[toaster] rblsmtpd and toaster
How could I force rbls checks on netqmail-1.05+toaster-0.6 ? mailto:[EMAIL PROTECTED]
Re[2]: [toaster] rblsmtpd and toaster
Hello David, Tuesday, May 25, 2004, 2:11:44 PM, you wrote: D On Tue, 2004-05-25 at 11:52, Andrew Averin wrote: How could I force rbls checks on netqmail-1.05+toaster-0.6 ? mailto:[EMAIL PROTECTED] D Add rblsmtpd to the qmail-smtpd supervise script, like this: D /usr/local/bin/rblsmtpd -b -r sbl.spamhaus.org -r relays.ordb.org \ D That has to be inserted before the qmail-smtpd call. D So aresult could look like this: D exec /usr/local/bin/softlimit -m 1600 \ D envdir /etc/relay-ctrl \ D /usr/bin/relay-ctrl-chdir \ D /usr/local/bin/tcpserver -v -H -R -l 0 \ D -x /etc/tcp.smtp.cdb -c $MAXSMTPD \ D -u $QMAILDUID -g $NOFILESGID 0 smtp \ D/usr/local/bin/rblsmtpd -b -r sbl.spamhaus.org -r relays.ordb.org \ D /usr/bin/relay-ctrl-check /var/qmail/bin/qmail-smtpd \ D /Appz2/VPopMail/bin/vchkpw /bin/true 21 Thank you very much David And one more question? How could I force multilog to be more verbose. In other words I want to see any rbl checks in logs. I have an old qmail installation where I see more information (I believe through splogger). -- Best regards, Andrewmailto:[EMAIL PROTECTED]
Re: Re[2]: [toaster] rblsmtpd and toaster
On Tue, 2004-05-25 at 12:39, Andrew Averin wrote: Hello David, Tuesday, May 25, 2004, 2:11:44 PM, you wrote: D On Tue, 2004-05-25 at 11:52, Andrew Averin wrote: How could I force rbls checks on netqmail-1.05+toaster-0.6 ? mailto:[EMAIL PROTECTED] D Add rblsmtpd to the qmail-smtpd supervise script, like this: D /usr/local/bin/rblsmtpd -b -r sbl.spamhaus.org -r relays.ordb.org \ D That has to be inserted before the qmail-smtpd call. D So aresult could look like this: D exec /usr/local/bin/softlimit -m 1600 \ D envdir /etc/relay-ctrl \ D /usr/bin/relay-ctrl-chdir \ D /usr/local/bin/tcpserver -v -H -R -l 0 \ D -x /etc/tcp.smtp.cdb -c $MAXSMTPD \ D -u $QMAILDUID -g $NOFILESGID 0 smtp \ D/usr/local/bin/rblsmtpd -b -r sbl.spamhaus.org -r relays.ordb.org \ D /usr/bin/relay-ctrl-check /var/qmail/bin/qmail-smtpd \ D /Appz2/VPopMail/bin/vchkpw /bin/true 21 Thank you very much David And one more question? How could I force multilog to be more verbose. In other words I want to see any rbl checks in logs. I have an old qmail installation where I see more information (I believe through splogger). You can use recordio, it logs the whole smtp conversation, including those rbl rejects. Just like this (right before rblsmtpd and qmail-smtpd): /usr/bin/recordio /usr/local/bin/rblsmtpd -b -r sbl.spamhaus.org -r relays.ordb.org But recordio is known to conflict with TLS patch...I don't know if anyone got it working (I miss all the info recordio provides).
Re: [toaster] Reject message instead of bouncing it.
[EMAIL PROTECTED] wrote: No. This would require qmail-smtpd to do a quota check before accepting a message. No patch like this exists to my knowledge. Regards, Bill Shupp I hope someone would write a patch to enable it. With it, I think we can save a lot of bandwidth. I've been thinking about how to do this, but it had just not been a high priority for me. However, if someone wanted to sponsor such a patch, it could become a high priority. Otherwise, it will likely be up to someone else to do it. Regards, Bill
[toaster] toaster tls problem
Hello
I noticed this error on a previous email and no solution to it:
Escape character is '^]'.
220 debian ESMTP
helo aiurea
250 debian
starttls
220 ready for tls
helo aiurea
454 TLS connection failed: error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol (#4.3.0)
The cert was done running make-cert and it's vpopmail:root.
The strace says something like:
[pid 631] read(0, starttls\r\n, 1024) = 10
[pid 631] brk(0) = 0x80669d0
[pid 631] brk(0x8066a48) = 0x8066a48
[pid 631] brk(0x8067000) = 0x8067000
[pid 631] brk(0x8068000) = 0x8068000
[pid 631] open(control/servercert.pem, O_RDONLY) = 3
[pid 631] fstat64(3, {st_mode=S_IFREG|0640, st_size=2067, ...}) = 0
[pid 631] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|
MAP_ANONYMOUS, -1, 0) = 0x40014000
[pid 631] read(3, -BEGIN RSA PRIVATE KEY-\n..., 4096) = 2067
[pid 631] brk(0x8069000) = 0x8069000
[pid 631] getpid()= 631
[pid 631] read(3, , 4096) = 0
[pid 631] getpid()= 631
[pid 631] getpid()= 631
[pid 631] getpid()= 631
[pid 631] getpid()= 631
[pid 631] getpid()= 631
[pid 631] close(3)= 0
[pid 631] munmap(0x40014000, 4096)= 0
[pid 631] open(control/clientca.pem, O_RDONLY) = -1 ENOENT (No such file
or directory)
[pid 631] getpid()= 631
[pid 631] getpid()= 631
[pid 631] getpid()= 631
[pid 631] getpid()= 631
[pid 631] open(control/servercert.pem, O_RDONLY) = 3
[pid 631] fstat64(3, {st_mode=S_IFREG|0640, st_size=2067, ...}) = 0
[pid 631] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|
MAP_ANONYMOUS, -1, 0) = 0x40014000
[pid 631] read(3, -BEGIN RSA PRIVATE KEY-\n..., 4096) = 2067
[pid 631] brk(0x806a000) = 0x806a000
[pid 631] getpid()= 631
[pid 631] close(3)= 0
[pid 631] munmap(0x40014000, 4096)= 0
[pid 631] open(control/tlsserverciphers, O_RDONLY|O_NONBLOCK) = -1 ENOENT
(No such file or directory)
[pid 631] select(2, NULL, [1], NULL, {1200, 0}) = 1 (out [1], left {1200,
0})
[pid 631] write(1, 220 ready for tls\r\n, 19) = 19
[pid 631] fcntl64(0, F_SETFL, O_RDWR|O_NONBLOCK) = 0
[pid 631] fcntl64(1, F_GETFL) = 0x802 (flags O_RDWR|O_NONBLOCK)
[pid 631] fcntl64(1, F_SETFL, O_RDWR|O_NONBLOCK) = 0
[pid 631] time(NULL) = 1085512387
[pid 631] time(NULL) = 1085512387
[pid 631] getpid()= 631
[pid 631] brk(0x807) = 0x807
[pid 631] brk(0x8075000) = 0x8075000
[pid 631] brk(0x807a000) = 0x807a000
[pid 631] read(0, 0x806efa0, 11) = -1 EAGAIN (Resource temporarily
unavailable)
[pid 631] time(NULL) = 1085512387
[pid 631] getpid()= 631
[pid 631] select(1, [0], NULL, NULL, {1200, 0}) = 1 (in [0], left {1198,
76})
[pid 631] time(NULL) = 1085512388
[pid 631] getpid()= 631
[pid 631] read(0, helo aiurea, 11) = 11
[pid 631] getpid()= 631
[pid 631] time(NULL) = 1085512388
[pid 631] getpid()= 631
[pid 631] fcntl64(0, F_GETFL) = 0x802 (flags O_RDWR|O_NONBLOCK)
[pid 631] fcntl64(0, F_SETFL, O_RDWR) = 0
[pid 631] fcntl64(1, F_GETFL) = 0x2 (flags O_RDWR)
[pid 631] fcntl64(1, F_SETFL, O_RDWR) = 0
[pid 631] getpid()= 631
[pid 631] brk(0x807b000) = 0x807b000
[pid 631] brk(0x807c000) = 0x807c000
[pid 631] brk(0x807e000) = 0x807e000
[pid 631] select(2, NULL, [1], NULL, {1200, 0}) = 1 (out [1], left {1200,
0})
[pid 631] write(1, 454 TLS connection failed: error..., 105) = 105
Radu Spineanu
Re: [toaster] toaster tls problem
Radu Spineanu wrote: Hello I noticed this error on a previous email and no solution to it: Escape character is '^]'. 220 debian ESMTP helo aiurea 250 debian starttls 220 ready for tls helo aiurea 454 TLS connection failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol (#4.3.0) The cert was done running make-cert and it's vpopmail:root. What is the problem? After starttls you must *start* ssl handshake, not plain text. -- Eero
Re: [toaster] toaster tls problem
Right, i did a proper strace I now get the following error : 454 TLS connection failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher (#4.3.0) Radu On Tuesday 25 May 2004 23:41, Eero Volotinen wrote: Radu Spineanu wrote: Hello I noticed this error on a previous email and no solution to it: Escape character is '^]'. 220 debian ESMTP helo aiurea 250 debian starttls 220 ready for tls helo aiurea 454 TLS connection failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol (#4.3.0) The cert was done running make-cert and it's vpopmail:root. What is the problem? After starttls you must *start* ssl handshake, not plain text. -- Eero
Re: [toaster] Reject message instead of bouncing it.
[EMAIL PROTECTED] wrote: I've been thinking about how to do this, but it had just not been a high priority for me. However, if someone wanted to sponsor such a patch, it could become a high priority. Otherwise, it will likely be up to someone else to do it. Regards, Bill I am curious how to sponsor the patch. Regards, Qing
