Re: [qmailtoaster] RBL blocks my roaming users
On this day, 09-November-2006 12:23 AM, Jake Vickers wrote: P.V.Anthony wrote: On this day, 08-November-2006 11:15 PM, Eric Shubes wrote: IOW, set up an additional SMTP process which doesn't use RBLs and listens on whatever port, and have the roaming (or all) users use the whatever port? This is what I am doing currently and the roaming users like it. P.V.Anthony If it's not too much trouble, can you write up a how-to in the wiki for others? I've seen this come across the list a couple times, so some people would find it of use. Thanks! Sorry for the late reply. What I do is not very special or very secure. I will just mention it here. If it is good enough then I will add it to the wiki. What I do is just create another one more service of smtp but this smtp runs on another port. Then I disable the RBL blocks on the new smtp. I ask my customers to set their email clients to use the smtp on the new port. P.V.Anthony - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] RBL blocks my roaming users
I'd recommend you upgrade to the qmail-toaster package on http://devel.qmailtoaster.com since it supports SMTP-Submission port 587 and forces authentication to be required. Erik On 11/12/06, P.V.Anthony [EMAIL PROTECTED] wrote: On this day, 09-November-2006 12:23 AM, Jake Vickers wrote: P.V.Anthony wrote: On this day, 08-November-2006 11:15 PM, Eric Shubes wrote: IOW, set up an additional SMTP process which doesn't use RBLs and listens on whatever port, and have the roaming (or all) users use the whatever port? This is what I am doing currently and the roaming users like it. P.V.Anthony If it's not too much trouble, can you write up a how-to in the wiki for others? I've seen this come across the list a couple times, so some people would find it of use. Thanks! Sorry for the late reply. What I do is not very special or very secure. I will just mention it here. If it is good enough then I will add it to the wiki. What I do is just create another one more service of smtp but this smtp runs on another port. Then I disable the RBL blocks on the new smtp. I ask my customers to set their email clients to use the smtp on the new port. P.V.Anthony - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] RBL blocks my roaming users
On 11/13/06, Erik Espinoza [EMAIL PROTECTED] wrote: I'd recommend you upgrade to the qmail-toaster package onhttp://devel.qmailtoaster.com since it supports SMTP-Submission port587 and forces authentication to be required. thanks eric i'll try because my client use national telecommunication internet provider ( that had a lot not capable employee) always block by rbl so i always remove all rbl in holidays so my client can use outlook in homes/mobile regards
Re: [qmailtoaster] RBL blocks my roaming users
Bill Kwok wrote: Dear all, Recently, some of my users, all of them are roaming users,complaint that they can't send email through our qmail server. The bounce back message is similar to this: Subject: RE: Sent: 11/7/2006 11:44 PM The following recipient(s) could not be reached: '[EMAIL PROTECTED] ' on 11/7/2006 11:44 PM 451 http://dsbl.org/listing?nnn.0.192.136 I believe it is due to the changes I've made to the blacklist. Here's my current /var/qmail/control/blacklists: -r sbl-xbl.spamhaus.org -r bl.spamcop.net -r relays.ordb.org -r dnsbl.antispam.or.id -r opm.blitzed.org -r list.dsbl.org -r cbl.abuseat.org Try taking spamcop out and see if that clears it up. That one is pretty touchy sometimes.
Re: [qmailtoaster] RBL blocks my roaming users
Bill Kwok wrote: Dear all, Recently, some of my users, all of them are roaming users, complaint that they can't send email through our qmail server. The bounce back message is similar to this: Subject: RE: Sent: 11/7/2006 11:44 PM The following recipient(s) could not be reached: '[EMAIL PROTECTED] ' mailto:'[EMAIL PROTECTED]' on 11/7/2006 11:44 PM 451 http://dsbl.org/listing?nnn.0.192.136 I believe it is due to the changes I've made to the blacklist. Here's my current /var/qmail/control/blacklists: -r sbl-xbl.spamhaus.org http://sbl-xbl.spamhaus.org -r bl.spamcop.net http://bl.spamcop.net -r relays.ordb.org http://relays.ordb.org -r dnsbl.antispam.or.id http://dnsbl.antispam.or.id -r opm.blitzed.org http://opm.blitzed.org -r list.dsbl.org http://list.dsbl.org -r cbl.abuseat.org http://cbl.abuseat.org My questions are: 1. Does my blacklist too aggressive? The 451 error names the BL that rejected the IP: dsbl.org. If you remove that, they'll probably pass (unless they're listed on abuseat.org). Your blacklists file looks strange to me. Why the 'http://*' entries? 2. Is there any way to skip RBL checking if users have authenticated themselves? No. This is due to the fact that rblsmtpd runs before qmail-smtpd in the smtp session. I doubt that this can be changed easily. See man rblsmtpd for more info. Thank you very much. Best regards, Bill -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] RBL blocks my roaming users
It is not spamcop but, in his case,list.dsbl.org is the one that needs to be excluded. I was asking same thing couple weeks ago, but no real life solution yet. Lookfor "How to skip RBL check after successful SMTP AUTH" Solution is that roaming user first has to be authenticated via SMTP. Aftersuccessfulauthentication,hisIPshouldbeexcludedfromRBLfornextcoupleminutes. So some patch needs to be implemented, like this one here http://xs3.b92.net/tomislavr/qmail.html I did not have time to test this, but I do believe that this would be solution here. Hope this helps. Dejan
RE: [qmailtoaster] RBL blocks my roaming users
A better and straightforward solution for this kind of stuff is enabling submission port (http://www.ietf.org/rfc/rfc2476.txt). That won't let spammers or wrong doers pass, and your relay users won't be blocked by a RBL anymore. IMHO this is the simplest and safest way. *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* | David Sanchez Martin | [EMAIL PROTECTED] Administrador de Sistemas| http://www.e2000.es http://www.e2000.es/ E2000 Nuevas Tecnologias | | E2000 Organizacion de Empresarios|Tel : +34 902 19 61 77 Mediadores de Seguros | | Agustin Bravo Esquina Calle C| 33120 Pravia Asturias Spain | | *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* De: It Support @ 011 Computers Inc. [mailto:[EMAIL PROTECTED] Enviado el: miércoles, 08 de noviembre de 2006 15:06 Para: qmailtoaster-list@qmailtoaster.com Asunto: RE: [qmailtoaster] RBL blocks my roaming users It is not spamcop but, in his case, list.dsbl.org http://list.dsbl.org/ is the one that needs to be excluded. I was asking same thing couple weeks ago, but no real life solution yet. Look for How to skip RBL check after successful SMTP AUTH Solution is that roaming user first has to be authenticated via SMTP. After successful authentication, his IP should be excluded from RBL for next couple minutes. So some patch needs to be implemented, like this one here http://xs3.b92.net/tomislavr/qmail.html I did not have time to test this, but I do believe that this would be solution here. Hope this helps. Dejan BEGIN:VCARD VERSION:2.1 N:Sánchez Martín;David FN:[EMAIL PROTECTED] ([EMAIL PROTECTED]) ORG:E2000 Financial Investments, S.A.;Centro de Nuevas Tecnologías TITLE:Administrador de Sistemas TEL;WORK;VOICE:902196177 ADR;WORK;ENCODING=QUOTED-PRINTABLE:;;Agust=EDn Bravo 17 2=BA B=0D=0A33120 PRAVIA;Asturias;;;Espa=F1a LABEL;WORK;ENCODING=QUOTED-PRINTABLE:Agust=EDn Bravo 17 2=BA B=0D=0A33120 PRAVIA=0D=0AAsturias=0D=0AEspa=F1a URL;WORK:http://www.e2000.es EMAIL;PREF;INTERNET:[EMAIL PROTECTED] REV:20060705T152542Z END:VCARD - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] RBL blocks my roaming users
It Support @ 011 Computers Inc. wrote: It is not spamcop but, in his case, list.dsbl.org http://list.dsbl.org/ is the one that needs to be excluded. I was asking same thing couple weeks ago, but no real life solution yet. Look for How to skip RBL check after successful SMTP AUTH Solution is that roaming user first has to be authenticated via SMTP. After successful authentication, his IP should be excluded from RBL for next couple minutes. So some patch needs to be implemented, like this one here http://xs3.b92.net/tomislavr/qmail.html I did not have time to test this, but I do believe that this would be solution here. Hope this helps. Dejan Nice find, Dejan. This looks like a nice feature. However, it doesn't appear to be a trivial enhancement (not that it can't be done). From what I can understand looking at Tomislavr's page, installing this capability would involve: .) patch to ucspi-tcp-0.88 which adds rblspp. This requires errno and Alan Curry's patches be done beforehand. .) patch to qmail for plugins capability. This could be tricky, given the number of patches already applied to qmail-toaster. Also, I'm not sure how the current SMTP-AUTH patch fits in to this scenario. .) include ifauthskip.c, install as plugin .) include authlogger.c, install as plugin (as long as we're at it!) This wouldn't necessarily eliminate the current rblsmtpd, as the author notes: I like to have separate MX and user SMTP service, where MXs use rblsmtpd, and SMTPs suggested solution - both with aggressive RBL checks. BL, this feels to me like a 'minor' release (i.e. toaster 1.4) enhancement. Also, are there any other patches available like this, or another way to accomplish it? If so, they should be considered too. So would anyone like to take this on? I imagine that EE's plate is full enough at the present time, but I'll let him speak for himself on this. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] RBL blocks my roaming users
IOW, set up an additional SMTP process which doesn't use RBLs and listens on whatever port, and have the roaming (or all) users use the whatever port? Do we have a wiki TNT for that? David Sánchez Martín wrote: A better and straightforward solution for this kind of stuff is enabling submission port (http://www.ietf.org/rfc/rfc2476.txt). That won't let spammers or wrong doers pass, and your relay users won't be blocked by a RBL anymore. IMHO this is the simplest and safest way. *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* | David Sanchez Martin | [EMAIL PROTECTED] Administrador de Sistemas| http://www.e2000.es http://www.e2000.es/ E2000 Nuevas Tecnologias | | E2000 Organizacion de Empresarios|Tel : +34 902 19 61 77 Mediadores de Seguros | | Agustin Bravo Esquina Calle C| 33120 Pravia Asturias Spain | | *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* De: It Support @ 011 Computers Inc. [mailto:[EMAIL PROTECTED] Enviado el: miércoles, 08 de noviembre de 2006 15:06 Para: qmailtoaster-list@qmailtoaster.com Asunto: RE: [qmailtoaster] RBL blocks my roaming users It is not spamcop but, in his case, list.dsbl.org http://list.dsbl.org/ is the one that needs to be excluded. I was asking same thing couple weeks ago, but no real life solution yet. Look for How to skip RBL check after successful SMTP AUTH Solution is that roaming user first has to be authenticated via SMTP. After successful authentication, his IP should be excluded from RBL for next couple minutes. So some patch needs to be implemented, like this one here http://xs3.b92.net/tomislavr/qmail.html I did not have time to test this, but I do believe that this would be solution here. Hope this helps. Dejan -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] RBL blocks my roaming users
Another SMTP listening on submission port is not enough. It must not accept non authenticated mails (and probably force to be tls), because a spammer can easily bypass the RBL checks on 25 and send his crap over the submission port. Unfortunately AFAIK there's no way with current qmail-smtpd patched server to do this. With this combined patchset http://qmail.jms1.net/patches/combined-6c5.shtml and following http://qmail.jms1.net/tls-auth.shtml you can force TLS and authentication in qmail-smtpd. I'm trying that with the qmail-smptd patched against that combined patches and with the toaster, but with no luck until now. *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* | David Sanchez Martin | [EMAIL PROTECTED] Administrador de Sistemas| http://www.e2000.es E2000 Nuevas Tecnologias | | E2000 Organizacion de Empresarios|Tel : +34 902 19 61 77 Mediadores de Seguros | | Agustin Bravo Esquina Calle C| 33120 Pravia Asturias Spain | | *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* -Mensaje original- De: Eric Shubes [mailto:[EMAIL PROTECTED] Enviado el: miércoles, 08 de noviembre de 2006 16:15 Para: qmailtoaster-list@qmailtoaster.com Asunto: Re: [qmailtoaster] RBL blocks my roaming users IOW, set up an additional SMTP process which doesn't use RBLs and listens on whatever port, and have the roaming (or all) users use the whatever port? Do we have a wiki TNT for that? David Sánchez Martín wrote: A better and straightforward solution for this kind of stuff is enabling submission port (http://www.ietf.org/rfc/rfc2476.txt). That won't let spammers or wrong doers pass, and your relay users won't be blocked by a RBL anymore. IMHO this is the simplest and safest way. *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* | David Sanchez Martin | [EMAIL PROTECTED] Administrador de Sistemas| http://www.e2000.es http://www.e2000.es/ E2000 Nuevas Tecnologias | | E2000 Organizacion de Empresarios|Tel : +34 902 19 61 77 Mediadores de Seguros | | Agustin Bravo Esquina Calle C| 33120 Pravia Asturias Spain | | *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* De: It Support @ 011 Computers Inc. [mailto:[EMAIL PROTECTED] Enviado el: miércoles, 08 de noviembre de 2006 15:06 Para: qmailtoaster-list@qmailtoaster.com Asunto: RE: [qmailtoaster] RBL blocks my roaming users It is not spamcop but, in his case, list.dsbl.org http://list.dsbl.org/ is the one that needs to be excluded. I was asking same thing couple weeks ago, but no real life solution yet. Look for How to skip RBL check after successful SMTP AUTH Solution is that roaming user first has to be authenticated via SMTP. After successful authentication, his IP should be excluded from RBL for next couple minutes. So some patch needs to be implemented, like this one here http://xs3.b92.net/tomislavr/qmail.html I did not have time to test this, but I do believe that this would be solution here. Hope this helps. Dejan -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] BEGIN:VCARD VERSION:2.1 N:Sánchez Martín;David FN:[EMAIL PROTECTED] ([EMAIL PROTECTED]) ORG:E2000 Financial Investments, S.A.;Centro de Nuevas Tecnologías TITLE:Administrador de Sistemas TEL;WORK;VOICE:902196177 ADR;WORK;ENCODING=QUOTED-PRINTABLE:;;Agust=EDn Bravo 17 2=BA B=0D=0A33120 PRAVIA;Asturias;;;Espa=F1a LABEL;WORK;ENCODING=QUOTED-PRINTABLE:Agust=EDn Bravo 17 2=BA B=0D=0A33120 PRAVIA=0D=0AAsturias=0D=0AEspa=F1a URL;WORK:http://www.e2000.es EMAIL;PREF;INTERNET:[EMAIL PROTECTED] REV:20060705T152542Z END:VCARD - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] RBL blocks my roaming users
On this day, 08-November-2006 11:15 PM, Eric Shubes wrote: IOW, set up an additional SMTP process which doesn't use RBLs and listens on whatever port, and have the roaming (or all) users use the whatever port? This is what I am doing currently and the roaming users like it. P.V.Anthony - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] RBL blocks my roaming users
P.V.Anthony wrote: On this day, 08-November-2006 11:15 PM, Eric Shubes wrote: IOW, set up an additional SMTP process which doesn't use RBLs and listens on whatever port, and have the roaming (or all) users use the whatever port? This is what I am doing currently and the roaming users like it. P.V.Anthony If it's not too much trouble, can you write up a how-to in the wiki for others? I've seen this come across the list a couple times, so some people would find it of use. Thanks! - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] RBL blocks my roaming users
Jake Vickers wrote: P.V.Anthony wrote: On this day, 08-November-2006 11:15 PM, Eric Shubes wrote: IOW, set up an additional SMTP process which doesn't use RBLs and listens on whatever port, and have the roaming (or all) users use the whatever port? This is what I am doing currently and the roaming users like it. P.V.Anthony If it's not too much trouble, can you write up a how-to in the wiki for others? I've seen this come across the list a couple times, so some people would find it of use. Thanks! Also, after looking at rfc2476, I see that port 587 (not 'whatever') is the standard port for submissions. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] RBL blocks my roaming users
Eric Shubes wrote: Also, after looking at rfc2476, I see that port 587 (not 'whatever') is the standard port for submissions. Thanks for looking that up for us. I'd never thought of RFC2476 + - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] RBL blocks my roaming users
CanopyAdmin wrote: Eric Shubes wrote: Also, after looking at rfc2476, I see that port 587 (not 'whatever') is the standard port for submissions. Thanks for looking that up for us. I'd never thought of RFC2476 + Thanks to David, he sent the link! ;) -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] RBL blocks my roaming users
Not at all, but you must know that with the qmail-smtpd distributed with the toaster is not possible to accept _ONLY_ authenticated (and TLS as an option) If you configure a smtpd server on 587 with current qmail-smtd and disabling RBL you let spammers pass over your RBL checks! Someone has a working conf of submission for ONLY relay users ??? I was working on patching an alternative qmail-smtpd but with not too much luck and no too much time now :-( CanopyAdmin wrote: Eric Shubes wrote: Also, after looking at rfc2476, I see that port 587 (not 'whatever') is the standard port for submissions. Thanks for looking that up for us. I'd never thought of RFC2476 + Thanks to David, he sent the link! ;) -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] RBL blocks my roaming users
[EMAIL PROTECTED] wrote: Not at all, but you must know that with the qmail-smtpd distributed with the toaster is not possible to accept _ONLY_ authenticated (and TLS as an option) When RELAYCLIENT is not set everyone must authenticate, no? Otherwise I think it'd be an open relay. If you configure a smtpd server on 587 with current qmail-smtd and disabling RBL you let spammers pass over your RBL checks! RBL checks yes, but not authentication, providing you don't set the RELAYCLIENT variable. Someone has a working conf of submission for ONLY relay users ??? Not me. I'm purely hypothetical! :) (not really) I was working on patching an alternative qmail-smtpd but with not too much luck and no too much time now :-( I've not much time either, but qmailtoaster-plus is nearly ready for release. ;) -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] RBL blocks my roaming users
I made a small patch to have the REQUIRE_AUTH functionality. If wanted I can add the REQUIRE_TLS part also.. (I used parts of http://qmail.jms1.net/patches/combined-6c5.shtml btw ) To enable it just add export REQUIRE_AUTH=1 to the run script for your submission smtpd Jean-Paul - Original Message - From: Eric Shubes [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, November 08, 2006 9:38 PM Subject: Re: [qmailtoaster] RBL blocks my roaming users [EMAIL PROTECTED] wrote: Not at all, but you must know that with the qmail-smtpd distributed with the toaster is not possible to accept _ONLY_ authenticated (and TLS as an option) When RELAYCLIENT is not set everyone must authenticate, no? Otherwise I think it'd be an open relay. If you configure a smtpd server on 587 with current qmail-smtd and disabling RBL you let spammers pass over your RBL checks! RBL checks yes, but not authentication, providing you don't set the RELAYCLIENT variable. Someone has a working conf of submission for ONLY relay users ??? Not me. I'm purely hypothetical! :) (not really) I was working on patching an alternative qmail-smtpd but with not too much luck and no too much time now :-( I've not much time either, but qmailtoaster-plus is nearly ready for release. ;) -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] qmail-require_auth.patch Description: Binary data - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] RBL blocks my roaming users
Sweet, I was just talking with Nick about implementing this component of that patch in QmailToaster. Erik On 11/8/06, Jean-Paul van de Plasse [EMAIL PROTECTED] wrote: I made a small patch to have the REQUIRE_AUTH functionality. If wanted I can add the REQUIRE_TLS part also.. (I used parts of http://qmail.jms1.net/patches/combined-6c5.shtml btw ) To enable it just add export REQUIRE_AUTH=1 to the run script for your submission smtpd Jean-Paul - Original Message - From: Eric Shubes [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, November 08, 2006 9:38 PM Subject: Re: [qmailtoaster] RBL blocks my roaming users [EMAIL PROTECTED] wrote: Not at all, but you must know that with the qmail-smtpd distributed with the toaster is not possible to accept _ONLY_ authenticated (and TLS as an option) When RELAYCLIENT is not set everyone must authenticate, no? Otherwise I think it'd be an open relay. If you configure a smtpd server on 587 with current qmail-smtd and disabling RBL you let spammers pass over your RBL checks! RBL checks yes, but not authentication, providing you don't set the RELAYCLIENT variable. Someone has a working conf of submission for ONLY relay users ??? Not me. I'm purely hypothetical! :) (not really) I was working on patching an alternative qmail-smtpd but with not too much luck and no too much time now :-( I've not much time either, but qmailtoaster-plus is nearly ready for release. ;) -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] RBL blocks my roaming users
[EMAIL PROTECTED] wrote: Not at all, but you must know that with the qmail-smtpd distributed with the toaster is not possible to accept _ONLY_ authenticated (and TLS as an option) When RELAYCLIENT is not set everyone must authenticate, no? Otherwise I think it'd be an open relay. Nope, when RELAYCLIENT is not set you can authenticate and send email to any domain, or don't authenticate and send a mail to one of the rcpthosts. A RBL'd spammer on port 25 can send spam to your domains over the submission port. I didn't say openrelay, i meant spam to your own domains (as port 25 without RBL's) If you configure a smtpd server on 587 with current qmail-smtd and disabling RBL you let spammers pass over your RBL checks! RBL checks yes, but not authentication, providing you don't set the RELAYCLIENT variable. Someone has a working conf of submission for ONLY relay users ??? Not me. I'm purely hypothetical! :) (not really) I was working on patching an alternative qmail-smtpd but with not too much luck and no too much time now :-( I've not much time either, but qmailtoaster-plus is nearly ready for release. ;) Well you are very productive. :-) -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] RBL blocks my roaming users
Great news! Could you contribute a lil' howto in the wiki or to the list. (saying something like patched against, this this and this file and not this :-P) This would be great! ;-) I made a small patch to have the REQUIRE_AUTH functionality. If wanted I can add the REQUIRE_TLS part also.. (I used parts of http://qmail.jms1.net/patches/combined-6c5.shtml btw ) To enable it just add export REQUIRE_AUTH=1 to the run script for your submission smtpd Jean-Paul - Original Message - From: Eric Shubes [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, November 08, 2006 9:38 PM Subject: Re: [qmailtoaster] RBL blocks my roaming users [EMAIL PROTECTED] wrote: Not at all, but you must know that with the qmail-smtpd distributed with the toaster is not possible to accept _ONLY_ authenticated (and TLS as an option) When RELAYCLIENT is not set everyone must authenticate, no? Otherwise I think it'd be an open relay. If you configure a smtpd server on 587 with current qmail-smtd and disabling RBL you let spammers pass over your RBL checks! RBL checks yes, but not authentication, providing you don't set the RELAYCLIENT variable. Someone has a working conf of submission for ONLY relay users ??? Not me. I'm purely hypothetical! :) (not really) I was working on patching an alternative qmail-smtpd but with not too much luck and no too much time now :-( I've not much time either, but qmailtoaster-plus is nearly ready for release. ;) -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] RBL blocks my roaming users
Sure, I kinda expected someone who can change the rpm's would pick it up as it really is a small thing. Anyways, the only file you need to patch is qmail-smtpd.c I attached a new patch, since the previous one failed on a silly newline. Making this work requires the following steps: Save the patch in say /tmp rpm -Uvh qmail-toaster*.src.rpm cd /usr/src/redhat/SPECS (assuming you are using CentOS 4) edit qmail-toaster.spec find 'sleep 5' (should be line 606) change 5 to 300 (5 seconds to 300 seconds) rpmbuild -bb --with cnt40 qmail-toaster.spec When the build process pauses, make your changes. You have 5 minutes. cd /usr/src/redhat/BUILD/qmail- 1.03/ patch /tmp/qmail-require_auth.patch Wait for the 300 seconds to expire and watch it build. cd ../RPMS/i386/ qmailctl stop rpm -Uvh --replacefiles --replacepkgs qmail-*.rpm qmailctl start Now to enable this on a specific port you have to cd /var/qmail/supervise cp -rfa smtp smtp-submission cd smtp-submission edit run and add at least the line export REQUIRE_AUTH=1 And change remove the rblcheck and change the port so the exec line becomes like this : exec /usr/bin/softlimit -m 1200 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 587 \ $SMTPD $VCHKPW /bin/true 21 Now cd log and edit run so this smtpd goes to its own log dir ie: exec /usr/bin/setuidgid qmaill /usr/bin/multilog t s$LOGSIZE n$LOGCOUNT /var/log/qmail/smtp-submission 21 qmailctl stop qmailctl start That should be it, if I missed something or am explaining it differently then it should be please feel free to addon or adjust. Regards, Jean-Paul - Original Message - From: [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, November 08, 2006 11:07 PM Subject: Re: [qmailtoaster] RBL blocks my roaming users Great news! Could you contribute a lil' howto in the wiki or to the list. (saying something like patched against, this this and this file and not this :-P) This would be great! ;-) I made a small patch to have the REQUIRE_AUTH functionality. If wanted I can add the REQUIRE_TLS part also.. (I used parts of http://qmail.jms1.net/patches/combined-6c5.shtml btw ) To enable it just add export REQUIRE_AUTH=1 to the run script for your submission smtpd Jean-Paul - Original Message - From: Eric Shubes [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, November 08, 2006 9:38 PM Subject: Re: [qmailtoaster] RBL blocks my roaming users [EMAIL PROTECTED] wrote: Not at all, but you must know that with the qmail-smtpd distributed with the toaster is not possible to accept _ONLY_ authenticated (and TLS as an option) When RELAYCLIENT is not set everyone must authenticate, no? Otherwise I think it'd be an open relay. If you configure a smtpd server on 587 with current qmail-smtd and disabling RBL you let spammers pass over your RBL checks! RBL checks yes, but not authentication, providing you don't set the RELAYCLIENT variable. Someone has a working conf of submission for ONLY relay users ??? Not me. I'm purely hypothetical! :) (not really) I was working on patching an alternative qmail-smtpd but with not too much luck and no too much time now :-( I've not much time either, but qmailtoaster-plus is nearly ready for release. ;) -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] qmail-require_auth.patch Description: Binary data - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] RBL blocks my roaming users
I'll have this patched and on the site later this week. Erik On 11/8/06, Jean-Paul van de Plasse [EMAIL PROTECTED] wrote: Sure, I kinda expected someone who can change the rpm's would pick it up as it really is a small thing. Anyways, the only file you need to patch is qmail-smtpd.c I attached a new patch, since the previous one failed on a silly newline. Making this work requires the following steps: Save the patch in say /tmp rpm -Uvh qmail-toaster*.src.rpm cd /usr/src/redhat/SPECS (assuming you are using CentOS 4) edit qmail-toaster.spec find 'sleep 5' (should be line 606) change 5 to 300 (5 seconds to 300 seconds) rpmbuild -bb --with cnt40 qmail-toaster.spec When the build process pauses, make your changes. You have 5 minutes. cd /usr/src/redhat/BUILD/qmail- 1.03/ patch /tmp/qmail-require_auth.patch Wait for the 300 seconds to expire and watch it build. cd ../RPMS/i386/ qmailctl stop rpm -Uvh --replacefiles --replacepkgs qmail-*.rpm qmailctl start Now to enable this on a specific port you have to cd /var/qmail/supervise cp -rfa smtp smtp-submission cd smtp-submission edit run and add at least the line export REQUIRE_AUTH=1 And change remove the rblcheck and change the port so the exec line becomes like this : exec /usr/bin/softlimit -m 1200 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 587 \ $SMTPD $VCHKPW /bin/true 21 Now cd log and edit run so this smtpd goes to its own log dir ie: exec /usr/bin/setuidgid qmaill /usr/bin/multilog t s$LOGSIZE n$LOGCOUNT /var/log/qmail/smtp-submission 21 qmailctl stop qmailctl start That should be it, if I missed something or am explaining it differently then it should be please feel free to addon or adjust. Regards, Jean-Paul - Original Message - From: [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, November 08, 2006 11:07 PM Subject: Re: [qmailtoaster] RBL blocks my roaming users Great news! Could you contribute a lil' howto in the wiki or to the list. (saying something like patched against, this this and this file and not this :-P) This would be great! ;-) I made a small patch to have the REQUIRE_AUTH functionality. If wanted I can add the REQUIRE_TLS part also.. (I used parts of http://qmail.jms1.net/patches/combined-6c5.shtml btw ) To enable it just add export REQUIRE_AUTH=1 to the run script for your submission smtpd Jean-Paul - Original Message - From: Eric Shubes [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, November 08, 2006 9:38 PM Subject: Re: [qmailtoaster] RBL blocks my roaming users [EMAIL PROTECTED] wrote: Not at all, but you must know that with the qmail-smtpd distributed with the toaster is not possible to accept _ONLY_ authenticated (and TLS as an option) When RELAYCLIENT is not set everyone must authenticate, no? Otherwise I think it'd be an open relay. If you configure a smtpd server on 587 with current qmail-smtd and disabling RBL you let spammers pass over your RBL checks! RBL checks yes, but not authentication, providing you don't set the RELAYCLIENT variable. Someone has a working conf of submission for ONLY relay users ??? Not me. I'm purely hypothetical! :) (not really) I was working on patching an alternative qmail-smtpd but with not too much luck and no too much time now :-( I've not much time either, but qmailtoaster-plus is nearly ready for release. ;) -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e
Re: [qmailtoaster] RBL blocks my roaming users
[EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: Not at all, but you must know that with the qmail-smtpd distributed with the toaster is not possible to accept _ONLY_ authenticated (and TLS as an option) When RELAYCLIENT is not set everyone must authenticate, no? Otherwise I think it'd be an open relay. Nope, when RELAYCLIENT is not set you can authenticate and send email to any domain, or don't authenticate and send a mail to one of the rcpthosts. A RBL'd spammer on port 25 can send spam to your domains over the submission port. I didn't say openrelay, i meant spam to your own domains (as port 25 without RBL's) I see. Thanks for clearing that up for me, David. I'm certainly no expert on all this (yet), but the fog is lifting, albeit slowly. I really like the rfc2476 writeup you sent. It helps a lot to think of Message Submission Agent (MSA) and Message Transfer Agent (MTA) separately, even though both rolls are played by qmail-smtp (and supporting cast). That's always been a confusing point to me. I hope that the toaster can make these separate at some point in the future. I think that would help (me, at least). If you configure a smtpd server on 587 with current qmail-smtd and disabling RBL you let spammers pass over your RBL checks! RBL checks yes, but not authentication, providing you don't set the RELAYCLIENT variable. I'm obviously (now) wrong here. Local and virtual domains are wide open. Think MTA, not MSA. Thanks again for clearing this up for me, David. Someone has a working conf of submission for ONLY relay users ??? Not me. I'm purely hypothetical! :) (not really) I was working on patching an alternative qmail-smtpd but with not too much luck and no too much time now :-( I've not much time either, but qmailtoaster-plus is nearly ready for release. ;) Well you are very productive. :-) Thanks, but I'm afraid most of my productivity has only been with qmailtoaster-plus. Not a bad thing though. ;) -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] RBL blocks my roaming users
Btw, if there are any other outstanding patches or things I am happy to pick them up. Maybe it would be nice/productive if there was a todo/task/assignment list thing online. Jean-Paul - Original Message - From: Erik Espinoza [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, November 08, 2006 11:39 PM Subject: Re: [qmailtoaster] RBL blocks my roaming users I'll have this patched and on the site later this week. Erik On 11/8/06, Jean-Paul van de Plasse [EMAIL PROTECTED] wrote: Sure, I kinda expected someone who can change the rpm's would pick it up as it really is a small thing. Anyways, the only file you need to patch is qmail-smtpd.c I attached a new patch, since the previous one failed on a silly newline. Making this work requires the following steps: Save the patch in say /tmp rpm -Uvh qmail-toaster*.src.rpm cd /usr/src/redhat/SPECS (assuming you are using CentOS 4) edit qmail-toaster.spec find 'sleep 5' (should be line 606) change 5 to 300 (5 seconds to 300 seconds) rpmbuild -bb --with cnt40 qmail-toaster.spec When the build process pauses, make your changes. You have 5 minutes. cd /usr/src/redhat/BUILD/qmail- 1.03/ patch /tmp/qmail-require_auth.patch Wait for the 300 seconds to expire and watch it build. cd ../RPMS/i386/ qmailctl stop rpm -Uvh --replacefiles --replacepkgs qmail-*.rpm qmailctl start Now to enable this on a specific port you have to cd /var/qmail/supervise cp -rfa smtp smtp-submission cd smtp-submission edit run and add at least the line export REQUIRE_AUTH=1 And change remove the rblcheck and change the port so the exec line becomes like this : exec /usr/bin/softlimit -m 1200 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 587 \ $SMTPD $VCHKPW /bin/true 21 Now cd log and edit run so this smtpd goes to its own log dir ie: exec /usr/bin/setuidgid qmaill /usr/bin/multilog t s$LOGSIZE n$LOGCOUNT /var/log/qmail/smtp-submission 21 qmailctl stop qmailctl start That should be it, if I missed something or am explaining it differently then it should be please feel free to addon or adjust. Regards, Jean-Paul - Original Message - From: [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, November 08, 2006 11:07 PM Subject: Re: [qmailtoaster] RBL blocks my roaming users Great news! Could you contribute a lil' howto in the wiki or to the list. (saying something like patched against, this this and this file and not this :-P) This would be great! ;-) I made a small patch to have the REQUIRE_AUTH functionality. If wanted I can add the REQUIRE_TLS part also.. (I used parts of http://qmail.jms1.net/patches/combined-6c5.shtml btw ) To enable it just add export REQUIRE_AUTH=1 to the run script for your submission smtpd Jean-Paul - Original Message - From: Eric Shubes [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, November 08, 2006 9:38 PM Subject: Re: [qmailtoaster] RBL blocks my roaming users [EMAIL PROTECTED] wrote: Not at all, but you must know that with the qmail-smtpd distributed with the toaster is not possible to accept _ONLY_ authenticated (and TLS as an option) When RELAYCLIENT is not set everyone must authenticate, no? Otherwise I think it'd be an open relay. If you configure a smtpd server on 587 with current qmail-smtd and disabling RBL you let spammers pass over your RBL checks! RBL checks yes, but not authentication, providing you don't set the RELAYCLIENT variable. Someone has a working conf of submission for ONLY relay users ??? Not me. I'm purely hypothetical! :) (not really) I was working on patching an alternative qmail-smtpd but with not too much luck and no too much time now :-( I've not much time either, but qmailtoaster-plus is nearly ready for release. ;) -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org
Re: [qmailtoaster] RBL blocks my roaming users
SRS is the only biggy that we need. Unfortunately there are no SRS patches for Qmail, the support would have to be ported over from H-Sphere. Erik On 11/8/06, Jean-Paul van de Plasse [EMAIL PROTECTED] wrote: Btw, if there are any other outstanding patches or things I am happy to pick them up. Maybe it would be nice/productive if there was a todo/task/assignment list thing online. Jean-Paul - Original Message - From: Erik Espinoza [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, November 08, 2006 11:39 PM Subject: Re: [qmailtoaster] RBL blocks my roaming users I'll have this patched and on the site later this week. Erik On 11/8/06, Jean-Paul van de Plasse [EMAIL PROTECTED] wrote: Sure, I kinda expected someone who can change the rpm's would pick it up as it really is a small thing. Anyways, the only file you need to patch is qmail-smtpd.c I attached a new patch, since the previous one failed on a silly newline. Making this work requires the following steps: Save the patch in say /tmp rpm -Uvh qmail-toaster*.src.rpm cd /usr/src/redhat/SPECS (assuming you are using CentOS 4) edit qmail-toaster.spec find 'sleep 5' (should be line 606) change 5 to 300 (5 seconds to 300 seconds) rpmbuild -bb --with cnt40 qmail-toaster.spec When the build process pauses, make your changes. You have 5 minutes. cd /usr/src/redhat/BUILD/qmail- 1.03/ patch /tmp/qmail-require_auth.patch Wait for the 300 seconds to expire and watch it build. cd ../RPMS/i386/ qmailctl stop rpm -Uvh --replacefiles --replacepkgs qmail-*.rpm qmailctl start Now to enable this on a specific port you have to cd /var/qmail/supervise cp -rfa smtp smtp-submission cd smtp-submission edit run and add at least the line export REQUIRE_AUTH=1 And change remove the rblcheck and change the port so the exec line becomes like this : exec /usr/bin/softlimit -m 1200 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 587 \ $SMTPD $VCHKPW /bin/true 21 Now cd log and edit run so this smtpd goes to its own log dir ie: exec /usr/bin/setuidgid qmaill /usr/bin/multilog t s$LOGSIZE n$LOGCOUNT /var/log/qmail/smtp-submission 21 qmailctl stop qmailctl start That should be it, if I missed something or am explaining it differently then it should be please feel free to addon or adjust. Regards, Jean-Paul - Original Message - From: [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, November 08, 2006 11:07 PM Subject: Re: [qmailtoaster] RBL blocks my roaming users Great news! Could you contribute a lil' howto in the wiki or to the list. (saying something like patched against, this this and this file and not this :-P) This would be great! ;-) I made a small patch to have the REQUIRE_AUTH functionality. If wanted I can add the REQUIRE_TLS part also.. (I used parts of http://qmail.jms1.net/patches/combined-6c5.shtml btw ) To enable it just add export REQUIRE_AUTH=1 to the run script for your submission smtpd Jean-Paul - Original Message - From: Eric Shubes [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, November 08, 2006 9:38 PM Subject: Re: [qmailtoaster] RBL blocks my roaming users [EMAIL PROTECTED] wrote: Not at all, but you must know that with the qmail-smtpd distributed with the toaster is not possible to accept _ONLY_ authenticated (and TLS as an option) When RELAYCLIENT is not set everyone must authenticate, no? Otherwise I think it'd be an open relay. If you configure a smtpd server on 587 with current qmail-smtd and disabling RBL you let spammers pass over your RBL checks! RBL checks yes, but not authentication, providing you don't set the RELAYCLIENT variable. Someone has a working conf of submission for ONLY relay users ??? Not me. I'm purely hypothetical! :) (not really) I was working on patching an alternative qmail-smtpd but with not too much luck and no too much time now :-( I've not much time either, but qmailtoaster-plus is nearly ready for release. ;) -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted
Re: [qmailtoaster] RBL blocks my roaming users
Nice work guys! I really look forward to this patch being included in the RPMs. I had this problem with two clients today in fact. I had to disable the list.dsbl.org in order for them to send mail from their comcast network. Thanks! Q On Wed, 8 Nov 2006 14:39:57 -0800, Erik Espinoza wrote: I'll have this patched and on the site later this week. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] RBL blocks my roaming users
what is srs? Erik Espinoza wrote: SRS is the only biggy that we need. Unfortunately there are no SRS patches for Qmail, the support would have to be ported over from H-Sphere. Erik On 11/8/06, Jean-Paul van de Plasse [EMAIL PROTECTED] wrote: Btw, if there are any other outstanding patches or things I am happy to pick them up. Maybe it would be nice/productive if there was a todo/task/assignment list thing online. Jean-Paul - Original Message - From: Erik Espinoza [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, November 08, 2006 11:39 PM Subject: Re: [qmailtoaster] RBL blocks my roaming users I'll have this patched and on the site later this week. Erik On 11/8/06, Jean-Paul van de Plasse [EMAIL PROTECTED] wrote: Sure, I kinda expected someone who can change the rpm's would pick it up as it really is a small thing. Anyways, the only file you need to patch is qmail-smtpd.c I attached a new patch, since the previous one failed on a silly newline. Making this work requires the following steps: Save the patch in say /tmp rpm -Uvh qmail-toaster*.src.rpm cd /usr/src/redhat/SPECS (assuming you are using CentOS 4) edit qmail-toaster.spec find 'sleep 5' (should be line 606) change 5 to 300 (5 seconds to 300 seconds) rpmbuild -bb --with cnt40 qmail-toaster.spec When the build process pauses, make your changes. You have 5 minutes. cd /usr/src/redhat/BUILD/qmail- 1.03/ patch /tmp/qmail-require_auth.patch Wait for the 300 seconds to expire and watch it build. cd ../RPMS/i386/ qmailctl stop rpm -Uvh --replacefiles --replacepkgs qmail-*.rpm qmailctl start Now to enable this on a specific port you have to cd /var/qmail/supervise cp -rfa smtp smtp-submission cd smtp-submission edit run and add at least the line export REQUIRE_AUTH=1 And change remove the rblcheck and change the port so the exec line becomes like this : exec /usr/bin/softlimit -m 1200 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 587 \ $SMTPD $VCHKPW /bin/true 21 Now cd log and edit run so this smtpd goes to its own log dir ie: exec /usr/bin/setuidgid qmaill /usr/bin/multilog t s$LOGSIZE n$LOGCOUNT /var/log/qmail/smtp-submission 21 qmailctl stop qmailctl start That should be it, if I missed something or am explaining it differently then it should be please feel free to addon or adjust. Regards, Jean-Paul - Original Message - From: [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, November 08, 2006 11:07 PM Subject: Re: [qmailtoaster] RBL blocks my roaming users Great news! Could you contribute a lil' howto in the wiki or to the list. (saying something like patched against, this this and this file and not this :-P) This would be great! ;-) I made a small patch to have the REQUIRE_AUTH functionality. If wanted I can add the REQUIRE_TLS part also.. (I used parts of http://qmail.jms1.net/patches/combined-6c5.shtml btw ) To enable it just add export REQUIRE_AUTH=1 to the run script for your submission smtpd Jean-Paul - Original Message - From: Eric Shubes [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, November 08, 2006 9:38 PM Subject: Re: [qmailtoaster] RBL blocks my roaming users [EMAIL PROTECTED] wrote: Not at all, but you must know that with the qmail-smtpd distributed with the toaster is not possible to accept _ONLY_ authenticated (and TLS as an option) When RELAYCLIENT is not set everyone must authenticate, no? Otherwise I think it'd be an open relay. If you configure a smtpd server on 587 with current qmail-smtd and disabling RBL you let spammers pass over your RBL checks! RBL checks yes, but not authentication, providing you don't set the RELAYCLIENT variable. Someone has a working conf of submission for ONLY relay users ??? Not me. I'm purely hypothetical! :) (not really) I was working on patching an alternative qmail-smtpd but with not too much luck and no too much time now :-( I've not much time either, but qmailtoaster-plus is nearly ready for release. ;) -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED
Re: [qmailtoaster] RBL blocks my roaming users
http://www.openspf.org/srs.html From the site: SRS: Sender Rewriting Scheme SPF breaks email forwarding. This is how to fix it. More Info: http://www.openspf.org/srspng.html On 11/8/06, Guillermo Villasana [EMAIL PROTECTED] wrote: what is srs? Erik Espinoza wrote: SRS is the only biggy that we need. Unfortunately there are no SRS patches for Qmail, the support would have to be ported over from H-Sphere. Erik On 11/8/06, Jean-Paul van de Plasse [EMAIL PROTECTED] wrote: Btw, if there are any other outstanding patches or things I am happy to pick them up. Maybe it would be nice/productive if there was a todo/task/assignment list thing online. Jean-Paul - Original Message - From: Erik Espinoza [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, November 08, 2006 11:39 PM Subject: Re: [qmailtoaster] RBL blocks my roaming users I'll have this patched and on the site later this week. Erik On 11/8/06, Jean-Paul van de Plasse [EMAIL PROTECTED] wrote: Sure, I kinda expected someone who can change the rpm's would pick it up as it really is a small thing. Anyways, the only file you need to patch is qmail-smtpd.c I attached a new patch, since the previous one failed on a silly newline. Making this work requires the following steps: Save the patch in say /tmp rpm -Uvh qmail-toaster*.src.rpm cd /usr/src/redhat/SPECS (assuming you are using CentOS 4) edit qmail-toaster.spec find 'sleep 5' (should be line 606) change 5 to 300 (5 seconds to 300 seconds) rpmbuild -bb --with cnt40 qmail-toaster.spec When the build process pauses, make your changes. You have 5 minutes. cd /usr/src/redhat/BUILD/qmail- 1.03/ patch /tmp/qmail-require_auth.patch Wait for the 300 seconds to expire and watch it build. cd ../RPMS/i386/ qmailctl stop rpm -Uvh --replacefiles --replacepkgs qmail-*.rpm qmailctl start Now to enable this on a specific port you have to cd /var/qmail/supervise cp -rfa smtp smtp-submission cd smtp-submission edit run and add at least the line export REQUIRE_AUTH=1 And change remove the rblcheck and change the port so the exec line becomes like this : exec /usr/bin/softlimit -m 1200 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 587 \ $SMTPD $VCHKPW /bin/true 21 Now cd log and edit run so this smtpd goes to its own log dir ie: exec /usr/bin/setuidgid qmaill /usr/bin/multilog t s$LOGSIZE n$LOGCOUNT /var/log/qmail/smtp-submission 21 qmailctl stop qmailctl start That should be it, if I missed something or am explaining it differently then it should be please feel free to addon or adjust. Regards, Jean-Paul - Original Message - From: [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, November 08, 2006 11:07 PM Subject: Re: [qmailtoaster] RBL blocks my roaming users Great news! Could you contribute a lil' howto in the wiki or to the list. (saying something like patched against, this this and this file and not this :-P) This would be great! ;-) I made a small patch to have the REQUIRE_AUTH functionality. If wanted I can add the REQUIRE_TLS part also.. (I used parts of http://qmail.jms1.net/patches/combined-6c5.shtml btw ) To enable it just add export REQUIRE_AUTH=1 to the run script for your submission smtpd Jean-Paul - Original Message - From: Eric Shubes [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, November 08, 2006 9:38 PM Subject: Re: [qmailtoaster] RBL blocks my roaming users [EMAIL PROTECTED] wrote: Not at all, but you must know that with the qmail-smtpd distributed with the toaster is not possible to accept _ONLY_ authenticated (and TLS as an option) When RELAYCLIENT is not set everyone must authenticate, no? Otherwise I think it'd be an open relay. If you configure a smtpd server on 587 with current qmail-smtd and disabling RBL you let spammers pass over your RBL checks! RBL checks yes, but not authentication, providing you don't set the RELAYCLIENT variable. Someone has a working conf of submission for ONLY relay users ??? Not me. I'm purely hypothetical! :) (not really) I was working on patching an alternative qmail-smtpd but with not too much luck and no too much time now :-( I've not much time either, but qmailtoaster-plus is nearly ready for release. ;) -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional
Re: [qmailtoaster] RBL blocks my roaming users
Have to read and learn about this thing first then, but smaller items/requests are more then welcome ;) Jean-Paul - Original Message - From: Erik Espinoza [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, November 08, 2006 11:48 PM Subject: Re: [qmailtoaster] RBL blocks my roaming users SRS is the only biggy that we need. Unfortunately there are no SRS patches for Qmail, the support would have to be ported over from H-Sphere. Erik On 11/8/06, Jean-Paul van de Plasse [EMAIL PROTECTED] wrote: Btw, if there are any other outstanding patches or things I am happy to pick them up. Maybe it would be nice/productive if there was a todo/task/assignment list thing online. Jean-Paul - Original Message - From: Erik Espinoza [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, November 08, 2006 11:39 PM Subject: Re: [qmailtoaster] RBL blocks my roaming users I'll have this patched and on the site later this week. Erik On 11/8/06, Jean-Paul van de Plasse [EMAIL PROTECTED] wrote: Sure, I kinda expected someone who can change the rpm's would pick it up as it really is a small thing. Anyways, the only file you need to patch is qmail-smtpd.c I attached a new patch, since the previous one failed on a silly newline. Making this work requires the following steps: Save the patch in say /tmp rpm -Uvh qmail-toaster*.src.rpm cd /usr/src/redhat/SPECS (assuming you are using CentOS 4) edit qmail-toaster.spec find 'sleep 5' (should be line 606) change 5 to 300 (5 seconds to 300 seconds) rpmbuild -bb --with cnt40 qmail-toaster.spec When the build process pauses, make your changes. You have 5 minutes. cd /usr/src/redhat/BUILD/qmail- 1.03/ patch /tmp/qmail-require_auth.patch Wait for the 300 seconds to expire and watch it build. cd ../RPMS/i386/ qmailctl stop rpm -Uvh --replacefiles --replacepkgs qmail-*.rpm qmailctl start Now to enable this on a specific port you have to cd /var/qmail/supervise cp -rfa smtp smtp-submission cd smtp-submission edit run and add at least the line export REQUIRE_AUTH=1 And change remove the rblcheck and change the port so the exec line becomes like this : exec /usr/bin/softlimit -m 1200 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 587 \ $SMTPD $VCHKPW /bin/true 21 Now cd log and edit run so this smtpd goes to its own log dir ie: exec /usr/bin/setuidgid qmaill /usr/bin/multilog t s$LOGSIZE n$LOGCOUNT /var/log/qmail/smtp-submission 21 qmailctl stop qmailctl start That should be it, if I missed something or am explaining it differently then it should be please feel free to addon or adjust. Regards, Jean-Paul - Original Message - From: [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, November 08, 2006 11:07 PM Subject: Re: [qmailtoaster] RBL blocks my roaming users Great news! Could you contribute a lil' howto in the wiki or to the list. (saying something like patched against, this this and this file and not this :-P) This would be great! ;-) I made a small patch to have the REQUIRE_AUTH functionality. If wanted I can add the REQUIRE_TLS part also.. (I used parts of http://qmail.jms1.net/patches/combined-6c5.shtml btw ) To enable it just add export REQUIRE_AUTH=1 to the run script for your submission smtpd Jean-Paul - Original Message - From: Eric Shubes [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, November 08, 2006 9:38 PM Subject: Re: [qmailtoaster] RBL blocks my roaming users [EMAIL PROTECTED] wrote: Not at all, but you must know that with the qmail-smtpd distributed with the toaster is not possible to accept _ONLY_ authenticated (and TLS as an option) When RELAYCLIENT is not set everyone must authenticate, no? Otherwise I think it'd be an open relay. If you configure a smtpd server on 587 with current qmail-smtd and disabling RBL you let spammers pass over your RBL checks! RBL checks yes, but not authentication, providing you don't set the RELAYCLIENT variable. Someone has a working conf of submission for ONLY relay users ??? Not me. I'm purely hypothetical! :) (not really) I was working on patching an alternative qmail-smtpd but with not too much luck and no too much time now :-( I've not much time either, but qmailtoaster-plus is nearly ready for release. ;) -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED
Re: [qmailtoaster] RBL blocks my roaming users
Thank you all. I always want to create a second SMTP port for users to submit email, so that they won't be blocked byISP. So far I can only achieve this by using my firewall's VIP mapping. It will be great if qmailtoaster comes with this setting by default. Anyway, I will try Jean-Paul's method as soon as possible. Thanks again. Best regards, Bill On 11/9/06, Jean-Paul van de Plasse [EMAIL PROTECTED] wrote: Have to read and learn about this thing first then,but smaller items/requests are more then welcome ;) Jean-Paul- Original Message -From: Erik Espinoza [EMAIL PROTECTED]To: qmailtoaster-list@qmailtoaster.comSent: Wednesday, November 08, 2006 11:48 PMSubject: Re: [qmailtoaster] RBL blocks my roaming users SRS is the only biggy that we need. Unfortunately there are no SRS patches for Qmail, the support would have to be ported over from H-Sphere. Erik On 11/8/06, Jean-Paul van de Plasse [EMAIL PROTECTED] wrote: Btw, if there are any other outstanding patches or things I am happy to pick them up. Maybe it would be nice/productive if there was a todo/task/assignment list thing online. Jean-Paul - Original Message - From: Erik Espinoza [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, November 08, 2006 11:39 PM Subject: Re: [qmailtoaster] RBL blocks my roaming users I'll have this patched and on the site later this week. Erik On 11/8/06, Jean-Paul van de Plasse [EMAIL PROTECTED] wrote: Sure, I kinda expected someone who can change the rpm's would pick it up as it really is a small thing. Anyways, the only file you need to patch is qmail-smtpd.c I attached a new patch, since the previous one failed on a silly newline. Making this work requires the following steps: Save the patch in say /tmp rpm -Uvh qmail-toaster*.src.rpm cd /usr/src/redhat/SPECS (assuming you are using CentOS 4) edit qmail-toaster.spec find 'sleep 5'(should be line 606) change5 to 300 (5 seconds to 300 seconds) rpmbuild -bb --with cnt40 qmail-toaster.spec When the build process pauses, make your changes. You have 5 minutes. cd /usr/src/redhat/BUILD/qmail- 1.03/ patch /tmp/qmail-require_auth.patch Wait for the 300 seconds to expire and watch it build. cd ../RPMS/i386/ qmailctl stop rpm -Uvh --replacefiles --replacepkgs qmail-*.rpm qmailctl start Now to enable this on a specific port you have to cd /var/qmail/supervise cp -rfa smtp smtp-submission cd smtp-submission edit run and add at least the line export REQUIRE_AUTH=1 And change remove the rblcheck and change the port so the exec line becomes like this : exec /usr/bin/softlimit -m 1200 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 587 \ $SMTPD $VCHKPW /bin/true 21 Now cd log and edit run so this smtpd goes to its own log dir ie: exec /usr/bin/setuidgid qmaill /usr/bin/multilog t s$LOGSIZE n$LOGCOUNT /var/log/qmail/smtp-submission 21 qmailctl stop qmailctl startThat should be it, if I missed something or am explaining it differently then it should be please feel free to addon or adjust. Regards, Jean-Paul - Original Message - From: [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, November 08, 2006 11:07 PM Subject: Re: [qmailtoaster] RBL blocks my roaming users Great news! Could you contribute a lil' howto in the wiki or to the list. (saying something likepatched against, this this and this file and not this :-P) This would be great! ;-) I made a small patch to have the REQUIRE_AUTH functionality. If wanted I can add the REQUIRE_TLS part also.. (I used parts of http://qmail.jms1.net/patches/combined-6c5.shtml btw ) To enable it just add export REQUIRE_AUTH=1 to the run script for your submission smtpd Jean-Paul - Original Message - From: Eric Shubes [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, November 08, 2006 9:38 PM Subject: Re: [qmailtoaster] RBL blocks my roaming users [EMAIL PROTECTED] wrote: Not at all, but you must know that with the qmail-smtpd distributed with the toaster is not possible to accept _ONLY_ authenticated (and TLS as an option) When RELAYCLIENT is not set everyone must authenticate, no? Otherwise I think it'd be an open relay. If you configure a smtpd server on 587 with current qmail-smtd and disabling RBL you let spammers pass over your RBL checks! RBL checks yes, but not authentication, providing you don't set the RELAYCLIENT variable. Someone has a working conf of submission for ONLY relay users ??? Not me. I'm purely hypothetical! :) (not really) I was working on patching an alternative qmail-smtpd but with not too much luck and no too much time now :-( I've not much time either, but qmailtoaster-plus is nearly ready for release. ;) -- -Eric 'shubes