RE: [qmailtoaster] Fwd: [simscan] attachment filename scanning bug report
Hi Guys,
Was just taking a look into the issue of the bug reported below (in
particular the C function that is being called and came across this patch
for simscan 1.2 (not sure if this is what is currently being used by the
toaster)
http://jeremy.kister.net/code/simscan-1.2-stabilize.patch
Regards
Rangi
-Original Message-
From: Quinn Comendant [mailto:[EMAIL PROTECTED]
Sent: Tuesday, 23 January 2007 10:44 a.m.
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Fwd: [simscan] attachment filename scanning bug
report
FYI: I found an issue with simscan this morning that y'all should be aware
of. Read below...
Quinn
-
Strangecode :: Internet Consultancy
http://www.strangecode.com/
+1 530 624 4410
- Begin forwarded message -
Subject: [simscan] attachment filename scanning bug report
Date: Mon, 22 Jan 2007 13:38:16 -0800
From: Quinn Comendant [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
I found a problem with simscan's attachment scanning: the filename matching
is overly sensitive. I'm using version 1.2 but the problem should exist in
all recent versions. Here's an example running on simscan with a cdb
including attach=.exe:.bat:.pif:.src:
My email contains two attachments, the filename of one is:
Content-Disposition: attachment;
filename=C A Blum TeachVenture Recruiting Invoice 016
11-30-06.doc
Simscan thinks this filename matches the attachment extension .src, and so
the email is rejected.
Problem #1: Filenames with spaces are not handled properly. This filename is
processed only as C. (See debug output below.)
Problem #2: The entire attachment extension is not matched, regardless of a
dot. If the specified extension is .src then only .src should match, not
c, rc, or src.
Proposed solution: Use a more specific string matching function instead of
this:
if ( str_rstr(mydirent-d_name,bk_attachments[i]) == 0 ) {
(I'm not well versed in C, so I'm not sure what would be used.)
[EMAIL PROTECTED]/1 ~]$QMAILQUEUE=/var/qmail/bin/simscan SIMSCAN_DEBUG=5
/var/qmail/bin/qmail-inject [EMAIL PROTECTED] teachventure-attach.eml
simscan: cdb looking up
simscan: cdb for found
clam=yes,spam=yes,spam_hits=8,attach=.exe:.bat:.pif:.src
simscan: pelookup clam = yes
simscan: pelookup spam = yes
simscan: pelookup spam_hits = 8
simscan: Per Domain Hits set to : 8.00
simscan: pelookup attach = .exe:.bat:.pif:.src
simscan: attachment flag attach = .exe:.bat:.pif:.src
simscan: add_attach called with .exe:.bat:.pif:.src
simscan: .exe is attachment number 0
simscan: .bat is attachment number 1
simscan: .pif is attachment number 2
simscan: .src is attachment number 3
simscan: starting: work dir: /var/qmail/simscan/1169498396.417942.30775
simscan: pelookup: called with [EMAIL PROTECTED]
simscan: pelookup: domain is gmail.com
simscan: cdb looking up gmail.com
simscan: pelookup: local part is beausmith
simscan: lpart: local part is **
simscan: cdb looking up [EMAIL PROTECTED]
simscan: pelookup: called with [EMAIL PROTECTED]
simscan: pelookup: domain is hoodwink.us
simscan: cdb looking up hoodwink.us
simscan: pelookup: local part is q
simscan: lpart: local part is **
simscan: cdb looking up [EMAIL PROTECTED]
simscan: checking attachment textfile0 against .exe
simscan: checking attachment textfile0 against .bat
simscan: checking attachment textfile0 against .pif
simscan: checking attachment textfile0 against .src
simscan: checking attachment C against .exe
simscan: checking attachment c against .bat
simscan: checking attachment c against .pif
simscan: checking attachment c against .src
simscan:[30774]:ATTACH:0.0108s:c:(null):[EMAIL PROTECTED]:[EMAIL PROTECTED]
simscan: exit error code: 82
qmail-inject: fatal: Your email was rejected because it contains a bad
attachment: c
Cheers!
Quinn
-
Strangecode :: Internet Consultancy
http://www.strangecode.com/
+1 530 624 4410
-
QmailToaster hosted by: VR Hosted http://www.vr.org
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.410 / Virus Database: 268.17.5/645 - Release Date: 22/01/2007
-
QmailToaster hosted by: VR Hosted http://www.vr.org
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] Fwd: [simscan] attachment filename scanning bug report
Ignore the previous post. I posted the wrong link. But apparently it is
already being addressed. That patch is what partially has created the bug
found by Quinn.
There is a patch due to come out very shortly.
Regards
-Original Message-
From: Quinn Comendant [mailto:[EMAIL PROTECTED]
Sent: Tuesday, 23 January 2007 10:44 a.m.
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Fwd: [simscan] attachment filename scanning bug
report
FYI: I found an issue with simscan this morning that y'all should be aware
of. Read below...
Quinn
-
Strangecode :: Internet Consultancy
http://www.strangecode.com/
+1 530 624 4410
- Begin forwarded message -
Subject: [simscan] attachment filename scanning bug report
Date: Mon, 22 Jan 2007 13:38:16 -0800
From: Quinn Comendant [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
I found a problem with simscan's attachment scanning: the filename matching
is overly sensitive. I'm using version 1.2 but the problem should exist in
all recent versions. Here's an example running on simscan with a cdb
including attach=.exe:.bat:.pif:.src:
My email contains two attachments, the filename of one is:
Content-Disposition: attachment;
filename=C A Blum TeachVenture Recruiting Invoice 016
11-30-06.doc
Simscan thinks this filename matches the attachment extension .src, and so
the email is rejected.
Problem #1: Filenames with spaces are not handled properly. This filename is
processed only as C. (See debug output below.)
Problem #2: The entire attachment extension is not matched, regardless of a
dot. If the specified extension is .src then only .src should match, not
c, rc, or src.
Proposed solution: Use a more specific string matching function instead of
this:
if ( str_rstr(mydirent-d_name,bk_attachments[i]) == 0 ) {
(I'm not well versed in C, so I'm not sure what would be used.)
[EMAIL PROTECTED]/1 ~]$QMAILQUEUE=/var/qmail/bin/simscan SIMSCAN_DEBUG=5
/var/qmail/bin/qmail-inject [EMAIL PROTECTED] teachventure-attach.eml
simscan: cdb looking up
simscan: cdb for found
clam=yes,spam=yes,spam_hits=8,attach=.exe:.bat:.pif:.src
simscan: pelookup clam = yes
simscan: pelookup spam = yes
simscan: pelookup spam_hits = 8
simscan: Per Domain Hits set to : 8.00
simscan: pelookup attach = .exe:.bat:.pif:.src
simscan: attachment flag attach = .exe:.bat:.pif:.src
simscan: add_attach called with .exe:.bat:.pif:.src
simscan: .exe is attachment number 0
simscan: .bat is attachment number 1
simscan: .pif is attachment number 2
simscan: .src is attachment number 3
simscan: starting: work dir: /var/qmail/simscan/1169498396.417942.30775
simscan: pelookup: called with [EMAIL PROTECTED]
simscan: pelookup: domain is gmail.com
simscan: cdb looking up gmail.com
simscan: pelookup: local part is beausmith
simscan: lpart: local part is **
simscan: cdb looking up [EMAIL PROTECTED]
simscan: pelookup: called with [EMAIL PROTECTED]
simscan: pelookup: domain is hoodwink.us
simscan: cdb looking up hoodwink.us
simscan: pelookup: local part is q
simscan: lpart: local part is **
simscan: cdb looking up [EMAIL PROTECTED]
simscan: checking attachment textfile0 against .exe
simscan: checking attachment textfile0 against .bat
simscan: checking attachment textfile0 against .pif
simscan: checking attachment textfile0 against .src
simscan: checking attachment C against .exe
simscan: checking attachment c against .bat
simscan: checking attachment c against .pif
simscan: checking attachment c against .src
simscan:[30774]:ATTACH:0.0108s:c:(null):[EMAIL PROTECTED]:[EMAIL PROTECTED]
simscan: exit error code: 82
qmail-inject: fatal: Your email was rejected because it contains a bad
attachment: c
Cheers!
Quinn
-
Strangecode :: Internet Consultancy
http://www.strangecode.com/
+1 530 624 4410
-
QmailToaster hosted by: VR Hosted http://www.vr.org
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.410 / Virus Database: 268.17.5/645 - Release Date: 22/01/2007
-
QmailToaster hosted by: VR Hosted http://www.vr.org
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] Mail Filtering
Hi Guys, I am looking at setting up another toaster for my personal domain at home. What I need to know is what is the toaster currently using for mail filtering? Maildrop or Procmail? What I would like to eventually have is a toaster setup with all the standard things and use either procmail or maildrop to filter messages marked as spam into a spam mbox folder and have either spamassassin or dspam learn from the spam. I will most likely use squirrelmail as the web based interface and will modify squirrelmail slightly so that when a user empties their spam filter mbox it will cause either dspam or spamassassin to learn these new spam messages. I will also have another mbox folder for incorrectly marked spam as well which will (when a user moves a message to the non-spam mbox folder) learn it as ham. I have previously setup dspam to work with qmail toaster and will implement it again depending on the levels of spam that the mail server will receive. Kind regards, Rangi
RE: Re[4]: [qmailtoaster] Can anyone
Hi Kyle, Edit the domain name record in /var/named/chroot/var/named/ for your domain which is hwt39.net (I believe) and add a new TXT entry for the domain. Eg. private._domainkey IN TXT k=rsa; p=MEwwDQYp=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDffysEduzZf7/r0xxaAmTlKM2GE ZKxkyLBYXIxL/xagheFlUIij2ukSF9ycOSKBqxde+VJuGWq5IfuR+qJg22LtPD5otTBmDAN1Cher lwUYoAXwhbeII8nlk/UwUGdPsyRCMqrYs8Nu2TcF9Sm8yY1pKrkrmtZhr4P1PE7IQ/BrQIDAQAB IMPORTANT NOTE: You must include the quotation marks Then save and quit the file and finally restart bind. If you are running multiple bind servers and both are authoritative then add an entry into both of them. Don't forget to change the serial for the domain!! Regards, Rangi -Original Message- From: Kyle Quillen [mailto:[EMAIL PROTECTED] Sent: Thursday, 21 December 2006 7:47 a.m. To: qmailtoaster-list@qmailtoaster.com Subject: Re: Re[4]: [qmailtoaster] Can anyone On Wed, 2006-12-20 at 10:35 -0800, Vince Callaway wrote: On Wed, 2006-12-20 at 13:17 -0500, Kyle Quillen wrote: So i am correct in stating that I need to setup a record in dns for the domain key. Do I use the private key that is in the /var/qmail/control/domainkeys/hwy39.net or do I have to create a public one. Further more do I just insert this in the zone config or do i need to create a seperate file. This is one thing where the documentation falls down. I had the same issue. Bottom line. You need two TXT records in your DNS. The first will be an entry for _domainkey in your hwy39.net zone. It tells the other mail servers what your domainkey policy is. Mine contains o=-\; [EMAIL PROTECTED] The o means the domain signs all email and the r is the responsible party address. The second DNS entry is a text record containing your public key. If you followed the directions verbatim you should have a directory /var/qmail/control/domainkeys/hw39.net In that directory you will have two files. One is called private the other is hwy39.net-dk.txt. The txt file is the public key to put in the DNS entry. You will create an entry called private._domainkey with the TXT value in the file. The reason it is called private is because that is the name on your private key. If you send out mail under other domain names you will need to create a directory and key under domainkeys for each domain you handle. Took me a couple of minutes to figure that one out. I see where I goofed now I did not take of the \ when i created the new domain key. Before in the domainkeys dir i only had private now i have hwy39.net-dk.txt and private. So now the only area that I am grey on is how do I implement this into my bind authoratative dns servers. As soon as I am done with this I am going to update the wiki with more detailed instructions. Thanks Q - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Re[4]: [qmailtoaster] Can anyone
Correct!! -Original Message- From: Kyle Quillen [mailto:[EMAIL PROTECTED] Sent: Thursday, 21 December 2006 8:00 a.m. To: qmailtoaster-list@qmailtoaster.com Subject: Re: Re[4]: [qmailtoaster] Can anyone On Wed, 2006-12-20 at 10:35 -0800, Vince Callaway wrote: On Wed, 2006-12-20 at 13:17 -0500, Kyle Quillen wrote: So i am correct in stating that I need to setup a record in dns for the domain key. Do I use the private key that is in the /var/qmail/control/domainkeys/hwy39.net or do I have to create a public one. Further more do I just insert this in the zone config or do i need to create a seperate file. This is one thing where the documentation falls down. I had the same issue. Bottom line. You need two TXT records in your DNS. The first will be an entry for _domainkey in your hwy39.net zone. It tells the other mail servers what your domainkey policy is. Mine contains o=-\; [EMAIL PROTECTED] The o means the domain signs all email and the r is the responsible party address. The second DNS entry is a text record containing your public key. If you followed the directions verbatim you should have a directory /var/qmail/control/domainkeys/hw39.net In that directory you will have two files. One is called private the other is hwy39.net-dk.txt. The txt file is the public key to put in the DNS entry. You will create an entry called private._domainkey with the TXT value in the file. The reason it is called private is because that is the name on your private key. If you send out mail under other domain names you will need to create a directory and key under domainkeys for each domain you handle. Took me a couple of minutes to figure that one out. Ok I think I have this figured out now would just like to know for sure before i go entering into my dns zone files my txt records would look like this _domainkey IN TXT o=-\; [EMAIL PROTECTED] private._domainkey IN TXT k=rsa;p=MEwwDQYJKoZI Only the second line would be with the full key and the quotes closed? Thanks Q - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Re[4]: [qmailtoaster] Can anyone
Correction. Both must be enclosed in quotation marks. -Original Message- From: Kyle Quillen [mailto:[EMAIL PROTECTED] Sent: Thursday, 21 December 2006 8:00 a.m. To: qmailtoaster-list@qmailtoaster.com Subject: Re: Re[4]: [qmailtoaster] Can anyone On Wed, 2006-12-20 at 10:35 -0800, Vince Callaway wrote: On Wed, 2006-12-20 at 13:17 -0500, Kyle Quillen wrote: So i am correct in stating that I need to setup a record in dns for the domain key. Do I use the private key that is in the /var/qmail/control/domainkeys/hwy39.net or do I have to create a public one. Further more do I just insert this in the zone config or do i need to create a seperate file. This is one thing where the documentation falls down. I had the same issue. Bottom line. You need two TXT records in your DNS. The first will be an entry for _domainkey in your hwy39.net zone. It tells the other mail servers what your domainkey policy is. Mine contains o=-\; [EMAIL PROTECTED] The o means the domain signs all email and the r is the responsible party address. The second DNS entry is a text record containing your public key. If you followed the directions verbatim you should have a directory /var/qmail/control/domainkeys/hw39.net In that directory you will have two files. One is called private the other is hwy39.net-dk.txt. The txt file is the public key to put in the DNS entry. You will create an entry called private._domainkey with the TXT value in the file. The reason it is called private is because that is the name on your private key. If you send out mail under other domain names you will need to create a directory and key under domainkeys for each domain you handle. Took me a couple of minutes to figure that one out. Ok I think I have this figured out now would just like to know for sure before i go entering into my dns zone files my txt records would look like this _domainkey IN TXT o=-\; [EMAIL PROTECTED] private._domainkey IN TXT k=rsa;p=MEwwDQYJKoZI Only the second line would be with the full key and the quotes closed? Thanks Q - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] Sendmail Migration - domains in wrong folders
Hi Shelly, This is generally how qmail in particular vpopmail is supposed to work so it isn't an error of any kind. May I ask as to why you want the domains under the main domain folder? If it is for just generally locating a particular domain folder you can use the vpopmail vdominfo command to locate the full path to the domains folder. Eg. /home/vpopmail/bin/vdominfo mydomain.com One of the results from the output of this command will be the full path to the domains folder Rangi _ From: Shelly [mailto:[EMAIL PROTECTED] Sent: Friday, 8 December 2006 3:21 a.m. To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Sendmail Migration - domains in wrong folders After a 8 hour (arduous!) cutover from a legacy (1000 user) Sendmail system to the Qmailtoaster, I have noticed a strange problem. I used scripts to create all the domains, however for some reason, half have been created in a folder called 1 and the other half in a folder called 2 ie /home/vpopmail/domains/1/xxx.com and /home/vpopmail/domains/2/yyy.com. Has anyone come across a similar problem to this while scripting the creation of 200+ domains? Also, does anyone have any suggestions about moving the domains out of the 1 and 2 folders, without recreating them manually? Thanks Send instant messages to your online friends http://au.messenger.yahoo.com
RE: [qmailtoaster] SMTP Connection Throttling by IP address
Hey Dairenn, I may be wrong here. But I believe if you use yum to do an update you could quite possibly upgrade the entire system to CentOS 4.4 I'm not sure what that may affect for you but it is a possibility none the less. -Original Message- From: Dairenn Lombard [mailto:[EMAIL PROTECTED] Sent: Friday, 1 December 2006 9:26 a.m. To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] SMTP Connection Throttling by IP address -Original Message- From: Philip Nix Guru [mailto:[EMAIL PROTECTED] Sent: Thursday, November 30, 2006 12:17 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] SMTP Connection Throttling by IP address Here we go iptables -I INPUT -p tcp --dport 25 -i eth0 -m state --state NEW -m recent --set iptables -I INPUT -p tcp --dport 25 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 -j DROP Same ip is allowed to connect to port 25 10x/60seconds then it is blocked It worked on my CentOS 4.4 box, but it didn't on my CentOS 3.6 box: Applying iptables firewall rules: tiptables-restore v1.2.8: Couldn't load match `recent':/lib/iptables/libipt_recent.so: cannot open shared object file: No such file or directory How do I install libipt_recent.so? By upgrading iptables? Is it possible to do that without upgrading the kernel? It's running the 2.4.21-37.EL linux kernel which could be because it is a CentOS 3.6 system and a newer kernel RPM is not available for CentOS 3.x. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] Dspam on the toaster
Hey Lee, With your setup, does it allow pop3 clients to download less spam? Just wondering as this would be an easier approach considering you could filter mail marked as spam into a mail folder and train Dspam that way. If so care to share? -Original Message- From: Lee R. Copp [mailto:[EMAIL PROTECTED] Sent: Tuesday, 31 October 2006 10:53 a.m. To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Dspam on the toaster Eric Shubes wrote: the administration CGI scripts (if you intend to run the CGI scripts). This was wholly an apache suexec issue more than a DSpam one. Hey Lee, what do you know about this problem? (Please see Rangi's earlier post) Did you come across this problem? Solution? I ignored the admin cgi scripts since I only used IMAP folders for training...much easier than another website to click around for my users. -- Lee R. Copp Project Engineer (EE/ME) http://www.michsci.com/ - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.13.18/506 - Release Date: 30/10/2006 - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
