Re: [qmailtoaster] BIMI support

[Jaime Lerner]

I looked at it, the cert fee is outrageous so that stopped me from looking 
further. :)

> On Feb 13, 2024, at 8:13 PM, Remo Mattei  wrote:
> 
> Hello guys,
> 
> Has anyone setup BIMI on the qmail server? Any valuable info?
> 
> Thanks,
> Remo
> 
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
> 


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Renaming an email address

[Jaime Lerner]

Thank you so much! :)

 

From: Eric Broch 
Reply-To: 
Date: Saturday, October 28, 2023 at 1:57 PM
To: 
Subject: Re: [qmailtoaster] Renaming an email address

 

Something like this

 

cp -Rp /home/vpopmail/domains/domain/joe/* 

/home/vpopmail/domains/domain/joseph

 

On 10/28/2023 11:30 AM, Jaime Lerner wrote:

Thank you!

 

 

 

So, which directories do I need to copy into the new user (just to make sure I 
copy everything I need)

 

 

 

:)

 

 

 

From: Eric Broch 

Reply-To: 

Date: Friday, October 27, 2023 at 7:26 PM

To: 

Subject: Re: [qmailtoaster] Renaming an email address

 

 

 

Additionally you could remove joe (After copying joe email to joseph) and make 
joe an alias for joseph.

 

On 10/27/2023 10:54 AM, Remo Mattei wrote:

 

Well you can create a new user and cp -R the mails into the new user :) done.

 

 

 

Remove the old user.

 

 

 

Remo

 

 

 

On Oct 27, 2023, at 09:20, Jaime Lerner  wrote:

 

 

 

I don’t know if this is a silly question or not, but I have never done it

 

-

To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

 

 

Re: [qmailtoaster] Renaming an email address

[Jaime Lerner]

Thank you!

 

So, which directories do I need to copy into the new user (just to make sure I 
copy everything I need)

 

:)

 

From: Eric Broch 
Reply-To: 
Date: Friday, October 27, 2023 at 7:26 PM
To: 
Subject: Re: [qmailtoaster] Renaming an email address

 

Additionally you could remove joe (After copying joe email to joseph) and make 
joe an alias for joseph.

On 10/27/2023 10:54 AM, Remo Mattei wrote:

Well you can create a new user and cp -R the mails into the new user :) done.  

 

Remove the old user. 

 

Remo 



On Oct 27, 2023, at 09:20, Jaime Lerner  wrote:

 

I don’t know if this is a silly question or not, but I have never done it.

 

Is it possible to rename an email account and still retain all the messages in 
it?

 

For example, you have j...@example.com and you want to rename it to 
jos...@example.com but retain all the messages associated with the joe email 
address. I know I can rename a user via command line, but I’m guessing it won’t 
update everything for qmail/dovecot etc.

 

Thanks!

 

[qmailtoaster] Renaming an email address

[Jaime Lerner]

I don’t know if this is a silly question or not, but I have never done it.

 

Is it possible to rename an email account and still retain all the messages in 
it?

 

For example, you have j...@example.com and you want to rename it to 
jos...@example.com but retain all the messages associated with the joe email 
address. I know I can rename a user via command line, but I’m guessing it won’t 
update everything for qmail/dovecot etc.

 

Thanks!

Re: [qmailtoaster] Weird mailer-daemon message when I never sent an email there

[Jaime Lerner]

I did check the .qmail files for the domain and user. There are only a few, and 
nothing forwards to that email address. I also checked everything in 
/var/qmail/alias. The alias in question is in the mysql DB and NOT a .qmail 
file.

 

I don’t understand how I could get a bounce message when the message was never 
sent to that email address (according to all the logfiles)

 

?

 

From: Eric Broch 
Reply-To: 
Date: Wednesday, July 19, 2023 at 5:31 PM
To: 
Subject: Re: [qmailtoaster] Weird mailer-daemon message when I never sent an 
email there

 

I hate IT mysteries, but to often they plague our existences.

The first thing I would check is any .qmail* file.

vdeliver delivers email to your inbox and dovecot can as well if set up..

what is in your .qmail* files for domain and user?

Is the alias in the mysql/maria DB?

 

On 7/19/2023 2:54 PM, Jaime Lerner wrote:

So this has happened a few times ... but it’s a rare thing and seems to only 
happen when I send an email to myself.

 

I will get a mailer-daemon message immediately following delivery of the 
message I sent to myself. The bounce is for some email address I never sent the 
email to (but the email message is attached to the mailer-daemon message, so it 
was apparently the one I just sent to myself). I don’t even know the email 
address at all, and when I do a search in the logs in the /send, /smtp and 
maillog file, the email address is not there anywhere. When I look at the 
current log file in the /send directory, it shows I only sent a message to 
myself and shows delivery to myself then shows the bounce message was initiated 
and sent to me.

 

What is causing this to happen? The email address I am sending to is an alias 
created and stored in vpopmail (not a .qmail alias I set up manually) and only 
forwards to my mail mailbox. Is this because of a corrupted database somehow? 
Once again, the email address that I get the bounce from isn’t ANYWHERE in any 
of my logs so it’s not like it was a recent attempt for an smtp connection or 
something.

 

Would appreciate any insight to this as I certainly don’t want any of my emails 
just going out to random email addresses. (Though, once again, the logs show 
nothing was actually sent out even though I got a mailer-daemon message from my 
server that the message was undeliverable).

 

 

[qmailtoaster] Weird mailer-daemon message when I never sent an email there

[Jaime Lerner]

So this has happened a few times ... but it’s a rare thing and seems to only 
happen when I send an email to myself.

 

I will get a mailer-daemon message immediately following delivery of the 
message I sent to myself. The bounce is for some email address I never sent the 
email to (but the email message is attached to the mailer-daemon message, so it 
was apparently the one I just sent to myself). I don’t even know the email 
address at all, and when I do a search in the logs in the /send, /smtp and 
maillog file, the email address is not there anywhere. When I look at the 
current log file in the /send directory, it shows I only sent a message to 
myself and shows delivery to myself then shows the bounce message was initiated 
and sent to me.

 

What is causing this to happen? The email address I am sending to is an alias 
created and stored in vpopmail (not a .qmail alias I set up manually) and only 
forwards to my mail mailbox. Is this because of a corrupted database somehow? 
Once again, the email address that I get the bounce from isn’t ANYWHERE in any 
of my logs so it’s not like it was a recent attempt for an smtp connection or 
something.

 

Would appreciate any insight to this as I certainly don’t want any of my emails 
just going out to random email addresses. (Though, once again, the logs show 
nothing was actually sent out even though I got a mailer-daemon message from my 
server that the message was undeliverable).

 

 

Re: [qmailtoaster] spamhaus issue

[Jaime Lerner]

Sorry, I thought you had asked to be delisted and you were still getting that 
response. I assume you went here to look: https://check.spamhaus.org/


    

        

I didn’t see your IP listed there, either. The receiving server must have 
something set up incorrectly?

 

From: Remo Mattei 
Reply-To: 
Date: Thursday, May 11, 2023 at 2:11 PM
To: 
Subject: Re: [qmailtoaster] spamhaus issue

 

Well but in every search I do not find my ip or name listed so hard to find out 
how to get delisted.  

 

--
Sent from iPhone 

 

On giovedì, mag 11, 2023 at 10:42, Jaime Lerner  
wrote:

If you ask to be delisted it will show up right away in Spamhaus.org, but can 
take a while to be updated with whomever you are trying to send to.

 

I was recently listed (as part of a netblock) which effectively blocked me from 
ALL Google IPs (yikes!) and requested to be delisted. For Google to allow 
emails again, it only took a few hours after delisting, but I had read it can 
take up to 2 days for it to be updated in wherever is blocking you.

 

From: Remo Mattei 
Reply-To: 
Date: Thursday, May 11, 2023 at 12:32 AM
To: qmailtoaster-list 
Subject: [qmailtoaster] spamhaus issue

 

Error! Filename not specified.

Hello guys, I checked their website and my server is not listed, niether my IP 
but if I enable zen.spamhaus.org I get the following message 

 

Hi. This is the qmail-send program at smtp.mail.me. 
I'm afraid I wasn't able to deliver your message to the following addresses. 
This is a permanent error; I've given up. Sorry it didn't work out. 

: 
221.xxx does not like recipient. 
Remote host said: 554 Refused. Your IP address is listed in the RBL at 
zen.spamhaus.org 
Giving up on myipaddress. 

--- Below this line is a copy of the message. 

 

 

—
Ciao, 

Remo

Re: [qmailtoaster] spamhaus issue

[Jaime Lerner]

If you ask to be delisted it will show up right away in Spamhaus.org, but can 
take a while to be updated with whomever you are trying to send to.

 

I was recently listed (as part of a netblock) which effectively blocked me from 
ALL Google IPs (yikes!) and requested to be delisted. For Google to allow 
emails again, it only took a few hours after delisting, but I had read it can 
take up to 2 days for it to be updated in wherever is blocking you.

 

From: Remo Mattei 
Reply-To: 
Date: Thursday, May 11, 2023 at 12:32 AM
To: qmailtoaster-list 
Subject: [qmailtoaster] spamhaus issue

 

Hello guys, I checked their website and my server is not listed, niether my IP 
but if I enable zen.spamhaus.org I get the following message 

 

Hi. This is the qmail-send program at smtp.mail.me. 
I'm afraid I wasn't able to deliver your message to the following addresses. 
This is a permanent error; I've given up. Sorry it didn't work out. 

: 
221.xxx does not like recipient. 
Remote host said: 554 Refused. Your IP address is listed in the RBL at 
zen.spamhaus.org 
Giving up on myipaddress. 

--- Below this line is a copy of the message. 

 

 

—
Ciao, 

Remo

Re: [qmailtoaster] Problems starting or restarting qmail

[Jaime Lerner]

Thank you! :)

 

From: Eric Broch 
Reply-To: 
Date: Thursday, April 13, 2023 at 1:22 PM
To: 
Subject: Re: [qmailtoaster] Problems starting or restarting qmail

 

Also, I forgot these:

# ps aux |grep tcpserver

vpopmail 787  0.0  0.0   4416   852 ?S10:55   0:00 
/usr/bin/tcpserver -v -R -H -l localhost.localdomain -x 
/etc/tcprules.d/tcp.smtp.cdb -c 100 -u 89 -g 89 0 587 
/var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true
vpopmail 789  0.0  0.0   6540  1568 ?S10:55   0:00 
/usr/bin/tcpserver -v -R -H -l localhost.localdomain -x 
/etc/tcprules.d/tcp.smtp.cdb -c 100 -u 89 -g 89 0 smtp /usr/bin/spamdyke 
--config-file /etc/spamdyke/spamdyke.conf /var/qmail/bin/qmail-smtpd 
/home/vpopmail/bin/vchkpw /bin/true
vpopmail 790  0.0  0.0   4416   864 ?S10:55   0:00 
/usr/bin/tcpserver -v -R -H -l localhost.localdomain -x 
/etc/tcprules.d/tcp.smtp.cdb -c 100 -u 89 -g 89 0 465 
/var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true
root   56811  0.0  0.0  12144  1144 pts/0S+   11:18   0:00 grep 
--color=auto tcpserver

# ps aux |grep qmail-send

qmails   785  0.0  0.0   8664   964 ?S10:55   0:00 qmail-send

kill -9 787 789 790 785

On 4/13/2023 10:35 AM, Jaime Lerner wrote:

Thank you! That fixed it. Silly me...not thinking of just restarting the 
processes from the get-go. :)

 

 

From: Eric Broch 
Reply-To: 
Date: Thursday, April 13, 2023 at 11:05 AM
To: 
Subject: Re: [qmailtoaster] Problems starting or restarting qmail

 

[root@localhost ~]# ps aux |grep multilog
qmaill   1025356  0.4  0.0   4260   832 pts/1S08:59   0:00 
/usr/bin/multilog t s100 n100 /var/log/qmail/send
qmaill   1025358  0.4  0.0   4260   932 pts/1S08:59   0:00 
/usr/bin/multilog t s100 n100 /var/log/qmail/smtp
qmaill   1025360  0.6  0.0   4260   928 pts/1S08:59   0:00 
/usr/bin/multilog t s100 n100 /var/log/qmail/smtps
qmaill   1025364  0.4  0.0   4260   936 pts/1S08:59   0:00 
/usr/bin/multilog t s100 n100 /var/log/qmail/submission
root 1025445  0.0  0.0  12144  1164 pts/1S+   08:59   0:00 grep 
--color=auto multilog (grep application, ignore)
[root@localhost ~]# ps aux |grep supervise
root 1025349  0.0  0.0   4248  1232 pts/1S08:59   0:00 supervise 
send
root 1025350  0.0  0.0   4248   940 pts/1S08:59   0:00 supervise log
root 1025351  0.0  0.0   4248   936 pts/1S08:59   0:00 supervise 
smtp
root 1025352  0.0  0.0   4248   932 pts/1S08:59   0:00 supervise log
root 1025353  0.0  0.0   4248   840 pts/1S08:59   0:00 supervise 
smtps
root 1025354  0.0  0.0   4248   840 pts/1S08:59   0:00 supervise log
root 1025361  0.0  0.0   4248   840 pts/1S08:59   0:00 supervise 
submission
root 1025362  0.0  0.0   4248   932 pts/1S08:59   0:00 supervise log
root 1025635  0.0  0.0  12144  1160 pts/1S+   08:59   0:00 grep 
--color=auto supervise (grep application, ignore)

# kill -9 1025356 1025358 1025360 1025364 1025349 1025350 1025351 1025352 
1025353 1025354 1025361 1025362

On 4/13/2023 8:20 AM, Jaime Lerner wrote:

I keep getting the below as a response. Is there something I can do to fix this 
without just rebooting the server? I’m just a little wary of doing that when 
something doesn’t seem to be running right – I’d rather fix it than hope a 
reboot will do it.

 

If I run a “qmailctl stop” then the errors go away and when I check it, 
everything is up and running ... but if I try to start or restart I get the 
following. I think it never actually stops is the problem?

 

* Restarting qmail-smtpd.

[root@mail ~]# supervise: fatal: unable to acquire send/supervise/lock: 
temporary failure

supervise: fatal: unable to acquire log/supervise/lock: temporary failure

supervise: fatal: unable to acquire log/supervise/lock: temporary failure

supervise: fatal: unable to acquire log/supervise/lock: temporary failure

supervise: fatal: unable to acquire submission/supervise/lock: temporary failure

supervise: fatal: unable to acquire smtp/supervise/lock: temporary failure

 

Re: [qmailtoaster] Problems starting or restarting qmail

[Jaime Lerner]

Thank you! That fixed it. Silly me...not thinking of just restarting the 
processes from the get-go. :)

 

 

From: Eric Broch 
Reply-To: 
Date: Thursday, April 13, 2023 at 11:05 AM
To: 
Subject: Re: [qmailtoaster] Problems starting or restarting qmail

 

[root@localhost ~]# ps aux |grep multilog
qmaill   1025356  0.4  0.0   4260   832 pts/1S08:59   0:00 
/usr/bin/multilog t s100 n100 /var/log/qmail/send
qmaill   1025358  0.4  0.0   4260   932 pts/1S08:59   0:00 
/usr/bin/multilog t s100 n100 /var/log/qmail/smtp
qmaill   1025360  0.6  0.0   4260   928 pts/1S08:59   0:00 
/usr/bin/multilog t s100 n100 /var/log/qmail/smtps
qmaill   1025364  0.4  0.0   4260   936 pts/1S08:59   0:00 
/usr/bin/multilog t s100 n100 /var/log/qmail/submission
root 1025445  0.0  0.0  12144  1164 pts/1S+   08:59   0:00 grep 
--color=auto multilog (grep application, ignore)
[root@localhost ~]# ps aux |grep supervise
root 1025349  0.0  0.0   4248  1232 pts/1S08:59   0:00 supervise 
send
root 1025350  0.0  0.0   4248   940 pts/1S08:59   0:00 supervise log
root 1025351  0.0  0.0   4248   936 pts/1S08:59   0:00 supervise 
smtp
root 1025352  0.0  0.0   4248   932 pts/1S08:59   0:00 supervise log
root 1025353  0.0  0.0   4248   840 pts/1S08:59   0:00 supervise 
smtps
root 1025354  0.0  0.0   4248   840 pts/1S08:59   0:00 supervise log
root 1025361  0.0  0.0   4248   840 pts/1S08:59   0:00 supervise 
submission
root 1025362  0.0  0.0   4248   932 pts/1S08:59   0:00 supervise log
root 1025635  0.0  0.0  12144  1160 pts/1S+   08:59   0:00 grep 
--color=auto supervise (grep application, ignore)

# kill -9 1025356 1025358 1025360 1025364 1025349 1025350 1025351 1025352 
1025353 1025354 1025361 1025362

On 4/13/2023 8:20 AM, Jaime Lerner wrote:

I keep getting the below as a response. Is there something I can do to fix this 
without just rebooting the server? I’m just a little wary of doing that when 
something doesn’t seem to be running right – I’d rather fix it than hope a 
reboot will do it.

 

If I run a “qmailctl stop” then the errors go away and when I check it, 
everything is up and running ... but if I try to start or restart I get the 
following. I think it never actually stops is the problem?

 

* Restarting qmail-smtpd.

[root@mail ~]# supervise: fatal: unable to acquire send/supervise/lock: 
temporary failure

supervise: fatal: unable to acquire log/supervise/lock: temporary failure

supervise: fatal: unable to acquire log/supervise/lock: temporary failure

supervise: fatal: unable to acquire log/supervise/lock: temporary failure

supervise: fatal: unable to acquire submission/supervise/lock: temporary failure

supervise: fatal: unable to acquire smtp/supervise/lock: temporary failure

 

[qmailtoaster] Problems starting or restarting qmail

[Jaime Lerner]

I keep getting the below as a response. Is there something I can do to fix this 
without just rebooting the server? I’m just a little wary of doing that when 
something doesn’t seem to be running right – I’d rather fix it than hope a 
reboot will do it.

 

If I run a “qmailctl stop” then the errors go away and when I check it, 
everything is up and running ... but if I try to start or restart I get the 
following. I think it never actually stops is the problem?

 

* Restarting qmail-smtpd.

[root@mail ~]# supervise: fatal: unable to acquire send/supervise/lock: 
temporary failure

supervise: fatal: unable to acquire log/supervise/lock: temporary failure

supervise: fatal: unable to acquire log/supervise/lock: temporary failure

supervise: fatal: unable to acquire log/supervise/lock: temporary failure

supervise: fatal: unable to acquire submission/supervise/lock: temporary failure

supervise: fatal: unable to acquire smtp/supervise/lock: temporary failure

 

Re: [qmailtoaster] forwarding to gmail address fails because of hard spf check

[Jaime Lerner]

Thank you for testing this! I am going to try it also. 

On 2023-01-04 12:18 pm, Peter Peltonen wrote:

> Okay I tested this setup and it seems to work, mail gets through and I get 
> spf=pass for it in Gmail.  
> 
> The only difference to the procedure I posted earlier were: 
> 
> - needed to add srs.xyz.com [1] to morercpthosts and not to rcpthosts as I 
> have more than 50 domains hosted 
> - at the end I ran qmailctl cdb and qmailctl restart, not sure if needed 
> 
> Best, 
> Peter 
> 
> On Tue, Jan 3, 2023 at 11:22 AM Peter Peltonen  
> wrote: 
> Googling "srs qmailtoaster" gave me this link: 
> 
> http://wiki.qmailtoaster.net/index.php/Configuring_SRS_on_Toaster_1.03-1.3.13%2B
>  
> 
> which does not work, it seems qmailtoaster.com [2] should be used instead of 
> .net 
> 
> Okay now we have the instructions I guess I could try to test it, I have a 
> spare registered domain I could test with. Does this sound ok procedure:  
> 
> * setup domain xyz.com [3] with SPF with hard fail (-all) and the toaster as 
> the MX
> * send email from xyz.com [3] to GMail through our toaster: should pass ok
> * setup forwarding from xyz.com [3] to GMail
> * send email to xyz.com [3]: should fail because GMail does not accept
> * setup SRS at toaster:
> 
> * create NS record for domain srs.xyz.com [4] with MX pointing to our toaster
> * echo srs.xyz.com [4] > /var/qmail/control/srs_domain
> * mkpasswd -l 32 > /var/qmail/control/srs_secrets
> * mkpasswd -l 32 >> /var/qmail/control/srs_secrets
> * (repeat mkpasswd as many times you need, not sure how many is really 
> needed?)
> * echo 7 > /var/qmail/control/srs_maxage
> * echo 8 > /var/qmail/control/srs_hashlength
> * qmailctl restart
> * echo srs.xyz.com [4] >> /var/qmail/control/rcpthosts
> * echo srs.xyz.com:srs >> /var/qmail/control/virtualdomains
> 
> * echo "| /var/qmail/bin/srsfilter" > /var/qmail/alias/.qmail-srs-default
> (ownershp of other alias files on my server are user alias group nofiles, so 
> probably this should be changed to the same?) 
> 
> * send email to xyz.com [3]: should pass ok
> 
> What do you think Angus? 
> 
> Best, 
> Peter 
> 
> On Mon, Jan 2, 2023 at 7:52 PM Angus McIntyre  wrote: 
> 
> Peter Peltonen wrote on 1/2/23 11:57 AM:
>> Some of my toaster users have their email forwarded to Gmail ... Some
>> googling around tells me that SRS could be the solution for this 
>> problem.
>> 
>> There is info on this at Qmailtoaster Wiki, but the site seems to be 
>> somehow broken.
> 
> Which page are you looking at, and in what way does it seem broken?
> 
> http://wiki.qmailtoaster.com/index.php/Configuring_SRS_on_Toaster_1.03-1.3.13%2B
> 
> currently loads fine for me, and looks as if it has good information.
> 
> I should stress that I haven't tried this yet. I didn't know about SRS
> until you posted this (thank you!) but I'm having the same issue as you
> and it sounds as if this might be just what I need.
> 
> Would anyone who's actually implemented this care to comment?
> 
> Angus
> 
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
 

Links:
--
[1] http://srs.xyz.com/
[2] http://qmailtoaster.com
[3] http://xyz.com
[4] http://srs.xyz.com

Re: [qmailtoaster] Trouble with spamdyke blacklist_senders

[Jaime Lerner]

Yeah, they don't make it easy to find things in their docs. :)

> On Oct 17, 2021, at 6:34 PM, st...@keptprivate.com wrote:
> 
> 
> Ah! I can tell you why I could not find this.
> 
> The file is called blacklist_senders and I searched for "blacklist_senders 
> file format" "blacklist_senders examples", etc. and never found that 
> paragraph.
> 
> Steve
> 
> Sent with a Spark
> On Oct 17, 2021, 3:00 PM -0700, Jaime Lerner , 
> wrote:
> This is what the docs say under "Rejecting Senders" in terms of the 
> formatting of the file: spamdyke will block all incoming messages from a 
> specific address with the sender-blacklist-entry option. If more than a few 
> addresses are given, the sender-blacklist-file option is more efficient. The 
> given file must contain one email address per line. Blank lines and lines 
> beginning with # are ignored. If the sender-blacklist-file option is given 
> multiple times, each blacklist file will be checked before the connection is 
> blocked. https://www.spamdyke.org/documentation/README.html#REJECTING_SENDERS 
>   From: Reply-To: 
> Date: Sunday, October 17, 2021 at 5:52 
> PMTo: "qmailtoaster-list@qmailtoaster.com" 
> Subject: Re: [qmailtoaster] Trouble with 
> spamdyke blacklist_senders 
> Thanks for the help.
> 
> Shouldn't there be something about this in the spamdyke doc's?
> 
> Steve
>  
> Sent with a SparkOn Oct 17, 2021, 11:40 AM -0700, Eric Broch 
> , wrote:
> 
> https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Conf.htmlOn 
> 10/17/2021 12:02 PM, st...@keptprivate.com wrote:
> 
> Hi,
> I'm trying to blacklist multiple senders with a file formatted like:
> @xyz.com,@abc.net,@qrs.org
> but his doesn't seem to be working. I can't find any examples online or 
> documentation covering the file format with multiple entries.
> Steve

Re: [qmailtoaster] Trouble with spamdyke blacklist_senders

[Jaime Lerner]

This is what the docs say under "Rejecting Senders" in terms of the formatting 
of the file:

 

spamdyke will block all incoming messages from a specific address with the 
sender-blacklist-entry option. If more than a few addresses are given, the 
sender-blacklist-file option is more efficient. The given file must contain one 
email address per line. Blank lines and lines beginning with # are ignored. If 
the sender-blacklist-file option is given multiple times, each blacklist file 
will be checked before the connection is blocked.

 

https://www.spamdyke.org/documentation/README.html#REJECTING_SENDERS

 

 

 

From: 
Reply-To: 
Date: Sunday, October 17, 2021 at 5:52 PM
To: "qmailtoaster-list@qmailtoaster.com" 
Subject: Re: [qmailtoaster] Trouble with spamdyke blacklist_senders

 

Thanks for the help.

Shouldn't there be something about this in the spamdyke doc's?

Steve

 

Sent with a Spark

On Oct 17, 2021, 11:40 AM -0700, Eric Broch , wrote:


https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Conf.html

On 10/17/2021 12:02 PM, st...@keptprivate.com wrote:


Hi,

I'm trying to blacklist multiple senders with a file formatted like:

@xyz.com,@abc.net,@qrs.org

but his doesn't seem to be working. I can't find any examples online or 
documentation covering the file format with multiple entries.

Steve

Re: [qmailtoaster] Trouble with spamdyke blacklist_senders

[Jaime Lerner]

It works fine for me when I put each entry on its own line. No commas ...just a 
list.

 

Like...

 

@example.com

@example2.com

@example3.com

 

From: 
Reply-To: 
Date: Sunday, October 17, 2021 at 2:03 PM
To: 
Subject: [qmailtoaster] Trouble with spamdyke blacklist_senders

 


Hi,

I'm trying to blacklist multiple senders with a file formatted like:

@xyz.com,@abc.net,@qrs.org

but his doesn't seem to be working. I can't find any examples online or 
documentation covering the file format with multiple entries.

Steve

Re: [qmailtoaster] forwarding incoming email for single client to two different email accounts.

[Jaime Lerner]

You can also use qmail aliases with qmail-toaster.

 

You just put them in the directory for the specific domain and not in 
/var/qmail/alias

 

For example, if your domain was example.com, you would put it in 
/home/vpopmail/domains/example.com

 

I have specialized aliases in there that do things like pipe to a script, which 
I can't do in qmailadmin of course. :)

 

From: Tony White 
Reply-To: 
Date: Friday, May 21, 2021 at 2:25 AM
To: 
Subject: Re: [qmailtoaster] forwarding incoming email for single client to two 
different email accounts.

 

Hi,
  First time ever had to do this...
Not installed qmailadmin.
  Will look into it.

Thank you.


regards
Tony White
Across Technology
4a Birmingham Rd, 
Mount Evelyn, 
Victoria 3796
Mob 0481 362 743
acrosstechnology.com.au
On 21/5/21 4:13 pm, Andreas Galatis wrote:
Hi Toni,
 
the alias means you dont have the original account but only send mails
to the recipients
ie
@gmail.com
@gmail.com
 
With qmail-toaster the forwardings are managed in the valias- table of
vpopmail.
Dont you use qmailadmin?
 
Andreas
 
Am 21.05.21 um 06:50 schrieb Tony White:
Hi folks,
  Do I simply add two email addresses to this file?
 
/var/qmail/alias/.qmail-username
 
ie
 
@gmail.com
@gmail.com
 
Does this then remove the email from the original
account?
 
-- 
regards
Tony White
Across Technology
4a Birmingham Rd, 
Mount Evelyn, 
Victoria 3796
Mob 0481 362 743
acrosstechnology.com.au
 

Re: [qmailtoaster] Certificate

[Jaime Lerner]

LetsEncrypt  I use that on mine.

 

Free. :)

 

From: Scott Hughes 
Reply-To: 
Date: Tuesday, May 11, 2021 at 6:03 PM
To: 
Subject: [qmailtoaster] Certificate 

 

Where is the cheapest place to get a certificate for my server.  The server is 
in the USA if that matters. Thank you!

-

To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

 

 

Re: [qmailtoaster] Spamcop's RBL went rogue today for me

[Jaime Lerner]

Thank you!

> On Jan 31, 2021, at 7:37 PM, CarlC Internet Services Service Desk 
>  wrote:
> 
> 
> SPAMCOP.NET was not renewed as a domain by CISCO. There’s a big write up on 
> Reddit.
>  
> https://www.reddit.com/r/sysadmin/comments/l9asw7/spamcop_domain_expiredparked/
>  
> and
>  
> https://www.bleepingcomputer.com/news/security/spamcop-anti-spam-service-suffers-an-outage-after-its-domain-expired/
>  
> So, you could say “This outage brought to you by, CISCO…” …
>  
> Carl
>  
>  
> From: Jaime Lerner [mailto:jaimeler...@geekgoddess.com] 
> Sent: Sunday, January 31, 2021 06:13 PM
> To: qmailtoaster-list@qmailtoaster.com
> Subject: [qmailtoaster] Spamcop's RBL went rogue today for me
>  
> Just an FYI that from 11am ET this morning EVERY single email that was 
> delivered to my server got rejected from Spamdyke as "DENIED_RBL_MATCH" 
> because I had bl.spamcop.net listed as one of my "dns-blacklist-entry" 
> settings (along with spamhaus and barracudacentral).
>  
> I was finally notified via text from one of my clients that their email to be 
> bounced as undeliverable so I checked the server at 5pm and found all the 
> rejections in the maillog file. Yikes!
>  
> In case someone else has bl.spamcop.net in their spamdyke.conf file you may 
> want to check and make sure that server is receiving mail OK. Have no clue 
> what caused it.
>  
>  

[qmailtoaster] Spamcop's RBL went rogue today for me

[Jaime Lerner]

Just an FYI that from 11am ET this morning EVERY single email that was 
delivered to my server got rejected from Spamdyke as "DENIED_RBL_MATCH" because 
I had bl.spamcop.net listed as one of my "dns-blacklist-entry" settings (along 
with spamhaus and barracudacentral).

 

I was finally notified via text from one of my clients that their email to be 
bounced as undeliverable so I checked the server at 5pm and found all the 
rejections in the maillog file. Yikes!

 

In case someone else has bl.spamcop.net in their spamdyke.conf file you may 
want to check and make sure that server is receiving mail OK. Have no clue what 
caused it.

 

 

Re: [qmailtoaster] Future of qmailtoaster on CentOS?

[Jaime Lerner]

Have to agree with this! Mine is on a Digital Ocean droplet. :)  No problems 
whatsoever.

 

From: Gary Bowling 
Organization: GBCO
Reply-To: 
Date: Friday, December 11, 2020 at 10:16 AM
To: 
Subject: Re: [qmailtoaster] Future of qmailtoaster on CentOS?

 

 

Yes, they give you an OS, with the amount of MEM/disk/processors/etc that you 
configure and purchase. Once you get that, you can log in with SSH and set up 
anything you like. There is also a console app from your account in case you 
have trouble getting in via SSH.

 

It's really a nice service and I've been very happy with it. Since your machine 
sits on top of a big architecture you never have to worry about hardware 
failures, hardware upgrades, etc. You can add storage, RAM, processors, etc to 
an existing machine at any time.

 

I was skeptical at first of running email on a virtual, but I've been using 
mine for about 3 years now and it's really been a good service. I would never 
go back to a real machine, all the hardware headaches are gone.

 

gary

 

 

On 12/11/2020 10:01 AM, Eric Broch wrote:

Do they allow you to control the repos from which you update? If so there 
should not be problem if Rocky is done by then.

On 12/11/2020 7:45 AM, Gary Bowling wrote:

 

One issue I have is that my toaster is hosted on a virtual machine at Linode. 
Others may use virtual solutions as well. 

 

These services offer virtual machines of several popular flavors, but you have 
to use whatever they offer. Linode offers servers in Centos, Alpine, Arch, 
Debian, Fedora, Gentoo, Slackware, Ubuntu, and OpenSUSE. To use their service, 
you choose a platform/OS and specs. It's built for you in their data center, 
then you log in and configure/install what you want.

 

So for Linode there is no Rocky-linux or FreeBSD. Not to say that Rocky won't 
be supported in the future. If it takes hold and many of the CentOS customers 
move that direction, I'm sure it will. 

 

It's just something to keep in mind and consider as this is moved forward.

 

gary

 

On 12/11/2020 8:52 AM, Eric Broch wrote:

This looks like good news: https://github.com/rocky-linux

On another note: IBM bought/acquired Red Hat.

 

On 12/10/2020 8:35 AM, Eric Broch wrote:

Fellow QMT enthusiasts:

I became concerned about the future of CentOS a week or so ago (not a 
premonition just my natural paranoia) prior to their announcement two days back 
and visited centos.org to relieve my fears. I was confident at that point that 
having gotten QMT/CentOS 8 ready I was good to go for ~10 years. My confidence 
MAY have been hasty. I'm still not sure what drawbacks 'stream' is going to 
bring, if any, and like Angus am apprehensive. It's supposed to be an 
intermediate environment between Fedora and RHEL. In my opinion, to release 
CentOS 8 and then move it from downstream to upstream after people have already 
migrated is short-sighted at the very least, and its name Community Enterprise 
OS (8) is now a misnomer. Living in somewhat of a cocoon, I was completely 
unaware that RH "joined" CentOS. I've heard some say that we've been 
freeloading off CentOS for years and now it's time to pay up. Never mind that a 
free kernel is used and we actually test the software and report bugs. That 
said, I have REALLY enjoyed using CentOS since the beginning. 

That said, having a look at the old spec files from *-toaster designation days 
when we built the QMT for specific platforms, Fedora, was among them along with 
Suse, Mandrake, so, at the beginning QMT was used in a non-Enterprise 
environment. Anyway...

Personally, I'm interested in both Debian and FreeBSD and would like to go back 
halfway to multi-platform builds while keeping the current QMT/CentOS 8 
offering. This would mitigate the problems, if there are any, we are seeing now 
(hopefully). I guess it just depends on when (or if) the mega-corps buy up all 
of the Linux distributions and hang us all out to dry. Given the Felliniesque 
nature of the world today nothing would surprise me anymore.

One advantage of having a ports like mail server is the ability, if one is 
inclined to dig a little beyond binary installs, to make changes on the fly 
without having to wait for packages from the repo.

I've tried to install FreeBSD, although somewhat half-heartedly, on Proxmox 
serveral times with no success. If anyone has any hints I'm all ears...just my 
2 cents.

So, if anyone is working on installing QMT on another platform please keep us 
apprised of your successes. If you feel like writing it up, I'll post it to the 
web site.

I'll be looking into converting to *.deb packages (like rpm's, binary ease of 
install) in some way (I tried using alien...on the website) which can be used 
on Ubuntu and Debian Linux. Back to work for me...

Eric B.

On 12/9/2020 7:31 PM, Tony White wrote:

Hi all, 
  Anyone interested in BSD either Free or Open? 
I am starting to work on building a FreeBSD version 
of this for myself. Would like to know if 

Re: [qmailtoaster] Email backup to external storage

[Jaime Lerner]

Hey Eric,

 

The S3 sync looks great! Do you have to do anything else to keep it synced? Run 
a cron? Or are those 4 steps all there is?

 

Jaime

 

From: Eric Broch 
Reply-To: 
Date: Friday, October 30, 2020 at 9:28 AM
To: 
Subject: Re: [qmailtoaster] Email backup to external storage

 

I used AWS, have a look here, and search aws:

https://www.qmailtoaster.org/peripherals.html

 

On 10/30/2020 6:44 AM, Boheme wrote:

I use a Restic. The website can explain it better, but it does encrypted 
incremental snapshot backups to remote storage systems, in my case I use B2 
from Backblaze. B2 costs around $5/month/TB, and with the way the snapshot 
backups work I have easily accessible backups going back several years.  

 

Check it out:  https://restic.net/

 

-Chris

 

 

-Sent from my Pip-Boy 3000




On 30/10/2020, at 7:57 PM, ChandranManikandan  wrote:

 

Hi Folks, 

 

Could anyone use Email backup into external storage like NAS or cloud storage?

 

Am running COS7 with qmail in two machines

One machine is 1 TB email size and Hard disk size is 4 TB

Another machine is 600 GB email size and hard disk size is 1 TB.

 

How do I take automatic email backup to an external device, in case of any 
problem like Virus,malware,ransom ware etc.. then we can recover from that.

 

Please suggest me 

Advance thanks.
 

-- 

Regards,
Manikandan.C

Re: [qmailtoaster] QMT is not issuing a STARTTLS on outbound SMTP

[Jaime Lerner]

An easier place to check is to go to checktls.com to get an excellent output of 
your mailserver connection and whether it is using TLS.

 

Might help with trouble-shooting

 

From: Eric Broch 
Reply-To: 
Date: Thursday, October 15, 2020 at 5:39 PM
To: 
Subject: Re: [qmailtoaster] QMT is not issuing a STARTTLS on outbound SMTP

 

What's this look like

 

# ls -la /var/qmail/control

 

On 10/15/2020 2:54 PM, Jim McNamara wrote:

[root@catchmail2 control]# yum list installed | grep qmail

qmail.x86_64 1.03-3.3.1.qt.el8 @qmt-testing

qmailadmin.x86_64 1.2.16-5.1.qt.el8 @qmt-testing

qmailmrtg.x86_64 4.2-4.qt.el8 @qmt-testing

 

On 10/15/20 4:48 PM, Eric Broch wrote:

What version of qmail?

 

On 10/15/2020 2:47 PM, Jim McNamara wrote:

Received: from mymachine.tld (mymachine.tld. [9.8.7.6])

by mx.google.com with ESMTP id 

p5si1775654qvb.199.2020.10.15.09.52.15

for ;

Thu, 15 Oct 2020 09:52:15 -0700 (PDT)

 

Received: from mymachine.tld (mymachine.tld. [9.8.7.6])

by mx.google.com with ESMTP id 

n10si156346qvl.1.2020.10.15.13.37.49

for ;

Thu, 15 Oct 2020 13:37:49 -0700 (PDT)

 

No mention whatsoever of TLS, the next lines of the headers begin:

 

Received-SPF: pass

 

 

On 10/15/20 3:32 PM, Eric Broch wrote:

Check the header of an email you've sent to Gmail from your QMT, 

you should see something like the following:

 

Received: from localhost (mx.mydomain.com. [xxx.xxx.xxx.xxx])

by mx.google.com with ESMTPS id 

be3si1766151plb.73.2020.10.15.11.34.29

for 

(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);

 

 

I'm sending from a CentOS 8/QMT I just fired up and am testing.

 

 

Eric

 

 

On 10/15/2020 12:57 PM, Jim McNamara wrote:

Hello, list!

 

According to http://www.qmailtoaster.net/notls.html , all outbound 

SMTP should be using TLS unless a domain is configured explicitly 

not use it. However, without even creating the directory 

/var/qmail/control/notlshosts every message I send from my server 

to gmail.com is going unencrypted. The /var/log/qmail/send/current 

file has entries like:

 

2020-10-15 14:29:58.418313500 new msg 8428251

2020-10-15 14:29:58.418315500 info msg 8428251: bytes 574 from 

 qp 511025 uid 89

2020-10-15 14:29:58.418336500 starting delivery 1: msg 8428251 to 

remote anothe...@gmail.com

2020-10-15 14:29:58.418337500 status: local 0/10 remote 1/60

2020-10-15 14:29:59.220407500 delivery 1: success: 

_173.194.204.26_accepted_message./Remote_host_said:_250_2.0.0_OK__1602786599_w13si301qtv.16_-_gsmtp/

2020-10-15 14:29:59.220525500 status: local 0/10 remote 0/60

2020-10-15 14:29:59.220563500 end msg 8428251

 

The message in gmail shows up with the padlock having a red line 

through it, indicating it was not encrypted during transit. Since 

I see the 250 in the send log, I would assume that should my 

server attempt to use TLS, there should be a, "starttls" getting 

logged?

 

My /var/qmail/supervise/send/run file is simply:

 

 

#!/bin/sh

exec /var/qmail/rc

 

 

Did I do something wrong that outbound SMTP is not even asking for 

TLS?

 

 

-

To unsubscribe, e-mail: 

qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: 

qmailtoaster-list-h...@qmailtoaster.com

 

 

 

-

To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: 

qmailtoaster-list-h...@qmailtoaster.com

 

 

-

To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: 

qmailtoaster-list-h...@qmailtoaster.com

 

 

 

-

To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

 

 

-

To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

 

 

 

-

To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

 

 

Re: [qmailtoaster] spoofing display name

[Jaime Lerner]

Note with DMARC, you need to set the policy directive to either "reject" or 
"quarantine" if you want something done with the emails. If you leave it as 
"none", the emails will still go through once the evaluation is done.

 

Also, you MUST have both DKIM and SPF set up for the domain before you set up 
DMARC.

 

For SPF and DKIM you can also set the alignment for the domain, with "relaxed" 
meaning it will do a partial match of the domain name, which will allow 
something like "mail.example.com" to match "example.com" or "strict" meaning it 
can only match the exact domain. If you only send email with a single version 
of your domain name, then you should use strict.

 

My DMARC record is as follows:

 

_dmarc IN TXT   
"v=DMARC1;p=reject;rua=mailto:dm...@example.com;aspf=s;fo=1;ruf=mailto:dma...@example.com;;

 

As you can see I am stating the version ("v") which is required, the policy 
("p") which is required, the SPF alignment mode ("aspf"), the email address to 
send reports to, and the failure reporting options as to what level of failure 
needs to be reached before a report is sent ("fo").

 

Policy is usually set as "none" when you first set up DMARC so you can read the 
reports that come in and make sure you will not get rejected from various 
servers. Once you see that your emails are showing up as passing for places 
like Google and Yahoo, you know you are fine and can then set your policy to 
"reject" or "quarantine". I have mine set to "reject" now, so if you had that 
set for YOUR DMARC, then Google would reject any email explicitly not allowed 
by your DNS settings to be sent using your domain as the "from" or 
"return-path" sender. If you use "quarantine", then the emails would probably 
still deliver, but be put in the junk/spam folder automatically. If you use 
"reject", the emails are rejected at the SMTP level - they bounce immediately 
at the handshake.

 

I still get DMARC reports sent to me just so I can check them every once in a 
while and make sure I'm not seeing any rejections from my own mailserver. If 
I'm seeing rejections from OTHER mailservers that I haven't explicitly 
authorized to send email on my domain's behalf, then that means those 
mailservers parse DMARC and pass/fail/reject emails based on the DMARC record.

 

Hope that helps some for any emails going out to other servers and services.

 

I'm thinking you were saying your issue was you were receiving spoofed senders 
for you OWN domains though, so if that's the case, then a DMARC record wouldn't 
help you unless YOUR server was checking DMARC. I don't know how to set up 
qmail to TEST for DMARC, so my own server doesn't test incoming emails, so I 
can't help there  While I see in my maillog where I'm getting emails sent 
"from" my own domain as spoofed senders, 99% of the time those emails get 
blocked from delivery by a bad reverse DNS and I never actually see them in my 
mailbox.

 

Jaime

 

 

 

From: Miguel Angel Amable Ventura 
Reply-To: 
Date: Friday, August 28, 2020 at 10:02 AM
To: 
Subject: Re: [qmailtoaster] spoofing display name

 

Hi Chandran

Are you sure the emails are spoofed? Or they are comming from your own server?

Greetings!

El 28/08/2020 a las 03:12 a. m., ChandranManikandan escribió:

Hi Guys,

 

As you advised, I have already configured SPF,DAMAR on my dns server, but still 
spam emails received from my domain name or my email address.

I have done default score  hits 5.

Now less spam  emails are received.

 

 

On Fri, Aug 28, 2020 at 4:07 PM ChandranManikandan  wrote:

Hi Eric, 

 

Any possible ways to block unauthenticated those emails.

 

 

On Thu, Aug 27, 2020 at 7:01 PM Eric Broch  wrote:

I'm not sure how to help you guys with this. Have you thought about asking on 
the spamdyke or spamassassin mailing lists?

On 8/27/2020 3:56 AM, ChandranManikandan wrote:

Hi Tahnan,

 

Am also facing a similar problem, and I am running both spamdyke & spamassassin.

is there any misconfiguration on my server and any tighten the rule.

I Appreciate anyone helping me.

 

On Sat, Aug 22, 2020 at 8:28 PM Tahnan Al Anas  wrote:

Dear Eric, 

 

Recently I have observed all of my servers getting spoofed display name spam 
mail. Which mean someone spoofing my user display name only and sending lots of 
spam which my user thinking came from their boss or someone important in the 
organization. Is there any rule which can stop spoof display name spam in 
spamassasine?

 


 

 

--

--

 

Best Regards

Muhammad Tahnan Al Anas


 

-- 

Regards,
Manikandan.C


 

-- 

Regards,
Manikandan.C


 

-- 

Regards,
Manikandan.C

Re: [qmailtoaster] how to change system email

[Jaime Lerner]

What is "me" set as in /var/qmail/control

 

"me" should be qmail1.citecho.net and "default domain" should be citecho.net.

 

Not sure if that's the issue or not.

 

From: Tahnan Al Anas 
Reply-To: 
Date: Tuesday, August 18, 2020 at 1:21 PM
To: 
Subject: [qmailtoaster] how to change system email

 

Hi Eric,

 

I have been trying to figure out how I can change root and system email that 
send failure notices, and other system related information. In my servers, root 
mail sent to r...@citechco.net though server hostname is qmail1.citechco.net. I 
require to configure all mail should sent r...@qmail1.citechco.net. 

 

I tried alias in booth /var/qmail/alias and in etc/aslias it do not work.
 

 

--

--

 

Best Regards

Muhammad Tahnan Al Anas

Re: [qmailtoaster] Mind your patch cycle! Boot killing patch was released by CentOS

[Jaime Lerner]

Thank you for that! Mine says BIOS, thankfully. :) 

On 2020-08-01 1:31 am, Eric Broch wrote:

> Quick way to check boot mode (UEFI or BIOS) 
> 
> # test -d /sys/firmware/efi && echo UEFI || echo BIOS 
> 
> On my system output is 
> 
> # test -d /sys/firmware/efi && echo UEFI || echo BIOS 
> 
> BIOS 
> 
> If output is 
> 
> UEFI 
> 
> This bug will impact you. 
> 
> The default boot setting on CentOS 7/8 is BIOS. So if you haven't changed 
> that you should be okay. 
> 
> On 7/31/2020 8:07 PM, Chris wrote: 
> 
> Is your VM emulating "UEFI Secure Boot" or is it in BIOS emulation mode?  The 
> bug only impacts UEFI Secure Boot on CentOS, but oddly for the Debian/Ubuntu 
> users it's impacting them if they are in BIOS mode. 
> 
> -Chris 
> 
> On Sat, Aug 1, 2020 at 11:46 AM Eric Broch  wrote: 
> Interesting...
> 
> I have a vm with CentOS Linux release 7.8.2003 (Core) with grub2 (pkgs 
> below) and it booted up.
> 
> grub2-tools-minimal-2.02-0.86.el7.centos.x86_64
> grub2-tools-extra-2.02-0.86.el7.centos.x86_64
> grubby-8.28-26.el7.x86_64
> grub2-pc-2.02-0.86.el7.centos.x86_64
> grub2-2.02-0.86.el7.centos.x86_64
> grub2-common-2.02-0.86.el7.centos.noarch
> grub2-pc-modules-2.02-0.86.el7.centos.noarch
> grub2-tools-2.02-0.86.el7.centos.x86_64
> 
> On 7/31/2020 4:52 PM, Chris wrote:
>> https://arstechnica.com/gadgets/2020/07/red-hat-and-centos-systems-arent-booting-due-to-boothole-patches/
>> 
>> 
> 
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] How to debug 'qq soft reject'?

[Jaime Lerner]

I remember having to set that number VERY high in the run file to stop those 
errors. Here is mine for /var/qmail/supervise/smtp/run

 

[root@mail smtp]# cat run

#!/bin/sh

QMAILDUID=`id -u vpopmail`

NOFILESGID=`id -g vpopmail`

MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`

SPAMDYKE="/usr/bin/spamdyke"

SPAMDYKE_CONF="/etc/spamdyke/spamdyke.conf"

SMTPD="/var/qmail/bin/qmail-smtpd"

TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"

HOSTNAME=`hostname`

VCHKPW="/home/vpopmail/bin/vchkpw"

REQUIRE_AUTH=0

 

exec /usr/bin/softlimit -m 6400 \

 /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \

 -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \

 $SPAMDYKE --config-file $SPAMDYKE_CONF \

 $SMTPD $VCHKPW /bin/true 2>&1

 

I set it the same for /send/, but it was different for submission:

 

[root@mail submission]# cat run

#!/bin/sh

QMAILDUID=`id -u vpopmail`

NOFILESGID=`id -g vpopmail`

MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`

SMTPD="/var/qmail/bin/qmail-smtpd"

TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"

HOSTNAME=`hostname`

VCHKPW="/home/vpopmail/bin/vchkpw"

export REQUIRE_AUTH=1

 

exec /usr/bin/softlimit -m 12800 \

/usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \

-u "$QMAILDUID" -g "$NOFILESGID" 0 587 \

$SMTPD $VCHKPW /bin/true 2>&1

 

 

 

From: Angus McIntyre 
Reply-To: 
Date: Monday, July 20, 2020 at 3:36 PM
To: 
Subject: Re: [qmailtoaster] How to debug 'qq soft reject'?

 

Thank you Finn and Remo

 

I tried doubling the softlimit, and using Remo's configuration, but the 

problem remains.

 

I'm not seeing any additional output in /var/qmail/log/smtp/current. Is 

that the logfile where the simscan debug output should go, or should I 

look for it somewhere else?

 

I assume that it's something that simscan launches. Here's the 

'smtp/current' log:

 

@40005f15ef8c19226514 tcpserver: pid 17174 from 11.22.33.44

@40005f15ef8c192270cc tcpserver: ok 17174 s6:198.74.60.61:25 

:11.22.33.44::38580

@40005f15ef932c056ab4 CHKUSER accepted sender: from 

 remote 

 rcpt <> : sender accepted

@40005f15ef932c22d5f4 CHKUSER accepted any rcpt: from 

 remote 

 rcpt  

: accepted any recipient for this domain

@40005f15ef932c22e1ac policy_check: remote u...@example.com -> local 

u...@otherhost.net (UNAUTHENTICATED SENDER)

@40005f15ef932c22e594 policy_check: policy allows transmission

@40005f15ef932e9f3034 qmail-smtpd: qq soft reject (mail server 

temporarily rejected message (#4.3.0)): MAILFROM: 

RCPTTO:u...@otherhost.net

@40005f15ef932f9c8b94 tcpserver: end 17174 status 0

@40005f15ef932f9c9364 tcpserver: status: 0/100

 

But I can't find any logs anywhere that will tell me _what_ is failing.

 

Thanks again for all your help. Any further suggestions would be very 

welcome.

 

Angus

 

 

Remo Mattei wrote on 7/20/20 2:55 PM:

here is what mine looks like

 

:allow,SIMSCAN_DEBUG="2",CHKUSER_EXTRA_MUSTAUTH_VARIABLE,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="150",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private”

 

you probably want to have that out of the 127.

 

Remo

 

On Jul 20, 2020, at 11:52 AM, qm...@mailonly.dk wrote:

 

Hi Angus.

 

Have You tried to increase the softlimit in the run file ? (to get rid of the 
issue ;-))

 

Cheers,

Finn

 

Den 20-07-2020 kl. 20:01 skrev Angus McIntyre:

My qmailtoaster running on CentOS 7 was behaving fine, but now seems to soft 
reject everything, and I'm having a hard time working out why.

It doesn't seem to be a ClamAV issue: I set 'clam=no' in 
'/var/qmail/control/simcontrol' and restarted qmail, but I still get the 
rejections.

I added 'SIMSCAN_DEBUG="5"' to the list of env vars in 
'/etc/tcprules.d/tcp.smtp', but that doesn't seem to generate any actionable 
debugging output anywhere that I can see.

Does anyone have any suggestions for debugging this issue? I know there's been 
some talk of bad signatures for ClamAV recently, but I _thought_ I'd eliminated 
that as a possibility by turning off clam in simcontrol. If that's not the 
case, how would I identify (and suppress) a bad signature?

Thanks,

Angus

-

To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

 

-

To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

 

 

 

-

To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

 

 

Re: [qmailtoaster] SMTPS Port - Who is Failing ?

[Jaime Lerner]

David,

 

You might try the suggestions here: 
https://www.taverner-rich.com/mitigating-brute-force-attacks/

 

I put them in place on my server and it definitely helped.

 

Jaime

 

From: Eric Broch 
Reply-To: 
Date: Wednesday, April 22, 2020 at 9:40 AM
To: 
Subject: Re: [qmailtoaster] SMTPS Port - Who is Failing ?

 

Hi David,

I think you're on to something with fail2ban (keying off maillog). I was 
monitoring my smtps port (watching the certificate and encryption scroll by) 
using /usr/bin/recordio and /var/log/maillog and found that the bad guys are 
trying to login. Here are some failures from maillog:

vchkpw-smtps: vpopmail user not found testforu...@whitehorsetc.com:92.118.38.83

vchkpw-smtps: password fail (pass: 'somepassword') 
someu...@whitehorsetc.com:185.50.149.2

Maybe a fail2ban rule?!

Eric

 

On 4/18/2020 4:12 AM, David Bray wrote:

Hi thanks - yes can block that IP

But it’s not just one, and the solution is not fine enough

I want more of a fail2ban rule, bad use bad pass 3 strikes your out

 

I need to know they are mucking round.

 

I tried sending myself through the port with a bad password- sure it blocks it, 
but there is no log of the event - it looks like a legit, connection from Ann IP

 

On Sat, 18 Apr 2020 at 7:30 pm, Chris  wrote:

Here's a great article with instructions on how to implement an IP blacklist in 
iptables. Unless you've got a user in Panama, it looks like you's want to block 
141.98.80.30 


https://linux-audit.com/blocking-ip-addresses-in-linux-with-iptables/

 

On Sat, Apr 18, 2020 at 5:49 PM David Bray  wrote:

sure - thanks for replying, this comes in waves taking the server to it's 
maximum at times 

 

as far as I can see this only logs are this:

 

==> /var/log/qmail/smtps/current <==
2020-04-18 05:04:48.450871500 tcpserver: status: 6/60
2020-04-18 05:04:48.480785500 tcpserver: pid 13339 from 141.98.80.30
2020-04-18 05:04:48.480787500 tcpserver: ok 13339 
dev.brayworth.com:172.105.181.18:465 :141.98.80.30::25638
2020-04-18 05:04:52.797644500 tcpserver: status: 7/60
2020-04-18 05:04:52.830767500 tcpserver: pid 13340 from 141.98.80.30
2020-04-18 05:04:52.830768500 tcpserver: ok 13340 
dev.brayworth.com:172.105.181.18:465 :141.98.80.30::14862
2020-04-18 05:04:57.248902500 tcpserver: status: 8/60
2020-04-18 05:04:57.304003500 tcpserver: pid 13342 from 141.98.80.30
2020-04-18 05:04:57.304006500 tcpserver: ok 13342 
dev.brayworth.com:172.105.181.18:465 :141.98.80.30::9646
2020-04-18 05:05:01.854790500 tcpserver: status: 9/60
2020-04-18 05:05:01.902265500 tcpserver: pid 13345 from 141.98.80.30
2020-04-18 05:05:01.902266500 tcpserver: ok 13345 
dev.brayworth.com:172.105.181.18:465 :141.98.80.30::54058
2020-04-18 05:05:09.729711500 tcpserver: end 13338 status 256
2020-04-18 05:05:09.729713500 tcpserver: status: 8/60
2020-04-18 05:06:05.965715500 tcpserver: end 13342 status 256
2020-04-18 05:06:05.965716500 tcpserver: status: 7/60
2020-04-18 05:06:06.141272500 tcpserver: end 13340 status 256
2020-04-18 05:06:06.141273500 tcpserver: status: 6/60


David Bray

0418 745334
2 ∞ & <

 

 

On Sat, 18 Apr 2020 at 15:41, Eric Broch  wrote:

Can you send the log of one of the "bad" connections?

On 4/17/2020 10:59 PM, David Bray wrote:

I can see I'm getting hammered on my smtps port 

 

How can I mitigate this?

 

I can see the IP's in /var/log/qmail/smtps/current

 

but where do I actually see that the smtp auth actually fails ?

 

or do I need to increase the logging somewhere ?

 

if I tail -f /var/log/dovecot.log

 

I can see the imap and pop failures

 

thanks in advance


David Bray

0418 745334
2 ∞ & <

-- 

# David

Re: [qmailtoaster] Dkim failed for bad signature

[Jaime Lerner]

For your text record you need to have "v=DKIM1;" followed by the rest of
what you have for your key (k=rsa; etc)

So, you should have "v=DKIM1; k=rsa;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbIxryNG17mGqSsZoc1b89dziWmhcXLixrBy
ZGkRIuJRAkLkzSjmYORixUNRp9JgXBKK4HTCq51iw4V3FljOXqV4sq2hHQnUO42bVQHP9QLxpLw9
qipYFLoYs7jyj/lGqDuCUUM5MUH2kzWXWPj/Gg4pNlycMCZmdvq88s0YPbQQIDAQAB;"

Add that and test again. :)

From:  Tahnan Al Anas 
Reply-To:  
Date:  Wednesday, March 4, 2020 at 1:33 AM
To:  Eric Broch ,

Subject:  [qmailtoaster] Dkim failed for bad signature

Dear Eric,

Please check below issue as goggle find dkim settings as bad signature

DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=agranidoer.com
 ; h=
mime-version:content-type:content-transfer-encoding:date:from:to
:subject:message-id; s=dkim1; bh=tWYREcvKIIojGl0dYjSIeVwhexo=; b=
JdpDEUaLDyZ8MZlEJTfeoT7MNOE04L3kQG7SA8mbwh6e7+UOJYpq4Q3r9opTCMyn
BYiV2GdMnjOwXks8/q1qvzeuGshQTDZbg0DH4ozK3KIaHOwl9tgOQfJWBr6+gPt7
ztzsswTNSsJeopgzsSRpqknnA9i2NPxeIes1RTs00qc=
Signed-by: 52555...@agranidoer.com
Expected-Body-Hash: tWYREcvKIIojGl0dYjSIeVwhexo=
Public-Key: k=rsa; 
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbIxryNG17mGqSsZoc1b89dziWmhcXLixrBy
ZGkRIuJRAkLkzSjmYORixUNRp9JgXBKK4HTCq51iw4V3FljOXqV4sq2hHQnUO42bVQHP9QLxpLw9
qipYFLoYs7jyj/lGqDuCUUM5MUH2kzWXWPj/Gg4pNlycMCZmdvq88s0YPbQQIDAQAB;

DKIM-Result: fail (bad signature)
DMARC: pass
DomainKey: pass
PTR: ExistsRecord
RBL: NotListed
Download Report 



--
--

Best Regards
Muhammad Tahnan Al Anas

Re: [qmailtoaster] DKIM not signed?

[Jaime Lerner]

Thank you so much Eric! Appreciate your quick help!

It's showing it is signed with v=1 now...

DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=geekgoddess.com; h=date
:subject:from:to:message-id:mime-version:content-type; s=dkim1;
 bh=9sA6PYXljO64Lmr7hUa3XFZHkFo=; b=Biqw0M5pY2ecwqjEtDykJHKvWtmk
VXejz9cQzUph59geqcPhcvnQIrAdSm91IbnJzNkz8E2e0/NTDYZVabuHQrirMoSc
QhB/X5MtE4Fr8JZ3N3tuerxS9dEf+yql1/5T9SAxFmiuBatUZRDuRmgUiwdL9aia
5FdNBkZtv3iCCgE=

And I tested by sending to port25.com:

This message is an automatic response from Port25's authentication verifier
service at verifier.port25.com.  The service allows email senders to perform
a simple check of various sender authentication mechanisms.  It is provided
free of charge, in the hope that it is useful to the email community.  While
it is not officially supported, we welcome any feedback you may have at
.

Thank you for using the verifier,

The Port25 Solutions, Inc. team

==
Summary of Results
==
SPF check:  pass
"iprev" check:  pass
DKIM check: pass
SpamAssassin check: ham


From:  Eric Broch 
Reply-To:  
Date:  Monday, December 16, 2019 at 1:33 PM
To:  
Subject:  Re: [qmailtoaster] DKIM not signed?


 

Observations on your system:
 

1) qmail-remote is a binary (should be a perl script)
 
 

2) qmail-remote is newer than qmail-remote.orig (qmail-remote.orig is not
being used at all)
 
 

3) qmail-remote with QMT DKIM setup should be a perl script and is not. I
can tell that qmail-remote is a binary by the size of the file
 

Save qmail-remote.orig to qmail-remote.orig.bak and go through the process I
outlined in the previous email.
 


 
 
On 12/16/2019 11:26 AM, Jaime Lerner wrote:
 
 
>   
> Sorry, it's there:
>  
> 
>  
>  
>  
> 
> -rws--x--x  1 qmailq qmail  27040 Apr 20  2017 qmail-queue.orig
>  
> 
> -rwx--x--x  1 root   qmail  56080 Apr 20  2017 qmail-remote
>  
> 
> -rwx--x--x  1 root   qmail  56080 Feb  6  2015 qmail-remote.orig
>  
>  
> 
>  
>  
> 
>  
>   
> From:  Eric Broch 
>  Reply-To:  
>  Date:  Monday, December 16, 2019 at 1:18 PM
>  To:  
>  Subject:  Re: [qmailtoaster] DKIM not signed?
>  
>  
> 
>  
>  
>   
>  
> 
> Jamie,
>  
> 
> From the looks of your setup I'd recommend the following procedure (In a
> directory other than /var/qmail/bin) :
>  
>  
> 1. # wget https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote
> 2. # qmailctl stop
> 3. # mv /var/qmail/bin/qmail-remote /var/qmail/bin/qmail-remote.orig
> 4. # mv qmail-remote /var/qmail/bin
> 5. # chmod 777 /var/qmail/bin/qmail-remote
> 6. # chown root:qmail /var/qmail/bin/qmail-remote
> 7. # qmailctl start
>  
> Eric
>  
> 
>  
>  
> On 12/16/2019 10:41 AM, Eric's mail wrote:
>  
>  
>>   
>> qmail-remote should be the perl script and the original remote renamed to
>> qmail-remote.orig
>>  
>>  
>>  
>>  
>> Eric's email, phone
>>  
>>  
>>  
>>  
>>  
>>  
>> On Mon, Dec 16, 2019 at 9:28 AM -0700, "Jaime Lerner"
>>  wrote:
>>  
>>  
>>>  
>>>  
>>>  
>>> 
>>> [root@mail bin]# ls -al
>>>  
>>> 
>>> total 1452
>>>  
>>> 
>>> drwxr-xr-x  2 root   qmail   4096 Dec 16 10:36 .
>>>  
>>> 
>>> drwxr-xr-x 12 root   qmail   4096 Apr  8  2019 ..
>>>  
>>> 
>>> -rwxr-xr-x  1 root   qmail  14480 Apr 20  2017 bouncesaying
>>>  
>>> 
>>> -rwxr-xr-x  1 root   qmail  31184 Apr 20  2017 condredirect
>>>  
>>> 
>>> -rwxr-xr-x  1 root   qmail   1087 Apr 20  2017 config-fast
>>>  
>>> 
>>> -rwxr-xr-x  1 root   qmail126 Apr 20  2017 datemail
>>>  
>>> 
>>> -rwxr-xr-x  1 root   qmail928 Apr 20  2017 dh_key
>>>  
>>> 
>>> -rwxr-xr-x  1 root   qmail114 Apr 20  2017 elq
>>>  
>>> 
>>> -rwxr-xr-x  1 root   qmail  14480 Apr 20  2017 except
>>>  
>>> 
>>> -rwxr-xr-x  1 root   qmail  31152 Apr 20  2017 forward
>>>  
>>> 
>>> -rwxr-xr-x  1 root   qmail  26824 Apr 20  2017 instcheck
>>>  
>>> 
>>> -rwxr-xr-x  1 root   qmail  26920 Apr 20  2017 maildir2mbox
>>>  
>>> 
>>> -rwxr-xr-x  1 root   qmail  14504 Apr 20  2017 maildirmake
>>>  
>>> 
>>> -rwxr-xr-x  1 root   qmail  22856 Apr 20  2017 maildirwatch
>>>  
>>> 
>>> -rwxr-xr-x  1 root   qmail179 Apr 20  2017 mailsubj
>>&g

Re: [qmailtoaster] DKIM not signed?

[Jaime Lerner]

Sorry, it's there:

-rws--x--x  1 qmailq qmail  27040 Apr 20  2017 qmail-queue.orig

-rwx--x--x  1 root   qmail  56080 Apr 20  2017 qmail-remote

-rwx--x--x  1 root   qmail  56080 Feb  6  2015 qmail-remote.orig



From:  Eric Broch 
Reply-To:  
Date:  Monday, December 16, 2019 at 1:18 PM
To:  
Subject:  Re: [qmailtoaster] DKIM not signed?


 

Jamie,
 

>From the looks of your setup I'd recommend the following procedure (In a
directory other than /var/qmail/bin) :
 
 
1. # wget 
https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote
2. # qmailctl stop 
3. # mv /var/qmail/bin/qmail-remote /var/qmail/bin/qmail-remote.orig
4. # mv qmail-remote /var/qmail/bin
5. # chmod 777 /var/qmail/bin/qmail-remote
6. # chown root:qmail /var/qmail/bin/qmail-remote
7. # qmailctl start
 
Eric
 

 
 
On 12/16/2019 10:41 AM, Eric's mail wrote:
 
 
>   
> qmail-remote should be the perl script and the original remote renamed to
> qmail-remote.orig
>  
>  
>  
>  
> Eric's email, phone
>  
>  
>  
>  
>  
>  
> On Mon, Dec 16, 2019 at 9:28 AM -0700, "Jaime Lerner"
>  wrote:
>  
>  
>>  
>>  
>>  
>> 
>> [root@mail bin]# ls -al
>>  
>> 
>> total 1452
>>  
>> 
>> drwxr-xr-x  2 root   qmail   4096 Dec 16 10:36 .
>>  
>> 
>> drwxr-xr-x 12 root   qmail   4096 Apr  8  2019 ..
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  14480 Apr 20  2017 bouncesaying
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  31184 Apr 20  2017 condredirect
>>  
>> 
>> -rwxr-xr-x  1 root   qmail   1087 Apr 20  2017 config-fast
>>  
>> 
>> -rwxr-xr-x  1 root   qmail126 Apr 20  2017 datemail
>>  
>> 
>> -rwxr-xr-x  1 root   qmail928 Apr 20  2017 dh_key
>>  
>> 
>> -rwxr-xr-x  1 root   qmail114 Apr 20  2017 elq
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  14480 Apr 20  2017 except
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  31152 Apr 20  2017 forward
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  26824 Apr 20  2017 instcheck
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  26920 Apr 20  2017 maildir2mbox
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  14504 Apr 20  2017 maildirmake
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  22856 Apr 20  2017 maildirwatch
>>  
>> 
>> -rwxr-xr-x  1 root   qmail179 Apr 20  2017 mailsubj
>>  
>> 
>> -rwxr-xr-x  1 root   qmail   8259 Apr 20  2017 makecert.sh
>>  
>> 
>> -rwxr-xr-x  1 root   qmail115 Apr 20  2017 pinq
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  18824 Apr 20  2017 predate
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  18760 Apr 20  2017 preline
>>  
>> 
>> -rwxr-xr-x  1 root   qmail115 Apr 20  2017 qail
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  18728 Apr 20  2017 qbiff
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  18672 Apr 20  2017 qmail-badloadertypes
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  18672 Apr 20  2017 qmail-badmimetypes
>>  
>> 
>> -rwx--x--x  1 root   qmail  14680 Apr 20  2017 qmail-clean
>>  
>> 
>> -rws--x--x  1 qmailq qmail  52096 Apr 20  2017 qmail-dk
>>  
>> 
>> -rwx--x--x  1 root   qmail  10416 Apr 20  2017 qmail-getpw
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  51728 Apr 20  2017 qmail-inject
>>  
>> 
>> -rwx--x--x  1 root   qmail  64120 Apr 20  2017 qmail-local
>>  
>> 
>> -rwx--  1 root   qmail  22848 Apr 20  2017 qmail-lspawn
>>  
>> 
>> -rwx--  1 root   qmail  18672 Apr 20  2017 qmail-newmrh
>>  
>> 
>> -rwx--  1 root   qmail  14576 Apr 20  2017 qmail-newu
>>  
>> 
>> -rwx--x--x  1 root   qmail  22904 Apr 20  2017 qmail-pw2u
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  18744 Apr 20  2017 qmail-qmqpc
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  22832 Apr 20  2017 qmail-qmqpd
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  31032 Apr 20  2017 qmail-qmtpd
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  22776 Apr 20  2017 qmail-qread
>>  
>> 
>> -rwxr-xr-x  1 root   qmail371 Apr 20  2017 qmail-qstat
>>  
>> 
>> lrwxrwxrwx  1 root   root  23 Apr  8  2019 qmail-queue ->
>> /var/qmail/bin/qmail-dk
>>  
>> 
>> -rws--x--x  1 qmailq qmail  27040 Apr 20  2017 qmail-queue.orig
>>  
>> 
>> -rwx--x--x  1 root   qmail  56080 Apr 20  2017 qmail-remote
>>  
>> 
>> -rwx--x--x  1 root   qmail  18704 Apr 20  2017 qmail-rspawn
>>  
>> 
>> -rwx--x--x  1 root   qmail  59936 Apr 20  2017 qmail-se

Re: [qmailtoaster] DKIM not signed?

[Jaime Lerner]

[root@mail bin]# ls -al

total 1452

drwxr-xr-x  2 root   qmail   4096 Dec 16 10:36 .

drwxr-xr-x 12 root   qmail   4096 Apr  8  2019 ..

-rwxr-xr-x  1 root   qmail  14480 Apr 20  2017 bouncesaying

-rwxr-xr-x  1 root   qmail  31184 Apr 20  2017 condredirect

-rwxr-xr-x  1 root   qmail   1087 Apr 20  2017 config-fast

-rwxr-xr-x  1 root   qmail126 Apr 20  2017 datemail

-rwxr-xr-x  1 root   qmail928 Apr 20  2017 dh_key

-rwxr-xr-x  1 root   qmail114 Apr 20  2017 elq

-rwxr-xr-x  1 root   qmail  14480 Apr 20  2017 except

-rwxr-xr-x  1 root   qmail  31152 Apr 20  2017 forward

-rwxr-xr-x  1 root   qmail  26824 Apr 20  2017 instcheck

-rwxr-xr-x  1 root   qmail  26920 Apr 20  2017 maildir2mbox

-rwxr-xr-x  1 root   qmail  14504 Apr 20  2017 maildirmake

-rwxr-xr-x  1 root   qmail  22856 Apr 20  2017 maildirwatch

-rwxr-xr-x  1 root   qmail179 Apr 20  2017 mailsubj

-rwxr-xr-x  1 root   qmail   8259 Apr 20  2017 makecert.sh

-rwxr-xr-x  1 root   qmail115 Apr 20  2017 pinq

-rwxr-xr-x  1 root   qmail  18824 Apr 20  2017 predate

-rwxr-xr-x  1 root   qmail  18760 Apr 20  2017 preline

-rwxr-xr-x  1 root   qmail115 Apr 20  2017 qail

-rwxr-xr-x  1 root   qmail  18728 Apr 20  2017 qbiff

-rwxr-xr-x  1 root   qmail  18672 Apr 20  2017 qmail-badloadertypes

-rwxr-xr-x  1 root   qmail  18672 Apr 20  2017 qmail-badmimetypes

-rwx--x--x  1 root   qmail  14680 Apr 20  2017 qmail-clean

-rws--x--x  1 qmailq qmail  52096 Apr 20  2017 qmail-dk

-rwx--x--x  1 root   qmail  10416 Apr 20  2017 qmail-getpw

-rwxr-xr-x  1 root   qmail  51728 Apr 20  2017 qmail-inject

-rwx--x--x  1 root   qmail  64120 Apr 20  2017 qmail-local

-rwx--  1 root   qmail  22848 Apr 20  2017 qmail-lspawn

-rwx--  1 root   qmail  18672 Apr 20  2017 qmail-newmrh

-rwx--  1 root   qmail  14576 Apr 20  2017 qmail-newu

-rwx--x--x  1 root   qmail  22904 Apr 20  2017 qmail-pw2u

-rwxr-xr-x  1 root   qmail  18744 Apr 20  2017 qmail-qmqpc

-rwxr-xr-x  1 root   qmail  22832 Apr 20  2017 qmail-qmqpd

-rwxr-xr-x  1 root   qmail  31032 Apr 20  2017 qmail-qmtpd

-rwxr-xr-x  1 root   qmail  22776 Apr 20  2017 qmail-qread

-rwxr-xr-x  1 root   qmail371 Apr 20  2017 qmail-qstat

lrwxrwxrwx  1 root   root  23 Apr  8  2019 qmail-queue ->
/var/qmail/bin/qmail-dk

-rws--x--x  1 qmailq qmail  27040 Apr 20  2017 qmail-queue.orig

-rwx--x--x  1 root   qmail  56080 Apr 20  2017 qmail-remote

-rwx--x--x  1 root   qmail  18704 Apr 20  2017 qmail-rspawn

-rwx--x--x  1 root   qmail  59936 Apr 20  2017 qmail-send

-rwxr-xr-x  1 root   qmail  22816 Apr 20  2017 qmail-showctl

-rwxr-xr-x  1 root   qmail 205680 Apr 20  2017 qmail-smtpd

-rwx--  1 root   qmail  10424 Apr 20  2017 qmail-start

-rwxr-xr-x  1 root   qmail  14512 Apr 20  2017 qmail-tcpok

-rwxr-xr-x  1 root   qmail  14544 Apr 20  2017 qmail-tcpto

-rwxr-xr-x  1 root   qmail  31152 Apr 20  2017 qreceipt

-rwxr-xr-x  1 root   qmail  14568 Apr 20  2017 qsmhook

-rwxr-xr-x  1 root   qmail  14576 Apr 20  2017 sendmail

-rws--x--x  1 clamav root   34774 Apr  6  2016 simscan

-rwsr-xr-x  1 root   root   24461 Apr  6  2016 simscanmk

-rwxr-xr-x  1 root   qmail  35528 Apr 20  2017 spfquery

-rwx--x--x  1 root   qmail  10504 Apr 20  2017 splogger

-rwxr-xr-x  1 root   qmail  31152 Apr 20  2017 srsfilter

-rwxr-xr-x  1 root   qmail  26864 Apr 20  2017 tcp-env

-rwxr-xr-x  1 root   root 618 Dec 24  2013 update-simscan



From:  Eric's mail 
Reply-To:  
Date:  Monday, December 16, 2019 at 11:03 AM
To:  
Subject:  Re: [qmailtoaster] DKIM not signed?

Soory list bin dir as well

Eric's email, phone




On Mon, Dec 16, 2019 at 8:46 AM -0700, "Jaime Lerner"
 wrote:

> Not sure what you mean by "dump qmail-remote"? You mean just do a hexdump?
> (hex and ascii side by side?)
> 
> 
> [root@mail control]# ls -al
> 
> total 180
> 
> drwxr-xr-x  4 root   qmail  4096 Dec 16 06:21 .
> 
> drwxr-xr-x 12 root   qmail  4096 Apr  8  2019 ..
> 
> -rw-r--r--  1 root   qmail32 Apr 20  2017 badloadertypes
> 
> -rw-r--r--  1 root   root   2048 Apr  8  2019 badloadertypes.cdb
> 
> -rw-r--r--  1 root   qmail39 Jun 20  2016 badmailfrom
> 
> -rw-r--r--  1 root   qmail   123 Jun 11  2016 badmailto
> 
> -rw-r--r--  1 root   qmail   360 Apr 20  2017 badmimetypes
> 
> -rw-r--r--  1 root   root   2048 Apr  8  2019 badmimetypes.cdb
> 
> lrwxrwxrwx  1 root   qmail14 Apr  8  2019 clientcert.pem -> servercert.pem
> 
> -rw-r--r--  1 root   qmail 4 Apr 20  2017 concurrencyincoming
> 
> -rw-r--r--  1 root   qmail 3 Apr 20  2017 concurrencyremote
> 
> -rw-r--r--  1 root   qmail 9 May 18  2016 databytes
> 
> -rw-r--r--  1 root   qmail11 Apr 20  2017 defaultdelivery
> 
> -rw-r--r--  1 root   qmail16 May 17  2016 defaultdomain
> 
> -rw-r--r--  1 root   qmail16 May 17  2016 defaulthost
> 
> -rw-r--r--  1 root   qmail   245 Dec 16 01:01 dh1024.p

Re: [qmailtoaster] DKIM not signed?

[Jaime Lerner]

Not sure what you mean by "dump qmail-remote"? You mean just do a hexdump?
(hex and ascii side by side?)


[root@mail control]# ls -al

total 180

drwxr-xr-x  4 root   qmail  4096 Dec 16 06:21 .

drwxr-xr-x 12 root   qmail  4096 Apr  8  2019 ..

-rw-r--r--  1 root   qmail32 Apr 20  2017 badloadertypes

-rw-r--r--  1 root   root   2048 Apr  8  2019 badloadertypes.cdb

-rw-r--r--  1 root   qmail39 Jun 20  2016 badmailfrom

-rw-r--r--  1 root   qmail   123 Jun 11  2016 badmailto

-rw-r--r--  1 root   qmail   360 Apr 20  2017 badmimetypes

-rw-r--r--  1 root   root   2048 Apr  8  2019 badmimetypes.cdb

lrwxrwxrwx  1 root   qmail14 Apr  8  2019 clientcert.pem ->
servercert.pem

-rw-r--r--  1 root   qmail 4 Apr 20  2017 concurrencyincoming

-rw-r--r--  1 root   qmail 3 Apr 20  2017 concurrencyremote

-rw-r--r--  1 root   qmail 9 May 18  2016 databytes

-rw-r--r--  1 root   qmail11 Apr 20  2017 defaultdelivery

-rw-r--r--  1 root   qmail16 May 17  2016 defaultdomain

-rw-r--r--  1 root   qmail16 May 17  2016 defaulthost

-rw-r--r--  1 root   qmail   245 Dec 16 01:01 dh1024.pem

-rw-r--r--  1 root   qmail   156 Dec 16 01:01 dh512.pem

drwxr-xr-x  2 qmailr qmail  4096 May 20  2016 dkim

drwxr-xr-x  4 root   qmail  4096 Apr 20  2017 domainkeys

-rw-r--r--  1 root   root 13 Jun 11  2016 doublebounceto

-rw-r--r--  1 root   root 10 Jul  3 11:40 locals

-rw---  1 root   root  0 May 17  2016 locals.lock

-rw-r--r--  1 root   qmail 4 Apr 20  2017 logcount

-rw-r--r--  1 root   qmail 8 Apr 20  2017 logsize

-rw-r--r--  1 root   qmail16 May 20  2016 me

-rw-r--r--  1 root   qmail16 May 17  2016 plusdomain

-rw-r--r--  1 root   qmail 0 Apr 20  2017 policy

-rw-r--r--  1 root   qmail 6 Apr 20  2017 queuelifetime

-rw-r--r--  1 root   root254 Jul  3 11:40 rcpthosts

-rw---  1 root   root  0 May 17  2016 rcpthosts.lock

-rw-r--r--  1 root   qmail   497 Dec 16 01:01 rsa512.pem

-rw-r--r--  1 root   qmail   493 May 17  2016 rsa512.pem.safe

-rw-r-  1 root   vchkpw 8844 Dec 12 02:08 servercert.pem

-rw-r--r--  1 clamav root 53 Aug  9  2018 simcontrol

-rw-r--r--  1 root   clamav 2123 Dec 16 06:21 simcontrol.cdb

-rw-r--r--  1 root   clamav 2167 Dec 16 06:21 simversions.cdb

-rw-r--r--  1 root   qmail49 May 19  2016 smtpgreeting

-rw-r--r--  1 root   qmail 0 Apr 20  2017 smtproutes

-rw-r--r--  1 root   qmail 2 Apr 20  2017 spfbehavior

lrwxrwxrwx  1 root   root 35 Apr  8  2019 tlsclientciphers ->
/var/qmail/control/tlsserverciphers

-rw-r--r--  1 root   qmail  1767 Apr  8  2019 tlsserverciphers

-rw-r--r--  1 root   root466 Jul  3 11:40 virtualdomains

-rw---  1 root   root  0 May 17  2016 virtualdomains.lock





From:  Eric Broch 
Reply-To:  
Date:  Monday, December 16, 2019 at 10:28 AM
To:  
Subject:  Re: [qmailtoaster] DKIM not signed?


 

Can you list the control directory and dump qmail-remote?
 


 
 
On 12/16/2019 8:25 AM, Jaime Lerner wrote:
 
 
>   
> Yes, I have the directory:
>  
> 
>  
>  
>  
> 
> [root@mail dkim]# ls -al
>  
> 
> total 20
>  
> 
> drwxr-xr-x 2 qmailr qmail 4096 May 20  2016 .
>  
> 
> drwxr-xr-x 4 root   qmail 4096 Dec 16 06:21 ..
>  
> 
> -rw-r--r-- 1 root   root   891 May 20  2016 global.key
>  
> 
> -rw-r--r-- 1 root   root   241 May 20  2016 public.txt
>  
> 
> -rw-r--r-- 1 qmailr qmail  250 May 20  2016 signconf.xml
>  
>  
> 
>  
>   
> From:  Remo Mattei 
>  Reply-To:  
>  Date:  Sunday, December 15, 2019 at 12:56 AM
>  To:  
>  Subject:  Re: [qmailtoaster] DKIM not signed?
>  
>  
> 
>  
>  
>
>  
>  
>  Well when I check google for the signature it’s not there. So my answer will
> be yes. If I use other clients the DKIM is there.
>  
> 
>  
>  
> 
>  
>  
> 
>  
>  
> 
>  
>  
>  
>  
>  
> —
>  Remo
>  
> 
>  
>  
>  
>  
>  
>  
>>  
>>  
>> On Saturday, Dec 14, 2019 at 21:47, Erics mail 
>> wrote:
>>  
>>  
>>  
>> Does it stop the qmail server from signing a message?
>>  
>>  
>>  
>>  
>> Get Outlook for Android <https://aka.ms/ghei36>
>>  
>>  
>>  
>>  
>>  
>>  
>> On Sat, Dec 14, 2019 at 10:40 PM -0700, "Remo Mattei" 
>> wrote:
>>  
>>  
>>>  
>>>
>>>  
>>> You are right Eric, I was just refering to Apple Mail client as it does not
>>> set DKIM on the msg.  Different issue.
>>>  
>>> 
>>>  
>>>  
>>>  
>>>  
>>>  
>>> —
>>>  Remo
>>>  
>>> 
>>>

Re: [qmailtoaster] DKIM not signed?

[Jaime Lerner]

Yes, I have the directory:

[root@mail dkim]# ls -al

total 20

drwxr-xr-x 2 qmailr qmail 4096 May 20  2016 .

drwxr-xr-x 4 root   qmail 4096 Dec 16 06:21 ..

-rw-r--r-- 1 root   root   891 May 20  2016 global.key

-rw-r--r-- 1 root   root   241 May 20  2016 public.txt

-rw-r--r-- 1 qmailr qmail  250 May 20  2016 signconf.xml


From:  Remo Mattei 
Reply-To:  
Date:  Sunday, December 15, 2019 at 12:56 AM
To:  
Subject:  Re: [qmailtoaster] DKIM not signed?


 
 Well when I check google for the signature it’s not there. So my answer
will be yes. If I use other clients the DKIM is there.



 

 
 
 
 
—
Remo
 

 
 
 
 
 
>  
>  
> On Saturday, Dec 14, 2019 at 21:47, Erics mail 
> wrote:
>  
> Does it stop the qmail server from signing a message?
>  
>  
>  
> Get Outlook for Android <https://aka.ms/ghei36>
>  
>  
>  
> 
> 
>  
> On Sat, Dec 14, 2019 at 10:40 PM -0700, "Remo Mattei"  wrote:
>  
>  
>>  
>>
>>  
>> You are right Eric, I was just refering to Apple Mail client as it does not
>> set DKIM on the msg.  Different issue.
>>  
>> 
>>  
>>  
>>  
>>  
>> —
>> Remo
>>  
>> 
>>  
>>  
>>  
>>  
>>  
>>>  
>>>  
>>> On Saturday, Dec 14, 2019 at 21:32, Erics mail 
>>> wrote:
>>>  
>>> Is apple mail a client? Not sure how that will stop the server from signing
>>> an email. 
>>>  
>>>  
>>>  
>>> Get Outlook for Android <https://aka.ms/ghei36>
>>>  
>>>  
>>>  
>>> 
>>> 
>>>  
>>> On Sat, Dec 14, 2019 at 6:08 PM -0700, "Remo Mattei" 
>>> wrote:
>>>  
>>>  
>>>>  
>>>>
>>>>  
>>>>  I found that if you use Apple Mail it will not sign it. Just my 2 cents on
>>>> that.
>>>> 
>>>> 
>>>>  
>>>> 
>>>>  
>>>>  
>>>>  
>>>>  
>>>> —
>>>> Remo
>>>>  
>>>> 
>>>>  
>>>>  
>>>>  
>>>>  
>>>>  
>>>>>  
>>>>>  
>>>>> On Saturday, Dec 14, 2019 at 16:43, Eric Broch 
>>>>> wrote:
>>>>>  
>>>>>  
>>>>> 
>>>>> Do you have a directory /var/qmail/control/dkim?
>>>>>  
>>>>> 
>>>>> What's in that directory if it exists?
>>>>>  
>>>>>  
>>>>> On 12/13/2019 10:20 AM, Jaime Lerner wrote:
>>>>>  
>>>>>  
>>>>>>   
>>>>>> I was doing some testing and every test is showing my DKIM is not signed.
>>>>>> It used to be signed when I set it up in 2016, but I'm thinking something
>>>>>> has changed since then? I followed this
>>>>>> http://wiki.qmailtoaster.com/index.php/How_to_Setup_DKIM_with_Qmail_Toast
>>>>>> er at the time, but I can see that the VERSION of DKIM is now required
>>>>>> and may not have been required at the time. I updated my DNS to include
>>>>>> the "v=DKIM1" tag, but I don't know how to add the "v=1" tag to the
>>>>>> signature that is generated out of Qmail. Where can I change the tags
>>>>>> that are generated?
>>>>>>  
>>>>>> 
>>>>>>  
>>>>>>  
>>>>>> It's also signing as "DomainKey-Signature" and not "DKIM-Signature" which
>>>>>> I believe is the new header to use? (Generated header below)
>>>>>>  
>>>>>> 
>>>>>>  
>>>>>>  
>>>>>>  
>>>>>> DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private;
>>>>>> d=geekgoddess.com;
>>>>>> b=MoE5S1hg4Oii5QddaknpLRwvr6BLFjRxGb6yqFQyTbqOegkhbUiIbKKQNF1/CXabl5rSwJ6
>>>>>> 0MTkOwKKQGJBzKL9XFlgbKw1pyPfep5D/vTrcMvxXdFjNWOYq3rZgbbnUjQh4yJc9H5XZHAnv
>>>>>> ZJOnNfkjQoAk7lZ+mTiZ1zomiKM=;
>>>>>>  
>>>>>>  
>>>>>> 
>>>>>>  
>>>>>>  
>>>>>  
>>>>>  
>>>>>  
>>>>   
>>>>  
>>>  
>>>  
>>>  
>>>  
>>   
>>  
>  
>  
>  
>  
 

[qmailtoaster] DKIM not signed?

[Jaime Lerner]

I was doing some testing and every test is showing my DKIM is not signed. It
used to be signed when I set it up in 2016, but I'm thinking something has
changed since then? I followed this
http://wiki.qmailtoaster.com/index.php/How_to_Setup_DKIM_with_Qmail_Toaster
at the time, but I can see that the VERSION of DKIM is now required and may
not have been required at the time. I updated my DNS to include the
"v=DKIM1" tag, but I don't know how to add the "v=1" tag to the signature
that is generated out of Qmail. Where can I change the tags that are
generated?

It's also signing as "DomainKey-Signature" and not "DKIM-Signature" which I
believe is the new header to use? (Generated header below)

DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=private; d=geekgoddess.com;
  
b=MoE5S1hg4Oii5QddaknpLRwvr6BLFjRxGb6yqFQyTbqOegkhbUiIbKKQNF1/CXabl5rSwJ60MT
kOwKKQGJBzKL9XFlgbKw1pyPfep5D/vTrcMvxXdFjNWOYq3rZgbbnUjQh4yJc9H5XZHAnvZJOnNf
kjQoAk7lZ+mTiZ1zomiKM=;

Re: [qmailtoaster] update regarding admin-toaster

[Jaime Lerner]

ereg_replace has been deprecated. You must have a newer version of PHP
installed.

I'm sure Eric has a more recent version of that particular file you can
replace yours with, but it's an easy fix to use preg_replace instead of
ereg_replace.

From:  Tahnan Al Anas 
Reply-To:  
Date:  Wednesday, July 3, 2019 at 1:12 PM
To:  
Subject:  [qmailtoaster] update regarding admin-toaster

Hi Eric,

httpd error log showing following

[Wed Jul 03 23:10:47.285678 2019] [php7:error] [pid 10446] [client
103.220.205.67:14181  ] PHP Fatal error:
Uncaught Error: Call to undefined function ereg_replace() in
/usr/share/toaster/include/admin.inc.php:15\nStack trace:\n#0
/usr/share/toaster/include/admin.inc.php(39):
read_file('/usr/share/toas...')\n#1
/usr/share/toaster/include/admin.inc.php(59): verify_old_password(NULL)\n#2
/usr/share/toaster/include/admin.inc.php(94): change_admin_password(NULL,
NULL, NULL)\n#3 /usr/share/toaster/htdocs/admin/index.php(79):
print_change_passwd(NULL, NULL, NULL)\n#4 {main}\n  thrown in
/usr/share/toaster/include/admin.inc.php on line 15


--
--

Best Regards
Muhammad Tahnan Al Anas

Re: [qmailtoaster] Php 7.x issues with qmailtoaster..

[Jaime Lerner]

I could look at the script at admin.inc.php.  You just need to use
preg_replace as the function instead of ereg_replace. Would be a quick fix
there to manually change it until Eric updates everything. The notice in the
index.php shouldn't cause an immediate issue, but the fatal error breaks the
admin.inc.php script.

From:  Remo Mattei 
Reply-To:  
Date:  Sunday, September 16, 2018 at 6:11 PM
To:  
Subject:  [qmailtoaster] Php 7.x issues with qmailtoaster..

Hello guys, I do not use the UI much but I just noticed that one of my qmail
is running php 7.x and here is the logs

[Sun Sep 16 16:08:45.521413 2018] [:error] [pid 30232] [client
172.10.163.251:49668] PHP Notice:  Undefined index: oldpasswd in
/usr/share/toaster/htdocs/admin/index.php on line 79, referer:
https://qmail.rm.ht/mail/vqadmin/toaster.vqadmin
[Sun Sep 16 16:08:45.521479 2018] [:error] [pid 30232] [client
172.10.163.251:49668] PHP Notice:  Undefined index: newpasswd in
/usr/share/toaster/htdocs/admin/index.php on line 79, referer:
https://qmail.rm.ht/mail/vqadmin/toaster.vqadmin
[Sun Sep 16 16:08:45.521501 2018] [:error] [pid 30232] [client
172.10.163.251:49668] PHP Notice:  Undefined index: newpasswd2 in
/usr/share/toaster/htdocs/admin/index.php on line 79, referer:
https://qmail.rm.ht/mail/vqadmin/toaster.vqadmin
[Sun Sep 16 16:08:45.521712 2018] [:error] [pid 30232] [client
172.10.163.251:49668] PHP Fatal error:  Uncaught Error: Call to undefined
function ereg_replace() in
/usr/share/toaster/include/admin.inc.php:15\nStack trace:\n#0
/usr/share/toaster/include/admin.inc.php(39):
read_file('/usr/share/toas...')\n#1
/usr/share/toaster/include/admin.inc.php(59): verify_old_password(NULL)\n#2
/usr/share/toaster/include/admin.inc.php(93): change_admin_password(NULL,
NULL, NULL)\n#3 /usr/share/toaster/htdocs/admin/index.php(79):
print_change_passwd(NULL, NULL, NULL)\n#4 {main}\n  thrown in
/usr/share/toaster/include/admin.inc.php on line 15, referer:
https://qmail.rm.ht/mail/vqadmin/toaster.vqadmin


Anyhow, if anyone has any suggestions maybe I can try that out.. Not sure if
Eric has a plan to update this to php 7.x

Ciao

[qmailtoaster] How to turn of DKIM check?

[Jaime Lerner]

So I received a bounce notice from the list (ezmlm) with the following
error, and since domain keys aren't really being used anymore, I'd like to
turn off the DK check of incoming mail so my server won't bounce them if
nothing is there.

Remote host said: 554 DomainKeys verify status: no key   (#5.3.0)

I just saw a thread between Andrew and Eric talking about removing domain
keys entirely (so I would also no longer sign with them). Is that what I
should do? Or is there a way to just stop the incoming check?

Re: [qmailtoaster] Constant error with Outlook for Mac 2011

[Jaime Lerner]

It's simply when I have Outlook open on the account and it is doing its
periodic checking. Yes, IMAP. I haven't upgraded Qmail or Dovecot since
installing it several years ago. I'm on CentOS 7.2.

From:  Eric Broch 
Reply-To:  
Date:  Saturday, June 9, 2018 at 7:31 PM
To:  
Subject:  Re: [qmailtoaster] Constant error with Outlook for Mac 2011

Is this when you're sending email, a Submission issue, or simply when
you have Outlook open on the account, an IMAP issue?

In either case does it correspond to an upgrade of either Qmail or Dovecot?


On 6/9/2018 4:42 PM, Jaime Lerner wrote:
>  This started a few months ago (maybe longer) and I just want to make
>  sure there's nothing I can change with my Qmail settings to fix it.
>  It's incredibly annoying. I constantly get a popup saying I need to
>  re-authenticate, but it doesn't matter if I re-authenticate or dismiss
>  it with "no", I just keep getting it popping up.
> 
>  "The server for account "MyAccount" returned an error
>  [AUTHENTICATIONFAILURE] "Authentication Failed".  Your
>  username/password or security settings may be incorrect.  Would you
>  like to try re-entering your password?"
> 
>  I'm guessing this is probably an Apple issue related to some update
>  they did, but I still wanted to see if there was something I could do
>  on my Qmail install. I've already completely removed the login from my
>  keychain and reset it. That didn't work.

-- 
Eric Broch
White Horse Technical Consulting (WHTC)


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] Constant error with Outlook for Mac 2011

[Jaime Lerner]

This started a few months ago (maybe longer) and I just want to make sure
there's nothing I can change with my Qmail settings to fix it. It's
incredibly annoying. I constantly get a popup saying I need to
re-authenticate, but it doesn't matter if I re-authenticate or dismiss it
with "no", I just keep getting it popping up.

"The server for account "MyAccount" returned an error
[AUTHENTICATIONFAILURE] "Authentication Failed".  Your username/password or
security settings may be incorrect.  Would you like to try re-entering your
password?" 

I'm guessing this is probably an Apple issue related to some update they
did, but I still wanted to see if there was something I could do on my Qmail
install. I've already completely removed the login from my keychain and
reset it. That didn't work.

Re: [qmailtoaster] relay pool connection exhausted

[Jaime Lerner]

Yes, I got that also sending to a friend who is on AOL.

Definitely AOL problem... Their twitter account was talking about their
users being unable to log into their email on the 6th, so I imagine this is
related. There's also widespread reports that people can't access their
email today.

From:  South Computers 
Reply-To:  
Date:  Thursday, March 8, 2018 at 1:39 PM
To:  
Subject:  [qmailtoaster] relay pool connection exhausted

Just had customers complaining about sending mail to AOL users, most are
getting rejected with:

(IP address of 
server)_failed_after_I_sent_the_message./Remote_host_said:_Relay_connection_
pool_exhausted/

Anyone else seeing this or seen it before? Sure looks like an AOL problem,
but not sure yet.


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] dmarc implementation

[Jaime Lerner]

Eric can chime in also, but I used this site to generate my key pairs. And
YES you should go to 1024 or Google will not accept it.

https://www.port25.com/dkim-wizard/

From:  Rajesh M <24x7ser...@24x7server.net>
Reply-To:  
Date:  Wednesday, January 10, 2018 at 8:51 AM
To:  
Subject:  Re: [qmailtoaster] dmarc implementation

eric

concerning dkim signing

i was testing the records for a sample domain i got messages that the "key
is insecure since it is less than 384 characters"

is it advisable to increase this to 1024 bits ?

if yes then how do i do that ?

thanks,
rajesh


- Original Message -
From: Eric Broch [mailto:ebr...@whitehorsetc.com]
To: qmailtoaster-list@qmailtoaster.com
Sent: Tue, 9 Jan 2018 17:05:02 -0700
Subject:

I'm sure it will, but I don't know how much.


On 1/9/2018 9:55 AM, Rajesh M wrote:
>  eric
> 
>  it worked correctly but the dns record generated in the MYDOMAIN.com.txt file
> was not correct ... not sure what i was doing wrong.
> 
>  i used this
> 
>  perl -pi -e 's/.key._domainkey//' /var/qmail/control/dkim/otherdomain.com.txt
> 
>  googled a bit and entered in the following in my zone file
> 
>  selector = otherdomain.com
> 
>  _domainkey.otherdomain.com. IN TXT "o=!;r=x...@y.com"
> 
>  otherdomain.com._domainkey.otherdomain.com. IN TXT "v=DKIM1;k=rsa;p="
> 
> 
>  Also  will changing the qmail-remote file increase the load on the server,
> especially since qmail-remote is no longer a binary ?  My servers are quite
> busy.
> 
> 
> 
> 
>  rajesh
> 
>  - Original Message -
>  From: Eric Broch [mailto:ebr...@whitehorsetc.com]
>  To: qmailtoaster-list@qmailtoaster.com
>  Sent: Tue, 2 Jan 2018 15:09:34 -0700
>  Subject:
> 
>  Rajesh,
> 
>  1) Yes
> 
>  2) tcp.smtp
> 
>  127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1"
>  
> :allow,SPFBEHAVIOR="1",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="200
> ",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue.orig",NOP
> 0FCHECK="1",SENDER_NOCHECK="1"
> 
>  Eric
> 
> 
>  On 1/2/2018 11:20 AM, Rajesh M wrote:
>>  Eric
>> 
>>  2 questions please
>> 
>>  Question 1)
>> 
>>  the default qmail install points the symlink for qmailqueue to qmail-dk
>> 
>>  which i have changed to
>> 
>>  qmail-queue -> qmail-queue.orig
>> 
>>  Do keep the same setting which is
>> 
>>  qmail-queue -> qmail-queue.orig
>> 
>> 
>>  Question 2)
>> 
>>  Could you please send me the corresponding settings required in the tcp.smtp
>> file ?
>> 
>>  thanks,
>>  rajesh
>> 
>> 
>> 
>>  - Original Message -
>>  From: Eric Broch [mailto:ebr...@whitehorsetc.com]
>>  To: qmailtoaster-list@qmailtoaster.com
>>  Sent: Tue, 2 Jan 2018 08:51:07 -0700
>>  Subject:
>> 
>>  Hi Rajesh,
>> 
>>  Thank you! I appreciate your sentiments and hope your New Year brings
>>  blessings of health and happiness as well.
>> 
>>  This is a better link:
>> 
>>  http://qmailtoaster.org/dkim.html
>> 
>>  which will show you how to implement per domain.
>> 
>>  Remember this is only signing messages going out. As of yet there is no
>>  dkim checking coming in, I'm looking into that.
>> 
>>  Eric
>> 
>> 
>>  On 1/2/2018 7:50 AM, Rajesh M wrote:
>>>  eric,
>>> 
>>>  Wish you a wonderful New Year, full of health and happiness.
>>> 
>>>  I wish to implement  dmarc on my qmailtoaster servers
>>> 
>>>  i am using centos6 64 bit with the latest versions of qmailtoaster
>>> 
>>>  SPF is already being used on my server
>>> 
>>>  Concerning dkim, currently my  qmail-queue is symlinked to qmail-queue.orig
>>> and not pointing to qmail-dk
>>> 
>>>  qmail-queue -> qmail-queue.orig
>>> 
>>>  could you please guide me on the implementation of DMARC
>>> 
>>>  i am planning to implement this for all the domains in my server.
>>> 
>>>  I saw this link while searching for a solution.
>>> 
>>>  https://github.com/qmtoaster/dkim
>>> 
>>>  Should i follow these steps as per the above link or would you like
>>> recommend some other document.
>>> 
>>>  thanks as always,
>>>  rajesh
>>> 
>>> 
>>> 
>>> 
>>> 
>>>  -
>>>  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>>>  For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>> 
>>  -
>>  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>>  For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
> 
> 
>  -
>  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>  For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

--
Eric Broch
White Horse Technical Consulting (WHTC)


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, 

Re: [qmailtoaster] add user default quota setting

[Jaime Lerner]

Eric can confirm or let me know if this is wrong, but whenever I add a
domain, I am able to adjust the quotas by using the following (replace
"example.com" with your domain name):

/home/vpopmail/bin/vmoddomlimits -P 100 -A 100 -F 100 -R 100 -L 0 -q
1500 example.com

P: Number of pop accounts
A: Max amount of aliases
F: Max amount of forwards
R: Max amount of autoresponders
L: Max amount of mailing lists
q: User quota in bytes

From:  Giuseppe Perna 
Reply-To:  
Date:  Saturday, September 30, 2017 at 11:51 AM
To:  
Subject:  Re: [qmailtoaster] add user default quota setting

Hi Eric, thank you for your answer.
My domain exists, but when I add a user with vadduser, the created user has
only 40 Mb of quota.
How do I change the default quota for the existing domain?

Hello
thank you

2017-09-29 16:11 GMT+02:00 Eric Broch :
> 
>  
> 
> http://wiki.qmailtoaster.com/index.php/Domains
>  
> 
>  
>  
> On 9/29/2017 1:36 AM, Giuseppe Perna wrote:
>  
>  
>>  
>>  
>> 
>>  
>>  
>>  
>> Hello to all,
>>  
>> I have this version of qmailtiaster working.
>>  
>> I would like to change the default quota that is assigned to a newly created
>> user.
>>  
>> where to set this parameter globally and per domain?
>>  
>> 
>>  
>>  
>> thank you
>>  
>>  
>> 
>>  
>>  
>> 
>>  
>>  
>> qmailtoaster-plus.repo-0.2-2
>>  
>> qmailmrtg-toaster-4.2-1.3.3
>>  
>> qmail-toaster-1.03-1.3.15
>>  
>> qmailadmin-toaster-1.2.11-1.3.4
>>  
>> qmail-pop3d-toaster-1.03-1.3.15
>>  
>> qmailtoaster-plus-0.3.2-1.4.21
>>  
>>  
>>  
>>  
>>  
>>  
>>  
>> 
>>  
>>  
>>  
>>  -- 
>>  
>>  
>>  
>>  
>>  
>>  
>> 
>>  
>>  
>>  
>>  
>>  
>>  
>>  
>>  
>>  
>>  
>>  
>>  
>  
>  
> -- 
> Eric Broch
> White Horse Technical Consulting (WHTC)
>  

Re: [qmailtoaster] spamming on server

[Jaime Lerner]

My guess is the spammer is using php's mail() function and you have your
server set up so the mail function goes into qmail rather than something
else. As long as you have your localhost allowed (as you do), any script
using the local mail() function will have full access.

From:  Rajesh M <24x7ser...@24x7server.net>
Reply-To:  
Date:  Wednesday, August 16, 2017 at 9:22 AM
To:  
Subject:  [qmailtoaster] spamming on server

hi

i have a few websites along with qmailtoaster

i noted that one of the websites with wordpress was hacked and using a php
script the spammer was injecting emails into the qmail queue ie there is
nothing in the smtp logs, but the send logs contained 1000s of remote
delivery entries.

i use squirrelmail but with smtp authentication only, ie email sent to
external domains from my server has to smtp authenticate first.

my tcp.smtp is as follows

127.0.0.1:allow
:allow,BADMIMETYPE="",QMAILQUEUE="/var/qmail/bin/simscan",BADLOADERTYPE="M",
CHKUSER_START="ALWAYS",
CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",
DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/q
mail/control/domainkeys/%/private"

how could the spammer directly inject email to the qmail queue ?

what am i missing here ?

thanks
rajesh


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] DomainKeys error rejecting mail

[Jaime Lerner]

Not positive it would work, but if they have a static IP you could add it to
your tcprules above where you have the DK check. From the RDNS it looks like
they do NOT have a static IP though.

From:  Remo Mattei 
Reply-To:  
Date:  Wednesday, July 26, 2017 at 7:15 PM
To:  
Subject:  Re: [qmailtoaster] DomainKeys error rejecting mail

Hello Rox, 
I have just rebuild the box on my end and if you follow the steps as
referred by Eric it will work well.

I will to find them but I know it should work with Spamdyke.

Remo 


>
>  Roxanne Sandesara 
>
>  July 26, 2017 at 4:03 PM
> 
> I have a user trying to send emails to my server from their ISP to go through
> a mailing list my server is hosting. I have previously added the user’s email
> address to spamdyke’s whitelist. However, that no longer seems sufficient to
> deal with this problem.
> 
> From /var/log/qmail/smtp/current:
> 
> 2017-07-26 18:02:53.023764500 policy_check: policy allows transmission
> 2017-07-26 18:02:53.377824500 simscan:[10795]:CLEAN
> (1.20/12.00):0.3534s::209.86.89.65:@earthlink.net:gvmi
> s...@golem-computing.com
> 2017-07-26 18:02:53.379325500 qmail-smtpd: qq hard reject (DomainKeys verify
> status: bad format   (#5.3.0)): MAILFROM:
>   RCPTTO:gvmi...@golem-computing.com
> 
> 
> Pursuant to emails recently to the list, here’s what I can find in
> /var/log/maillog:
> 
> Jul 26 18:02:53 mail clamd[3341]:
> /var/qmail/simscan/1501106573.24430.10797/msg.1501106573.24430.10797: OK
> Jul 26 18:02:53 mail clamd[3341]:
> /var/qmail/simscan/1501106573.24430.10797/addr.1501106573.24430.10797: OK
> Jul 26 18:02:53 mail clamd[3341]:
> /var/qmail/simscan/1501106573.24430.10797/text file0: OK
> Jul 26 18:02:53 mail clamd[3341]:
> /var/qmail/simscan/1501106573.24430.10797/text file1: OK
> Jul 26 18:02:53 mail clamd[3341]:
> /var/qmail/simscan/1501106573.24430.10797/text file2: OK
> Jul 26 18:02:53 mail spamd[14603]: spamd: connection from localhost
> [::1]:35784 to port 783, fd 5
> Jul 26 18:02:53 mail spamd[14603]: spamd: processing message
> <000b01d3065a$e66cf540$b346dfc0$@earthlink.net>
>   for clamav:89
> Jul 26 18:02:53 mail spamd[14603]: spamd: clean message (1.2/5.0) for
> clamav:89 in 0.2 seconds, 10946 bytes.
> Jul 26 18:02:53 mail spamd[14603]: spamd: result: . 1 -
> AWL,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,RDNS_NONE
> scantime=0.2,size=10946,user=clamav,uid=
> 89,required_score=5.0,rhost=localhost,raddr=::1,rport=35784,mid=<000b01d3065a$
> e66cf540$b346dfc0$@earthlink.net>
>  ,autolearn=no
> autolearn_force=no
> Jul 26 18:02:53 mail spamdyke[10791]: DENIED_OTHER from:
> @earthlink.net to: gvmi...@golem-computing.com origin_ip:
> 209.86.89.65 origin_rdns: elasmtp-kukur.atl.sa.earthlink.net auth: (unknown)
> encryption: TLS reason: 554_DomainKeys_verify_status:_bad_format___(#5.3.0)
> Jul 26 18:02:53 mail spamd[14603]: spamd: processing message
> <000b01d3065a$e66cf540$b346dfc0$@earthlink.net>
>   for clamav:89
> Jul 26 18:02:53 mail spamd[14603]: spamd: clean message (1.2/5.0) for
> clamav:89in 0.2 seconds, 10946 bytes.
> Jul 26 18:02:53 mail spamd[14603]: spamd: result: . 1 -
> AWL,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,RDNS_NONE
> scantime=0.2,size=10946,user=clamav,uid=89,required_score=5.0,rhost=localhost,
> raddr=::1,rport=35784,mid=<000b01d3065a$e66cf540$b346dfc0$@earthlink.net>
>  ,autolearn=no
> autolearn_force=no
> Jul 26 18:02:53 mail spamdyke[10791]: DENIED_OTHER from:
> @earthlink.net to: gvmi...@golem-computing.com origin_ip:
> 209.86.89.65 origin_rdns: elasmtp-kukur.atl.sa.earthlink.net auth: (unknown)
> encryption: TLS reason: 554_DomainKeys_verify_status:_bad_format___(#5.3.0)
> Jul 26 18:02:53 mail spamd[14575]: prefork: child states: II
> 
> 
> Obviously, I would prefer to keep Spamdyke in place if possible to cut down on
> the veritable torrent of spam going on out there. What can I do to bypass this
> so that my user can properly send out their messages? As it is, the server
> rejects their original send, so the mailing list never sends back the
> confirmation, and the message thusly never goes out.
> 
> 
> 
> 
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
> 

Re: [qmailtoaster] STARTTLS on CENT-6.9

[Jaime Lerner]

Just throwing a +1 for Eric asking about the servercert.pem file. You have
to copy the Let's Encrypt cert over to there (and also have it copy it over
each time the cert is renewed, approximately every 90 days). I have some
shell scripts I'm running weekly to handle making sure the Let'sEncrypt cert
is renewed and the servercert.pem file is updated

From:  Eric Broch 
Reply-To:  
Date:  Thursday, June 22, 2017 at 10:17 AM
To:  
Subject:  Re: [qmailtoaster] STARTTLS on CENT-6.9


 

Hi Andreas,
 

I'm not sure if you're a coder, but here's the section of code in
qmail-smtpd.c that sends STARTTLS upon meeting certain criteria.
 
 


 

#ifdef TLS
   if (!ssl && (stat("control/servercert.pem",) == 0))
 out("\r\n250-STARTTLS");
 #endif
 
 


 

Looks like you need 1) TLS defined, 2) ssl variable not 0, and 3) a
certificate.
 

TLS should be compiled into qmail
 
 

The first thing I'd check is the presence of a certificate
/var/qmail/control/servercert.pem. If it exists we can start checking the
ssl variable.
 

Eric
 
 


 
 
 
On 6/22/2017 5:13 AM, Andreas Galatis wrote:
 
 
> 
>  
> 
> Hello List,
>  
>  
>  
> since some time my qmailserver does not offer STARTTLS on ports 25 and 587
>  
>  
>  
> Dovecot offers STARTTLS, everything is fine.
>  
> Qmail does not.
>  
>  
>  
> I have another qmailserver with on CENT working fine and offering STARTTLS,
> tlsserverciphers are the same, same openssl- 1.0.1e-57
>  
> Both servers have certificates from LetsEncrypt, issued this month.
>  
>  
>  
> I cannot find the difference
>  
> Here the answer when connecting:
>  
> telnet localhost 25
>  
> Trying 127.0.0.1...
>  
> Connected to localhost.
>  
> Escape character is '^]'.
>  
> 220 unet.de - Welcome to Qmail Toaster Ver. 1.3 SMTP Server ESMTP
>  
> ehlo mail.unet.de
>  
> 250-unet.de - Welcome to Qmail Toaster Ver. 1.3 SMTP Server
>  
> 250-STARTTLS
>  
> 250-PIPELINING
>  
> 250-8BITMIME
>  
> 250-SIZE 2000
>  
> 250 AUTH LOGIN PLAIN CRAM-MD5
>  
>  
>  
> telnet localhost 25
>  
> Trying 127.0.0.1...
>  
> Connected to mail.unet.de.
>  
> Escape character is '^]'.
>  
> 220 unet.de - Welcome to Qmail Toaster Ver. 1.3 SMTP Server ESMTP
>  
> ehlo mail.unet.de
>  
> 250-unet.de - Welcome to Qmail Toaster Ver. 1.3 SMTP Server
>  
> 250-PIPELINING
>  
> 250-8BITMIME
>  
> 250-SIZE 2000
>  
> 250 AUTH LOGIN PLAIN CRAM-MD5
>  
>  
>  
> Any help is very  appreceated
>  
>  
>  
> Andreas
>  
>  
>  
>  
>  
>  
>  
>  
>  
>  
>  
>  
 
 
-- 
Eric Broch
White Horse Technical Consulting (WHTC)
 

Re: [qmailtoaster] rdns

[Jaime Lerner]

Have you added the IP to the spamdyke allowed IP list?

/etc/spamdyke/whitelist_ip

From:  Todor Petrov 
Reply-To:  
Date:  Thursday, May 25, 2017 at 9:44 AM
To:  
Subject:  [qmailtoaster] rdns


 

Hi Eric / all,
 

I have the following problem: I need to open the mailserver for a reporting
system from SAP. That system cant use authentication or ssl connection -
just a plain communication over 25 - but from inside (protected) network. Of
course the traffic is blocked by the spamdyke. I tried to exclude the ip
from being checked in the file tcp.smtp, but the error remains.
 
 Can anybody please help me to solve this problem?
 


 
 

The error message:
 

May 25 16:03:17 mail spamdyke[25033]: DENIED_RDNS_MISSING from: x...@xxx.xxx
to: yy...@.yyy origin_ip: 10.10.10.10 origin_rdns: (unknown) auth:
(unknown) encryption: (none) reason: (empty)
 
 

My tcp.smtp settings for that ip are:
 
 

10.10.10.10:allow,RELAYCLIENT="",RBLSMTPD="",SENDER_NOCHECK="1"
 
 

Best regards,
 Todor 

[qmailtoaster] Let's Encrypt SSL Cert Install Instructions added to docs?

[Jaime Lerner]

Hey Eric,

Was just looking at the docs at qmailtoaster.org and thought it might be
nice to add in the instructions to use a free Let's Encrypt SSL cert with
qmail.

Mine has been running smoothly (including all the auto-renewals). There's
instructions somewhere in the threads from me from the time I first got it
going. The only thing I would add to those instructions would be the crons I
set up to auto-renew and auto-generate the file for qmail.

Just a thought since you have some other releases. By the way, just to
confirm...should we want to update to the latest QMT you just posted, we
would just run the two commands you have listed, correct?

Update CentOS 7/QMT
  1) # yum update
  2) # yum --enablerepo=qmt-testing update

Re: [qmailtoaster] Qmail reject email from several domain Reason TIMEOUT

[Jaime Lerner]

Check the /var/log/qmail/send/current file. You're looking in
/var/log/qmail/smtp/current.

The "send/current" log file will tell you what happened with the email once
it was accepted.

cat /var/log/qmail/send/current | tai64nlocal



Or tail it when you're testing



tail -f /var/log/qmail/send/current | tai64nlocal


From:  
Reply-To:  
Date:  Friday, December 9, 2016 at 10:39 AM
To:  
Subject:  RE: [qmailtoaster] Qmail reject email from several domain Reason
TIMEOUT

Hi, Im back and i’m totaly confused L
I install fresh centos 7 and new qmailtoaster.
And still can’t recive mail from one corporate domain “dupont.com”
I have no idea how to investigate this problem and found solution.
I have no error in log file:
 
@4000584ac9df3318c9a4 tcpserver: status: 1/100
@4000584ac9e4348c0c9c CHKUSER accepted sender: from
 remote
 rcpt <>
: sender accepted
@4000584ac9e61dd9133c tcpserver: status: 2/100
@4000584ac9e61dda6ee4 tcpserver: pid 2635 from 161.18.233.186
@4000584ac9e61ddceb9c tcpserver: ok 2635
mail..pl:192.168.0.95:25 :161.18.233.186::63724
@4000584ac9e902a97714 tcpserver: end 2635 status 0
[root@mail 1]#
 
Any help will be appreciated
 
Marek
 

From: ma...@demod.pl [mailto:ma...@demod.pl]
Sent: Wednesday, November 09, 2016 1:03 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Qmail reject email from several domain Reason
TIMEOUT
 
I have absolutly nothing in logs even use recordio
This is a submission log when I try send test message from outlook.
When I try send any message to other server the mail hang on sending folder
and after several time show error: None of the authentication methods
supported by this client are supported by your server.  And nothing appear
in log file  (/var/log/qmail/smtp/current)
 
 

From: ma...@demod.pl [mailto:ma...@demod.pl]
Sent: Wednesday, November 09, 2016 12:25 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Qmail reject email from several domain Reason
TIMEOUT
 
I use Dovecot. in outlook smtp outgoing server use the same authentications
setting is checked but i every variation of settings
When I try send by squiremail I have error 502 unimplemented (#5.5.1)
When I copy back old qmail-smtpd ever work fine but email from dupont.com is
rejectet L
 
 

From: Eric Broch [mailto:ebr...@whitehorsetc.com]
Sent: Wednesday, November 09, 2016 12:15 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Qmail reject email from several domain Reason
TIMEOUT
 
Marek,

What are the SMTP settings you are using in Outlook?

Are you using Courier or Dovecot?

Can you send from Squirrelmail?

What logs are you checking, and have you looked in /var/log/maillog, and if
using, Dovecot /var/log/dovecot.log?

If after checking all of these logs and nothing is found add
/usr/bin/recordio to /var/qmail/supervise/submission/run if you are using
port 587 in Outlook.

Eric

On 11/8/2016 3:54 PM, ma...@demod.pl wrote:
> I don’t have any error in logs. The error appear in outlook or other email
> client when I try send test mail. I think is the authentication reason. But I
> don’t see any advice in logs L
>  
> 
> From: Eric Broch [mailto:ebr...@whitehorsetc.com]
> Sent: Tuesday, November 08, 2016 11:18 PM
> To: qmailtoaster-list@qmailtoaster.com
> Subject: [qmailtoaster] Re: ***SPAM***[ds] RE: [qmailtoaster] Qmail reject
> email from several domain Reason TIMEOUT
>  
> In what log are you getting the error?
> 
>  
> 
> On 11/8/2016 12:38 PM, ma...@demod.pl wrote:
>> The  TLS test on https://www.checktls.com/ 
>> works for me ok without error. Even on old qmail-smtpd with spamdyke. But I
>> can recive emai from dupont.com only on patched qmail-smtpd. But on patched
>> qmail-smtpd I can’t send any mail. In outlook I have error . no
>> authentication method is supported by the server. In log file I don’t have
>> any info even I run excessive log. What I do wrong L
>>  
>> 
>> From: ma...@demod.pl [mailto:ma...@demod.pl]
>> Sent: Tuesday, November 08, 2016 4:34 PM
>> To: qmailtoaster-list@qmailtoaster.com
>> Subject: RE: [qmailtoaster] Qmail reject email from several domain Reason
>> TIMEOUT
>>  
>> Forgive me if i lamer . i'am afraid i don’t have knowledge enough
>> I download netqmail 1.06 from qmail.org site. Just apply
>> netqmail-1.05-tls-20060104.patch by patch < netqmail-1.05-tls-20060104.patch
>> and compile by make. Next copy new compiled qmail-smtpd to may  ./qmail/bin
>> directory and restart qmailctl
>>  
>>  
>> 
>> From: Eric Broch [mailto:ebr...@whitehorsetc.com]
>> Sent: Tuesday, November 08, 2016 3:59 PM
>> To: qmailtoaster-list@qmailtoaster.com
>> 
>> Subject: Re: [qmailtoaster] Qmail reject email from several domain Reason
>> TIMEOUT
>>  
>> Marek,
>> 
>> I apologize for my ignorance of this (TLS) feature 

Re: [qmailtoaster] Whoops! Not receiving mail.

[Jaime Lerner]

Gotcha.

Yes, I have those headers. That also explains why the daemon wasn't running.
I didn't need it to! :)

Will have to look up how to train because there is some spam that has gotten
through consistently that I ended up filtering in Outlook to get rid of it.

Thanks!

From:  Eric Broch <ebr...@whitehorsetc.com>
Reply-To:  <qmailtoaster-list@qmailtoaster.com>
Date:  Wednesday, November 30, 2016 at 1:25 PM
To:  <qmailtoaster-list@qmailtoaster.com>
Subject:  Re: [qmailtoaster] Whoops! Not receiving mail.


 

The version of dspam I use from EPEL for QMT does not have debugging enabled
(--enable-debug | --enable-verbose-debug?) so there is not advanced, or
much, logging at all.
 
 

The only reason I restart dspam is so that the new configuration settings
are loaded (not sure why the restart, maybe my ineptness), but the daemon
does not need to be run (systemctl enable dspam, systemctl start dspam)
since were using dspam and not dspamc. I just leave it running until I need
to reload the configuration again (see above...my ineptness). I used to use
/usr/bin/dspamc (https://qmail.jms1.net/dspam/) but had a few emails
truncated so went to using /usr/bin/dspam...never a problem. I don't think
dspamc was being called correctly in qmail, thus, the reason for truncation.
I use maildrop and put a call to dspam in my .mailfilter file (instead of
stock .qmail-default) like so:
 

exception {
  xfilter "/usr/bin/dspam --user $EXT@$HOST --stdout
--deliver=innocent,spam"
 }
 

I check for errors with:
 
 

if ( $RETURNCODE != 0 ) {
 
 

log "$RETURNCODE dspam failed"
 
 

}
 

With debugging enabled you could run dspam with the --debug flag ( xfilter
"/usr/bin/dspam --debug --user $EXT@$HOST --stdout --deliver=innocent,spam")
and in the configuration file you'd have to have these settings in
/etc/dspam.conf 
 
 

1) Debug * 
 
 

2) DebugOpt process spam fp corpus 'more options'
 


 
 

Anyway, if you have a .qmail-default with the following:
 
| /usr/bin/dspam --user "$EXT@$HOST" --deliver=stdout |
/home/vpopmail/bin/vdelivermail '' bounce-no-mailbox
 

and email is coming into your inbox then check the me look at the header and
it should have tags like the following:
 
X-DSPAM-Result: Innocent
X-DSPAM-Processed: Wed Nov 30 10:48:29 2016
X-DSPAM-Confidence: 0.7200
X-DSPAM-Improbability: 1 in 258 chance of being spam
X-DSPAM-Probability: 0.
X-DSPAM-Signature: 15,583f10ed63551008813899

and dspam is working and ready to train.


-Eric
 


 
 


 
 


 
 
 
On 11/30/2016 10:10 AM, Jaime Lerner wrote:
 
 
>  
> David: Might be a good time to create a snapshot that you can fall back to
> should something get messed up as you tweak things. :)
>  
> 
>  
>  
> Also, Eric -- interestingly enough I already had everything set up for dspam
> but it wasn't running. I went ahead and started it and it's running, but
> nothing is showing in the maillog file (other than to say a one-time notice
> that the daemon was starting).
>  
> 
>  
>  
> Two questions: 1) should there be anything in the log file (like I see for
> spam assassin, clam av and spamdyke) and 2) How to get it to auto-start at
> reboot. Obviously it's not doing that.
>  
> 
>  
>  
> Thanks!
>  
> 
>  
>   
> From:  David Overman <davesp...@me.com>
>  Reply-To:  <qmailtoaster-list@qmailtoaster.com>
>  Date:  Wednesday, November 30, 2016 at 12:00 PM
>  To:  <qmailtoaster-list@qmailtoaster.com>
>  Subject:  Re: [qmailtoaster] Whoops! Not receiving mail.
>  
>  
> 
>  
>  
>  
>  
> Its working!
>  
> thanks again and have a great day.
>  
> Eric, on DO-they have an option for ipv6, which enables private networking
> between droplets.
>  
> I always check it, but I don't use the feature.
>  
> 
>  
>  
> David Overman
>  
> 
>  On Nov 30, 2016, at 10:25 AM, Eric Broch <ebr...@whitehorsetc.com> wrote:
>  
>  
>  
>  
>>  
>>  
>> 
>> And don't forget
>>  
>>  
>> 
>> # chmod 744 /etc/dspam.conf
>>  
>> 
>> before you restart dspam
>>  
>>  
>>  
>> On 11/30/2016 9:23 AM, Eric Broch wrote:
>>  
>>  
>>>  
>>> 
>>> If D.O. has some sort of spam filtering you can forgo dspam otherwise we can
>>> get it working. If you want to use dspam do the following:
>>>  
>>>  
>>> 
>>> # mv /etc/dspam.conf/etc/dspam.conf.bak
>>>  
>>>  
>>> 
>>> # wget -O /root/dspam.conf
>>> https://raw.githubusercontent.com/qmtoaster/dspam/master/dspam.conf
>>>  
>>> 
>>> # mv /home/vpopmail/domains/'yourdomain'/.qmail-default
>>> /home/vpopmail/domains/'yourdom

Re: [qmailtoaster] Whoops! Not receiving mail.

[Jaime Lerner]

David: Might be a good time to create a snapshot that you can fall back to
should something get messed up as you tweak things. :)

Also, Eric -- interestingly enough I already had everything set up for dspam
but it wasn't running. I went ahead and started it and it's running, but
nothing is showing in the maillog file (other than to say a one-time notice
that the daemon was starting).

Two questions: 1) should there be anything in the log file (like I see for
spam assassin, clam av and spamdyke) and 2) How to get it to auto-start at
reboot. Obviously it's not doing that.

Thanks!

From:  David Overman <davesp...@me.com>
Reply-To:  <qmailtoaster-list@qmailtoaster.com>
Date:  Wednesday, November 30, 2016 at 12:00 PM
To:  <qmailtoaster-list@qmailtoaster.com>
Subject:  Re: [qmailtoaster] Whoops! Not receiving mail.

Its working!
thanks again and have a great day.
Eric, on DO-they have an option for ipv6, which enables private networking
between droplets.
I always check it, but I don't use the feature.

David Overman

On Nov 30, 2016, at 10:25 AM, Eric Broch <ebr...@whitehorsetc.com> wrote:

> And don't forget 
> 
> # chmod 744 /etc/dspam.conf
> 
> before you restart dspam
> 
> On 11/30/2016 9:23 AM, Eric Broch wrote:
>> 
>> If D.O. has some sort of spam filtering you can forgo dspam otherwise we can
>> get it working. If you want to use dspam do the following:
>> 
>> # mv /etc/dspam.conf/etc/dspam.conf.bak
>> 
>> # wget -O /root/dspam.conf
>> https://raw.githubusercontent.com/qmtoaster/dspam/master/dspam.conf
>> 
>> # mv /home/vpopmail/domains/'yourdomain'/.qmail-default
>> /home/vpopmail/domains/'yourdomain'/.qmail-default.bak
>> # wget -O  /home/vpopmail/domains/'yourdomain'/.qmail-default
>> https://raw.githubusercontent.com/qmtoaster/dsapm/master/.qmail-default
>>  
>>  # systemctl restart dspam
>>  
>>  Send yourself an email and see if it ends up in the inbox. If not, let's
>> have a look at the log and we'll go from there.
>>  
>> On 11/30/2016 9:08 AM, David Overman wrote:
>>> No, no setting like that.
>>> 
>>>  On Nov 30, 2016, at 10:05 AM, Eric Broch <ebr...@whitehorsetc.com>
>>> <mailto:ebr...@whitehorsetc.com>  wrote:
>>>  
>>>> Okay.
>>>> 
>>>> Look in /etc/dspam.conf and see if there is a setting "Trust vpopmail"
>>>> 
>>>> 
>>>> 
>>>> On 11/30/2016 9:01 AM, David Overman wrote:
>>>>> Thanks Eric,
>>>>> test email is in inbox.
>>>>> 
>>>>>  On Nov 30, 2016, at 09:53 AM, Eric Broch <ebr...@whitehorsetc.com>
>>>>> <mailto:ebr...@whitehorsetc.com>  wrote:
>>>>>  
>>>>>> Let's get mail delivery working before we look at dspam
>>>>>> 
>>>>>>  edit /home/vpopmail/domains/'yourdomain'/.qmail-default
>>>>>> 
>>>>>> and put the following in it
>>>>>> 
>>>>>> | /home/vpopmail/bin/vdelivermail '' delete
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> On 11/30/2016 8:37 AM, Jaime Lerner wrote:
>>>>>>> Check /var/log/qmail/send/current to see the delivery success (or
>>>>>>> failure).
>>>>>>> 
>>>>>>> I don't know what "dspam" is...I don't have that in my logs. Maybe Eric
>>>>>>> knows what that is as it looks like that could be the issue now.
>>>>>>> 
>>>>>>> From:  David Overman <davesp...@me.com>
>>>>>>>  Reply-To:  <qmailtoaster-list@qmailtoaster.com>
>>>>>>>  Date:  Wednesday, November 30, 2016 at 10:27 AM
>>>>>>>  To:  <qmailtoaster-list@qmailtoaster.com>
>>>>>>>  Subject:  Re: [qmailtoaster] Whoops! Not receiving mail.
>>>>>>> 
>>>>>>> Thanks Jamie,
>>>>>>> The nameservers survived after a reboot, and when I sent mail to the
>>>>>>> server, it got past spamdyke,
>>>>>>> but still no mail in roundcube inbox. here is tail of log.
>>>>>>> 
>>>>>>> Nov 30 15:21:19 mail spamd[2074]: spamd: clean message (1.2/5.0) for
>>>>>>> clamav:89 in 0.1 seconds, 2084 bytes.
>>>>>>>  Nov 30 15:21:19 mail spamd[2074]: spamd: result: . 1 -
>>>>>>> AWL,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RDNS_NONE
>>>>>>> scantime=0.1,size=2084,user=clamav,uid=89

Re: [qmailtoaster] Whoops! Not receiving mail.

[Jaime Lerner]

Check /var/log/qmail/send/current to see the delivery success (or failure).

I don't know what "dspam" is...I don't have that in my logs. Maybe Eric
knows what that is as it looks like that could be the issue now.

From:  David Overman <davesp...@me.com>
Reply-To:  <qmailtoaster-list@qmailtoaster.com>
Date:  Wednesday, November 30, 2016 at 10:27 AM
To:  <qmailtoaster-list@qmailtoaster.com>
Subject:  Re: [qmailtoaster] Whoops! Not receiving mail.

Thanks Jamie,
The nameservers survived after a reboot, and when I sent mail to the server,
it got past spamdyke,
but still no mail in roundcube inbox. here is tail of log.

Nov 30 15:21:19 mail spamd[2074]: spamd: clean message (1.2/5.0) for
clamav:89 in 0.1 seconds, 2084 bytes.
Nov 30 15:21:19 mail spamd[2074]: spamd: result: . 1 -
AWL,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RDNS_NONE
scantime=0.1,size=2084,user=clamav,uid=89,required_score=5.0,rhost=mail.davo
mail.com,raddr=::1,rport=35950,mid=<0DA420C0-CFCD-47D6-9B4E-0AC965C5D58C@me.
com>,autolearn=no autolearn_force=no
Nov 30 15:21:19 mail spamdyke[2829]: ALLOWED from: davesp...@me.com to:
da...@davomail.com origin_ip: 17.143.180.10 origin_rdns:
pv33p03im-asmtp001.me.com auth: (unknown) encryption: TLS reason:
250_ok_1480519279_qp_2834
Nov 30 15:21:19 mail dspam[2843]: Option --user requires special privileges
when user does not match current user, e.g.. root or Trusted User
[uid=89(vpopmail)]
Nov 30 15:21:19 mail dspam[2843]: Unable to initialize agent context
Nov 30 15:21:19 mail spamd[1759]: prefork: child states: II


On Nov 30, 2016, at 09:02 AM, Jaime Lerner <jaimeler...@geekgoddess.com>
wrote:

> No "e" at the end /etc/resolv.conf
> 
> :)
> 
> Try editing the DNS entries in your ifcfg-eth0 file. I think this will make
> your resolv.conf hold after reboot. Basically the ONLY thing you need to edit
> will be the DNS1 and DNS2 entries. I'm listing the entire file (with IPs, etc.
> redacted) so you can compare the options in yours to mine (which is also
> CentOS 7.2 on Digital Ocean hosting). You should have all the same options.
> 
> /etc/sysconfig/network-scripts/ifcfg-eth0
> 
> [root@mail network-scripts]# cat ifcfg-eth0
> 
> DEVICE='eth0'
> 
> TYPE=Ethernet
> 
> BOOTPROTO=none
> 
> ONBOOT='yes'
> 
> HWADDR=  < leave this as YOUR address!
> 
> IPADDR= <--- leave this as YOUR IP address!!
> 
> NETMASK= <--- leave this as what it is set at for your server!!
> 
> GATEWAY= <--- leave this as what it is set at for your server!
> 
> NM_CONTROLLED='yes'
> 
> IPADDR2= <-- leave this as what it is set at for your server!
> 
> PREFIX2=16
> 
> DNS1=8.8.8.8 <-- CHANGE your DNS1 to this
> 
> DNS2=8.8.4.4 <-- CHANGE your DNS2 to this
> 
> 
> Once you've edited your ifcfg-eth0 file, edit your resolv.conf file, then try
> rebooting and see if it holds.
> 
> From:  David Overman <davesp...@me.com>
> Reply-To:  <qmailtoaster-list@qmailtoaster.com>
> Date:  Wednesday, November 30, 2016 at 9:48 AM
> To:  <qmailtoaster-list@qmailtoaster.com>
> Subject:  Re: [qmailtoaster] Whoops! Not receiving mail.
> 
> tried again. putting v4 nameservers i then executed systemctl restart network.
> now i get this:
> 
> [root@mail ~]# cat /etc/resolve.conf
> cat: /etc/resolve.conf: No such file or directory
> 
> same thing on reboot-or if the file is there, it's ipv6
> 
> David
> On Nov 30, 2016, at 08:32 AM, Jaime Lerner <jaimeler...@geekgoddess.com>
> wrote:
> 
>> Once again, that's in your /etc/resolv.conf file.
>> 
>> Make sure it says the following in it:
>> 
>> nameserver 8.8.8.8
>> 
>> nameserver 8.8.4.4
>> 
>> 
>> From:  David Overman <davesp...@me.com>
>> Reply-To:  <qmailtoaster-list@qmailtoaster.com>
>> Date:  Wednesday, November 30, 2016 at 7:59 AM
>> To:  <qmailtoaster-list@qmailtoaster.com>
>> Subject:  Re: [qmailtoaster] Whoops! Not receiving mail.
>> 
>> No, I was looking in qmail logs, but when I did, guess what reared it's ugly
>> head?
>> 
>> spamdyke[30082]: ERROR: invalid/unparsable nameserver found:
>> 2001:4860:4860::8844
>> 
>> 
>> On Nov 30, 2016, at 06:50 AM, Jaime Lerner <jaimeler...@geekgoddess.com>
>> wrote:
>> 
>>> Did you check /var/log/maillog to see if it was received but maybe denied
>>> delivery for some reason?
>>> 
>>>> On Nov 30, 2016, at 6:44 AM, David Overman <davesp...@me.com> wrote:
>>>> 
>>>> After getting squirellmail and roundcube working, I decided to test the
>>>> primary function of the site sending/receiving emails. I successfully sent
>>>> an email to an outside account, but I never recieved the reply from that
>>>> account.Looked in Mialdir and did not receive a bounce either. How do you
>>>> test courier, I did try to telnet 993, which connected and then dropped
>>>> when i said ehlo.
>>>> 
>>>> David
>>> 
>>> 
>>> -
>>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>>> 

Re: [qmailtoaster] Whoops! Not receiving mail.

[Jaime Lerner]

No "e" at the end /etc/resolv.conf

:)

Try editing the DNS entries in your ifcfg-eth0 file. I think this will make
your resolv.conf hold after reboot. Basically the ONLY thing you need to
edit will be the DNS1 and DNS2 entries. I'm listing the entire file (with
IPs, etc. redacted) so you can compare the options in yours to mine (which
is also CentOS 7.2 on Digital Ocean hosting). You should have all the same
options.

/etc/sysconfig/network-scripts/ifcfg-eth0

[root@mail network-scripts]# cat ifcfg-eth0

DEVICE='eth0'

TYPE=Ethernet

BOOTPROTO=none

ONBOOT='yes'

HWADDR=  < leave this as YOUR address!

IPADDR= <--- leave this as YOUR IP address!!

NETMASK= <--- leave this as what it is set at for your server!!

GATEWAY= <--- leave this as what it is set at for your server!

NM_CONTROLLED='yes'

IPADDR2= <-- leave this as what it is set at for your server!

PREFIX2=16

DNS1=8.8.8.8 <-- CHANGE your DNS1 to this

DNS2=8.8.4.4 <-- CHANGE your DNS2 to this


Once you've edited your ifcfg-eth0 file, edit your resolv.conf file, then
try rebooting and see if it holds.

From:  David Overman <davesp...@me.com>
Reply-To:  <qmailtoaster-list@qmailtoaster.com>
Date:  Wednesday, November 30, 2016 at 9:48 AM
To:  <qmailtoaster-list@qmailtoaster.com>
Subject:  Re: [qmailtoaster] Whoops! Not receiving mail.

tried again. putting v4 nameservers i then executed systemctl restart
network.
now i get this:

[root@mail ~]# cat /etc/resolve.conf
cat: /etc/resolve.conf: No such file or directory

same thing on reboot-or if the file is there, it's ipv6
David
On Nov 30, 2016, at 08:32 AM, Jaime Lerner <jaimeler...@geekgoddess.com>
wrote:

> Once again, that's in your /etc/resolv.conf file.
> 
> Make sure it says the following in it:
> 
> nameserver 8.8.8.8
> 
> nameserver 8.8.4.4
> 
> 
> From:  David Overman <davesp...@me.com>
> Reply-To:  <qmailtoaster-list@qmailtoaster.com>
> Date:  Wednesday, November 30, 2016 at 7:59 AM
> To:  <qmailtoaster-list@qmailtoaster.com>
> Subject:  Re: [qmailtoaster] Whoops! Not receiving mail.
> 
> No, I was looking in qmail logs, but when I did, guess what reared it's ugly
> head?
> 
> spamdyke[30082]: ERROR: invalid/unparsable nameserver found:
> 2001:4860:4860::8844
> 
> 
> On Nov 30, 2016, at 06:50 AM, Jaime Lerner <jaimeler...@geekgoddess.com>
> wrote:
> 
>> Did you check /var/log/maillog to see if it was received but maybe denied
>> delivery for some reason?
>> 
>>> On Nov 30, 2016, at 6:44 AM, David Overman <davesp...@me.com> wrote:
>>> 
>>> After getting squirellmail and roundcube working, I decided to test the
>>> primary function of the site sending/receiving emails. I successfully sent
>>> an email to an outside account, but I never recieved the reply from that
>>> account.Looked in Mialdir and did not receive a bounce either. How do you
>>> test courier, I did try to telnet 993, which connected and then dropped when
>>> i said ehlo.
>>> 
>>> David
>> 
>> 
>> -
>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>> 

Re: [qmailtoaster] Whoops! Not receiving mail.

[Jaime Lerner]

Once again, that's in your /etc/resolv.conf file.

Make sure it says the following in it:

nameserver 8.8.8.8

nameserver 8.8.4.4


From:  David Overman <davesp...@me.com>
Reply-To:  <qmailtoaster-list@qmailtoaster.com>
Date:  Wednesday, November 30, 2016 at 7:59 AM
To:  <qmailtoaster-list@qmailtoaster.com>
Subject:  Re: [qmailtoaster] Whoops! Not receiving mail.

No, I was looking in qmail logs, but when I did, guess what reared it's ugly
head?

spamdyke[30082]: ERROR: invalid/unparsable nameserver found:
2001:4860:4860::8844


On Nov 30, 2016, at 06:50 AM, Jaime Lerner <jaimeler...@geekgoddess.com>
wrote:

> Did you check /var/log/maillog to see if it was received but maybe denied
> delivery for some reason?
> 
>> On Nov 30, 2016, at 6:44 AM, David Overman <davesp...@me.com> wrote:
>> 
>> After getting squirellmail and roundcube working, I decided to test the
>> primary function of the site sending/receiving emails. I successfully sent an
>> email to an outside account, but I never recieved the reply from that
>> account.Looked in Mialdir and did not receive a bounce either. How do you
>> test courier, I did try to telnet 993, which connected and then dropped when
>> i said ehlo.
>> 
>> David
> 
> 
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
> 

Re: [qmailtoaster] Whoops! Not receiving mail.

[Jaime Lerner]

Did you check /var/log/maillog to see if it was received but maybe denied 
delivery for some reason? 

> On Nov 30, 2016, at 6:44 AM, David Overman  wrote:
> 
> After getting squirellmail and roundcube working, I decided to test the 
> primary function of the site sending/receiving emails. I successfully sent an 
> email to an outside account, but I never recieved the reply from that 
> account.Looked in Mialdir and did not receive a bounce either. How do you 
> test courier, I did try to telnet 993, which connected and then dropped when 
> i said ehlo.
> 
> David 


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] error after changing squirrelmail conf new-install

[Jaime Lerner]

I was just mentioning it because David kept pointing to that as an error and
thinking it was the issue as to why qmail wasn't working. It's definitely
not an issue on my server. Perhaps that's how it is set up for Digital Ocean
servers running CentOS 7...not sure.

He can run 'systemctl status network' to see that his network service is
running fine. (Mine shows it's using /etc/rc.d/init.d/network, and his may
say the same)

From:  Eric Broch <ebr...@whitehorsetc.com>
Reply-To:  <qmailtoaster-list@qmailtoaster.com>
Date:  Tuesday, November 29, 2016 at 10:59 AM
To:  <qmailtoaster-list@qmailtoaster.com>
Subject:  Re: [qmailtoaster] error after changing squirrelmail conf
new-install


 

I'm not sure what to tell you to get network management started. It always
seems to work on my boxes, vm's included. Maybe I'm taking something for
granted. When I configure my network settings on clean install sometimes I
leave network settings alone (dhcp), install qmailtoaster, then run
qmt_host.sh. Other times I set the hostname and ipv4 ip, gateway, and dns
(on fresh install) and run qmt_host.sh to change everything. I've never had
a problem with network manager (something I need to investigate now).
 
 

So the way around this (for now) is to edit the ifcfg-'device' file
manually, something I hate to do.
 
 
 
On 11/29/2016 8:48 AM, Jaime Lerner wrote:
 
 
>  
> Just as an FYI, if I run the command 'nmtui' on my server I get the same
> response "NetworkManager is not running".  Just in case you're thinking that's
> an issue...it's obviously not.
>  
> 
>  
>   
> From:  Eric Broch <ebr...@whitehorsetc.com>
>  Reply-To:  <qmailtoaster-list@qmailtoaster.com>
>  Date:  Tuesday, November 29, 2016 at 10:45 AM
>  To:  <qmailtoaster-list@qmailtoaster.com>
>  Subject:  Re: [qmailtoaster] error after changing squirrelmail conf
> new-install
>  
>  
> 
>  
>  
>   
>  
> 
> And,
>  
> 
> What are these settings:
>  
>  
> 
> IPADDR2=10.13.0.5
>  PREFIX2=16
>  
> 
> If you don't need them remove.
>  
>  
>  
> On 11/29/2016 8:34 AM, Eric Broch wrote:
>  
>  
>>   
>> 
>> Do below and remove ifcfg-enp0s3
>>  
>>  
>> On 11/29/2016 8:32 AM, Eric Broch wrote:
>>  
>>  
>>>   
>>> 
>>> Here's what I would do
>>>  
>>> 
>>> # cp -p  /etc/sysconfig/network-scripts/ifcfg-eth0/root/'somewhere'
>>>  
>>> 
>>> # vi /etc/sysconfig/network-scripts/ifcfg-eth0
>>>  
>>> 
>>> erase all settings, paste below into the file and save
>>>  
>>> 
>>> # systemctl restart network
>>>  
>>> 
>>> DEVICE='eth0'
>>>  TYPE=Ethernet
>>>  BOOTPROTO=none
>>>  ONBOOT='yes'
>>>  HWADDR=62:ed:ca:6d:25:73
>>>  IPADDR=162.243.70.109
>>>  NETMASK=255.255.255.0
>>>  GATEWAY=162.243.70.1
>>>  IPADDR2=10.13.0.5
>>>  PREFIX2=16
>>>  IPV6INIT=yes
>>>  IPV6_AUTOCONF=yes
>>>  IPV6_DEFROUTE="yes"
>>>  IPV6_FAILURE_FATAL="no"
>>>  IPV6_PEERDNS=yes
>>>  IPV6_PEERROUTES=yes
>>>  DNS1=8.8.8.8
>>>  DNS2=8.8.4.4
>>>  
>>> 
>>> # vi /etc/resolv.conf
>>>  
>>> 
>>> clear all ipv6 nameserver settings
>>>  
>>> 
>>> add: 
>>>  
>>>  
>>> 
>>> nameserver 8.8.8.8
>>>  
>>> 
>>> nameserver 8.8.4.4
>>>  
>>> 
>>> 
>>>  
>>>  
>>>  
>>> On 11/29/2016 7:48 AM, David Overman wrote:
>>>  
>>>  
>>>>  
>>>> Ok,
>>>>  
>>>> I tried the script with my ip for ip4 address and 8.8.8.8 and 8.8.4.4
>>>>  
>>>> and with my actual ip and hostname.
>>>>  
>>>> 
>>>>  
>>>>  
>>>> Still getting Error: NetworkManager is not running.
>>>>  
>>>> 
>>>>  
>>>>  
>>>> [root@mail ~]# sh qmt-host.sh
>>>>  
>>>>  Call this script as follows (example below):
>>>>  qmt-host.sh hostname ipv4.address ipv4.gateway
>>>>  qmt-host.sh me.mydomain.com 192.168.0.2 192.168.0.1
>>>>  
>>>>  
>>>> 
>>>>  
>>>>  
>>>>  Machine ID: f4d13c7c7b144261851b451e00bb999b
>>>>  Boot ID: a73c2022069042cf8d8e58ca859c787e
>>>>  Virtualization: kvm
>>>>  Operating System: CentOS Linux 7 (Core)
>>

Re: [qmailtoaster] error after changing squirrelmail conf new-install

[Jaime Lerner]

Just as an FYI, if I run the command 'nmtui' on my server I get the same
response "NetworkManager is not running".  Just in case you're thinking
that's an issue...it's obviously not.

From:  Eric Broch 
Reply-To:  
Date:  Tuesday, November 29, 2016 at 10:45 AM
To:  
Subject:  Re: [qmailtoaster] error after changing squirrelmail conf
new-install


 

And,
 

What are these settings:
 
 

IPADDR2=10.13.0.5
 PREFIX2=16
 

If you don't need them remove.
 
 
 
On 11/29/2016 8:34 AM, Eric Broch wrote:
 
 
>   
> 
> Do below and remove ifcfg-enp0s3
>  
>  
> On 11/29/2016 8:32 AM, Eric Broch wrote:
>  
>  
>>   
>> 
>> Here's what I would do
>>  
>> 
>> # cp -p  /etc/sysconfig/network-scripts/ifcfg-eth0/root/'somewhere'
>>  
>> 
>> # vi /etc/sysconfig/network-scripts/ifcfg-eth0
>>  
>> 
>> erase all settings, paste below into the file and save
>>  
>> 
>> # systemctl restart network
>>  
>> 
>> DEVICE='eth0'
>>  TYPE=Ethernet
>>  BOOTPROTO=none
>>  ONBOOT='yes'
>>  HWADDR=62:ed:ca:6d:25:73
>>  IPADDR=162.243.70.109
>>  NETMASK=255.255.255.0
>>  GATEWAY=162.243.70.1
>>  IPADDR2=10.13.0.5
>>  PREFIX2=16
>>  IPV6INIT=yes
>>  IPV6_AUTOCONF=yes
>>  IPV6_DEFROUTE="yes"
>>  IPV6_FAILURE_FATAL="no"
>>  IPV6_PEERDNS=yes
>>  IPV6_PEERROUTES=yes
>>  DNS1=8.8.8.8
>>  DNS2=8.8.4.4
>>  
>> 
>> # vi /etc/resolv.conf
>>  
>> 
>> clear all ipv6 nameserver settings
>>  
>> 
>> add: 
>>  
>>  
>> 
>> nameserver 8.8.8.8
>>  
>> 
>> nameserver 8.8.4.4
>>  
>> 
>> 
>>  
>>  
>>  
>> On 11/29/2016 7:48 AM, David Overman wrote:
>>  
>>  
>>>  
>>> Ok,
>>>  
>>> I tried the script with my ip for ip4 address and 8.8.8.8 and 8.8.4.4
>>>  
>>> and with my actual ip and hostname.
>>>  
>>> 
>>>  
>>>  
>>> Still getting Error: NetworkManager is not running.
>>>  
>>> 
>>>  
>>>  
>>> [root@mail ~]# sh qmt-host.sh
>>>  
>>>  Call this script as follows (example below):
>>>  qmt-host.sh hostname ipv4.address ipv4.gateway
>>>  qmt-host.sh me.mydomain.com 192.168.0.2 192.168.0.1
>>>  
>>>  
>>> 
>>>  
>>>  
>>>  Machine ID: f4d13c7c7b144261851b451e00bb999b
>>>  Boot ID: a73c2022069042cf8d8e58ca859c787e
>>>  Virtualization: kvm
>>>  Operating System: CentOS Linux 7 (Core)
>>>  CPE OS Name: cpe:/o:centos:centos:7
>>>  Kernel: Linux 3.10.0-327.36.3.el7.x86_64
>>>  Architecture: x86-64
>>>  Error: NetworkManager is not running.
>>>  
>>>  
>>> 
>>>  
>>>  
>>> 
>>>  On Nov 29, 2016, at 08:26 AM, Eric Broch 
>>>   wrote:
>>>  
>>>  
>>>  
>>>  
  
  
 
 Try running this:
 https://raw.githubusercontent.com/qmtoaster/scripts/master/qmt_host.sh
  
 
 Or
  
  
 
 Take a look here:
  
 
 http://ask.xmodulo.com/configure-static-ip-address-centos7.html
  
 
 You must get rid of the IPv6 name servers
  
 
 
  
  
 
 
  
  
  
 On 11/29/2016 4:37 AM, David Overman wrote:
  
  
>  
> [root@mail ~]# systemctl start network
>  [root@mail ~]# nmtui
>  NetworkManager is not running.
>  
> 
>  
>  
> 
>  
>  
> Do you think this may have something to do with my Centos Instance running
> on A digitalocean droplet?
>  
> 
>  On Nov 28, 2016, at 07:37 AM, Eric Broch 
>   wrote:
>  
>  
>  
>  
>>  
>>  
>> # systemctl start network
>>  
>>  
>>  On 11/28/2016 12:16 AM, David Overman wrote:
>>  
>>> Failed to start NetworkManager.service: Unit NetworkManager.service is
>>  
>>> masked
>>  
>>  
>> -
>>  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>>  For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>>  
>>  
>>  
>>  
>  
>  
  
  
  
>>>  
>>>  
>>  
>>  
>  
>  
 
 

Re: [qmailtoaster] error after changing squirrelmail conf new-install

[Jaime Lerner]

No, Eric's instructions are generic. I'll take a look at my notes, and see if I 
can help you any to get going on this on a digital ocean droplet.

> On Nov 29, 2016, at 9:03 AM, David Overman <davesp...@me.com> wrote:
> 
> Fantastic Jaime,
> Thank You!,
> 
> I just opened a ticket on DO. I'll close it now. Does Eric have specific 
> instructions for DO?
> googling now.
> 
> David
> 
>> On Nov 29, 2016, at 07:57 AM, Jaime Lerner <jaimeler...@geekgoddess.com> 
>> wrote:
>> 
> 
>> 
>> I'm running my install on a digital ocean droplet on Cent OS 7.2 with no 
>> problems at all. It runs beautifully there. I found Eric's instructions by 
>> Googling and followed them for the install and everything worked great. I'm 
>> running roundcube and not squirrelmail, but qmail itself was up and running 
>> with no problems from Eric's step-by-step. I'm running Apache (for the 
>> webmail), and Bind for DNS.
>> 
>>> On Nov 29, 2016, at 6:37 AM, David Overman <davesp...@me.com> wrote:
>>> 
>>> [root@mail ~]# systemctl start network
>>> [root@mail ~]# nmtui
>>> NetworkManager is not running.
>>> 
>>> 
>>> Do you think this may have something to do with my Centos Instance running 
>>> on A digitalocean droplet?
>>> 
>>>> On Nov 28, 2016, at 07:37 AM, Eric Broch <ebr...@whitehorsetc.com> wrote:
>>>> 
>>> 
>>>> # systemctl start network
>>>> 
>>>> 
>>>>> On 11/28/2016 12:16 AM, David Overman wrote:
>>>>> Failed to start NetworkManager.service: Unit NetworkManager.service is
>>>>> masked
>>>> 
>>>> 
>>>> -
>>>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>>>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>>>> 

Re: [qmailtoaster] error after changing squirrelmail conf new-install

[Jaime Lerner]

I'm running my install on a digital ocean droplet on Cent OS 7.2 with no 
problems at all. It runs beautifully there. I found Eric's instructions by 
Googling and followed them for the install and everything worked great. I'm 
running roundcube and not squirrelmail, but qmail itself was up and running 
with no problems from Eric's step-by-step. I'm running Apache (for the 
webmail), and Bind for DNS.

> On Nov 29, 2016, at 6:37 AM, David Overman  wrote:
> 
> [root@mail ~]# systemctl start network
> [root@mail ~]# nmtui
> NetworkManager is not running.
> 
> 
> Do you think this may have something to do with my Centos Instance running on 
> A digitalocean droplet?
> 
>> On Nov 28, 2016, at 07:37 AM, Eric Broch  wrote:
>> 
> 
>> # systemctl start network
>> 
>> 
>>> On 11/28/2016 12:16 AM, David Overman wrote:
>>> Failed to start NetworkManager.service: Unit NetworkManager.service is
>>> masked
>> 
>> 
>> -
>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>> 

Re: [qmailtoaster] error after changing squirrelmail conf new-install

[Jaime Lerner]

Looks to me like he has an ipv6 version of the Google IPs in his
resolve.conf file...

I think that's why he got the "unparsable nameserver" error originally

He should change the IPs to ipv4

[root@mail ~]# cat /etc/resolv.conf

search [whatever his mailserver is, i.e. mail.example.com]

nameserver 127.0.0.1

nameserver 8.8.8.8

nameserver 8.8.4.4


From:  David Overman 
Reply-To:  
Date:  Sunday, November 27, 2016 at 3:05 PM
To:  
Subject:  Re: [qmailtoaster] error after changing squirrelmail conf
new-install

I found this in the archive, and I made the changes to squirrelmail like it
said.
Now I am getting a different error.
AH00526: Syntax error on line 8 of /etc/httpd/conf/squirrelmail.conf:
 ErrorDocument takes two arguments, Change responses for HTTP errors


- Original Message - From: "Maxwell Smart" 
To: 
Sent: Thursday, June 03, 2010 12:46 PM
Subject: Re: [qmailtoaster] Re: Webmail SSL


> It appears as though you have a default configuration. Replace this in your
> squirrelmail.conf file.
> 
>Options None
>Order allow,deny
>allow from all
> 
> 
> with this
> 
> 
> RewriteEngine on
> RewriteCond %{SERVER_PORT} !^443$
> RewriteRule ^(.*/webmail*)$ https://%{SERVER_NAME}$1
>   [L,R]
> allow from all
> Options
> SSLRequireSSL
> ErrorDocument 403 "https://your.server.com/webmail/;
>  ;
> 
> 
> You will need to change the your.server.com to your server name.

On Nov 27, 2016, at 01:55 PM, ebr...@whitehorsetc.com wrote:

> 
> 
> What changes did you make to what File? Or, what documentation were you
> following?
> 
> 
> 
> On Sun, Nov 27, 2016 at 11:05 AM -0700, "David Overman" 
> wrote:
>  
>> Greetings,
>> I just got this server up Centos 6.2
>> I updated squirrelmail.conf to activate squirellmail, but when I tried to
>> restart httpd, I received these errors.
>> 
>> Unregistered Authentication Agent for unix-process:12902:1473656 (system bus
>> nam
>> Nov 27 17:32:36 mail.mydomain.com spamdyke[12929]: ERROR: invalid/unparsable
>> nameserver found: 2001:4860:4860::8844
>> Nov 27 17:32:36 mail.mydomain.com spamdyke[12929]: ERROR: invalid/unparsable
>> nameserver found: 2001:4860:4860::
>> Nov 27 17:32:37 mail.mydomaincom vpopmail[12933]: vchkpw-smtp: vpopmail user
>> not found em...@mydomain.com:80.82.64.109
>> After changing back to the default conf for squirrelmail, httpd restarted
>> without complaint.
>> 
>> thanks in advance,
>> David

Re: [qmailtoaster] COS7 Dovecot not logrotate [solved]

[Jaime Lerner]

Thank you! I was having this same problem.

From:  Havrla 
Reply-To:  
Date:  Saturday, November 12, 2016 at 4:29 PM
To:  
Subject:  [qmailtoaster] COS7 Dovecot not logrotate [solved]

Heloo

COS7 Dovecot not logrotate... :

[root@fialka ~]#  /usr/sbin/logrotate -v /etc/logrotate.d/dovecot
Ignoring /etc/logrotate.d/dovecot because of bad file mode.

Handling 0 logs
[root@fialka ~]#

problem:

[root@fialka ~]# ls -lh /etc/logrotate.d/do*
-rwxr-xr-x 1 root root 131 29. bře  2014 /etc/logrotate.d/dovecot


solved:

[root@fialka ~]# chmod 644 /etc/logrotate.d/dovecot
[root@fialka ~]# ls -lh /etc/logrotate.d/do*
-rw-r--r-- 1 root root 131 29. bře  2014 /etc/logrotate.d/dovecot
[root@fialka ~]#

[root@fialka ~]#   /usr/sbin/logrotate -v /etc/logrotate.d/dovecot
reading config file /etc/logrotate.d/dovecot

Handling 1 logs

rotating pattern: /var/log/dovecot*.log  1048576 bytes (no old logs will
be kept)
etc.


Havrla


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] spamdyke rejecting all incoming messages

[Jaime Lerner]

Maybe this would be helpful?

http://www.itechlounge.net/2015/12/linux-error-receiving-or-sending-email-wi
th-qmail-451_mail_server_temporarily_rejected_message_4-3-0/



From:  Kelly Cobean 
Reply-To:  
Date:  Thursday, October 27, 2016 at 6:48 PM
To:  
Subject:  [qmailtoaster] spamdyke rejecting all incoming messages

Hey all,
My QMT install has been running for years and admittedly I've done very
little maintenance/patching.  I still run a few domains with EZ-MLM lists
and individual accounts and recently, my server stopped accepting all
inbound messages.  There are only 2 messages in my queue and I've stopped
and restarted qmail (qmailctl stop/start) and I've even restarted the
server.  There's plenty of disk space on the server.

The error logs indicate the following:

@4000581282090d55df2c tcpserver: status: 1/100
@4000581282090d55eae4 tcpserver: pid 15044 from 209.85.215.45
@4000581282090d55eae4 tcpserver: ok 15044
www.novagunrunners.com:66.151.32.133:25 :209.85.215.45::35674
@40005812820b0c77db3c CHKUSER accepted sender: from 
remote  rcpt <> : sender
accepted
@40005812820b119a188c CHKUSER accepted any rcpt: from
 remote 
rcpt  : accepted any recipient for this domain
@40005812820b119a2444 policy_check: remote ke...@cobean.net -> local
kcob...@vipercrazy.com (UNAUTHENTICATED SENDER)
@40005812820b119a282c policy_check: policy allows transmission
@40005812820c1bfa123c qmail-smtpd: qq soft reject (mail server
temporarily rejected message (#4.3.0)): MAILFROM:
RCPTTO:kcob...@vipercrazy.com 
@40005812820c1bfa1a0c spamdyke[15044]: DENIED_OTHER from:
ke...@cobean.net to: kcob...@vipercrazy.com origin_ip: 209.85.215.45
origin_rdns: mail-lf0-f45.google.com   auth:
(unknown) encryption: TLS reason:
451_mail_server_temporarily_rejected_message_(#4.3.0)
@40005812820c24ba9874 tcpserver: end 15044 status 0


 My spamdyke is probably old:

[root@www spamdyke]# spamdyke --version
spamdyke 4.3.1+TLS+CONFIGTEST+DEBUG (C)2012 Sam Clippinger, samc (at)
silence (dot) org
http://www.spamdyke.org/


I've made no changes on the server.  Has anyone seen this before? I
appreciate any help you can offer.

Re: [qmailtoaster] vchkpw segfaults and spamdyke errors

[Jaime Lerner]

Awesome! Thanks Eric!

From:  Eric <ebr...@whitehorsetc.com>
Reply-To:  <qmailtoaster-list@qmailtoaster.com>
Date:  Tuesday, October 4, 2016 at 10:49 AM
To:  <qmailtoaster-list@qmailtoaster.com>
Subject:  Re: [qmailtoaster] vchkpw segfaults and spamdyke errors

Hi Jamie and everyone else,

I know its been a while, but I've found the reason for this segfault in
qmailmrtg, on my server at least. I saw that you were interested in
turning off qmailmrtg as you don't use it.

To turn off edit /etc/crontab and change

0-59/5 * * * * root env LANG=C /usr/bin/mrtg
/usr/share/toaster/mrtg/qmailmrtg.cfg > /dev/null 2>&1

to

#0-59/5 * * * * root env LANG=C /usr/bin/mrtg
/usr/share/toaster/mrtg/qmailmrtg.cfg > /dev/null 2>&1

or delete the line altogether.


If you're interested in where I found the segfault (at least on my
toaster) read on. It was really quite simple and I'm not sure why this
hasn't been noticed before.

I found that the error occurred during the concurrency check in
qmailmrtg.cfg, specifically in the call `/usr/bin/qmailmrtg t
/var/log/qmail/smtp`. Here qmailmrtg is finding concurrent connections
in the smtp log by looking for lines with the following: 'status:
[1-???]/100' from which it derives the max number of connections over a
time interval (present-300 to present programmatically).

The program (qmailmrtg), when searching for the substring 'status:'
within single log entries, is NOT checking for the most important part:
whether this is a 'tcpserver:' connection or not.

If the program finds any occurrence of 'status:' the log entry in which
it resides will be checked for concurrency ([1-???]/100) using POINTERS.
If the program finds an occurrence of 'status:' within a log entry not
of the form 'status: [1-???]/100' the pointer will be pointing to an
undefined or unauthorized section of memory causing the segfault.

The concurrency entries take the following from:

@400057f3b9b42799c77c tcpserver: status: 3/100

I created a patch (soon to be out) so the program checks for 'tcpserver:
status: ' (whether it's a tcp server connection) before it looks for
concurrency numbers.

I found the offending 'status:' entries in the smtp log by running the
following command:
# cat /var/log/qmail/smtp/* | tai64nlocal | grep status:[0-9]

The resulting 'cat' of the smtp log provided the following log entries:
@400057eb9d2f1c792d4c simscan:[21808]:CLEAN
(2.90/12.00):0.5372s:John Q. Public updated her
status:192.168.0.1:notification+z_y9=s...@facebookmail.com:soandso@mydomains.
tld

on which qmailmrtg was segfault(ing). It ended up being email from
facebook with subject lines indicating an update in status.

It's a harmless problem but annoying, so, I'm going to patch the code
and put out an updated version.

I'm still surprised that this wasn't noticed years ago.

Eric

On 6/10/2016 10:10 AM, Jaime Lerner wrote:
>  Thanks for looking into this, Eric. The interesting thing is, the
>  qmailmrtg segfaults didn't happen until I cleared up the vchkpw faults.
>  I'm thinking they both might be related to memory and when I raised the
>  limit for vchkpw it didn't leave enough memory for qmailmrtg to run
>  sometimes. I'm thinking I could drop the softlimit down and see if that
>  solves it (i.e. Drop it until the qmailmrgt segfaults stop, but not too
>  much so as to cause the vchkpw segfaults to start up again). And yes,
>  they are in the messages log. I don't have any of the "abrt-server"
>  messages, nor anything about it not being signed. The only thing in my
>  log for qmailmrtg is the segfaults (and the initial install I did with yum).
> 
>  From: Eric <ebr...@whitehorsetc.com <mailto:ebr...@whitehorsetc.com>>
>  Reply-To: <qmailtoaster-list@qmailtoaster.com
>  <mailto:qmailtoaster-list@qmailtoaster.com>>
>  Date: Friday, June 10, 2016 at 12:02 PM
>  To: <qmailtoaster-list@qmailtoaster.com
>  <mailto:qmailtoaster-list@qmailtoaster.com>>
>  Subject: Re: [qmailtoaster] vchkpw segfaults and spamdyke errors
> 
>  Hi Jamie,
> 
>  I had these as well on a client server about a month ago for a few days
>  and they went away. They showed up in the postmaster logwatch email. I
>  traced them to the messages log.
> 
>  I ran the following command (with output):
> 
>  # cat messages* | grep -C 4 segfault
> 
>  May 18 09:25:02 mail kernel: qmailmrtg[20759]: segfault at 604000 ip
>  00400b17 sp 7fff8f462560 error 4 in qmailmrtg[40+2000]
>  May 18 09:25:02 mail abrt-server: Package 'qmailmrtg' isn't signed with
>  proper key
>  May 18 09:25:02 mail abrt-server: 'post-create' on
>  '/var/spool/abrt/ccpp-2016-05-18-09:25:02-20759' exited with 1
>  May 18 09:25:02 mail abrt-server: Deleting problem directory
>  '/var/spool/abrt/ccpp-2016-05-18-09:25:02-20759'
> 
>  And, it looks like it has somethin

Re: [qmailtoaster] Problemas...

[Jaime Lerner]

A. Gotcha. Didn't know it was already patched! Awesome! No wonder I'm
not having any problems. :)

From:  Eric <ebr...@whitehorsetc.com>
Reply-To:  <qmailtoaster-list@qmailtoaster.com>
Date:  Saturday, August 13, 2016 at 11:33 PM
To:  <qmailtoaster-list@qmailtoaster.com>
Subject:  Re: [qmailtoaster] Problemas...

Yes. The big DNS patch, which QMT utilizes, takes care of this (BIND).

As an added measure, insuring it's not on the QMT end, djbdns from
mirrors.qmailtoaster.com could be installed:

http://mirror2.qmailtoaster.com/archive/rpms/djbdns-1.05-1.0.6.src.rpm

On 8/13/2016 7:48 PM, Jaime Lerner wrote:
>  Just throwing out there that I am using BIND with no issues
> 
>  From: Eric <ebr...@whitehorsetc.com <mailto:ebr...@whitehorsetc.com>>
>  Reply-To: <qmailtoaster-list@qmailtoaster.com
>  <mailto:qmailtoaster-list@qmailtoaster.com>>
>  Date: Saturday, August 13, 2016 at 4:04 PM
>  To: <qmailtoaster-list@qmailtoaster.com
>  <mailto:qmailtoaster-list@qmailtoaster.com>>
>  Subject: Re: [qmailtoaster] Problemas...
> 
>  Gustavo,
> 
>  I don't think you should have to reinstall qmail to fix this.
> 
>  From: http://thedjbway.b0llix.net/qmail/patches.html
> 
>  
>  • qmail-1.03.big-dns.patch [port]
> 
>  We mention this patch by Christopher K. Davis because it is commonly
>  referred to in other qmail "howto" instructions around the 'net, and
>  incorporated with qmail port builds on some platforms.
> 
>  It patches the dns.c file in qmail, allowing it to safely receive
>  responses to DNS queries exceeding 512 bytes.
> 
>  Of course, this patch is necessary only if using a DNS resolver such as
>  (ahem) BIND.
> 
>  Otherwise this patch is never needed for qmail servers built "the djb
>  way", with DNS services provided by the dnscache resolver from the
>  djbdns package.
> 
>  
> 
> 
>  What DNS resolver are you using? Can you try djbdns?
> 
>  Eric
> 
> 
> 
> 
>  On 8/12/2016 1:40 PM, Gustavo De Poli wrote:
> 
>  yes. i can not solution!
> 
> 
>  2016-08-12 16:38 GMT-03:00 Eric <ebr...@whitehorsetc.com
>  <mailto:ebr...@whitehorsetc.com>
>  <mailto:ebr...@whitehorsetc.com>>:
> 
>   Is this the continuing problem with DNS lookups?
> 
>   On 8/12/2016 11:29 AM, Gustavo De Poli wrote:
> 
>   i dont know how repair.
>   im want to reinstalll all again.
> 
>   i dont found how desinstall qmail.
> 
>   Some one knows
> 
> 
>   2016-08-06 13:54 GMT-03:00 Eric <ebr...@whitehorsetc.com
>  <mailto:ebr...@whitehorsetc.com>
>   <mailto:ebr...@whitehorsetc.com>
>   <mailto:ebr...@whitehorsetc.com
>  <mailto:ebr...@whitehorsetc.com>>>:
> 
>   Here's the qmailtoaster patch list:
> 
>   QmailToaster is patched to the netqmail-1.05
>  distribution of
>   qmail.
> 
>   It is comprised of qmail-1.03 plus a patch file, some
>   documentation,
>   and a shell script which prepares the files for
>  compilation.
> 
>   More information is available at http://qmail.org/netqmail/
> 
>   Russ Nelson <nel...@qmail.org <mailto:nel...@qmail.org>
>  <mailto:nel...@qmail.org>
>   <mailto:nel...@qmail.org <mailto:nel...@qmail.org>>>
>   Charles Cazabon <charlesc-netqm...@discworld.dyndns.org
>  <mailto:charlesc-netqm...@discworld.dyndns.org>
>   <mailto:charlesc-netqm...@discworld.dyndns.org>
>   <mailto:charlesc-netqm...@discworld.dyndns.org
>   <mailto:charlesc-netqm...@discworld.dyndns.org>>>
>   Dave Sill <d...@sws5.ornl.gov <mailto:d...@sws5.ornl.gov>
>  <mailto:d...@sws5.ornl.gov>
>   <mailto:d...@sws5.ornl.gov <mailto:d...@sws5.ornl.gov>>>
>   Peter Samuel <peter.sam...@gormand.com.au
>  <mailto:peter.sam...@gormand.com.au>
>   <mailto:peter.sam...@gormand.com.au>
>   <mailto:peter.sam...@gormand.com.au
>   <mailto:peter.sam...@gormand.com.au>>>
>   Henning Brauer <henn...@bsws.de
>  <mailto:henn...@bsws.de> <mailto:henn...@bsws.de>
>   <mailto:henn...@bsws.de <mailto:henn...@bsws.de>>>
> 
>   qmailtoaster-1.3.1.patchJun 05, 2006
> 
>   qmail-1.03 

Re: [qmailtoaster] Problemas...

[Jaime Lerner]

Just throwing out there that I am using BIND with no issues

From:  Eric 
Reply-To:  
Date:  Saturday, August 13, 2016 at 4:04 PM
To:  
Subject:  Re: [qmailtoaster] Problemas...

Gustavo,

I don't think you should have to reinstall qmail to fix this.

From: http://thedjbway.b0llix.net/qmail/patches.html


• qmail-1.03.big-dns.patch [port]

We mention this patch by Christopher K. Davis because it is commonly
referred to in other qmail "howto" instructions around the 'net, and
incorporated with qmail port builds on some platforms.

It patches the dns.c file in qmail, allowing it to safely receive
responses to DNS queries exceeding 512 bytes.

Of course, this patch is necessary only if using a DNS resolver such as
(ahem) BIND.

Otherwise this patch is never needed for qmail servers built "the djb
way", with DNS services provided by the dnscache resolver from the
djbdns package.




What DNS resolver are you using? Can you try djbdns?

Eric




On 8/12/2016 1:40 PM, Gustavo De Poli wrote:
>  yes. i can not solution!
> 
> 
>  2016-08-12 16:38 GMT-03:00 Eric   >:
> 
>  Is this the continuing problem with DNS lookups?
> 
>  On 8/12/2016 11:29 AM, Gustavo De Poli wrote:
> 
>  i dont know how repair.
>  im want to reinstalll all again.
> 
>  i dont found how desinstall qmail.
> 
>  Some one knows
> 
> 
>  2016-08-06 13:54 GMT-03:00 Eric   
>  >>:
> 
>  Here's the qmailtoaster patch list:
> 
>  QmailToaster is patched to the netqmail-1.05 distribution of
>  qmail.
> 
>  It is comprised of qmail-1.03 plus a patch file, some
>  documentation,
>  and a shell script which prepares the files for compilation.
> 
>  More information is available at http://qmail.org/netqmail/
> 
>  Russ Nelson 
>  >>
>  Charles Cazabon   
>    >>
>  Dave Sill 
>  >>
>  Peter Samuel   
>    >>
>  Henning Brauer 
>  >>
> 
>  qmailtoaster-1.3.1.patchJun 05, 2006
> 
>  qmail-1.03 patched to netqmail-1.05
>  ---
>  QMAILQUEUE patch
>  qmail-local patch
>  local IP 0.0.0.0 patch
>  sendmail -f patch
> 
>  Andrew St. Jean - qregex-starttls-2way-auth-20060305
>  http://www.arda.homeunix.net/store/qmail/
>  
>    >
> 
>  Frederik Vermeulen - qmail-tls 20060104
>  http://inoa.net/qmail-tls/
> 
>  Erwin Hoffman - SMTP-AUTH Version 0.57
>  http://www.fehcom.de/qmail/
> 
>  Robert Sander - qmail-remote-auth
> 
>  http://www.ornl.gov/lists/mailing-lists/qmail/2002/03/msg00091.html
>  
> 
>    
> >
> 
>  Antonio Nati - chkuser-2.0.8b
>  http://www.interazioni.it/opensource/chkuser/
>  
>    >
> 
>  Chris christo...@saout.de 
>  > -
>  qmail-spf.rc5
> 
>  http://www.saout.de/misc/spf/
> 
>  Russ Nelson - qmail-1.03-dk-0.54 domainkeys patch
>  http://www.qmail.org/qmail-1.03-dk-0.54.patch
>  
>    >
> 
>  

Re: [qmailtoaster] Roundcube Installation

[Jaime Lerner]

If you want to use /webmail as an alias for roundcube, you'll need to remark
out the squirrelmail include in your httpd.conf file:

#Include /etc/httpd/conf/squirrelmail.conf


From:  Ridwan Firmansyah 
Reply-To:  
Date:  Saturday, August 13, 2016 at 8:16 PM
To:  
Subject:  Re: [qmailtoaster] Roundcube Installation


Ok thank you Eric. Will revert for any issues

Rgds ,

Ridwan


On Aug 14, 2016 7:08 AM, "Eric"  wrote:
> no need to remove squirrelmail
> 
> On 8/13/2016 5:16 PM, Ridwan Firmansyah wrote:
>> Greeting list,
>> 
>> as we know that default webmail for Qmail is squirrelmail,also when i
>> read the 1.qmail-centos7-install.README it's shown how to install
>> roundcube, If i need to replace it with roundcube, should i remove the
>> squirrelmail first and then install roundcube ? and how to do it ?
>> 
>> thank you
>> 
>> Rgds
>> Ridwanfi
>> 
>> 
> 
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
> 

Re: [qmailtoaster] Where are Log Files?

[Jaime Lerner]

If you're looking for something, just use "find" to see where it is.

i.e.   find / -name qmail  OR sudo in front of that if you're not root

That would bring up everywhere "qmail" could be found as a file name or
directory. Note that it's an exact match - so if you wanted everything that
started with "qmail", you'd use "qmail*"

But yes, logs would be in /var/log/qmail

I'm on CentOS7 also. :)

From:  Roxanne Sandesara 
Reply-To:  
Date:  Wednesday, August 3, 2016 at 5:52 PM
To:  
Subject:  [qmailtoaster] Where are Log Files?

I cannot find the log files on the new qmail toaster installation I’ve built
on this CentOS 7 box. The locations mentioned on the wiki don’t even exist.
Where should I be looking?
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] multiple email

[Jaime Lerner]

YES. :)

From:  Eric 
Reply-To:  
Date:  Thursday, July 21, 2016 at 7:12 PM
To:  
Subject:  [qmailtoaster] multiple email

Are others receiving multiple emails from the qmailtoaster list?

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] DMARC checking?

[Jaime Lerner]

Is it possible to set up inbound DMARC checking on a QMT setup?

Re: [qmailtoaster] latest version of qmt or vm please

[Jaime Lerner]

I'm running it on CentOS 7 with no problem using those same files. I'm on a
VPS though, I didn't try it in VMWare.

From:  Tony White 
Reply-To:  
Date:  Sunday, July 17, 2016 at 11:23 AM
To:  
Subject:  Re: [qmailtoaster] latest version of qmt or vm please

Hi Eric,
   I simply cannot get a version of COS7 to install
in a VMWare VM!
Will the files you gave me work with COS6?

best wishes
   Tony White

Yea Computing Services
http://www.ycs.com.au
4 The Crescent
Yea
Victoria
Australia 3717

Telephone No's
VIC : 03 9008 5614
FAX : 03 9008 5610 (FAX2Email)

Be aware: All calls to and from YCS landlines and mobiles are recorded

IMPORTANT NOTICE

This communication including any file attachments is intended solely for
the use of the individual or entity to whom it is addressed. If you are
not the intended recipient, or the person responsible for delivering
this communication to the intended recipient, please immediately notify
the sender by email and delete the original transmission and its
contents. Any unauthorised use, dissemination, forwarding, printing or
copying of this communication including file attachments is prohibited.
It is your responsibility to scan this communication including any file
attachments for viruses and other defects. To the extent permitted by
law, Yea Computing Services and its associates will not be liable for
any loss or damage arising in any way from this communication including
any file attachments.
You may not disclose this information to a third party without written
permission from the Author.

On 17/07/2016 22:51, Eric wrote:
>  
> ftp://ftp.whitehorsetc.com/pub/repo/qmt/CentOS/7/current/x86_64/1.qmail-centos
> 7-install.README
> 
>  On 7/17/2016 12:17 AM, Tony White wrote:
>>  Hi folks,
>>Can someone point me to the latest version of QMT or
>>  even better a vm for vmware?
>>Thank you.
>> 
> 
>  -
>  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>  For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
> 
> 
> 


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] vchkpw segfaults and spamdyke errors

[Jaime Lerner]

How funny...it was because of your README that I found the issue as to why I
couldn't log in using my cell phone, but could log in using Outlook. Logging
in via my cell phone was causing segfaults with vchkpw (which Steve is
dealing with), so I saw your README and tried raising my softlimit, which
fixed the problem. I didn't notice until now that you have one more 0 than I
do. Mine is at 12800 and works fine

From:  Eric 
Reply-To:  
Date:  Saturday, June 11, 2016 at 11:33 AM
To:  
Subject:  Re: [qmailtoaster] vchkpw segfaults and spamdyke errors

I now remember why I set my submission softlimit high, to
128000--again, I never checked on setting it lower. It had to do
with one of my user's email client software, eM client. The problem
never occurred with Thunderbird of Outlook, only with eM client.

I was going through my readme
(ftp://ftp.whitehorsetc.com/pub/repo/qmt/CentOS/7/current/x86_64/1.qmail-cen
tos7-install.README)
and found that I had logged of this problem.

On 6/6/2016 11:21 AM, Eric wrote:
>  Hi Steve,
> 
>  My /var/qmail/supervise/submission/run is as follows:
> 
>  
>  #!/bin/sh
>  QMAILDUID=`id -u vpopmail`
>  NOFILESGID=`id -g vpopmail`
>  MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
>  SMTPD="/var/qmail/bin/qmail-smtpd"
>  TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
>  HOSTNAME=`hostname`
>  VCHKPW="/home/vpopmail/bin/vchkpw"
>  export REQUIRE_AUTH=1
> 
>  exec /usr/bin/softlimit -m 128000 \
>  /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
>  -u "$QMAILDUID" -g "$NOFILESGID" 0 587 \
>  $SMTPD $VCHKPW /bin/true 2>&1
>  
> 
> 
> 
>  Note the difference in our softlimits:
>  128000
>  16000
> 
>  Eric
> 
>  On 6/6/2016 9:12 AM, Steve Linberg wrote:
>>  Greetings all.
>> 
>>  Overall, my new toaster build is working great; however, combing the
>>  logs, I still see a couple of issues I’d like to get to the bottom of.
>>  (CentOS 7.2, built the toaster a couple of weeks ago.)
>> 
>>  The first is that I’m still getting a ton of segfaults from vchkpw, even
>>  having raised the softlimit in /var/qmail/supervise/submission/run from
>>  the default of 6400 to 1, 12800 and even 16000. I
>>  sometimes have 20 or more in a row in my logs:
>> 
>>  Jun  6 08:43:18 xxx kernel: vchkpw[25196]: segfault at 0 ip
>>  7fca89bdbad6 sp 7ffda62cef98 error 4 in
>>  libc-2.17.so[7fca89aa9000+1b7000]
>>  Jun  6 08:43:21 xxx kernel: vchkpw[25200]: segfault at 0 ip
>>  7f2dd9f91ad6 sp 7ffc754d7b58 error 4 in
>>  libc-2.17.so[7f2dd9e5f000+1b7000]
>>  Jun  6 08:43:23 xxx kernel: vchkpw[25204]: segfault at 0 ip
>>  7feb85bf8ad6 sp 7ffe1ad395c8 error 4 in
>>  libc-2.17.so[7feb85ac6000+1b7000]
>> 
>>  That said, I’m able to send / receive mail and log in to my imap system
>>  without any problems, so I suspect these are triggered by login attempts
>>  from someone else, but segfaults aren’t something I’m used to being
>>  comfortable with, and I’m not even sure where to begin troubleshooting
>>  this. Googling this hasn’t gotten me far. It may be a CentOS issue and
>>  not a toaster issue, but it’s still a bit unnerving. Is there anything
>>  else in the toaster config that I can look at or that might cause this?
>> 
>>  The second is hundreds of error messages from spamdyke in
>>  /var/log/maillog:
>> 
>>  Jun  6 10:56:32 xxx spamdyke[30667]: ERROR: invalid/unparsable
>>  nameserver found: 2001:4860:4860::8844
>>  Jun  6 10:56:32 xxx spamdyke[30667]: ERROR: invalid/unparsable
>>  nameserver found: 2001:4860:4860::
>> 
>>  These are constant, and always with those addresses, which I’m 99% sure
>>  are Google’s DNS servers in ipv6. I’m not actively using ipv6, and my
>>  first thought was to just turn it off (in /etc/sysctl.conf), but even
>>  after a reboot, I was still getting these messages, over and over in
>>  /var/log/maillog.
>> 
>>  Does anybody have any ideas on either of these issues? Thanks in advance.
>> 
>>  --
>>  Steve Linberg, Chief Goblin
>>  Silicon Goblin Technologies
>>  http://silicongoblin.com
>>  Be kind.  Remember, everyone you meet is fighting a hard battle.
>> 
> 
>  -
>  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>  For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
> 

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] vchkpw segfaults and spamdyke errors

[Jaime Lerner]

Thanks for looking into this, Eric. The interesting thing is, the qmailmrtg
segfaults didn't happen until I cleared up the vchkpw faults. I'm thinking
they both might be related to memory and when I raised the limit for vchkpw
it didn't leave enough memory for qmailmrtg to run sometimes. I'm thinking I
could drop the softlimit down and see if that solves it (i.e. Drop it until
the qmailmrgt segfaults stop, but not too much so as to cause the vchkpw
segfaults to start up again). And yes, they are in the messages log. I don't
have any of the "abrt-server" messages, nor anything about it not being
signed. The only thing in my log for qmailmrtg is the segfaults (and the
initial install I did with yum).

From:  Eric <ebr...@whitehorsetc.com>
Reply-To:  <qmailtoaster-list@qmailtoaster.com>
Date:  Friday, June 10, 2016 at 12:02 PM
To:  <qmailtoaster-list@qmailtoaster.com>
Subject:  Re: [qmailtoaster] vchkpw segfaults and spamdyke errors

Hi Jamie,

I had these as well on a client server about a month ago for a few days
and they went away. They showed up in the postmaster logwatch email. I
traced them to the messages log.

I ran the following command (with output):

# cat messages* | grep -C 4 segfault

May 18 09:25:02 mail kernel: qmailmrtg[20759]: segfault at 604000 ip
00400b17 sp 7fff8f462560 error 4 in qmailmrtg[40+2000]
May 18 09:25:02 mail abrt-server: Package 'qmailmrtg' isn't signed with
proper key
May 18 09:25:02 mail abrt-server: 'post-create' on
'/var/spool/abrt/ccpp-2016-05-18-09:25:02-20759' exited with 1
May 18 09:25:02 mail abrt-server: Deleting problem directory
'/var/spool/abrt/ccpp-2016-05-18-09:25:02-20759'

And, it looks like it has something to do with signing.

I got distracted and will have to investigate this further.

Eric


On 6/10/2016 9:15 AM, Jaime Lerner wrote:
>  I don't get segfaults from vchkpw anymore (not since raising my
>  softlimit), but I get from 1-3 segfaults from qmailmrtg daily. I don't
>  really need or want qmailmrtg, so if anyone can tell me how to turn it
>  off, that would be great. :) Otherwise, it's not causing any problems
>  for me since I don't use it.
> 
>  [root@mail qmail]# grep segfault /var/log/messages
> 
>  Jun  5 16:20:01 mail kernel: qmailmrtg[26761]: *segfault* at 604000 ip
>  00400b17 sp 7ffcbfdbc4a0 error 4 in qmailmrtg[40+2000]
> 
>  Jun  5 16:40:01 mail kernel: qmailmrtg[28163]: *segfault* at 604000 ip
>  00400b17 sp 7fffbac92110 error 4 in qmailmrtg[40+2000]
> 
>  Jun  5 16:55:01 mail kernel: qmailmrtg[29324]: *segfault* at 604000 ip
>  00400b17 sp 7fff8ca08810 error 4 in qmailmrtg[40+2000]
> 
>  Jun  6 12:20:01 mail kernel: qmailmrtg[30300]: *segfault* at 604000 ip
>  00400b17 sp 7ffe382ce270 error 4 in qmailmrtg[40+2000]
> 
>  Jun  7 11:25:01 mail kernel: qmailmrtg[10676]: *segfault* at 604000 ip
>  00400b17 sp 7fff0e24eff0 error 4 in qmailmrtg[40+2000]
> 
>  Jun  7 15:00:02 mail kernel: qmailmrtg[20856]: *segfault* at 604000 ip
>  00400b17 sp 7ffec310ee90 error 4 in qmailmrtg[40+2000]
> 
>  Jun  7 15:05:01 mail kernel: qmailmrtg[21134]: *segfault* at 604000 ip
>  00400b17 sp 7fff02dd4660 error 4 in qmailmrtg[40+2000]
> 
>  Jun  8 07:20:01 mail kernel: qmailmrtg[31909]: *segfault* at 604000 ip
>  00400b17 sp 7ffc923737e0 error 4 in qmailmrtg[40+2000]
> 
>  Jun  8 12:15:01 mail kernel: qmailmrtg[12908]: *segfault* at 604000 ip
>  00400b17 sp 7ffc75843060 error 4 in qmailmrtg[40+2000]
> 
>  Jun  9 12:15:01 mail kernel: qmailmrtg[11826]: *segfault* at 604000 ip
>  00400b17 sp 7ffd93dcda20 error 4 in qmailmrtg[40+2000]
> 
>  Jun 10 10:15:01 mail kernel: qmailmrtg[6510]: *segfault* at 604000 ip
>  00400b17 sp 7fff8e676c30 error 4 in qmailmrtg[40+2000]
> 
>  Jun 10 10:25:01 mail kernel: qmailmrtg[6931]: *segfault* at 604000 ip
>  00400b17 sp 7ffc884b8570 error 4 in qmailmrtg[40+2000]
> 
>  Jun 10 10:40:01 mail kernel: qmailmrtg[7683]: *segfault* at 604000 ip
>  00400b17 sp 7ffd97d86ab0 error 4 in qmailmrtg[40+2000]
> 
> 
>  From: Steve Linberg <st...@silicongoblin.com
>  <mailto:st...@silicongoblin.com>>
>  Reply-To: <qmailtoaster-list@qmailtoaster.com
>  <mailto:qmailtoaster-list@qmailtoaster.com>>
>  Date: Friday, June 10, 2016 at 10:48 AM
>  To: <qmailtoaster-list@qmailtoaster.com
>  <mailto:qmailtoaster-list@qmailtoaster.com>>
>  Subject: Re: [qmailtoaster] vchkpw segfaults and spamdyke errors
> 
>  Still working on the segfault problem; got dozens of them overnight when
>  I definitely wasn’t using any services. softlimit
>  in /var/qmail/supervise/submission/run is at 500 

Re: [qmailtoaster] vchkpw segfaults and spamdyke errors

[Jaime Lerner]

I don't get segfaults from vchkpw anymore (not since raising my softlimit),
but I get from 1-3 segfaults from qmailmrtg daily. I don't really need or
want qmailmrtg, so if anyone can tell me how to turn it off, that would be
great. :) Otherwise, it's not causing any problems for me since I don't use
it.

[root@mail qmail]# grep segfault /var/log/messages

Jun  5 16:20:01 mail kernel: qmailmrtg[26761]: segfault at 604000 ip
00400b17 sp 7ffcbfdbc4a0 error 4 in qmailmrtg[40+2000]

Jun  5 16:40:01 mail kernel: qmailmrtg[28163]: segfault at 604000 ip
00400b17 sp 7fffbac92110 error 4 in qmailmrtg[40+2000]

Jun  5 16:55:01 mail kernel: qmailmrtg[29324]: segfault at 604000 ip
00400b17 sp 7fff8ca08810 error 4 in qmailmrtg[40+2000]

Jun  6 12:20:01 mail kernel: qmailmrtg[30300]: segfault at 604000 ip
00400b17 sp 7ffe382ce270 error 4 in qmailmrtg[40+2000]

Jun  7 11:25:01 mail kernel: qmailmrtg[10676]: segfault at 604000 ip
00400b17 sp 7fff0e24eff0 error 4 in qmailmrtg[40+2000]

Jun  7 15:00:02 mail kernel: qmailmrtg[20856]: segfault at 604000 ip
00400b17 sp 7ffec310ee90 error 4 in qmailmrtg[40+2000]

Jun  7 15:05:01 mail kernel: qmailmrtg[21134]: segfault at 604000 ip
00400b17 sp 7fff02dd4660 error 4 in qmailmrtg[40+2000]

Jun  8 07:20:01 mail kernel: qmailmrtg[31909]: segfault at 604000 ip
00400b17 sp 7ffc923737e0 error 4 in qmailmrtg[40+2000]

Jun  8 12:15:01 mail kernel: qmailmrtg[12908]: segfault at 604000 ip
00400b17 sp 7ffc75843060 error 4 in qmailmrtg[40+2000]

Jun  9 12:15:01 mail kernel: qmailmrtg[11826]: segfault at 604000 ip
00400b17 sp 7ffd93dcda20 error 4 in qmailmrtg[40+2000]

Jun 10 10:15:01 mail kernel: qmailmrtg[6510]: segfault at 604000 ip
00400b17 sp 7fff8e676c30 error 4 in qmailmrtg[40+2000]

Jun 10 10:25:01 mail kernel: qmailmrtg[6931]: segfault at 604000 ip
00400b17 sp 7ffc884b8570 error 4 in qmailmrtg[40+2000]

Jun 10 10:40:01 mail kernel: qmailmrtg[7683]: segfault at 604000 ip
00400b17 sp 7ffd97d86ab0 error 4 in qmailmrtg[40+2000]


From:  Steve Linberg 
Reply-To:  
Date:  Friday, June 10, 2016 at 10:48 AM
To:  
Subject:  Re: [qmailtoaster] vchkpw segfaults and spamdyke errors

Still working on the segfault problem; got dozens of them overnight when I
definitely wasn’t using any services. softlimit in
/var/qmail/supervise/submission/run is at 500 megs and rising, but I’m still
having trouble believing it needs to be that high or higher.

While I continue to push that: is there any way to know what process chain
is invoking the vchkpw process that’s segfaulting? Don’t a number of
different processes use it? I don’t know for a fact that submission is the
one that’s causing it. I can’t find any other clues in my logs, like events
happening at the same time as the segfaults, but are there any other
possible culprits that might invoke vchkpw without enough RAM to do whatever
it’s trying to do?


-- 
Steve Linberg, Chief Goblin
Silicon Goblin Technologies
http://silicongoblin.com
Be kind.  Remember, everyone you meet is fighting a hard battle.

Re: [qmailtoaster] vchkpw segfaults and spamdyke errors

[Jaime Lerner]

Are your users doing any other kind of login/authentication other than via
the submission port (587)? If so, I'd try upping the softlimit on the other
run files.  I only did submission because that's the only port I'm using.

From:  Steve Linberg 
Reply-To:  
Date:  Thursday, June 9, 2016 at 12:17 PM
To:  
Subject:  Re: [qmailtoaster] vchkpw segfaults and spamdyke errors

I’ve been incrementally raising the softlimit in
/var/qmail/supervise/submission/run over the past few days in an effort to
stop the vchkpw segfaults, and I’ve taken it all the way up to 12:

#!/bin/sh  
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
export REQUIRE_AUTH=1

exec /usr/bin/softlimit -m 12 \
/usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 587 \
$SMTPD $VCHKPW /bin/true 2>&1

Unfortunately, it doesn’t seem to have made any difference at all in the
number or frequency of segfaults.

Jun  9 11:56:44 xxx kernel: vchkpw[29989]: segfault at 0 ip 7f687b728ad6
sp 7ffc7d038908 error 4 in libc-2.17.so[7f687b5f6000+1b7000]

I just can’t believe that 1.2 BILLION BYTES isn’t enough to handle
qmail-smtp or an imap login or whatever it’s doing here. My previous
qmailtoaster build runs on a VM with 512mb total RAM, also running Apache
and Mailman, and has never segfaulted. There must be something else going
on.

Is “qmailctl restart” the right way to activate changes to
/var/qmail/supervise/submission/run? That’s what I’ve been doing.

Anybody have any other ideas or theories? Again, this is a clean CentOS 7.2
VM at DigitalOcean, with 2gb RAM. I’ve disabled ipv6 and selinux.

-- 
Steve Linberg, Chief Goblin
Silicon Goblin Technologies
http://silicongoblin.com
Be kind.  Remember, everyone you meet is fighting a hard battle.

Re: [qmailtoaster] vchkpw segfaults and spamdyke errors

[Jaime Lerner]

I'm not getting either of those issues. My softlimit is set at 12800.

I'm also running Bind on my mailserver and am using my internal nameserver
rather than Google's public servers (though they are the fallbacks). My
understanding is Spamdyke doesn't support ipv6 so maybe that's why you're
getting those errors

What do you have in your /etc/resolv.conf file?  If you have the ipv6 IPs
for Google in there rather than the ipv4 IPs, maybe that's your issue?

From:  Steve Linberg 
Reply-To:  
Date:  Monday, June 6, 2016 at 11:12 AM
To:  
Subject:  [qmailtoaster] vchkpw segfaults and spamdyke errors

Greetings all.

Overall, my new toaster build is working great; however, combing the logs, I
still see a couple of issues I’d like to get to the bottom of. (CentOS 7.2,
built the toaster a couple of weeks ago.)

The first is that I’m still getting a ton of segfaults from vchkpw, even
having raised the softlimit in /var/qmail/supervise/submission/run from the
default of 6400 to 1, 12800 and even 16000. I sometimes
have 20 or more in a row in my logs:

Jun  6 08:43:18 xxx kernel: vchkpw[25196]: segfault at 0 ip 7fca89bdbad6
sp 7ffda62cef98 error 4 in libc-2.17.so[7fca89aa9000+1b7000]
Jun  6 08:43:21 xxx kernel: vchkpw[25200]: segfault at 0 ip 7f2dd9f91ad6
sp 7ffc754d7b58 error 4 in libc-2.17.so[7f2dd9e5f000+1b7000]
Jun  6 08:43:23 xxx kernel: vchkpw[25204]: segfault at 0 ip 7feb85bf8ad6
sp 7ffe1ad395c8 error 4 in libc-2.17.so[7feb85ac6000+1b7000]

That said, I’m able to send / receive mail and log in to my imap system
without any problems, so I suspect these are triggered by login attempts
from someone else, but segfaults aren’t something I’m used to being
comfortable with, and I’m not even sure where to begin troubleshooting this.
Googling this hasn’t gotten me far. It may be a CentOS issue and not a
toaster issue, but it’s still a bit unnerving. Is there anything else in the
toaster config that I can look at or that might cause this?

The second is hundreds of error messages from spamdyke in /var/log/maillog:

Jun  6 10:56:32 xxx spamdyke[30667]: ERROR: invalid/unparsable nameserver
found: 2001:4860:4860::8844
Jun  6 10:56:32 xxx spamdyke[30667]: ERROR: invalid/unparsable nameserver
found: 2001:4860:4860::

These are constant, and always with those addresses, which I’m 99% sure are
Google’s DNS servers in ipv6. I’m not actively using ipv6, and my first
thought was to just turn it off (in /etc/sysctl.conf), but even after a
reboot, I was still getting these messages, over and over in
/var/log/maillog.

Does anybody have any ideas on either of these issues? Thanks in advance.

-- 
Steve Linberg, Chief Goblin
Silicon Goblin Technologies
http://silicongoblin.com
Be kind.  Remember, everyone you meet is fighting a hard battle.

Re: [qmailtoaster] Big Thank You to Eric B

[Jaime Lerner]

Thank you again! I implemented it and ran several tests from Gmail and
everything went through. While I was at it I saw an email with an mp3
attachment bounced, so I had to remove .mp3 from simcontrol. Seems odd to me
that the .mp3 attachment was in there by default, but maybe it's because I
send/receive mp3 files all the time. :)

From:  Aleksander Podsiadły 
Organization:  Urząd Gminy w Mniowie
Reply-To:  
Date:  Tuesday, May 24, 2016 at 6:09 AM
To:  
Subject:  Re: [qmailtoaster] Big Thank You to Eric B

W dniu 24.05.2016, wto o godzinie 11∶38 +0200, użytkownik Sebastian
Grewe napisał:
>  Thanks for the tip! Enabled this and it seems to work while testing
>  :-)

Works for me 7 years and 3 days.

The time passes very quickly.

-- 
Pozdrawiam/Regards,
mgr inż. Aleksander Podsiadły
starszy informatyk
Urząd Gminy w Mniowie
ul. Centralna 9
26-080 Mniów
tel: +48 413737002
fax: +48 413737024
mail: a...@mniow.pl
a...@mniow.eu
jid: a...@jabber.mniow.pl
gg: 9150578

Re: [qmailtoaster] Big Thank You to Eric B

[Jaime Lerner]

A. Thank you! Yes, my first test was to Google and it bounced, so I
panicked and removed it. Definitely didn't want to be bouncing Gmail emails.
So with those codes you've had no issues? If not, I'll put it back in.
Please confirm. Thanks again!

From:  Aleksander Podsiadły <a...@mniow.pl>
Organization:  Urząd Gminy w Mniowie
Reply-To:  <qmailtoaster-list@qmailtoaster.com>
Date:  Monday, May 23, 2016 at 1:57 PM
To:  <qmailtoaster-list@qmailtoaster.com>
Subject:  Re: [qmailtoaster] Big Thank You to Eric B

W dniu 23.05.2016, pon o godzinie 10∶24 -0400, użytkownik Jaime Lerner
napisał:
>  Had to turn off DKVERIFY for incoming because it was bouncing emails

Works for me:
:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONG
RCPTLIMIT="10",DKVERIFY="DEIJKfh",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEU
E="/var/qmail/bin/qmail-queue.orig",DKSIGN="/var/qmail/control/domainkeys/%/
private",NOP0FCHECK="1"

There was problem with "G" with Google.

-- 
Pozdrawiam/Regards,
mgr inż. Aleksander Podsiadły
starszy informatyk
Urząd Gminy w Mniowie
ul. Centralna 9
26-080 Mniów
tel: +48 413737002
fax: +48 413737024
mail: a...@mniow.pl
a...@mniow.eu
jid: a...@jabber.mniow.pl
gg: 9150578



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] Big Thank You to Eric B

[Jaime Lerner]

I've been using qmail since the late 90s and am a huge fangirl (yes, I think
I'm the only girl on here, lol). I just wanted to say after installing from
binaries years ago I found QMT and breathed a sigh of relief. What a
timesaver! I used it on my last mailserver 5 years ago, but found I needed
to make a move and wanted to see if I could get it running on Centos7.
Thanks to the awesome script from Eric, the install was a breeze! As he
warned, it hung a while on the ClamAV install, but other than that it ran
smoothly. My only issue was figuring out how to install my new SSL cert and
remove the self-signed one.

Finally got that figured out and everything is working cleanly. SMTP is a
bit slow to connect, so if anyone has a super quick solution for that, it
would be great. I remember I had the same issue when I set up my previous
server, but of course I have no clue now how I solved it. :)  I already
changed the Spamdyke setting for delaying the greeting to ZERO and that
helped with testing the setup through CheckTLS.com (everything got a green),
but it still takes 3-4 seconds to process. I don't know if that can be
changed based on everything that's going on though?

I also have DKIM working smoothly. Emails are being signed and once I
changed the encryption to 1024 for the public key, Google gave it a "pass",
whereas when I first tested, it gave a "weak-key" response. (Had to turn off
DKVERIFY for incoming because it was bouncing emails).

By the way, I'm using one of the free SSL certs from Let's Encrypt (lets
encrypt.org). Just letting everyone know the cert worked in case you were
thinking of trying it.