subject:"RE\: \[qmailtoaster\] Re\: Chkuser"

Re: [qmailtoaster] Re: chkuser config and patch tweaks on fresh QTP install

2013-06-04 Thread Tonix (Antonio Nati)


Il 04/06/2013 20:11, Sven Miller ha scritto:


On Tue, Jun 4, 2013 at 1:26 PM, Eric Shubert > wrote:


On 06/04/2013 09:38 AM, Sven Miller wrote:

Previously I stumbled my way through a qmailtoaster install,
and now I
have to do a fresh install on a RHEL 6.4 box.  I see
qmailtoaster-plus
is the new way to do things, but I don't know how to include the
install-time tweaks I made in the past.

For one I will need to tweak the chkuser configuration.  In
the past
this was done by pausing the build and editing the settings
file (per
http://wiki.qmailtoaster.com/index.php/Chkuser).  How will I
tweak the
chkuser config when using QTP?


Same way, for the most part. The build gets done in a chroot
environment though, so you'd need to chroot into it in order to
change the sources. I think it might be simpler to build your own
srpm with the modified sources. Then put your rpm in
/usr/src/qtp-upgrade/SRPMS/ and qtp-newmodel will use it.

You're likely not to need to do this though. Which settings were
you having to tweak? The stock settings work for just about
everyone now, including many special characters for various things
including blackberries (are people still using those?). ;) Here
are the current stock settings regarding special characters:
#define CHKUSER_ALLOW_SENDER_CHAR_1 '$'
#define CHKUSER_ALLOW_SENDER_CHAR_2 '%'
#define CHKUSER_ALLOW_SENDER_CHAR_3 '/'
#define CHKUSER_ALLOW_SENDER_CHAR_4 '?'
#define CHKUSER_ALLOW_SENDER_CHAR_5 '*'
#define CHKUSER_ALLOW_SENDER_CHAR_6 '^'
#define CHKUSER_ALLOW_SENDER_CHAR_7 '~'
#define CHKUSER_ALLOW_SENDER_CHAR_8 '&'
#define CHKUSER_ALLOW_SENDER_CHAR_9 '#'
#define CHKUSER_ALLOW_SENDER_CHAR_10 '='


Unfortunately we've had to deal with addresses that contain 
apostrophes like april.o'n...@example.com 
.  We initially just added it as a 
character but when forward slashes also caused problems (srs uses 
base64 encoding) so we ultimately enabled CHKUSER_STARTING_VARIABLE to 
let us bypass chkuser completely.  This time around I plan to just set 
CHAR_9 to '\'' and cross my fingers.



I suggest to keep chkuser enabled and comment these lines in configuration:

/*#define CHKUSER_RCPT_FORMAT */
/*#define CHKUSER_SENDER_FORMAT */

Regards,

Tonino


--

Inter@zioniInterazioni di Antonio Nati
   http://www.interazioni.it  to...@interazioni.it

Re: [qmailtoaster] Re: chkuser config and patch tweaks on fresh QTP install

2013-06-04 Thread Sven Miller

On Tue, Jun 4, 2013 at 1:26 PM, Eric Shubert  wrote:

> On 06/04/2013 09:38 AM, Sven Miller wrote:
>
>> Previously I stumbled my way through a qmailtoaster install, and now I
>> have to do a fresh install on a RHEL 6.4 box.  I see qmailtoaster-plus
>> is the new way to do things, but I don't know how to include the
>> install-time tweaks I made in the past.
>>
>> For one I will need to tweak the chkuser configuration.  In the past
>> this was done by pausing the build and editing the settings file (per
>> http://wiki.qmailtoaster.com/**index.php/Chkuser).
>>  How will I tweak the
>> chkuser config when using QTP?
>>
>
> Same way, for the most part. The build gets done in a chroot environment
> though, so you'd need to chroot into it in order to change the sources. I
> think it might be simpler to build your own srpm with the modified sources.
> Then put your rpm in /usr/src/qtp-upgrade/SRPMS/ and qtp-newmodel will use
> it.
>
> You're likely not to need to do this though. Which settings were you
> having to tweak? The stock settings work for just about everyone now,
> including many special characters for various things including blackberries
> (are people still using those?). ;) Here are the current stock settings
> regarding special characters:
> #define CHKUSER_ALLOW_SENDER_CHAR_1 '$'
> #define CHKUSER_ALLOW_SENDER_CHAR_2 '%'
> #define CHKUSER_ALLOW_SENDER_CHAR_3 '/'
> #define CHKUSER_ALLOW_SENDER_CHAR_4 '?'
> #define CHKUSER_ALLOW_SENDER_CHAR_5 '*'
> #define CHKUSER_ALLOW_SENDER_CHAR_6 '^'
> #define CHKUSER_ALLOW_SENDER_CHAR_7 '~'
> #define CHKUSER_ALLOW_SENDER_CHAR_8 '&'
> #define CHKUSER_ALLOW_SENDER_CHAR_9 '#'
> #define CHKUSER_ALLOW_SENDER_CHAR_10 '='


Unfortunately we've had to deal with addresses that contain apostrophes
like april.o'n...@example.com.  We initially just added it as a character
but when forward slashes also caused problems (srs uses base64 encoding) so
we ultimately enabled CHKUSER_STARTING_VARIABLE to let us bypass chkuser
completely.  This time around I plan to just set CHAR_9 to '\'' and cross
my fingers.


>
>  And secondly the srs-qt-0.5 patch included in qmailtoaster has a serious
>> bug and we need at least the 0.6 patch.  In the past I did this by
>> manually installing the SRPMs, tweaking the spec, and rebuilding the
>> binary RPMs.  How do I do this using QTP?
>>
>
> That's not the patch which is presently being used. Here's the srs patch
> which QMT uses now:
> Marcelo Coelho - qmail-srs-0.4.patch
> http://opensource.mco2.net/**qmail/srs/


If I download
http://mirror3.qmailtoaster.com/current/SRPMS/qmail-toaster-1.03-1.3.22.src.rpmit
appears to have the 0.5 patch in there.  Regardless, we need the
bugfix
added in version 0.6 of the patch.


>
>  Any help will be greatly appreciated.
>>
>
> The stock packages aren't quite ready for COS6 yet (I am working on it),
> but there's no reason QMT can't be run on COS6. In fact, Dan has written a
> script to aid in the installation process, which is available on this
> list's archives:
> http://article.gmane.org/**gmane.mail.qmail.toaster/**37705/match=
>
>
Thank you, that looks like it will be very helpful.


> For migrating from your old to your new server, qtp-backup and qtp-restore
> are recommended. Depending on the amount of mail you have to migrate, you
> might want to rsync the maildirs again after the initial migration to bring
> things current. Also, be sure to use the latest qtp-restore that's in the
> svn repo on the QTP web site, as it's been modified for COS6 but the
> corresponding qmailtoaster-plus package including COS6 support hasn't been
> cut yet.
>
> That's all that comes to mind right now. Let us know how you make out.
>
> P.S. Just curious to know, which version is your old QMT?
>
>
It looks like right now we have 1.03-1.3.20 and no trace of
qmailtoaster-plus.

Re: [qmailtoaster] Re: chkuser rejecting mail to users with hyphens

2012-03-07 Thread Tonix (Antonio Nati)


Il 06/03/2012 20:37, Eric Shubert ha scritto:

On 03/06/2012 10:44 AM, Tonix (Antonio Nati) wrote:

Il 06/03/2012 18:29, Eric Shubert ha scritto:


Would you suggest we be using the
#define CHKUSER_ENABLE_USERS_EXTENSIONS
by default? It seems to me we should, as the "-anything" extension is
a standard part of qmail (unless I'm mistaken). If we should, can it
be enabled with an environment variable, or is it strictly a #define
setting?



Extensions are used for TMDA (I don't know if it is still used), ezml
maling lists, mailman lists, user extensions.

chkuser has different options:
- user extensions
- mailman lists
- ezmlm lists

you do not need user extension if you are in normal situations (I have
only ezmlm lists enabled).

You need the user extension if you use TMDA or in cases in which you
want to receive extensions.
In this case, chkuser checks for recipient existance, and if fails tries
again shifting towards left (using '-' as token to search).

With ezmlm and mailman lists enabled, it checks if recipient is
associated to a ezmlm/mailman list, and in such a case it accepts
extensions for that recipient.



Thanks for the great explanation Tonino. That clears things up for me. 
I still have a couple questions though.


What's the down side of enabling user extensions? qmail provides this 
capability by default. It seems to me that QMT should as well. No?


This is up to you.
With extensions DJB probably wanted to extend recipients possibilities, 
giving different address (i.e. eric, eric-test, eric-lab, eric-sales) 
and handle ezmlm extensions (ezmlm works heavily with extensions).


In my situation, extensions are not needed, and I prefer to keep a 
'standard' situation (only real account/aliases/lists work).

Other situations may be different.



Regarding mailman extensions, I have a QMT host running mailman with 
chkuser's mailman extensions disabled. This domain also has a catchall 
account. If I were to set catchall to bounce, I would also need to 
enable mailman list extensions for mailman to continue to work. Correct?


Yes, correct.
Catchall does not benefit of chkuser capabilities, while user-extensions 
or mailman features  do.





If I understand correctly, applying this setting would fix Russ's
problem. Or I suppose he could set a catchall account. Correct?



catchall is to be avoided if possible, as it accept always any recipient
and does not give any advantage to traffic/workload.
It should be used when you setup a new domain (coming from another ISP)
on which you don't know which accounts exist. So, for some time, you
accept all recipients and create accounts as you understand which
accounts are needed. At end of all you kill the catchall feauture and
enable 'bouncing'.


While I understand your scenario for when it should be used, I 
disagree that it should be avoided if possible. That may be the case 
for a service provider which has hundreds if not thousands of 
accounts, but not in all cases.


I agree, it depends on situations. In my case, when a user need an 
extension, he adds an alias.
I suggest only expert people should use catchall, as no error message is 
sent back, so senders are not notified about not existing recipients.





In situations where a domain is more private, a catchall account 
allows a large degree of flexibility regarding how email addresses are 
used. For instance, when I shop at SomeStore and they want my email 
address, I give them somest...@mydomain.com, and the mail is 
delivered. I then typically set up a forward for that address to a 
real account once I receive an email to that address in my catchall 
account. If I happen to start receiving spam to that address, I can 
discontinue use of that address by adding to the badmailto file, or if 
I'm in a bad mood, forward the spam back to the store who I gave the 
address to. :) BL, the catchall account saves me from having to 
remember to create a forward for every email address I happen to hand 
out. As is the case so many time, one size does not fit all. ;)




It is true, but in this situation you are not really using chkuser, as 
any recipient is accepted for your domain.
You (system manager) may change badmailfrom, but normal users or 
qmailadmin administrators cannot.
As conseguence, all spam messages become real traffic instead of being 
stopped at SMTP level.


I didn't mean to suggest using a catchall account was a good solution 
to this problem, only a quick and dirty workaround.



I suggest to create aliases if cases are a few, otherwise enable user
extensions.


I'm not seeing much of a down side to enabling all 3 of these settings 
by default. What is the down side in your view? I'm inclined to change 
the QMT default configuration to allow all 3 by default, which brings 
QMT in line with qmail's default behavior. However I certainly 
wouldn't do this without consulting you, as well as anyone else who'd 
like to chime in on this.




It is pretty normal to enable all three. This will

Re: [qmailtoaster] Re: chkuser rejecting mail to users with hyphens

2012-03-06 Thread Tonix (Antonio Nati)


Il 06/03/2012 18:29, Eric Shubert ha scritto:

On 03/06/2012 08:57 AM, Tonix (Antonio Nati) wrote:

Il 06/03/2012 16:47, Tonix (Antonio Nati) ha scritto:

Il 06/03/2012 16:28, Eric Shubert ha scritto:

On 03/06/2012 07:40 AM, Tonix (Antonio Nati) wrote:

I've made some telnets to your email server, and it looks like
accepting
all for @yourdomain.
Is bouncing enabled?


No, I have a catchall account defined. That account is different than
the eric-test account I was using.

Perhaps you're on to something though.


catchall account disables chkuser checking, as it receives emails for
not existing recipients.


of course not all checking is disabled, only recipients.

Tonino



That explains things.



:-). We are not crazy, finally.


Would you suggest we be using the
#define CHKUSER_ENABLE_USERS_EXTENSIONS
by default? It seems to me we should, as the "-anything" extension is 
a standard part of qmail (unless I'm mistaken). If we should, can it 
be enabled with an environment variable, or is it strictly a #define 
setting?




Extensions  are used for TMDA (I don't know if it is still used), ezml 
maling lists, mailman lists, user extensions.


chkuser has different options:
- user extensions
- mailman lists
- ezmlm lists

you do not need user extension if you are in normal situations (I have 
only ezmlm lists enabled).


You need the user extension if you use TMDA or in cases in which you 
want to receive extensions.
In this case, chkuser checks for recipient existance, and if fails tries 
again shifting towards left (using '-' as token to search).


With ezmlm and mailman lists enabled, it checks if recipient is 
associated to a ezmlm/mailman list, and in such a case it accepts 
extensions for that recipient.



If I understand correctly, applying this setting would fix Russ's 
problem. Or I suppose he could set a catchall account. Correct?




catchall is to be avoided if possible, as it accept always any recipient 
and does not give any advantage to traffic/workload.
It should be used when you setup a new domain (coming from another ISP) 
on which you don't know which accounts exist. So, for some time, you 
accept all recipients and create accounts as you understand which 
accounts are needed. At end of all you kill the catchall feauture and 
enable 'bouncing'.


I suggest to create aliases if cases are a few, otherwise enable user 
extensions.


Hope this helps!


Thanks.




--

Inter@zioniInterazioni di Antonio Nati
   http://www.interazioni.it  to...@interazioni.it



-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: chkuser rejecting mail to users with hyphens

2012-03-06 Thread Tonix (Antonio Nati)


Il 06/03/2012 16:47, Tonix (Antonio Nati) ha scritto:

Il 06/03/2012 16:28, Eric Shubert ha scritto:

On 03/06/2012 07:40 AM, Tonix (Antonio Nati) wrote:
I've made some telnets to your email server, and it looks like 
accepting

all for @yourdomain.
Is bouncing enabled?


No, I have a catchall account defined. That account is different than 
the eric-test account I was using.


Perhaps you're on to something though.

catchall account disables chkuser checking, as it receives emails for 
not existing recipients.


of course not all checking is disabled, only recipients.

Tonino



Regards,

Tonino


--

 Inter@zioniInterazioni di Antonio Nati
http://www.interazioni.it   to...@interazioni.it




--

Inter@zioniInterazioni di Antonio Nati
   http://www.interazioni.it  to...@interazioni.it

Re: [qmailtoaster] Re: chkuser rejecting mail to users with hyphens

2012-03-06 Thread Tonix (Antonio Nati)


Il 06/03/2012 16:28, Eric Shubert ha scritto:

On 03/06/2012 07:40 AM, Tonix (Antonio Nati) wrote:

I've made some telnets to your email server, and it looks like accepting
all for @yourdomain.
Is bouncing enabled?


No, I have a catchall account defined. That account is different than 
the eric-test account I was using.


Perhaps you're on to something though.

catchall account disables chkuser checking, as it receives emails for 
not existing recipients.


Regards,

Tonino


--

Inter@zioniInterazioni di Antonio Nati
   http://www.interazioni.it  to...@interazioni.it

Re: [qmailtoaster] Re: chkuser rejecting mail to users with hyphens

2012-03-06 Thread Tonix (Antonio Nati)


Il 05/03/2012 21:04, Eric Shubert ha scritto:

On 03/05/2012 12:37 PM, Tonix (Antonio Nati) wrote:

Il 05/03/2012 20:10, Eric Shubert ha scritto:

On 03/05/2012 11:47 AM, Tonix (Antonio Nati) wrote:

Il 05/03/2012 19:28, Eric Shubert ha scritto:

I'm not so sure of this, Tonino. I have the latest qmail-toaster
package installed, which does not have 
CHKUSER_ENABLE_USERS_EXTENSIONS
enabled (it's still commented out). I just ran a test, and when I 
sent

from eric@ to eric-test@ it works fine.

What am I missing?


are eric and eric-test two different accounts? If yes, it is ok.


No.


Extensions are native qmail extensions to single accounts. So eric
account will receive also messages for eric-trial, eric-lab, and so 
on.


Right.


I was just wondering if, given the names used, that was the case.


Correct. This is what's happening on my system, as it should.



But now I'm in confusion.


At least we're together in that aspect. ;)


Did you send to eric-test using the submission port without chkuser, or
using the public MX with chkuser?


Submission port, but with chkuser enabled. It was an authenticated 
session.


I just did a 2nd test from an external source (yahoo), and eric-test@ 
(no account by that name) is delivered to the eric@ account. As it 
should be.




I've made some telnets to your email server, and it looks like accepting 
all for @yourdomain.

Is bouncing enabled?

Tonino



--

Inter@zioniInterazioni di Antonio Nati
   http://www.interazioni.it  to...@interazioni.it



-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: chkuser rejecting mail to users with hyphens

2012-03-05 Thread Tonix (Antonio Nati)


Il 05/03/2012 20:10, Eric Shubert ha scritto:

On 03/05/2012 11:47 AM, Tonix (Antonio Nati) wrote:

Il 05/03/2012 19:28, Eric Shubert ha scritto:

I'm not so sure of this, Tonino. I have the latest qmail-toaster
package installed, which does not have CHKUSER_ENABLE_USERS_EXTENSIONS
enabled (it's still commented out). I just ran a test, and when I sent
from eric@ to eric-test@ it works fine.

What am I missing?


are eric and eric-test two different accounts? If yes, it is ok.


No.


Extensions are native qmail extensions to single accounts. So eric
account will receive also messages for eric-trial, eric-lab, and so on.


Right.


I was just wondering if, given the names used, that was the case.


Correct. This is what's happening on my system, as it should.



But now I'm in confusion.
Did you send to eric-test using the submission port without chkuser, or 
using the public MX with chkuser?


If chkuser is enabled, and CHKUSER_ENABLE_USERS_EXTENSIONS is commented, 
eric-test should be bounced by chkuser.


Regards,

Tonino

I believe that Russ's problem is that this should be happening but is 
not.





--

Inter@zioniInterazioni di Antonio Nati
   http://www.interazioni.it  to...@interazioni.it



-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: chkuser rejecting mail to users with hyphens

2012-03-05 Thread Tonix (Antonio Nati)


Il 05/03/2012 19:28, Eric Shubert ha scritto:
I'm not so sure of this, Tonino. I have the latest qmail-toaster 
package installed, which does not have CHKUSER_ENABLE_USERS_EXTENSIONS 
enabled (it's still commented out). I just ran a test, and when I sent 
from eric@ to eric-test@ it works fine.


What am I missing?


are eric and eric-test two different accounts? If yes, it is ok.

Extensions are native qmail extensions to single accounts. So eric 
account will receive also messages for eric-trial, eric-lab, and so on.


I was just wondering if, given the names used, that was the case.

Regards,

Tonino


--

Inter@zioniInterazioni di Antonio Nati
   http://www.interazioni.it  to...@interazioni.it

Re: [qmailtoaster] Re: CHKUSER > invalid rcpt MX domain

2011-09-12 Thread Carlos Herrera Polo

THANKS,
pdns-recursor is very easy !




2011/9/12 Eric Shubert 

> I haven't done a dual authoritative implementation with pdns, and don't
> know off hand if this can be done with a single server or not. The PDNS list
> would be helpful with recommendations of how best to implement this.
>
> For a caching nameserver, pdns is trivial. Simply install the pdns-recursor
> package, and check your /etc/resolv.conf file. That's all there is to it
> (IIRC).
>
> For a single authoritative server, it's easy enough. I use the MySQL
> backend. This allows for MySQL replication to a secondary server, which is
> sweet (and recommended for an external authoritative server).
>
> Sounds to me like you simply need an additional DNS server to handle
> authoritative requests internally. That's not too difficult. Poweradmin is a
> nice web app that allows for maintaining dns records via your web browser.
> Sweet. To me, this makes the little extra effort setting things up well
> worth it.
>
> --
> -Eric 'shubes'
>
>
> On 09/12/2011 09:28 AM, Carlos Herrera Polo wrote:
>
>> Thanks Eric, PowerDNS is easy ?
>>
>> 2011/9/12 Eric Shubert mailto:e...@shubes.net>>
>>
>>
>>djbdns configuration is simpler than named(bind).
>>
>>Personally, I use (and recommend) PowerDNS.
>>
>>--
>>-Eric 'shubes'
>>
>>
>>On 09/12/2011 09:18 AM, Carlos Herrera Polo wrote:
>>
>>Thanks 
>>can you tell me, which of these programs will be more easy to
>>use for
>>this situation ?.. djbns or named ?
>>
>>
>>2011/9/11 Pak Ogah >
>>> >>>
>>
>>
>>
>>there are many software work together and closely on
>>qmailtoaster to
>>ensure mail delivered.
>>not just chkuser and qmail use DNS to resolve but
>>SpamAssassin and
>>spamdyke (if you installed) also use DNS to resolve and check
>> to
>>make sure IP is not blacklisted.
>>so that's why I am suggesting make a DNS zone on internal
>>dns server
>>is the easiest solution.
>>
>>
>>On 09/09/11 19:37, Carlos Herrera Polo wrote:
>>
>>Thanks Pak...
>>I can't understand where disable in tcp.smtp file the
>>"chkuser"
>>module. In the links not explain this.
>>
>>Install internal DNS is the solution ? I belive that
>>chkuser maybe
>>read smtproutes file... But qmailtoaster not work
>>
>>
>>2011/9/8, Pak Ogah>
>>>>>:
>>
>>
>>Hi Carlos,
>>information about tcp.smtp can be read @
>>http://wiki.qmailtoaster.com/index.php/Tcp.smtp
>>and I assume because the server is internal perhaps
>>you can
>>use this
>>tcp.smtp
>>
>>192.168.3.233 :
>>
>>allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1"
>>
>>
>>or you can read the archive here which may related:
>>- SPF + local whitelist?
>>
>> http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg03841.html
>>- 511 sorry, can't find a valid MX for sender domain
>>(#5.1.1
>>- chkuser)
>>554 5.0.0 Service unavailable
>>
>> http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg28420.html
>>
>>but in my case for all internal servers that will be
>>sending
>>email, I
>>will adding an A record for the domain zone on
>>internal DNS
>>server.
>>yes I have 2 DNS server, 1 with public IP
>>(authorative dns
>>for my domain
>>using public ip) and 1 with internal IP (authorative
>>using
>>internal ip
>>and caching dns)
>>the mailserver is using internal IP and NAT by firewall
>>but you can setup 1 dns server that have 2 view
>>(google it)
>>
>>so in your case, I'll create a new domain zone on
>>internal
>>DNS server /
>>internal view
>>
>> http://wiki.qmailtoaster.com/index.php/QMT-ISO_Manual_Guide#Configure_Bind
>>
>>On 09/08/11 9:23, Carlos Herrera Polo wrote:
>>
>>In tcp.smtp file... Can I disable checkuser for
>>one ip ?
>>
>>
>>2011/9/7, Carlos Herrera
>>Polo>
>>

Re: [qmailtoaster] Re: CHKUSER > invalid rcpt MX domain

2011-09-12 Thread Carlos Herrera Polo

Thanks Eric, PowerDNS is easy ?

2011/9/12 Eric Shubert 

> djbdns configuration is simpler than named(bind).
>
> Personally, I use (and recommend) PowerDNS.
>
> --
> -Eric 'shubes'
>
>
> On 09/12/2011 09:18 AM, Carlos Herrera Polo wrote:
>
>> Thanks 
>> can you tell me, which of these programs will be more easy to use for
>> this situation ?.. djbns or named ?
>>
>>
>> 2011/9/11 Pak Ogah > >
>>
>>
>>there are many software work together and closely on qmailtoaster to
>>ensure mail delivered.
>>not just chkuser and qmail use DNS to resolve but SpamAssassin and
>>spamdyke (if you installed) also use DNS to resolve and check to
>>make sure IP is not blacklisted.
>>so that's why I am suggesting make a DNS zone on internal dns server
>>is the easiest solution.
>>
>>
>>On 09/09/11 19:37, Carlos Herrera Polo wrote:
>>
>>Thanks Pak...
>>I can't understand where disable in tcp.smtp file the "chkuser"
>>module. In the links not explain this.
>>
>>Install internal DNS is the solution ? I belive that chkuser maybe
>>read smtproutes file... But qmailtoaster not work
>>
>>
>>2011/9/8, Pak Ogah>>:
>>
>>
>>Hi Carlos,
>>information about tcp.smtp can be read @
>>http://wiki.qmailtoaster.com/index.php/Tcp.smtp
>>and I assume because the server is internal perhaps you can
>>use this
>>tcp.smtp
>>
>>192.168.3.233 :
>>
>>allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1"
>>
>>
>>or you can read the archive here which may related:
>>- SPF + local whitelist?
>>
>> http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg03841.html
>>- 511 sorry, can't find a valid MX for sender domain (#5.1.1
>>- chkuser)
>>554 5.0.0 Service unavailable
>>
>> http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg28420.html
>>
>>but in my case for all internal servers that will be sending
>>email, I
>>will adding an A record for the domain zone on internal DNS
>>server.
>>yes I have 2 DNS server, 1 with public IP (authorative dns
>>for my domain
>>using public ip) and 1 with internal IP (authorative using
>>internal ip
>>and caching dns)
>>the mailserver is using internal IP and NAT by firewall
>>but you can setup 1 dns server that have 2 view (google it)
>>
>>so in your case, I'll create a new domain zone on internal
>>DNS server /
>>internal view
>>
>> http://wiki.qmailtoaster.com/index.php/QMT-ISO_Manual_Guide#Configure_Bind
>>
>>On 09/08/11 9:23, Carlos Herrera Polo wrote:
>>
>>In tcp.smtp file... Can I disable checkuser for one ip ?
>>
>>
>>2011/9/7, Carlos Herrera
>>Polo>>:
>>
>>
>>I can do that ? in tcp.smtp file ?
>>
>>2011/9/7 Tonix (Antonio Nati)>>
>>
>>
>>   Il 07/09/2011 23:19, Tonix (Antonio Nati) ha
>>scritto:
>>
>>Il 07/09/2011 23:07, Carlos Herrera Polo ha
>> scritto:
>>
>>I have a problem with "chkuser" when send email,
>>please help
>>
>>   tcp.smtp file :
>>
>>192.168.3.233 :
>>
>>
>>  allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1",SENDER_NOCHECK="1"
>>
>>
>>   The log :
>>
>>   09-07 15:50:58 CHKUSER rejected rcpt:
>>from>e...@rem.com :>
>>
>>remote   rcpt<
>>c...@micorreo.com >   :
>>invalid rcpt MX domain
>>
>>micorreo.com  is not a real
>>
>>domain...but in my smtproutes file I have:
>>
>>   micorreo.com:10.10.10.100:25
>>
>>   Can qmailtoaster "disable" CHKUSER rcpt when
>>the domain is in
>>smtproute
>>??
>>
>>
>>
>>I suppose this domain to be internal, and used
>>only from internal users.
>>So you should disable chkuser for internal users.
>>
>>
>>So you should disable chkuser's checking for
>>rcpt mx when accepting from
>>internal users.
>>In such case

Re: [qmailtoaster] Re: CHKUSER > invalid rcpt MX domain

2011-09-12 Thread Carlos Herrera Polo

Thanks 
can you tell me, which of these programs will be more easy to use for this
situation ?.. djbns or named ?


2011/9/11 Pak Ogah 

> there are many software work together and closely on qmailtoaster to ensure
> mail delivered.
> not just chkuser and qmail use DNS to resolve but SpamAssassin and spamdyke
> (if you installed) also use DNS to resolve and check to make sure IP is not
> blacklisted.
> so that's why I am suggesting make a DNS zone on internal dns server is the
> easiest solution.
>
>
> On 09/09/11 19:37, Carlos Herrera Polo wrote:
>
>> Thanks Pak...
>> I can't understand where disable in tcp.smtp file the "chkuser"
>> module. In the links not explain this.
>>
>> Install internal DNS is the solution ? I belive that chkuser maybe
>> read smtproutes file... But qmailtoaster not work
>>
>>
>> 2011/9/8, Pak Ogah:
>>
>>> Hi Carlos,
>>> information about tcp.smtp can be read @
>>> http://wiki.qmailtoaster.com/index.php/Tcp.smtp
>>> and I assume because the server is internal perhaps you can use this
>>> tcp.smtp
>>>
>>> 192.168.3.233: allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1"
>>>
>>>
>>> or you can read the archive here which may related:
>>> - SPF + local whitelist?
>>>
>>> http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg03841.html
>>> - 511 sorry, can't find a valid MX for sender domain (#5.1.1 - chkuser)
>>> 554 5.0.0 Service unavailable
>>>
>>> http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg28420.html
>>>
>>> but in my case for all internal servers that will be sending email, I
>>> will adding an A record for the domain zone on internal DNS server.
>>> yes I have 2 DNS server, 1 with public IP (authorative dns for my domain
>>> using public ip) and 1 with internal IP (authorative using internal ip
>>> and caching dns)
>>> the mailserver is using internal IP and NAT by firewall
>>> but you can setup 1 dns server that have 2 view (google it)
>>>
>>> so in your case, I'll create a new domain zone on internal DNS server /
>>> internal view
>>>
>>> http://wiki.qmailtoaster.com/index.php/QMT-ISO_Manual_Guide#Configure_Bind
>>>
>>> On 09/08/11 9:23, Carlos Herrera Polo wrote:
>>>
 In tcp.smtp file... Can I disable checkuser for one ip ?


 2011/9/7, Carlos Herrera Polo:

> I can do that ? in tcp.smtp file ?
>
> 2011/9/7 Tonix (Antonio Nati)
>
>Il 07/09/2011 23:19, Tonix (Antonio Nati) ha scritto:
>>
>> Il 07/09/2011 23:07, Carlos Herrera Polo ha scritto:
>>
>> I have a problem with "chkuser" when send email, please help
>>
>>   tcp.smtp file :
>>
>>   192.168.3.233:
>> allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1",SENDER_NOCHECK="1"
>>
>>
>>   The log :
>>
>>   09-07 15:50:58 CHKUSER rejected rcpt: from> e...@rem.com:>   remote   rcpt<
>> c...@micorreo.com>   : invalid rcpt MX domain
>>
>>   micorreo.com is not a real domain...but in my smtproutes file I
>> have:
>>
>>   micorreo.com:10.10.10.100:25
>>
>>   Can qmailtoaster  "disable" CHKUSER rcpt when the domain is in
>> smtproute
>> ??
>>
>>
>>
>> I suppose this domain to be internal, and used only from internal
>> users.
>> So you should disable chkuser for internal users.
>>
>>
>> So you should disable chkuser's checking for rcpt mx when accepting
>> from
>> internal users.
>> In such case (internal smtp server) I suggest to disable chkuser at
>> all.
>>
>> Regards,
>>
>> Tonino
>>
>>
>>
>> Regards,
>>
>> Tonino
>>
>>
>>
>> --
>> 
>>  Inter@zioniInterazioni di Antonio Nati
>> http://www.interazioni.it  to...@interazioni.it
>> 
>>
>>
>>
>> --
>> 
>>  Inter@zioniInterazioni di Antonio Nati
>> http://www.interazioni.it  to...@interazioni.it
>> 
>>
>>
>>
>>>
>>> -
>>> Qmailtoaster is sponsored by Vickers Consulting Group
>>> (www.vickersconsulting.com)
>>> Vickers Consulting Group offers Qmailtoaster support and
>>> installations.
>>>   If you need professional help with your setup, contact them today!
>>>
>>> -
>>>  Please visit qmailtoaster.com for the latest news, updates, and
>>> packages.
>>>
>>>   To unsubscribe, e-mail:
>>> qmailtoaster-list-unsubscr...@qmailtoaster.com
>>>  For additional commands, e-mail:
>>> qmailtoaster-list-h...@qmailtoaster.com
>>>
>>>
>>>
>>>
>
>
> --

Re: [qmailtoaster] Re: CHKUSER > invalid rcpt MX domain

2011-09-11 Thread Pak Ogah

there are many software work together and closely on qmailtoaster to 
ensure mail delivered.
not just chkuser and qmail use DNS to resolve but SpamAssassin and 
spamdyke (if you installed) also use DNS to resolve and check to make 
sure IP is not blacklisted.
so that's why I am suggesting make a DNS zone on internal dns server is 
the easiest solution.


On 09/09/11 19:37, Carlos Herrera Polo wrote:

Thanks Pak...
I can't understand where disable in tcp.smtp file the "chkuser"
module. In the links not explain this.

Install internal DNS is the solution ? I belive that chkuser maybe
read smtproutes file... But qmailtoaster not work


2011/9/8, Pak Ogah:

Hi Carlos,
information about tcp.smtp can be read @
http://wiki.qmailtoaster.com/index.php/Tcp.smtp
and I assume because the server is internal perhaps you can use this
tcp.smtp

192.168.3.233: allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1"


or you can read the archive here which may related:
- SPF + local whitelist?
http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg03841.html
- 511 sorry, can't find a valid MX for sender domain (#5.1.1 - chkuser)
554 5.0.0 Service unavailable
http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg28420.html

but in my case for all internal servers that will be sending email, I
will adding an A record for the domain zone on internal DNS server.
yes I have 2 DNS server, 1 with public IP (authorative dns for my domain
using public ip) and 1 with internal IP (authorative using internal ip
and caching dns)
the mailserver is using internal IP and NAT by firewall
but you can setup 1 dns server that have 2 view (google it)

so in your case, I'll create a new domain zone on internal DNS server /
internal view
http://wiki.qmailtoaster.com/index.php/QMT-ISO_Manual_Guide#Configure_Bind

On 09/08/11 9:23, Carlos Herrera Polo wrote:

In tcp.smtp file... Can I disable checkuser for one ip ?


2011/9/7, Carlos Herrera Polo:

I can do that ? in tcp.smtp file ?

2011/9/7 Tonix (Antonio Nati)


   Il 07/09/2011 23:19, Tonix (Antonio Nati) ha scritto:

Il 07/09/2011 23:07, Carlos Herrera Polo ha scritto:

I have a problem with "chkuser" when send email, please help

   tcp.smtp file :

   192.168.3.233:
allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1",SENDER_NOCHECK="1"


   The log :

   09-07 15:50:58 CHKUSER rejected rcpt: from   remote   rcpt<
c...@micorreo.com>   : invalid rcpt MX domain

   micorreo.com is not a real domain...but in my smtproutes file I have:

   micorreo.com:10.10.10.100:25

   Can qmailtoaster  "disable" CHKUSER rcpt when the domain is in
smtproute
??



I suppose this domain to be internal, and used only from internal users.
So you should disable chkuser for internal users.


So you should disable chkuser's checking for rcpt mx when accepting from
internal users.
In such case (internal smtp server) I suggest to disable chkuser at all.

Regards,

Tonino



Regards,

Tonino



--

  Inter@zioniInterazioni di Antonio Nati
 http://www.interazioni.it  to...@interazioni.it




--

  Inter@zioniInterazioni di Antonio Nati
 http://www.interazioni.it  to...@interazioni.it





-
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
 Vickers Consulting Group offers Qmailtoaster support and installations.
   If you need professional help with your setup, contact them today!
-
  Please visit qmailtoaster.com for the latest news, updates, and
packages.

   To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com






-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: CHKUSER > invalid rcpt MX domain

2011-09-07 Thread Pak Ogah


Hi Carlos,
information about tcp.smtp can be read @ 
http://wiki.qmailtoaster.com/index.php/Tcp.smtp
and I assume because the server is internal perhaps you can use this 
tcp.smtp


192.168.3.233: allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1"


or you can read the archive here which may related:
- SPF + local whitelist?
http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg03841.html
- 511 sorry, can't find a valid MX for sender domain (#5.1.1 - chkuser) 
554 5.0.0 Service unavailable

http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg28420.html

but in my case for all internal servers that will be sending email, I 
will adding an A record for the domain zone on internal DNS server.
yes I have 2 DNS server, 1 with public IP (authorative dns for my domain 
using public ip) and 1 with internal IP (authorative using internal ip 
and caching dns)

the mailserver is using internal IP and NAT by firewall
but you can setup 1 dns server that have 2 view (google it)

so in your case, I'll create a new domain zone on internal DNS server / 
internal view

http://wiki.qmailtoaster.com/index.php/QMT-ISO_Manual_Guide#Configure_Bind

On 09/08/11 9:23, Carlos Herrera Polo wrote:

In tcp.smtp file... Can I disable checkuser for one ip ?


2011/9/7, Carlos Herrera Polo:

I can do that ? in tcp.smtp file ?

2011/9/7 Tonix (Antonio Nati)


  Il 07/09/2011 23:19, Tonix (Antonio Nati) ha scritto:

Il 07/09/2011 23:07, Carlos Herrera Polo ha scritto:

I have a problem with "chkuser" when send email, please help

  tcp.smtp file :

  192.168.3.233:
allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1",SENDER_NOCHECK="1"


  The log :

  09-07 15:50:58 CHKUSER rejected rcpt: from  remote  rcpt<
c...@micorreo.com>  : invalid rcpt MX domain

  micorreo.com is not a real domain...but in my smtproutes file I have:

  micorreo.com:10.10.10.100:25

  Can qmailtoaster  "disable" CHKUSER rcpt when the domain is in smtproute
??



I suppose this domain to be internal, and used only from internal users.
So you should disable chkuser for internal users.


So you should disable chkuser's checking for rcpt mx when accepting from
internal users.
In such case (internal smtp server) I suggest to disable chkuser at all.

Regards,

Tonino



Regards,

Tonino



--

 Inter@zioniInterazioni di Antonio Nati
http://www.interazioni.it  to...@interazioni.it




--

 Inter@zioniInterazioni di Antonio Nati
http://www.interazioni.it  to...@interazioni.it






-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: CHKUSER accepting for non existant accounts

2010-10-07 Thread Tony White

On 05/10/2010 11:45 PM, Eric Shubert wrote:

Tony White wrote:

On 05/10/2010 6:06 PM, Tonix (Antonio Nati) wrote:

Il 05/10/2010 02:26, Tony White ha scritto:

my .qmail-default default is

| /home/vpopmail/bin/vdelivermail '' delete

You set domains for deleting e-mails, not rejecting them when rcpt does not
exist.

For having not-existing recipients rejected, you must have:

/home/vpopmail/bin/vdelivermail '' bounce

Use qmailadmin to change this behaviour.

Regards,

Tonino

I am not sure I understand your comment!

Appears to be true.

Surely CHKUSER is in the smtpd process not in vdelivermail! If this is true then the fact that I delete rather than
bounce should

not have any effect on CHKUSER!

In order for vdelivermail to delete the message, chkuser must accept it. The idea behind the delete option is that the
message is received, then deleted. Thus the sender is not aware of the rejection.

My old system had CHKUSER in smtpd and
it simply rejected emails for non existent users during the smtpd process.

I'm guessing that your old system had the 'bounce' setting as Tonino points out, not the 'delete' setting as you
presently have.

A quick follow up after a little more research.
It would appear the string searched for by
CHKUSER is not BOUNCE but BOUNCE-NO-MAILBOX.
After changing the .qmail-default to this CHKUSER now rejects
mail as it should.
Thanks for the suggested direction to look in.

--
best wishes
Tony White

-
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: CHKUSER accepting for non existant accounts

2010-10-05 Thread Tony White

On 05/10/2010 11:45 PM, Eric Shubert wrote:

Tony White wrote:

On 05/10/2010 6:06 PM, Tonix (Antonio Nati) wrote:

Il 05/10/2010 02:26, Tony White ha scritto:

my .qmail-default default is

| /home/vpopmail/bin/vdelivermail '' delete

You set domains for deleting e-mails, not rejecting them when rcpt does not
exist.

For having not-existing recipients rejected, you must have:

/home/vpopmail/bin/vdelivermail '' bounce

Use qmailadmin to change this behaviour.

Regards,

Tonino

I am not sure I understand your comment!

Appears to be true.

Surely CHKUSER is in the smtpd process not in vdelivermail! If this is true then the fact that I delete rather than
bounce should

not have any effect on CHKUSER!

My old system had CHKUSER in smtpd and
it simply rejected emails for non existent users during the smtpd process.

I'm guessing that your old system had the 'bounce' setting as Tonino points out, not the 'delete' setting as you
presently have.

No that is exactly the same as this new system.
However I have set the qmail-default as suggested and I
will watch the logs to see if anything changes.
Thanks for the help so fat to both of you.

--
best wishes
Tony White

Yea Computing Services
http://www.ycs.com.au
4 The Crescent
Yea
Victoria
Australia 3717

Telephone No's
VIC : 03 5797 3344
VIC : 03 9008 5614
TAS : 03 6107 9099
NT : 08 8921 4049
SA : 08 7123 0847
NSW : 02 8014 5547
QLD : 07 3123 6647
WA : 08 6365 2199
FAX : 03 9008 5610 (FAX2Email)
FAX : 03 5797-3288

IMPORTANT NOTICE

This communication including any file attachments is intended solely for
the use of the individual or entity to whom it is addressed. If you are
not the intended recipient, or the person responsible for delivering
this communication to the intended recipient, please immediately notify
the sender by email and delete the original transmission and its
contents. Any unauthorised use, dissemination, forwarding, printing or
copying of this communication including file attachments is prohibited.
It is your responsibility to scan this communication including any file
attachments for viruses and other defects. To the extent permitted by
law, Yea Computing Services and its associates will not be liable for
any loss or damage arising in any way from this communication including
any file attachments.

To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: CHKUSER accepting for non existant accounts

2010-10-05 Thread Tony White




On 05/10/2010 6:06 PM, Tonix (Antonio Nati) wrote:

 Il 05/10/2010 02:26, Tony White ha scritto:



On 05/10/2010 10:59 AM, Eric Shubert wrote:

Tony White wrote:



  Hello all,
   Can someone suggest what might be going on here please?

2010-10-05 01:37:28.913508500 CHKUSER accepted sender: from  
remote

rcpt<>  : sender accepted
2010-10-05 01:37:29.427863500 tcpserver: ok 27040 x.x.x.x:25 
:190.71.212.250::62480
2010-10-05 01:37:29.458675500 CHKUSER accepted rcpt: from  
remote
rcpt  : found existing recipient
2010-10-05 01:37:29.458697500 policy_check: localarmstr...@domain.net  ->  localarmstr...@domain.net  (UNAUTHENTICATED 
SENDER)

2010-10-05 01:37:29.458719500 policy_check: policy allows transmission
2010-10-05 01:37:29.459963500 tcpserver: end 27029 status 0
2010-10-05 01:37:29.459964500 tcpserver: status: 3/100
2010-10-05 01:37:29.509451500 rblsmtpd: 190.71.212.250 pid 27040: 
451http://www.spamhaus.org/query/bl?ip=190.71.212.250

   What I am unsure of is that if the userarmstr...@domain.net  does not exist 
anywhere on my server
how can CHKUSER accept it?  This is pretty much a vanilla install of QMT?

-- best wishes Tony White


- 



Any address will be accepted if there's a CatchAll account defined. You can check that setting either on the qmailadmin 
Email Accounts page, or by looking at the contents of the /home/vpopmail/domains//.qmail-default file.




Thank you for the reply Erik but I do not have any catchall accounts set in the 
domain in question!
In fact I do not have a catchall for any domain.

my .qmail-default default is

| /home/vpopmail/bin/vdelivermail '' delete



You set domains for deleting e-mails, not rejecting them when rcpt does not 
exist.

For having not-existing recipients rejected, you must have:

/home/vpopmail/bin/vdelivermail '' bounce

Use qmailadmin to change this behaviour.

Regards,

Tonino


I am not sure I understand your comment! Surely CHKUSER is in the smtpd process
not in vdelivermail! If this is true then the fact that I delete rather than 
bounce should
not have any effect on CHKUSER! My old system had CHKUSER in smtpd and
it simply rejected emails for non existent users during the smtpd process.

--
best wishes
  Tony White


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: CHKUSER accepting for non existant accounts

2010-10-05 Thread Tonix (Antonio Nati)


 Il 05/10/2010 02:26, Tony White ha scritto:



On 05/10/2010 10:59 AM, Eric Shubert wrote:

Tony White wrote:



  Hello all,
   Can someone suggest what might be going on here please?

2010-10-05 01:37:28.913508500 CHKUSER accepted sender: 
from  remote

rcpt<>  : sender accepted
2010-10-05 01:37:29.427863500 tcpserver: ok 27040 x.x.x.x:25 
:190.71.212.250::62480
2010-10-05 01:37:29.458675500 CHKUSER accepted rcpt: 
from  remote

rcpt  : found existing recipient
2010-10-05 01:37:29.458697500 policy_check: 
localarmstr...@domain.net  ->  localarmstr...@domain.net  
(UNAUTHENTICATED SENDER)

2010-10-05 01:37:29.458719500 policy_check: policy allows transmission
2010-10-05 01:37:29.459963500 tcpserver: end 27029 status 0
2010-10-05 01:37:29.459964500 tcpserver: status: 3/100
2010-10-05 01:37:29.509451500 rblsmtpd: 190.71.212.250 pid 27040: 
451http://www.spamhaus.org/query/bl?ip=190.71.212.250


   What I am unsure of is that if the userarmstr...@domain.net  does 
not exist anywhere on my server
how can CHKUSER accept it?  This is pretty much a vanilla install of 
QMT?


-- best wishes Tony White


- 



Any address will be accepted if there's a CatchAll account defined. 
You can check that setting either on the qmailadmin Email Accounts 
page, or by looking at the contents of the 
/home/vpopmail/domains//.qmail-default file.




Thank you for the reply Erik but I do not have any catchall accounts 
set in the domain in question!

In fact I do not have a catchall for any domain.

my .qmail-default default is

| /home/vpopmail/bin/vdelivermail '' delete



You set domains for deleting e-mails, not rejecting them when rcpt does 
not exist.


For having not-existing recipients rejected, you must have:

/home/vpopmail/bin/vdelivermail '' bounce

Use qmailadmin to change this behaviour.

Regards,

Tonino

--

in...@zioniInterazioni di Antonio Nati
   http://www.interazioni.it  to...@interazioni.it



-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: CHKUSER accepting for non existant accounts

2010-10-04 Thread Tony White

On 05/10/2010 12:13 PM, Eric Shubert wrote:

Tony White wrote:

On 05/10/2010 11:43 AM, Eric Shubert wrote:

Tony White wrote:

On 05/10/2010 10:59 AM, Eric Shubert wrote:

Tony White wrote:

Hello all,
Can someone suggest what might be going on here please?

2010-10-05 01:37:28.913508500 CHKUSER accepted sender: from
remote

rcpt<> : sender accepted
2010-10-05 01:37:29.427863500 tcpserver: ok 27040 x.x.x.x:25
:190.71.212.250::62480
2010-10-05 01:37:29.458675500 CHKUSER accepted rcpt: from
remote

rcpt : found existing recipient
2010-10-05 01:37:29.458697500 policy_check: localarmstr...@domain.net -> localarmstr...@domain.net
(UNAUTHENTICATED SENDER)

2010-10-05 01:37:29.458719500 policy_check: policy allows transmission
2010-10-05 01:37:29.459963500 tcpserver: end 27029 status 0
2010-10-05 01:37:29.459964500 tcpserver: status: 3/100
2010-10-05 01:37:29.509451500 rblsmtpd: 190.71.212.250 pid 27040:
451http://www.spamhaus.org/query/bl?ip=190.71.212.250

What I am unsure of is that if the userarmstr...@domain.net does not exist
anywhere on my server
how can CHKUSER accept it? This is pretty much a vanilla install of QMT?

-- best wishes Tony White

Any address will be accepted if there's a CatchAll account defined. You can check that setting either on the
qmailadmin Email Accounts page, or by looking at the contents of the /home/vpopmail/domains//.qmail-default
file.

Thank you for the reply Erik but I do not have any catchall accounts set in the
domain in question!
In fact I do not have a catchall for any domain.

my .qmail-default default is

| /home/vpopmail/bin/vdelivermail '' delete

In that case, did the account ever exist? If so, I would check the vpopmail
database for anything that might be left over.

No the user never existed. I now now watching the logs and seeing a lot of
CHKUSER accepted for users that
never existed or existed 10 years ago.

That's unusual indeed. Perhaps Tonix can shed some light on this. My next step would be to have a look at the chkuser
source to see how it's making that determination. I expect that the chkuser code is probably ok, but there's something in
your setup that's not quite right. Perhaps something that chkuser/vpopmail isn't anticipating.

I have been watching logs for too long now but there really seems to be an
issue to attend to with CHKUSER.
The number of accounts that are NOT stopped by CHKUSER is surprising. I have
built a list of all email addresses
in my system and check the more obvious wrong ones via grep. It appears that
CHKUSER is accepting emails
regardless!
Is it possible I might have to rebuild it for some reason?

--
best wishes
Tony White

To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: CHKUSER accepting for non existant accounts

2010-10-04 Thread Tony White




On 05/10/2010 11:43 AM, Eric Shubert wrote:

Tony White wrote:



On 05/10/2010 10:59 AM, Eric Shubert wrote:

Tony White wrote:



  Hello all,
   Can someone suggest what might be going on here please?

2010-10-05 01:37:28.913508500 CHKUSER accepted sender: from  
remote

rcpt<>  : sender accepted
2010-10-05 01:37:29.427863500 tcpserver: ok 27040 x.x.x.x:25 
:190.71.212.250::62480
2010-10-05 01:37:29.458675500 CHKUSER accepted rcpt: from  
remote
rcpt  : found existing recipient
2010-10-05 01:37:29.458697500 policy_check: localarmstr...@domain.net  ->  localarmstr...@domain.net  (UNAUTHENTICATED 
SENDER)

2010-10-05 01:37:29.458719500 policy_check: policy allows transmission
2010-10-05 01:37:29.459963500 tcpserver: end 27029 status 0
2010-10-05 01:37:29.459964500 tcpserver: status: 3/100
2010-10-05 01:37:29.509451500 rblsmtpd: 190.71.212.250 pid 27040: 
451http://www.spamhaus.org/query/bl?ip=190.71.212.250

   What I am unsure of is that if the userarmstr...@domain.net  does not exist 
anywhere on my server
how can CHKUSER accept it?  This is pretty much a vanilla install of QMT?

-- best wishes Tony White


- 



Any address will be accepted if there's a CatchAll account defined. You can check that setting either on the qmailadmin 
Email Accounts page, or by looking at the contents of the /home/vpopmail/domains//.qmail-default file.




Thank you for the reply Erik but I do not have any catchall accounts set in the 
domain in question!
In fact I do not have a catchall for any domain.

my .qmail-default default is

| /home/vpopmail/bin/vdelivermail '' delete



In that case, did the account ever exist? If so, I would check the vpopmail 
database for anything that might be left over.


No the user never existed. I now now watching the logs and seeing a lot of 
CHKUSER accepted for users that
never existed or existed 10 years ago.

--
best wishes
  Tony White


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: CHKUSER accepting for non existant accounts

2010-10-04 Thread Tony White




On 05/10/2010 10:59 AM, Eric Shubert wrote:

Tony White wrote:



  Hello all,
   Can someone suggest what might be going on here please?

2010-10-05 01:37:28.913508500 CHKUSER accepted sender: from  
remote
rcpt<>  : sender accepted
2010-10-05 01:37:29.427863500 tcpserver: ok 27040 x.x.x.x:25 
:190.71.212.250::62480
2010-10-05 01:37:29.458675500 CHKUSER accepted rcpt: from  
remote
rcpt  : found existing recipient
2010-10-05 01:37:29.458697500 policy_check: localarmstr...@domain.net  ->  localarmstr...@domain.net  (UNAUTHENTICATED 
SENDER)

2010-10-05 01:37:29.458719500 policy_check: policy allows transmission
2010-10-05 01:37:29.459963500 tcpserver: end 27029 status 0
2010-10-05 01:37:29.459964500 tcpserver: status: 3/100
2010-10-05 01:37:29.509451500 rblsmtpd: 190.71.212.250 pid 27040: 
451http://www.spamhaus.org/query/bl?ip=190.71.212.250

   What I am unsure of is that if the userarmstr...@domain.net  does not exist 
anywhere on my server
how can CHKUSER accept it?  This is pretty much a vanilla install of QMT?

-- best wishes Tony White


- 


Any address will be accepted if there's a CatchAll account defined. You can check that setting either on the qmailadmin 
Email Accounts page, or by looking at the contents of the /home/vpopmail/domains//.qmail-default file.




Thank you for the reply Erik but I do not have any catchall accounts set in the 
domain in question!
In fact I do not have a catchall for any domain.

my .qmail-default default is

| /home/vpopmail/bin/vdelivermail '' delete

--
best wishes
  Tony White


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: Chkuser

2010-03-17 Thread madmac





Hi eric
So on the link below, it says we can change things if we dont like them
eg:

  

  CHKUSER_RCPTFORMAT_STRING
  2.0.5
   defined
  "511 sorry, recipient address has invalid format (#5.1.1 -
chkuser)\r\n" 


  Error handled by chkuser and emitted by
qmail-smtpd as
error response. You may change it , if you don't like it 

  


Where do we disable this , and do we need to recompile chkuser when
changed.

Thanks

Eric Shubert wrote:
Michael
Colvin wrote:
  
  Is it easily possible to disable the chkuser
functionality in the toaster?

I want to use it, for obvious reasons, but need to do some account

verification for domains I filter spam for, before implementing
chkuser.



 

Michael J. Colvin

NorCal Internet Services

www.norcalisp.com

 

  
  
See
http://www.interazioni.it/opensource/chkuser/documentation/chkuser_settings.html
  
You should be able to change settings by adding corresponding variables
to your tcp.smtp file. You could also add desired variables to the
/var/qmail/supervise/smtp/run (or submission/run) file to implement
them on a global basis.
  
  





-
Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: Chkuser

2009-12-22 Thread Jake Vickers


Michael Colvin wrote:

Eric Shubert wrote:


Michael Colvin wrote:
  

I'm curious...  Is it possible to setup QMT without implementing
chkuser?  I
know I should use it, and do, but I have a specific need for a server
without that functionality on a temporary basis (Replacing a legacy
server
until I can migrate users to a full QMT infrastructure), and was
wondering
what was the easiest/best way to do it.

Any suggestions?


Michael J. Colvin
NorCal Internet Services
www.norcalisp.com



It's primarily a patch file included in the qmail-toaster package.
You'd need to modify the .spec file to not include that patch. I think
that's all it would take. There are (also) some chkuser related
variables in tcp.smtp, but I don't think you would necessarily need to
remove them.

  

Correct. If you just remove the patch call in the %prep directive, it
will not apply that patch.
Can I ask what you're trying to accomplish? There may be another way to
get what you want.




I have some legacy QMR servers that are acting mainly as spam filters.  They
are set up to accept all mail sent to them (rcpthosts permitting of course),
filter the mail (Mainly SpamDyke) then forward to customer mail servers
(Other QMR servers or their Exchange servers).

Some of the domains I'm filtering for, I don't have a complete list of all
of their e-mail accounts, nor do I have a web GUI in place to allow them to
provide that information, but I'm trying to move these services off of the
existing hardware onto VM's.  The boxes have also become unstable over the
years, so I'm hesitant to simply convert them from Physical to Virtual.  I'd
rather start fresh with a couple QMT's set up as VM's, and migrate those
services off of the legacy stuff to the QMT VM's, at least for now, while I
work on gathering all the e-mails, and potentially build a GUI for customer
management of their active e-mails, so that I can implement Chkuser again.

Perhaps there's a way to modify the MySQL query, or maybe an entry in a
table that would be a "Wildcard"?  Then I could leave the patch, and add
entries to the chkuser table as I confirm the e-mails??..??

  


Sounds like what you want is to scan emails and then pass them on to 
another mail server. Check these out (no modifications required!):


http://video.qmailtoaster.com/video/setup-as-frontend-for-exchange.html
http://wiki.qmailtoaster.com/index.php/Scanning_External_non_locally_hosted_domains

RE: [qmailtoaster] Re: Chkuser

2009-12-22 Thread Michael Colvin

> Eric Shubert wrote:
> > Michael Colvin wrote:
> >> I'm curious...  Is it possible to setup QMT without implementing
> >> chkuser?  I
> >> know I should use it, and do, but I have a specific need for a server
> >> without that functionality on a temporary basis (Replacing a legacy
> >> server
> >> until I can migrate users to a full QMT infrastructure), and was
> >> wondering
> >> what was the easiest/best way to do it.
> >>
> >> Any suggestions?
> >>
> >>
> >> Michael J. Colvin
> >> NorCal Internet Services
> >> www.norcalisp.com
> >>
> >
> > It's primarily a patch file included in the qmail-toaster package.
> > You'd need to modify the .spec file to not include that patch. I think
> > that's all it would take. There are (also) some chkuser related
> > variables in tcp.smtp, but I don't think you would necessarily need to
> > remove them.
> >
> 
> Correct. If you just remove the patch call in the %prep directive, it
> will not apply that patch.
> Can I ask what you're trying to accomplish? There may be another way to
> get what you want.
> 

I have some legacy QMR servers that are acting mainly as spam filters.  They
are set up to accept all mail sent to them (rcpthosts permitting of course),
filter the mail (Mainly SpamDyke) then forward to customer mail servers
(Other QMR servers or their Exchange servers).

Some of the domains I'm filtering for, I don't have a complete list of all
of their e-mail accounts, nor do I have a web GUI in place to allow them to
provide that information, but I'm trying to move these services off of the
existing hardware onto VM's.  The boxes have also become unstable over the
years, so I'm hesitant to simply convert them from Physical to Virtual.  I'd
rather start fresh with a couple QMT's set up as VM's, and migrate those
services off of the legacy stuff to the QMT VM's, at least for now, while I
work on gathering all the e-mails, and potentially build a GUI for customer
management of their active e-mails, so that I can implement Chkuser again.

Perhaps there's a way to modify the MySQL query, or maybe an entry in a
table that would be a "Wildcard"?  Then I could leave the patch, and add
entries to the chkuser table as I confirm the e-mails??..??

Michael J. Colvin
NorCal Internet Services
www.norcalisp.com

-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.

  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: Chkuser

2009-12-21 Thread Jake Vickers


Eric Shubert wrote:

Michael Colvin wrote:
I'm curious...  Is it possible to setup QMT without implementing 
chkuser?  I

know I should use it, and do, but I have a specific need for a server
without that functionality on a temporary basis (Replacing a legacy 
server
until I can migrate users to a full QMT infrastructure), and was 
wondering

what was the easiest/best way to do it.

Any suggestions?

 
Michael J. Colvin

NorCal Internet Services
www.norcalisp.com
 


It's primarily a patch file included in the qmail-toaster package. 
You'd need to modify the .spec file to not include that patch. I think 
that's all it would take. There are (also) some chkuser related 
variables in tcp.smtp, but I don't think you would necessarily need to 
remove them.




Correct. If you just remove the patch call in the %prep directive, it 
will not apply that patch.
Can I ask what you're trying to accomplish? There may be another way to 
get what you want.



-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: chkuser problem again

2009-10-29 Thread sysadmin


Great, That fixed it,

Thanks to all

madmac

Eric Shubert wrote:
The 127. line is primarily for SquirrelMail, so SENDER_NOCHECK 
wouldn't have much of an effect there. If you have a web app on your 
toaster, it might come into play though, depending on how your web app 
addresses the toaster (using localhost or the external interface).


FWIW, SquirrelMail can be configured to pass authentication 
credentials on to qmail, so this line wouldn't be necessary. I've 
deleted the 127.: line from my tcp.smtp file, and here is the 
/etc/squirrelmail/config_local.php file I use:


[r...@doris squirrelmail]# cat config_local.php
http://www.qmailtoaster.org/';
$provider_name  = 'QmailToaster';
$smtpServerAddress  = 'localhost';
$smtpPort   = 587;
$smtp_auth_mech = 'login';

$useSendmail  = false;
$imap_server_type = 'dovecot';
$optional_delimiter   = 'detect';
$default_folder_prefix= '';
$show_prefix_option   = false;
$force_username_lowercase = true;
$hide_sm_attributions = true;
$plugins[] = 'calendar';
$plugins[] = 'notes';
$plugins[] = 'filters';
$plugins[] = 'quota_usage';
$plugins[] = 'unsafe_image_rules';
$plugins[] = 'qmailadmin_login';
?>
[r...@doris squirrelmail]#

PakOgah wrote:

it's weird, I dont have SENDER_NOCHECK on my 127 line.

127.:allow,RELAYCLIENT="",DKSIGN="/var/qmail/control/domainkeys/%/private",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",NOP0FCHECK="1",RBLSMTPD="" 



sysadmin wrote:

Still get same error :
host mx.abcdf.com[12.34.56.78] said: 511 sorry, can't find a
   valid MX for sender domain (#5.1.1 - chkuser) (in reply to MAIL FROM
   command)

AND
fatal: unable to parse this line: 
127.:allow,RELAYCLIENT="",DKSIGN="/var/qmail/control/domainkeys/%/private",RBLSMTPD="",NOP0FCHECK="1",SENDER_NOCHECK="1" 



madmac

sysadmin wrote:

Damm stubby fingers,
Thanks Steve, I will reset and try that.

madmac

Steve Huff wrote:


On Oct 28, 2009, at 4:39 PM, sysadmin wrote:

tcprules: fatal: unable to parse this line: 
127.:allow,RELAYCLIENT="",DKSIGN="/var/qmail/control/domainkeys/%/private",RBLSMTPD="",NOP0FCHECK="1"SENDER_NOCHECK="1" 




see the word "fatal" up there?  that means badness.  if you see a 
warning like that, you should not expect that everything will work 
correctly.


you forgot the comma between the NOP0FCHECK and SENDER_NOCHECK 
directives.


-steve







-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: chkuser config and patch tweaks on fresh QTP install

Re: [qmailtoaster] Re: chkuser config and patch tweaks on fresh QTP install

Re: [qmailtoaster] Re: chkuser rejecting mail to users with hyphens

Re: [qmailtoaster] Re: chkuser rejecting mail to users with hyphens

Re: [qmailtoaster] Re: chkuser rejecting mail to users with hyphens

Re: [qmailtoaster] Re: chkuser rejecting mail to users with hyphens

Re: [qmailtoaster] Re: chkuser rejecting mail to users with hyphens

Re: [qmailtoaster] Re: chkuser rejecting mail to users with hyphens

Re: [qmailtoaster] Re: chkuser rejecting mail to users with hyphens

Re: [qmailtoaster] Re: CHKUSER > invalid rcpt MX domain

Re: [qmailtoaster] Re: CHKUSER > invalid rcpt MX domain

Re: [qmailtoaster] Re: CHKUSER > invalid rcpt MX domain

Re: [qmailtoaster] Re: CHKUSER > invalid rcpt MX domain

Re: [qmailtoaster] Re: CHKUSER > invalid rcpt MX domain

Re: [qmailtoaster] Re: CHKUSER accepting for non existant accounts

Re: [qmailtoaster] Re: CHKUSER accepting for non existant accounts

Re: [qmailtoaster] Re: CHKUSER accepting for non existant accounts

Re: [qmailtoaster] Re: CHKUSER accepting for non existant accounts

Re: [qmailtoaster] Re: CHKUSER accepting for non existant accounts

Re: [qmailtoaster] Re: CHKUSER accepting for non existant accounts

Re: [qmailtoaster] Re: CHKUSER accepting for non existant accounts

Re: [qmailtoaster] Re: Chkuser

Re: [qmailtoaster] Re: Chkuser

RE: [qmailtoaster] Re: Chkuser

Re: [qmailtoaster] Re: Chkuser

Re: [qmailtoaster] Re: chkuser problem again

26 matches

Site Navigation

Mail list logo

Footer information