Are all of the username portions of the e-mail addresses legitimate e-mails?
IE, it looks like you cleansed the domain portion, but, in the log, are the
all, or most, of the e-mails legitimate?
I've seen this with random attempts at guessing e-mails and passwords, but
not with all legit e-mails.
...@gmail.com]
Sent: Tuesday, March 01, 2011 6:45 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] SMTP attack
Michael Colvin escribió:
Are all of the username portions of the e-mail addresses legitimate e-
mails?
IE, it looks like you cleansed the domain portion
. Fail2ban would be the best solution for the time being
as previously mentioned.
Sergio M wrote:
Michael Colvin escribió:
Are all of the username portions of the e-mail addresses legitimate
e-mails?
IE, it looks like you cleansed the domain portion, but, in the log,
are the
all
./vadddomain mydomain.com password
The password is the password for the Postmaster account for that domain.
You can get a full list of options for ./vadddomain by entering it with no
options.
You must also be in the /home/vpopmail/bin folder.
You can ls to get a list of the various
...@yother.com]
Sent: Tuesday, February 01, 2011 12:11 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] to add a domain
Your too fast Michael...
On 02/01/2011 12:03 PM, Michael Colvin wrote:
./vadddomain mydomain.com password
The password is the password for the Postmaster
?
--
-Eric 'shubes'
On 01/11/2011 07:37 PM, Michael Colvin wrote:
Eric.. Check this thread out... I think this may be pointing me in the
right direction...
http://osdir.com/ml/mail.qmail.simscan/2007-12/msg00029.html
The 2nd paragraph... Because relay client is set, simscan doesnt
know
for sure if spamdyke setting RELAYCLIENT is the cause or not.
P.S. I realize that web hosting servers are a pita, but configuring them
to authenticate is a good practice imo. Then you don't need any open
relaying.
--
-Eric 'shubes'
On 01/12/2011 10:35 AM, Michael Colvin wrote:
Ummm
Eric,
I've checked all the places I can think of that it might be getting
RELAYCLIENT set at (/var/qmail/control/relay , /etc/spamdyke/whitelist_ip
and tcp.smtp) and I've removed any reference to my internal network...
Still no luck.
Any place else you can think of before I write the RELAYCLIENT
have any parting
thoughts, maybe we can pick this up over there.
Michael J. Colvin
NorCal Internet Services
www.norcalisp.com
-Original Message-
From: Michael Colvin [mailto:mcol...@norcalisp.com]
Sent: Wednesday, January 12, 2011 9:59 AM
To: qmailtoaster-list@qmailtoaster.com
-Original Message-
From: Eric Shubert [mailto:e...@shubes.net]
Sent: Wednesday, January 12, 2011 11:11 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: SpamAssassin not being invoked by SimContro
On 01/11/2011 08:03 PM, Michael Colvin wrote:
Eric,
I've checked
Message-
From: Michael Colvin [mailto:mcol...@norcalisp.com]
Sent: Wednesday, January 12, 2011 9:59 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: SpamAssassin not being invoked by
SimContro
Agreed (With the authenticating hosting servers part
When I ran the spamdyke tests, I didn't get any errors... I'm going to move
over to SpamDyke's list now, and see what Sam thinks...
Michael J. Colvin
NorCal Internet Services
www.norcalisp.com
-Original Message-
From: Michael Colvin [mailto:mcol...@norcalisp.com]
Sent: Wednesday
is to put what
you'd put in the relay file into tcp.smtp, and don't use the access-file
in SpamDyke.
Michael J. Colvin
NorCal Internet Services
www.norcalisp.com
-Original Message-
From: Michael Colvin [mailto:mcol...@norcalisp.com]
Sent: Wednesday, January 12, 2011 1:15 PM
)
Received: by 10.42.230.5 with HTTP; Tue, 11 Jan 2011 04:40:29 -0800
(PST)
Date: Tue, 11 Jan 2011 04:40:29 -0800
Message-ID:
aanlktimo65iopgbztonw-opm2d7cvp4xhydcmbg4u...@mail.gmail.com
Subject: Testing
From: NorCal Internet norcalinter...@gmail.com
To: Michael Colvin mcol...@norcalisp.com
into spamassassin at this
point. Can you invoke SA 'manually'?
On 01/11/2011 11:13 AM, Michael Colvin wrote:
Here you go Eric. Both servers had identical outputs, other than one
being
installed the day after this one. :-)
Name: simscan-toaster Relocations
Ok. Will do later today/this evening and let you know.
Thanks for the suggestion!
Michael J. Colvin
NorCal Internet Services
www.norcalisp.com
-Original Message-
From: Eric Shubert [mailto:e...@shubes.net]
Sent: Monday, January 10, 2011 8:39 AM
To:
And considering that Exim is the MTA of choice with a lot of control panels,
and Postfix the default MTA on a lot of LAMP servers, I'm guessing a LOT of
those are from people that don't really Choose their mail server, but
simply use what's supplied with their ISO. :-)
I'm also curious where
sending is rejected as a whole.
Ciao!
Tonino
Il 14/11/2010 00:37, Michael Colvin ha scritto:
On 11/13/2010 07:16 AM, Tonix (Antonio Nati) wrote:
Il 13/11/2010 15:04, Martin Waschbuesch ha scritto:
Hi all,
I wonder about this one... First of all, I agree with Jake that MX
verification
recipients delivery in
several single recipient deliveries.
Tonino
Il 14/11/2010 17:37, Michael Colvin ha scritto:
Yes, but this is not the issue in, at least this specific case. It's
definitely a recipient MX resolution issue...
Mike
-Original Message-
From: Tonix (Antonio Nati
On 11/13/2010 07:16 AM, Tonix (Antonio Nati) wrote:
Il 13/11/2010 15:04, Martin Waschbuesch ha scritto:
Hi all,
I wonder about this one... First of all, I agree with Jake that MX
verification is rather important.
However, the problem at hand is also a nuisance: Why should one bad
OK. So, I've got some clients that send mails out to affiliates of theirs
via rather large distribution lists. When at least one, maybe more, of
those addresses are bad, they get the Sorry, can't find a valid MX for rcpt
domain bounce that, basically is bouncing the whole message, so even the
On 11/12/2010 12:38 PM, Michael Colvin wrote:
OK
So, Ive got some clients that send mails out to affiliates of
theirs via rather large distribution lists. When at least one, maybe
more, of those addresses are bad, they get the Sorry, cant find a
valid MX for rcpt domain bounce
If you're using Spamdyke, look in the /etc/spamdyke/spamdyke.conf file.
There's a timeout in there also that will cause duplicates.
Michael J. Colvin
NorCal Internet Services
http://www.norcalisp.com/ www.norcalisp.com
(916) 864-
_
From: Steve
Hi, I have successfully replicated two servers QMT with Jake video,
the system is spectacular and send my congratulations to Jake for the
excellent work in conjunction with its simplicity, now that I have my
two replicated servers would get their tips and experiences to be
always and
I 2nd the request. Those videos were a great source of information, Jake.
I miss them. :-)
Michael J. Colvin
NorCal Internet Services
http://www.norcalisp.com/ www.norcalisp.com
(916) 864-
_
From: Scott Hughes [mailto:sonicscott9...@gmail.com]
Sent: Wednesday,
You could also use a load balancer (There's plenty of open source Linux
based stuff out there), and have the multiple servers Appear as a single
IP, even using NAT. This should remove the SSL issues too.
I have mail servers with a single public IP, through a load balancer, which
also acts like a
Looks like using Spamdyke with RDNS enabled would have stopped it. Doesnt
look like the sending IP has a reverse DNS (PTR) entry. All Legit mail
servers should have a reverse DNS entry
Their IP should resolve to
*something*. That setting alone will stop 60% of likely spam, maybe more.
I'm running on VMWare ESXi, but was looking to maybe switch up. Xen was on
my list of possibles, along with Proxmox. (proxmox.com) I was leaning
towards Xen, but, perhaps I shouldn't now? :-)
VMWare's working great, just looking for something a little more budget
friendly. :-)
Michael
NOTE: it takes 2/3 minutes to deliver a message from an external e-mail
(gmail like) to our server. Is it normal time?
Sure. Sometimes they get delivered in a couple seconds, other times a few
minutes. Depends on a lot of variables. You have not indicated that is Gmail
is taking a long
My guess is that a pop3 client has grabbed the message.
We think we have eliminated that -- this fellow has gotten large
attachments in the past.
Folks will send him attch'd wav mov . w large being 10 - 20 MB ...ish
what else might it be?
should I , can I - empty his mailBox - could
Aren't we over-complicating this a bit?
Why not simply use aliases for the Management e-mail accounts, forwarding
them to corp.example.com, or some similar sub-domain, as was suggested
earlier. Then use SMTPRoutes to forward the mail to the Exchange server..No
DNS issues, no fetchmail, no
Hi Mike,
No, I am not using SpamDyke as of yet.
Thanks!!
Martin
Then that's the first thing I would suggest... SpamDyke will do wonders,
not only for your spam filtering, but the overall load on your server.
Something like checking for RDNS is exactly what SpamDyke was designed to
I agree with Michael that spamdyke is great. Highly recommended.
I'd like to clarify the tcpserver -h option though. This option does do
an rDNS lookup which is duplicative with spamdyke, but I think it's best
to do both, as they're used for different purposes. Spamdyke uses rDNS
for
Perfect.
Oh, and, I only wanted to explain why it'd be important for me to deselect
features of spamdyke that don't fit my needs.
Martin
Am 21.06.2010 um 18:09 schrieb Eric Shubert:
You can use whichever features you choose. It's up to you.
Of course fighting spam is always a
Are you using SpamDyke? If so, and you are checking for RDNS there, that
would seem duplicative to me. I block any mail server that does not have
RDNS using SpamDyke. Better to stop it there than waste time scanning it
with SpamAssassin...
Michael J. Colvin
NorCal Internet Services
Jake,
I'm trying to download the QMT ISO using the link from the main QMT page,
but it keeps opening a page at your consulting site.
I'd actually like to do the CentOS 5 ISO, but that seems to have disappeared
from the site, or I'm blind/stupid. (Which is always possible!)
Also, there were a
I would do both. :-) I would have redundant load balancers, at two
different locations, that balance the loads between multiple servers at
their respective locations. Then, use DNS (Also redundant at multiple
locations) to round robin between the two locations. :-)
Considering using VM
I should have added, we are using a variation of:
http://www.linuxvirtualserver.org/index.html
That link should get you going. No cost, other than a simple, no frills
server, depending on the load. Works great.
Do a Google for Linux load balancing and you should find all kinds of
side - especially
with brand name servers (Dell, HP, etc).
Thanks to everyone for all the input on this idea!
Scott
On 5/24/10 4:07 PM, Michael Colvin wrote:
I would do both. :-) I would have redundant load balancers, at two
different locations, that balance the loads between multiple
I mean.It's a wild guess, but it sure sounds like your box has been hacked.
The spamming can have several causes, but why is your box trying to connect
to other servers via SSH? Have you changed your passwords? Although, at
this point, it's probably too late and changing them wouldn't do much.
I like the ability to watch them when I need to, or to refer back to them
when needed.Even if it meant renewing the subscription, which I was just
about to do. :-)
Of course, whatever works for you, but, for my .02, I would like it if there
was a way to watch the videos on demand. The DVD
Search the archives. This was covered within the last two weeks, along with
a patch that resolves the issue. I'd send the e-mails, but don't have them
on hand, but they should be in the archives.
Mike
-Original Message-
From: Darrell Booth [mailto:darr...@drachma.com.au]
Sent:
The answer lies within the Spamdyke list's archives. :-)
Michael J. Colvin
NorCal Internet Services
http://www.norcalisp.com/ www.norcalisp.com
http://www.norcalisp.com/
_
From: David Milholen [mailto:dmilho...@wletc.com]
Sent: Thursday, April 01, 2010 9:38 AM
To:
My God.It's even the first/top item in the archives. Shouldn't be hard to
find. :-)
Michael J. Colvin
NorCal Internet Services
http://www.norcalisp.com/ www.norcalisp.com
http://www.norcalisp.com/
_
From: David Milholen [mailto:dmilho...@wletc.com]
Sent: Thursday,
Will restarting just Qmail pick up those changes?
Michael J. Colvin
NorCal Internet Services
http://www.norcalisp.com/ www.norcalisp.com
http://www.norcalisp.com/
_
From: Dave Hallowell [mailto:d...@acbsco.com]
Sent: Monday, March 01, 2010 12:37 PM
To:
I think I've seen this before and it was either IMAP connections limitation
issue, a timeout issue, or a MySQL issue...Maybe a combination? :-) I
don't remember, it's been a few years.
Usually, I would see it when the server was being heavily used, and it
slowed down noticeably... I wish I
Eric Shubert wrote:
Michael Colvin wrote:
I'm curious... Is it possible to setup QMT without implementing
chkuser? I
know I should use it, and do, but I have a specific need for a server
without that functionality on a temporary basis (Replacing a legacy
server
until I can migrate
I'm curious... Is it possible to setup QMT without implementing chkuser? I
know I should use it, and do, but I have a specific need for a server
without that functionality on a temporary basis (Replacing a legacy server
until I can migrate users to a full QMT infrastructure), and was wondering
I'm not sure I see what your problem is. Your post shows that a message
from, what I would guess is a spam address, being blocked by a blacklist
entry. Isn't that what you want?
The address that shows a DENIED_RBL_MATCH from certainly looks like
something you'd want blocked. That's what
Peter Peltonen wrote:
Hi,
On Mon, Nov 23, 2009 at 9:51 PM, Eric Shubert e...@shubes.net wrote:
I didn't know you can disable quotas at the domain level (learn
something
new every day). I'd give it a shot. Oh, and please let us know how you
do
that, and how it works.
Well if you
Peter Peltonen wrote:
Hi,
On Sun, Nov 22, 2009 at 1:14 AM, Eric Shubert e...@shubes.net wrote:
Bad news: quotas are broken on QMT. I'm not sure to what extent. Easy
fix is
to change their account to unlimited. :(
Good news: quotas work better in a more recent vpopmail release
If you have QMT on both servers, and are using VPOPMail w/SQL, you can
configure the spam gateway server to use the db on the Main mail server.
That's the easiest way.
Michael J. Colvin
NorCal Internet Services
http://www.norcalisp.com/ www.norcalisp.com
http://www.norcalisp.com/
@qmailtoaster.com
Subject: RE: [qmailtoaster] smtproutes and RCPT to checking
Hi,
Sorry, the other server is Exchange.
Andrew.
From: Michael Colvin [mailto:mcol...@norcalisp.com]
Sent: 20 November 2009 18:56
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] smtproutes
everything in Vpopmail as well, but the
delivery would never go to Vpopmail because of the smtproutes?
Thanks.
Andrew.
From: Michael Colvin [mailto:mcol...@norcalisp.com]
Sent: 20 November 2009 19:31
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] smtproutes and RCPT
is to follow the quickie guide to
installing postfix.
If anyone has anything else to add or suggest, I am all ears.
Thanks,
Dave
Jake Vickers wrote:
Eric Shubert wrote:
Good question. I don't know the answer to that off hand.
Michael Colvin wrote:
Oh, I totally agree, Eric. I
In addition to Eric's suggestion of ensuring DNS records are pointing
correctly, check that the server you are using to send mail with (The
External server you mention) is not also set up to think it handles the
mail for your domain locally. If it is, it won't even look at DNS.
This is
Why not have the internal server deliver the mail itself? Is there a
particular reason you need to relay through the QMT servers?
Michael J. Colvin
NorCal Internet Services
www.norcalisp.com
-Original Message-
From: d...@acbsco.com [mailto:d...@acbsco.com]
Sent: Tuesday,
server does not restrict any
accounts with ending in solution-group.com.
Strange.
Dave
Michael Colvin wrote:
Why not have the internal server deliver the mail itself? Is there a
particular reason you need to relay through the QMT servers?
Michael J. Colvin
NorCal Internet Services
, and
it's easier to administer DKIM. That's just my opinion though.
Michael Colvin wrote:
I think you missed what I was trying to get at
Youre using your
internal servers for your users to connect to, and send mail, right?
Yet, you have your internal server try to relay through the QMT
Good point Eric... I didn't think of this, since I'm not yet using the QMT
in production yet, and am still using Qmailrocks (Is that a 4 letter word
around here? :-) ) w/Spamdyke set to handle TLS directly...So, in my case,
only Spamdyke is handling TLS, since my Qmail doesn't support it. (I
Like Eric mentioned, at this point, you need to take a look at the headers
of the spam e-mails that your users are getting. You need to find something
in the type of e-mails you're getting that you can filter on...
Or, as also mentioned, it might be an internal user that is bypassing some
of the
:.msi:.msp:.reg:.vbe:.vbs:.vxd:.wsc:.wsf:.wsh
See response above; Michael Colvin wrote:
Like Eric mentioned, at this point, you need to take a look at the
headers
of the spam e-mails that your users are getting. You need to find
something
in the type of e-mails you're getting that you
U... They should be. The should do one or the other. If they won't
delegate the IP space to you so that you can create your own ptr for that
IP, then they should do it for you.
If they won't do either, it's likely because they don't know how to, which
means they likely don't know what
If I'm not missing something here, you could modify your script and use it
to populate the VPOPMail MySQL database with your user/domain information.
Then have CHKUSER use that database to verify recipients. You'll also have
to update the rcpthosts file with the domains and the smtproutes file,
Is anyone running the QMT iso on a VMWare VM? I had one set up just to play
with, but noticed the clock keeps horrible time. I was able to adjust the
ticks to keep it more accurate, along with an hourly sync, but this seems
ridiculous. From what I've found, it's an issue with CentOS in a VM,
I've never used a Hosting Control Panel in our hosting operation... I've
always just built scripts to provision e-mail services, hosting, etc,
but it
seems more and more I'm getting requests for a control panel from my
hosting
customers.
I've been looking into various flavors of
Are the system clocks sync'd? I've had this bite me a couple times in the
past.
Michael J. Colvin
NorCal Internet Services
www.norcalisp.com
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Thursday, September 24, 2009 4:00 PM
To:
I've never used a Hosting Control Panel in our hosting operation... I've
always just built scripts to provision e-mail services, hosting, etc, but it
seems more and more I'm getting requests for a control panel from my hosting
customers.
I've been looking into various flavors of Control Panels,
:
Michael Colvin wrote:
I've never used a Hosting Control Panel in our hosting operation...
I've
always just built scripts to provision e-mail services, hosting, etc,
but it
seems more and more I'm getting requests for a control panel from my
hosting
customers.
I've been looking
If you won't want to pay $15, don't want to contact the other server's
admin, or you can't just get that domain's hosting yourself, you might
consider setting up another qmail server w/o tls, possibly on a virtual
machine or something, and use smtproutes on your main server, to send to
that new
We're naturally going to suggest you use a Redhat distro and QMT (you
*are* asking on our list!), but I'd say use whatever tool fits the job.
Of course. :-)
Sit down, figure out what your goals and timelines are. Weigh this with
what you need and mark milestones on your projected timeline.
Ok. This is probably a stupid question, but... It's Sunday, so I'm entitled
to one stupid question. :-)
I've been using Qmail for many years (10), although only admining one myself
for the past 3. I originally used Qmailrocks, and am aware of its
shortcomings and issues, compared to Modern
, and the QMT install was very easy compared
to Qmailrocks.
Just my thoughts
Cheers
-Original Message-
From: Michael Colvin [mailto:mcol...@norcalisp.com]
Sent: Monday, 17 August 2009 9:47 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Stupid Question...Or two.
Ok
73 matches
Mail list logo