Re: [vchkpw] just noticed something with chkuser ....
On Thu, 25 Nov 2004, tonix (Antonio Nati) wrote: I'll follow this suggestion: keeping all non RFC options commented (exclude format control, exclude MX control, accept NULL sender, etc.), and improving documentation. Here's another feature request for you... I assume some ISPs here use vpopmail and also need to do backup mx for customers who run their own mailservers. Without the chkuser patch, simply adding those customer domains to morercpthosts would allow us to relay for them. With chkuser, anything out of vpopmail's control is going to be rejected. How about a config file somewhere (not sure what's most appropriate) where one could add additional domains that we wish to relay for? thanks, Charles Thanks, Tonino -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED]
Re: [vchkpw] just noticed something with chkuser ....
Charles Sprickman wrote: On Thu, 25 Nov 2004, tonix (Antonio Nati) wrote: I'll follow this suggestion: keeping all non RFC options commented (exclude format control, exclude MX control, accept NULL sender, etc.), and improving documentation. Here's another feature request for you... I assume some ISPs here use vpopmail and also need to do backup mx for customers who run their own mailservers. Without the chkuser patch, simply adding those customer domains to morercpthosts would allow us to relay for them. With chkuser, anything out of vpopmail's control is going to be rejected. How about a config file somewhere (not sure what's most appropriate) where one could add additional domains that we wish to relay for? Eh ? No it doesn't. Only domains listed in virtualhosts get checked for valid email address's. You can list your secondary MX's in (more)rcpthosts and smtproutes and they don't get blocked by chkuser. At least they don't here and we are secondary MX for about 80 domains. Regards, Rick
Re: [vchkpw] just noticed something with chkuser ....
On Fri, 26 Nov 2004, Rick Macdougall wrote: I assume some ISPs here use vpopmail and also need to do backup mx for customers who run their own mailservers. Without the chkuser patch, simply adding those customer domains to morercpthosts would allow us to relay for them. With chkuser, anything out of vpopmail's control is going to be rejected. How about a config file somewhere (not sure what's most appropriate) where one could add additional domains that we wish to relay for? Eh ? No it doesn't. Only domains listed in virtualhosts get checked for valid email address's. You can list your secondary MX's in (more)rcpthosts and smtproutes and they don't get blocked by chkuser. At least they don't here and we are secondary MX for about 80 domains. Huh. How about that? I don't think it uses virtualdomains though, as I (on purpose) don't have that file on the machine backing up my main vpopmail mxer. Thanks, Charles Regards, Rick
Re: [vchkpw] just noticed something with chkuser ....
At 18.34 24/11/2004, you wrote: On Wednesday 24 November 2004 04:17 am, tonix (Antonio Nati) wrote: CORRECTION TO THE PREVIOUS MESSAGE. CHKUSER_ENABLE_NULL_SENDER is in 2.0.7. This version may be considered stable, despite of its devel attribute. I tried to use it.. looks like I need to patch with 2.0.6 and then patch the 2.0.7 patch against it? No, if you have 2.0.5 means you're not using Toaster (version 2.0.6 contains only the Toaster patch). You have to copy newer chkuser.c, chkuser.h, chkuser_settings.h and patch your Makefile using Makefile.patch. On next days I'll publish a 2.0.8 release, and update online documentation. 2.0.8 that will probably be the definitive stable chkuser, with the most of RFC compliance. One general question, before I publish 2.0.8: Does it make sense to have format checking enabled as default? I think it's beyond the scope of the functionality of the chkuser patch, to be honest. Perhaps the code could be split up into chkuser, which does its purpose in validating local recipients, and another patch that attempts to perform some checks on the envelope sender. I'll follow this suggestion: keeping all non RFC options commented (exclude format control, exclude MX control, accept NULL sender, etc.), and improving documentation. Thanks, Tonino -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED]
Re: [vchkpw] just noticed something with chkuser ....
Jeremy, you should add also CHKUSER_ENABLE_NULL_SENDER. When CHKUSER_SENDER_FORMAT or CHKUSER_SENDER_MX are defined, CHKUSER_ENABLE_NULL_SENDER will exclude NULL SENDERS from those checkings. This is the new default in the last distributions, after CHKUSER_ENABLE_NULL_SENDER has been added: CHKUSER_SENDER_FORMAT enabled CHKUSER_SENDER_MX enabled CHKUSER_ENABLE_NULL_SENDER enabled Sorry, I realized too late that CHKUSER_ENABLE_NULL_SENDER_WITH_TCPREMOTEHOST feature, far from being a valid intruders rejection, has made too many troubles. I tried to fix the situation introducing CHKUSER_ENABLE_NULL_SENDER. Let me know of any better explanation in the documentation or FAQ. Regards, Tonino At 01.08 24/11/2004, you wrote: On Tuesday 23 November 2004 05:30 pm, Jeremy Kitchen wrote: On Tuesday 23 November 2004 04:53 pm, Rick Macdougall wrote: Jeremy Kitchen wrote: mail from: 571 sorry, sender address has invalid format (#5.7.1 - chkuser) HUH? this is fixed in a newer version I hope? Hi, Is CHKUSER_ENABLE_NULL_SENDER_WITH_TCPREMOTEHOST defined in your config ? From the manual CHKUSER_ENABLE_NULL_SENDER_WITH_TCPREMOTEHOST 2.0.5 defined Enables accepting null sender from hosts which have a name associated to their IP oh, and we don't do reverse dns lookups.. that would explain it. This is on as default or something? Why is this even in chkuser? heh... hmm.. even commenting it out it appears that I am not able to receive bounce messages. This is very bad. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED]
Re: [vchkpw] just noticed something with chkuser ....
CORRECTION TO THE PREVIOUS MESSAGE. CHKUSER_ENABLE_NULL_SENDER is in 2.0.7. This version may be considered stable, despite of its devel attribute. On next days I'll publish a 2.0.8 release, and update online documentation. 2.0.8 that will probably be the definitive stable chkuser, with the most of RFC compliance. One general question, before I publish 2.0.8: Does it make sense to have format checking enabled as default? My standard checking excludes a lot of unusual characters (like ), that could instead be accepted, as RFC has a wider set enabled. My system logs show no rejection of honest addresses, while all rejected senders are wrong/illegal names. Which are your opinions on format checking? Regards, Tonino At 10.22 24/11/2004, you wrote: Jeremy, you should add also CHKUSER_ENABLE_NULL_SENDER. When CHKUSER_SENDER_FORMAT or CHKUSER_SENDER_MX are defined, CHKUSER_ENABLE_NULL_SENDER will exclude NULL SENDERS from those checkings. This is the new default in the last distributions, after CHKUSER_ENABLE_NULL_SENDER has been added: CHKUSER_SENDER_FORMAT enabled CHKUSER_SENDER_MX enabled CHKUSER_ENABLE_NULL_SENDER enabled Sorry, I realized too late that CHKUSER_ENABLE_NULL_SENDER_WITH_TCPREMOTEHOST feature, far from being a valid intruders rejection, has made too many troubles. I tried to fix the situation introducing CHKUSER_ENABLE_NULL_SENDER. Let me know of any better explanation in the documentation or FAQ. Regards, Tonino At 01.08 24/11/2004, you wrote: On Tuesday 23 November 2004 05:30 pm, Jeremy Kitchen wrote: On Tuesday 23 November 2004 04:53 pm, Rick Macdougall wrote: Jeremy Kitchen wrote: mail from: 571 sorry, sender address has invalid format (#5.7.1 - chkuser) HUH? this is fixed in a newer version I hope? Hi, Is CHKUSER_ENABLE_NULL_SENDER_WITH_TCPREMOTEHOST defined in your config ? From the manual CHKUSER_ENABLE_NULL_SENDER_WITH_TCPREMOTEHOST 2.0.5 defined Enables accepting null sender from hosts which have a name associated to their IP oh, and we don't do reverse dns lookups.. that would explain it. This is on as default or something? Why is this even in chkuser? heh... hmm.. even commenting it out it appears that I am not able to receive bounce messages. This is very bad. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED]
Re: [vchkpw] just noticed something with chkuser ....
On Wednesday 24 November 2004 04:17 am, tonix (Antonio Nati) wrote: CORRECTION TO THE PREVIOUS MESSAGE. CHKUSER_ENABLE_NULL_SENDER is in 2.0.7. This version may be considered stable, despite of its devel attribute. I tried to use it.. looks like I need to patch with 2.0.6 and then patch the 2.0.7 patch against it? On next days I'll publish a 2.0.8 release, and update online documentation. 2.0.8 that will probably be the definitive stable chkuser, with the most of RFC compliance. One general question, before I publish 2.0.8: Does it make sense to have format checking enabled as default? I think it's beyond the scope of the functionality of the chkuser patch, to be honest. Perhaps the code could be split up into chkuser, which does its purpose in validating local recipients, and another patch that attempts to perform some checks on the envelope sender. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED] pgpW19YYJRZvI.pgp Description: PGP signature
RE: [vchkpw] just noticed something with chkuser ....
Jeremy Kitchen wrote: One general question, before I publish 2.0.8: Does it make sense to have format checking enabled as default? I think it's beyond the scope of the functionality of the chkuser patch, to be honest. Perhaps the code could be split up into chkuser, which does its purpose in validating local recipients, and another patch that attempts to perform some checks on the envelope sender. -Jeremy I would tend to agree. Leave the power tools off by default and document them well. Thank you for your work. -jw-
Re: [vchkpw] just noticed something with chkuser ....
Perhaps the code could be split up into chkuser, which does its purpose in validating local recipients, and another patch that attempts to perform some checks on the envelope sender. I agree with that. chkuser is great, but in some particular cases the only desirable feature is to validating local recipients. Thanks Tonix for the good work. Regards, -- Walter.
[vchkpw] just noticed something with chkuser ....
mail from: 571 sorry, sender address has invalid format (#5.7.1 - chkuser) HUH? this is fixed in a newer version I hope? -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED] pgpujR638cnqe.pgp Description: PGP signature
Re: [vchkpw] just noticed something with chkuser ....
On Tuesday 23 November 2004 04:53 pm, Rick Macdougall wrote: Jeremy Kitchen wrote: mail from: 571 sorry, sender address has invalid format (#5.7.1 - chkuser) HUH? this is fixed in a newer version I hope? Hi, Is CHKUSER_ENABLE_NULL_SENDER_WITH_TCPREMOTEHOST defined in your config ? From the manual CHKUSER_ENABLE_NULL_SENDER_WITH_TCPREMOTEHOST 2.0.5 defined Enables accepting null sender from hosts which have a name associated to their IP oh, and we don't do reverse dns lookups.. that would explain it. This is on as default or something? Why is this even in chkuser? heh... -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED] pgpADSsJnFCXH.pgp Description: PGP signature
Re: [vchkpw] just noticed something with chkuser ....
Jeremy Kitchen wrote: mail from: 571 sorry, sender address has invalid format (#5.7.1 - chkuser) HUH? this is fixed in a newer version I hope? Hi, Is CHKUSER_ENABLE_NULL_SENDER_WITH_TCPREMOTEHOST defined in your config ? From the manual CHKUSER_ENABLE_NULL_SENDER_WITH_TCPREMOTEHOST 2.0.5 defined Enables accepting null sender from hosts which have a name associated to their IP Regards, Rick
Re: [vchkpw] just noticed something with chkuser ....
Jeremy Kitchen wrote: On Tuesday 23 November 2004 04:53 pm, Rick Macdougall wrote: CHKUSER_ENABLE_NULL_SENDER_WITH_TCPREMOTEHOST 2.0.5 defined Enables accepting null sender from hosts which have a name associated to their IP oh, and we don't do reverse dns lookups.. that would explain it. This is on as default or something? Why is this even in chkuser? heh... It's on by default as far as I can tell from his web page. As to why it's in chkusr, I have no idea :) Just trying to be helpful. Regards, Rick
Re: [vchkpw] just noticed something with chkuser ....
I had the same problem I had to make sure that the patch was applied correctly otherwise it will not accept your bounce messages. Remo - Original Message - From: Jeremy Kitchen [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 23, 2004 5:08 PM Subject: Re: [vchkpw] just noticed something with chkuser