Re: [toaster] Why - Received: from unknown
I also use dnscache / tinydns and do not have problems with the -h switch. Everything still runs smoothly. Martin PS: This is another thing we should probably be adding to the toaster set-up instructions, at least as a note. What do you think, Bill? Martin Am 30.12.2008 um 19:21 schrieb Shane Chrisp: Jeff Koch wrote: A good pick up by Tren, I didn't think about tcpserver initially. As far as I know, the only reason you will experience any sort of delay is if the dns that the accepting server is not functioning properly. I have taken to running a copy of dnscache on each of the front end servers for qmail to use only as it is very lightweight and extremely fast and simple to setup. That being said, before moving to this setup I did have a problem on a server which was having lots of trouble due to lookups failing and it was giving 4xx temporary errors due to load and timing out connections. Since moving to the above setup I have not seen a repeat of these problems. Others may have different experiences that I would be interested in hearing about as well. Shane #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` exec /usr/local/bin/softlimit -m 800 \ /usr/local/bin/tcpserver -v -H -R -l 0 \ -x /home/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp rblsmtpd \ -r x \ -r x \ /var/qmail/bin/qmail-smtpd \ /home/vpopmail/bin/vchkpw /bin/true 21 Thanks for the clue. I see we're using the 'H' option which prevents reverse DNS lookups. This configuration setup (with the exception of our rblsmtpd entries) is a stock Shupp Toaster - so I guess the question is why the stock toaster is configured not to do reverse DNS lookups when doing so triggers the spamassassin 'RDNS_NONE' flag. Any comments? Would rDNS lookups totally slow down a production server? At 02:09 AM 12/30/2008, you wrote: What switches are you using to call tcpserver with for your qmail- smtpd process? t - Original Message - From: Jeff Koch jeffk...@intersessions.com To: toaster@shupp.org toaster@shupp.org Sent: Mon Dec 29 23:05:30 2008 Subject: Re: [toaster] Why - Received: from unknown The receiving mailserver can do reverse DNS perfectly - just doesn't seem to want to do it during qmail smtp connections. I checked the /etc/nsswitch.conf file and changed it from: hosts: files mdns4_minimal [NOTFOUND=return] dns to: hosts: dns files That didn't seem to help either. Do you think a reboot or a service restart is necessary after making this change? At 11:49 PM 12/29/2008, you wrote: Jeff Koch wrote: Hi: Does anyone happen to know why all emails received by qmail are reported as 'Received: from unknown' even though the sending mailserver clearly identifies itself and has reverve DNS setup? Here's a good example from an email I just recieved: Received: from unknown (HELO lists.sourceforge.net) (216.34.181.88) That suggests the reverse dns lookups are failing on that server. Have you tried some lookups manually to see if they are working? I had an issue similar to this just recently with a new server and it took a while to realise that I had made a mistake in the nssswitch.conf file and it was trying to resolve everything via ldap instead of via dns. Shane Best Regards, Jeff Koch, Intersessions Best Regards, Jeff Koch, Intersessions
Re: [toaster] Why - Received: from unknown
Hi there, I also think it is the tcpserver switch used. I had to set mine from - H (which will keep qmail-smtp from doing reverse lookup) to -h (which is the default and does allow for lookups). Mark that I also use a caching DNS server (tinydns), which is a good thing to have in this case as you might end up with an unresponsive system otherwise. Thanks, Martin Am 30.12.2008 um 02:09 schrieb Tren Blackburn: What switches are you using to call tcpserver with for your qmail- smtpd process? t - Original Message - From: Jeff Koch jeffk...@intersessions.com To: toaster@shupp.org toaster@shupp.org Sent: Mon Dec 29 23:05:30 2008 Subject: Re: [toaster] Why - Received: from unknown The receiving mailserver can do reverse DNS perfectly - just doesn't seem to want to do it during qmail smtp connections. I checked the /etc/nsswitch.conf file and changed it from: hosts: files mdns4_minimal [NOTFOUND=return] dns to: hosts: dns files That didn't seem to help either. Do you think a reboot or a service restart is necessary after making this change? At 11:49 PM 12/29/2008, you wrote: Jeff Koch wrote: Hi: Does anyone happen to know why all emails received by qmail are reported as 'Received: from unknown' even though the sending mailserver clearly identifies itself and has reverve DNS setup? Here's a good example from an email I just recieved: Received: from unknown (HELO lists.sourceforge.net) (216.34.181.88) That suggests the reverse dns lookups are failing on that server. Have you tried some lookups manually to see if they are working? I had an issue similar to this just recently with a new server and it took a while to realise that I had made a mistake in the nssswitch.conf file and it was trying to resolve everything via ldap instead of via dns. Shane Best Regards, Jeff Koch, Intersessions
Re: [toaster] Toaster update
Hi all, Am 17.10.2008 um 10:02 schrieb John Harmon: Bill, I am willing to help out with downloads if you would like. I can probably provide 100GB a month for the time being (I would cap it with the apache cband module). I appreciate you providing the toaster for free and wouldn't mind helping out. I have a 50Mb connection out of my house, so should be pretty fast. Let me know. John Bill Shupp wrote: Yeah, sorry I haven't responded sooner. Digg is taking over all my free time. There are few changes in trunk that never got released, including a new translation (you can view trunk at http://shupp.org/toaster- beta). There are also several things I'd like to do, which I haven't had time to: * Take advantage of the public domain license and distribute patched djb software * Move software downloads to google code or the like to offload the bandwidth, and also get download statistics * Keep things more up to date! Cheers, Bill Perhaps we can make a group effort on this list to collect the various experiences with updating (parts) of the toaster? For instance more recent ClamAV and SpamAssassin has always given me trouble. I got domainkeys to work with some hassle (and that is requested on the list time and again...) Just a thought. :-) Martin
Re: [toaster] domainkey trouble
Yes, and as per directions on, e.g. http://jeremy.kister.net/howto/dk.html , the two DNS entries are: _domainkey.waschbuesch.de and private._domainkey.waschbuesch.de if you query those TXT records, does the syntax seem alright? Martin -- However beautiful the strategy, you should occasionally look at the results. Winston Churchill Am 21.08.2008 um 00:58 schrieb Bob Hutchinson: On Wednesday 20 August 2008, Bob Hutchinson wrote: On Wednesday 20 August 2008, Martin Waschbuesch wrote: Hi everyone, I have the following trouble: I have prepared the toaster for domainkeys and set the DNS accordingly. (The DNS entries have been verified using http://domainkeys.sourceforge.net/policycheck.html and http://domainkeys.sourceforge.net/selectorcheck.html Since they tell me the information is valid, I assume the problem does come from the server side.) When I send mail now, they do get signed. At least, a header like the following is being added: DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=waschbuesch.de; b=A6ptw22RSLRbPUFVMF7JiCEAqADLgdv2Uze3zpbNpnrTaC28Ppj8lAb3eHf/ nink ; Now, all the sites that I used to test, claim that they cannot find the DNS name. Yahoo! and the ESPC (email provider service coalition) tests both claim: DomainKey-Status: no key: Caught error looking up key: DNS name not found # dnsqr any aschbuesch.de 255 aschbuesch.de: 83 bytes, 1+0+1+0 records, response, nxdomain query: 255 aschbuesch.de authority: de 7200 SOA f.nic.de ops.denic.de 2008082093 7200 7200 360 7200 I can't find it either ooops oh yes it does dnsqr any waschbuesch.de 255 waschbuesch.de: 285 bytes, 1+6+2+3 records, response, noerror query: 255 waschbuesch.de answer: waschbuesch.de 240 A 80.254.139.85 answer: waschbuesch.de 240 MX 10 rumo.waschbuesch.de answer: waschbuesch.de 240 16 \035v=spf1\040ip4:80.254.139.85\040-all answer: waschbuesch.de 240 SOA ns1.all-connect.net hostmaster.all- connect.net 2008082002 10800 1800 2419200 240 answer: waschbuesch.de 240 NS ns1.all-connect.net answer: waschbuesch.de 240 NS ns3.all-connect.net authority: waschbuesch.de 240 NS ns1.all-connect.net authority: waschbuesch.de 240 NS ns3.all-connect.net additional: rumo.waschbuesch.de 240 A 80.254.139.85 additional: ns1.all-connect.net 142890 A 80.254.130.4 additional: ns3.all-connect.net 142890 A 80.254.140.9 What is wrong? Does anyone have an idea? Any help, advice, etc. is highly appreciated! Thanks, Martin This message was sent using IMP, the Internet Messaging Program.
