RE: [qmailtoaster] rpcbind

I personally disable portmap and all RPC services on my servers. Even NFS is now at v4 and uses TCP and well-known-ports, not the portmapper. I have no issues with QMT working in that environment. There are a HOST of other services that come in a startup CentOS 6 or CentOS 7 install – I ALWA

RE: Fwd: Re: [qmailtoaster] centos 6

at an intruder will not enter via port 25 (i.e. through qmail). But running the web server (for webmail) markedly increases the risk. QUESTION: could a webserver SQL-injection retrieve the cleartext passwords? -Andy On 10/2/2018 5:02 AM, Dan McAllister - QMT DNS wrote: > I know I'm &q

RE: Fwd: Re: [qmailtoaster] centos 6

I know I'm "Johnny-come-lately" on this topic, but I can explain the results you're seeing and have seen the same myself: The QMT vpopmail default setup saves the hashed password, as well as the first 16-characters of the clear-text password, in the MySQL database. That has already been establi

RE: [qmailtoaster] simscan - bad attachment: d

Eric - I've been away - looks like an appropriate patch to me. Dan From: Eric Broch Sent: Friday, September 21, 2018 2:24 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] simscan - bad attachment: d I'll ask again, is the qmailtoaster community in agreement that t

RE: [qmailtoaster] COS 6.10 qmt build error.

There are quite a few left -- mostly set and forgotten about, but still working 😊 Dan -Original Message- From: Eric Broch Sent: Tuesday, September 11, 2018 5:33 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] COS 6.10 qmt build error. Tony, And replace http://mi

RE: [qmailtoaster] COS 6.10 qmt build error.

Tony: One of our mirrors is apparently using SSL on their site and don't have a copy of OUR SSL Certificate (yes, I have one for qmailtoaster.com)... I'll have to research who it is, but I'll try to work with them. In the meantime, I suggest simply re-trying... there should be other mirrors tha

RE: [qmailtoaster] Rainloop removed squirrelmail

your apache config properly. Best Regads, Dan McAllister QMT DNS & Mirror Admin From: Remo Mattei Sent: Monday, August 20, 2018 11:13 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Rainloop removed squirrelmail Hello guys, I installed rainloop and rem

RE: [qmailtoaster] Upgrading openssl in an old Qmailtoaster install

UTDOWN? Because they have known vulnerabilities and we (the server admin community) have had SEVERAL YEARS now to address them. I just thought you (gentle readers) might want to know the reason WHY your 15-year-old QMT installation is starting to fail! LOL Dan McAllister QMT DNS Admin -O

RE: [qmailtoaster] Odd msg numbers in /var/log/qmail/send/current

There is nothing unusual about the message numbers: to essentially guarantee a unique number, Qmail uses the inode address (inode number) of the file as the message number. Your inodes are being used and released as normal, and there are blocks the get reused over and over Dan From: Chr

RE: [qmailtoaster] dmarc implementation

A couple of things: 1) The QMail DKIM solution works well -- EXCEPT when connecting to other QMail DKIM enabled systems, at which point it tends to disallow messages. No one has found a fix for this, to the standard is to keep DKIM turned OFF. 2) DMARC is not a security implementation like SPF

RE: [qmailtoaster] Fail2ban for Squirrelmail.

My understanding of SquirrelMail is old (limited) because so many of my users prefer the RoundCube (I offer both)... You get 1 if you go to mail.domain and the other if you go to webmail.domain In any case, I will have to look but I thought SM didn't write system logs when users failed on auth.

RE: [qmailtoaster] connection issues again.

Indeed: my systems use fail2ban on both smtp-auth and imap-auth (which is how both squirrelmail and roundcube authenticate) -- the only issue is that you have to whitelist/exclude from the test the SquirrelMail server itself (127.0.0.1 usually). I am not aware of (and would love to get info on)

[qmailtoaster] DNS services -- ATTN DNS MIRROR ADMINS!

NOTE: If you are a QMailToaster DNS mirror, we need for you to make a change to your configuration: The OLD IP address of the master DNS server has changed (no longer 71..28) The new and correct IP address is 47.206.57.8 Please update ASAP and email me here (

RE: [qmailtoaster] Fwd: qmhandle

I like Eric's collection there -- I couldn't do my job without qmlog! :) Dan -Original Message- From: Eric Broch [mailto:ebr...@whitehorsetc.com] Sent: Friday, February 17, 2017 10:11 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Fwd: qmhandle ftp://ftp.qmailtoas

RE: [qmailtoaster] Fwd: qmhandle

Qmtool and qmhandle are part of what used to be QmailToasterPlus -- and are not "standard". They are just scripts (and actually in need of some cleaning up -- they can be buggy in some cases). Never the less, you can fetch copies from my file server if you like http://mirror0.qmailtoaster.com/

RE: [qmailtoaster] SQwebmail

Roundcube is the service most of my clients prefer. It will work with either Courier or Dovecot It can work side-by-side with other webmail options (that's how I determined that my clients prefer RC -- I let them choose! Dan -Original Message- From: CarlC Internet Services Service Desk [m

RE: [qmailtoaster] SMTP run script

The RUN file for SMTP is (or should be) nearly identical to the one for SUBMISSION (and, if you're using it, SMTP-SSL). The differences will be: - change port 587 to port 25 (note, your files may show "smtp" or "submission" in the command line -- I prefer NOT to make it lookup those values every t

RE: [qmailtoaster] question about qmailtoaster and + as a delimiter instead of the default - option

default - option Thanks for clearing it up Dan. On 2/3/2017 3:11 PM, Dan McAllister - QMT DNS Admin wrote: Just catching up on emails in this box, and have 4 notes on this topic: 1. The dash being a delimiter is embedded inside of qmail. It was done so primarily to help the likes of

RE: [qmailtoaster] question about qmailtoaster and + as a delimiter instead of the default - option

Just catching up on emails in this box, and have 4 notes on this topic: 1. The dash being a delimiter is embedded inside of qmail. It was done so primarily to help the likes of the ezmlm group management system, but it comes in handy in TONS of ways. (For example, I use dan=ms@mydomain as m

RE: [qmailtoaster] Been away for a long while...

Craig: Yes on both counts – QMT utilizes the VPopMail add-on for virtual domains, and ezmlm is part of the default config. Dan McAllister From: Craig McLaughlin [mailto:craig.p.mclaugh...@gmail.com] Sent: Wednesday, November 9, 2016 3:10 PM To: qmailtoaster-list@qmailtoaster.com Su

RE: [qmailtoaster] Fetchmail install and configure on qmailtoaster system

Apologies to the group – my outlook took eric’s email and applied the group address to it. My bad (would belong on the developer group anyway!) Dan From: Dan McAllister - QMT DNS Admin [mailto:q...@it4soho.com] Sent: Tuesday, November 8, 2016 3:41 PM To: qmailtoaster-list

RE: [qmailtoaster] Fetchmail install and configure on qmailtoaster system

Eric: I took a moment today and looked over your install scripts for QMT on COS 6 and noted you had a way to switch between BIND & Daniel’s DJBDNS… to that end, I have some thoughts. (I’m assuming you and I – and hopefully a 3rd – can start moving forward on re-setting this project in a forw

RE: [qmailtoaster] concerning updates to qmailtoaster

Rajesh & Eric: I find this thread particularly compelling -- I have 3 different "large" qmail servers, each of which hosts more than 20,000 users. One of the most difficult items to control is when one of my users gets infected with a "virus" (or other type of malware) that then abuses the fact

RE: [qmailtoaster] temporarily disable a domain

I never saw a reply to this, so I’ll pipe up here When you “lose a domain” but need to keep “supporting” that domain (e.g. so users can still get to their old mail), the thing to do is to create a rule that forwards messages addressed to that domain to the correct server. Step 1: Remove the

RE: [qmailtoaster] DMARC checking?

ined, they can move to a 'reject' policy." It seems to me that the DMARC website indicates that not only is feedback provided for but a message policy (report, quarantine, reject) for failed authentication. Correct me if I'm wrong. Eric On 7/20/2016 4:57 PM, Dan McAllister

RE: [qmailtoaster] DMARC checking?

I'm not sure what you mean by DMARC checking? Generally, SPF is triggered by the existence of an appropriate DNS entry, while a DKIM check would be triggered by a DKIM signature in the header of the message. The point of DMARC isn't to trigger any checking, it is to provide a FEEDBACK mechanism

RE: [qmailtoaster] catch all account and the spam

The CORRECT way to do this is to create the .qmail-default file with an entry that says: | /home/vpopmail/bin/vdelivermail ‘’ delete NOTE: Extra spaces added for readability on “variable width font” readers :) You will find the DEFAULT entry says “bounce-no-mailbox” where I have delete