RE: [qmailtoaster] SMTP attack
Are all of the username portions of the e-mail addresses legitimate e-mails? IE, it looks like you cleansed the domain portion, but, in the log, are the all, or most, of the e-mails legitimate? I've seen this with random attempts at guessing e-mails and passwords, but not with all legit e-mails. If they are all legit, is the domain yours? Or is it theirs? (IE do you host it as an ISP, or is this the only domain and you control it?) Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Sergio M [mailto:sergio...@gmail.com] Sent: Tuesday, March 01, 2011 4:25 PM To: QmailToaster List Subject: [qmailtoaster] SMTP attack Hi there list, i have been under heavy traffic since sunday, and its been using all my inbound connections. I have a QMT updated box, running the latest spamdyke: # qtp-whatami /qtp-whatami v0.3.7 Tue Mar 1 21:14:03 ART 2011 DISTRO=CentOS OSVER=5.5 QTARCH=x86_64 QTKERN=2.6.18-194.32.1.el5 BUILD_DIST=cnt5064 BUILD_DIR=/usr/src/redhat This machine's OS is supported and has been tested/ Even though spamdyke does not let the spammers relay the mail, i still get all the connections used, making it very hard for authenticated users to send mail. For now I stopped smtpd, but i wanna see if you guys have some other thoughts to solve this. If I see the maillog, i see LOTS of entries like these: /Feb 27 14:57:38 mail spamdyke[31069]: FILTER_RBL_MATCH ip: 201.0.152.106 rbl: zen.spamhaus.org Feb 27 14:57:38 mail vpopmail[31072]: vchkpw-smtp: password fail (pass: 'luckymi') lucianos...@domain.com:190.158.93.231 Feb 27 14:57:38 mail spamdyke[31071]: FILTER_RBL_MATCH ip: 201.43.79.201 rbl: zen.spamhaus.org Feb 27 14:57:38 mail spamdyke[31075]: FILTER_BLACKLIST_IP ip: 187.106.1.158 file: /var/qmail/control/ip-blacklist(75) Feb 27 14:57:38 mail vpopmail[31077]: vchkpw-smtp: password fail (pass: 'jdorm253') jorgerodrig...@domain.com:201.250.40.202 Feb 27 14:57:38 mail spamdyke[31080]: FILTER_RBL_MATCH ip: 201.81.74.149 rbl: zen.spamhaus.org Feb 27 14:57:39 mail vpopmail[31082]: vchkpw-smtp: password fail (pass: 'edos1kd9') eduardos...@domain.com:201.82.74.70 Feb 27 14:57:39 mail spamdyke[31084]: FILTER_RDNS_RESOLVE ip: 189.106.88.244 rdns: 189106088244.user.veloxzone.com.br Feb 27 14:57:40 mail vpopmail[31086]: vchkpw-smtp: password fail (pass: 'luckymi') lucianos...@domain.com:201.43.79.201 Feb 27 14:57:40 mail vpopmail[31088]: vchkpw-smtp: password fail (pass: 'luckymi') lucianos...@domain.com:189.106.88.244 Feb 27 14:57:41 mail spamdyke[31090]: FILTER_RDNS_RESOLVE ip: 200.105.97.83 rdns: rev.97.83-telecablecr.com Feb 27 14:57:42 mail vpopmail[31092]: vchkpw-smtp: password fail (pass: 'jdorm253') jorgerodrig...@domain.com:187.106.1.158 Feb 27 14:57:42 mail vpopmail[31095]: vchkpw-smtp: password fail (pass: 'luckymi') lucianos...@domain.com:201.0.152.106 Feb 27 14:57:42 mail spamdyke[31094]: FILTER_RBL_MATCH ip: 93.39.224.8 rbl: zen.spamhaus.org Feb 27 14:57:42 mail vpopmail[31098]: vchkpw-smtp: password fail (pass: 'luckymi') lucianos...@domain.com:200.45.73.226 Feb 27 14:57:43 mail spamdyke[31100]: FILTER_RBL_MATCH ip: 189.54.236.113 rbl: zen.spamhaus.org Feb 27 14:57:43 mail spamdyke[31102]: FILTER_BLACKLIST_IP ip: 187.119.172.80 file: /var/qmail/control/ip-blacklist(75) Feb 27 14:57:43 mail vpopmail[31105]: vchkpw-smtp: password fail (pass: 'luckymi') lucianos...@domain.com:189.114.176.151 Feb 27 14:57:44 mail vpopmail[31107]: vchkpw-smtp: password fail (pass: 'luckymi') lucianos...@domain.com:190.158.93.231 Feb 27 14:57:44 mail vpopmail[31110]: vchkpw-smtp: password fail (pass: 'edos1kd9') eduardos...@domain.com:93.39.224.8/ So i guess some botnet is trying to relay mail guessing a specific domain user's passwords. Most of the attempts are blocked by RBL checking, but that still create a connection. Looking at # cat /var/log/qmail/smtp/current | tai64nlocal /2011-03-01 20:54:01.905947500 tcpserver: pid 4879 from 189.6.164.77 2011-03-01 20:54:01.906030500 tcpserver: ok 4879 mail.myhost.com.ar:11.22.33.44:25 :189.6.164.77::37629 2011-03-01 20:54:02.157286500 tcpserver: end 4797 status 0 2011-03-01 20:54:02.157289500 tcpserver: status: 24/25 2011-03-01 20:54:02.157290500 tcpserver: status: 25/25 2011-03-01 20:54:02.157443500 tcpserver: pid 4881 from 190.172.129.24 2011-03-01 20:54:02.157530500 tcpserver: ok 4881 mail.myhost.com.ar:11.22.33.44:25 :190.172.129.24::14782 2011-03-01 20:54:05.433208500 tcpserver: end 4857 status 0 2011-03-01 20:54:05.433211500 tcpserver: status: 24/25 2011-03-01 20:54:05.433212500 tcpserver: status: 25/25 2011-03-01 20:54:05.433213500 tcpserver: pid 4903 from 189.78.49.139 2011-03-01 20:54:05.433215500 tcpserver: ok 4903 mail.myhost.com.ar:11.22.33.44:25 :189.78.49.139::36877 2011-03-01 20:54:06.075161500 tcpserver: end 4800 status 0 2011-03-01 20:54:06.075164500 tcpserver: status: 24/25
RE: [qmailtoaster] SMTP attack
Well... My first thought would be to isolate this domain from my mail server, so that it isn't affecting my other customers. Perhaps changing DNS (Change the IP for the server to something non-existent for now, like 192.168.0.1 or something.) Likely won't stop it immediately but might prevent new Bots from finding the server after you block existing ones. Also, block the domain in spamdyke. I think that will drop the connection at the SMTP level almost immediately, and prevent them from possibly finding a good username/password combo. This might free up enough resources to allow your other customers to start being able to send. Then maybe go through the logs, add IP's to IPTABLES, and hope the DNS changes prevent new bots from finding the server. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Sergio M [mailto:sergio...@gmail.com] Sent: Tuesday, March 01, 2011 6:45 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] SMTP attack Michael Colvin escribió: Are all of the username portions of the e-mail addresses legitimate e- mails? IE, it looks like you cleansed the domain portion, but, in the log, are the all, or most, of the e-mails legitimate? I've seen this with random attempts at guessing e-mails and passwords, but not with all legit e-mails. If they are all legit, is the domain yours? Or is it theirs? (IE do you host it as an ISP, or is this the only domain and you control it?) Michael J. Colvin NorCal Internet Services www.norcalisp.com Hi Michael, they are all legitimate email addresses, for one domain only though. We host it as an ISP. Thanks! -- --- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! -- --- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list- unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list- h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] SMTP attack
I agree about Fail2Ban. That's your ultimate goal, but for me, getting the other users of the mail server back online is first... (Assuming you can w/o using Fail2ban) I've found once attacks like this get effectively blocked, they go away, unless as South says, they pissed someone off and are a specific target... Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: South Computers [mailto:i...@southcomputers.com] Sent: Tuesday, March 01, 2011 7:07 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] SMTP attack Sounds like they may have gotten hit with a virus or pissed someone off. I would block the domain from relaying inform the customer, possibly make them change their email account passwords if it's not a large organization. Ask them to relay through their provider if possible for the time being. Fail2ban would be the best solution for the time being as previously mentioned. Sergio M wrote: Michael Colvin escribió: Are all of the username portions of the e-mail addresses legitimate e-mails? IE, it looks like you cleansed the domain portion, but, in the log, are the all, or most, of the e-mails legitimate? I've seen this with random attempts at guessing e-mails and passwords, but not with all legit e-mails. If they are all legit, is the domain yours? Or is it theirs? (IE do you host it as an ISP, or is this the only domain and you control it?) Michael J. Colvin NorCal Internet Services www.norcalisp.com Hi Michael, they are all legitimate email addresses, for one domain only though. We host it as an ISP. Thanks! - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- --- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! -- --- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list- unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list- h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] to add a domain
./vadddomain mydomain.com password The password is the password for the Postmaster account for that domain. You can get a full list of options for ./vadddomain by entering it with no options. You must also be in the /home/vpopmail/bin folder. You can ls to get a list of the various other cli commands available. Michael J. Colvin NorCal Internet Services http://www.norcalisp.com/ www.norcalisp.com (916) 864- _ From: Jim Shupert [mailto:jshup...@pps-inc.com] Sent: Tuesday, February 01, 2011 11:52 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] to add a domain Friends, i wish to add a domain. I seem to recall that it is best to do this via the cli verses the web gui. what might be the command string to make an additional domain such as mydomain.com thanks image001.jpg
RE: [qmailtoaster] to add a domain
:-) I was going to reply to your post with: Na na! I beat you!..But, I figured we're too mature around here for that. :-P Michael J. Colvin NorCal Internet Services http://www.norcalisp.com/ www.norcalisp.com (916) 864- _ From: Maxwell Smart [mailto:c...@yother.com] Sent: Tuesday, February 01, 2011 12:11 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] to add a domain Your too fast Michael... On 02/01/2011 12:03 PM, Michael Colvin wrote: ./vadddomain mydomain.com password The password is the password for the Postmaster account for that domain. You can get a full list of options for ./vadddomain by entering it with no options. You must also be in the /home/vpopmail/bin folder. You can ls to get a list of the various other cli commands available. Michael J. Colvin NorCal Internet Services http://www.norcalisp.com/ www.norcalisp.com (916) 864- _ From: Jim Shupert [mailto:jshup...@pps-inc.com] Sent: Tuesday, February 01, 2011 11:52 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] to add a domain Friends, i wish to add a domain. I seem to recall that it is best to do this via the cli verses the web gui. what might be the command string to make an additional domain such as mydomain.com thanks -- Cecil Yother, Jr. cj cj's 2318 Clement Ave Alameda, CA 94501 tel 510.865.2787 http://yother.com Check out the new Volvo classified resource http://www.volvoclassified.com image001.jpgimage002.jpg
RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
- So... I've checked my Spamdyke config, and don't see anything that would cause it to pass RELAYCLIENT... No whitelisted e-mails, domains, and I removed the IP's (Or narrowed them down to just the servers). Same result... But I think we might be on the right track... Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Wednesday, January 12, 2011 9:03 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro Bingo! That's it all right. Nice bit of sleuthing, Michael. My apologies to CJ as he was on the right track. I missed the bit about your local lan addresses being whitelisted though. Spamdyke's documentation at http://www.spamdyke.org/documentation/README.html#RELAYING says: Authenticated and whitelisted connections will be allowed to relay. So my question now is, why do you have your LAN whitelisted? -- -Eric 'shubes' On 01/11/2011 07:37 PM, Michael Colvin wrote: Eric.. Check this thread out... I think this may be pointing me in the right direction... http://osdir.com/ml/mail.qmail.simscan/2007-12/msg00029.html The 2nd paragraph... Because relay client is set, simscan doesnt run the message through SpamAssassin (Since it's supposedly from a trusted source). Could spamdyke be passing a value for RELAYCLIENT? I've got the 192.168.100.0/24 (The private network my mail cluster is on) Whitelisted in spamdyke... Any place else that might be passing RELAYCLIENT? It's not in my tcp.smtp file. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Tuesday, January 11, 2011 11:06 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro I'm at a loss Michael. I think I'd look closer into spamassassin at this point. Can you invoke SA 'manually'? On 01/11/2011 11:13 AM, Michael Colvin wrote: Here you go Eric. Both servers had identical outputs, other than one being installed the day after this one. :-) Name: simscan-toaster Relocations: (not relocatable) Version : 1.4.0 Vendor: (none) Release : 1.3.8 Build Date: Fri 29 Oct 2010 02:28:37 AM PDT Install Date: Fri 29 Oct 2010 02:30:25 AM PDT Build Host: mail-1.norcalisp.com Group : Networking/Other Source RPM: simscan-toaster-1.4.0-1.3.8.src.rpm Size: 113364 License: GPL Signature : (none) Packager: Jake Vickersj...@qmailtoaster.com URL : http://www.inter7.com/vpopmail Summary : Simscan for qmail-toaster Description : SimScan is a simplified scanner for qmail similar to qmail-scanner and qscand. It uses clamav, trophie, and/or spamassassin. It also supports attachment blocking by extension. Simscan is written entirely in C to ensure maximum speed. There are several options to allow simscan to scan per domain, and reject spam mail. Current settings --- user = clamav qmail directory = /var/qmail work directory= /var/qmail/simscan control directory = /var/qmail/control qmail queue program = /var/qmail/bin/qmail-queue clamdscan program = /usr/bin/clamdscan clamav scan = ON trophie scanning = OFF attachement scan = ON ripmime program = /usr/bin/ripmime custom smtp reject= ON drop message = OFF regex scanner = OFF quarantine processing = OFF domain based checking = ON add received header = ON spam scanning = ON spamc program = /usr/bin/spamc spamc arguments = spamc user= OFF authenticated users scanned = OFF spam passthru = OFF spam hits = 40 Current simcontrol config -- :clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Tuesday, January 11, 2011 8:36 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro I don't think so, Cecil. I have QMT hosts behind NAT routers, and SA still scans. Authenticated submissions aren't scanned though. Michael, can you post your # rpm -qi simscan-toaster (just double checking
RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
Agreed (With the authenticating hosting servers part). This was a quick (And I thought ok) way of getting these toasters up... I'm obviously going to have to go back through and tweak some stuff. I'll pull spamdyke down, test again, and let you know. I'm going to re-read the link you included to the Relaying portion of SpamDykes config first, to see if I have a Duh moment. I'll keep you posted! Thanks again. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Wednesday, January 12, 2011 9:53 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro I think I understand. I did notice the QMR server further down the line and wondered a little about it. I'd remove spamdyke temporarily at this point and test. Then you'll know for sure if spamdyke setting RELAYCLIENT is the cause or not. P.S. I realize that web hosting servers are a pita, but configuring them to authenticate is a good practice imo. Then you don't need any open relaying. -- -Eric 'shubes' On 01/12/2011 10:35 AM, Michael Colvin wrote: Ummm... Mainly I think it was laziness so that the web hosting servers could send via these servers. (Instead of listing just the specific internal IP's, since I add servers occasionally...) I think there was another reason involving how my outbound mail is working, but now that I'm trying to explain it in an e-mail, I'm not sure *that* reason is valid, so I'll need to think about that one. :-) The particular servers we're looking at hear, handle inbound e-mail filtering only, then forward the mail to another cluster that's customer facing. So... Ok, now I need to figure out where it's getting that from, because, I'm not sure you saw the other message, but I removed the internal network from the whitelisting, and still nothing. And, now that I think about it, the e-mail isn't coming from an internal IP at the point we're looking at... The server has an internal IP, but it is the first server to handle the e-mail, so it's not getting it from another server with an internal IP. It has an internal IP because it's behind a load balancer. I think what we're seeing, and what CJ was seeing (BTW, thanks CJ, your comment is what got me looking in this direction) was the *second* cluster, which is getting the e-mail from the first cluster via internal IP's...I'm not concerned with that server not scanning w/spamassassin, since it should be scanned with the first cluster. :-) Besides, that second cluster is an older QMR server that I want to pull out, once I get it replaced with QMT servers... Here's the header from your e-mail. Notice the first few lines, with one containing qmail-scanner. Obviously, this isn't a Toaster. Further down, we see the Toaster's headers, which is still the area we were looking at with the simscan entries. (Continued after header!) - Received: (qmail 10090 invoked by uid 1010); 12 Jan 2011 09:04:54 -0800 Received: from 192.168.100.121 by mail.norcalisp.com (envelope-from qmailtoaster-list-return-9149-mcolvin=norcalisp@qmailtoaster.com, uid 1008) with qmail-scanner-1.25-st-qms (clamdscan: 0.91.2/1082. spamassassin: 3.2.0. perlscan: 1.25-st-qms. Clear:RC:1(192.168.100.121):. Processed in 0.058344 secs); 12 Jan 2011 17:04:54 - X-Antivirus-NorCalISP-Mail-From: qmailtoaster-list-return-9149-mcolvin=norcalisp@qmailtoaster.com via mail.norcalisp.com X-Antivirus-NorCalISP: 1.25-st-qms (Clear:RC:1(192.168.100.121):. Processed in 0.058344 secs Process 10085) Received: from unknown (HELO mail.norcalisp.com) (192.168.100.121) by mail.norcalisp.com with SMTP; 12 Jan 2011 09:04:53 -0800 Received: (qmail 5478 invoked by uid 89); 12 Jan 2011 17:04:53 - Received: by simscan 1.4.0 ppid: 5155, pid: 5189, t: 23.0613s scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12509 Received: from unknown (HELO mail.qmailtoaster.com) (70.60.227.157) by mail.norcalisp.com with SMTP; 12 Jan 2011 17:04:30 - Received: (qmail 10722 invoked by uid 89); 12 Jan 2011 17:03:39 - Mailing-List: contact qmailtoaster-list-h...@qmailtoaster.com; run by ezmlm Precedence: bulk List-Post:mailto:qmailtoaster-list@qmailtoaster.com List-Help:mailto:qmailtoaster-list-h...@qmailtoaster.com List-Unsubscribe:mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com List-Subscribe:mailto:qmailtoaster-list-subscr...@qmailtoaster.com Reply-To: qmailtoaster-list@qmailtoaster.com Delivered-To: mailing list qmailtoaster-list@qmailtoaster.com Received: (qmail 10715 invoked by uid 89); 12 Jan 2011 17:03:39 - X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail.qmailtoaster.com X-Spam-Level: X-Spam-Status: No, score=-1.4
RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
Eric, I've checked all the places I can think of that it might be getting RELAYCLIENT set at (/var/qmail/control/relay , /etc/spamdyke/whitelist_ip and tcp.smtp) and I've removed any reference to my internal network... Still no luck. Any place else you can think of before I write the RELAYCLIENT flag as being the issue? Michael J. Colvin NorCal Internet Services www.norcalisp.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
OK... So, I pulled spamdyke out of the picture, and what do you know, suddenly the simscan line shows what we'd expect: Received: by simscan 1.4.0 ppid: 23321, pid: 23323, t: 0.2519s scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12510 spam: 3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail.norcalisp.com X-Spam-Level: *** X-Spam-Status: No, score=3.5 required=5.0 tests=DK_SIGNED,FH_DATE_PAST_20XX, HTML_MESSAGE,RDNS_NONE autolearn=no version=3.2.5 So... I've got something in SpamDyke that's likely setting RELAYCLIENT. I'm pretty certain it's not whitelist_ip, since I pulled the internal range out. I also pulled it out of the relay file that access-file in the spamdyke.conf file points too. Here's my spamdyke.conf log-level=info access-file=/var/qmail/control/relay local-domains-file=/var/qmail/control/rcpthosts max-recipients=20 idle-timeout-secs=180 greeting-delay-secs=0 graylist-level=always graylist-dir=/var/spamdyke/graylist graylist-min-secs=300 graylist-max-secs=1814400 #policy-url=http://www.norcalisp.com/nospam?reason= sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders ip-whitelist-file=/etc/spamdyke/whitelist_ip rdns-whitelist-file=/etc/spamdyke/whitelist_rdns reject-missing-sender-mx reject-ip-in-cc-rdns ip-blacklist-file=/etc/spamdyke/blacklist_ip recipient-blacklist-file=/etc/spamdyke/blacklist_recipients #ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords #rdns-blacklist-dir=/etc/spamdyke/blacklist_rdns.d reject-empty-rdns #reject-unresolvable-rdns dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=b.barracudacentral.org dns-blacklist-entry=cbl.abuseat.org dns-blacklist-entry=list.dsbl.org dns-blacklist-entry=bl.spamcop.net dns-blacklist-entry=bogons.cymru.com # tls-certificate-file=/var/qmail/control/servercert.pem tls-level=smtp Here's the whitelist_ip file: 127.0.0.1 69.224.211.10 All other whitelist_X files are empty. The relay file has: 69.224.211.10 This entry is a specific client I needed to relay...But I don't see how that would be causing any issues, since the e-mail isn't coming from them. :-) I can't find anything else that might be causing spamdyke to set the RELAYCLIENT flag... At this point, it looks like this is more SpamDyke related than QMT, so I should probably move this over there... Unless you have any parting thoughts, maybe we can pick this up over there. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Michael Colvin [mailto:mcol...@norcalisp.com] Sent: Wednesday, January 12, 2011 9:59 AM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro Agreed (With the authenticating hosting servers part). This was a quick (And I thought ok) way of getting these toasters up... I'm obviously going to have to go back through and tweak some stuff. I'll pull spamdyke down, test again, and let you know. I'm going to re- read the link you included to the Relaying portion of SpamDykes config first, to see if I have a Duh moment. I'll keep you posted! Thanks again. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Wednesday, January 12, 2011 9:53 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro I think I understand. I did notice the QMR server further down the line and wondered a little about it. I'd remove spamdyke temporarily at this point and test. Then you'll know for sure if spamdyke setting RELAYCLIENT is the cause or not. P.S. I realize that web hosting servers are a pita, but configuring them to authenticate is a good practice imo. Then you don't need any open relaying. -- -Eric 'shubes' On 01/12/2011 10:35 AM, Michael Colvin wrote: Ummm... Mainly I think it was laziness so that the web hosting servers could send via these servers. (Instead of listing just the specific internal IP's, since I add servers occasionally...) I think there was another reason involving how my outbound mail is working, but now that I'm trying to explain it in an e-mail, I'm not sure *that* reason is valid, so I'll need to think about that one. :-) The particular servers we're looking at hear, handle inbound e-mail filtering only, then forward the mail to another cluster that's customer facing. So... Ok, now I need to figure out where it's getting that from, because, I'm not sure you saw the other message, but I removed the internal network from the whitelisting, and still nothing. And, now that I think about it, the e-mail isn't coming from an internal IP at the point we're looking at... The server has an internal IP, but it is the first server to handle the e
RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
It's old... I sent it last night while changing some of the relay stuff, and apparently cause some mail to start queuing on the customer facing servers... So, when I put everything back (This morning), the queue dumped. :-) Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Wednesday, January 12, 2011 11:11 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro On 01/11/2011 08:03 PM, Michael Colvin wrote: Eric, I've checked all the places I can think of that it might be getting RELAYCLIENT set at (/var/qmail/control/relay , /etc/spamdyke/whitelist_ip and tcp.smtp) and I've removed any reference to my internal network... Still no luck. Any place else you can think of before I write the RELAYCLIENT flag as being the issue? Michael J. Colvin NorCal Internet Services www.norcalisp.com - This just showed up. Is it old, or is the time on your computer off? -- -Eric 'shubes' -- --- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! -- --- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list- unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list- h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
Ok... I've got it narrowed down to the relay file... I remarked out the access-file line, and e-mail gets scanned now... So, it must be how I have the info entered... Not sure where I got that just the IP was sufficient... The documentation obviously lists the : and second value criteria... So, let me play around with that file and see if I can get the relaying I need, without the bailing out on SpamAssassin. I'll let you know. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Wednesday, January 12, 2011 12:08 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro I've been using the tcp.smtp file in lieu of spamdyke's access file. I don't think the access file is useful in QMT, since qmail has the SMTP AUTH patch. I'm not certain of this though, and would like to know Sam's take on this. I think taking this to the spamdyke list is a good idea. It appears to me from the documentation that spamdyke's access-file should be formatted like: 69.224.211.10:ACCESS not just the IP address. I wonder if this is causing the problem. If there is no : in that file, I would expect spamdyke to throw an error or warning of some kind though. Have you run spamdyke in test mode to check for errors? See the qtp-install-spamdyke script for how to do this. -- -Eric 'shubes' On 01/12/2011 12:08 PM, Michael Colvin wrote: OK... So, I pulled spamdyke out of the picture, and what do you know, suddenly the simscan line shows what we'd expect: Received: by simscan 1.4.0 ppid: 23321, pid: 23323, t: 0.2519s scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12510 spam: 3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail.norcalisp.com X-Spam-Level: *** X-Spam-Status: No, score=3.5 required=5.0 tests=DK_SIGNED,FH_DATE_PAST_20XX, HTML_MESSAGE,RDNS_NONE autolearn=no version=3.2.5 So... I've got something in SpamDyke that's likely setting RELAYCLIENT. I'm pretty certain it's not whitelist_ip, since I pulled the internal range out. I also pulled it out of the relay file that access-file in the spamdyke.conf file points too. Here's my spamdyke.conf log-level=info access-file=/var/qmail/control/relay local-domains-file=/var/qmail/control/rcpthosts max-recipients=20 idle-timeout-secs=180 greeting-delay-secs=0 graylist-level=always graylist-dir=/var/spamdyke/graylist graylist-min-secs=300 graylist-max-secs=1814400 #policy-url=http://www.norcalisp.com/nospam?reason= sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders ip-whitelist-file=/etc/spamdyke/whitelist_ip rdns-whitelist-file=/etc/spamdyke/whitelist_rdns reject-missing-sender-mx reject-ip-in-cc-rdns ip-blacklist-file=/etc/spamdyke/blacklist_ip recipient-blacklist-file=/etc/spamdyke/blacklist_recipients #ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords #rdns-blacklist-dir=/etc/spamdyke/blacklist_rdns.d reject-empty-rdns #reject-unresolvable-rdns dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=b.barracudacentral.org dns-blacklist-entry=cbl.abuseat.org dns-blacklist-entry=list.dsbl.org dns-blacklist-entry=bl.spamcop.net dns-blacklist-entry=bogons.cymru.com # tls-certificate-file=/var/qmail/control/servercert.pem tls-level=smtp Here's the whitelist_ip file: 127.0.0.1 69.224.211.10 All other whitelist_X files are empty. The relay file has: 69.224.211.10 This entry is a specific client I needed to relay...But I don't see how that would be causing any issues, since the e-mail isn't coming from them. :-) I can't find anything else that might be causing spamdyke to set the RELAYCLIENT flag... At this point, it looks like this is more SpamDyke related than QMT, so I should probably move this over there... Unless you have any parting thoughts, maybe we can pick this up over there. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Michael Colvin [mailto:mcol...@norcalisp.com] Sent: Wednesday, January 12, 2011 9:59 AM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro Agreed (With the authenticating hosting servers part). This was a quick (And I thought ok) way of getting these toasters up... I'm obviously going to have to go back through and tweak some stuff. I'll pull spamdyke down, test again, and let you know. I'm going to re- read the link you included to the Relaying portion of SpamDykes config first, to see if I have a Duh moment. I'll keep you posted! Thanks again. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric
RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
Ok... Just to follow-up... I set the entries in the relay file as described in SpamDyke's documentation, same result. I remarked out the lines in the relay file, effectively making it Empty. SpamAssassin is still not called. Now, I'm not sure if calling an empty file is causing an issue When I ran the spamdyke tests, I didn't get any errors... I'm going to move over to SpamDyke's list now, and see what Sam thinks... Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Michael Colvin [mailto:mcol...@norcalisp.com] Sent: Wednesday, January 12, 2011 12:45 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro Ok... I've got it narrowed down to the relay file... I remarked out the access-file line, and e-mail gets scanned now... So, it must be how I have the info entered... Not sure where I got that just the IP was sufficient... The documentation obviously lists the : and second value criteria... So, let me play around with that file and see if I can get the relaying I need, without the bailing out on SpamAssassin. I'll let you know. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Wednesday, January 12, 2011 12:08 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro I've been using the tcp.smtp file in lieu of spamdyke's access file. I don't think the access file is useful in QMT, since qmail has the SMTP AUTH patch. I'm not certain of this though, and would like to know Sam's take on this. I think taking this to the spamdyke list is a good idea. It appears to me from the documentation that spamdyke's access-file should be formatted like: 69.224.211.10:ACCESS not just the IP address. I wonder if this is causing the problem. If there is no : in that file, I would expect spamdyke to throw an error or warning of some kind though. Have you run spamdyke in test mode to check for errors? See the qtp-install-spamdyke script for how to do this. -- -Eric 'shubes' On 01/12/2011 12:08 PM, Michael Colvin wrote: OK... So, I pulled spamdyke out of the picture, and what do you know, suddenly the simscan line shows what we'd expect: Received: by simscan 1.4.0 ppid: 23321, pid: 23323, t: 0.2519s scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12510 spam: 3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail.norcalisp.com X-Spam-Level: *** X-Spam-Status: No, score=3.5 required=5.0 tests=DK_SIGNED,FH_DATE_PAST_20XX, HTML_MESSAGE,RDNS_NONE autolearn=no version=3.2.5 So... I've got something in SpamDyke that's likely setting RELAYCLIENT. I'm pretty certain it's not whitelist_ip, since I pulled the internal range out. I also pulled it out of the relay file that access-file in the spamdyke.conf file points too. Here's my spamdyke.conf log-level=info access-file=/var/qmail/control/relay local-domains-file=/var/qmail/control/rcpthosts max-recipients=20 idle-timeout-secs=180 greeting-delay-secs=0 graylist-level=always graylist-dir=/var/spamdyke/graylist graylist-min-secs=300 graylist-max-secs=1814400 #policy-url=http://www.norcalisp.com/nospam?reason= sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders ip-whitelist-file=/etc/spamdyke/whitelist_ip rdns-whitelist-file=/etc/spamdyke/whitelist_rdns reject-missing-sender-mx reject-ip-in-cc-rdns ip-blacklist-file=/etc/spamdyke/blacklist_ip recipient-blacklist-file=/etc/spamdyke/blacklist_recipients #ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords #rdns-blacklist-dir=/etc/spamdyke/blacklist_rdns.d reject-empty-rdns #reject-unresolvable-rdns dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=b.barracudacentral.org dns-blacklist-entry=cbl.abuseat.org dns-blacklist-entry=list.dsbl.org dns-blacklist-entry=bl.spamcop.net dns-blacklist-entry=bogons.cymru.com # tls-certificate-file=/var/qmail/control/servercert.pem tls-level=smtp Here's the whitelist_ip file: 127.0.0.1 69.224.211.10 All other whitelist_X files are empty. The relay file has: 69.224.211.10 This entry is a specific client I needed to relay...But I don't see how that would be causing any issues, since the e-mail isn't coming from them. :-) I can't find anything else that might be causing spamdyke to set the RELAYCLIENT flag... At this point, it looks like this is more SpamDyke related than QMT, so I should probably move this over there... Unless you have any parting thoughts, maybe we can pick this up over there. Michael J. Colvin
RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
Ok...Just to wrap this thread up on this list, in case anyone searches this list The issue is apparently a known issue without an elegant solution currently. We pretty much nailed it down though on here... You can find Sam's response and description of the issue in the thread here: http://www.mail-archive.com/spamdyke-users@spamdyke.org/msg03033.html with a reference to the thread here: http://www.mail-archive.com/spamdyke-users@spamdyke.org/msg02032.html Reader's Digest version...If you're going to use the relay file, you'll have to patch SpamDyke, at least for now. The alternative is to put what you'd put in the relay file into tcp.smtp, and don't use the access-file in SpamDyke. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Michael Colvin [mailto:mcol...@norcalisp.com] Sent: Wednesday, January 12, 2011 1:15 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro Ok... Just to follow-up... I set the entries in the relay file as described in SpamDyke's documentation, same result. I remarked out the lines in the relay file, effectively making it Empty. SpamAssassin is still not called. Now, I'm not sure if calling an empty file is causing an issue When I ran the spamdyke tests, I didn't get any errors... I'm going to move over to SpamDyke's list now, and see what Sam thinks... Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Michael Colvin [mailto:mcol...@norcalisp.com] Sent: Wednesday, January 12, 2011 12:45 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro Ok... I've got it narrowed down to the relay file... I remarked out the access-file line, and e-mail gets scanned now... So, it must be how I have the info entered... Not sure where I got that just the IP was sufficient... The documentation obviously lists the : and second value criteria... So, let me play around with that file and see if I can get the relaying I need, without the bailing out on SpamAssassin. I'll let you know. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Wednesday, January 12, 2011 12:08 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro I've been using the tcp.smtp file in lieu of spamdyke's access file. I don't think the access file is useful in QMT, since qmail has the SMTP AUTH patch. I'm not certain of this though, and would like to know Sam's take on this. I think taking this to the spamdyke list is a good idea. It appears to me from the documentation that spamdyke's access-file should be formatted like: 69.224.211.10:ACCESS not just the IP address. I wonder if this is causing the problem. If there is no : in that file, I would expect spamdyke to throw an error or warning of some kind though. Have you run spamdyke in test mode to check for errors? See the qtp-install-spamdyke script for how to do this. -- -Eric 'shubes' On 01/12/2011 12:08 PM, Michael Colvin wrote: OK... So, I pulled spamdyke out of the picture, and what do you know, suddenly the simscan line shows what we'd expect: Received: by simscan 1.4.0 ppid: 23321, pid: 23323, t: 0.2519s scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12510 spam: 3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail.norcalisp.com X-Spam-Level: *** X-Spam-Status: No, score=3.5 required=5.0 tests=DK_SIGNED,FH_DATE_PAST_20XX, HTML_MESSAGE,RDNS_NONE autolearn=no version=3.2.5 So... I've got something in SpamDyke that's likely setting RELAYCLIENT. I'm pretty certain it's not whitelist_ip, since I pulled the internal range out. I also pulled it out of the relay file that access-file in the spamdyke.conf file points too. Here's my spamdyke.conf log-level=info access-file=/var/qmail/control/relay local-domains-file=/var/qmail/control/rcpthosts max-recipients=20 idle-timeout-secs=180 greeting-delay-secs=0 graylist-level=always graylist-dir=/var/spamdyke/graylist graylist-min-secs=300 graylist-max-secs=1814400 #policy-url=http://www.norcalisp.com/nospam?reason= sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders ip-whitelist-file=/etc/spamdyke/whitelist_ip rdns-whitelist-file=/etc/spamdyke/whitelist_rdns reject-missing-sender-mx reject-ip-in-cc-rdns ip-blacklist-file=/etc/spamdyke/blacklist_ip recipient-blacklist-file=/etc/spamdyke/blacklist_recipients #ip-in-rdns-keyword
RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
: by 10.42.241.199 with SMTP id lf7mr4139326icb.93.1294749629840; Tue, 11 Jan 2011 04:40:29 -0800 (PST) Received: by 10.42.230.5 with HTTP; Tue, 11 Jan 2011 04:40:29 -0800 (PST) Date: Tue, 11 Jan 2011 04:40:29 -0800 Message-ID: aanlktimo65iopgbztonw-opm2d7cvp4xhydcmbg4u...@mail.gmail.com Subject: Testing From: NorCal Internet norcalinter...@gmail.com To: Michael Colvin mcol...@norcalisp.com Content-Type: multipart/alternative; boundary=20cf305496a9c27d9b04999163ea No change on the simscan line... I still don't see anything in qmlog spamd, other than the Startup stuff that was there from my last post... In fact, there's nothing but what I posted last time, since the server hasn't restarted... There's been no log entries in spamd since 1/9/2011... SpamAssassin is On in the default QMT, right? I mean, it's obviously installed on the system, and SimScan is running... It just seems like something is missing, and it's on both servers... I know this is going to end in one of those Duh! moments... :-) Mike -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Monday, January 10, 2011 8:39 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro On 01/09/2011 09:17 PM, Michael J. Colvin wrote: Have you run # qmailctl cdb recently? Several times, and even rebooted the whole server (Both of them) to make sure the new cdb files were loaded. The cdb file's date stamp is being updated when I run qmailctl cdb. Again, what I think is the strangest part is, this is happening on two totally separate machines, both with basically Stock ISO installs on them... If it was happening to just one, I'd lean towards a config error... But with two of them, it's either something I did too both of them (Possible, of course) or something else... And, like I said, I haven't changed much from the stock install... Just the rcpthosts, smtproutes, tcp.smtp (As posted) and I think that's about it.. (Shrug)... Mike Here's my tcp.smtp entry: :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRO NG RCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIGN=/var/qmail/cont ro l/domainkeys/%/private,NOP0FCHECK=1 You appear to be missing NOP0FCHECK=1 in your configuration. IIRC, you really need that. I don't recall what happens w/out it, but I'd put it in and see if that fixes things. -- -Eric 'shubes' --- - - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! --- - - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com --- -- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! --- -- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list- h...@qmailtoaster.com cj's 2318 Clement Ave Alameda, CA 94501 http://www.yother.com Check out the new Volvoclassified! http://www.volvoclassified.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! -- --- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! -- --- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list- unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list- h...@qmailtoaster.com
RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
Eric.. Check this thread out... I think this may be pointing me in the right direction... http://osdir.com/ml/mail.qmail.simscan/2007-12/msg00029.html The 2nd paragraph... Because relay client is set, simscan doesnt run the message through SpamAssassin (Since it's supposedly from a trusted source). Could spamdyke be passing a value for RELAYCLIENT? I've got the 192.168.100.0/24 (The private network my mail cluster is on) Whitelisted in spamdyke... Any place else that might be passing RELAYCLIENT? It's not in my tcp.smtp file. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Tuesday, January 11, 2011 11:06 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro I'm at a loss Michael. I think I'd look closer into spamassassin at this point. Can you invoke SA 'manually'? On 01/11/2011 11:13 AM, Michael Colvin wrote: Here you go Eric. Both servers had identical outputs, other than one being installed the day after this one. :-) Name: simscan-toaster Relocations: (not relocatable) Version : 1.4.0 Vendor: (none) Release : 1.3.8 Build Date: Fri 29 Oct 2010 02:28:37 AM PDT Install Date: Fri 29 Oct 2010 02:30:25 AM PDT Build Host: mail-1.norcalisp.com Group : Networking/Other Source RPM: simscan-toaster-1.4.0-1.3.8.src.rpm Size: 113364 License: GPL Signature : (none) Packager: Jake Vickersj...@qmailtoaster.com URL : http://www.inter7.com/vpopmail Summary : Simscan for qmail-toaster Description : SimScan is a simplified scanner for qmail similar to qmail-scanner and qscand. It uses clamav, trophie, and/or spamassassin. It also supports attachment blocking by extension. Simscan is written entirely in C to ensure maximum speed. There are several options to allow simscan to scan per domain, and reject spam mail. Current settings --- user = clamav qmail directory = /var/qmail work directory= /var/qmail/simscan control directory = /var/qmail/control qmail queue program = /var/qmail/bin/qmail-queue clamdscan program = /usr/bin/clamdscan clamav scan = ON trophie scanning = OFF attachement scan = ON ripmime program = /usr/bin/ripmime custom smtp reject= ON drop message = OFF regex scanner = OFF quarantine processing = OFF domain based checking = ON add received header = ON spam scanning = ON spamc program = /usr/bin/spamc spamc arguments = spamc user= OFF authenticated users scanned = OFF spam passthru = OFF spam hits = 40 Current simcontrol config -- :clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Tuesday, January 11, 2011 8:36 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro I don't think so, Cecil. I have QMT hosts behind NAT routers, and SA still scans. Authenticated submissions aren't scanned though. Michael, can you post your # rpm -qi simscan-toaster (just double checking) -- -Eric 'shubes' On 01/11/2011 09:10 AM, Cecil Yother, Jr wrote: Isn't there something about LAN addresses not being scanned? Quoting Michael J. Colvinmcol...@norcalisp.com: OK. Tcp.smtp now looks like: :allow,BADMIMETYPE=,SENDER_NOCHECK=1,BADLOADERTYPE=M,QMAILQUEUE=/va r/ qmail/bin/simscan,NOP0FCHECK=1 Header information is still the same: Received: (qmail 28565 invoked by uid 1010); 11 Jan 2011 04:41:02 - 0800 Received: from 192.168.100.122 by mail.norcalisp.com (envelope-from norcalinter...@gmail.com, uid 1008) with qmail-scanner-1.25-st-qms (clamdscan: 0.91.2/1082. spamassassin: 3.2.0. perlscan: 1.25-st-qms. Clear:RC:1(192.168.100.122):. Processed in 0.066093 secs); 11 Jan 2011 12:41:02 - X-Antivirus-NorCalISP-Mail-From: norcalinter...@gmail.com via mail.norcalisp.com X-Antivirus-NorCalISP: 1.25-st-qms (Clear:RC:1(192.168.100.122):. Processed in 0.066093 secs Process 28558) Received: from unknown (HELO mail.norcalisp.com) (192.168.100.122) by mail.norcalisp.com with SMTP; 11 Jan 2011 04:41:02 -0800 Received: (qmail 12610 invoked by uid 89); 11 Jan 2011 12:41
RE: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
Ok. Will do later today/this evening and let you know. Thanks for the suggestion! Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Monday, January 10, 2011 8:39 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro On 01/09/2011 09:17 PM, Michael J. Colvin wrote: Have you run # qmailctl cdb recently? Several times, and even rebooted the whole server (Both of them) to make sure the new cdb files were loaded. The cdb file's date stamp is being updated when I run qmailctl cdb. Again, what I think is the strangest part is, this is happening on two totally separate machines, both with basically Stock ISO installs on them... If it was happening to just one, I'd lean towards a config error... But with two of them, it's either something I did too both of them (Possible, of course) or something else... And, like I said, I haven't changed much from the stock install... Just the rcpthosts, smtproutes, tcp.smtp (As posted) and I think that's about it.. (Shrug)... Mike Here's my tcp.smtp entry: :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRO NGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIGN=/var/qmail/co ntrol/domainkeys/%/private,NOP0FCHECK=1 You appear to be missing NOP0FCHECK=1 in your configuration. IIRC, you really need that. I don't recall what happens w/out it, but I'd put it in and see if that fixes things. -- -Eric 'shubes' -- --- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! -- --- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list- unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list- h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] QMT Use Stats
And considering that Exim is the MTA of choice with a lot of control panels, and Postfix the default MTA on a lot of LAMP servers, I'm guessing a LOT of those are from people that don't really Choose their mail server, but simply use what's supplied with their ISO. :-) I'm also curious where non-toaster Qmail installs are counted. Sure, it would be nice if QMT was used for all Qmail installations, but as those that use other versions of Qmail have to reinstall, migrate, etc, I'm sure a lot will find QMT... Mike -Original Message- From: Pak Ogah [mailto:pako...@pala.bo-tak.info] Sent: Monday, November 15, 2010 10:26 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] QMT Use Stats On 13-Nov-10 7:00, Eric Shubert wrote: FWIW, here's an interesting link: http://www.securityspace.com/s_survey/data/man.200910/mxsurvey.html That data is a year old. Summarizing the last few years for QMT: Year Servers Percent 11/09 1844 .20 02/09 1642 .20 02/08 1583 .17 02/07 1174 .13 11/06 1028 .11 So from 11/06 - 11/09, QMT has averaged growth of about 25% per year. Not great market penetration (yet), but respectable growth. Interesting, from the trend, I can see Sendmail is going down, Exim and Postfix is climbing, and microsoft is flat so How are we going to boost QMT? :D - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Re: Disable CHKUSER
Yes, but this is not the issue in, at least this specific case. It's definitely a recipient MX resolution issue... Mike -Original Message- From: Tonix (Antonio Nati) [mailto:to...@interazioni.it] Sent: Sunday, November 14, 2010 7:50 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Disable CHKUSER Michael, one more element of discussion. If sender has (for error) domain with wrong MX in sender address, of course no following rcpt could be accepted, as initial acceptance phase of sender has not successed. This is unique case in which also server's sending is rejected as a whole. Ciao! Tonino Il 14/11/2010 00:37, Michael Colvin ha scritto: On 11/13/2010 07:16 AM, Tonix (Antonio Nati) wrote: Il 13/11/2010 15:04, Martin Waschbuesch ha scritto: Hi all, I wonder about this one... First of all, I agree with Jake that MX verification is rather important. However, the problem at hand is also a nuisance: Why should one bad address out of 15 in the list cause all mails to not be delivered? Is this problem related to clients or to emails coming from servers? This is a key question, as they should be treated differently. Incoming messages need MX verification so that bounces have a better probability of being deliverable. Submissions, on the other hand, are rejected directly during the smtp session to the user's client, so there is no bounce (as far as QMT is concerned) and thus no need for MX verification. Double check with clients, because a lot of them stop sending as receive the first error back, while servers continue sending remaining recipients. For my authenticated senders I've completely disabled chkuser, using a dedicated ip only for this purpose (relaying). If you cannot have a dedicated IP you can always use submission port, and setup a dedicated qmail-smtpd for this usage. I like this solution. I've said before that I think that port 25 (incoming smtp) and port 587 (submission) should have separate tcp.smtp files. Such configuration facilitates turning off chkuser on port 587, which I like as a solution for this. Thanks for chiming in on this, Tonino. I agree Jake, to some degree. As Martin pointed out, the issue is that this particular customer is sending to a list with 200+ on it. When it bounces back saying ALL of them couldn't resolve an MX for the domain, that's an issue... It's hard for them to keep their list clean, when they can't tell which one is causing the bounce, and I can't really expect them to test each account, or call each person on their distribution list. Nor am I going to do it. :-) As far as whether it's a mail client issue, or server issue, I'm not sure. But, I think in my particular case, it's neither...Well, that is, it's not *MY* server. This particular client has an Exchange server. They send their e-mail from Outlook, to their Exchange server, which then uses my servers for relaying, or a Smarthost... This particular cluster of servers is used solely for filtering client e-mail inbound, and for some clients to use for outbound. I have another cluster that I use for ISP Access customers (DSL, Dialup, Hosting, etc), but they are still using a non-toaster for outbound, so this issue hasn't surfaced, yet, but with most of them using Outlook to connect directly to the server, I'm assuming they'll get individual bounces back? I agree with, I think it was Eric, that fixing the actual issue with how CHKUSER handles these bad MX records would be better... If it would only bounce the bad addresses, that would be preferred. But, from what Tonino said, I'm now wondering if this isn't actually an issue with how Exchange is handling CHKUSER's notification that a given address is Bad... I know during my testing, if I entered a bad e-mail domain via telnet session, it would give me the error message, but I could still enter another address, and those would go through. So, is this Exchange seeing the reject message, and then just assuming the rest are bad? It doesn't appear as though QMT is closing the session...So, this may be... I appreciate that you're switching to the stock CHKUSER setup in QMT2, but I agree with you that this *IS* a valuable feature, and I would prefer to have it enabled... It just needs a little tweaking, or Exchange does... Michael J. Colvin NorCal Internet Services www.norcalisp.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
RE: [qmailtoaster] Re: Disable CHKUSER
There's a Limit number of messages per connection setting in their Exchange server... I'm assuming that if I set that to 1, it will break a multi-recipient e-mail into multiple single messages... Not sure though. I would think that this would result in individual bounces for bad e-mail addresses... Mike -Original Message- From: Tonix (Antonio Nati) [mailto:to...@interazioni.it] Sent: Sunday, November 14, 2010 8:51 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Disable CHKUSER Check on exchange side. Check also if there is an option to split a multi recipients delivery in several single recipient deliveries. Tonino Il 14/11/2010 17:37, Michael Colvin ha scritto: Yes, but this is not the issue in, at least this specific case. It's definitely a recipient MX resolution issue... Mike -Original Message- From: Tonix (Antonio Nati) [mailto:to...@interazioni.it] Sent: Sunday, November 14, 2010 7:50 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Disable CHKUSER Michael, one more element of discussion. If sender has (for error) domain with wrong MX in sender address, of course no following rcpt could be accepted, as initial acceptance phase of sender has not successed. This is unique case in which also server's sending is rejected as a whole. Ciao! Tonino Il 14/11/2010 00:37, Michael Colvin ha scritto: On 11/13/2010 07:16 AM, Tonix (Antonio Nati) wrote: Il 13/11/2010 15:04, Martin Waschbuesch ha scritto: Hi all, I wonder about this one... First of all, I agree with Jake that MX verification is rather important. However, the problem at hand is also a nuisance: Why should one bad address out of 15 in the list cause all mails to not be delivered? Is this problem related to clients or to emails coming from servers? This is a key question, as they should be treated differently. Incoming messages need MX verification so that bounces have a better probability of being deliverable. Submissions, on the other hand, are rejected directly during the smtp session to the user's client, so there is no bounce (as far as QMT is concerned) and thus no need for MX verification. Double check with clients, because a lot of them stop sending as receive the first error back, while servers continue sending remaining recipients. For my authenticated senders I've completely disabled chkuser, using a dedicated ip only for this purpose (relaying). If you cannot have a dedicated IP you can always use submission port, and setup a dedicated qmail-smtpd for this usage. I like this solution. I've said before that I think that port 25 (incoming smtp) and port 587 (submission) should have separate tcp.smtp files. Such configuration facilitates turning off chkuser on port 587, which I like as a solution for this. Thanks for chiming in on this, Tonino. I agree Jake, to some degree. As Martin pointed out, the issue is that this particular customer is sending to a list with 200+ on it. When it bounces back saying ALL of them couldn't resolve an MX for the domain, that's an issue... It's hard for them to keep their list clean, when they can't tell which one is causing the bounce, and I can't really expect them to test each account, or call each person on their distribution list. Nor am I going to do it. :-) As far as whether it's a mail client issue, or server issue, I'm not sure. But, I think in my particular case, it's neither...Well, that is, it's not *MY* server. This particular client has an Exchange server. They send their e-mail from Outlook, to their Exchange server, which then uses my servers for relaying, or a Smarthost... This particular cluster of servers is used solely for filtering client e-mail inbound, and for some clients to use for outbound. I have another cluster that I use for ISP Access customers (DSL, Dialup, Hosting, etc), but they are still using a non-toaster for outbound, so this issue hasn't surfaced, yet, but with most of them using Outlook to connect directly to the server, I'm assuming they'll get individual bounces back? I agree with, I think it was Eric, that fixing the actual issue with how CHKUSER handles these bad MX records would be better... If it would only bounce the bad addresses, that would be preferred. But, from what Tonino said, I'm now wondering if this isn't actually an issue with how Exchange is handling CHKUSER's notification that a given address is Bad... I know during my testing, if I entered a bad e-mail domain via telnet session, it would give me the error message, but I could still enter another address, and those would go through. So, is this Exchange seeing the reject message, and then just assuming the rest are bad? It doesn't appear as though QMT is closing the session...So, this may be... I appreciate that you're switching to the stock CHKUSER setup in QMT2, but I agree with you that this *IS* a valuable
RE: [qmailtoaster] Re: Disable CHKUSER
On 11/13/2010 07:16 AM, Tonix (Antonio Nati) wrote: Il 13/11/2010 15:04, Martin Waschbuesch ha scritto: Hi all, I wonder about this one... First of all, I agree with Jake that MX verification is rather important. However, the problem at hand is also a nuisance: Why should one bad address out of 15 in the list cause all mails to not be delivered? Is this problem related to clients or to emails coming from servers? This is a key question, as they should be treated differently. Incoming messages need MX verification so that bounces have a better probability of being deliverable. Submissions, on the other hand, are rejected directly during the smtp session to the user's client, so there is no bounce (as far as QMT is concerned) and thus no need for MX verification. Double check with clients, because a lot of them stop sending as receive the first error back, while servers continue sending remaining recipients. For my authenticated senders I've completely disabled chkuser, using a dedicated ip only for this purpose (relaying). If you cannot have a dedicated IP you can always use submission port, and setup a dedicated qmail-smtpd for this usage. I like this solution. I've said before that I think that port 25 (incoming smtp) and port 587 (submission) should have separate tcp.smtp files. Such configuration facilitates turning off chkuser on port 587, which I like as a solution for this. Thanks for chiming in on this, Tonino. I agree Jake, to some degree. As Martin pointed out, the issue is that this particular customer is sending to a list with 200+ on it. When it bounces back saying ALL of them couldn't resolve an MX for the domain, that's an issue... It's hard for them to keep their list clean, when they can't tell which one is causing the bounce, and I can't really expect them to test each account, or call each person on their distribution list. Nor am I going to do it. :-) As far as whether it's a mail client issue, or server issue, I'm not sure. But, I think in my particular case, it's neither...Well, that is, it's not *MY* server. This particular client has an Exchange server. They send their e-mail from Outlook, to their Exchange server, which then uses my servers for relaying, or a Smarthost... This particular cluster of servers is used solely for filtering client e-mail inbound, and for some clients to use for outbound. I have another cluster that I use for ISP Access customers (DSL, Dialup, Hosting, etc), but they are still using a non-toaster for outbound, so this issue hasn't surfaced, yet, but with most of them using Outlook to connect directly to the server, I'm assuming they'll get individual bounces back? I agree with, I think it was Eric, that fixing the actual issue with how CHKUSER handles these bad MX records would be better... If it would only bounce the bad addresses, that would be preferred. But, from what Tonino said, I'm now wondering if this isn't actually an issue with how Exchange is handling CHKUSER's notification that a given address is Bad... I know during my testing, if I entered a bad e-mail domain via telnet session, it would give me the error message, but I could still enter another address, and those would go through. So, is this Exchange seeing the reject message, and then just assuming the rest are bad? It doesn't appear as though QMT is closing the session...So, this may be... I appreciate that you're switching to the stock CHKUSER setup in QMT2, but I agree with you that this *IS* a valuable feature, and I would prefer to have it enabled... It just needs a little tweaking, or Exchange does... Michael J. Colvin NorCal Internet Services www.norcalisp.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Disable CHKUSER
OK. So, I've got some clients that send mails out to affiliates of theirs via rather large distribution lists. When at least one, maybe more, of those addresses are bad, they get the Sorry, can't find a valid MX for rcpt domain bounce that, basically is bouncing the whole message, so even the valid recipients don't get the e-mail. I've searched the archives, particularly: http://www.mail-archive.com/qmailtoaster-list%40qmailtoaster.com/msg27066.ht ml, and haven't really found anything that helps.Unless I'm doing something wrong. I've tried removing the references to CHKUSER_RCPT_MX in tcp.smtp, then issued qmailctl cdb, same issue. I tried setting CHKUSER_RCPT_MX=, and CHKUSER_RCPT-MX=0. Nothing. Tried setting CHKUSER_STARTING_VARIABLE=NONE.No change. I've read where the default CHKUSER config is to have these commented out, but it appears that this isn't the QMT default, per the linked thread above. How do I go about commenting these out in CHKUSER's config, and then Rebuild QMT? I installed from the CentOS 5 ISO. I simply don't want to check the MX for any e-mail on these particular servers.I'd rather the client get bounces for those e-mails, so they can clean up their lists. Michael J. Colvin NorCal Internet Services http://www.norcalisp.com/ www.norcalisp.com (916) 864- image001.jpg
RE: [qmailtoaster] Re: Disable CHKUSER
On 11/12/2010 12:38 PM, Michael Colvin wrote: OK So, Ive got some clients that send mails out to affiliates of theirs via rather large distribution lists. When at least one, maybe more, of those addresses are bad, they get the Sorry, cant find a valid MX for rcpt domain bounce that, basically is bouncing the whole message, so even the valid recipients dont get the e-mail. Ive searched the archives, particularly: http://www.mail-archive.com/qmailtoaster- list%40qmailtoaster.com/msg27066.html, and havent really found anything that helps Unless Im doing something wrong Ive tried removing the references to CHKUSER_RCPT_MX in tcp.smtp, then issued qmailctl cdb, same issue. I tried setting CHKUSER_RCPT_MX=, and CHKUSER_RCPT-MX=0 Nothing. Tried setting CHKUSER_STARTING_VARIABLE=NONE No change. Ive read where the default CHKUSER config is to have these commented out, but it appears that this isnt the QMT default, per the linked thread above. How do I go about commenting these out in CHKUSERs config, and then Rebuild QMT? I installed from the CentOS 5 ISO. I simply dont want to check the MX for any e-mail on these particular servers Id rather the client get bounces for those e-mails, so they can clean up their lists. http://wiki.qmailtoaster.com/index.php/Chkuser ;) -- -Eric 'shubes' Thanks Eric...Not sure how I missed that...I know I dug around on the Wiki during my searches... Tossing my .02 into the earlier thread that I linked too, I would agree with your comment that these settings should be something that are Enabled in tcp.smtp... That would be more User friendly. Another item for Jake's already full to-do list. :-) Thanks again, I'll give that a try and see if it resolves my issue...Looks like it will. Michael J. Colvin NorCal Internet Services www.norcalisp.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Doubles
If you're using Spamdyke, look in the /etc/spamdyke/spamdyke.conf file. There's a timeout in there also that will cause duplicates. Michael J. Colvin NorCal Internet Services http://www.norcalisp.com/ www.norcalisp.com (916) 864- _ From: Steve [mailto:st...@impactpayments.com] Sent: Tuesday, November 09, 2010 7:26 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Doubles I am having this same issue occasionally on Thunderbird. Are you adjusting it on the server, and if so where do you change it? The messages are coming from outside the company to one of my peeps. Thanks in advance! Steve K On Nov 9, 2010, at 7:55 AM, Rob Wellard wrote: Hi Madmac I had that problem, its outlook thast the issue, all i did was increase the time out on sending messages and it fixed it. Rob _ From: sysad...@tricubemedia.com To: qmailtoaster-list@qmailtoaster.com Date: Tue, 9 Nov 2010 07:53:57 -0700 Subject: [qmailtoaster] Doubles Hi list, Randomly, users are getting two of each email, Is there a log that we can check , or any other area to check. Thanks madmac image001.jpg
RE: [qmailtoaster] qmt replicated , how to get 100% Availability when sending mail?
Hi, I have successfully replicated two servers QMT with Jake video, the system is spectacular and send my congratulations to Jake for the excellent work in conjunction with its simplicity, now that I have my two replicated servers would get their tips and experiences to be always and automatically whenever a server available to the fall of another? probe using round robin dns, but when you drop the other service and still running the DNS continues to send the request to the server dropped, some managed to find some way that does not happen and always have mail service available for shipment by the customer mail (Outlook, Thunderbird, etc)? Look into something like IPVSADM or LVS. Ultra Monkey is another flavor of the same thing. Basically they are load balancers that will balance traffic based on various Scheduling (Round Robin, weighted, etc) and has the ability to detect lost hosts, and remove them from the rotation. OpenSource and works great. Michael J. Colvin NorCal Internet Services www.norcalisp.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Videos
I 2nd the request. Those videos were a great source of information, Jake. I miss them. :-) Michael J. Colvin NorCal Internet Services http://www.norcalisp.com/ www.norcalisp.com (916) 864- _ From: Scott Hughes [mailto:sonicscott9...@gmail.com] Sent: Wednesday, September 29, 2010 1:18 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Videos I was just curious if the QMT videos were back online yet or if there was an ETA on them? Thanks, Scott image001.jpg
RE: [qmailtoaster] Re: what are the pitfalls of QM w/ NAT?
You could also use a load balancer (There's plenty of open source Linux based stuff out there), and have the multiple servers Appear as a single IP, even using NAT. This should remove the SSL issues too. I have mail servers with a single public IP, through a load balancer, which also acts like a firewall, to some degree, and distributes the traffic to the various servers, based on ports, loads, and various matrix's that you configure. Makes it easy to add/remove servers too... Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Friday, August 13, 2010 12:08 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: what are the pitfalls of QM w/ NAT? spamdyke has no problem with NAT - it still sees the originating IP address properly. FWIW, I run several QMT hosts behind IPCop (on orange DMZ). -- -Eric 'shubes' Patrick Ring wrote: Thanks Eric. I was on that track. My current firewalls block all (non-mail server) outbound SMTP and DNS requests (learned hard way via a virus on my corp network). I think I know what you are talking about with the SSL and A records. My biggest concern was whether Spamdyke (or other RBL and spam filters) would work properly behind the NAT. Of course, I'm open to other issues I might have as well. Thank you, Patrick M. Ring P. Ring Technologies Louisiana Web Host, LLC. 985-868-4200 -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Friday, August 13, 2010 1:53 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: what are the pitfalls of QM w/ NAT? Patrick Ring wrote: I have off and on considered running QMT behind a firewall with NAT at one of my offices and just have the firewall appliance pinholed with what the server needs. My main office has plenty of IP's, but my other office only has a couple available to me, so I'm obviously looking at the idea of using one IP to communicate with multiple servers. Does anybody have any pros vs cons for QMT behind a NAT here? Thank you, Patrick M. Ring P. Ring Technologies Louisiana Web Host, LLC. 985-868-4200 I don't think running QMT behind a NAT'ing firewall is uncommon. The only concern I would have is the potential of rogue/infected hosts behind the same public address to spew out spam, causing the address to be blacklisted. Configuring the firewall to limit outbound traffic on port 25 to only QMT should take care of that though. Also, having multiple services/hosts on a single (public) IP address complicates SSL a little. Setting up multiple A records/names to the same public address takes care of that though. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! -- --- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! -- --- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list- unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list- h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail:
RE: [qmailtoaster] spammer / Boom email
Looks like using Spamdyke with RDNS enabled would have stopped it. Doesnt look like the sending IP has a reverse DNS (PTR) entry. All Legit mail servers should have a reverse DNS entry Their IP should resolve to *something*. That setting alone will stop 60% of likely spam, maybe more. Michael J. Colvin NorCal Internet Services http://www.norcalisp.com/ www.norcalisp.com (916) 864- _ From: Hajid [mailto:ha...@masolusi.com] Sent: Wednesday, August 11, 2010 12:32 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] spammer / Boom email Any body could please help me how to stop this email. ./qmHandle -m573640 -- MESSAGE NUMBER 573640 -- Received: (qmail 7968 invoked by uid 89); 11 Aug 2010 05:44:26 - Received: by simscan 1.3.1 ppid: 7893, pid: 7940, t: 1.2025s scanners: attach: 1.3.1 clamav: 0.94 /m: spam: 3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail.avtour.com X-Spam-Level: X-Spam-Status: No, score=-66.8 required=5.0 tests=AWL,BAYES_99, FH_DATE_PAST_20XX,FH_FAKE_RCVD_LINE,FORGED_HOTMAIL_RCVD2,INVALID_MSGID, MIME_BOUND_DD_DIGITS,MIME_QP_LONG_LINE,MISSING_HEADERS,MISSING_MIMEOLE, MSGID_MULTIPLE_AT,RCVD_DOUBLE_IP_SPAM,RCVD_HELO_IP_MISMATCH,RCVD_IN_PBL, RCVD_IN_SORBS_DUL,RCVD_NUMERIC_HELO,RDNS_NONE,SUBJECT_NEEDS_ENCODING, SUBJ_ILLEGAL_CHARS,TVD_SPACE_RATIO,USER_IN_WHITELIST autolearn=no version=3.2.5 Received: from unknown (HELO 202.29.226.195) (118.167.134.121) by mail with SMTP; 11 Aug 2010 05:44:25 - Received-SPF: softfail (mail: transitioning SPF record at spf-d.hotmail.com does not designate 118.167.134.121 as permitted sender) Received: from 128.90.172.176 by 200.90.174.88; Wed, 11 Aug 2010 13:44:24 +0800 Received: from 174.172.104.212 by 49.38.224.152; Wed, 11 Aug 2010 13:44:24 +0800 Received: from 18.156.145.204 by 40.120.66.152; Wed, 11 Aug 2010 13:44:24 +0800 Received: from 253.73.206.160 by 146.80.123.197; Wed, 11 Aug 2010 13:44:24 +0800 Message-ID: Wed, 11 Aug 2010 13:44:24 +0800shi...@ms11.hinet.net, r...@hotmail.com From: Rocco Boykin glfl83...@hotmail.com Reply-To: Rocco Boykin itidgh483...@hotmail.com Subject: ¤â¾÷¥Ö®M«È¨î¤Æ Date: Wed, 11 Aug 2010 13:44:24 +0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=--20220610593110575 image001.jpg
RE: [qmailtoaster] QMT on Xen? (I hope not)
I'm running on VMWare ESXi, but was looking to maybe switch up. Xen was on my list of possibles, along with Proxmox. (proxmox.com) I was leaning towards Xen, but, perhaps I shouldn't now? :-) VMWare's working great, just looking for something a little more budget friendly. :-) Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Wednesday, August 04, 2010 4:40 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] QMT on Xen? (I hope not) Is anyone running QMT on Xen? I just noticed that RHEL6 will not contain Xen, in favor of KVM. -- -Eric 'shubes' -- --- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! -- --- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list- unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list- h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Very strange and huge problem with port 25 and Qmailtoaster
NOTE: it takes 2/3 minutes to deliver a message from an external e-mail (gmail like) to our server. Is it normal time? Sure. Sometimes they get delivered in a couple seconds, other times a few minutes. Depends on a lot of variables. You have not indicated that is Gmail is taking a long time to connect to you, or if you still have problems on your system. You would need to watch the logs to see when Gmail contacts your server to determine this. FYI, some time ago, Gmail instituted a delay in sending mail. This delay was intended for people to be able to recall a message that was sent to the wrong person, forgot an attachment, etc. It gives you a chance to stop the message from being sent in one of those Oh shit moments. The delay is, I believe a minute or two. So, it would be perfectly normal to see a delay when sending from Gmail. Michael J. Colvin NorCal Internet Services http://www.norcalisp.com/ www.norcalisp.com (916) 864- _ From: Jake Vickers [mailto:j...@qmailtoaster.com] Sent: Thursday, July 22, 2010 2:01 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Very strange and huge problem with port 25 and Qmailtoaster On 07/22/2010 03:52 AM, Digital Instruments wrote: Update: removing the following line from var/qmail/supervise/smtp/run let the port 25 works (that's means it works from telnet localhost and remote) BLACKLIST=`cat /var/qmail/control/blacklists` $BLACKLIST so the exec command it's the same but without the $BLACKLIST. Inside the /var/qmail/control/blacklists there's only this line: -r zen.spamhaus.org -r If that is the contents of your blacklist file, then it is incorrect. It should be -r {blacklist}. The extra -r at the end indicates you removed a blacklist, but not the switch telling tcpserver to use one. disabling spamd from /var/qmail/control/simcontrol let the port 110 works. :spam=no, This only has an effect on incoming mail - has absolutely nothing to do with POP/IMAP mail. NOTE: it takes 2/3 minutes to deliver a message from an external e-mail (gmail like) to our server. Is it normal time? Sure. Sometimes they get delivered in a couple seconds, other times a few minutes. Depends on a lot of variables. You have not indicated that is Gmail is taking a long time to connect to you, or if you still have problems on your system. You would need to watch the logs to see when Gmail contacts your server to determine this. image001.jpg
RE: [qmailtoaster] Re: squirrelmail no recieve
My guess is that a pop3 client has grabbed the message. We think we have eliminated that -- this fellow has gotten large attachments in the past. Folks will send him attch'd wav mov . w large being 10 - 20 MB ...ish what else might it be? should I , can I - empty his mailBox - could something be 'stuck' in there? To make sure, disable POP3 and try again. (Make sure POP3 is disabled by trying to pop it. When it fails, then try sending your message again from his account in squirrel mail to his account... See if it shows up, then disappears again. Once you disable pop3, you should also be able to find failed attempts to pop the account, and where the pop access is coming from. At least you'll ensure it's not a mail client somewhere popping his account. Hell, it could be some unknown person popping his account after having hacked it... Michael J. Colvin NorCal Internet Services www.norcalisp.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] mail routing question
Aren't we over-complicating this a bit? Why not simply use aliases for the Management e-mail accounts, forwarding them to corp.example.com, or some similar sub-domain, as was suggested earlier. Then use SMTPRoutes to forward the mail to the Exchange server..No DNS issues, no fetchmail, no extra stuff. Michael J. Colvin NorCal Internet Services http://www.norcalisp.com/ www.norcalisp.com http://www.norcalisp.com/ _ From: Ganesh.payelkar [mailto:ganesh.payel...@gmail.com] Sent: Tuesday, June 29, 2010 5:36 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] mail routing question Dear Mr. Rajesh, For the below setup your QMT will be 1st MX for your domain, Once your qmt accept the same he will forward to exchange, For the same you have to write fetchmail to push the mails to exchange. Create 1 mailid which collect all user's mails through .qmail and push to exchange with the help of fetchmail... -- Regards, Ganesh On Mon, Jun 28, 2010 at 7:34 AM, Rajesh M 24x7ser...@24x7server.net wrote: hi some of my clients are asking for a hybrid solution ie they need a setup like this a) for some of their top management users they want a hosted exchange (hosted microsoft exchange server) solution b) and others on our qmailtoaster all emails will arrive initially on the qmailtoaster box so is there a way by which i can route all emails meant for specific users to the hosted exchange box ? thanks rajesh - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com image001.gif
RE: [qmailtoaster] spamassassin
Hi Mike, No, I am not using SpamDyke as of yet. Thanks!! Martin Then that's the first thing I would suggest... SpamDyke will do wonders, not only for your spam filtering, but the overall load on your server. Something like checking for RDNS is exactly what SpamDyke was designed to do, and it does it using less resources on your server than SpamAssassin. SpamDyke will filter, usually, 80-95% of your spam, leaving the remaining percentage of mail that gets through to be filtered by SpamAssassin, thus taking that load off of SpamAssassin... Michael J. Colvin NorCal Internet Services www.norcalisp.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Re: spamassassin
I agree with Michael that spamdyke is great. Highly recommended. I'd like to clarify the tcpserver -h option though. This option does do an rDNS lookup which is duplicative with spamdyke, but I think it's best to do both, as they're used for different purposes. Spamdyke uses rDNS for blocking. Tcpserver's -h option simply sets the TCPREMOTEHOST variable, which does no blocking of any kind, but does provide more complete logging messages. The overhead of the duplicate rDNS lookup is negligible (immeasurable I expect), since the lookup is cached. That's why I think it's best to have both. Sam C (spamdyke's author) discusses this (and other things) here: http://www.mail-archive.com/spamdyke-us...@spamdyke.org/msg00842.html Thanks for the clarification Eric. I wasn't that familiar with the -h option in SpamAssassin, and just assumed that since it was doing rDNS lookups, it was using them for blocking. And, you're right, the DNS information should be cached, especially if SpamDyke is used to initially filter, making the overhead looking it up again in SpamAssassin insignificant. Michael J. Colvin NorCal Internet Services www.norcalisp.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Re: spamassassin
Perfect. Oh, and, I only wanted to explain why it'd be important for me to deselect features of spamdyke that don't fit my needs. Martin Am 21.06.2010 um 18:09 schrieb Eric Shubert: You can use whichever features you choose. It's up to you. Of course fighting spam is always a balancing act with a wide array of dependencies. Finding the best balance takes some doing. The flexiblity that spamyke provides makes it useful in most circumstances. Note, I don't necessarily agree with your policy, but I don't see any purpose in debating it here. If it works for you, great. However, you can use a lot more of spamdyke's filters than one RBL, without getting any false positives. -- -Eric 'shubes' The main benefit of SpamDyke, at least for me, is blocking stuff at the SMTP level... Do your RBL lookups in SpamDyke. I'd also suggest filtering out servers that don't have rDNS or MX records, and also ones that have ip addresses in the rDNS. Just those three will filter a TON of spam at the SMTP level, and should result in zero false positives, unless someone has a very badly configured mail server, in which case, you probably don't want to get mail from them anyway... The greylisting feature is always a give/take situation, but it's easy to turn on/off, and can be done by domain. It does help filter more spam, but I'm not sure how much more. Michael J. Colvin NorCal Internet Services www.norcalisp.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] spamassassin
Are you using SpamDyke? If so, and you are checking for RDNS there, that would seem duplicative to me. I block any mail server that does not have RDNS using SpamDyke. Better to stop it there than waste time scanning it with SpamAssassin... Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Martin Waschbuesch [mailto:mar...@waschbuesch.de] Sent: Sunday, June 20, 2010 1:57 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] spamassassin Found it myself: In /var/qmail/supervise/smtp/run, I had forgotten to enable rDNS (default seems to be off), by changing the -H flag to -h. Thanks, Martin Am 20.06.2010 um 10:48 schrieb Martin Waschbuesch: Hi all, There is something weird I noticed in my logs: every email I receive gets marked as RDNS_NONE by spamassassin. This was not the case with my previous setup. lookup and reverse lookup work, so I am at a loss as to why this is? Perhaps some perl module I have not installed, etc? Martin -- Imagination is more important than knowledge. For knowledge is limited to all we now know and understand, while imagination embraces the entire world, and all there ever will be to know and understand. Albert Einstein - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list- unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list- h...@qmailtoaster.com -- The whole modern world has divided itself into Conservatives and Progressives. The business of Progressives is to go on making mistakes. The business of the Conservatives is to prevent the mistakes from being corrected. Gilbert K. Chesterton -- --- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! -- --- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list- unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list- h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] ISO
Jake, I'm trying to download the QMT ISO using the link from the main QMT page, but it keeps opening a page at your consulting site. I'd actually like to do the CentOS 5 ISO, but that seems to have disappeared from the site, or I'm blind/stupid. (Which is always possible!) Also, there were a host of video's I had watched and was going to go back too when I actually started building a new cluster. Of course, they're not there now with the recent changes, and, for the life of me, I can't remember all of them! Any chance of getting at least a list of the video's up so I can send you a list of the one's I'm interested in? I remember one of them was like 7 parts or something... Michael J. Colvin NorCal Internet Services www.norcalisp.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Opinions Please
I would do both. :-) I would have redundant load balancers, at two different locations, that balance the loads between multiple servers at their respective locations. Then, use DNS (Also redundant at multiple locations) to round robin between the two locations. :-) Considering using VM for the DNS and Load Balancing portions, and perhaps the QMailToaster portion too, you could probably pull it off with one or two machines at each location. Michael J. Colvin NorCal Internet Services http://www.norcalisp.com/ www.norcalisp.com http://www.norcalisp.com/ _ From: Scott Hughes [mailto:sonicscott9...@gmail.com] Sent: Monday, May 24, 2010 1:43 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Opinions Please I am considering setting up a second QMT server using Jake's replicated server tutorial. These servers will be in two different cities for maximum redundancy. If I remember correctly, Jake mentioned setting up DNS round robin to balance the two QMT servers. My question is this: Is DNS better for load balancing, or would it be better to utilize a load balancing program like 'balance' (http://www.inlab.de/balance.html) ? Or does it really make a difference for this application. I would be balancing IMAP (993) / SMTP (25) / POP3 (110). Thanks, Scott image001.gif
RE: [qmailtoaster] Opinions Please
I should have added, we are using a variation of: http://www.linuxvirtualserver.org/index.html That link should get you going. No cost, other than a simple, no frills server, depending on the load. Works great. Do a Google for Linux load balancing and you should find all kinds of articles. Or, you could go with already built stuff like Foundry's.But, if you're looking to scale affordably, do the LVM stuff. Works like a charm. Michael J. Colvin NorCal Internet Services http://www.norcalisp.com/ www.norcalisp.com http://www.norcalisp.com/ _ From: Scott Hughes [mailto:sonicscott9...@gmail.com] Sent: Monday, May 24, 2010 1:43 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Opinions Please I am considering setting up a second QMT server using Jake's replicated server tutorial. These servers will be in two different cities for maximum redundancy. If I remember correctly, Jake mentioned setting up DNS round robin to balance the two QMT servers. My question is this: Is DNS better for load balancing, or would it be better to utilize a load balancing program like 'balance' (http://www.inlab.de/balance.html) ? Or does it really make a difference for this application. I would be balancing IMAP (993) / SMTP (25) / POP3 (110). Thanks, Scott image001.gif
RE: [qmailtoaster] Opinions Please
You can run VM on machines that are a couple years old, and can find them fairly cheap on Ebay or Craigslist. A couple of Dell 2650's, 2850's, or 1850's will run a couple of VM's with no problems. Depending on the amount of mail you are expecting and rack space availableity, you could probably do the load balancing, DNS and mail server all on a single Dell 2650 at each location, using VMWare ESXi, Zen, or pretty much most of the common VM's. The 2650's can be had pretty easily for around $200 - $300 w/drives. 2U of rack space at each location and you're done. If you need 1U's, go with the 1850's. Maybe $300 - $500 each, and only 1U. If it's still too much, then, yea, go with just the DNS Round Robin option. Michael J. Colvin NorCal Internet Services http://www.norcalisp.com/ www.norcalisp.com http://www.norcalisp.com/ _ From: Scott Hughes [mailto:sonicscott9...@gmail.com] Sent: Monday, May 24, 2010 2:32 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Opinions Please Michael, As a small company, we haven't gotten into VM systems as of yet. I want to but the price of those machines is still a bit on the high side - especially with brand name servers (Dell, HP, etc). Thanks to everyone for all the input on this idea! Scott On 5/24/10 4:07 PM, Michael Colvin wrote: I would do both. :-) I would have redundant load balancers, at two different locations, that balance the loads between multiple servers at their respective locations. Then, use DNS (Also redundant at multiple locations) to round robin between the two locations. :-) Considering using VM for the DNS and Load Balancing portions, and perhaps the QMailToaster portion too, you could probably pull it off with one or two machines at each location. Michael J. Colvin NorCal Internet Services http://www.norcalisp.com/ www.norcalisp.com http://www.norcalisp.com/ _ From: Scott Hughes [mailto:sonicscott9...@gmail.com] Sent: Monday, May 24, 2010 1:43 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Opinions Please I am considering setting up a second QMT server using Jake's replicated server tutorial. These servers will be in two different cities for maximum redundancy. If I remember correctly, Jake mentioned setting up DNS round robin to balance the two QMT servers. My question is this: Is DNS better for load balancing, or would it be better to utilize a load balancing program like 'balance' (http://www.inlab.de/balance.html) ? Or does it really make a difference for this application. I would be balancing IMAP (993) / SMTP (25) / POP3 (110). Thanks, Scott image001.gif
RE: [qmailtoaster] spam
I mean.It's a wild guess, but it sure sounds like your box has been hacked. The spamming can have several causes, but why is your box trying to connect to other servers via SSH? Have you changed your passwords? Although, at this point, it's probably too late and changing them wouldn't do much. Sound's like you've been owned. Michael J. Colvin NorCal Internet Services http://www.norcalisp.com/ www.norcalisp.com http://www.norcalisp.com/ _ From: madmac [mailto:sysad...@tricubemedia.com] Sent: Thursday, April 08, 2010 12:23 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] spam Now at 5829 , still counting. madmac - Original Message - From: test mailto:sysad...@tricubemedia.com To: qmailtoaster-list@qmailtoaster.com Sent: Thursday, April 08, 2010 1:05 PM Subject: [qmailtoaster] spam I received reports today that my qmail server was spaamming, and trying to get into others ssh ports. Many complaints and emails from ab...@otherdomain.com ( eg ) Loggin in to the box , mostly unresonsive, sen a whole bunch of entries that looked dodgy eg: ./brk *** could not kill the process, so did a reboot. stopped qmail, stopped named, stopped mysql etc. created a catch directory mkdir -p /var/clamav/unwanted cd /var chown -R clamav:clamav clamav/ Then decided to manually run a complete clamav system scan ( after getting freshclam update ) cd / /usr/bin/clamscan -r -i --move=/var/log/clamav/unwanted/ -l /var/log/clamav/clamscan.log Currently found 2270 infected files , mostly users email with : Sanesecurity.Junk.27236.UNOFFICIAL FOUND ( the 27236 numbers vary ) And still scanning. So my question would be , why, is the server not stopping this when it come in to the email? What should I check in the configs. Thanks all madmac image001.gif
RE: [qmailtoaster] Qmailtoaster videos - major change!
I like the ability to watch them when I need to, or to refer back to them when needed.Even if it meant renewing the subscription, which I was just about to do. :-) Of course, whatever works for you, but, for my .02, I would like it if there was a way to watch the videos on demand. The DVD package sounds interesting, and I guess paying for each video and watching it online would be good also, as long as there was a way to maybe watch it over a period of a couple days. Some times I'll start watching one and fall asleep (Not from the video! Just because I tend to watch them late at night as I'm winding down.) or, I may get a call, and I'm off on another project. So, Buying a video online and watching it should have at least some period of time that the video would remain viewable. Of course, if the price is right for the DVD set, that would probably be the best, but it also potentially can cause those videos to become dated, should you Update one of the videos. Either way, I appreciate the time you put into making them, and they save us, likely, 10 times the hours trying to figure the stuff out on our own. Michael J. Colvin NorCal Internet Services http://www.norcalisp.com/ www.norcalisp.com http://www.norcalisp.com/ _ From: David Milholen [mailto:dmilho...@wletc.com] Sent: Wednesday, April 07, 2010 9:00 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Qmailtoaster videos - major change! Jake Vickers wrote: Hopefully everyone will read this: First off, I've been sick the last week or two, so the videos are a day or two behind. Once I'm able to record without coughing through the whole thing, I'll get a new video out - hopefully in the next day or two. Anyway, I've also been thinking quite a bit on the video site, and am going to implement some major changes. The rest of this email will be kinda long-winded and detailed, so if you're just interested in the end results, skip to the last paragraph when I recap ;) Do you realize it's been almost a year already? As I have been recording the videos, I have been learning a lot myself. First thing I learned is that the credit card processing companies are rackets. Authorize.net is the worst - did you know when you enter your credit card information and it gets rejected for *whatever* reason, I still get charged (all said and done) $1.57 for the transaction, even though it failed and I didn't actually receive any funds? I had a user run his card 50 times in a day! And never even completed a sale! So one guy racked up $78USD in charges for me, and he never did pay for the subscription. Authorize.net was *very* unhelpful in the process. As such, the first change I am going to make to the video site is using a different credit card processor and also include PayPal transactions. To go hand-in-hand with this, there will no longer be a subscription service. The videos that you require a subscription to view now will be individually priced. I will still continue to produce free videos just like I always have, but the special videos will have an individual price - I am targeting $4 - $8 for the premium videos. I need to sit down and figure out service charges for PayPal and the credit card processor to find out where the actual price break will need to be, factoring in server costs as well. For those that have a current subscription - it's still active. I canceled the recurring fee so once the subscription runs out, it's done. I will continue to produce videos the week of June 29th, when the last currently paid for subscription runs out. At that point I will transition everything to the new system. I will actually be transferring the videos to the new system (and new server!) during this time frame so that once the June 29th week hits, it should juts be a quick change in DNS to redirect everyone to the new server. For those that want to see some of the premium videos NOW, email me off-list and let me know which video. We can work out something. For those that want ALL the videos, email me off-list. I'm considering mailing DVDs with copies of all the videos on them and we can discuss this possibility. Now the second thing I learned from this project, is that I have a **lot** of topics I would love to produce videos on that are not Qmailtoaster specific. To go hand-in-hand with the above shopping cart changes, I am also going to transition the site to a more Linux-general site instead of Qmailtoaster specific. I will still do Qmailtoaster videos! I just want to have the flexibility to do videos on other topics that are not Qmailtoaster specific as well (I've been itching to do a video on OpenVPN for several months now, as well as Bind!). So when I move everything to the new server, the format/theme will change to be more Linux in general versus Qmailtoaster specific. I think this will benefit everyone who visits. The third thing I learned is that finding time to do a video every week is
RE: [qmailtoaster] Spamdyke problem
Search the archives. This was covered within the last two weeks, along with a patch that resolves the issue. I'd send the e-mails, but don't have them on hand, but they should be in the archives. Mike -Original Message- From: Darrell Booth [mailto:darr...@drachma.com.au] Sent: Thursday, April 01, 2010 2:08 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Spamdyke problem Hi My mailserver installed with qmailtoaster has been working without issue for 3 months. It is now running very slow when accepting emails for transmission. When I do a ps -ef command I see the following multiple times: vpopmail 24313 2321 0 13:46 ?00:00:00 /usr/local/bin/spamdyke --config-file /etc/spamdyke/spamdyke.conf /var/qmail/bin/qmail-s vpopmail 24314 24313 0 13:46 ?00:00:00 [qmail-smtpd] defunct vpopmail 25449 2321 0 14:50 ?00:00:00 /usr/local/bin/spamdyke --config-file /etc/spamdyke/spamdyke.conf /var/qmail/bin/qmail-s vpopmail 25450 25449 0 14:50 ?00:00:00 [qmail-smtpd] defunct vpopmail 25999 2321 0 15:29 ?00:00:00 /usr/local/bin/spamdyke --config-file /etc/spamdyke/spamdyke.conf /var/qmail/bin/qmail-s vpopmail 26001 25999 0 15:29 ?00:00:00 [qmail-smtpd] defunct vpopmail 26734 2321 0 16:11 ?00:00:00 /usr/local/bin/spamdyke --config-file /etc/spamdyke/spamdyke.conf /var/qmail/bin/qmail-s vpopmail 26736 26734 0 16:11 ?00:00:00 [qmail-smtpd] defunct vpopmail 27603 2321 0 17:09 ?00:00:00 /usr/local/bin/spamdyke --config-file /etc/spamdyke/spamdyke.conf /var/qmail/bin/qmail-s vpopmail 27604 27603 0 17:09 ?00:00:00 [qmail-smtpd] defunct Can anyone please give me some clues as to what might be causing this issue. I have made no changes to the configuration files recently. I restarted the server to clear the problem and it occurred again within 24 hours Thanks Darrell --- -- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! --- -- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list- unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list- h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Spamdyke problem
The answer lies within the Spamdyke list's archives. :-) Michael J. Colvin NorCal Internet Services http://www.norcalisp.com/ www.norcalisp.com http://www.norcalisp.com/ _ From: David Milholen [mailto:dmilho...@wletc.com] Sent: Thursday, April 01, 2010 9:38 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Spamdyke problem Darrell Booth wrote: Hi My mailserver installed with qmailtoaster has been working without issue for 3 months. It is now running very slow when accepting emails for transmission. When I do a ps -ef command I see the following multiple times: vpopmail 24313 2321 0 13:46 ?00:00:00 /usr/local/bin/spamdyke --config-file /etc/spamdyke/spamdyke.conf /var/qmail/bin/qmail-s vpopmail 24314 24313 0 13:46 ?00:00:00 [qmail-smtpd] defunct vpopmail 25449 2321 0 14:50 ?00:00:00 /usr/local/bin/spamdyke --config-file /etc/spamdyke/spamdyke.conf /var/qmail/bin/qmail-s vpopmail 25450 25449 0 14:50 ?00:00:00 [qmail-smtpd] defunct vpopmail 25999 2321 0 15:29 ?00:00:00 /usr/local/bin/spamdyke --config-file /etc/spamdyke/spamdyke.conf /var/qmail/bin/qmail-s vpopmail 26001 25999 0 15:29 ?00:00:00 [qmail-smtpd] defunct vpopmail 26734 2321 0 16:11 ?00:00:00 /usr/local/bin/spamdyke --config-file /etc/spamdyke/spamdyke.conf /var/qmail/bin/qmail-s vpopmail 26736 26734 0 16:11 ?00:00:00 [qmail-smtpd] defunct vpopmail 27603 2321 0 17:09 ?00:00:00 /usr/local/bin/spamdyke --config-file /etc/spamdyke/spamdyke.conf /var/qmail/bin/qmail-s vpopmail 27604 27603 0 17:09 ?00:00:00 [qmail-smtpd] defunct Can anyone please give me some clues as to what might be causing this issue. I have made no changes to the configuration files recently. I restarted the server to clear the problem and it occurred again within 24 hours Thanks Darrell - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com I am seeing some of this also.. -- David Milholen Project Engineer 501-318-1300 Wireless Etc image001.gifimage002.gif
RE: [qmailtoaster] Spamdyke problem
My God.It's even the first/top item in the archives. Shouldn't be hard to find. :-) Michael J. Colvin NorCal Internet Services http://www.norcalisp.com/ www.norcalisp.com http://www.norcalisp.com/ _ From: David Milholen [mailto:dmilho...@wletc.com] Sent: Thursday, April 01, 2010 9:38 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Spamdyke problem Darrell Booth wrote: Hi My mailserver installed with qmailtoaster has been working without issue for 3 months. It is now running very slow when accepting emails for transmission. When I do a ps -ef command I see the following multiple times: vpopmail 24313 2321 0 13:46 ?00:00:00 /usr/local/bin/spamdyke --config-file /etc/spamdyke/spamdyke.conf /var/qmail/bin/qmail-s vpopmail 24314 24313 0 13:46 ?00:00:00 [qmail-smtpd] defunct vpopmail 25449 2321 0 14:50 ?00:00:00 /usr/local/bin/spamdyke --config-file /etc/spamdyke/spamdyke.conf /var/qmail/bin/qmail-s vpopmail 25450 25449 0 14:50 ?00:00:00 [qmail-smtpd] defunct vpopmail 25999 2321 0 15:29 ?00:00:00 /usr/local/bin/spamdyke --config-file /etc/spamdyke/spamdyke.conf /var/qmail/bin/qmail-s vpopmail 26001 25999 0 15:29 ?00:00:00 [qmail-smtpd] defunct vpopmail 26734 2321 0 16:11 ?00:00:00 /usr/local/bin/spamdyke --config-file /etc/spamdyke/spamdyke.conf /var/qmail/bin/qmail-s vpopmail 26736 26734 0 16:11 ?00:00:00 [qmail-smtpd] defunct vpopmail 27603 2321 0 17:09 ?00:00:00 /usr/local/bin/spamdyke --config-file /etc/spamdyke/spamdyke.conf /var/qmail/bin/qmail-s vpopmail 27604 27603 0 17:09 ?00:00:00 [qmail-smtpd] defunct Can anyone please give me some clues as to what might be causing this issue. I have made no changes to the configuration files recently. I restarted the server to clear the problem and it occurred again within 24 hours Thanks Darrell - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com I am seeing some of this also.. -- David Milholen Project Engineer 501-318-1300 Wireless Etc image001.gifimage002.gif
RE: [qmailtoaster] Re: squirrelmail/imap issue
Will restarting just Qmail pick up those changes? Michael J. Colvin NorCal Internet Services http://www.norcalisp.com/ www.norcalisp.com http://www.norcalisp.com/ _ From: Dave Hallowell [mailto:d...@acbsco.com] Sent: Monday, March 01, 2010 12:37 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: squirrelmail/imap issue So I bumped up the MAXDAEMONS=50 and restarted qmail. About four hours later, I have 43 imapd processes running and getting new mail results in a timeout on thunderbird. I killall imapd processes, and can get emails immediately. I noticed there is also a MAXPERIP=4 and I bumped it up to MAXPERIP=6 and restarted qmail. See if that works. Dave Dave Hallowell wrote: Jake, Ah ha. I see MAXDAEMONS=40. How'd I miss that? Okay, I'll bump it up and see what happens. Any suggestions on the number or just trial and error? Thanks Jake. Dave Jake Vickers wrote: On 03/01/2010 10:23 AM, Dave Hallowell wrote: Helmut, I recently ran into this problem with imap timing out. I don't use squirrelmail much, but I was getting timeouts using thunderbird when trying to send and receive from imap email accounts. I read a post on this list about timeouts when the number of imap processes reached a certain number. In my case, when I had the smtp timeouts, I would run from the command line # ps -ef | grep imapd | wc -l and it would always return 43 processes when I was having problems. 42 processes, everything ran fine. When I had 43 imapd processes running and experiencing issues, I would run this from the command line. # /usr/bin/killall -9 imapd this would kill all the current imapd processes and sending and receiving email resumed properly. I am running Centos4.8 and I haven't done an update for several months. Still running qmail-toaster-1.03-1.3.18. I also analyzed, checked, and repaired my vpopmail database but this did not solve this issue. So until I can figure out what is really causing this, I wrote a little script that runs from cron every 5 minutes and if there are more than 42 imapd processes running, it kills them. Here is the script if you wish to use it. -- snip --- DT=`date` KILLIT=/usr/bin/killall -9 imapd PID=`ps -ef | grep imapd | wc -l` if [ $PID -gt 42 ] then #echo too high echo $DT /oper/kill.log echo $PID /oper/kill.log $KILLIT /dev/null 21 fi - snip - Have you looked at the imapd config and ensured the MAXDAEMONS is set high enough? - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com image001.gif
RE: [qmailtoaster] Re: squirrelmail/imap issue
I think I've seen this before and it was either IMAP connections limitation issue, a timeout issue, or a MySQL issue...Maybe a combination? :-) I don't remember, it's been a few years. Usually, I would see it when the server was being heavily used, and it slowed down noticeably... I wish I could remember more. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Helmut Fritz [mailto:hel...@phpwebservices.com] Sent: Friday, February 26, 2010 4:51 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] Re: squirrelmail/imap issue Thx Eric. 52 sent and 61 inbox. Just logged into it now and it was fast, even sending with no error. Maybe just an internet thing (although that should not lead to am imap disconnection?). It did do this once before, and a reboot of the server cleared it up. Helmut -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Friday, February 26, 2010 4:39 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: squirrelmail/imap issue Helmut Fritz wrote: Hello! did a search of the archives and could not find anything. i have a user that is complaining of squirrelmail being slow. i have verified that it is a bit slow but nothing outrageous, but i did send a test from the users account and got an error after clicking send: *ERROR: Connection dropped by IMAP server.* i could not find anything unusual in the logs, but may not be looking at the correct logs. it actually sent the test message, but the web interface (squirrelmail) actually took quite a while to come back from the send, and then gave this message. any ideas? thx! Helmut I'm guessing that user's account may be approaching the limits of courier. How many folders/messages does the user have? If it's a lot, I would consider switching from courier to dovecot. -- -Eric 'shubes' -- -- - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! -- -- - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list- unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- --- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! -- --- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list- unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list- h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Re: Chkuser
Eric Shubert wrote: Michael Colvin wrote: I'm curious... Is it possible to setup QMT without implementing chkuser? I know I should use it, and do, but I have a specific need for a server without that functionality on a temporary basis (Replacing a legacy server until I can migrate users to a full QMT infrastructure), and was wondering what was the easiest/best way to do it. Any suggestions? Michael J. Colvin NorCal Internet Services www.norcalisp.com It's primarily a patch file included in the qmail-toaster package. You'd need to modify the .spec file to not include that patch. I think that's all it would take. There are (also) some chkuser related variables in tcp.smtp, but I don't think you would necessarily need to remove them. Correct. If you just remove the patch call in the %prep directive, it will not apply that patch. Can I ask what you're trying to accomplish? There may be another way to get what you want. I have some legacy QMR servers that are acting mainly as spam filters. They are set up to accept all mail sent to them (rcpthosts permitting of course), filter the mail (Mainly SpamDyke) then forward to customer mail servers (Other QMR servers or their Exchange servers). Some of the domains I'm filtering for, I don't have a complete list of all of their e-mail accounts, nor do I have a web GUI in place to allow them to provide that information, but I'm trying to move these services off of the existing hardware onto VM's. The boxes have also become unstable over the years, so I'm hesitant to simply convert them from Physical to Virtual. I'd rather start fresh with a couple QMT's set up as VM's, and migrate those services off of the legacy stuff to the QMT VM's, at least for now, while I work on gathering all the e-mails, and potentially build a GUI for customer management of their active e-mails, so that I can implement Chkuser again. Perhaps there's a way to modify the MySQL query, or maybe an entry in a table that would be a Wildcard? Then I could leave the patch, and add entries to the chkuser table as I confirm the e-mails??..?? Michael J. Colvin NorCal Internet Services www.norcalisp.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Chkuser
I'm curious... Is it possible to setup QMT without implementing chkuser? I know I should use it, and do, but I have a specific need for a server without that functionality on a temporary basis (Replacing a legacy server until I can migrate users to a full QMT infrastructure), and was wondering what was the easiest/best way to do it. Any suggestions? Michael J. Colvin NorCal Internet Services www.norcalisp.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Blocking mail-id's which doesn't exis t in database
I'm not sure I see what your problem is. Your post shows that a message from, what I would guess is a spam address, being blocked by a blacklist entry. Isn't that what you want? The address that shows a DENIED_RBL_MATCH from certainly looks like something you'd want blocked. That's what SpamDyke does, and it does it very well. The unknown portions are indicative of the IP's not having any rDNS entries. You're config also shows items that are very effective at blocking spam as being remarked out.(reject-missing-sender-mx and reject-unresolvable-rdns for example). I think you're confusing these log entries with errors, when in fact, they are a good thing.Unless I'm missing something. Michael J. Colvin NorCal Internet Services http://www.norcalisp.com/ www.norcalisp.com http://www.norcalisp.com/ _ From: nicole thomson [mailto:nicolethom...@live.com] Sent: Monday, November 30, 2009 4:29 AM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] Blocking mail-id's which doesnt exist in database when i use spamhaus.org in rbl, i used to get DENIED_RBL_MATCH from: gxyiw...@bonsai-in-asia.com to: b...@mydomain.com origin_ip: 125.146.164.245 origin_rdns: (unknown) auth: (unknown) but after commenting all those entries, now atleast mails are flowing thru, but still i am counting the bomb to explode. #dns-blacklist-entry=zombie.dnsbl.sorbs.net #dns-blacklist-entry=dul.dnsbl.sorbs.net #dns-blacklist-entry=bogons.cymru.com #dns-blacklist-entry=zen.spamhaus.org #dns-blacklist-entry=bl.spamcop.net Can someone out there help me --Nicole My spamdyke.conf #dns-blacklist-entry=zombie.dnsbl.sorbs.net #dns-blacklist-entry=dul.dnsbl.sorbs.net #dns-blacklist-entry=bogons.cymru.com #dns-blacklist-entry=zen.spamhaus.org #dns-blacklist-entry=bl.spamcop.net graylist-dir=/var/spamdyke/graylist graylist-exception-rdns-entry=/etc/spamdyke/graylist-exception-rdns-file graylist-level=none graylist-max-secs=2678400 graylist-min-secs=180 greeting-delay-secs=5 idle-timeout-secs=600 ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords ip-whitelist-file=/etc/spamdyke/whitelist_ip access-file=/etc/spamdyke/access-file local-domains-file=/var/qmail/control/rcpthosts log-level=info log-target=stderr max-recipients=50 #policy-url=http://my.policy.explanation.url/ rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns recipient-blacklist-file=/etc/spamdyke/blacklist_recipients recipient-whitelist-file=/etc/spamdyke/whitelist_recipients #reject-empty-rdns ##reject-ip-in-cc-rdns #reject-missing-sender-mx #reject-unresolvable-rdns sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders tls-certificate-file=/var/qmail/control/servercert.pem my blacklists more blacklists -r sbl.spamhaus.org \ i have configured the /etc/resolv.conf with my ISP's dns provider, i am not running any dns server. _ From: nicolethom...@live.com To: qmailtoaster-list@qmailtoaster.com Date: Mon, 30 Nov 2009 11:06:10 +0530 Subject: RE: [qmailtoaster] Blocking mail-id's which doesnt exist in database I started using spamdyke with base minimal configuration. still going through the configuring phase of empf _ From: ganesh.payel...@gmail.com Date: Sun, 29 Nov 2009 20:25:38 +0530 To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Blocking mail-id's which doesnt exist in database Dear Nicole, Just for curiosity, Did your problem got solved by applying EMPF policy ? Did you saw full header of any of such mails. where this type of mails are generating or comming. Regards, Ganesh P On Tue, Nov 24, 2009 at 5:48 PM, nicole thomson nicolethom...@live.com wrote: hi recently i found that few of my users are sending mails using their own creativity. is there any way we can block this? _ New Windows 7: Find the right PC for you. Learn more. http://windows.microsoft.com/shop _ Windows 7: Find the right PC for you. Learn more. http://windows.microsoft.com/shop _ New Windows 7: Find the right PC for you. Learn more. http://windows.microsoft.com/shop image001.gif
RE: [qmailtoaster] Re: quota warning message
Peter Peltonen wrote: Hi, On Mon, Nov 23, 2009 at 9:51 PM, Eric Shubert e...@shubes.net wrote: I didn't know you can disable quotas at the domain level (learn something new every day). I'd give it a shot. Oh, and please let us know how you do that, and how it works. Well if you don't know about it, then I've might misunderstood something :) But at least in QControl when editing an domain I have the option: Domain Quota in megabytes (0 for no quota): I checked now the command line tools and it appears that the domain quota can be set also with /home/vpopmail/bin/vmoddomlimits which has the following options: -Q quota-in-megabytes ( set domain disk quota, '100' = 100 MB ) -q quota-in-bytes ( set default user quota, '10M' = 10 MB ) Never used these though. Does anyone here have experience on setting the domain disk quota limit and how it reflects on user quotas? Best, Peter I've never used them, personally, but it would seem logical that domain wide quota's would override global settings, and users would override domain...But, that's just a guess. Mike - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Re: quota warning message
Peter Peltonen wrote: Hi, On Sun, Nov 22, 2009 at 1:14 AM, Eric Shubert e...@shubes.net wrote: Bad news: quotas are broken on QMT. I'm not sure to what extent. Easy fix is to change their account to unlimited. :( Good news: quotas work better in a more recent vpopmail release (5.4.28 I think) than what is in QMT. This is not a simple upgrade though, as I think there is a small database change somewhere between QMT's version (5.4.17) and 5.4.28. Better news: quotas have reportedly been really fixed in vpopmail 5.5. I will be working on packaging vpopmail-5.5 for QMT when it's available (with LDAP), which I expect will be in the first quarter of '10. Thanks for clarifying this. I now disabled the quota warning messages: # mv /home/vpopmail/domains/.quotawarn.msg /home/vpopmail/domains/.quotawarn.msg-notinuse Is it really that badly broken, that I really should disable quotas for every user or is disabling the warning message enough? Best, Peter I honestly don't know the extent to which quotas are broken. I suppose they might work under some circumstances, but I'm not aware of what those circumstances are. I also don't know what the best fix would be for all situations. For me, simply not using it is sufficient. If I really needed it, I think I'd check the vpopmail list archives to see what's known about the problem first. Then either attempt to upgrade to 5.4.28, or simply ride out the status quo and wait for 5.5 to become available. -- -Eric 'shubes' I would add to Eric's comments that I don't think simply disabling the Quota Warning Message is going to work, or that it's even a good idea. Sure, your user's won't get the message, but will quotas still be enforced? If so, your users will, without warning, start having mail bounced... I would either disable quotas, or jack them up stupidly high, then disable the messages... Although, I'm guessing just disabling them would be the best bet for now. Mike - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] smtproutes and RCPT to checking
If you have QMT on both servers, and are using VPOPMail w/SQL, you can configure the spam gateway server to use the db on the Main mail server. That's the easiest way. Michael J. Colvin NorCal Internet Services http://www.norcalisp.com/ www.norcalisp.com http://www.norcalisp.com/ _ From: Andrew Hodgson [mailto:and...@hodgsonfamily.org] Sent: Friday, November 20, 2009 10:20 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] smtproutes and RCPT to checking Hi, Does anyone know a way of getting Qmail to check the existence of a user (during the RCPT TO stage) on a remote mail server before accepting the message for delivery? The remote mail server supports this facility. We are looking to use Qmailtoaster as a spam gateway primarily. Thanks. Andrew. image001.gif
RE: [qmailtoaster] smtproutes and RCPT to checking
You could use a script (VBScript would be easiest) on the Exchange server to push valid e-mail addresses out to the VPOPMail database that chkuser uses. You can set it up to run on a scheduled task, or just run it when you create a new e-mail, depending on which is more efficient for your environment/number of users/turnover. Michael J. Colvin NorCal Internet Services http://www.norcalisp.com/ www.norcalisp.com http://www.norcalisp.com/ _ From: Andrew Hodgson [mailto:and...@hodgsonfamily.org] Sent: Friday, November 20, 2009 11:00 AM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] smtproutes and RCPT to checking Hi, Sorry, the other server is Exchange. Andrew. From: Michael Colvin [mailto:mcol...@norcalisp.com] Sent: 20 November 2009 18:56 To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] smtproutes and RCPT to checking If you have QMT on both servers, and are using VPOPMail w/SQL, you can configure the spam gateway server to use the db on the Main mail server. That's the easiest way. Michael J. Colvin NorCal Internet Services http://www.norcalisp.com/ www.norcalisp.com http://www.norcalisp.com/ _ From: Andrew Hodgson [mailto:and...@hodgsonfamily.org] Sent: Friday, November 20, 2009 10:20 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] smtproutes and RCPT to checking Hi, Does anyone know a way of getting Qmail to check the existence of a user (during the RCPT TO stage) on a remote mail server before accepting the message for delivery? The remote mail server supports this facility. We are looking to use Qmailtoaster as a spam gateway primarily. Thanks. Andrew. image001.gif
RE: [qmailtoaster] smtproutes and RCPT to checking
You would create the accounts in the VPOPMail tables (Or, if you only have 20 users, perhaps using the cdb file would suffice.). I believe you have to remove the local directory's for the users (/home/vpopmail/domain/emailaccount (Or something similar.) so that qmail doesn't deliver locally, and then it will use SMTPROUTES to send the mail. I'm doing something similar, but without CHKUSER in place. I'm working on replacing the existing qmail servers (qmailrocks) with the QMT servers, and implement CHKUSER. I've got a test server in place that I'm testing with, and it works fine. I send mail to it, it scans it, sends it on to the other QMail servers that handle my user mail. I also use the existing system to scan email and forward to clients Exchange servers. Currently, I'm not using CHKUSER in these cases, but will be putting systems in place to allow clients to add e-mails that are Allowed to the database, so that I can use CHKUSER. Michael J. Colvin NorCal Internet Services http://www.norcalisp.com/ www.norcalisp.com http://www.norcalisp.com/ _ From: Andrew Hodgson [mailto:and...@hodgsonfamily.org] Sent: Friday, November 20, 2009 2:32 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] smtproutes and RCPT to checking Actually we have a very static user base with around 20 accounts, so could probably do something manually. If we did this and use the smtproutes, are you saying I would have to define everything in Vpopmail as well, but the delivery would never go to Vpopmail because of the smtproutes? Thanks. Andrew. From: Michael Colvin [mailto:mcol...@norcalisp.com] Sent: 20 November 2009 19:31 To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] smtproutes and RCPT to checking You could use a script (VBScript would be easiest) on the Exchange server to push valid e-mail addresses out to the VPOPMail database that chkuser uses. You can set it up to run on a scheduled task, or just run it when you create a new e-mail, depending on which is more efficient for your environment/number of users/turnover. Michael J. Colvin NorCal Internet Services http://www.norcalisp.com/ www.norcalisp.com http://www.norcalisp.com/ _ From: Andrew Hodgson [mailto:and...@hodgsonfamily.org] Sent: Friday, November 20, 2009 11:00 AM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] smtproutes and RCPT to checking Hi, Sorry, the other server is Exchange. Andrew. From: Michael Colvin [mailto:mcol...@norcalisp.com] Sent: 20 November 2009 18:56 To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] smtproutes and RCPT to checking If you have QMT on both servers, and are using VPOPMail w/SQL, you can configure the spam gateway server to use the db on the Main mail server. That's the easiest way. Michael J. Colvin NorCal Internet Services http://www.norcalisp.com/ www.norcalisp.com http://www.norcalisp.com/ _ From: Andrew Hodgson [mailto:and...@hodgsonfamily.org] Sent: Friday, November 20, 2009 10:20 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] smtproutes and RCPT to checking Hi, Does anyone know a way of getting Qmail to check the existence of a user (during the RCPT TO stage) on a remote mail server before accepting the message for delivery? The remote mail server supports this facility. We are looking to use Qmailtoaster as a spam gateway primarily. Thanks. Andrew. image001.gif
RE: [qmailtoaster] Re: eMPF requires authentication to work?
Ok...Clearer now...You had mentioned what you were using the internal server for, I just forgot, or got your issue confused with someone else's. :-) Have you tried to see if you can send via port 587 w/o eMPF getting in the way? If you can, then you could just set your smtproutes to use your QMT's IP and port 587. I think it's: *:ipaddressofserver:587 Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: d...@acbsco.com [mailto:d...@acbsco.com] Sent: Wednesday, November 11, 2009 9:13 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: eMPF requires authentication to work? Thanks guys for all the input. I should be more descriptive with my issue. First, my users do not connect to any email accounts on my internal servers. I have different applications running on my internal servers that need to send email to accounts on my external (qmail-toaster). For instance, I run timetrex on one server. Users login and clock in and out. Managers can send email to the time administrator email account which resides on my external server (a...@solution-group.com). These are the emails that are failing in the example logs I posted. Thinking of what Jake was suggesting: I added 192.168.105.110 to the whitelist_ip and @local.solution-group.com to whitelist_rdns and whitelist_senders in /etc/spamdyke. I still get the 11-10 16:07:45 spamdyke[27917]: DENIED_OTHER from: d...@acbsco.com to: a...@solution-group.com origin_ip: 192.168.105.110 origin_rdns: message in the smtp logfile on the qmailtoaster. I can say with 100% confidence that when I remove all entries from the policy (eMPF) file on the external mail server - these emails are successfully delivered. The issue is, timetrex and other application have no configuration file where I can put the smtp username and password. Since eMPF requires a user to authenticate (it has to know who you are so it can apply a rule if applicable) it fails any message that does not authenticate. So, at this point, my best option is to follow the quickie guide to installing postfix. If anyone has anything else to add or suggest, I am all ears. Thanks, Dave Jake Vickers wrote: Eric Shubert wrote: Good question. I don't know the answer to that off hand. Michael Colvin wrote: Oh, I totally agree, Eric. I guess my point was trying to find out if there was any reason they needed to do it that way... Really, the eMPF functionality should be on his internal server, not the external relay server... Then, the internal server could relay to the QMT w/o having eMPF on it, and the internal server would still limit user e-mails. Unless of course the users also connect from externally... Couldn't he also have the internal server relay via port 587 to the toaster? Does eMPF look at 587 traffic also? I'm 99% sure that it does, since it's a patch applied to the smtp daemon in a global sense. Also, isn't this a Spamdyke config issue with the IP addres? 11-10 16:07:45 spamdyke[27917]: DENIED_OTHER from: d...@acbsco.com to: a...@solution-group.com origin_ip: 192.168.105.110 origin_rdns: It reads to me that it was denied because of DENIED_OTHER by spamdyke for origin_rdns. It's late, so correct me if I'm wrong. - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- --- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! -- --- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list- unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list- h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today
RE: [qmailtoaster] Re: Missing messages
In addition to Eric's suggestion of ensuring DNS records are pointing correctly, check that the server you are using to send mail with (The External server you mention) is not also set up to think it handles the mail for your domain locally. If it is, it won't even look at DNS. This is especially likely if this server USED to host your mail, and you simply put up the QMT, and re-pointed your MX record to it, but did not remove the domain from the External server's Localhosts/rcpthosts/etc file, depending on the flavor of the external mail server. This issue will result in inbound mail from The Net being properly delivered, but mail sent via the External server not being delivered. This includes anyone else using that Hosts servers to send mail. This can be hard to get a large host to correct, since Tier 1 support will usually not grasp the issue. Also, this issue will not cause the mail to be bounced if the e-mail accounts are still on the External server, since they are being delivered locally... You might be able to log into the External mail server via a webmail client or something on THAT server, and see the mail... Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: news [mailto:n...@ger.gmane.org] On Behalf Of Eric Shubert Sent: Tuesday, November 10, 2009 6:56 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: Missing messages Mike Canty wrote: I have a standard Qmail Toaster install on CentOS 5.3 with Spamdyke. We are being told of messages not being received by recipients in our domain. We are finding this by one user sending messages via an external mail server (there are reasons for setting them up in this manner), to an internal account, but when I look at the logs there are no entries for these message ever getting delivered. Is it possible we are rejecting messages that do not appear in our logs? Could that be messages that don't get in the door? If so is there a level of log we can put in place to see these messages. It's just a bit embarrassing, as the mail manager not being able to work out what is happening. So any information would be appreciated. Cheers Mike Canty I don't believe a message would be rejected for any reason without a message being written to the smtp log. spamdyke logs from address, to address, and sending server's ip address in all rejection messages. Older QMT versions that rejected due to SPF would not log a message to that effect, but there would still be a pid from message in the log. That's been fixed for maybe 2 years or so though. If there's no indication of the message reaching your server, I'd suspect a misdirected DNS record of some sort. -- -Eric 'shubes' -- --- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! -- --- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list- unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list- h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] eMPF requires authentication to work?
Why not have the internal server deliver the mail itself? Is there a particular reason you need to relay through the QMT servers? Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: d...@acbsco.com [mailto:d...@acbsco.com] Sent: Tuesday, November 10, 2009 11:42 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] eMPF requires authentication to work? Hello list, I have been using eMPF for about one year now and it does a great job limiting email accounts and/or who they can send or receive emails from. Thanks for including it in the distribution. I have noticed that eMPF requires that the user sending the email authenticates (otherwise how would it know if the user was allowed to send or not). I run several applications (nagios, timetrex, etc) on servers I have on my LAN. These internal servers occasionally send automated emails. I have qmail (from source boo!) installed on the internal servers, but not qmailtoaster. I have the internal servers relay mail to my qmailtoaster server. I entered the ip address of the qmailtoaster server into /var/qmail/control/smtproutes control file of my internal servers. If the application I am running (see above) has a config section where I can enter a smtp server, a valid usern...@domainname.com and a valid password, then my qmailtoaster will accept the email and relay successfully. However, if application does not have a config section for the smtp server, username, and password or the application uses a phpmailer (which many do) the relayed email fails. In the smtp log file on the qmailtoaster spamdyke reports DENIED OTHER which means The text returned by qmail (or the downstream filter that generated the rejection).. Here is a section of the smtp logfile on the qmailtoaster server when the email fails: 11-10 11:55:20 policy_check: local d...@acbsco.com - local a...@solution-group.com (UNAUTHENTICATED SENDER) 11-10 11:55:20 spamdyke[21618]: DENIED_OTHER from: d...@acbsco.com to: a...@solution-group.com origin_ip: 192.168.105.110 origin_rdns: (unknown) auth: (unknown) If I empty my /var/qmail/control/policy file (empf config file) basically turning eMPF off, and send the same message, it is successful. Here is a section of the smtp logfile on the qmail toaster after turning off eMPF 11-10 13:26:25 policy_check: local d...@acbsco.com - local a...@solution-group.com (UNAUTHENTICATED SENDER) 11-10 13:26:25 spamdyke[24110]: ALLOWED from: d...@acbsco.com to: a...@solution-group.com origin_ip: 192.168.105.110 origin_rdns: (unknown) auth: (unknown) Does anyone know a way around this? Turning off eMPF is not an option since my client insists on limiting email accounts. I read a post by Eric dated 10/29/2009 regarding a quickie guide to configuring postfix to relay securely to a toaster. This seems simple enough. I suppose I would need to remove qmail first and seeing how it was installed from source, it may be a little more complicated than rpm -e. Any suggestions, comments, etc. would be greatly appreciated. Thanks, Dave -- --- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! -- --- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list- unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list- h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] eMPF requires authentication to work?
I think you missed what I was trying to get at. You're using your internal servers for your users to connect to, and send mail, right? Yet, you have your internal server try to relay through the QMT server. Since that server is requiring authentication, the QMT server is rejecting it. Why not have your internal server deliver your user mail directly to the remote mail server, not relaying it through your QMT servers. IE, instead of: YOURINTERNALSERVER - YOURQMT - REMOTESERVER why not: YOURINTERNALSERVER - REMOTE SERVER If you remove the info in smtrproutes, the server should deliver the mail directly to the destination server by using MX record information, which should work, and there should be no log entry in the QMT servers logs. If there is, then your internal server is still trying to send all mail via the QMT.. Make sure you've restarted qmail, you might even try rebooting to make sure it's reloaded the correct smtproutes info. Michael J. Colvin NorCal Internet Services http://www.norcalisp.com/ www.norcalisp.com http://www.norcalisp.com/ _ From: d...@acbsco.com [mailto:d...@acbsco.com] Sent: Tuesday, November 10, 2009 2:17 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] eMPF requires authentication to work? Michael, good question. I hate this answer, because that's the way its always been. :) Actually, I tried removing the contents of /var/qmail/control/smtproutes on the internal server and restarted qmail. I get the same darn error message in the log file on the qmail-toaster server. 11-10 16:07:45 CHKUSER accepted rcpt: from mailto:d...@acbsco.com:: d...@acbsco.com:: remote inet.local.solution-group.com:unknown:192.168.105.110 rcpt aci s...@solution-group.com : found existing recipient 11-10 16:07:45 policy_check: local d...@acbsco.com - local a...@solution-group.com (UNAUTHENTICATED SENDER) 11-10 16:07:45 spamdyke[27917]: DENIED_OTHER from: d...@acbsco.com to: a...@solution-group.com origin_ip: 192.168.105.110 origin_rdns: (unknown) auth: (unknown) And in the logfile of the internal server, it looks like everything went fine. @40004af9e452316418ac new msg 33916470 @40004af9e4523164b8d4 info msg 33916470: bytes 1346 from qp 20677 uid 10040 @40004af9e452318befe4 starting delivery 6: msg 33916470 to remote d...@acbsco.com @40004af9e452318c518c status: local 0/10 remote 1/20 @40004af9e452380fd844 delivery 6: success: 207.224.111.118_accepted_message./Remote_host_said:_250_ok_1257890865_qp_279 23/ @40004af9e452380fe3fc status: local 0/10 remote 0/20 @40004af9e452380febcc end msg 33916470 My eMPF policy file on the qmail-toaster server does not restrict any accounts with ending in solution-group.com. Strange. Dave Michael Colvin wrote: Why not have the internal server deliver the mail itself? Is there a particular reason you need to relay through the QMT servers? Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: d...@acbsco.com [mailto:d...@acbsco.com] Sent: Tuesday, November 10, 2009 11:42 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] eMPF requires authentication to work? Hello list, I have been using eMPF for about one year now and it does a great job limiting email accounts and/or who they can send or receive emails from. Thanks for including it in the distribution. I have noticed that eMPF requires that the user sending the email authenticates (otherwise how would it know if the user was allowed to send or not). I run several applications (nagios, timetrex, etc) on servers I have on my LAN. These internal servers occasionally send automated emails. I have qmail (from source boo!) installed on the internal servers, but not qmailtoaster. I have the internal servers relay mail to my qmailtoaster server. I entered the ip address of the qmailtoaster server into /var/qmail/control/smtproutes control file of my internal servers. If the application I am running (see above) has a config section where I can enter a smtp server, a valid usern...@domainname.com and a valid password, then my qmailtoaster will accept the email and relay successfully. However, if application does not have a config section for the smtp server, username, and password or the application uses a phpmailer (which many do) the relayed email fails. In the smtp log file on the qmailtoaster spamdyke reports DENIED OTHER which means The text returned by qmail (or the downstream filter that generated the rejection).. Here is a section of the smtp logfile on the qmailtoaster server when the email fails: 11-10 11:55:20 policy_check: local d...@acbsco.com - local a...@solution-group.com (UNAUTHENTICATED SENDER) 11-10 11:55:20 spamdyke[21618]: DENIED_OTHER from: d...@acbsco.com to: a...@solution-group.com origin_ip: 192.168.105.110 origin_rdns: (unknown) auth: (unknown) If I empty my /var/qmail/control/policy file (empf config
RE: [qmailtoaster] Re: eMPF requires authentication to work?
Oh, I totally agree, Eric. I guess my point was trying to find out if there was any reason they needed to do it that way... Really, the eMPF functionality should be on his internal server, not the external relay server... Then, the internal server could relay to the QMT w/o having eMPF on it, and the internal server would still limit user e-mails. Unless of course the users also connect from externally... Couldn't he also have the internal server relay via port 587 to the toaster? Does eMPF look at 587 traffic also? Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: news [mailto:n...@ger.gmane.org] On Behalf Of Eric Shubert Sent: Tuesday, November 10, 2009 3:46 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: eMPF requires authentication to work? That's a valid way of doing things, but it presents another set of problems. It's sometimes difficult to get mail delivered to some larger mail destinations, such as yahoo, hotmail, and gmail. Having everything going out from a single host makes delivery easier to administer. There are fewer IPs that can be blacklisted, the SPF record is simpler, and it's easier to administer DKIM. That's just my opinion though. Michael Colvin wrote: I think you missed what I was trying to get at Youre using your internal servers for your users to connect to, and send mail, right? Yet, you have your internal server try to relay through the QMT server. Since that server is requiring authentication, the QMT server is rejecting it. Why not have your internal server deliver your user mail directly to the remote mail server, not relaying it through your QMT servers. IE, instead of: YOURINTERNALSERVER - YOURQMT - REMOTESERVER why not: YOURINTERNALSERVER - REMOTE SERVER If you remove the info in smtrproutes, the server should deliver the mail directly to the destination server by using MX record information, which should work, and there should be no log entry in the QMT servers logs. If there is, then your internal server is still trying to send all mail via the QMT.. Make sure youve restarted qmail, you might even try rebooting to make sure its reloaded the correct smtproutes info. **Michael J. Colvin** **NorCal Internet Services** **//www.norcalisp.com// http://www.norcalisp.com/** http://www.norcalisp.com/ *From:* d...@acbsco.com [mailto:d...@acbsco.com] *Sent:* Tuesday, November 10, 2009 2:17 PM *To:* qmailtoaster-list@qmailtoaster.com *Subject:* Re: [qmailtoaster] eMPF requires authentication to work? Michael, good question. I hate this answer, because that's the way its always been. :) Actually, I tried removing the contents of /var/qmail/control/smtproutes on the internal server and restarted qmail. I get the same darn error message in the log file on the qmail-toaster server. 11-10 16:07:45 CHKUSER accepted rcpt: from d...@acbsco.com:: mailto:d...@acbsco.com:: remote inet.local.solution-group.com:unknown:192.168.105.110 rcpt aci s...@solution-group.com mailto:s...@solution-group.com : found existing recipient 11-10 16:07:45 policy_check: local d...@acbsco.com mailto:d...@acbsco.com - local a...@solution-group.com mailto:a...@solution-group.com (UNAUTHENTICATED SENDER) 11-10 16:07:45 spamdyke[27917]: DENIED_OTHER from: d...@acbsco.com mailto:d...@acbsco.com to: a...@solution-group.com mailto:a...@solution-group.com origin_ip: 192.168.105.110 origin_rdns: (unknown) auth: (unknown) And in the logfile of the internal server, it looks like everything went fine. @40004af9e452316418ac new msg 33916470 @40004af9e4523164b8d4 info msg 33916470: bytes 1346 from qp 20677 uid 10040 @40004af9e452318befe4 starting delivery 6: msg 33916470 to remote d...@acbsco.com mailto:d...@acbsco.com @40004af9e452318c518c status: local 0/10 remote 1/20 @40004af9e452380fd844 delivery 6: success: 207.224.111.118_accepted_message./Remote_host_said:_250_ok_1257890865_qp_2 7923/ @40004af9e452380fe3fc status: local 0/10 remote 0/20 @40004af9e452380febcc end msg 33916470 My eMPF policy file on the qmail-toaster server does not restrict any accounts with ending in solution-group.com. Strange. Dave Michael Colvin wrote: Why not have the internal server deliver the mail itself? Is there a particular reason you need to relay through the QMT servers? Michael J. Colvin NorCal Internet Services www.norcalisp.com http://www.norcalisp.com -Original Message- From: d...@acbsco.com mailto:d...@acbsco.com [mailto:d...@acbsco.com] Sent: Tuesday, November 10, 2009 11:42 AM To: qmailtoaster-list@qmailtoaster.com mailto:qmailtoaster- l...@qmailtoaster.com Subject
RE: [qmailtoaster] Re: Spam Help Plz
Good point Eric... I didn't think of this, since I'm not yet using the QMT in production yet, and am still using Qmailrocks (Is that a 4 letter word around here? :-) ) w/Spamdyke set to handle TLS directly...So, in my case, only Spamdyke is handling TLS, since my Qmail doesn't support it. (I don't think I ever configured it, or installed the patch, or whatever..I forget now!) I didn't like the way Spamdyke worked when allowing the TLS connection to bypass it, so I felt it better to have Spamdyke offer TLS, and then still be able to utilize all of it's filters. Although, I think the most of it's filters would still work, those based on the initial SMTP connection (RBL's etc), but graylisting, white/black listed sender/recipients, etc would not, so it could be exploited to some degree. I still think the best way to determine your issue Raphael is to provide the e-mail headers... :-) I've got my users trained...When they have any issues, either with spam getting through, or someone trying to send e-mail to them getting a bounce, they send me headers. Usually makes short work of figuring out the problem. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: news [mailto:n...@ger.gmane.org] On Behalf Of Eric Shubert Sent: Thursday, November 05, 2009 11:02 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: Spam Help Plz Rafael Andrade wrote: Hello all, Im using qmailtoaster two years a go, and i`m very satisfied... some days a go my users receiving lots of spams, Tagged in subjects (spamassassin) or not. What could I be making to get better? Actually im using Qmailtoaster + Spamdyke with greylist. Excuse for english. My confs below: cat /etc/tcprules.d/tcp.smtp 127.:allow,RELAYCLIENT= 192.168.1.:allow,RELAYCLIENT=,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_R CPTLIMIT=120,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJ Kfh,QMAILQUEUE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/con trol/domainkeys/%/private,NOP0FCHECK=1 xxx.xx.xx.xx:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=120 ,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJKfh,QMAILQUE UE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/control/domainke ys/%/private,NOP0FCHECK=1 :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRO NGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIG N=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1 cat /var/qmail/control/simcontrol :clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.w mv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dwr :.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:. idw:.ipt cat /etc/spamdyke/spamdyke.conf # rbl dns-blacklist-entry=bl.spamcop.net dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=dnsbl.sorbs.net dns-blacklist-entry=bogons.cymru.com dns-blacklist-entry=ix.dnsbl.manitu.net dns-blacklist-entry=cbl.abuseat.org dns-blacklist-entry=dnsbl.njabl.org # graylist #graylist-dir=/etc/spamdyke/graylist.d graylist-dir=/home/vpopmail/graylist.d graylist-level=always graylist-max-secs=2678400 graylist-min-secs=180 greeting-delay-secs=5 local-domains-file=/var/qmail/control/rcpthosts #log-level=debug log-level=info log-target=syslog #log-target=stderr max-recipients=50 #policy-url=http://my.policy.explanation.url/ reject-empty-rdns #reject-ip-in-cc-rdns reject-missing-sender-mx reject-unresolvable-rdns tls-certificate-file=/var/qmail/control/servercert.pem # blacklist and whitelist ip ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-whitelist-file=/etc/spamdyke/whitelist_ip # blacklist and whitelist keywords ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords # blacklist and whitelist senders sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders # blacklist and whitelist rdns rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns # whitelist dns dns-whitelist-file=/etc/spamdyke/whitelist_dns # blacklist and whitelist recipients recipient-blacklist-file=/etc/spamdyke/blacklist_recipients recipient-whitelist-file=/etc/spamdyke/whitelist_recipients Raphael, I just came across what I think is a possible hole in spamdyke's configuration. I've been reading through the documentation regarding TLS, and it appears that with no tls-level option specified, if a spammer were to use TLS (advertised by qmail), spamdyke would be unable to use several of its filters because the data is encrypted passing through spamdyke to qmail-smtp. If you add tls-level=smtp to the spamdyke configuration file, this will cause spamdyke to
RE: [qmailtoaster] Re: Spam Help Plz
Like Eric mentioned, at this point, you need to take a look at the headers of the spam e-mails that your users are getting. You need to find something in the type of e-mails you're getting that you can filter on... Or, as also mentioned, it might be an internal user that is bypassing some of the filtering because they are authenticated... At this point, you need to look at the specific spam, and use specific techniques to filter it, not simply add more RBL's, or blacklists, etc. It's likely that just making one small tweak will eliminate most of your spam. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Rafael Andrade [mailto:raf...@riosulense.com.br] Sent: Tuesday, November 03, 2009 8:50 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Spam Help Plz Hello, Eric and all list, First thank u for the answer My users receiving lots of spams dont have a specific sender domain, or default spam type. My spamdyke is running see: spamdyke-stats /var/log/maillog Allowed: 35619 Denied : 140729 Sum: 176348 % Spam : 79.80% in logfile: Nov 3 13:48:42 net spamdyke[20038]: DENIED_RBL_MATCH from: misdirecti...@hamiltoncompany.com to: cristi...@domain.com origin_ip: 84.153.125.187 origin_rdns: p54997dbb.dip.t-dialin.net auth: (unknown) I`m using lots of Rbls to try reduce the spam numbers but not working correctly. Does anybody have some idea? Thanks so much Rafael Eric Shubert escreveu: Rafael Andrade wrote: Hello all, Im using qmailtoaster two years a go, and i`m very satisfied... some days a go my users receiving lots of spams, Tagged in subjects (spamassassin) or not. What could I be making to get better? Actually im using Qmailtoaster + Spamdyke with greylist. Excuse for english. My confs below: cat /etc/tcprules.d/tcp.smtp 127.:allow,RELAYCLIENT= 192.168.1.:allow,RELAYCLIENT=,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_R CPTLIMIT=120,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJ Kfh,QMAILQUEUE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/con trol/domainkeys/%/private,NOP0FCHECK=1 xxx.xx.xx.xx:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=120 ,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJKfh,QMAILQUE UE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/control/domainke ys/%/private,NOP0FCHECK=1 :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRO NGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIG N=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1 cat /var/qmail/control/simcontrol :clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.w mv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dwr :.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:. idw:.ipt cat /etc/spamdyke/spamdyke.conf # rbl dns-blacklist-entry=bl.spamcop.net dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=dnsbl.sorbs.net dns-blacklist-entry=bogons.cymru.com dns-blacklist-entry=ix.dnsbl.manitu.net dns-blacklist-entry=cbl.abuseat.org dns-blacklist-entry=dnsbl.njabl.org # graylist #graylist-dir=/etc/spamdyke/graylist.d graylist-dir=/home/vpopmail/graylist.d graylist-level=always graylist-max-secs=2678400 graylist-min-secs=180 greeting-delay-secs=5 local-domains-file=/var/qmail/control/rcpthosts #log-level=debug log-level=info log-target=syslog #log-target=stderr max-recipients=50 #policy-url=http://my.policy.explanation.url/ reject-empty-rdns #reject-ip-in-cc-rdns reject-missing-sender-mx reject-unresolvable-rdns tls-certificate-file=/var/qmail/control/servercert.pem # blacklist and whitelist ip ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-whitelist-file=/etc/spamdyke/whitelist_ip # blacklist and whitelist keywords ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords # blacklist and whitelist senders sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders # blacklist and whitelist rdns rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns # whitelist dns dns-whitelist-file=/etc/spamdyke/whitelist_dns # blacklist and whitelist recipients recipient-blacklist-file=/etc/spamdyke/blacklist_recipients recipient-whitelist-file=/etc/spamdyke/whitelist_recipients --- -- (Wow - that's a lot of RBLs) Are you sure that spamdyke's running? I like to use log-target=stderr so I can see spamdyke's messages in the smtp log along with the other related messages. Make sure spamdyke is running. Looks to me like you have the screws turned down pretty
RE: [qmailtoaster] Re: Spam Help Plz
Did anyone else notice that he is missing spam_hits in his config file? Does it default to something without it? I believe it defaults to 5 or something similar. It would only effect SpamAssassin anyway, and I've come to not really rely on SpamAssassin to block most of my spam. SpamDyke catches nearly all of it. If he's getting a lot of spam through, SpamAssassin is likely not the answer, blocking it with SpamDyke is. :-) Mike HIS: cat /var/qmail/control/simcontrol :clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.w mv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dwr :.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:. idw:.ipt MINE: # cat /var/qmail/control/simcontrol :clam=yes,spam=yes,spam_hits=7,attach=.mp3:.src:.bat:.pif:.exe:.com:.cmd:. dll:.msi:.msp:.reg:.vbe:.vbs:.vxd:.wsc:.wsf:.wsh See response above; Michael Colvin wrote: Like Eric mentioned, at this point, you need to take a look at the headers of the spam e-mails that your users are getting. You need to find something in the type of e-mails you're getting that you can filter on... Or, as also mentioned, it might be an internal user that is bypassing some of the filtering because they are authenticated... At this point, you need to look at the specific spam, and use specific techniques to filter it, not simply add more RBL's, or blacklists, etc. It's likely that just making one small tweak will eliminate most of your spam. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Rafael Andrade [mailto:raf...@riosulense.com.br] Sent: Tuesday, November 03, 2009 8:50 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Spam Help Plz Hello, Eric and all list, First thank u for the answer My users receiving lots of spams dont have a specific sender domain, or default spam type. My spamdyke is running see: spamdyke-stats /var/log/maillog Allowed: 35619 Denied : 140729 Sum: 176348 % Spam : 79.80% in logfile: Nov 3 13:48:42 net spamdyke[20038]: DENIED_RBL_MATCH from: misdirecti...@hamiltoncompany.com to: cristi...@domain.com origin_ip: 84.153.125.187 origin_rdns: p54997dbb.dip.t-dialin.net auth: (unknown) I`m using lots of Rbls to try reduce the spam numbers but not working correctly. Does anybody have some idea? Thanks so much Rafael Eric Shubert escreveu: Rafael Andrade wrote: Hello all, Im using qmailtoaster two years a go, and i`m very satisfied... some days a go my users receiving lots of spams, Tagged in subjects (spamassassin) or not. What could I be making to get better? Actually im using Qmailtoaster + Spamdyke with greylist. Excuse for english. My confs below: cat /etc/tcprules.d/tcp.smtp 127.:allow,RELAYCLIENT= 192.168.1.:allow,RELAYCLIENT=,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_R CPTLIMIT=120,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJ Kfh,QMAILQUEUE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/con trol/domainkeys/%/private,NOP0FCHECK=1 xxx.xx.xx.xx:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=120 ,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJKfh,QMAILQUE UE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/control/domainke ys/%/private,NOP0FCHECK=1 :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRO NGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIG N=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1 cat /var/qmail/control/simcontrol :clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.w mv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dwr :.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:. idw:.ipt cat /etc/spamdyke/spamdyke.conf # rbl dns-blacklist-entry=bl.spamcop.net dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=dnsbl.sorbs.net dns-blacklist-entry=bogons.cymru.com dns-blacklist-entry=ix.dnsbl.manitu.net dns-blacklist-entry=cbl.abuseat.org dns-blacklist-entry=dnsbl.njabl.org # graylist #graylist-dir=/etc/spamdyke/graylist.d graylist-dir=/home/vpopmail/graylist.d graylist-level=always graylist-max-secs=2678400 graylist-min-secs=180 greeting-delay-secs=5 local-domains-file=/var/qmail/control/rcpthosts #log-level=debug log-level=info log-target=syslog #log-target=stderr max-recipients=50 #policy-url=http://my.policy.explanation.url/ reject-empty-rdns #reject-ip-in-cc-rdns reject-missing-sender-mx reject-unresolvable-rdns tls-certificate-file=/var/qmail/control/servercert.pem # blacklist and whitelist ip ip-blacklist-file=/etc/spamdyke
RE: [qmailtoaster] Re: rdns
U... They should be. The should do one or the other. If they won't delegate the IP space to you so that you can create your own ptr for that IP, then they should do it for you. If they won't do either, it's likely because they don't know how to, which means they likely don't know what they are doing, and I would run as fast as you can to another colo. I've never had a problem getting IP address that are assigned to me, delegated to me. Also, usually, most IP's simply need the PTR to resolve to SOMETHING. It doesn't need to your mail server, per se, but it should resolve to something...So, if they don't want to delegate it, they can at least create a PTR for it that resolves to something. You may also want to make sure that there is an a record for whatever they do point it to. IE, if they use mail.domain.com as the PTR, make sure that mail.domain.com resolves to something as well, even if the IP's don't match. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Maxwell Smart [mailto:c...@yother.com] Sent: Tuesday, November 03, 2009 9:41 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: rdns That's what I thought. I had this problem once before. I am not sure I am going to be able to get the delegation this time. At my primary location I have my own delegation and that works fine, but they may not be so keen at this colocation. Thanks for your insight. CJ Eric Shubert wrote: The ISP, as owner of the IP address they've given you to use, controls the rDNS entry. You need to get them to change it to your host name. There are rare situations where an ISP might delegate rDNS entries to a customer, but I wouldn't count on that. I've also heard of situations where the customer can use a web app to change their rDNS values. You'll need to contact your ISP and see how they handle it. You can simply tell them what you want it to be, and they should change it. Maxwell Smart wrote: OK I know that, but that doesn't resolve my problem. Without being able to setup an rDNS entry for this IP address my server mail gets rejected with a non matching rDNS entry. How is this resolved? I can't be the only one that has a server at a co location facility where I don't control the DNS. Eric Shubert wrote: Maxwell Smart wrote: I have searched, but really don't know how to ask this question. I know most on the list have been confronted with this. If anyone could point me in the direction of the answer that would be sufficient. I have a qmailtoaster that I just put into a co location facility. It has rDNS pointed to it's domain name, as it's supposed to. How do I setup my rDNS entries for mail clients on the server at that location? Is there a way to use a PTR record that indicates that it's supposed to resolve to colo.example.com? What's the correct method of addressing this? CJ There's only one rDNS entry for a given IP address. That entry should be a ptr record that points to (some other) type A record that hopefully resolves to the same address which the rDNS entry has. For example: shu...@edwin:~$ dig doris.shubes.net ; DiG 9.4.2-P2 doris.shubes.net ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 4288 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;doris.shubes.net.INA ;; ANSWER SECTION: doris.shubes.net.592INA174.17.83.232 ;; Query time: 0 msec ;; SERVER: 192.168.70.253#53(192.168.70.253) ;; WHEN: Tue Nov 3 19:55:59 2009 ;; MSG SIZE rcvd: 50 shu...@edwin:~$ dig -x 174.17.83.232 ; DiG 9.4.2-P2 -x 174.17.83.232 ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 38386 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;232.83.17.174.in-addr.arpa.INPTR ;; ANSWER SECTION: 232.83.17.174.in-addr.arpa. 43031 INPTR 174-17-83-232.phnx.qwest.net. ;; Query time: 0 msec ;; SERVER: 192.168.70.253#53(192.168.70.253) ;; WHEN: Tue Nov 3 19:56:38 2009 ;; MSG SIZE rcvd: 86 shu...@edwin:~$ dig 174-17-83-232.phnx.qwest.net ; DiG 9.4.2-P2 174-17-83-232.phnx.qwest.net ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 59486 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;174-17-83-232.phnx.qwest.net.INA ;; ANSWER SECTION: 174-17-83-232.phnx.qwest.net. 43010 INA174.17.83.232 ;; Query time: 0 msec ;; SERVER: 192.168.70.253#53(192.168.70.253) ;; WHEN: Tue Nov 3 19:57:18 2009 ;; MSG SIZE rcvd: 62 shu...@edwin:~$ HTH -- Cecil Yother, Jr. cj cj's 2318 Clement Ave Alameda, CA 94501 tel 510.865.2787 | fax
RE: [qmailtoaster] Filtering in front of an Exchange server to prevent bounces
If I'm not missing something here, you could modify your script and use it to populate the VPOPMail MySQL database with your user/domain information. Then have CHKUSER use that database to verify recipients. You'll also have to update the rcpthosts file with the domains and the smtproutes file, unless the domains all go to the same Exchange server, and you can have a default IP or domain in there. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Brent Gardner [mailto:brent.gard...@gmail.com] Sent: Friday, October 30, 2009 4:12 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Filtering in front of an Exchange server to prevent bounces I have a qmailToaster acting as a filter in front of an Exchange server. No mail is kept locally, everything is forwarded to the Exchange server. Since the toaster doesn't know about the accounts on the Exchange server it can't block inbound messages for unknown addresses during transmission. The Exchange server is doing a lot of bouncing. Methods i've seen to prevent this on the Exchange side seem undesireable: - disable NDR's completely - create a catchall for bad addresses using a sink On a test machine, I'm experimenting with how to get the toaster to block during transmission. I set it up similar to how the live server is configured, then I ran vadddomain and vadduser to set up a domain and a couple users. For each user, I edited the .qmail file to cause them to forward to an address on an internal-only domain serviced by the Exchange server. This seems to work. I've developed a script I can run on a Windows machine that pulls all email addresses out of Active Directory and generates a script to run on the toaster that will use vadddomain and vadduser to create domains and users, and then create the .qmail file and put the correct information into it for each user. My questions: Are there other ways to go about this on the toaster side that may be more efficient? Perhaps a file wherein I can list all the email addresses I'm willing to accept mail for? Is there a domain-level file i can put forwarding information into so I don't have to do it in each account's .qmail file? Do I need to put settings somewhere either on a per-account or per-domain basis that makes the system use the centralized settings for SpamAssassin and other Toaster goodness instead of using per-account or per-domain settings? Thanks, Brent Gardner -- --- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! -- --- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list- unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list- h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] QMT on VMWare ESXi
Is anyone running the QMT iso on a VMWare VM? I had one set up just to play with, but noticed the clock keeps horrible time. I was able to adjust the ticks to keep it more accurate, along with an hourly sync, but this seems ridiculous. From what I've found, it's an issue with CentOS in a VM, but I've got CentOS running in a VM for a PBX, and it seems fine. This is the only time I've ever had an issue with the system/hardware clock drifting dramatically in a VM. There are also other VM's on this physical server that keep sync fine... Michael J. Colvin NorCal Internet Services www.norcalisp.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Hosting Control Panel
I've never used a Hosting Control Panel in our hosting operation... I've always just built scripts to provision e-mail services, hosting, etc, but it seems more and more I'm getting requests for a control panel from my hosting customers. I've been looking into various flavors of Control Panels, but what I've found is, most don't seem to support Qmail, and those that do, I'm always hearing about it breaking Qmail (Plesk). So, my question is, what, if any, Hosting Control Panel do other Qmail-Toaster users use in a hosting environment? I'm looking for something for customer use, not support/admin use (IE Webmin). Something like cPanel, but that supports Qmail. :-) Any suggestions? Interworx uses Qmail. Supports all of the popular things (reseller accounts, bandwidth monitoring, etc.) Jake, I've looked into Interworx, and it looks like it will work fine. I've got the temp license to do some testing/integration with, just to make sure I can make it all tie together. (Looks pretty straight forward). My question is, it appears Interworx takes a bone stock install of a compatible OS (Let's say CentOS5) and installs everything, Apache, Qmail, DNS, etc, almost like an ISO without the OS. :-) If this is true, do you usually just run the Interworx installation of Qmail? Does it contain the patches, etc that QMT does? Or is it like one of the other Qmail flavors? For my purposes, it really doesn't have to do anything but handle user mail. POP, Webmail, SMTP for users only, IMAP, etc. I have frontend servers that handle the spam filtering, etc, that will be using QMT, but it would still be nice to have CHKUSER, SMTP Auth, TLS, etc. Thanks! Mike - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Re: Area510.net : e mail delay
Are the system clocks sync'd? I've had this bite me a couple times in the past. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Maxwell Smart [mailto:c...@yother.com] Sent: Thursday, September 24, 2009 4:00 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Area510.net : e mail delay If I send an e mail to myself whether from a local account ie. c...@yother.com to c...@yother.com or from cjyot...@pacbell.net to c...@yother.com and vice versa it takes anywhere from 5 minutes to 20 minutes for the e mail to arrive. This occurs whether I use Thunderbird (IMAP), Squirrelmail or through the Webmin interface for checking user mail. I have now discovered it appears to be happening on both of my toasters. The are on different IP's and one is mail only. This particular toaster is web, mail and slave DNS. I have extensively tested the DNS and it's responding as expected. The toaster that is only mail I have only tested through the Squirrelmail interface. composesend5-20 minute delay before it arrives in the inbox. It used to be virtually instantaneous. Neither system is running Spamdyke and both systems are fully up to date. Eric Shubert wrote: Those are 2 different messages. Let's back up a little bit. Please explain again what you're seeing that's leading you to conclude that there are delays. Maxwell Smart wrote: Eric Shubert wrote: I don't see any highlighting. Please post to the list. There are many more eyes there. :) Maxwell Smart wrote: Eric, OK, I have been watching the log with tail -f /var/log/qmail/smtp/current I don't see anything out of the ordinary. Look at the times with the highlighted entry below. Between the simscan and CHKUSER is 6 minutes. I may have restarted my toaster to check mail so it may not be relevant, but may indicate that the problem is in the simscan. Here is a clip of entries with my e mail address. 09-24 14:03:10 CHKUSER accepted rcpt: from jimmierowe...@estranet.it:: remote hbympm1:unknown:80.37.56.214 rcpt c...@yother.com : found existing recipient 09-24 14:03:10 policy_check: remote jimmierowe...@estranet.it - local c...@yother.com (UNAUTHENTICATED SENDER) 09-24 14:03:12 simscan:[18048]:CLEAN (4.70/12.00):0.9696s:VicodinES available online today!:80.37.56.214:jimmierowe...@estranet.it:c...@yother.com 09-24 14:14:29 CHKUSER accepted rcpt: from oss...@laetitia.area510.net:: remote notify.ossec.net:unknown:192.168.0.2 rcpt c...@yother.com : found existing recipient 09-24 14:14:29 policy_check: local oss...@laetitia.area510.net - local c...@yother.com (UNAUTHENTICATED SENDER) 09-24 14:14:29 simscan:[2708]:CLEAN (-4.40/12.00):0.7645s:OSSEC Notification - laetitia - Alert level 3:192.168.0.2:oss...@laetitia.area510.net:c...@yother.com 09-24 14:18:30 CHKUSER accepted sender: from c...@yother.com:c...@yother.com: remote [192.168.0.86]:unknown:192.168.0.2 rcpt : sender accepted 09-24 14:18:30 CHKUSER accepted rcpt: from c...@yother.com:c...@yother.com: remote [192.168.0.86]:unknown:192.168.0.2 rcpt c...@yother.com : found existing recipient 09-24 14:18:30 policy_check: local c...@yother.com - local c...@yother.com (AUTHENTICATED SENDER) 09-24 14:18:30 simscan:[2933]:RELAYCLIENT:0.0315s:- :192.168.0.2:c...@yother.com:c...@yother.com 09-24 14:18:43 CHKUSER accepted rcpt: from qmailtoaster-list-return-3294-cj=yother@qmailtoaster.com:: remote mail.qmailtoaster.com:unknown:216.81.238.95 rcpt c...@yother.com : found existing recipient 09-24 14:18:43 policy_check: remote qmailtoaster-list-return-3294-cj=yother@qmailtoaster.com - local c...@yother.com (UNAUTHENTICATED SENDER) 09-24 14:18:51 simscan:[2950]:CLEAN (-1.60/12.00):7.7640s:Re_ [qmailtoaster] Problems emailing large number of recipients:216.81.238.95:qmailtoaster-list-return-3294- cj=yother@qmailtoaster.com:c...@yother.com 09-24 14:25:04 CHKUSER accepted sender: from c...@yother.com:c...@yother.com: remote [192.168.0.86]:unknown:192.168.0.2 rcpt : sender accepted 09-24 14:25:04 CHKUSER relaying rcpt: from c...@yother.com:c...@yother.com: remote [192.168.0.86]:unknown:192.168.0.2 rcpt e...@shubes.net : client allowed to relay 09-24 14:25:04 policy_check: local c...@yother.com - remote e...@shubes.net (AUTHENTICATED SENDER) 09-24 14:25:13 simscan:[3243]:RELAYCLIENT:8.4547s:- :192.168.0.2:c...@yother.com:e...@shubes.net 09-24 14:31:46 CHKUSER accepted rcpt: from e...@shubes.net:: remote mho-02-ewr.mailhop.org:unknown:204.13.248.72 rcpt c...@yother.com : found existing recipient 09-24 14:31:46 policy_check: remote e...@shubes.net - local c...@yother.com (UNAUTHENTICATED SENDER) 09-24 14:31:47 simscan:[4066]:CLEAN (0.10/12.00):0.8290s:Re_ Area510.net _ e mail delay:204.13.248.72:e...@shubes.net:c...@yother.com 09-24 14:38:48
[qmailtoaster] Hosting Control Panel
I've never used a Hosting Control Panel in our hosting operation... I've always just built scripts to provision e-mail services, hosting, etc, but it seems more and more I'm getting requests for a control panel from my hosting customers. I've been looking into various flavors of Control Panels, but what I've found is, most don't seem to support Qmail, and those that do, I'm always hearing about it breaking Qmail (Plesk). So, my question is, what, if any, Hosting Control Panel do other Qmail-Toaster users use in a hosting environment? I'm looking for something for customer use, not support/admin use (IE Webmin). Something like cPanel, but that supports Qmail. :-) Any suggestions? Michael J. Colvin NorCal Internet Services www.norcalisp.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Hosting Control Panel
I've used Webmin for years, just never looked at it as a user interface, and have honestly never installed the usermin/virtualmin modules. I'll look into that. Thanks for the information on Interworx also Jake. It appears to be supported by the billing system we just moved to also. (WHMCS) I will give it a look. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Maxwell Smart [mailto:c...@yother.com] Sent: Wednesday, September 23, 2009 8:49 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Hosting Control Panel Webmin actually has the features you are wanting. They are in modules like Usermin and Virtualmin. It is very robust and offers a great deal of flexibility on what you want your customers to have access to. It also supports, bandwidth monitoring, webalizer, etc. Jake Vickers wrote: Michael Colvin wrote: I've never used a Hosting Control Panel in our hosting operation... I've always just built scripts to provision e-mail services, hosting, etc, but it seems more and more I'm getting requests for a control panel from my hosting customers. I've been looking into various flavors of Control Panels, but what I've found is, most don't seem to support Qmail, and those that do, I'm always hearing about it breaking Qmail (Plesk). So, my question is, what, if any, Hosting Control Panel do other Qmail-Toaster users use in a hosting environment? I'm looking for something for customer use, not support/admin use (IE Webmin). Something like cPanel, but that supports Qmail. :-) Any suggestions? Interworx uses Qmail. Supports all of the popular things (reseller accounts, bandwidth monitoring, etc.) - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- --- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! -- --- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list- unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list- h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] TLS_connect_failed: Plesk mailserver
If you won't want to pay $15, don't want to contact the other server's admin, or you can't just get that domain's hosting yourself, you might consider setting up another qmail server w/o tls, possibly on a virtual machine or something, and use smtproutes on your main server, to send to that new qmail server, that will then forward it to the current hosts server, without tls. Basically, build your own proxy server for this one domain...Seems like a waste of time, but it's better than $15 a month for someone elses proxy server. :-) I like the idea of just getting them to host with you instead, and point out why they should. As Eric said, it doesn't look like their current host knows what's up. Mike -Original Message- From: news [mailto:n...@ger.gmane.org] On Behalf Of Eric Shubert Sent: Friday, August 28, 2009 10:13 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] TLS_connect_failed: Plesk mailserver PakOgah wrote: My user complain cant sent email to domain pegasusinsurindo.com when I check on send log this is error 08-28 19:09:05 delivery 243: deferral: TLS_connect_failed:_error:14077410:SSL_routines:SSL23_GET_SERVER_HELLO:ssl v3_alert_handshake_failure;_connected_to_72.4.126.254./ already search on archive and google and only got this similar. http://www.thegillis.net/2007/04/07/mail-toaster-qmail-and-openssl-098e- workaround-and-fix/ but I am not using openssl 0.9.8e and from http://forum.parallels.com/printthread.php?t=52543 which I quote Does anybody know of a way to prevent Qmail from attempting a STARTTLS when sending to a server advertising STARTTLS capability? I am using centos 4.6 my toaster package is: [r...@server2 send]# rpm -qa | grep toaster libdomainkeys-toaster-0.68-1.3.3 courier-authlib-toaster-0.59.2-1.3.6 ezmlm-toaster-0.53.324-1.3.3 maildrop-toaster-2.0.3-1.3.5 squirrelmail-toaster-1.4.9a-1.3.6 simscan-toaster-1.3.1-1.3.6 daemontools-toaster-0.76-1.3.3 vpopmail-toaster-5.4.17-1.3.4 libsrs2-toaster-1.0.18-1.3.3 qmail-pop3d-toaster-1.03-1.3.15 courier-imap-toaster-4.1.2-1.3.7 control-panel-toaster-0.5-1.3.4 ezmlm-cgi-toaster-0.53.324-1.3.3 qmailmrtg-toaster-4.2-1.3.3 maildrop-toaster-devel-2.0.3-1.3.5 vqadmin-toaster-2.3.4-1.3.3 ripmime-toaster-1.4.0.6-1.3.3 qmailtoaster-plus.repo-0.1-1 spamassassin-toaster-3.2.5-1.3.17 ucspi-tcp-toaster-0.88-1.3.5 qmail-toaster-1.03-1.3.15 autorespond-toaster-2.0.4-1.3.3 qmailadmin-toaster-1.2.11-1.3.4 isoqlog-toaster-2.1-1.3.4 qmailtoaster-plus-0.3.1-1.4.11 clamav-toaster-0.95.2-1.3.29 my openssl version is [r...@server2 send]# rpm -qa | grep openssl openssl-0.9.7a-43.17.el4_6.1 xmlsec1-openssl-1.2.6-3 openssl096b-0.9.6b-22.46 openssl-devel-0.9.7a-43.17.el4_6.1 does anyone can execute the below command on his box? below output is the result on my end. openssl s_client -starttls smtp -crlf -connect mail.pegasusinsurindo.com:25 -debug CONNECTED(0003) read from 09D43330 [09D3E130] (8192 bytes = 55 (0x37)) - 32 32 30 20 32 33 39 31-35 32 2d 61 70 70 33 2e 220 239152- app3. 0010 - 32 33 39 31 35 32 2d 61-70 70 33 2e 64 6f 74 63 239152- app3.dotc 0020 - 6f 6d 69 6e 64 6f 6e 65-73 69 61 2e 63 6f 6d 20 omindonesia.com 0030 - 45 53 4d 54 50 0d 0a ESMTP.. write to 09D43330 [BFF73BD0] (10 bytes = 10 (0xA)) - 53 54 41 52 54 54 4c 53-0d 0a STARTTLS.. read from 09D43330 [09D3C128] (8192 bytes = 19 (0x13)) - 32 32 30 20 72 65 61 64-79 20 66 6f 72 20 74 6c 220 ready for tl 0010 - 73 0d 0a s.. write to 09D43330 [09D43378] (142 bytes = 142 (0x8E)) - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00 ..c... ..9.. 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5 0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00 ..3..2../.f. 0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00 .c.. 0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40 b..a...@ 0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00 ..e..d..`... 0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 ab 56 ...V 0070 - b4 3f 80 e1 6e d6 38 38-43 99 98 8c ad 1b 79 96 .?..n.88C.y. 0080 - 16 c9 c5 80 d1 fe fc 46-7a 7b 15 fd e1 15 ...Fz{ read from 09D43330 [09D488D8] (7 bytes = 7 (0x7)) - 15 03 01 00 02 02 28 ..( 9078:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:470: thanks before for the responde I get the same failure with CentOS5.3, all up to date packages. So upgrading isn't going to fix this. I don't believe this is a problem on your end, and I don't know of a workaround either. You could try dyndns.org's outbound mailhop service ($15/yr). You would route mail for that domain
RE: [qmailtoaster] Stupid Question...Or two.
We're naturally going to suggest you use a Redhat distro and QMT (you *are* asking on our list!), but I'd say use whatever tool fits the job. Of course. :-) Sit down, figure out what your goals and timelines are. Weigh this with what you need and mark milestones on your projected timeline. If you have an expanded timeline then maybe rolling your own is better as you'll learn the internals a little more. If your timeline operates in the real world, figure out what will work for you in the time allotted and budget fudge time (ie: I borked this thing and need to fix it time). Plan it all out in advance. The timeline's pretty flexible... What I have in place is working, and I've got the hardware and rack space to build the new system without disrupting the existing. The only Pressure to get it done is that which I place on myself. I'd like to get it done so I can move on to the next one. :-) Vpopmail in QMT uses a Mysql DB. It's trivial to replicate that database between multiple machines and there are a variety of methods to accomplish this. I've done this before, also, and have looked at possibly implementing this is my setup, and may in fact include it in my plans, to some extent. I'm going to start a video series on the magazine this coming week on how to build a cluster that replicates all the data between all the machines (database and mail store), so you could list all of your mail servers as MX records (or even a single MX record with multiple IPs!) and it would not matter which server accepted the data, as it would be replicated between them all. Your users would be able to use any (or all, depending on how you set it up) of the servers as their pop/smtp servers, or you could dedicate 1 machine as the smtp and the rest as the incoming, or whatever. The video will be over the next few weeks as this is a complicated task. The video sounds good. Sounds like a lot of work, but I'm sure it will be helpful. I've browsed some of your existing videos, and they look well done and easy to follow. My current setup has multiple servers, all behind load balancing, so I'm already spreading the load out amongst the multiple servers, and it's working fine, and actually makes it nice when adding/moving servers around. But to answer your question, yes, it's trivial to tell vpopmail to use an external database for it's user store. You could have your multiple incoming servers use the same vpopmail backend for authentication/checks to accept mail and then smtproute it to the final destination machine. The file you would need to edit would be the /home/vpopmail/etc/vpopmail.mysql file. It should be pretty self explanatory; change localhost to the IP/domain of the server you want to be the mysql user store and adjust the password if needed. Everything else should pretty much stay the same. You may need to change the 0 to a 3306. Then all of your frontend machines can authenticate against the same backend. That's pretty much what I thought. Like I said, while I'm no qmail expert, I have been working with it for some time, and know the ins-and-outs of how it works, for the most part, so this isn't New to me, but each OS distribution seems to have slightly different ways of doing things, and that's the main thing I need to get used to. Thanks again! - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Stupid Question...Or two.
Ok. This is probably a stupid question, but... It's Sunday, so I'm entitled to one stupid question. :-) I've been using Qmail for many years (10), although only admining one myself for the past 3. I originally used Qmailrocks, and am aware of its shortcomings and issues, compared to Modern flavors of qmail. So... What's the differences between Qmail Toaster, Bill Shupp's Qmail Toaster, and netqmail? I don't mean the obvious (QMT being an ISO), but more along the lines of the Finished Product. What's better/worse about the three versions? Also, and this is more for Jake I think, other than being based on CentOS 5, what's the difference between the Free version of your QMT and the QMT5 version? I have no problem paying you for the QMT5 version, but am curious as to the reason for two versions? Is CentOS5 that much better? (I'm not a CentOS person, so I'm not sure.) Anyway, thanks for the time! Mike - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Stupid Question...Or two.
Oh, no doubt the setup/install of QMT is easier than Qmailrocks. I was/am a Windoze admin up until a couple years ago when necessity dictated that I learn some Unix/Linux. I landed in Ubuntu land, and that's what I've been using, for the most part, and have several machines running qmail using Qmailrocks on Ubuntu. But, as I said in the original post, I've also learned there's some things with Qmailrocks that, well, shouldn't be. :-) So, I'm embarking on a migration in that area. I've had a machine running QMT for a month or two now, that I'm basically just playing with, and so far I do like the additional functionality, no doubt, and yes, it is easier to get a working box. QMT-Plus also makes it nice. I've been using SpamDyke w/qmail for a year or two (On Qmailrocks setup), and that's prolonged the existing servers life...But, it's time to move on. The support for QMT, as you mentioned, is great. Qmailrocks is dead. So, of course there's a great difference, although, for the most part, I haven't needed much support in the past (Knock on wood), but, it is nice to know it's there if needed. I'm still not an expert by any means with Linux, so beyond Ubuntu, and some playing with CentOS with a Trixbox, I haven't experienced many flavors of Linux, but I guess they're all similar, much like the various flavors of any OS. But, it would seem some my be better suited for some services than others... What I'm looking to replace is a fairly Kluged together mail server cluster. A cluster of a cluster, if you will. :-) I've got a few boxes that run Qmail w/spamdyke, that act as filtering servers, that then pass the Cleaned mail onto the actual customer mail servers, also running qmail. It all works fine, but is lacking some specific items, that QMT does add, mainly chkuser. Backscatter spam isn't just annoying, it's rude. :-), and like all non-patched qmail servers, I'm guilty, so I've been looking at various solutions for a while, and have narrowed it down to basically QMT or installing from source, potentially blending a couple different Perfect qmail installs. So.. I could just install QMT on all of them, and be done. Or, would it be better to stay with a Debian based OS that I'm familiar with (Although, all I really do with them is e-mail, so there's not much to Do with them after they are up and running!). If I go with the Roll your own method, I could choose an OS, and maybe only install the functionality that I need on each server... But, then again, it would be more efficient to just put QMT on all of them. :-) Let me ask this... The chkuser functionality uses Vpopmail to actually check for valid accounts, right? And, I'm assuming that changing the default database that Vpopmail uses is trivial? (I've actually not done it, but I would think it would be just modifying a file). My goal is to have the Filtering servers use chkuser to validate recipients, but to actually have only a single database with users in it, and instead of using a script or something to push a cdb file out to each server, I would think you could point the Filtering servers vpopmail to check the vpopmail database that a Central mail server maintains. ??? Am I smokin' crack? Thanks again for the ear guys, and sorry for the long-winded post. I usually only lerk on lists I'm one, trying to soak up info...But, I've got to do get this done, so I'm trying to get some specific information to get me pointed in the right direction. Mike Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Mike Canty [mailto:m...@collotype.com.au] Sent: Sunday, August 16, 2009 6:44 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] Stupid Question...Or two. Mike, If it is of any consequence. I have recently moved from a Fedora Core 7 machine that I had installed Qmailrocks on. I found that the upgrades were a little slow, limited documentation and I needed a couple of features that were not present. After looking at a range of different Qmail options I chose to use the QMT version. I also wanted to keep using Fedora or Red Hat, as this is in place on a few of my machines. As a result CentOS was the obvious choice (Red Hat without the Red Hat support). I have now put the server in place with the QMT for CentOS 5.3 and this went well. I have also added the QMT Plus package, and sent some time tuning my system using the videos supplied by Jake. I did have an issue, but the excellent forum provided me with the information to fix my issues. After the install I now have a machine that is supported for a few years at least, running in a stable environment, offering advanced features my Qmailrocks install didn't. Oh, and the QMT install was very easy compared to Qmailrocks. Just my thoughts Cheers -Original Message- From: Michael Colvin [mailto:mcol...@norcalisp.com] Sent: Monday, 17 August 2009 9:47