss could be legally pursued.



Regards,

Tonino


Il 19/05/2014 21:10, Eric Shubert ha scritto:

On 05/19/2014 08:06 AM, Jim Shupert wrote:

How might one do - have a DELETE rule for badly addressed messages. I
just drop them and forget about it?

is it as easy as:  Set catchall email deletedfrom admin
in truth ... i thought you HAD to have a catch all account -- yes - i
would rather not.

thanks


Personally, I use a catchall account for my domain, and I don't get 
very much spam there at all. I do a few use a few tools for 
mitigating this.


1) the badmailto file can specify addresses with a regex. So for 
example, if your domain accounts don't contain numbers or whatever 
special characters, or your accounts always follow a certain pattern, 
you can write badmailto rules to reject these attempts. I used to get 
a lot of spam with numbers in the account name, and eliminated them 
witha few badmailto rules. This file can also be used to reject 
messages to defunct accounts.


2) use spamdyke to blacklist local domains. This seems counter 
intuitive, but so long as legit users always authenticate and only 
send email via your server, this works nicely.


That being said, I can see where some domains would want to simply 
delete these messages. While deleting messages goes against the RFCs, 
doing so certainly appears to be a best practice. Some rules, while 
well intended, have unintended consequences. I think this is one such 
rule.



also that strategy of :  giving each user a separate mailbox name and
e-mail address 
yes , that is interesting -- I can see how that would work
unfortunately in my current situation folks already have the
configuration  that we have.
but maybe for a new bunch of folks a new domain


This is a most excellent method of managing user accounts. I've 
considered doing this, but haven't actually implemented it yet. Along 
these lines, I've also considered modifying the header record qmail 
adds so that the authentication account isn't listed

Re: [qmailtoaster] to catch all or no

[Dan McAllister]

Jim,

Exactly why do you want/need a catchall account at all?   Albeit, while 
that is far better than having a REJECT rule for badly addressed 
messages, it also creates an ongoing headache of someone having to scan 
through tons of messages that you KNOW are most likely SPAM.


First, some background -- you can do 3 things with badly addressed mail 
messages in QMail:

 - reject them
 - send them to a catchall account
 - delete them

Personally, all of my servers have a DELETE rule for badly addressed 
messages. I just drop them and forget about it.


First, most new admins want to use a REJECT option -- tell users they 
got a bad email address. This is the WORST option, however! Because of 
address phishing, you will get many times more SPAM than otherwise if 
you send REJECT messages. Why?  Spammers will send 100,000 messages to 
your server addressed to a...@domain.com, a...@domain.com a...@domain.com... 
and so forth (usually, it is actually a dictionary/name attack more than 
a brute-force attack, but you get the idea). Their goal is to send you 
100,000 emails and get only 99,998 bounce messages -- and voila! They 
have 2 good email addresses they can add to their list of proven good 
addresses that they sell to other spammers.


Just having a domain that is searchable that way will increase your 
SPAM attacks many-fold! So accept EVERYTHING (they'll stop phishing when 
they realize you NEVER reject a message due to a bad address!)


That leaves 2 options:
 - keep the bad messages, or
 - just silently delete them

In my book, I delete them. If you WANT to read through hundreds (or 
thousands) of messages that are nearly always SPAM, that's your 
business... but there are other ways to determine that a badly addressed 
message was attempted -- like that the recipient never got it!


===

One last tidbit for security: A lot of us are essentially lazy when it 
comes to accounts for email. Consider this: if your email address is 
your login ID, then a hacker only needs to know your password to break 
in! Consider instead, giving each user a separate mailbox name and 
e-mail address:
  a...@gunsnroses.com is just the email address... it actually is an 
alias (forward in QMT) for the mailbox axyl...@gunsnroses.com. Axyl 
needs to know the mailbox name when he sets up his mail clients (or uses 
webmail), but other than that, everyone uses axyl@ as the email address. 
When an attacker wants to break into the mail server for 
gunsnroses.com, they can use the name a...@gunsnroses.com until the cows 
come back from the moon -- but it'll never work, because that isn't a 
valid account.


FWIW: for my corporate accounts, I create a mailbox name (I won't 
disclose the formula), and then forwards for the actual user in the form 
of: fi...@domain.com, fl...@domain.com, f.l...@domain.com, 
firstl...@domain.com,  first.l...@domain.com (although first@ is 
sometimes omitted)... then the user can tell their 
friends/coworkers/associates any of the aliases that they prefer... and 
while all work, none are the login name for the user (nor the mailbox name).


Just food for thought.

Dan McAllister


On 5/19/2014 9:15 AM, Jim Shupert wrote:

Friends,

1st let me say that i have asked this forum for advice on my battele 
with spam and I can say that I am enjoying success from the wisdom.

thank you.

a related matter.

I [ the postmaster ] personnally get a lot of spam because I am the 
ctach all account.
this means I get spam for ' people who do not exist - this is 2 
catagories.
1- accounts that did exist in the past but no longer. ie billiebob 
left - so no billie...@mydom.com anymore

2- accounts that have never existed . ie unic...@mydom.com

as you might suspect these are largely spam.

My q - what is a suggested means of doing this?
my thoughts are
1. a account is made named d...@mydom.com as catch all and assign it a 
quota of 5 MB

2 make s...@mydom.com the catch all.
or
3. no change - meaning leave it so it goes to my mailbox as catch all.

thanks



--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!

Re: [qmailtoaster] Quick Question - IMAP (Courier)

[Dan McAllister]

Thanks Abel -- adding the -c option in the command line worked like a 
charm :)


Now I'm regularly seeing my IMAP status as 40/200 45/200 etc. And my 
clients are happy in that they aren't seeing spotty IMAP performance any 
more!


Dan



On 5/14/2014 11:48 AM, a...@globalgate.com.ar wrote:

Hello Dan,

I tried this  in /var/qmail/supervise/imap4/run script:

...
/usr/bin/tcpserver -v -R -H -l  $HOSTNAME -c 80 0 143 \


# svc -t /var/qmail/supervise/imap4

and thereafter:

# tail -f /var/log/qmail/imap4/current

@400053738ede19e18aac tcpserver: status: 0/80
@400053738edf1e2041e4 tcpserver: status: 0/80
@400053738f1b02ca8fbc tcpserver: status: 1/80

It seems to work, independently of
/var/qmail/supervise/imap4/env/MAXDAEMONS

Maybe it helps

regards


--

Abel Lucano 

GlobalGate
Ingeniería
http://www.globalgate.com.ar
Viamonte 723 5to of 22
Tel (Buenos Aires):  (011) 5218 4242/44 FAX:  (011) 5218 4245
Tel (Córdoba):   (0351) 571 0351
Tel (Corrientes):(0379) 464 0042

Intl: Tel: +54 11 5218 4242
  Fax: +54 11 5218 4245

On Wed, 14 May 2014, Dan McAllister wrote:


Date: Wed, 14 May 2014 10:40:20 -0400
From: Dan McAllister q...@it4soho.com
Reply-To: qmailtoaster-list@qmailtoaster.com
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Quick Question - IMAP (Courier)

Kelly:

I found that value as well (perhaps I should have explained what I 
had done already tried)... but even after upping that value to 80, I 
still see log entries saying tcpserver is limiting the number to 40. 
(The value at /var/qmail/supervise/imap4/env/MAXDAEMONS (which is 
built in the /var/qmail/supervise/imap4/run script) is properly set 
to 80 -- but the tcpserver entry line in the 
/var/log/qmail/imap4/current continues to say the max is 40.


*Thanks for any other advise -- this is impacting my customers!

*Dan



On 5/13/2014 5:27 PM, Kelly Cobean wrote:

/etc/courier/imapd has this default value



##NAME: MAXDAEMONS:0
#
#  Maximum number of IMAP servers started
#

MAXDAEMONS=40

##NAME: MAXPERIP:0
#
#  Maximum number of connections to accept from the same IP address

MAXPERIP=4







On 05/13/2014 16:52, Dan McAllister wrote:

Greetings all

Exactly where is it that we set the 40 connection limit for courier 
IMAP?


I've got an older server that runs over 250 domains and for some
reason the TCPserver log is saying we're using 40 out of 40
connections. (I need this to be more like 200!)

Thanks

Dan McAllister

--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com





--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
 877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!




-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Quick Question - IMAP (Courier)

[Dan McAllister]

Kelly:

I found that value as well (perhaps I should have explained what I had 
done already tried)... but even after upping that value to 80, I still 
see log entries saying tcpserver is limiting the number to 40. (The 
value at /var/qmail/supervise/imap4/env/MAXDAEMONS (which is built in 
the /var/qmail/supervise/imap4/run script) is properly set to 80 -- but 
the tcpserver entry line in the /var/log/qmail/imap4/current continues 
to say the max is 40.


*Thanks for any other advise -- this is impacting my customers!

*Dan



On 5/13/2014 5:27 PM, Kelly Cobean wrote:

/etc/courier/imapd has this default value



##NAME: MAXDAEMONS:0
#
#  Maximum number of IMAP servers started
#

MAXDAEMONS=40

##NAME: MAXPERIP:0
#
#  Maximum number of connections to accept from the same IP address

MAXPERIP=4







On 05/13/2014 16:52, Dan McAllister wrote:

Greetings all

Exactly where is it that we set the 40 connection limit for courier 
IMAP?


I've got an older server that runs over 250 domains and for some
reason the TCPserver log is saying we're using 40 out of 40
connections. (I need this to be more like 200!)

Thanks

Dan McAllister

--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!

[qmailtoaster] Quick Question - IMAP (Courier)

[Dan McAllister]

Greetings all

Exactly where is it that we set the 40 connection limit for courier IMAP?

I've got an older server that runs over 250 domains and for some reason 
the TCPserver log is saying we're using 40 out of 40 connections. (I 
need this to be more like 200!)


Thanks

Dan McAllister

--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] building another one to replace my old one

[Dan McAllister]

Ok, a few points to update my official opinions :  wink

 a) the QMT project now has ISOs available with a COS6 32-bit build and 
QMT already installed (I think -- if not a full ISO, then a KVM ISO :))
 b) COS 6 is the _/LAST /_RHEL-based product that will support 32-bit 
builds (long rumored, now confirmed): RHEL7rc is out, and it is 64-bit 
only (kernel-wise, anyway -- there are some 32-bit libraries for 
compatibility)
 b1) Personally, I think that is a mistake (the 64-bit only 
decision), as I am in agreement with Eric Shubert that 32-bit KVM 
clients are smaller  faster
 b2) I lost the election for King and Emperor of all Linux, so my 
opinion doesn't matter that much :) RHEL and COS will go on without me :(
 c) One final correction: the latest COS5 is either 10 or 11 (I saw a 
5.10 ISO on a mirror, but have been told in another forum that there is 
a 5.11). Regardless, the preferred CentOS 5 build is the latest - I 
see no value in building off of 5.8 (or 5.9 for that matter).


So, all of that said, I will weigh in here and say that I recommend 
Eric's CentOS 6 build for new systems. 32 or 64 bit, there are new 
features and new supported add-ons that I think are worth it.


I just re-built one of my backup mail servers, and ran Eric's install 
scripts flawlessly.


THANKS FOR ALL THE GREAT WORK, ERIC!

Dan McAllister
QMT DNS/Mirror Admin
(and official pain-in-the-project-part)

On 5/8/2014 1:03 PM, Jim Shupert wrote:

Friends,
I have happily been running Qmaltoaster for years .
I wish to build a new one - new hardware current os etc etc

I see on the website a suggestion for centos 5.8
http://wiki.qmailtoaster.com/index.php/Main_Page#Installation
CentOS 5, i386  x86_64

but I have seen ( i think ) talk on mailing list centos 6

so what distro is suggested?
and should i follow 
http://wiki.qmailtoaster.com/index.php/CentOS_5_QmailToaster_Install



also I think my hardware is going to be 32 bit  -- i seem to recall 
Dan McA saying  if 32 bit then stick with centos 5.6 


could I go with 32 bit hardware and centos 5.8 ?

also also
I very much wish to be able to do a 'better' job of controlling spam 
that i do currently

I want spamassassin ( i have that currently ) but also spamdyke  fail2ban
and any other magic wand  or practices that will allow me to stop / 
reduce that darn spam.


thanks

js



--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!