Blocking Spam, badmailfrom not working
Hi everyone, I've been noticing a lot of spam coming in to users on my qmail server from popsite.net addresses. I guess they're just a big dialup provider that obviously lets their users relay whatever they want through their server. But anyway, the Helo, From, To, and Return-Path are all garbage. The only thing that is consistent across emails is the path it took to get to me, and it always starts with a popsite.net address. I tried to put @popsite.net in my badmailfrom but that didn't work. Is there any way to block all popsite.net connections? They always seem to come from different addresses and subnets. Thanks, Dave
Re: Blocking Spam, badmailfrom not working
On Sun, Jul 30, 2000 at 02:46:29AM -0400, Hubbard, David wrote: ! I tried to put @popsite.net in my badmailfrom but that didn't work. badmailfrom is useless. :-) People can arbitrarily set their envelope sender anyway. ! Is there any way to block all popsite.net connections? They always seem ! to come from different addresses and subnets. Look into rblsmtpd, included with the ucspi-tcp package. You can make it use the MAPS RBL (http://maps.vix.com/rbl/), and you can specify your own list of addresses (that's IP address, not envelope sender address) to block. http://cr.yp.to/ucspi-tcp.html ---Chris K. -- Chris, the Young One |_ If you can't afford a backup system, you can't Auckland, New Zealand |_ afford to have important data on your computer. http://cloud9.hedgee.com/ |_ ---Tracy R. Reed PGP: 0xCCC6114E/0x706A6AAD |_
Re: bug in qmail-autoresponder version 0.92 ?
'morning! On Sat, Jul 29, 2000 at 10:47:05PM -0600, Bruce Guenter wrote: On Sat, Jul 29, 2000 at 02:35:56PM +0200, Olivier M. wrote: Currently trying qmail-autoresponder (http://em.ca/~bruceg/qmail-autoresponder/) : Great! PS: the thing with "-s" is ok, but I like the "original" vacation feature with $SUBJECT in _BODY_ much better : do you plan to add it to qmail-autorespond ? Reluctantly, yes. Would something like "%S" work for you? That would greatly simplify the parsing logic. Then '%SUBJECT' ? (it should be understable by "normal users", via webinterface). Otherwise would '%S' also be ok, I can also do some parsing/search+replace in php if necessary. PPS: if there is a From: or a Reply-To: field, should the autoresponder respond to this address ? I think not. Responding to the envelope sender is pretty much the only safe thing to do, and it neatly avoids all the trouble one would get into to properly parse an address field. Right, these fields are not se easy to parse... Ok, I think it's already pretty nice this way! Now just have to find if and how it works with the current php-vmailmgr-interface. I still need the perl suidwrapper to be able to write the autoresponder file, but there is probably another way to do it... Will then release a new omail-admin version ( http://omail.omnis.ch/ ). Regards, Olivier -- _ Olivier Mueller - [EMAIL PROTECTED] - PGPkeyID: 0E84D2EA - Switzerland PGP signature
Re: Want to know your potential multiple recipient savings?
Bruce Guenter wrote: On Sat, Jul 29, 2000 at 02:17:19PM +, Greg Cope wrote: My question is thus - When does a host become well connected ? When the bandwidth required to send its mail is significantly smaller than the bandwidth available. That is, if you have to send 100,000 5K messages over a 1 hour period, you would need a T1, and you would fill it to over 75% capacity. In general, the concept of "well connected" is dependant on your mail volume. If you only have to send a few non-time-sensitive emails a day, your 9.6Kb modem is well connected. If you have to pay by the kilo/mega/giga-byte of traffic, you're probably not well connected. If opening up concurrencyremote connections and sending mail kills your link for other applications using the network, you're not well (enough) connected. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ Thanks I'm going to try and measure the real bandwidth our servers have to see whats going on. Greg Part 1.2Type: application/pgp-signature
Re: Want to know your potential multiple recipient savings?
[EMAIL PROTECTED] wrote: Well because of performance issue (Management wanted to send all the messages out in quite a short time - for reasons as yet unexplained!) we I'm sure there are lots of valid reasons, for example it might be a late-breaking news email that ages very rapidly. It might be a hot-stock pick which needs to get out before the market notices. No - it was never that urgent - they just wanted it sent yesterday ! were considereding bining the customised part. FWIW. I see the trend going in the opposite direction. Customization is where the industry is headed so it's likely only a matter of time before that requirement comes back. Well we are now looking at a totaly scalable solution - where we just add boxes to scale. Generating the emails is simplistic and quick - injecting into a queue and then processing the queue is the fun part ! Flavour of the month is nolonger emailing speed ! Thanks Greg
Still getting CNAME_lookup_failed_temporarily errors
Hi I'm still getting CNAME_lookup_failed_temporarily errors when I try to send posts to remote sites after trying for a week to figure out what is causing it. I've read all the posts I can find about this error, but no one explains what the error means exactly and how to fix it. I understand that this is not a qmail problem but rather a DNS error that should get fixed if you wait a while (hence the temporary suffix). Well, I'm the DNS admin for my site (and a novice at that) so I just can't wait and see if the error goes away. I can't see anything wrong with my DNS setup so I'm out of luck. I do assume the problem is by me, else no one on the Internet using qmail would be able to send email, right? :) What I would like to know is what exactly qmail is trying to do. Why is it doing a CNAME lookup in the first place? Why doesn't it just use the designated server in the MX records and be done with it? How does a DNS setup look like that works (the relevant parts)? By the way, I'm not trying to send to anyone at aol. I can't send to anyone at all that is offsite. Local posts are fine and I can receive posts. I'm using qmail 1.03 with the DNS patch that fixes large replies. You can send replies directly to me at [EMAIL PROTECTED] but I can't reply from there as that's the site I'm trying to fix. Hope you can help. Thanks, Jens Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
Re: bug in qmail-autoresponder version 0.92 ?
On Sun, Jul 30, 2000 at 11:16:35AM +0200, Olivier M. wrote: PS: the thing with "-s" is ok, but I like the "original" vacation feature with $SUBJECT in _BODY_ much better : do you plan to add it to qmail-autorespond ? Reluctantly, yes. Would something like "%S" work for you? That would greatly simplify the parsing logic. Then '%SUBJECT' ? Yes. With two characters, the scanning logic for if the tag crosses a page is fairly simple. With 8, it's nasty. I don't care if it's "%S", "$S", "**", or whatever. One character is trivial. Two is simple. Larger than two gets nasty. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature
Qmail with LDAP?
Qmail is working with LDAP though the patch at: http://www.nrg4u.com/ What I was looking for was "complete configuration" though LDAP. For example, all users, all virtual domains, all aliases, all relayes, etc be able taken from LDAP. For example, if I wanted to add a aliases, add it in though LDAP, restart qmail and that aliases takes effect. Non of the users have valid accounts (though /etc/passwd) on the system, everything is taken from ldap. Any ideas on this, a howto or document explaining this would be great. Thanks, Jack Humor or Insanity? http://www.geekweb.org
Re: Sort maildir and send smallest first
On Sun, Jul 30, 2000 at 09:42:53PM +0600, [EMAIL PROTECTED] wrote: On Thu, Jul 27, 2000 at 06:19:00PM +0200, Peter van Dijk wrote: I have considered a similar change, having 2 maildirsmtp's running, one for mails under 32kbyte, one for bigger mails. That would do too. Looking at how maildirsmtp works, this shouldn't be that hard. Thanks for your reply, What do you suggest ? a script to move the larger mail into a seperate IP and then login to that IP and get the bigger mail at night ? or have you something else in mind. When you run 'maildirsmtp', that in turn runs maildirserial which runs tcpclient which runs serialsmtp. Changing maildirsmtp's operation to, for example, handling bigger messages in a separate thread, would only require patching/replacing maildirserial to spawn two tcpclient+serialsmtp's instead of one. Filtering at delivery seems useless to me because that would mean you spread your mail over 2 Maildirs. Greetz, Peter. -- [EMAIL PROTECTED] - Peter van Dijk [student:developer:ircoper]
Re: qmail IMAP SSL
* qmail [EMAIL PROTECTED] writes: On Thu, Jul 27, 2000 at 07:50:09PM -0700, Jacob Scott wrote: I would be interested as well. I can help with IMAP SSL if you need it. I would be interested in a bit of help with IMAP and perhaps SSL also I set up courier IMAP under OpenBSD yesterday. It was a matter of minutes, really. You obviously have good reasons for installing SSL other wise you would have not done so. I would much appreciate to know how important SSL is. That depends on what you think about sending your love letters via postcard. In short: if you feel confident using telnet instead of ssh, you will not need TLS. I intend to install Courier IMAP with sqwebmail for a webmail server. I'm running this for my company. Excellent stuff. I would also like to know the ports that I am required to keep open in our firewall for IMAP to work grep imap /etc/services -- Robin S. Socha http://socha.net/
Re: Still getting CNAME_lookup_failed_temporarily errors
From: "asantos" [EMAIL PROTECTED]
snip
I'm using named 8.2.2 as my primary DNS running on the same machine as
the mail server.
I don't have the bind documents handy now, but in essence you
must tell named that it should answer to recursive queries.
named does recursive queries by default according to the docs.
As a quick fix, try the following on your /etc/resolv.conf (saving the
previous contents elsewhere):
search axon.is
nameserver 193.4.58.19
and restart qmail. If you can then send mail, then you don't have a
correct
local DNS setup.
No, this didn't solve it. Someone said that by putting nameserver
127.0.0.1
in resolv.conf fixed his CNAME problem but that didn't help either.
What you need is a full resolver, and your named is not setup for that. My
suggestion re 193.4.58.19 was assuming that they were your ISP and that
they
provided recursive DNS service... apparentely they don't.
Ok, just for testing, you can replace the address by 194.65.3.20. This is
an
ISPs DNS server here in Portugal, and they do accept recursive queries.
Sorry, no luck with that one. This strongly suggest some local configuration
problem, but I just can't put my finger on it.
Surely someone must be using named successfully with qmail?
Or is the resolver misconfigured?
My usual resolv.conf file is like this
search axon.is
namserver 194.144.127.194
Sorry, "namserver" or "nameserver" ? That could be it. If not, your
resolv.conf seems ok.
Oops. Just a typo. It says nameserver in the file.
Also, check that your hint file is ok. Locate the zone entry for type hint
on /etc/named.conf, check the directory option on the options entry, and
check that a file named.root (or the name appearing on the zone "."
section)
exists and is not empty.
Everything in named.conf seems fine. The zone "." looks like this:
zone "." in
{
type hint;
file "db.cache";
};
and the db.cache file contains the root servers.
I have a couple of qmail's working allright with bind, so that is not the
problem.
Well, if the problem lies with my resolver, are there any tools that I can
use to simulate what qmail is trying to do? ping and nslookup seem t be
working fine.
Maybe some simple source code that I can fiddle with to figure this out?
Jens
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
Re: Blocking Spam, badmailfrom not working
Hi, try to use my SPAMCONTROL patch. It gives you REGEX capablility on the MAIL FROM: name and other stuff. http://www.fehcom.de/qmail_en.html cheers. eh. At 02:46 30.7.2000 -0400, Hubbard, David wrote: Hi everyone, I've been noticing a lot of spam coming in to users on my qmail server from popsite.net addresses. I guess they're just a big dialup provider that obviously lets their users relay whatever they want through their server. But anyway, the Helo, From, To, and Return-Path are all garbage. The only thing that is consistent across emails is the path it took to get to me, and it always starts with a popsite.net address. I tried to put @popsite.net in my badmailfrom but that didn't work. Is there any way to block all popsite.net connections? They always seem to come from different addresses and subnets. Thanks, Dave +---+ | fffhh http://www.fehcom.deDr. Erwin Hoffmann | | ff hh| | ffeee ccc ooomm mm mm Wiener Weg 8 | | fff ee ee hh hh cc oo oo mmm mm mm 50858 Koeln| | ff ee eee hh hh cc oo oo mm mm mm| | ff eee hh hh cc oo oo mm mm mm Tel 0221 484 4923 | | ff hh hhccc ooomm mm mm Fax 0221 484 4924 | +---+
Re: Still getting CNAME_lookup_failed_temporarily errors
At 13:50 30.7.2000 GMT, Jens Hafsteinsson wrote: What I would like to know is what exactly qmail is trying to do. Why is it doing a CNAME lookup in the first place? Why doesn't it just use the designated server in the MX records and be done with it? How does a DNS setup look like that works (the relevant parts)? Your MX *is* a CNAME, mail.axon.is. Can't get your MX-Record ... It did point directly to my mail servers A record, triton.axon.is, but I changed it to a CNAME just to see if that would change anything (which it apparently didn't). On the other hand, it seems that your problem is not with your domain. AFAIK, no CNAME lookup of the local domain is needed to send mail. You should start by checking your /etc/resolv.conf, it seems that qmail can't get any DNS answers. Do you have a local DNS cache? Perhaps you should switch to djbdns. I'm using named 8.2.2 as my primary DNS running on the same machine as the mail server. As a quick fix, try the following on your /etc/resolv.conf (saving the previous contents elsewhere): search axon.is nameserver 193.4.58.19 Try to avoid nameserver statement in resolv.conf #nameserver 193.4.58.19 search axon.is cheers. eh. and restart qmail. If you can then send mail, then you don't have a correct local DNS setup. No, this didn't solve it. Someone said that by putting nameserver 127.0.0.1 in resolv.conf fixed his CNAME problem but that didn't help either. Surely someone must be using named successfully with qmail? Or is the resolver misconfigured? My usual resolv.conf file is like this search axon.is namserver 194.144.127.194 Thanks, Jens ___ _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com +---+ | fffhh http://www.fehcom.deDr. Erwin Hoffmann | | ff hh| | ffeee ccc ooomm mm mm Wiener Weg 8 | | fff ee ee hh hh cc oo oo mmm mm mm 50858 Koeln| | ff ee eee hh hh cc oo oo mm mm mm| | ff eee hh hh cc oo oo mm mm mm Tel 0221 484 4923 | | ff hh hhccc ooomm mm mm Fax 0221 484 4924 | +---+
Re: Still getting CNAME_lookup_failed_temporarily errors
From: Erwin Hoffmann [EMAIL PROTECTED] snip Can't get your MX-Record ... That's strange. Running dnsmxip axon.is. gives me 194.144.127.194 10 wich corresponds to my MX record. snip As a quick fix, try the following on your /etc/resolv.conf (saving the previous contents elsewhere): search axon.is nameserver 193.4.58.19 Try to avoid nameserver statement in resolv.conf #nameserver 193.4.58.19 search axon.is Hmm. How do you resolve names then? Jens Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
Asking again: rcpthosts, relaying, and tcp-env 7.6
Hi again, No one seems to have an answer on this, which leads me to believe that my question is either (1) a dumb question well covered in a doc somewhere, or (2) an extremely difficult question that has everyone stumped. Could someone at least clue me in on which one it is? thanks, Todd I'm trying to set up a virtual pop server, and I've run into a problem that I can't solve. I've been talking with a knowledgeable friend and qmail advocate, and I have him stumped. He recommended that I forward my problem to this list, in the hope of finding a solution. Rather than restate everything and probably get something wrong, my discussion with him follows. qmail is running, I can inject mail into it and it will be delivered. I also have a few accounts set up on it, and mail is being properly delivered to them. I can also mail directly from the command line on the machine. The problem: domain.org is the domain that is set up on qmail. [EMAIL PROTECTED] is a valid account on the system. If I try to send mail to any host not listed in control/rcpthosts, it bounces with a 553, "sorry that domain isn't in my list of allowed rcpthosts". I thought, "That looks suspiciously like a FAQ". Sure enough. question 5.4 seemed relevant, reproduced here for reference: --- 5.4. How do I allow selected clients to use this host as a relay? I see that qmail-smtpd rejects messages to any host not listed in control/rcpthosts. Answer: Three steps. First, install tcp-wrappers, available separately, including hosts_options. Second, change your qmail-smtpd line in inetd.conf to smtp stream tcp nowait qmaild /usr/local/bin/tcpd /var/qmail/bin/tcp-env /var/qmail/bin/qmail-smtpd (all on one line) and give inetd a HUP. Third, in tcpd's hosts.allow, make a line setting the environment variable RELAYCLIENT to the empty string for the selected clients: tcp-env: 1.2.3.4, 1.2.3.5: setenv = RELAYCLIENT Here 1.2.3.4 and 1.2.3.5 are the clients' IP addresses. qmail-smtpd ignores control/rcpthosts when RELAYCLIENT is set. (It also appends RELAYCLIENT to each envelope recipient address. See question 5.5 for an application.) I found a message in the mail archives that says that removing rcpthosts will open up the machine, but this is of course not a solution. I moved rcpthosts as a test, and all messages are delivered properly. My /etc/inetd.conf line reads: smtp stream tcp nowait qmaild /usr/sbin/tcpd /var/qmail/bin/tcp-env /var/qmail/bin/qmail-smtpd and my /etc/hosts.allow line reads: tcp-env: 209.218.13.127: setenv = RELAYCLIENT 209.218.13.127 is the ip address of my linux box here at home, behind which my Windows box running Eudora (crash.domain.com) lives. Looking at tcpdmatch, I can't understand why this is being declined: [root@sonata tcp_wrappers_7.6]# /usr/sbin/tcpdmatch -d tcp-env 209.218.13.127 client: address 209.218.13.127 server: process tcp-env access: granted Let's see if I understand what you are doing. You have a machine which I will call mail.domain.org. You have setup qmail as the MTA. If you use a program on that machine to send mail from [EMAIL PROTECTED] to [EMAIL PROTECTED], it works. If you go over to otherDomain.com and send mail to [EMAIL PROTECTED], it gets delivered. Correct so far? This is correct. Now you take a windows box, crash.otherDomain.com, and you configure Eudora to get mail from mail.domain.org through POP3, and to use [EMAIL PROTECTED] as the sender, and that mail.domain.org will be your SMTP host. This doesn't work. Right? I can pop mail off the server using the [EMAIL PROTECTED] account just fine with Eudora. Mail sent to any valid address in domain.org is delivered properly. The problem comes in sending mail to any domain not listed in control/rcpthosts from any @domain.org account, when the mail originates from the Windows box. mail.domain.org refuses to accept the message for delivery with the mentioned error. ( Here's a handy chart in case anyone is having a problem following that mess: The domain other.com is in control/rcpthosts. The domain other2.com is not. Originating Machine Sender Recipient Result mail.domain.org [EMAIL PROTECTED][EMAIL PROTECTED]success mail.domain.org [EMAIL PROTECTED][EMAIL PROTECTED] success mail.domain.org [EMAIL PROTECTED][EMAIL PROTECTED]success crash.other.com [EMAIL PROTECTED] [EMAIL PROTECTED]success crash.domain.org[EMAIL PROTECTED][EMAIL PROTECTED]success crash.domain.org[EMAIL PROTECTED][EMAIL PROTECTED] success crash.domain.org[EMAIL PROTECTED][EMAIL PROTECTED]failure ) Things to note: 1. qmail does not include a POP3 or IMAP daemon. Tell qmail to use mailboxes instead
omail-admin upgrade-work - php + newest vmailmgr+autoresponder features. any suggestion before I start ?
Hi, So, omail-admin (web administration tool for vmailmgr+qmail based systems) ist getting quite old! During the next days I will work on a new version, with will support the newest php interface, qmail-autoresponder, and will get the rid of the current complicated and maybe insecure suid-perl wrapper. I will also use PHP4-session management, to also get rid of the current mysql-based system. If you have any suggestion or feature request, it's the right moment! So please have a look at http://omail.omnis.ch/ or test the demo on http://admin.omnis.ch/omail/ (test.com + test as passwd), tell me what you'd like me to add/change, or if you want to participate. Some things: - will need PHP4 and the newest version of vmailmgr (www.vmailmgr.org) - should be usable by a domain administrator (all rights) but also by a single user (password change, maybe adding of forwarders/autoresp) - multilanguage (at least en, fr, de) - secure... - maybe quota support (one given domain - right to create one pop account and 5 aliases for example) (but how... ? maybe just a flat text file in /var/qmail/control would do the thing) - later, why not webmail ? (but wouldn't work yet without suid rights : currently not able to read mails or subjects using the vcommands) comments welcome! :) Regards, Olivier -- _ Olivier Mueller - [EMAIL PROTECTED] - PGPkeyID: 0E84D2EA - Switzerland PGP signature
Re: Want to know your potential multiple recipient savings?
On Sat, 29 Jul 2000, Greg Cope wrote: Well we are now looking at a totaly scalable solution - where we just add boxes to scale. Generating the emails is simplistic and quick - injecting into a queue and then processing the queue is the fun part ! it is much better if you try the first delivery attempt yourself, possibly using qmail-remote to send the first message. if the invocation of qmail-remote fails fally back to injecting the message into a qmail server If you want to spread the load across outbound servers look at invoking qmtp to pass the message from your script off to (n) remote qmtp servers. Richard
Re: Still getting CNAME_lookup_failed_temporarily errors
From: Jens Hafsteinsson [EMAIL PROTECTED]
named does recursive queries by default according to the docs.
Well.. is your installation the default one? ;)
Sorry, no luck with that one. This strongly suggest some local
configuration
problem, but I just can't put my finger on it.
Sure, it is a local DNS config problem. See below.
Oops. Just a typo. It says nameserver in the file.
Damn. Typos are good, you can correct typos :)
Everything in named.conf seems fine. The zone "." looks like this:
zone "." in
{
type hint;
file "db.cache";
};
and the db.cache file contains the root servers.
In the right directory? I'm grabing at straws, here, but ...
Well, if the problem lies with my resolver, are there any tools that I can
use to simulate what qmail is trying to do? ping and nslookup seem t be
working fine.
Maybe some simple source code that I can fiddle with to figure this out?
The main difference between qmail and other software re DNS is that qmail
doesn't give a hoot about the /etc/hosts file. Everything is done through
DNS. As things stand now, I'd dump bind and try djbdns... unless you can get
someone to debug bind for you.
The tests I've done with triton.axon.is using nslookup did ok. It's even
recursive. dnsq concurs, everything seems ok. If this was djbdns, with its
clearer binding to interfaces, I'd say that your DNS server is ok for
outside queries, but not correctly configured for local queries, and point
the proverbial finger at the culprit.
Next thing I'd suspect would be libc upgrade problems... what OS are you
running? I couldn't identify it remotely. It looks like Linux 2.2.14, but...
try to reinstall your libc's.
Did you install qmail from source or using a binary package?
Armando
Re: Still getting CNAME_lookup_failed_temporarily errors
From: Erwin Hoffmann [EMAIL PROTECTED] Can't get your MX-Record ... I can get it. dnsmx axon.is retrieves triton.axon.is. dnsq mx axon.is triton.axon.is also works. As does dnsq mx axon.is sprettur.isnet.is. Even dig @triton.axon.is axos.is mx does. However, all of this only tells us that the server answers ok to queries regarding itself... but the CNAME diagnostic relates to a problem with the recipients domain, not the senders. Armando
Re: From where to get tcpserver
http://cy.yp.to/ucspi-tcp.html Good luck.:P - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, July 29, 2000 9:20 PM Subject: From where to get tcpserver Dear friends and gurus, Could anybody tell me that from where to get the tar or rpms for tcpserver for qmail, because i need to run qmail with tcpserver not with inetd. i m working on RH 6.2. thanx in advance Tejal Shah
Re: Asking again: rcpthosts, relaying, and tcp-env 7.6
Todd Finney wrote: Hi again, No one seems to have an answer on this, which leads me to believe that my question is either (1) a dumb question well covered in a doc somewhere, or (2) an extremely difficult question that has everyone stumped. Could someone at least clue me in on which one it is? Hi Todd, I couldn't find anything in your post that looked any different than the FAQ - the answer to the FAQ should fix your problem. Why don't you post your hosts.allow (inetd) or tcp.smtp (tcpwrappers) file. Here's the relevent line from my home box: tcp-env: 192.168., 127.0.0. : setenv = RELAYCLIENT I'm using inetd for SMTP - if you're using tcpwrappers the tcp.smtp file would be different but similar: 192.168.0.0:allow,RELAYCLIENT="" 127.:allow,RELAYCLIENT="" (those are the example lines - I don't use them so I don't know if they're correct) Basically, anytime one of your local machines connects to the SMTP port, set RELAYCLIENT before running qmail-smtpd. Eric
Re: Blocking Spam, badmailfrom not working
Dave, There's some general info on anti-spam with qmail here: http://www.summersault.com/chris/techno/qmail/qmail-antispam.html Hope this helps, Chris On Sun, 30 Jul 2000, Hubbard, David wrote: Hi everyone, I've been noticing a lot of spam coming in to users on my qmail server from popsite.net addresses. I guess they're just a big dialup provider that obviously lets their users relay whatever they want through their server. But anyway, the Helo, From, To, and Return-Path are all garbage. The only thing that is consistent across emails is the path it took to get to me, and it always starts with a popsite.net address. I tried to put @popsite.net in my badmailfrom but that didn't work. Is there any way to block all popsite.net connections? They always seem to come from different addresses and subnets. Thanks, Dave -- Chris Hardie - - mailto:[EMAIL PROTECTED] -- http://www.summersault.com/chris/ --
Re: Blocking Spam, badmailfrom not working
On Sun, Jul 30, 2000 at 10:28:10AM -0400, Hubbard, David wrote: Thanks for responding Chris. I am currently using the MAPS relays.mail-abuse.org with rblsmtpd, I guess the spam I'm getting isn't coming from an open relay. Actually, the spammers usually relay through a valid mail server for their network that isn't an open relay on the internet, it's just allowing users who are behind it to go through it. I guess in this case my best bet would be to forward it to their admins since I can't block by originating IP... IIRC, dul.maps.vix.com blocks the popsite spammers. Ben -- Ben Beuchler [EMAIL PROTECTED] MAILER-DAEMON (612) 321-9290 x101 Bitstream Underground www.bitstream.net
WEIRD BEHAVIOR WITH MY QMAILd!!
Hi I need some help with qmail!! I've been running qmail and it's been working ok! vhosts, everything. Today I've setted a NameServer Cause I've changed to a real domain , example: example.com, and i've changed hostname too. In order to work well i've changed all files in /var/qmail/control domain: example.com hostname: galileu Problem: If I send , LOCALY, a mail to [EMAIL PROTECTED] or even [EMAIL PROTECTED], it will work with no problems!! In the other way, if ill do the same thing remotly only [EMAIL PROTECTED] will work!! Everything else , [EMAIL PROTECTED] [EMAIL PROTECTED] will give this error. 194.210.xx.xx_does_not_like_recipient./Remote_host_said:_553_sorry,_that_domain_isn't_in_my _list_of_allowed_rcpthosts_(#5.7.1)/Giving_up_on_194.210.xx.xx./ And I have this, [root@sarrazola control]# cat defaultdomain example.com [root@sarrazola control]# cat locals localhost galileu.example.com example.com galileu [root@sarrazola control]# cat me galileu.example.com [root@sarrazola control]# cat rcpthosts localhost galileu galileu.example.com example.com [root@sarrazola control]# Has you can see I can't resolve the problem... And I dont understand it... Please help!! [EMAIL PROTECTED]
Re: Asking again: rcpthosts, relaying, and tcp-env 7.6
I'd like to thank those on the list who pointed me in the right direction, notably away from tcp-env and over to tcpwrappers. Half an hour later, it works like a charm. thanks again, Todd
License Question
Dear All, Sorry if I post to the wrong list. I have some question about license of virus scan software. If 1. I use qmail + amavis + McAfee on server that has 10,000 user. 2. I config amavis to scan virus every incoming/outgoing e-mail. The question is 1. Do I have to purchase 10,000 license of McAfee VirusScan ? That should be very very expensive. 2. Do I have to pay for Amavis or Qmail ? (I think I don't have to) Any suggestion ? Joomy.
Re: License Question
On Mon, Jul 31, 2000 at 10:58:34AM +0700, joomy wrote: Dear All, Sorry if I post to the wrong list. I have some question about license of virus scan software. If 1. I use qmail + amavis + McAfee on server that has 10,000 user. 2. I config amavis to scan virus every incoming/outgoing e-mail. The question is 1. Do I have to purchase 10,000 license of McAfee VirusScan ? That should be very very expensive. Have you considered asking your MCAfee sales rep? 2. Do I have to pay for Amavis or Qmail ? (I think I don't have to) There are no license fees for qmail. Regards.
tai64n -- why?
I understand from DJB's website that TAI is a better way to deal with time functions than the typical unix localtime(). However, it seems to make a lot of things really awkward when it is used as the time stamp in a log file. Any particular idea why DJB chose to use it for output in multilog? It seems to me that all it accomplishes is adding extra steps to gleaning any useful info from the logs... Ben -- Ben Beuchler [EMAIL PROTECTED] MAILER-DAEMON (612) 321-9290 x101 Bitstream Underground www.bitstream.net
Re: tai64n -- why?
On Sun, Jul 30, 2000 at 11:06:38PM -0500, Ben Beuchler wrote: I understand from DJB's website that TAI is a better way to deal with time functions than the typical unix localtime(). However, it seems to make a lot of things really awkward when it is used as the time stamp in a log file. Really? If I want to tail a log file, eg, I go like this: tail ../someservice/current | tai64nlocal and it all looks fine for humans. Any particular idea why DJB chose to use it for output in multilog? It seems to me that all it accomplishes is adding extra steps to gleaning any useful info from the logs... Well, there are two issues here. One is the use of that particular form of timestamp and the granularity of the timestamp. The granularity of syslog is a second which is no where near good enough for timing events that occur at sub-second rates. Knowing the author of syslog, I can guess why he thought that a second was plenty accurate enough for his MTA. But in the real world of modern computing, events happen more briefly. Once you accept that the current mainstream logging system isn't giving sufficiently useful timestamps, then any change is going to carry some level of awkwardness. What DjB has done is pick a timestamp that has some pretty useful characteristics. Importantly, he has chosen one which is as close to absolute as is possible and one which is easy to use with date arithmetic. Regards.
Announcing qmail-autoresponder version 0.93
Version 0.93 of qmail-autoresponder is now available at: http://em.ca/~bruceg/qmail-autoresponder/ See the documentation there for more details, or join the mailing list by sending an email to: [EMAIL PROTECTED] Development versions of qmail-autoresponder are available via anonymous CVS. Set your CVSROOT to ":pserver:[EMAIL PROTECTED]:/CVS", login with an empty password, and check out the qmail-autoresponder module. --- Changes in version 0.93 - Fixed an off-by-one bug in the rate limiting logic (again). - Fixed an off-by-one bug in the Delivered-To checking code. - The output writing routine will now substitute "%S" in the autoresponse message with the original message's subject. --- qmail-autoresponder Rate-limited autoresponder for qmail Bruce Guenter [EMAIL PROTECTED] Version 0.93 2000-07-30 This is a simple program to automatically respond to emails. It is based on some ideas (but little or no code) from a similar autoresponder by Eric Huss [EMAIL PROTECTED], and ideas presented in the qmail mailing list. Features: - Limits rate of automatic responses (defaults to a maximum of one message every hour). - Will not respond to nearly every type of mailing list or bulk email. - Will not respond to bounce messages or MAILER-DAEMON. - Bounces looping messages. - Can insert the original subject into the response. - Can copy original message into response. - Can use links in the rate-limiting data directory to limit inode usage to a single inode. Usage: Put "|qmail-autoresponder MESSAGE_FILE DIRECTORY" into your ".qmail" file before other delivery instructions. MESSAGE_FILE is a pre-formatted response, including headers, and DIRECTORY is the directory into which rate-limiting information will be stored. Any instance of "%S" in MESSAGE_FILE will be replaced with the original subject. This program is Copyright(C) 2000 Bruce Guenter, and may be copied according to the GNU GENERAL PUBLIC LICENSE (GPL) Version 2 or a later version. A copy of this license is included with this package. This package comes with no warranty of any kind. PGP signature
qmail Digest 30 Jul 2000 10:00:01 -0000 Issue 1078
qmail Digest 30 Jul 2000 10:00:01 - Issue 1078 Topics (messages 45799 through 45826): bug in qmail-autoresponder version 0.92 ? 45799 by: Olivier M. 45823 by: Bruce Guenter 45826 by: Olivier M. From where to get tcpserver 45800 by: tejal.interoffice.worldgatein.net 45801 by: Robin S. Socha Re: Want to know your potential multiple recipient savings? 45802 by: Greg Cope 45803 by: markd.bushwire.net 45804 by: Greg Cope 45805 by: markd.bushwire.net 45821 by: Bruce Guenter 45822 by: Bruce Guenter POP delete mail on 2 places... 45806 by: Magnus Löfqvist 45809 by: Uwe Ohse Open letter 45807 by: Patrick Lambert 45812 by: markd.bushwire.net 45813 by: Blackey 45816 by: Adam McKenna 45817 by: markd.bushwire.net urgent help required ! tcpserver tcprules 45808 by: reach_prashant.zeenext.com 45811 by: Alexander Jernejcic Re: dot-qmail deliver help 45810 by: Uwe Ohse invalid characters in a email address? 45814 by: Bill Parker 45815 by: Ronny Haryanto Re: qmail-1.03 on Solaris is broken 45818 by: Toens Bueker Forwarding local account messages to POP mailbox. 45819 by: Paul Broadwith 45820 by: Jonathan McDowell Blocking Spam, badmailfrom not working 45824 by: Hubbard, David 45825 by: Chris, the Young One Administrivia: To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To subscribe to the digest, e-mail: [EMAIL PROTECTED] To bug my human owner, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] -- Currently trying qmail-autoresponder (http://em.ca/~bruceg/qmail-autoresponder/) : Docs says: - Limits rate of automatic responses (defaults to a maximum of one message every hour). well, I always get _two_ messages, before the Ignoring_message://usr/local/bin/qmail-autoresponder:_SENDER_has_sent_too_many_messages/did_0+0+2/ appears in logs... (with: |/usr/local/bin/qmail-autoresponder -n 1 -t 43200 |/home/paradises.ch/autorespond/msg/oli2 /home/paradises.ch/autorespond/log/oli2 |/usr/local/bin/qmail-autoresponder -t 43200 /home/paradises.ch/autorespond/msg/oli2 |/home/paradises.ch/autorespond/log/oli2 ) Just looked in the source: /* If the user's count is already over the max, * don't record any more. */ if(++count max) return 0; shouldn't it be : /* If the user's count is already over the max, * don't record any more. */ if(++count = max) return 0; ? (it works this way on my system... :) Regards, Olivier PS: the thing with "-s" is ok, but I like the "original" vacation feature with $SUBJECT in _BODY_ much better : do you plan to add it to qmail-autorespond ? Some sample source with this feature is available under : http://cvs.sourceforge.net/cgi-bin/cvsweb.cgi/vacation/?cvsroot=vacation PPS: if there is a From: or a Reply-To: field, should the autoresponder respond to this address ? -- _ Olivier Mueller - [EMAIL PROTECTED] - PGPkeyID: 0E84D2EA - Switzerland PGP signature On Sat, Jul 29, 2000 at 02:35:56PM +0200, Olivier M. wrote: Currently trying qmail-autoresponder (http://em.ca/~bruceg/qmail-autoresponder/) : Great! Docs says: - Limits rate of automatic responses (defaults to a maximum of one message every hour). well, I always get _two_ messages, shouldn't it be : /* If the user's count is already over the max, * don't record any more. */ if(++count = max) return 0; You are right. The logic worked before the rewrite for 0.92, and I guess I missed that one. The tests also failed to catch this. I'll make sure they work this time. PS: the thing with "-s" is ok, but I like the "original" vacation feature with $SUBJECT in _BODY_ much better : do you plan to add it to qmail-autorespond ? Reluctantly, yes. Would something like "%S" work for you? That would greatly simplify the parsing logic. PPS: if there is a From: or a Reply-To: field, should the autoresponder respond to this address ? I think not. Responding to the envelope sender is pretty much the only safe thing to do, and it neatly avoids all the trouble one would get into to properly parse an address field. -- Bruce Guenter [EMAIL PROTECTED] http://em.ca/~bruceg/ PGP signature 'morning! On Sat, Jul 29, 2000 at 10:47:05PM -0600, Bruce Guenter wrote: On Sat, Jul 29, 2000 at 02:35:56PM +0200, Olivier M. wrote: Currently trying qmail-autoresponder (http://em.ca/~bruceg/qmail-autoresponder/) : Great! PS: the thing with "-s" is ok, but I like the "original" vacation feature with $SUBJECT in _BODY_ much better : do you plan to add
Re: Still getting CNAME_lookup_failed_temporarily errors
From: Jens Hafsteinsson [EMAIL PROTECTED] What I would like to know is what exactly qmail is trying to do. Why is it doing a CNAME lookup in the first place? Why doesn't it just use the designated server in the MX records and be done with it? How does a DNS setup look like that works (the relevant parts)? Your MX *is* a CNAME, mail.axon.is. On the other hand, it seems that your problem is not with your domain. AFAIK, no CNAME lookup of the local domain is needed to send mail. You should start by checking your /etc/resolv.conf, it seems that qmail can't get any DNS answers. Do you have a local DNS cache? Perhaps you should switch to djbdns. As a quick fix, try the following on your /etc/resolv.conf (saving the previous contents elsewhere): search axon.is nameserver 193.4.58.19 and restart qmail. If you can then send mail, then you don't have a correct local DNS setup. Good luck Armando
Re: Still getting CNAME_lookup_failed_temporarily errors
What I would like to know is what exactly qmail is trying to do. Why is it doing a CNAME lookup in the first place? Why doesn't it just use the designated server in the MX records and be done with it? How does a DNS setup look like that works (the relevant parts)? Your MX *is* a CNAME, mail.axon.is. It did point directly to my mail servers A record, triton.axon.is, but I changed it to a CNAME just to see if that would change anything (which it apparently didn't). On the other hand, it seems that your problem is not with your domain. AFAIK, no CNAME lookup of the local domain is needed to send mail. You should start by checking your /etc/resolv.conf, it seems that qmail can't get any DNS answers. Do you have a local DNS cache? Perhaps you should switch to djbdns. I'm using named 8.2.2 as my primary DNS running on the same machine as the mail server. As a quick fix, try the following on your /etc/resolv.conf (saving the previous contents elsewhere): search axon.is nameserver 193.4.58.19 and restart qmail. If you can then send mail, then you don't have a correct local DNS setup. No, this didn't solve it. Someone said that by putting nameserver 127.0.0.1 in resolv.conf fixed his CNAME problem but that didn't help either. Surely someone must be using named successfully with qmail? Or is the resolver misconfigured? My usual resolv.conf file is like this search axon.is namserver 194.144.127.194 Thanks, Jens Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
Re: Blocking Spam, badmailfrom not working
On Sun, Jul 30, 2000 at 10:28:10AM -0400, Hubbard, David wrote: ! I guess ! in this case my best bet would be to forward it to their ! admins since I can't block by originating IP... By all means complain to their admin. Why can't you block the bad IP addresses? rblsmtpd, if invoked via tcpserver, can be made to block any address you want. Of course, there may be other reasons why you can't block them, such as if you don't want to block the good senders from that server too, in which case I understand. ---Chris K. -- Chris, the Young One |_ If you can't afford a backup system, you can't Auckland, New Zealand |_ afford to have important data on your computer. http://cloud9.hedgee.com/ |_ ---Tracy R. Reed PGP: 0xCCC6114E/0x706A6AAD |_
RE: Blocking Spam, badmailfrom not working
Thanks for responding Chris. I am currently using the MAPS relays.mail-abuse.org with rblsmtpd, I guess the spam I'm getting isn't coming from an open relay. Actually, the spammers usually relay through a valid mail server for their network that isn't an open relay on the internet, it's just allowing users who are behind it to go through it. I guess in this case my best bet would be to forward it to their admins since I can't block by originating IP... Thanks, Dave -Original Message- From: Chris, the Young One [mailto:[EMAIL PROTECTED]] Sent: Sunday, July 30, 2000 3:26 AM To: [EMAIL PROTECTED] Subject: Re: Blocking Spam, badmailfrom not working On Sun, Jul 30, 2000 at 02:46:29AM -0400, Hubbard, David wrote: ! I tried to put @popsite.net in my badmailfrom but that didn't work. badmailfrom is useless. :-) People can arbitrarily set their envelope sender anyway. ! Is there any way to block all popsite.net connections? They always seem ! to come from different addresses and subnets. Look into rblsmtpd, included with the ucspi-tcp package. You can make it use the MAPS RBL (http://maps.vix.com/rbl/), and you can specify your own list of addresses (that's IP address, not envelope sender address) to block. http://cr.yp.to/ucspi-tcp.html ---Chris K. -- Chris, the Young One |_ If you can't afford a backup system, you can't Auckland, New Zealand |_ afford to have important data on your computer. http://cloud9.hedgee.com/ |_ ---Tracy R. Reed PGP: 0xCCC6114E/0x706A6AAD |_
RE: Blocking Spam, badmailfrom not working
to contact spammers' mail server administrators i have found it very useful to have signed up with http://spamcop.net via http://spamcop.net/anonsignup.shtml they provide a form to paste the spam mail into and have all the necessary DNS/whois lookups done wolfgang
