Re: [qmailtoaster] letsencrypt certificate issue

2020-04-29 Thread Solo 



Hi.

I think Letsencrypt are for websites/servers and not for the specifik 
email which require another type of certificate than Letsencrypt issues 
- usually that is set up when qmail is installed (openssl) and placed 
/var/qmail/


/Finn vB

Den 29-04-2020 kl. 10:52 skrev ChandranManikandan:

Hi Remo,

FYI
ssl_cert = 
ssl_key = 

# the following will likely be the default at some point
ssl_dh_parameters_length = 2048


On Wed, Apr 29, 2020 at 11:48 AM Remo Mattei > wrote:


You need to check the /etc/dovecot/toaster.conf file that’s where
the cert for outlook and thunder lives.

Remo


On Apr 28, 2020, at 20:38, ChandranManikandan mailto:kand...@gmail.com>> wrote:

Hi Friends,

certbot renew command showing below message
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - -
Processing /etc/letsencrypt/renewal/xxx.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - -

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/xxx.com/fullchain.pem
 expires on 2020-06-27 (skipped)
No renewals were attempted.
- - - - - - - - - - - - - - -

But outlook, thunderbird showing the certificate issue and
certificate expire date is showing 28-Apr-2020 in thunderbird,
I have checked in website in the same certificate expiry date is
showing 27-06-2020.

Do i anything done mistake.
How do i check and fix the above issue.
Could anyone help me.
Appreciate your help.

Note: Centos 7 with qmailtoaster
-- 
*/Regards,

Manikandan.C
/*




--
*/Regards,
Manikandan.C
/*


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] SMTPS Port - Who is Failing ?

2020-04-22 Thread Solo 

Hi Eric / David.

My vpopmail.conf from fail2ban :

failregex = vchkpw-smtp: vpopmail user not found .*:$
vchkpw-smtps: vpopmail user not found .*:$
vchkpw-smtp: null password given .*:$
vchkpw-smtps: null password given .*:$
vchkpw-submission: null password given .*:$
vchkpw-submission: vpopmail user not found .*:$
vchkpw-submission: password fail .*:$
vchkpw-smtp: password fail .*:$
vchkpw-smtps: password fail .*:$
vchkpw-pop3: vpopmail user not found .*:$


scanning the maillog
and it catches a lot of attempts.

Set find/ban time to Your likings

Regards
/FvB

Den 22-04-2020 kl. 15:39 skrev Eric Broch:

Hi David,

I think you're on to something with fail2ban (keying off maillog). I was 
monitoring my smtps port (watching the certificate and encryption scroll 
by) using /usr/bin/recordio and /var/log/maillog and found that the bad 
guys are trying to login. Here are some failures from maillog:


vchkpw-smtps: vpopmail user not found 
testforu...@whitehorsetc.com:92.118.38.83


vchkpw-smtps: password fail (pass: 'somepassword') 
someu...@whitehorsetc.com:185.50.149.2


Maybe a fail2ban rule?!

Eric


On 4/18/2020 4:12 AM, David Bray wrote:

Hi thanks - yes can block that IP
But it’s not just one, and the solution is not fine enough
I want more of a fail2ban rule, bad use bad pass 3 strikes your out

I need to know they are mucking round.

I tried sending myself through the port with a bad password- sure it 
blocks it, but there is no log of the event - it looks like a legit, 
connection from Ann IP


On Sat, 18 Apr 2020 at 7:30 pm, Chris > wrote:


Here's a great article with instructions on how to implement an IP
blacklist in iptables. Unless you've got a user in Panama, it
looks like you's want to block 141.98.80.30

https://linux-audit.com/blocking-ip-addresses-in-linux-with-iptables/

On Sat, Apr 18, 2020 at 5:49 PM David Bray mailto:da...@brayworth.com.au>> wrote:

sure - thanks for replying, this comes in waves taking the
server to it's maximum at times

as far as I can see this only logs are this:

==> /var/log/qmail/smtps/current <==
2020-04-18 05:04:48.450871500 tcpserver: status: 6/60
2020-04-18 05:04:48.480785500 tcpserver: pid 13339 from
141.98.80.30
2020-04-18 05:04:48.480787500 tcpserver: ok 13339
dev.brayworth.com:172.105.181.18:465 :141.98.80.30::25638
2020-04-18 05:04:52.797644500 tcpserver: status: 7/60
2020-04-18 05:04:52.830767500 tcpserver: pid 13340 from
141.98.80.30
2020-04-18 05:04:52.830768500 tcpserver: ok 13340
dev.brayworth.com:172.105.181.18:465 :141.98.80.30::14862
2020-04-18 05:04:57.248902500 tcpserver: status: 8/60
2020-04-18 05:04:57.304003500 tcpserver: pid 13342 from
141.98.80.30
2020-04-18 05:04:57.304006500 tcpserver: ok 13342
dev.brayworth.com:172.105.181.18:465 :141.98.80.30::9646
2020-04-18 05:05:01.854790500 tcpserver: status: 9/60
2020-04-18 05:05:01.902265500 tcpserver: pid 13345 from
141.98.80.30
2020-04-18 05:05:01.902266500 tcpserver: ok 13345
dev.brayworth.com:172.105.181.18:465 :141.98.80.30::54058
2020-04-18 05:05:09.729711500 tcpserver: end 13338 status 256
2020-04-18 05:05:09.729713500 tcpserver: status: 8/60
2020-04-18 05:06:05.965715500 tcpserver: end 13342 status 256
2020-04-18 05:06:05.965716500 tcpserver: status: 7/60
2020-04-18 05:06:06.141272500 tcpserver: end 13340 status 256
2020-04-18 05:06:06.141273500 tcpserver: status: 6/60

David Bray
0418 745334
2 ∞ & <


On Sat, 18 Apr 2020 at 15:41, Eric Broch
mailto:ebr...@whitehorsetc.com>> wrote:

Can you send the log of one of the "bad" connections?

On 4/17/2020 10:59 PM, David Bray wrote:


I can see I'm getting hammered on my smtps port

How can I mitigate this?

I can see the IP's in /var/log/qmail/smtps/current

*but where do I actually see that the smtp auth actually
fails ?*

or do I need to increase the logging somewhere ?

if I tail -f /var/log/dovecot.log

I can see the imap and pop failures

thanks in advance

David Bray
0418 745334
2 ∞ & <


--
# David


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] iMAP under fire on my server

2019-10-13 Thread Solo 

Hi Tony.

What log do You expect entries in ? fail2ban.log ?

Make sure the regex in the filter.d/*.conf file You use matches the 
entries in the log file(s) it monitors



A good idea is to test the *.conf file using :
fail2ban-regex "path to the log to monitor"  "path to the fail2ban filter"

like : fail2ban-regex /var/log/qmail/submission/current 
/etc/fail2ban/filter.d/submission.conf


Hope this helps

Cheers
Finn

Den 13-10-2019 kl. 14:07 skrev Tony White:

Hi,
   Well I have enabled the two in the filter.d directory you mentioned
restarted/reloaded fail2ban and no change. Still no entries in the
log file.

best wishes
   Tony White

On 13/10/19 7:36 pm, Solo wrote:


Hi Tony.

Have You tried fail2ban ?

Cheers
Finn

Den 13-10-2019 kl. 05:01 skrev Tony White:

Hi folks,
   Sorry to disturb but I have been trying to fix this for two days now.

My iMap server is methodically (brute force) attacked over many many 
ips.
I have written scripts to auto block the ips but they only try twice 
for two

different names then us a different ip!.

Has anyone encountered this before and did you find a resolution for it?

Can I add an entry in the run scrip for a LOGIN FAILED to block the ip
first time it connects?

TIA :)

FYI the email addresses are not even remotely valid but it is 
frustrating.





-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com





-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] iMAP under fire on my server

2019-10-13 Thread Solo 

Hi Tony.

Have You tried fail2ban ?

Cheers
Finn

Den 13-10-2019 kl. 05:01 skrev Tony White:

Hi folks,
   Sorry to disturb but I have been trying to fix this for two days now.

My iMap server is methodically (brute force) attacked over many many ips.
I have written scripts to auto block the ips but they only try twice for 
two

different names then us a different ip!.

Has anyone encountered this before and did you find a resolution for it?

Can I add an entry in the run scrip for a LOGIN FAILED to block the ip
first time it connects?

TIA :)

FYI the email addresses are not even remotely valid but it is frustrating.




-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] Re: [Norton AntiSpam]Re: [qmailtoaster] Re: [Norton AntiSpam]Re: [qmailtoaster] SMTPS (port 465) is not working

2019-01-11 Thread Solo 
Hi Eric.

Awesome -THANX a bunch - it just works smoothely now.

Did I miss something installing the Qmail-1.03-3.1 ? I can tell from the
list that there has been some writing about the export content in the
smtps/run file, but my issue was there from since installing (I do have
tried different settings in the run file with no luck.)

Thanx again and Thanks for Your (and others) great work keeping all of
us Qmailers up running with latest and greatest.

/Finn


Den 11-01-2019 kl. 21:40 skrev Eric Broch:
> here's mine:
> 
> #!/bin/sh
> QMAILDUID=`id -u vpopmail`
> NOFILESGID=`id -g vpopmail`
> MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
> SMTPD="/var/qmail/bin/qmail-smtpd"
> TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
> HOSTNAME=`hostname`
> VCHKPW="/home/vpopmail/bin/vchkpw"
> RECORDIO="/usr/bin/recordio"
> RECORDIO=""
> export SMTPS=1
> export FORCETLS=0
> export SMTPAUTH="!"
> 
> 
> exec /usr/bin/softlimit -m 12800 \
>     /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
>     -u "$QMAILDUID" -g "$NOFILESGID" 0 465 \
>     $RECORDIO \
>     $SMTPD $VCHKPW /bin/true 2>&1
> 
> On 1/11/2019 1:36 PM, Solo wrote:
>> Hi Eric.
>>
>>
>> [root@post log]# cat /var/qmail/supervise/smtps/run
>> #!/bin/sh
>> QMAILDUID=`id -u vpopmail`
>> NOFILESGID=`id -g vpopmail`
>> MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
>> SMTPD="/var/qmail/bin/qmail-smtpd"
>> TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
>> HOSTNAME=`hostname`
>> VCHKPW="/home/vpopmail/bin/vchkpw"
>> export REQUIRE_AUTH=1
>> export SMTPS=1
>>
>> exec /usr/bin/softlimit -m 12800 \
>>  /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c
>> "$MAXSMTPD" \
>>  -u "$QMAILDUID" -g "$NOFILESGID" 0 465 \
>>  $SMTPD $VCHKPW /bin/true 2>&1
>>
>> /Finn
>> Den 11-01-2019 kl. 21:27 skrev Eric Broch:
>>> Post output of
>>>
>>> # cat /var/qmail/supervise/smtps/run
>>>
>>> please.
>>>
>>> On 1/11/2019 12:36 PM, Solo wrote:
>>>> Hi List.
>>>>
>>>>
>>>> I am facing #5.7.1 Sorry, that domain isn't in my list of allowed
>>>> rcpsthosts (CHKUSER)
>>>> whenever i am trying to send using SMTPS - port 465.
>>>>
>>>> I have created a new Minimal Centos7 server, installed qmail as per
>>>> the qmailtoaster.org receipe all the way to Qmail-1.03-3.1 (Dev repo)
>>>>
>>>> rsync'ed with -u not to overwrite newer controlfiles, from my
>>>> production
>>>> (Qmail-1.03-2.1), dumped database and checked all /var/qmail files and
>>>> made sure (I hope) that content in rcpthosts, virtualdomains etc was
>>>> like production server.
>>>>
>>>> It works very well until I try to use port 465 to submit an e-mail then
>>>> #5.7.1 Sorry, that domain isn't in my list of allowed rcpsthosts
>>>> (CHKUSER) is showing up on my Thunderbird
>>>>
>>>> This is the line in the SMTPS log
>>>>
>>>> 2019-01-11 16:38:47.075740500 CHKUSER accepted sender: from
>>>>  remote <[192.168.1.100]:unknown:xxx.xxx.xxx.xx> rcpt
>>>> <> : sender accepted
>>>> 2019-01-11 16:38:47.129749500 CHKUSER rejected relaying: from
>>>>  remote <[192.168.1.100]:unknown:xxx.xxx.xxx.xx> rcpt
>>>>  : client not allowed to relay
>>>>
>>>> and this is the lines from my submission log
>>>>
>>>> 2019-01-11 15:31:07.454431500 CHKUSER accepted sender: from
>>>>  remote
>>>> <[192.168.1.100]:unknown:xxx.xxx.xxx.xx> rcpt <> : sender accepted
>>>> 2019-01-11 15:31:07.505012500 CHKUSER relaying rcpt: from
>>>>  remote
>>>> <[192.168.1.100]:unknown:xxx.xxx.xxx.xx> rcpt  : client
>>>> allowed to relay
>>>>
>>>>
>>>> So why is the senders address  in the SMTPS log
>>>> and  in the Submission log
>>>>
>>>> I'm almost certain this is my issue because :: is not in the rcpthosts
>>>> file (I have tried a lot of different settings - and properly
>>>> running in
>>>> cirkles now so please -HELP)  - I have not tried, yet, to change
>>>> tcp.smtp to include ip-address:allow
>>>>
>>>> Cheers Finn von B
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> -
>>>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>>>> For additional commands, e-mail:
>>>> qmailtoaster-list-h...@qmailtoaster.com
>>>>
>> -
>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>>

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] Re: [Norton AntiSpam]Re: [qmailtoaster] SMTPS (port 465) is not working

2019-01-11 Thread Solo 
Hi Eric.


[root@post log]# cat /var/qmail/supervise/smtps/run
#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
export REQUIRE_AUTH=1
export SMTPS=1

exec /usr/bin/softlimit -m 12800 \
/usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 465 \
$SMTPD $VCHKPW /bin/true 2>&1

/Finn
Den 11-01-2019 kl. 21:27 skrev Eric Broch:
> Post output of
> 
> # cat /var/qmail/supervise/smtps/run
> 
> please.
> 
> On 1/11/2019 12:36 PM, Solo wrote:
>> Hi List.
>>
>>
>> I am facing #5.7.1 Sorry, that domain isn't in my list of allowed
>> rcpsthosts (CHKUSER)
>> whenever i am trying to send using SMTPS - port 465.
>>
>> I have created a new Minimal Centos7 server, installed qmail as per
>> the qmailtoaster.org receipe all the way to Qmail-1.03-3.1 (Dev repo)
>>
>> rsync'ed with -u not to overwrite newer controlfiles, from my production
>> (Qmail-1.03-2.1), dumped database and checked all /var/qmail files and
>> made sure (I hope) that content in rcpthosts, virtualdomains etc was
>> like production server.
>>
>> It works very well until I try to use port 465 to submit an e-mail then
>> #5.7.1 Sorry, that domain isn't in my list of allowed rcpsthosts
>> (CHKUSER) is showing up on my Thunderbird
>>
>> This is the line in the SMTPS log
>>
>> 2019-01-11 16:38:47.075740500 CHKUSER accepted sender: from
>>  remote <[192.168.1.100]:unknown:xxx.xxx.xxx.xx> rcpt
>> <> : sender accepted
>> 2019-01-11 16:38:47.129749500 CHKUSER rejected relaying: from
>>  remote <[192.168.1.100]:unknown:xxx.xxx.xxx.xx> rcpt
>>  : client not allowed to relay
>>
>> and this is the lines from my submission log
>>
>> 2019-01-11 15:31:07.454431500 CHKUSER accepted sender: from
>>  remote
>> <[192.168.1.100]:unknown:xxx.xxx.xxx.xx> rcpt <> : sender accepted
>> 2019-01-11 15:31:07.505012500 CHKUSER relaying rcpt: from
>>  remote
>> <[192.168.1.100]:unknown:xxx.xxx.xxx.xx> rcpt  : client
>> allowed to relay
>>
>>
>> So why is the senders address  in the SMTPS log
>> and  in the Submission log
>>
>> I'm almost certain this is my issue because :: is not in the rcpthosts
>> file (I have tried a lot of different settings - and properly running in
>> cirkles now so please -HELP)  - I have not tried, yet, to change
>> tcp.smtp to include ip-address:allow
>>
>> Cheers Finn von B
>>
>>
>>
>>
>>
>> -
>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>>

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] SMTPS (port 465) is not working

2019-01-11 Thread Solo 
Hi List.


I am facing #5.7.1 Sorry, that domain isn't in my list of allowed
rcpsthosts (CHKUSER)
whenever i am trying to send using SMTPS - port 465.

I have created a new Minimal Centos7 server, installed qmail as per
the qmailtoaster.org receipe all the way to Qmail-1.03-3.1 (Dev repo)

rsync'ed with -u not to overwrite newer controlfiles, from my production
(Qmail-1.03-2.1), dumped database and checked all /var/qmail files and
made sure (I hope) that content in rcpthosts, virtualdomains etc was
like production server.

It works very well until I try to use port 465 to submit an e-mail then
#5.7.1 Sorry, that domain isn't in my list of allowed rcpsthosts
(CHKUSER) is showing up on my Thunderbird

This is the line in the SMTPS log

2019-01-11 16:38:47.075740500 CHKUSER accepted sender: from
 remote <[192.168.1.100]:unknown:xxx.xxx.xxx.xx> rcpt
<> : sender accepted
2019-01-11 16:38:47.129749500 CHKUSER rejected relaying: from
 remote <[192.168.1.100]:unknown:xxx.xxx.xxx.xx> rcpt
 : client not allowed to relay

and this is the lines from my submission log

2019-01-11 15:31:07.454431500 CHKUSER accepted sender: from
 remote
<[192.168.1.100]:unknown:xxx.xxx.xxx.xx> rcpt <> : sender accepted
2019-01-11 15:31:07.505012500 CHKUSER relaying rcpt: from
 remote
<[192.168.1.100]:unknown:xxx.xxx.xxx.xx> rcpt  : client
allowed to relay


So why is the senders address  in the SMTPS log
and  in the Submission log

I'm almost certain this is my issue because :: is not in the rcpthosts
file (I have tried a lot of different settings - and properly running in
cirkles now so please -HELP)  - I have not tried, yet, to change
tcp.smtp to include ip-address:allow

Cheers Finn von B





-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] connection issues again.

2017-12-29 Thread Solo 
Hi Tony.

Yes I see a lot - in my logs I think it's those spammers that tries to
connect to Your server using a lot of different names and end up getting
 refused by vpopmail - se my logwatch file below (all ip addresses match
log entries in maillog and vpopmail)

- vpopmail Begin 


 No Such User Found:
4f3c5634.2010906@ - 1 Time(s)
abc@ - 1 Time(s)
ada@ - 1 Time(s)
agenda@ - 1 Time(s)
am@ - 1 Time(s)
benson@ - 1 Time(s)
biblioteca@ - 1 Time(s)
caja@ - 1 Time(s)
careers@ - 1 Time(s)

and so on

they time out usually.

Others!  correct if I'm wrong...

Regards,
Finn Von B

Den 29-12-2017 kl. 14:40 skrev Tony White:
> Hi folks,
>   Is anyone else seeing a single ip connecting hundreds even thousands
> of times but never sending any mail? I end up blocking these using iptables
> but I do not understand why it is happening.
> 
> TIA
> 
> Example
> 2017-12-30 00:31:31.653614500 tcpserver: status: 2/100
> 2017-12-30 00:31:31.653753500 tcpserver: pid 31242 from 114.229.162.93
> 2017-12-30 00:31:31.653820500 tcpserver: ok 31242
> indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::62277
> 2017-12-30 00:31:32.581728500 tcpserver: end 31242 status 0
> 2017-12-30 00:31:32.581729500 tcpserver: status: 1/100
> 2017-12-30 00:31:32.872455500 tcpserver: status: 2/100
> 2017-12-30 00:31:32.872564500 tcpserver: pid 31246 from 114.229.162.93
> 2017-12-30 00:31:32.872611500 tcpserver: ok 31246
> indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::62369
> 2017-12-30 00:31:33.862860500 tcpserver: end 31246 status 0
> 2017-12-30 00:31:33.862861500 tcpserver: status: 1/100
> 2017-12-30 00:31:34.375021500 tcpserver: status: 2/100
> 2017-12-30 00:31:34.375022500 tcpserver: pid 31248 from 114.229.162.93
> 2017-12-30 00:31:34.375056500 tcpserver: ok 31248
> indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::62461
> 2017-12-30 00:31:35.326643500 tcpserver: end 31248 status 0
> 2017-12-30 00:31:35.326645500 tcpserver: status: 1/100
> 2017-12-30 00:31:35.717309500 tcpserver: status: 2/100
> 2017-12-30 00:31:35.717443500 tcpserver: pid 31252 from 114.229.162.93
> 2017-12-30 00:31:35.717508500 tcpserver: ok 31252
> indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::62563
> 2017-12-30 00:31:36.657366500 tcpserver: end 31252 status 0
> 2017-12-30 00:31:36.657368500 tcpserver: status: 1/100
> 2017-12-30 00:31:37.007733500 tcpserver: status: 2/100
> 2017-12-30 00:31:37.007904500 tcpserver: pid 31254 from 114.229.162.93
> 2017-12-30 00:31:37.007983500 tcpserver: ok 31254
> indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::62637
> 2017-12-30 00:31:37.914884500 tcpserver: end 31254 status 0
> 2017-12-30 00:31:37.914885500 tcpserver: status: 1/100
> 2017-12-30 00:31:38.215151500 tcpserver: status: 2/100
> 2017-12-30 00:31:38.215252500 tcpserver: pid 31259 from 114.229.162.93
> 2017-12-30 00:31:38.215296500 tcpserver: ok 31259
> indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::62738
> 2017-12-30 00:31:39.110484500 tcpserver: end 31259 status 0
> 2017-12-30 00:31:39.110485500 tcpserver: status: 1/100
> 2017-12-30 00:31:39.433288500 tcpserver: status: 2/100
> 2017-12-30 00:31:39.433302500 tcpserver: pid 31261 from 114.229.162.93
> 2017-12-30 00:31:39.433357500 tcpserver: ok 31261
> indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::62831
> 2017-12-30 00:31:40.316270500 tcpserver: end 31261 status 0
> 2017-12-30 00:31:40.316271500 tcpserver: status: 1/100
> 2017-12-30 00:31:40.615598500 tcpserver: status: 2/100
> 2017-12-30 00:31:40.615698500 tcpserver: pid 31271 from 114.229.162.93
> 2017-12-30 00:31:40.615766500 tcpserver: ok 31271
> indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::62924
> 2017-12-30 00:31:41.496972500 tcpserver: end 31271 status 0
> 2017-12-30 00:31:41.496973500 tcpserver: status: 1/100
> 2017-12-30 00:31:41.873223500 tcpserver: status: 2/100
> 2017-12-30 00:31:41.873326500 tcpserver: pid 31273 from 114.229.162.93
> 2017-12-30 00:31:41.873371500 tcpserver: ok 31273
> indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::63007
> 2017-12-30 00:31:42.828193500 tcpserver: end 31273 status 0
> 2017-12-30 00:31:42.828194500 tcpserver: status: 1/100
> 2017-12-30 00:31:43.135644500 tcpserver: status: 2/100
> 2017-12-30 00:31:43.135749500 tcpserver: pid 31277 from 114.229.162.93
> 2017-12-30 00:31:43.135794500 tcpserver: ok 31277
> indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::63093
> 2017-12-30 00:31:44.067442500 tcpserver: end 31277 status 0
> 2017-12-30 00:31:44.067443500 tcpserver: status: 1/100
> 2017-12-30 00:31:44.362100500 tcpserver: status: 2/100
> 2017-12-30 00:31:44.362188500 tcpserver: pid 31282 from 114.229.162.93
> 2017-12-30 00:31:44.362231500 tcpserver: ok 31282
> indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::63184
> 2017-12-30 00:31:45.274625500 tcpserver: end 31282 status 0
> 2017-12-30 00:31:45.274626500 tcpserver: status: 1/100
>

Re: [qmailtoaster] how to block a complete tld

2016-08-31 Thread Solo 


Well maybe I was a bit to hasty - I'm blocking domains but I think it 
will work any way


format  is @.xxx and one per line in a file (if You have many) check 
spamdyke documentation for info on what is fastest in Your case


In my spamdyke.conf I have : sender-blacklist-file=/etc/spamdyke/name_on
_the_file

and I do restart qmail

Thats's it

/


Den 31-08-2016 kl. 19:45 skrev Solo:

Hi Rajesh.

I'm using spamdyke' blacklist_senders for the purpose - if You have many
tld's to block make a file and point spamdyke.conf to that file (put it
under /etc/spamdyke or whereever You have spamdyke files)

To make sure it works You can change log level in spamdyke.conf to
verbose and check the maillog file afterwards to verify it trickers the
filter - remember to set the level back to info or whatever to minimize
filling up the log)

Cheers
/

Den 31-08-2016 kl. 19:17 skrev Rajesh M:

hi

we are getting a lot of spam from tlds like : .link, .cricket, .land
etc and wish to block these tlds using wildcard.

i tried to use the qmail badmailfrom and put a sample

@*.land

but this started blocking a customer : landsmartconsultants.com

i was also thinking of using spamdyke blacklists.

what would be the correct syntax to block such tlds.

and whether to use spamdyke or qmail badmailfrom.

thanks
rajesh






-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com





-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] how to block a complete tld

2016-08-31 Thread Solo 

Hi Rajesh.

I'm using spamdyke' blacklist_senders for the purpose - if You have many 
tld's to block make a file and point spamdyke.conf to that file (put it 
under /etc/spamdyke or whereever You have spamdyke files)


To make sure it works You can change log level in spamdyke.conf to 
verbose and check the maillog file afterwards to verify it trickers the 
filter - remember to set the level back to info or whatever to minimize 
filling up the log)


Cheers
/

Den 31-08-2016 kl. 19:17 skrev Rajesh M:

hi

we are getting a lot of spam from tlds like : .link, .cricket, .land etc and 
wish to block these tlds using wildcard.

i tried to use the qmail badmailfrom and put a sample

@*.land

but this started blocking a customer : landsmartconsultants.com

i was also thinking of using spamdyke blacklists.

what would be the correct syntax to block such tlds.

and whether to use spamdyke or qmail badmailfrom.

thanks
rajesh






-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] qmail todo queue

2016-04-14 Thread Solo 


Hi Eric.

I think there was a tool called qmHandle that might be of use.

Regards,
Finn


Den 14-04-2016 kl. 21:22 skrev Eric:

Hi list,

I have an email in the todo queue and has been their for about 30 hrs.
with no attempt to deliver. Is their any way to remove this from the
queue other than manually (I've heard rumblings against this)?
Below are the places where the message resides in the queue. I've run
"queue_repair.py -r" multiple times as well as 'qmqtool -r' to no avail.
Will Qmail eventually remove this from the queue?

# find /var/qmail/queue -type f ! -empty
/var/qmail/queue/mess/12/101040323
/var/qmail/queue/intd/101040323
/var/qmail/queue/todo/101040323


# ls -l /var/qmail/queue/todo
total 4
-rw--- 2 qmailq qmail 59 Apr 13 21:57 101040323

#  ls -l /var/qmail/queue/mess/*
/var/qmail/queue/mess/12:
total 404
-rw-r--r-- 1 qmailq qmail 410859 Apr 13 21:57 101040323

# ls -l /var/qmail/queue/intd
total 4
-rw--- 2 qmailq qmail 59 Apr 13 21:57 101040323

EricB








-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com





-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Script for detecting mail abuse

2016-02-02 Thread Solo 

Hi Again Dan.

Sorry for my getting back to You but regarding Your thought 3 - I think 
You must have a different setup from mine - my submission port 587 
requires auth from the 'sender' (from field) - meaning he/she has to be 
a known qmail user - hence REQUIRE_AUTH=1.


I may be totally wrong (properly) or more likely missed Your point or 
using an obsolete client ?


As I see it, the catch is if someone changes the submission port to the 
smtp port in their mailclient - removes authentication - then there's an 
issue.


Regards,
Finn

Den 01-02-2016 kl. 20:07 skrev Dan McAllister:

Greetings all

I was reading some earlier posts from Raj, Jim, & Eric with regards to
detecting WHO is abusing your server, so I thought I'd share some of my
thoughts & solutions:

Thought 1: I force all RELAY traffic to occur on port 587 (with or
without TLS)
  - I do this using *spamdyke *-- using _different rules_ for port 25
and port 587. Under MY rules:
- port 25 DOES NOT ALLOW authentication, and thus will not RELAY at all
- port 587 REQUIRES authentication, and also supports TLS (SSL)
NOTE: You can do this in the RUN parts inside your submission folders
  That is:
 1) in the folder //etc/spamdyke/, copy your existing
*spamdyke.conf* to *submission.conf*
 and to avoid confusion, I personally also make a copy
called *smtp.conf*
 2) Edit the *submission.conf* file to say
/*smtp-auth-level=always*/ (actually, I set it to /*always-encrypted
*/== but that requires a valid SSL certificate, which goes beyond this note)
 3) Edit the *smtp.conf *file to say /*smtp-auth-level=none*/
(this DISALLOWS smtp authentication, even if QMail is configured to
allow it!)
 4) In the folder //var/qmail/supervise/smtp /edit the file
named *run
* Assuming you previously installed and configured
*spamdyke*, you'll have entries that look like:
/*   SPAMDYKE=/usr/local/bin/spamdyke*//*
*//*SPAMDYKEFLAGS=' -f /etc/spamdyke/spamdyke.conf'
*/Change the SPAMDYKEFLAGS value to point to your new smtp.conf - in
other words, use the line:
/*SPAMDYKEFLAGS=' -f /etc/spamdyke/smtp.conf'
*/5) In the folder //var/qmail/supervise/submission /edit the
file named *run
* Again, assuming you previously installed and configured
*spamdyke*, you'll have entries that look like:
/*   SPAMDYKE=/usr/local/bin/spamdyke*//*
*//*SPAMDYKEFLAGS=' -f /etc/spamdyke/spamdyke.conf'
*/Change the SPAMDYKEFLAGS value to point to your new submission.conf -
in other words, use the line:
/*SPAMDYKEFLAGS=' -f /etc/spamdyke/submission.conf'
*/6) NOTE: If you are using the smtp-ssl mod (that is, you're
also listening on port 465), you will need to repeat the above steps for
your 3rd SMTP listening daemon
/**/7) Restart your toaster with the command '_*qmailctl restart*_'
 Now you have limited port 25 to NO AUTH, and you've set port 587 to
require AUTH (possibly with encryption), and you may have set port 465
to require auth (typically only with encryption)

Thought 2: I use the qmlog program (originally by Fabio Olaechea, but
translated to English & enhanced by our own Eric Shubert)
My search for the source on the Internet met with failure (it used
to be part of the qtp suite of add-ons), so I have a copy located at
/*http://www.it4soho.com/qmlog
*/If you download it from there, save it to /usr/bin or /usr/sbin
(either should work)
What's special about qmlog? It's a single program that can be used
to fetch QMail logs for any of the services, AND it automatically
converts the timestamp into Human-Readable form!
/*
*/Thought 3: One of the most common abuses of Qmail is the ability to
send AS ANYONE once you've been authenticated.
   What I mean by that is:
 - suppose you have 3 accounts on your QMT server (a...@domaina.com;
a...@domaina.com; & b...@domainb.com)
 - suppose you configure your mail client to connect to the
SUBMISSION port on your mail server with the auth credentials of
a...@domaina.com.
Once you're connected and authenticated, you can send mail as
a...@domaina.com, or a...@domaina.com, or b...@domainb.com, or even
anyu...@anydomain.com
 - This is all well and good when Suzy in Sales sends mail from the
sa...@domaina.com account instead of her own
 - This is a little problematic when Suzy in Sales sends mail from
a...@domaina.com, who happens to be a coworker she doesn't have
authorization to send mail for
 - This is VERY problematic when Suzy in Sales sends mail from
u...@hotmail.com or any other outside domain
The server will ALLOW all of these -- so you need to periodically
CATCH them!
*
*So, assuming you have the qmlog program mentioned above, put it in your
path, then use the attached checkmailfraud.sh script.
   NOTE: The script is DESIGNED to send you a TEXT MESSAGE when the
number of

Re: [qmailtoaster] Script for detecting mail abuse

2016-02-02 Thread Solo 

Hi Dan.

I have a 'export REQUIRE_AUTH=1' in my submission run file and 'export 
REQUIRE_AUTH=0' in the smtp run file.


Aren't they doing the same ?


Regards,
Finn

Den 01-02-2016 kl. 20:07 skrev Dan McAllister:

Greetings all

I was reading some earlier posts from Raj, Jim, & Eric with regards to
detecting WHO is abusing your server, so I thought I'd share some of my
thoughts & solutions:

Thought 1: I force all RELAY traffic to occur on port 587 (with or
without TLS)
  - I do this using *spamdyke *-- using _different rules_ for port 25
and port 587. Under MY rules:
- port 25 DOES NOT ALLOW authentication, and thus will not RELAY at all
- port 587 REQUIRES authentication, and also supports TLS (SSL)
NOTE: You can do this in the RUN parts inside your submission folders
  That is:
 1) in the folder //etc/spamdyke/, copy your existing
*spamdyke.conf* to *submission.conf*
 and to avoid confusion, I personally also make a copy
called *smtp.conf*
 2) Edit the *submission.conf* file to say
/*smtp-auth-level=always*/ (actually, I set it to /*always-encrypted
*/== but that requires a valid SSL certificate, which goes beyond this note)
 3) Edit the *smtp.conf *file to say /*smtp-auth-level=none*/
(this DISALLOWS smtp authentication, even if QMail is configured to
allow it!)
 4) In the folder //var/qmail/supervise/smtp /edit the file
named *run
* Assuming you previously installed and configured
*spamdyke*, you'll have entries that look like:
/*   SPAMDYKE=/usr/local/bin/spamdyke*//*
*//*SPAMDYKEFLAGS=' -f /etc/spamdyke/spamdyke.conf'
*/Change the SPAMDYKEFLAGS value to point to your new smtp.conf - in
other words, use the line:
/*SPAMDYKEFLAGS=' -f /etc/spamdyke/smtp.conf'
*/5) In the folder //var/qmail/supervise/submission /edit the
file named *run
* Again, assuming you previously installed and configured
*spamdyke*, you'll have entries that look like:
/*   SPAMDYKE=/usr/local/bin/spamdyke*//*
*//*SPAMDYKEFLAGS=' -f /etc/spamdyke/spamdyke.conf'
*/Change the SPAMDYKEFLAGS value to point to your new submission.conf -
in other words, use the line:
/*SPAMDYKEFLAGS=' -f /etc/spamdyke/submission.conf'
*/6) NOTE: If you are using the smtp-ssl mod (that is, you're
also listening on port 465), you will need to repeat the above steps for
your 3rd SMTP listening daemon
/**/7) Restart your toaster with the command '_*qmailctl restart*_'
 Now you have limited port 25 to NO AUTH, and you've set port 587 to
require AUTH (possibly with encryption), and you may have set port 465
to require auth (typically only with encryption)

Thought 2: I use the qmlog program (originally by Fabio Olaechea, but
translated to English & enhanced by our own Eric Shubert)
My search for the source on the Internet met with failure (it used
to be part of the qtp suite of add-ons), so I have a copy located at
/*http://www.it4soho.com/qmlog
*/If you download it from there, save it to /usr/bin or /usr/sbin
(either should work)
What's special about qmlog? It's a single program that can be used
to fetch QMail logs for any of the services, AND it automatically
converts the timestamp into Human-Readable form!
/*
*/Thought 3: One of the most common abuses of Qmail is the ability to
send AS ANYONE once you've been authenticated.
   What I mean by that is:
 - suppose you have 3 accounts on your QMT server (a...@domaina.com;
a...@domaina.com; & b...@domainb.com)
 - suppose you configure your mail client to connect to the
SUBMISSION port on your mail server with the auth credentials of
a...@domaina.com.
Once you're connected and authenticated, you can send mail as
a...@domaina.com, or a...@domaina.com, or b...@domainb.com, or even
anyu...@anydomain.com
 - This is all well and good when Suzy in Sales sends mail from the
sa...@domaina.com account instead of her own
 - This is a little problematic when Suzy in Sales sends mail from
a...@domaina.com, who happens to be a coworker she doesn't have
authorization to send mail for
 - This is VERY problematic when Suzy in Sales sends mail from
u...@hotmail.com or any other outside domain
The server will ALLOW all of these -- so you need to periodically
CATCH them!
*
*So, assuming you have the qmlog program mentioned above, put it in your
path, then use the attached checkmailfraud.sh script.
   NOTE: The script is DESIGNED to send you a TEXT MESSAGE when the
number of suspected fraudulent entries PER USER exceeds a threshhold.
   YOU CANNOT USE THE SCRIPT WITHOUT EDITING IT and placing your own TO:
(SMS email interface) and FROM: (local email address) entries at the top.
   The Threshhold value (also at the top) is adjustable, and SMS
messages should only go out if fraud has indeed been protected.
   Finally, I have NOT YET coded the exclusion so

Re: [qmailtoaster] clamav-99.0-2 ?

2016-02-01 Thread Solo 

Eric.

Yep You're right - even though error free compilation - same issue.
Looking into the config logs, pcre is compiled and linked (/usr ) - strange.

I do see some missing libraries also in the log - libraries that somehow 
has lpcre as argument so maybe my setup is not the best for this purpose.



/Finn


Den 01-02-2016 kl. 15:43 skrev Solo:

But until I did the yum install pcre I got the errors during ./configure
- it does check the libs I guess ? (many years since compiling was a
daily/weekly occurence)

Well I must do a test tonight - I'm sure You're right - it's been to
easy considered what the issue has caused others when reading the net

/Finn


Den 01-02-2016 kl. 15:08 skrev Eric:

Restart clamd and you'll see the error. With no parameter to --with-pcre
clamav looks for the pcre libs in /usr/local/lib or /usr/lib. They are
in /usr/lib64 and /lib64 on CentOS machines.

On 2/1/2016 6:17 AM, Solo wrote:

Hi Eric.

I have no development server running but I had to make some changes to
my nginx servers the other day (compile with geo-codes to get rid of
Russian attacks) so I did grab latest clamav-0.99 source and I managed
to run
./configure --with-pcre
make (compile it) no problems at all

Catch is though that they are running COS7 and my qmail is COS6 (
2.6.32-573.8.1.el6.x86_64) and based upon Your, Shubes and all the
other great people at the qmailtoaster community's nice packages that
makes life so much easier for us users.

But I did try to install the needed packages on the COS6 production
server (yum install pcre - which gave me updates to the base and the
epel based pcre libraries and prevented the issue You also ran into
regarding libpcre)
I ran ./configure --with-pcre  - just fine
then a make - just fine
and a make check that also did well (  6 tests passed 7 not run).

If time permits tonight I will make some backups and do a make install
on the COS6.

/Finn


Den 31-01-2016 kl. 18:35 skrev Eric:

Finn,

I did a couple things since our last email exchange:

1) yum install *pcre2*
2) ls /usr/lib64 (locate pcre libs)

/usr/lib64/libpcre2-posix.so.0.0.1
/usr/lib64/libpcre2-16.so
/usr/lib64/pkgconfig/libpcre.pc
/usr/lib64/pkgconfig/libpcre2-8.pc
/usr/lib64/pkgconfig/libpcre2-32.pc
/usr/lib64/pkgconfig/libpcre2-posix.pc
/usr/lib64/pkgconfig/libpcre2-16.pc
/usr/lib64/pkgconfig/libpcrecpp.pc
/usr/lib64/libpcre2-32.so.0.3.0
/usr/lib64/libpcre2-32.a
/usr/lib64/libpcreposix.a
/usr/lib64/libpcrecpp.so.0
/usr/lib64/libpcre2-32.so
/usr/lib64/libpcre.so
/usr/lib64/libpcre2-8.so.0.3.0
/usr/lib64/libpcre2-posix.so.0
/usr/lib64/libpcre2-8.a
/usr/lib64/libpcrecpp.so.0.0.0
/usr/lib64/libpcre2-16.a
/usr/lib64/libpcreposix.so
/usr/lib64/libpcrecpp.a
/usr/lib64/libpcre2-16.so.0
/usr/lib64/libpcreposix.so.0
/usr/lib64/libpcre2-16.so.0.3.0
/usr/lib64/libpcre.a
/usr/lib64/libpcre2-8.so
/usr/lib64/libpcre2-8.so.0
/usr/lib64/libpcre2-posix.a
/usr/lib64/libpcreposix.so.0.0.0
/usr/lib64/libpcre2-32.so.0
/usr/lib64/libpcrecpp.so
/usr/lib64/libpcre2-posix.so
/lib64/libpcre.so.0.0.1
/lib64/libpcre.so.0

3) Added --with-pcre=/usr/lib64 to the configure section in clamav.spec
4) Created the source rpm: "rpmbuild -bs --define "dist .qt"
SPECS/clamav.spec"
5) Compiled source rpm:  "rpmbuild --rebuild --define "dist .qt.el6"
SRPMS/clamav-0.99-2.qt.src.rpm &>
SRPMS/clamav-0.99-2.qt.x86_64.build.txt &"

During the configure portion of the last step I got the following
error:


checking for libpcre installation... not found
configure: error: cannot locate libpcre at /usr/lib64
error: Bad exit status from /var/tmp/rpm-tmp.UYRJcn (%build)


RPM build errors:
 Bad exit status from /var/tmp/rpm-tmp.UYRJcn (%build)


So, the pcre that comes with the CentOS 6 base and pcre2 that comes
with
EPEL does not seem sufficient to complete the creation of the binary.
I'm not sure what's going on.
I'm looking forward to hearing back from Solo.

Eric


On 1/31/2016 10:01 AM, Solo wrote:

Hi Eric.

I've found someone that claims to have fixed the issue and are in
process of writing to that list (BlueOnyx - Michael Stauber) asking
what the fix is - I will get back to You.

/Finn

Den 31-01-2016 kl. 17:38 skrev Eric:

Hi Finn,

I've been working on that...well not of late, within the past
month, but
I have all PCREs libs installed on my server and have enabled PCRE in
the configuration options of clamav.spec (--with-pcre=[DIR]) to no
avail. I've googled the problem and have come up empty. I suspect
that
clamav needs a later version of PCRE, but am not sure. I'll get
back to
working on it and let you know. If anyone in the community knows of a
solution to this please let me know.

This is the error I'm getting on restart of clamd: Starting Clam
AntiVirus Daemon: LibClamAV Warning: cli_loadldb: logical signature
for
Win.Trojan.ssid18332 uses PCREs but support is disabled, skipping

Eric

On 1/31/2016 8:14 AM, Solo wrote:

Hi Eric - all.

This below inserted message has been showing up for a

Re: [qmailtoaster] clamav-99.0-2 ?

2016-02-01 Thread Solo 
But until I did the yum install pcre I got the errors during ./configure 
- it does check the libs I guess ? (many years since compiling was a 
daily/weekly occurence)


Well I must do a test tonight - I'm sure You're right - it's been to 
easy considered what the issue has caused others when reading the net


/Finn


Den 01-02-2016 kl. 15:08 skrev Eric:

Restart clamd and you'll see the error. With no parameter to --with-pcre
clamav looks for the pcre libs in /usr/local/lib or /usr/lib. They are
in /usr/lib64 and /lib64 on CentOS machines.

On 2/1/2016 6:17 AM, Solo wrote:

Hi Eric.

I have no development server running but I had to make some changes to
my nginx servers the other day (compile with geo-codes to get rid of
Russian attacks) so I did grab latest clamav-0.99 source and I managed
to run
./configure --with-pcre
make (compile it) no problems at all

Catch is though that they are running COS7 and my qmail is COS6 (
2.6.32-573.8.1.el6.x86_64) and based upon Your, Shubes and all the
other great people at the qmailtoaster community's nice packages that
makes life so much easier for us users.

But I did try to install the needed packages on the COS6 production
server (yum install pcre - which gave me updates to the base and the
epel based pcre libraries and prevented the issue You also ran into
regarding libpcre)
I ran ./configure --with-pcre  - just fine
then a make - just fine
and a make check that also did well (  6 tests passed 7 not run).

If time permits tonight I will make some backups and do a make install
on the COS6.

/Finn


Den 31-01-2016 kl. 18:35 skrev Eric:

Finn,

I did a couple things since our last email exchange:

1) yum install *pcre2*
2) ls /usr/lib64 (locate pcre libs)

/usr/lib64/libpcre2-posix.so.0.0.1
/usr/lib64/libpcre2-16.so
/usr/lib64/pkgconfig/libpcre.pc
/usr/lib64/pkgconfig/libpcre2-8.pc
/usr/lib64/pkgconfig/libpcre2-32.pc
/usr/lib64/pkgconfig/libpcre2-posix.pc
/usr/lib64/pkgconfig/libpcre2-16.pc
/usr/lib64/pkgconfig/libpcrecpp.pc
/usr/lib64/libpcre2-32.so.0.3.0
/usr/lib64/libpcre2-32.a
/usr/lib64/libpcreposix.a
/usr/lib64/libpcrecpp.so.0
/usr/lib64/libpcre2-32.so
/usr/lib64/libpcre.so
/usr/lib64/libpcre2-8.so.0.3.0
/usr/lib64/libpcre2-posix.so.0
/usr/lib64/libpcre2-8.a
/usr/lib64/libpcrecpp.so.0.0.0
/usr/lib64/libpcre2-16.a
/usr/lib64/libpcreposix.so
/usr/lib64/libpcrecpp.a
/usr/lib64/libpcre2-16.so.0
/usr/lib64/libpcreposix.so.0
/usr/lib64/libpcre2-16.so.0.3.0
/usr/lib64/libpcre.a
/usr/lib64/libpcre2-8.so
/usr/lib64/libpcre2-8.so.0
/usr/lib64/libpcre2-posix.a
/usr/lib64/libpcreposix.so.0.0.0
/usr/lib64/libpcre2-32.so.0
/usr/lib64/libpcrecpp.so
/usr/lib64/libpcre2-posix.so
/lib64/libpcre.so.0.0.1
/lib64/libpcre.so.0

3) Added --with-pcre=/usr/lib64 to the configure section in clamav.spec
4) Created the source rpm: "rpmbuild -bs --define "dist .qt"
SPECS/clamav.spec"
5) Compiled source rpm:  "rpmbuild --rebuild --define "dist .qt.el6"
SRPMS/clamav-0.99-2.qt.src.rpm &>
SRPMS/clamav-0.99-2.qt.x86_64.build.txt &"

During the configure portion of the last step I got the following error:


checking for libpcre installation... not found
configure: error: cannot locate libpcre at /usr/lib64
error: Bad exit status from /var/tmp/rpm-tmp.UYRJcn (%build)


RPM build errors:
 Bad exit status from /var/tmp/rpm-tmp.UYRJcn (%build)


So, the pcre that comes with the CentOS 6 base and pcre2 that comes with
EPEL does not seem sufficient to complete the creation of the binary.
I'm not sure what's going on.
I'm looking forward to hearing back from Solo.

Eric


On 1/31/2016 10:01 AM, Solo wrote:

Hi Eric.

I've found someone that claims to have fixed the issue and are in
process of writing to that list (BlueOnyx - Michael Stauber) asking
what the fix is - I will get back to You.

/Finn

Den 31-01-2016 kl. 17:38 skrev Eric:

Hi Finn,

I've been working on that...well not of late, within the past
month, but
I have all PCREs libs installed on my server and have enabled PCRE in
the configuration options of clamav.spec (--with-pcre=[DIR]) to no
avail. I've googled the problem and have come up empty. I suspect that
clamav needs a later version of PCRE, but am not sure. I'll get
back to
working on it and let you know. If anyone in the community knows of a
solution to this please let me know.

This is the error I'm getting on restart of clamd: Starting Clam
AntiVirus Daemon: LibClamAV Warning: cli_loadldb: logical signature
for
Win.Trojan.ssid18332 uses PCREs but support is disabled, skipping

Eric

On 1/31/2016 8:14 AM, Solo wrote:

Hi Eric - all.

This below inserted message has been showing up for a while.


[LibClamAV] cli_loadldb: logical signature for Win.Trojan.ssid18332
uses PCREs but support is disabled, skipping
daily.cld updated (version: 21326, sigs: 1824272, f-level: 63,
builder: neo)



Any chance of getting a clamav compilation including PCRE ?


Thanks,
Finn

Re: [qmailtoaster] clamav-99.0-2 ?

2016-01-31 Thread Solo 

Hi Eric.

I've found someone that claims to have fixed the issue and are in 
process of writing to that list (BlueOnyx - Michael Stauber) asking what 
the fix is - I will get back to You.


/Finn

Den 31-01-2016 kl. 17:38 skrev Eric:

Hi Finn,

I've been working on that...well not of late, within the past month, but
I have all PCREs libs installed on my server and have enabled PCRE in
the configuration options of clamav.spec (--with-pcre=[DIR]) to no
avail. I've googled the problem and have come up empty. I suspect that
clamav needs a later version of PCRE, but am not sure. I'll get back to
working on it and let you know. If anyone in the community knows of a
solution to this please let me know.

This is the error I'm getting on restart of clamd: Starting Clam
AntiVirus Daemon: LibClamAV Warning: cli_loadldb: logical signature for
Win.Trojan.ssid18332 uses PCREs but support is disabled, skipping

Eric

On 1/31/2016 8:14 AM, Solo wrote:

Hi Eric - all.

This below inserted message has been showing up for a while.


[LibClamAV] cli_loadldb: logical signature for Win.Trojan.ssid18332
uses PCREs but support is disabled, skipping
daily.cld updated (version: 21326, sigs: 1824272, f-level: 63,
builder: neo)



Any chance of getting a clamav compilation including PCRE ?


Thanks,
Finn

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com





-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] clamav-99.0-2 ?

2016-01-31 Thread Solo 

Hi Eric - all.

This below inserted message has been showing up for a while.


[LibClamAV] cli_loadldb: logical signature for Win.Trojan.ssid18332 uses 
PCREs but support is disabled, skipping
daily.cld updated (version: 21326, sigs: 1824272, f-level: 63, 
builder: neo)




Any chance of getting a clamav compilation including PCRE ?


Thanks,
Finn

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com