Re: [toaster] Relay with authentication
Tarique Saleh Mahmud wrote: Dear Rick, Here is my tcp.smtp file: 127.:allow,RELAYCLIENT=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmail/bin/simscan,DKSIGN=/etc/domainkeys/%/default 192.168.:allow,CHKUSER_MUSTAUTH=,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmail/bin/simscan,DKSIGN=/etc/domainkeys/%/default :allow,DKVERIFY=DEGIJKfh,QMAILQUEUE=bin/qmail-dk,DKQUEUE=/var/qmail/bin/simscan Rick Macdougall wrote: Tarique Saleh Mahmud wrote: Also I found that someone (outsider) can send email using any email address of our domain in the FROM and TO fields without authentication. Well that looks fine. How about the contents of your qmail-smtpd run file ? Also, sending mail with a To: of your domain will never require AUTH. Regards, Rick
Re: [toaster] Relay with authentication
Tarique Saleh Mahmud wrote: Rick, Here is my qmail-smtpd run file: #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` exec /usr/local/bin/softlimit -m 800 \ /usr/local/bin/tcpserver -v -H -R -l 0 \ -x /home/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/rblsmtpd \ -r bl.spamcop.net \ -r zen.spamhaus.org \ /var/qmail/bin/qmail-smtpd \ /home/vpopmail/bin/vchkpw /bin/true 21 Hi, Well everything seems correct. Are you sure outside users can relay through you ? Not just deliver to local users, but deliver to someone at yahoo or gmail. Is there anything in /var/qmail/control/locals ? Regards, Rick
Re: [toaster] Relay with authentication
Tarique Saleh Mahmud wrote: Also I found that someone (outsider) can send email using any email address of our domain in the FROM and TO fields without authentication. Thanks, Tarique Tarique Saleh Mahmud wrote: Hello, Can anyone tell me how to configure toaster to allow relay with authentication for roaming users. Currently I am using Bill's Qmail toaster but found people can send email from outlook/outlook express using fake user name. Hi, What's in your tcp.smtp file ? Regards, Rick
Re: [toaster] alias domain: delete original domain
Martin Pittelkow wrote: Hi, I've got the following problem: a) Main Domain: example.com b) Alias Domain: example.org Now, the MAIN domain has been canceled, and the alias domain shall be the main domain. Is there any possibility to make this possible without losing all the mails stored in /home/vpopmail/domains/example.com? Thanks, Martin. Hi, Short answer, no. Long answer, yes. You can with the following steps: mv example.com example.org alter the /var/qmail/users/assign file to ping example.org to the new directory and remove example.com /var/qmail/bin/qmail-newu alter the /var/qmail/control/[more]rcpthosts and virtualdomains to remove example.com svc -h /service/qmail-send Then check all .qmail-* and .qmail files in the users directories to fix anything pointing to the old /home/vpopmail/domain/example.com and replace with example.org. I may have missed something above, but that's the basic idea. Regards, Rick
Re: [toaster] alias domain: delete original domain
Martin Pittelkow wrote: Hi, I've got the following problem: a) Main Domain: example.com b) Alias Domain: example.org Now, the MAIN domain has been canceled, and the alias domain shall be the main domain. Is there any possibility to make this possible without losing all the mails stored in /home/vpopmail/domains/example.com? Thanks, Martin. Oh yah, you'll also need to modify your vpasswd file/mysql/postgres users to point to the new example.org directory. Regards, Rick
Re: [toaster] POP3 SSL Certificate Expired
Jeff Koch wrote: Zsolt - thanks but can you tell me where the certificate is located? At 03:01 AM 6/16/2009, you wrote: Jeff Koch wrote: The certificates we're using for pop3 ssl and imap ssl expired. I tried running 'make cert' from the /var/src/netqmail-1.05/netqmail-1.05 directory but nothing seems to happen. Does anyone know how to recreate the certificates? Existing certificates should be deleted before you run the 'make cert'. -- Zsolt Erki-Kiss Best Regards, Jeff Koch, Intersessions Hi, Courier is in /usr/lib/courier-imap/share/imapd.pem The script to rebuild them is in the same directory. Regards, Rick
Re: [toaster] POP3 SSL Certificate Expired
Shane Chrisp wrote: Jeff Koch wrote: Zsolt - thanks but can you tell me where the certificate is located? They should be located in /var/qmail/control I believe only the qmail certs are in /var/qmail/control Toaster based courier imap certs will be in /usr/lib/courier-imap/share Regards, Rick
Re: [toaster] Incoming messages from dynamic Ips
Júlio Manuel Olivares wrote: Hello, I run an email service based on the toaster. I use SORBS to block at SMTP level incoming mail from spam sources and now I want to narrow my protection by disallowing dynamic IPs to send mail, which is possible through a SORBS’ zone. The problem is I want to keep allowing my users to send mail from dynamic addresses. Since they use SMTP-AUTH I’m trying to figure out how can just I use RBLs for non-authenticated incoming connections. Because qmail-smtpd is invoked after rblsmtpd this seems not to be possible but maybe some of you had already tried a different approach and could give me some advice. Thanks in advance, Julio Olivares Run another instance on a different port (say 587 or 2500) and only allow authenticated users to use it. This is possible with the latest chkuser code. Regards, Rick
Re: [toaster] Incoming messages from dynamic Ips
Júlio Manuel Olivares wrote: Ok, please disregard, I had to uncomment the option in chkuser_settings.h and recompile and it's working fine now. Thanks for helping. Awesome, glad you got it working. Regards, Rick
Re: [toaster] Issues With Relay Mail and Spam
AJ Bourg wrote: Anybody? I have more messages in the queue because of this and I'm getting rather frustrated because I'm not sure what is going on. Thanks. On 3/8/09 10:13 PM, AJ Bourg wrote: Hi Folks, I have been having a persistent issue the last few days with a bot using my server as a relay to send spam. The other day I had 24,000 spam messages stuck in my qmail queue. I used qmail-remove to remove all these messages, and this spammer is using a consistent (fake) from address on my server and is using a consistent netblock in China so I used iptables to just block the whole network. But I would like to figure out why the the messages are being accepted. Here's an example from the log: @400049b3f675121b5e4c tcpserver: pid 32237 from 121.206.74.211 @400049b3f675121b6234 tcpserver: ok 32237 0:65.98.207.151:25 :121.206.74.211::2...@400049b3f67a155cba24 CHKUSER accepted sender: from ty...@bella2.srihosting.com:anonymous: remote F35D3CCB236648E:unknown:121.206.74.211 rcpt : sender accep...@400049b3f67a155cc5dc CHKUSER relaying rcpt: from ty...@bella2.srihosting.com:anonymous: remote F35D3CCB236648E:unknown:121.206.74.211 rcpt yt...@yaho.cn : client allowed to relay @400049b3f68a372996f4 simscan:[32237]:RELAYCLIENT:16.5675s:-:121.206.74.211:ty...@bella2.srihosting.com:yt...@yaho.cn: Sounds like some spammer has figured out the password of one of your users and is using SMTP Auth to send the emails. Check your logs for vchkpw-smtp and see what user name is doing it. One my system the log file is /var/log/maillog Regards, Rick
Re: [toaster] cleaning queue
Alejandro Perretta wrote: use http://sourceforge.net/projects/qmhandle or http://jeremy.kister.net/code/qmqtool/ Or my personal favorite, qmail-remove http://www.linuxmagic.com/opensource/qmail/qmail-remove Regards, Rick
Re: [toaster] cleaning queue
Zoltan Lippai wrote: svc -u /service/qmail-smtpd but it still shows the error (but now the disk is not full, I guess this message is stuck there for some reason) How can I clear it? Add a new /service in clear mkdir -p /service/clear vi /service/clear/run add this #!/bin/sh yes '' | head -4000 | tr '\n' . # When you want to clear the service errors, just run this: # svc -o /service/clear Save and svc -o /service/clear Regards, Rick
Re: [toaster] Anyone using simscan + spamc
Shane Chrisp wrote: Hi, Is anyone running simscan + spamc with user prefs stored in sql or even in file at all? I have been looking at it and it doesnt look like its that difficult to set up but maybe im missing something. Any input would be appreciated. Shane Yup, we do that here with user prefs stored in MySQL. Nothing to it really, just make sure you have the correct configure lines for simscan. We use the following (with simscan 1.2) ./configure --enable-user=clamav --enable-clamav=y --enable-spam=y --enable-custom-smtp-reject=y --enable-per-domain=y --enable-received --enable-spamc-args=-d spa010.munged.ca,spa013.munged.ca -H --enable-spamc-user=y --enable-attach=y --enable-spam-hits=10 --enable-regex --with-pcre-include=/usr/include/pcre/ Regards, Rick
Re: [toaster] Anyone using simscan + spamc
Jason S wrote: Rick Macdougall wrote: Make sure to use this configure option if you don't want all spam to be rejected at the smtp level (for delivery to spam folder, etc). --enable-spam-passthru=y Nope, that doesn't work correctly with simscan 1.2 apparently. also, the --enable-custom-smtp-reject=y option requires an additional patch (qmail-queue-custom-error.patch): for added flexibility you can define spamc args in /etc/mail/spamassassin/spamc.conf. That way you don't have to change the --enable-spamc-args options and recompile simscan to added servers, etc. I wasn't aware of this, is it available for simscan 1.2 ? Regards, Rick
Re: [toaster] Anyone using simscan + spamc
Jason S wrote: I've used --enable-spam-passthru on 1.1 and currently on 1.4. Yup, I can enable it as well but then it passes all spam through, which is not what I thought it was intended to do since I want to reject spam greater than X points (in our case X = 10). Regards, Rick
[toaster] Weird email not being delivered
Hi, I've got a strange problem where mail is sent to an existing user, gets scanned by simscan (v1.2) and the just vanishes. qmail-smtpd logs 2008-05-23 08:39:04.032932500 tcpserver: ok 20904 newmail.axess.com:216.162.64.120:25 mail.influencecommunication.ca:66.158.143.186::32881 2008-05-23 08:39:10.455106500 CHKUSER accepted sender: from [EMAIL PROTECTED]:: remote :mail.munged.ca:66.158.143.186 rcpt : sender accepted 2008-05-23 08:39:10.489383500 CHKUSER accepted rcpt: from [EMAIL PROTECTED]:: remote :mail.munged.ca:66.158.143.186 rcpt [EMAIL PROTECTED] : found existing recipient 2008-05-23 08:39:10.869307500 simscan:[1]:CLEAN (-2.00/5.00):0.3771s:=?iso-8859-1?B?UmV2dWUgZGUgUHJlc3NlIGR1IDIyIG1haSAyMDA4IDogUmVt?=:66.158.143.186:: And there is nothing in the /var/log/qmail/current for that time, the message just seems to vanish. Any ideas ? Regards, Rick
Re: [toaster] Urgent: preline: fatal: unable to run /usr/bin/maildrop: file does not exist
JP Maxwell / Gmail wrote: Well, that's the same thing, I can't seem to find it... did I miss a step? On Thu, May 1, 2008 at 11:58 AM, Qmail List [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: preline: fatal: unable to run /usr/bin/maildrop: file does not exist Where is your maildrop? The toaster does not include maildrop. You'll need to install that yourself. Regards, Rick
Re: [toaster] Question
Hi, Answers in-line. Gary Bowling wrote: I've been using the toaster for quite some time, with great results (thanks Bill for all the hard work!). I'm running the latest versions (although my clamAV may be out of date as that happens frequently). My system is a CentOS with the latest updates. I use most of the add ons such as spamassassin, clamav, ripmine, simscan, tmda, and qmailmrtg. I host about 15 domains, but not too many users per domain, the largest is about 40 users. Unfortunately I seem to recently be experiencing some strange problems and am not sure of the best way to sort them out. - Emails with large attachments are typically being delivered twice to the end user. This can happen when your server takes to long to scan the message and the sender disconnects before you finish scanning. simscan doesn't detect the disconnection and delivers the email but the remote side tries again later. Not much you can do about that except upgrade your hardware and/or make sure you are running the latest ClamAV (The 0.90.x versions had long reload times). - Lots of spam, even though I have tweaked and tweaked on spamassassin, the spam has more than doubled in the past month. Are you manually training your bayes database ? Bayes can get out of sync if you don't feed it ham and spam manually. Check some of the spam that is slipping through to see what bayes_xx it scored on. Also, are you running network tests ? The URI bls and other RBLs are a great help in detecting spam. - Users receiving failure notices even though the message is actually received properly. - Users receiving failure notices from emails they didn't actually send. Both of these are most likely spammers sending emails as your users. Not much you can do about it really. - Some users get failures that say protocol error with not much detail. Only time I've ever seen this is when your client.pem file is pooched and the TLS stops working. HTH, Rick
Re: [toaster] CHKUSER error
Dennis Erickson wrote: Just built new toaster box - Here is the problem I am encountering when i attempt to send mail. from smtpd log CHKUSER rejected sender: from [EMAIL PROTECTED]:[EMAIL PROTECTED]: remote MYPC:unknown:123.123.123.123 rcpt : invalid sender MX domain I am able to receive emails on the box no problem. Thanks Dennis [EMAIL PROTECTED]:[EMAIL PROTECTED]: is not a legal email address. Regards, Rick
Re: [toaster] Email Clients Fail to send email -- hiccups
John Harmon wrote: Anyone? Any ideas where to look? It is more and more frequent. It as if the server temporarily fails over smtp. or it doesn't authenticate. It is doing it quite often and is really annoying. Everything over the webmail login page works fine. Thanks, John John Harmon wrote: John Harmon wrote: Quick question. Lately I have noticed that my email client (Thunderbird) will fail to send emails out over smtp (doesn't matter over port 25 or 2525); however, I can send email out through the web client during this time. Looking at the server there are about a dozen email servers delivering mail to my server. If I wait 3 to 5 minutes, things will send fine. It acts like it is just a temporary hiccup, but it seems to happen to me once a day. Any ideas as to why it may be doing this? ideas how to address the issue? Thanks in advance, John Sorry, just read my post and found it a bit confusing. By Web Client I mean webmail over a browser (Firefox in my case). The only time I've ever seen this is when you are using a MySQL backend and using smtp auth and all the mysql connection slots are used. Regards, Rick
[toaster] Possible doc error ?
Hi, One of my bussies was using the toaster to install a new server and came across this prereq. yum install gcc g++ gcc-g++ gdbm gdbm-devel openssl openssl-devel stunnel krb5-devel bzip2 bzip2-devel He really needed c++ and gcc=c++, not g++. Is this a typo ? Regards, Rick
Re: [toaster] Possible doc error ?
Bill Shupp wrote: On Feb 25, 2008, at 10:04 AM, Rick Macdougall wrote: Hi, One of my bussies was using the toaster to install a new server and came across this prereq. yum install gcc g++ gcc-g++ gdbm gdbm-devel openssl openssl-devel stunnel krb5-devel bzip2 bzip2-devel He really needed c++ and gcc=c++, not g++. Is this a typo ? The last time I checked, the RH rpm name was gcc-c++. But that was a while ago. Note that different distributions use different package names. What distribution are you using? Regards, Bill Hi, On your page it says gcc-g++, I believe it should say gcc-c++ It's a CentOS 5 install. Regards, Rick
Re: [toaster] Howto: Bounce addresses on an alias domain...
Joey Novak wrote: Hey Guys, We have a domain that has an alias, and a customer has requested that we bounce all mail sent to his accounts alias on the other domain. i.e. domaina.com http://domaina.com is an alias for domainb.com http://domainb.com. The customer wants [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] to come through, but all messages sent to [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] to go to trash or be bounced. Is this possible? I don't touch our qmail install very often, so my qmail admin skills are pretty rusty (read, falling off the hinges rusty...) Thanks! Just off the top of my head here. You could add [EMAIL PROTECTED] to /var/qmail/control/badmailto Rick
Re: [toaster] Howto: Bounce addresses on an alias domain...
Tonix (Antonio Nati) wrote: Joey Novak ha scritto: Hey Guys, We have a domain that has an alias, and a customer has requested that we bounce all mail sent to his accounts alias on the other domain. i.e. domaina.com http://domaina.com is an alias for domainb.com http://domainb.com. The customer wants [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] to come through, but all messages sent to [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] to go to trash or be bounced. Is this possible? If you use chkuser, you can make: vmoduser -b [EMAIL PROTECTED], and it's mail will be bounced at SMTP level. Tonino I'm pretty sure since there is only one record for user, doing a vmoduser -b [EMAIL PROTECTED] would also cause [EMAIL PROTECTED] to bounce. Regards, Rick
Re: [toaster] lame vpopmail processes
Terry A wrote: I had over 900 of these and was using swap memory before I rebooted the system now all is running smoothly again but already I have 3 of these lame processes. Can anyone tell me either what is wrong or how to get rid of them Thanks Perhaps set /var/qmail/control/timeoutsmtpd to 60 so they timeout quicker. Regards, Rick
Re: [toaster] old toaster -- need to renew/update IMAP SLL Cert
Hank wrote: Hello, I have an older Shupp Toaster installed (a few years old) , and I need to update the SMTP/IMAP SSL certs. Can someone please provide a few step-by-step instructions to re-generate a valid cert? thanks. -Hank For smtp (assuming you still have your original source) cd /var/qmail/control rm *.pem cd /original/source/dir make cert /var/qmail/bin/update_tmprsadh For IMAP cd /usr/lib/courier-imap/share/ rm imapd.pem /etc/init.d/courier-auth restart /etc/init.d/courier-imap restart Regards Rick
Re: [toaster] old toaster -- need to renew/update IMAP SLL Cert
Hank wrote: Also, it looks like I have no /etc/init.d/courier-auth to restart. ?? but restarting courier-imap seemed to work great. Entirely possible if you have an older version of courier installed. Regards, Rick
Re: [toaster] old toaster -- need to renew/update IMAP SLL Cert
Hank wrote: Rick, thanks alot... one question: I do have my original source dirs in /var/src .. is there a subdir I should be in when running the make cert and /var/qmail/bin/update_tmprsadh commands? The subdirs I have in /var/src are: netqmail-1.05 qmailmrtg7-4.2 toaster-scripts-0.8 ucspi-tcp-0.88 vpopmail-5.4.10 vqadmin-2.3.2 -Hank For make cert cd /var/src/netqmail-1.05/netqmail-1.05 make cert /var/qmail/bin/update_tmprsadh can be issued from anywhere. Regards, Rick
Re: [toaster] old toaster -- need to renew/update IMAP SLL Cert
Hank wrote: Hi Rick, Very sorry to bother you again, but make cert did nothing in the /var/src/netqmail-1.05/netqmail-1.05 directory. I do have Makefile-cert and Makefile-cert.mk http://Makefile-cert.mk files in that directory, but no cert. Should I run a make Makefile-cert or Makefile-cert.mk http://Makefile-cert.mk instead? make cert works when using gnu make try gmake cert instead. Regards, Rick
Re: [toaster] old toaster -- need to renew/update IMAP SLL Cert
Hank wrote: Hi Rick, Very sorry to bother you again, but make cert did nothing in the /var/src/netqmail-1.05/netqmail-1.05 directory. I do have Makefile-cert and Makefile-cert.mk http://Makefile-cert.mk files in that directory, but no cert. Should I run a make Makefile-cert or Makefile-cert.mk http://Makefile-cert.mk instead? Oh, and make cert won't do anything if the .pem files are still in /var/qmail/control. Regards, Rick
Re: [toaster] auth only
Lampa wrote: Hello, i know but i need auth all users eg forced smtp authentication. No authenticated users should be dropped connection. 2007/11/28, Qmail List [EMAIL PROTECTED]: is possible to turn on (via some variable) requirements of auth ? Eg. users with no user/passwd cannot send email. Bill's toaster has smtp-auth built in There is an option in the chkuser patch to do exactly that. Look for AUTH in the chkusr_settings.h file. Regards, Rick
Re: [toaster] auth only
Lampa wrote: Hello, using older version of chkuser and toaster, option is not available :( 2007/11/28, Rick Macdougall [EMAIL PROTECTED]: Lampa wrote: Hello, i know but i need auth all users eg forced smtp authentication. No authenticated users should be dropped connection. 2007/11/28, Qmail List [EMAIL PROTECTED]: is possible to turn on (via some variable) requirements of auth ? Eg. users with no user/passwd cannot send email. Bill's toaster has smtp-auth built in There is an option in the chkuser patch to do exactly that. Look for AUTH in the chkusr_settings.h file. Upgrade then, it's seamless. Rick
Re: [toaster] Help - Problem SMTP
Qmail List wrote: Hi, Visit http://tqmcube.com/dnsbl/dnsbl_remove.php. Your IP is blacklisted by tqmcube.com Best Regards Nicholas Chua - Original Message - From: Info Neoblu To: toaster@shupp.org Sent: Friday, November 23, 2007 12:41 AM Subject: [toaster] Help - Problem SMTP Help me.. By WebMail receive this error when sending an e-mail, how can I solve it? I tried to put even roundcube but is the same thing. * START MESSAGE L'azione richiesta è stata interrotta: errore nell'elaborazione 451 Spam received from 127.0.0.1. Removal Requests: http://tqmcube.com/dnsbl/dnsbl_remove.php * END MESSAGE ** What is? 127.0.0.1 is listed in tqmcube for some reason. When accepting mail on 127.0.0.1 do not check tqmcube. Rick
Re: [toaster] R: [toaster] Help - Problem SMTP
Info Neoblu wrote: -Messaggio originale- Da: Rick Macdougall [mailto:[EMAIL PROTECTED] Inviato: giovedì 22 novembre 2007 18.11 A: toaster@shupp.org Oggetto: Re: [toaster] Help - Problem SMTP 127.0.0.1 is listed in tqmcube for some reason. When accepting mail on 127.0.0.1 do not check tqmcube. Rick How can I do? What file format should change? [EMAIL PROTECTED] control]# more /var/qmail/supervise/smtp/run #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` BLACKLIST=`cat /var/qmail/control/blacklists` SMTPD=/var/qmail/bin/qmail-smtpd TCP_CDB=/etc/tcprules.d/tcp.smtp.cdb RBLSMTPD=/usr/bin/rblsmtpd HOSTNAME=`hostname` VCHKPW=/home/vpopmail/bin/vchkpw REQUIRE_AUTH=0 exec /usr/bin/softlimit -m 1200 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ $RBLSMTPD $BLACKLIST $SMTPD $VCHKPW /bin/true 21 And [EMAIL PROTECTED] control]# more /etc/tcprules.d/tcp.smtp 127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRONG RCPTLIMIT=10,DKVERIFY=DEGIJKfh,QMAILQUEUE=/var/qmail/bin/simscan,DKQUE UE=/var/qmail/bin/qmail-queue.orig,DKSIGN=/var/qmail/control/domainkeys/% /private,NOP0FCHECK=1 on the first line of tcp.smtp add RBLDNSD= example 127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private,RBLDNSD= Regards, Rick
Re: [toaster] Greylisting howto
Roman Bělonohý wrote: Hello, is there any toaster addon how to install greylisting into already installed Bill's toaster? I am really sick of the spam and would like another step to fight with it. But I am affraid of breaking working toaster, lol. Thanks, Roman http://www.shupp.org There is a patch on the main page. Regards, Rick
Re: [toaster] Greylisting ....
Jaroslav wrote: Hello. I did like you said but got the error while doing make: ./compile local_scan.c local_scan.c:15:38: error: /usr/include/mysql/mysql.h: No such file or directory local_scan.c:34: error: expected Б─≤)Б─≥ before Б─≤*Б─≥ token local_scan.c:64: error: expected Б─≤)Б─≥ before Б─≤*Б─≥ token local_scan.c:103: error: expected Б─≤)Б─≥ before Б─≤*Б─≥ token local_scan.c:162: error: expected Б─≤)Б─≥ before Б─≤*Б─≥ token local_scan.c: In function Б─≤local_scanБ─≥: local_scan.c:258: error: Б─≤MYSQLБ─≥ undeclared (first use in this function) local_scan.c:258: error: (Each undeclared identifier is reported only once local_scan.c:258: error: for each function it appears in.) local_scan.c:258: error: Б─≤mysqlБ─≥ undeclared (first use in this function) make: *** [local_scan.o] Error 1 seems I need mysql sources, right ? Distro is Ubuntu. Hi, Yes, you will need mysql-dev or what ever it is called under Ubuntu. Regards, Rick
Re: [toaster] Greylisting ....
Yalcin Cekic wrote: Hi All, I have working mail box. I used shupp toaster v.0.9.2. I want to install greylisting due to spam. Here is what I did: --- ([EMAIL PROTECTED]:/var/src)# cp -rp netqmail-1.05 netqmail-1.05_org ([EMAIL PROTECTED]:/var/src)# cd netqmail-1.05/netqmail-1.05 ([EMAIL PROTECTED]:/var/src/netqmail-1.05/netqmail-1.05)# wget http://shupp.org/patches/greylisting-20060105.patch ([EMAIL PROTECTED]:/var/src/netqmail-1.05/netqmail-1.05)# patch greylisting-20060105.patch patching file FILES patching file Makefile Hunk #2 succeeded at 1702 with fuzz 2 (offset 24 lines). Hunk #3 succeeded at 1983 (offset 28 lines). patching file TARGETS Hunk #1 FAILED at 429. 1 out of 1 hunk FAILED -- saving rejects to file TARGETS.rej patching file dbdef.sql patching file hier.c Hunk #1 succeeded at 131 (offset 1 line). patching file install-big.c Hunk #1 succeeded at 129 (offset 1 line). patching file local_scan.c patching file local_scan.h patching file qmail-envelope-scanner.c patching file qmail-smtpd.c Hunk #2 succeeded at 106 (offset 10 lines). Hunk #3 succeeded at 547 (offset 82 lines). Hunk #4 succeeded at 751 with fuzz 2 (offset 108 lines). --- I received some some errors, seen above. Then ([EMAIL PROTECTED]:/var/src/netqmail-1.05/netqmail-1.05)# make clean ([EMAIL PROTECTED]:/var/src/netqmail-1.05/netqmail-1.05)# make qmailctl stop make setup check chown -R vpopmail:vchkpw /var/qmail/spam - There is no problem for compiling. I am not sure that greylisting work. Is there any log for that? My relayfrom table is getting fill. But dns_name and maillog table is empty. Only the relayfrom table is used. You should also see the debug output in /var/log/qmail/smtpd/current. Regards, Rick
Re: [toaster] help - smtp problem
kenneth chan wrote: Hi all, My email server has been working very well for a while. However, it started to have problem in sending email yesterday. I test it with my hotmail account and found that: 1. I cannot send new email to hotmail account but I can reply the email sent by hotmail account. 2. Not just to hotmail, this problem also applies to other domains in different places. 3. I can receive email from anyone without any problem 4. Within the LAN, it still works very well. 5. I can send email to the toaster@shupp.org Could anyone give me a hand? Hi, Have you checked to see if your IP is listed in some RBL ? http://member.dnsstuff.com/pages/tools.php Regards, Rick
Re: [toaster] help - smtp problem
kenneth chan wrote: Thanks Rick, I did check and my IP is not listed. Actually I can send to some domains like the shupp.org. I think some other domains may have implemented policy to block my domain automatically. Do I need to check my server? or others? I dunno really. Send me a message directly off list ([EMAIL PROTECTED]) and I'll investigate. Regards, Rick
Re: [toaster] Fake MX problem with qmail
Adi Pircalabu wrote: On Fri, 7 Sep 2007 15:02:45 +0200 Alessio Cecchi wrote: Some ISP use this trick like antispam solution: http://wiki.apache.org/spamassassin/OtherTricks It's yet another half-baked(TM) solution to the spam problem. From my experience, more than 80% of the mail received by machines acting as secondary MX is spam. Based on this, it's an usual habbit to set up secondary MX records just to collect spam. But the wiki page says that with qmail remote server you can have some problem. And in fact i have find that qmail in some situations is unable to delivery the email in this situations. It's not quite a problem. If the primary MX is not available qmail-remote will retry to send the message later. Why? Is qmail that have problem with the RFC? Yes, qmail-remote does not try to deliver the message to secondary MX(s). In this case the ISP using that completely stupid setup is responsible for the breakage caused by using fake primary MX records. Actually, if the primary MX does not respond, qmail will try the higher MX. If the primary MX responds but temp fails the message, qmail will try the same MX again later. Regards, Rick
Re: [toaster] Greylisting questions
John Barton wrote: I have a toaster I set up a LONG time ago using shupp.org, and everything has worked very well for some time. I am starting to get hammered by spam pretty bad though, and spamassassin is just not cutting it any longer. I am considering implementing the greylisting patch that is available from shupp.org, I have a friend who has had great success with greylisting on his courier mail server. I assume that most of the major issues with greylisting have been worked out by now. My question is: will the greylisting patch automatically allow authenticated users to connect and send mail without tempfailing them? Any other gotchas to be aware of? Thanks, -John Yes, authed users can just send, no temp fail. The only other gotcha is that some older exchange and groupwise servers don't handle a tempfail, they permfail it. As long as your users are aware of this, they can make sure that those people who's servers do that call them so you can whitelist their IP's. Regards, Rick
Re: [toaster] Spam scores required
Bill Shupp wrote: [EMAIL PROTECTED] wrote: Hi Bill, nice to write to you ;-) Unfortunately yes: It was created by configure, which was generated by GNU Autoconf 2.59. Invocation command line was $ ./configure --enable-user=clamav --enable-clamav=y --enable-spam=y --enable-spam-passthru=y --enable-per-domain=y --enable-ripmime --enable-attach=y --enable-received=y --enable-custom-smtp-reject=y --enable-spam-hits=6 --enable-quarantinedir=/var/qmail/quarantine Should I disable anything? Make sure your custom simcontrol entry is *above* any default entry. If it's below it, the default will override your custom entry. Rules are read from the top down, just like tcp.smtp. Regards, Bill Hi, It doesn't work in 1.3.1, it appears to work in 1.2. Also, the regex rules run regardless of any entries in simcontrol that specify regex NOT to run for a given domain or [EMAIL PROTECTED], this applies to 1.2 and 1.3.1 Regards, Rick
Re: [toaster] Quota Questions
James Gorz wrote: We are setting up quotas on our qmail toaster installation. I had a few concerns I hope can be answered. First off, if we set a per domain quota, can the domain's quota be overwritten with qmailadmin's web interface? I believe that the postmaster account would only be able to set quotas on each mailbox within the domain. Has anyone ran into issues with this? Secondly, I just wanted some feedback as to what a reasonable quota would be for each domain. We're currently thinking about 1GB per domain. Most domains we have are well under that, but there are a few wild domains that are over the 1GB mark. Any feedback would be appreciated. Thanks. -Jim There are no domain quota's in vpopmail. There was, but it was broken and it was removed. Trying to implement it correctly is a touch thing to do since it could mean reading thousands of users to update the total. You could use system quota's and run qmail-smtpd as root though. Regards, Rick
Re: [toaster] Incoming Filter
Kubilay Akyol (Radore Telekom) wrote: Thanks for your reply. Adsl users sending spam e-mails using their adsl connections. I can filter IP addresses from firewall btw, But adsl users have dynamic ip addresses. Dropping a connection will drop all. I want to block whole adsl ip range (/24 or more), *unless they are smtp authenticated* So that my smtp authenticated users can send e-mail, but other will not be able to send e-mail to my users. It's something like rbl black listing. Setup another instance of qmail-smtpd on the submission port (587) that only accepts email from auth'd users (I believe Tonio's chkuser patch now supports this) and tell your ADSL clients to use that port. Then block what ever you want on port 25. Regards, Rick
Re: [toaster] Need advice/instructions for toaster update
Günter Palm wrote: Hi All, I know, others have asked the very same question here on the list already: What is the best procedure for upgrading the toaster? And yes, I DID read the answer(s): just install those (software/options) that have features you want/need. Well, maybe thats basically it, but I can't believe that it's THAT easy. Aren't there special things to consider when you upgrade a runnning system? I don't mean such simple things like not to create already existing users/groups or symlinks anew, but those which aren't so obvious - at least not for everybody. It's that easy IF you remember that upgrading vpopmail requires upgrading/recompiling things that use vpopmail.so (courier and qmail with the chkuser patch come to mind). Also, always read the UPGRADE document for the program you are upgrading. To make clear what I'm talking about (from my point of view) here some of my updating experiences: Example 1: I did an update from SpamAssassin 3.1.7 to 3.2.0 via CPAN. Since this version requires module Net::DNS I had to install that first. But what about the optional modules like Mail::Domainkeys or Mail::DKIM? Are any of these required for the current toaster? Nice to have Mail::DKIM but not needed for SA or the toaster. Example 2: After making ClamAV i did a simscanmk -g to update the cdb and got an error that libclamav.so.2 couldn't be found. Since I didn't know if this error was related to (old) simscan I updated simscan as well, but got the same error. A reboot fixed that. Maybe I should have removed /usr/local/lib/*clam* before compiling/making ClamAV and I wouldn't have to reboot the system? The latest clamav requires you to manually run ldconfig after installing. ldconfig also runs at boot time. Example 3: Making ClamAV from source doesn't overwrite the existing usr/local/etc/clamd.conf. In my case this led to clamd producing errors in the log: ERROR: Can't open/parse the config file /usr/local/etc/clamd.conf ERROR: Parse error at line 39: Option LogClean requires boolean argument. Copying the new clamd.conf manually fixed the problem (Option changed from LogClean to LogClean yes) No, reading the UPGRADE document in the clamav source tree would have alerted you to this before hand. There were major changes to .conf files between 0.88 and 0.90. Always read the UPGRADE document if it exists. The conclusion is that updating by following the toaster like with a fresh install just doesn't do it. Correct. I guess someone with a wack of free time could write an UPGRADE document for the toaster but most of us already do read it for the individual packages we are upgrading. Regards, Rick
Re: [toaster] Stunnel v4 + pop3ds problem
laety Boop wrote: Hello everybody I got a problem with stunnel 4 and pop3ds (on Debian etch). But it works well with imap and smtp. openssl s_client -connect localhost:995 this command show : CONNECTED(0003) write:errno=104 Here is the qmail-pop3ds log : ok 18836 0:127.0.0.1:995 http://127.0.0.1:995 :127.0.0.1::44336 2007-05-01 03:39:14.575979500 2007.05.01 03:39:14 LOG3[18836:3083192000]: Error reading certificate file: /etc/stunnel/stunnel.pem 2007-05-01 03:39:14.576023500 2007.05.01 03:39:14 LOG3[18836:3083192000]: error stack: 140DC002 : error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib 2007-05-01 03:39:14.576044500 2007.05.01 03:39:14 LOG3[18836:3083192000]: error stack: 20074002 : error:20074002:BIO routines:FILE_CTRL:system lib 2007-05-01 03:39:14.576063500 2007.05.01 03:39:14 LOG3[18836:3083192000]: SSL_CTX_use_certificate_chain_file: 200100D: error:0200100D:system library:fopen:Permission denied and here is my pop3ds/run : #!/bin/sh VPOPMAILUID=`id -u vpopmail` VPOPMAILGID=`id -g vpopmail` exec /usr/local/bin/tcpserver -l 0 -R -H -v \ -u$VPOPMAILUID -g$VPOPMAILGID 0 995\ /usr/bin/stunnel /service/qmail-pop3ds/stunnel.conf 21 finally here is my qmail-pop3ds/stunnel.conf ( changed domain.com http://domain.com with mine but it does not change anything) cert = /var/qmail/control/servercert.pem exec = /var/qmail/bin/qmail-popup execargs = qmail-popup crecep.net http://crecep.net /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir Hi, I don't know if this is your problem but the config setup for stunnel V3 and V4 are completely different. You might be trying to use the V3 setup with V4 of stunnel. I believe the default toaster instructions are for V3 but there are instructions for V4 on the toaster site somewhere. /Sorry I don't use it and I'm watching the hockey playoffs and having a beer or I'd dig further. HTH, Rick
Re: [toaster] messages stuck in simscan
Alexey Amerik wrote: Also Im spamd logs with debug enabled I see this: @400046141a6c3a9a673c [4489] dbg: prefork: child 23924: entering state 1 @400046141a6c3a9c4b9c [4489] dbg: prefork: new lowest idle kid: 23924 @400046141a6c3a9d3dcc [4489] dbg: prefork: child reports idle @400046141a6c3a9eeb7c [4489] info: prefork: child states: II @400046141a6c3aa41f84 [23924] dbg: prefork: sysread(6) not ready, wait max 300 secs @400046141af03a75feec [23925] dbg: prefork: periodic ping from spamd parent @400046141af03a76165c [23925] dbg: prefork: sysread(8) not ready, wait max 300 secs @400046141af03a7625fc [23924] dbg: prefork: periodic ping from spamd parent @400046141af03a76359c [23924] dbg: prefork: sysread(6) not ready, wait max 300 secs Hi, That's normal or at least it is on all the systems I run. From one of your earlier posts (the can not connect messages) I'd say your server was trying to process to many messages at the same time or the default of 5 maximum spamd children is too low. Regards, Rick
Re: [toaster] Simscan 1.3.1 and ClamAV 0.90.1
[EMAIL PROTECTED] wrote: Hello list ! I'm trying to install the toaster with the latest available packages and i'm stuck at installing simscan. The problem seems to be that simscam requires the path to the clamav databases in order to configure the program before making it. The path found is in /usr/local/share/clamav but the file daily.cvd no longer bares that name !!! Instead freshclam created a directory called daily.inc. Does anybody had the same problem ? Maybe i've done something wrong and i don't realise it. Please advise. Thanks ! As a temp fix, just touch a file called daily.cvd in the /usr/local/share/clamav directory. Worked for me. Regards, Rick
Re: [toaster] Spamassassin filtering
SKT/MIS/ROZI wrote: Hi all, This few days, i received a lot of spam. I have place some scoring inside the spam local.cf . I think may be it not too tight. Here is my local.cf. ok_locales all skip_rbl_checks 1 Hi, Don't skip rbl checks for one and I believe the OSIRU checks are depreciated. Regards, Rick
Re: [toaster] clamav 0.90 patches up
Tom Collins wrote: On Feb 14, 2007, at 10:39 AM, Bill Shupp wrote: I've installed these patches on my system, and they are working as expected. Bill, Have you (or anyone for that matter) seen any performance improvements from the new version? I noticed this line from the Release Notes: The email decoding has been improved to reduce both the memory requirements and the time taken to process attachments. I'm hoping that an upgrade will help system performance in times where it used to get bogged down when virus scanning. It seems quite a bit faster here, and my over all load averages are quite a bit lower. One thing to keep in mind, if you are not using the :attach in simcontrol, do NOT enable rip mime in simscan as that will cause clamdscan to basically scan the message and the attachment twice. Clamav does a very good job of scanning encoded content and attachments all by itself. No need to duplicate effort. Regards, Rick
Re: [toaster] Greylisting
Nitchi DaMon wrote: Ok, I got it all installed. How can you tell its working ? I keep checking the MySQL tables and they stay empty. I don't see anyhting in the logs. i tried to telnet to port 25 and run a test there, it accepted it all. Hi, If you did the make setup check in the netqmail directory and you aren't seeing anything in the mysql tables or in the smtpd log then most likely the user name or password set in the local_scan.c program is incorrect. Check that, fix it, recompile. Regards, Rick
Re: [toaster] Greylisting
Nitchi DaMon wrote: Ok, back at it again I did a fresh install from the website of everything. I made sure that the patch was installed AFTER the major patch (qmail-toaster-0.8.3 etc). Ok the patch installed fine. did a make clean then make and WHAM! I get the following errors: ./load qmail-envelope-scanner -lz -lm local_scan.o /usr/lib/mysql/libmysqlclient.a Try adding /usr/local/mysql/lib/libmygcc.a after the /usr/local/mysql/lib/libmysqlclient.a in the Makefile Version 5 of mysql doesn't have everything in libmysqlclient.a At least that worked for me. Regards, Rick
Re: [toaster] CHKUSER Problem
Sam Laffere wrote: Sorry this is so long. Problem: 7 domains do not have invalid users blocked by CHKUSER, 14 domains work correctly. Details: Server set up with Shupp Toaster in early November 2006. Only variance is using maildrop and mailfilter to sort spam into folders. Summary: 21 domains were moved from previous vpopmail based mail server. There is no logic I can find as to why 7 of the domains do not block non-existing recipients at the qmail-smtpd point. The problem seems to be CHKUSER, but I am sure it is not a broken CHKUSER, but just something silly I am missing. The domains were moved a couple at a time from the old server, not in any order. I keep wondering if some little change happened after doing the first 14, and that somehow is affecting the 7 not working. I know that when I started moving the domains, I did a vadddomain for some of the first domains, but may not have done that for some of the later domains. My recollection is that I started out believing I needed to do that for each one. I know I am leaving out lots of details. I can readily provide any requested. I have looked through the archive, and can add the following: All files are owned vpopmail.vchkpw in all domains. All domains have the following in .qmail-default: | /usr/local/bin/maildrop /home/vpopmail/domains/domainname.net/mailfilter and all domains have mailfilter linked like this to the same file. mailfilter - ../mailfilter All permissions match between a working and a non-working domain. vqadmin says CatchAll: mailfilter for both of the following domains. If I click any option, it overwrites my .qmail-default. Hi, Unless you modified the source of chkusr, it requires bounce-no-mailbox in the .qmail-default file. If that is not there, it lets all messages in, regardless of the user existing or not. Regards, Rick
Re: [toaster] Greylisting
Nitchi DaMon wrote: OK kewl, thanks... One problem. I would assume that the libmygcc.a is created IF you recompile from source MySQL ? Every reference I see towards it say recompile. It just does not come in an RPM ready to install eh ? I can't say as I don't run Redhat. I do know that libmygcc.a is part of the binary build from dev.mysql.com for linux. Regards, Rick
Re: [toaster] Greylisting
Nitchi DaMon wrote: dumb question... what are most everyone here running for the OS? I've been using redhat for years now and migrated into the Fedora Core. But I'm open to suggestions. I prefer Slackware, but I also look after CentOS and FreeBSD machines. Probably about 50 or 60 in all. Regards, Rick
Re: [toaster] Greylisting
Bill D'Anjou wrote: Just curious why Debian isn't one of your preferred distro's Bill I prefer Slackware, but I also look after CentOS and FreeBSD machines. Probably about 50 or 60 in all. Regards, Rick Well I do run Ubuntu on the laptop, does that count ? I was never a fan of rpm or apt-get distros. I always found some incompatibility with something. At least with Slackware I can get the source and compile my own, which I have found, doesn't always happen on RPM, apt-get or FreeBSD systems. I also found that Debian tended to be a little slow to update to newer releases, at least in the past, and that just didn't work for me either. One of my friends is an avid Debian user and I believe a package maintainer for some package or another. Nothing against it, just didn't float my boat. I'm old school though. I was the first HP-UX 9000 admin in Canada and I've used Slack since before 0.92 Linux kernel. I used to have code in the kernel (Adaptec 1450 SCSI driver if I remember correctly) as well and from that I just prefer to be able to compile from source and have it work. My partner is a hardcore Fbsd fan and he hates it when he needs to install Linux (Slackware always) to run some app correctly, Asterisk springs to mind as a good example, as well as some more esoteric GIS (mapping) apps. Regards, Rick
Re: [toaster] CHKUSER Problem
Sam Laffere wrote: Rick Macdougall wrote: Sam Laffere wrote: Sorry this is so long. Problem: 7 domains do not have invalid users blocked by CHKUSER, 14 domains work correctly. Details: Server set up with Shupp Toaster in early November 2006. Only variance is using maildrop and mailfilter to sort spam into folders. Summary: 21 domains were moved from previous vpopmail based mail server. There is no logic I can find as to why 7 of the domains do not block non-existing recipients at the qmail-smtpd point. The problem seems to be CHKUSER, but I am sure it is not a broken CHKUSER, but just something silly I am missing. The domains were moved a couple at a time from the old server, not in any order. I keep wondering if some little change happened after doing the first 14, and that somehow is affecting the 7 not working. I know that when I started moving the domains, I did a vadddomain for some of the first domains, but may not have done that for some of the later domains. My recollection is that I started out believing I needed to do that for each one. I know I am leaving out lots of details. I can readily provide any requested. I have looked through the archive, and can add the following: All files are owned vpopmail.vchkpw in all domains. All domains have the following in .qmail-default: | /usr/local/bin/maildrop /home/vpopmail/domains/domainname.net/mailfilter and all domains have mailfilter linked like this to the same file. mailfilter - ../mailfilter All permissions match between a working and a non-working domain. vqadmin says CatchAll: mailfilter for both of the following domains. If I click any option, it overwrites my .qmail-default. Hi, Unless you modified the source of chkusr, it requires bounce-no-mailbox in the .qmail-default file. If that is not there, it lets all messages in, regardless of the user existing or not. Regards, Rick Rick, Thanks for the reply. I don't believe I modified the chkusr source. Both domains are using the same mailfilter file due to the symbolic link. I forgot to mention that the 'domains' folder is mounted with NFS as follows: mounting info --- supermail:/home/vpopmail/domains# mount 10.0.2.2:/home/vpopmail/domains on /home/vpopmail/domains type nfs (rw,hard,intr,addr=10.0.2.2,addr=10.0.2.2) - As far as I can tell, everything is identical between the domains. I have pasted info below in case somebody sees something I don't see. I have just stated some of the files to confirm that they are identical, and still midkan.com fails to block. -midkan.com--- supermail:/home/vpopmail/domains/midkan.com# cat .qmail-default | /usr/local/bin/maildrop /home/vpopmail/domains/midkan.com/mailfilter #| /home/vpopmail/bin/vdelivermail '' /home/vpopmail/domains/midkan.com/postmaster supermail:/home/vpopmail/domains# ls -al midkan.com/ total 100 -rw--- 1 vpopmail vchkpw 155 2007-01-02 14:12 .qmail-default lrwxrwxrwx 1 vpopmail vchkpw 13 2006-12-01 13:38 mailfilter - ../mailfilter --tri.net--- supermail:/home/vpopmail/domains/tri.net# cat .qmail-default | /usr/local/bin/maildrop /home/vpopmail/domains/tri.net/mailfilter #| /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox #| /home/vpopmail/bin/vdelivermail '' Hi, Make the #| /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox the first line in the .qmail-default file and see if that doesn't fix it. It should. Regards, Rick
Re: [toaster] CHKUSER Problem
Sam Laffere wrote: Problem is not fixed yet, but I just replaced the .qmail-default file, and the midkan.com domain is now rejecting using CHKUSER. All I did was edit the file back to : cat .qmail-default | /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox #| /usr/local/bin/maildrop /home/vpopmail/domains/midkan.com/mailfilter #| /home/vpopmail/bin/vdelivermail '' /home/vpopmail/domains/midkan.com/postmaster I will keep troubleshooting to try to figure this out, but I can at least tell it is related to this file somehow. Solution !! It seems the .qmail-default file needs to have the line #| /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox Actually it can just be #bounce-no-mailbox I wasn't sure if it had to be on the first line or not. Alternatively you can edit the chkusr source and change bounce-no-mailbox to mailfilter if that is easier. Regards, Rick
Re: [toaster] strange delay on smtp connections
Jose wrote: Hi...I'm experiencing a problem with my smtp server: a long delay when users connects to it: [EMAIL PROTECTED] root]# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. --- 30 - 120 seconds delay 220 domain.com ESMTP What can cause this delay ?:( I'm using smtp-auth, no rblsmtpd, no clamav, no simscan, no spamassassin... Thanks in advance for any help Hi, That's usually a DNS timeout. What flags are you using with tcpserver ? Regards, Rick
Re: [toaster] strange delay on smtp connections
Carlos Solano wrote: I think relays.ordb.org is not working any more. I had the same issue, removed it and the problem was solved. Yup, you are correct and that should fix the OP's problem. Rick
Re: [toaster] Mailing List question
Nitchi DaMon wrote: Ok, here is an update... the server clamed down for the last few days after blocking more and ore of APNIC addresses and LACNIC addresses. But I have seena huge increase in .ca sites now and all doign the same things... RCPT to to an invalid user. While the front end toasters are coming back invalid user and rejecting it, the frequency has dramatically increased. I was running for a few days here about 60/1600 now, its back full all day again. Its nuts! I read all I coudl about open relays and have tested the servers and they came back clean BUT I noticed I did not have the host names int eh RUN file as shown. Ok that done, I reran the abuse.net tests and I failed??? Huh? Hunh ? You put host names in the run file ?? What exactly do you mean by that ? Regards, Rick
Re: [toaster] Problem with an open relay
Matthew Walker wrote: On Tue, January 9, 2007 4:44 am, [EMAIL PROTECTED] wrote: but we see message header ,we can see any valid username ,but we see the From HEADER is 168.1.49.97dgrrtgr and no [EMAIL PROTECTED] Return-Path: Received: (qmail 10514 invoked by uid 89); 8 Jan 2007 01:04:33 - Received: by simscan 1.2.0 ppid: 10447, pid: 10511, t: 0.2801s scanners: attach: 1.2.0 clamav: 0.88.7/m:41/d:2352 Received: from unknown (HELO winxp) ([EMAIL PROTECTED]) by 0 with ESMTPA; 8 Jan 2007 01:04:33 - From: 168.1.49.97dgrrtgr Subject: =?GB2312?B?yeixuM6s0N653MDt?= To: [EMAIL PROTECTED] Content-Type: text/plain MIME-Version: 1.0 Content-Transfer-Encoding: base64 Date: Mon, 8 Jan 2007 09:08:40 +0800 Headers are NOT reliable. Once a client has authenticated with a valid username and password, they can say whatever they want about who they are for the rest of the conversation. Seriously, you have a compromised account, or a user who is intentionally spamming through your server. Shut them down. Hi, Just a thought. Did you upgrade over an older copy of the toaster ? Perhaps one where the smtp-auth code required the domain.com name listed in the run file ? If so, when you upgraded did you just use the old run file and not upgrade as you should, there by leaving yourself as an open relay (because using the old run file with the new code allows anyone to authenticate) ? Regards, Rick
Re: [toaster] Mailing List question
Nitchi DaMon wrote: I wanted to search through the mailing list to see if someone was experiencing what I am. I noticed that on the www.shupp.org website the link to the list which is how I got onto the list in the first place) and its searchable. I also that the most recent emails onto this list are as of 05/20/2006 am I looking at this right or is there a glitch that the newer emails are not making it into the list? Great product and mods! My problem is more of questions with the null sender. It seems that I am getting slammed with tons of spam as of nov 1,2006 and installed the toaster as the front end to the mail mail mailserver. the toaster is getting slammed hard and 99% of the emails are from null sender. Is it spam or bounces ? Is addressed to valid users or unknown users ? Are you rejecting mail to unknown users ? I'm going to guess, since you didn't tell us, that it's bounces and mail to unknown users and you aren't rejecting unknown users for some reason. Here's a nice regex for simscan to reject those. :clam=yes,spam=yes,regex=^Subject.*failure\snotice.*:^Subject.*Delivery\sStatus\ sNotification.*:^Subject.*Mail\sdelivery\sfailed.*:^Subject.*Returned\smail.*:^S ubject.*Undelivered\sMail.*:^Subject.*DELIVERY\sFAILURE.*:^Subject.*Message.Deli very.Failed.*:^Subject.*Undeliverable.*:^Subject.*mail.delivery.status.*:^Subjec t.*Undeliverable\sMail.*:^Subject.*Mail\sSystem\sError.*:^Subject.*Returned\sMai l.*:^Subject.*[D|d]elivery\s[F|f]ail.*:^Subject.*Undelivered\smail.*:^Subject.*f ailure\snotice.*:^Subject.*Envio\sde\scorreo\sfallido.*:^Subject.*Delivery\sNoti fication.*:^Subject.*Notificaci.*:^Subject.*Benachrichtung.*:^Subject.*BULK\sEMA IL\sfrom\syou.*:^Subject.*Delivery_failure.*:^Subject.*bulk\semail\sfilter.*:^Su bject.*Non\sdelivery\sreport.*:^Subject.*Information Response from listserver.* Happens here all the time, and we aren't rejecting unknown users because we are in the middle of a mail server migration that hasn't been completed yet so the forward facing MX servers don't know which users are valid. Regards, Rick
Re: [toaster] vpopmail install
Crispin Rugemalira wrote: hello friends, I am following instructions on how to set up qmail toaster. I am stack at installation of vpopmail. the following is the error message I get [EMAIL PROTECTED] courier-imap-4.1.0]# [EMAIL PROTECTED] courier-imap-4.1.0]# su vpopmail [EMAIL PROTECTED] courier-imap-4.1.0]$ ./configure --with-redhat configure: error: cannot find sources (imap/imapd.c) in . or .. [EMAIL PROTECTED] courier-imap-4.1.0]$ I am using fedora core 5 platform. Please help me. Who is the owner of the courier-imap-4.1.0 and the files within it ? Does the vpopmail user have read access to the files ? Regards, Rick
Re: [toaster] Spamassassin per-user preferences
B Kreps wrote: Greetings, I'm attempting to get per-user preferences working for spamassassin filtering and I wanted to know what solutions other shupp-toaster users are using. I've attempted (read: spent hours) to get the Squirrelmail sasql plugin to work, but the inclusion of this plugin causes user's messages in Squirrelmail to appear empty! Not sure why sasql interferes with messages...argh... So before I go wading through the PHP to find out the why and how, or spill my guts on this list with all the gorey details of my hacking I want to find out if anyone else has a better solution for this feature. Regards, Brian We use MySQL based preferences, using the webspam interface that I inherited from someone else. It's available at http://mail.limelyte.net/downloads/standalone3.0.tgz That version should also work with 3.1.x but does require global variables to be on in php.ini. I don't maintain it anymore because none of our users used it. It would be nice if someone who does need it would make a step forward and fix it up so register_globals isn't required anymore and maybe make it a bit more modular. One user, I believe he's on this list, ported it to a Squirellmail interface and did remove the register_globals requirement, but I believe it was only for 2.x. Same reason I stopped using DSPAM, users complain about the spam they get but for the most part they seem to be unwilling to spend a minute or two a day helping to stop it. Regards, Rick
Re: [toaster] Are simscan and spamd working properly?
B Kreps wrote: Hello, I've installed Bill's complete toaster (minux TMDA and Qmailmrtg7) and everything is working as desired except Spamassassin doesn't seem to be scanning any emails. I'm using Bill's default /etc/mail/spamassassin/local.cf (minus the languages_ok all directive which he's advised removing in this mail list), spamd has been started by supervise, but when I tail /var/log/spamd/current I can only see the daemon startup like so: 2006-05-12 04:53:24.679143500 [4948] info: spamd: server started on port 783/tcp (running version 3.1.1) 2006-05-12 04:53:24.679431500 [4948] info: spamd: server pid: 4948 2006-05-12 04:53:24.684538500 [4948] info: spamd: server successfully spawned child process, pid 2218 2006-05-12 04:53:24.707166500 [4948] info: spamd: server successfully spawned child process, pid 2219 2006-05-12 04:53:24.711146500 [4948] info: prefork: child states: II Tailing /var/log/qmail/current I see only mails coming and going, but no mention of any scanning. I've tried sending the GTUBE email that I found on apache.org, but sending that from a remote address shows no evidence of scanning either. What should I see in these logs if email is being scanned? Am I in the right place? Any example log output or help would be greatly appreciated. How did you configure simscan and what's in the simcontrol file ? Rick
Re: [toaster] Mail Queue...
Damian Barry wrote: All, I have been sending out email campaigns to a list of 50 - 60,000. I notice that the mail queue has about 30,000 that are just trickling out (about 100 per minute). Is this typical?! Should I expect a campaign of that size to take 12 hours to run? DNS lookups are quick when tested from the command line. The mail is just HTML text, no attachments. My hardware is modest, older P4 with 512MB on RedHat 9. I’m running the last toaster before the most recent update. Any ideas? Should I slow down the rate at which I inject mail into the queue? Should I re-evaluate the hardware? Depends on a lot of things. remoteconcurrency, bandwidth available, big-to-do patch etc. What is your current remoteconcurrency set to and how much bandwidth do you have available ? Regards, Rick
Re: [toaster] Mail Queue...
Damian Barry wrote: Looks like mostly default settings, are there unix settings I should check also? We have a T1 here, 1300+ kbps up (which is 99% available off hours when we run, and probably 95% available all other times). Damian [EMAIL PROTECTED] bin]# ./qmail-showctl qmail home directory: /var/qmail. concurrencyremote: (Default.) Remote concurrency is 20. Increasing your concurrencyremote will help a lot. You'll have to play with the value depending on the size of out going messages and available bandwidth but I'd try upping it to 50 and restarting qmail-send and see how that works. Edit /var/qmail/control/concurrencyremote and just but 50 on the first line, then svc -t /service/qmail-send Check your bandwidth and increase or decrease as needed. Regards, Rick
Re: [toaster] pop3 ssl problem
Alex Dean wrote: I've had a toaster setup going for a few months with no problems. I'd like to enable the pop3s service, but I am having problems getting it running. ### kiltlifter:/var/log/qmail/pop3ds# tail current @4000445a3cb21b8203dc tcpserver: status: 1/40 @4000445a3cb21b84a7a4 tcpserver: pid 21341 from 192.168.0.1 @4000445a3cb21b856324 tcpserver: ok 21341 0:192.168.10.100:995 :192.168.0.1::52220 @4000445a3cb21bc9f9bc 2006.05.04 10:40:56 LOG5[21341:16384]: Using 'qmail-popup' as tcpwrapper service name @4000445a3cb21c3820f4 2006.05.04 10:40:56 LOG5[21341:16384]: Could not load DH parameters from /var/qmail/control/servercert.pem @4000445a3cb21c39170c 2006.05.04 10:40:56 LOG4[21341:16384]: Diffie-Hellman initialization failed @4000445a3cb21c432544 2006.05.04 10:40:56 LOG3[21341:16384]: Error reading certificate file: /var/qmail/control/servercert.pem @4000445a3cb21c44e67c 2006.05.04 10:40:56 LOG3[21341:16384]: SSL_CTX_use_certificate_chain_file: error:0906D06C:PEM routines:PEM_read_bio:no start line @4000445a3cb21c4bb0c4 tcpserver: end 21341 status 256 @4000445a3cb21c4c1a3c tcpserver: status: 0/40 kiltlifter:/var/log/qmail/pop3ds# ls -l /var/qmail/control total 44 lrwxrwxrwx 1 root root33 2006-05-04 10:28 clientcert.pem - /var/qmail/control/servercert.pem -rw-r--r-- 1 root root 3 2005-10-01 19:16 concurrencyincoming -rw-r--r-- 1 root root11 2005-10-01 19:15 defaultdelivery -rw-r--r-- 1 root root13 2005-10-01 19:13 defaultdomain -rw-r- 1 vpopmail qmail 245 2006-05-04 10:32 dh1024.pem -rw-r- 1 vpopmail qmail 156 2006-05-04 10:32 dh512.pem -rw-r--r-- 1 root root 0 2006-03-29 09:57 locals -rw--- 1 root root 0 2006-03-29 09:57 locals.lock -rw-r--r-- 1 root root13 2005-10-01 19:13 me -rw-r--r-- 1 root root13 2005-10-01 19:13 plusdomain -rw-r--r-- 1 root root 100 2006-03-29 09:57 rcpthosts -rw--- 1 root root 0 2006-03-29 09:57 rcpthosts.lock -rw-r- 1 vpopmail qmail 493 2006-05-04 10:32 rsa512.pem -rw-r- 1 vpopmail qmail 2197 2006-05-04 10:28 servercert.pem -rw-r--r-- 1 root root 200 2006-03-29 09:57 virtualdomains -rw--- 1 root root 0 2006-03-29 09:57 virtualdomains.lock ### I found an error identical to this in the mailing list archives : http://www.mail-archive.com/toaster@shupp.org/msg03349.html Rick's suggestion was to delete /var/qmail/control/*pem and rerun 'make cert' and 'update_tmprsadh'. I did both of these things, and the error persists. I initially discovered that I did not have stunnel installed, so I have also installed it today. I then copied stunnel.conf from the toaster scripts to /var/qmail/supervise/qmail-pop3ds/. I don't know if this is related or not, but it seemed like a possibility. Might it be a permissions problem ? Is stunnel running as vpopmail so it can read the file ? Error reading certificate file: /var/qmail/control/servercert.pem seems like a permissions problem to me. Maybe as a test, chmod 666 servercert.pem and see if you get the same error. Rick
Re: [toaster] dovecot imap server
Michael McCallister wrote: Hello, Just wondering if anyone has used dovecot (http://www.dovecot.org/) with the toaster. As of last month, their betas support Maildir++ quotas. I have been hoping to find something that is faster than courier since it struggles to serve my inbox sometimes. From their homepage: Dovecot should be pretty fast. There are still some optimizations that could be done, but I believe it already beats most of the other IMAP servers in overall performance. This is mostly because of index files that Dovecot maintains; instead of having to scan through all the data in a mailbox, Dovecot can get most of the wanted information from its indexes with little effort. Dovecot's indexes can scale to a huge amount of messages per mailbox without hardly any noticeable slowdown. I've tested only up to 367000 mails, but even millions of messages shouldn't be a problem. It sounds like this may be what I am looking for, but was wondering if anyone with a toaster install found it caused problems. Also, if anyone does run dovecot, did you notice a speedup compared to courier (mostly on folders with lots of messages)? Michael Hi, I'm downloading and installing it now. I have one folder that takes 123 seconds to load under Courier, 44 seconds to load under Binc, and I'll let you know in a few how long it takes under Dovecot. Regards, Rick
Re: [toaster] dovecot imap server
Rick Macdougall wrote: Michael McCallister wrote: Hello, Just wondering if anyone has used dovecot (http://www.dovecot.org/) with the toaster. As of last month, their betas support Maildir++ quotas. I have been hoping to find something that is faster than courier since it struggles to serve my inbox sometimes. From their homepage: I have one folder that takes 123 seconds to load under Courier, 44 seconds to load under Binc, and I'll let you know in a few how long it takes under Dovecot. Well I downloaded beta7 and had compile issues with mysql. I looked and saw that it was recommended to upgrade to the latest mysql version. I did that and the 3 sha1 errors I had were gone only to be replaced by about 30 other errors. I'm thinking it's not quite ready for prime time. Regards, Rick
Re: [toaster] How can I install /usr/local/bin/maildrop and courier´s preline wrapper??
GoodnGo.de (R) Zentrale wrote: Hello all, How can I install /usr/local/bin/maildrop and courier´s preline wrapper?? Where can I get the sources? Oliver http://www.google.ca/search?sourceid=navclient-ffie=UTF-8rls=GGGL,GGGL:2005-09,GGGL:enq=maildrop First match on google.
Re: [toaster] Problem w/ POP3 over SSL/TLS
Aaron Gray wrote: Following shupp.org http://shupp.org Toaster I am able to successfully do IMAP and SMTP over SSL/TLS, but I cannot connect via POP Here's some 411 RedHat Enterprise Linux 4 AS Just installed the toaster from scratch, so its current to his 0.8.7 Thoughts?? I just notice multiple openssl vers it seems there.. Hrmm... ? Version of stunnel you are using ? I believe the toaster is setup for 3.x and Rehat has 4.x installed. Regards, Rick
Re: [toaster] Problem w/ POP3 over SSL/TLS
Aaron Gray wrote: Good good call.. stunnel-4.05-3 I re-read the toaster and noticed some notes about v4. made the updates. fixed! De Nada. Rick
Re: [toaster] linking with djbdns
Bill Shupp wrote: Ingo Claro wrote: Excuse my ignorance... but isn't dnscache = djbdns? so you just install that instead of bind and qmail works fine? Yes. The patch in question actually replaces the libresolv routines in qmail (which do the talking to the dns server), with the ones from the djbdns package. I think that could be a nice contribution to the toaster in the optionals section. I can help test it if you like, don't know the setup myself. While it's interesting, it's very low priority for me, so I won't be implementing it any time soon, if at all. Regards, Bill I think he meant adding djbdns's dnscache program to the toaster, not the qmail+djbdns patch. Or at least that's how I read it. Might be a simple add on as an option like clam or SA at the bottom. I'd be willing to write that up if you want. Regards, Rick
[toaster] djb dnscache option
Hi, Since I have it scripted already --- cut here --- cd /var/src/tar # dnscache wget http://cr.yp.to/djbdns/djbdns-1.05.tar.gz cd /var/src tar -xzvf tar/djbdns-1.05.tar.gz cd djbdns-1.05 #below is only needed for Linux machines echo gcc -O2 -include /usr/include/errno.h conf-cc make make setup check /usr/sbin/useradd dnscache /usr/sbin/useradd dnslog dnscache-conf dnscache dnslog /etc/dnscache echo 6000 /etc/dnscache/env/CACHESIZE echo 6500 /etc/dnscache/env/DATALIMIT ln -s /etc/dnscache /service --- cut here --- Regards, Rick
Re: [toaster] djb dnscache option
Alex Dean wrote: On Apr 11, 2006, at 4:47 PM, Rick Macdougall wrote: dnscache-conf dnscache dnslog /etc/dnscache Do you need a 'cp' at the beginning of this line? As Bill said, no, it's a program. But I didn't include instructions for modifying /etc/resolv.conf to use nameserver 127.0.0.1 and to stop Bind from running (or alternatively from listening on 127.0.0.1) Regards, Rick
Re: [toaster] whitelisting an email address
Noel Sanchez wrote: How do I whitelist an email address or a domain? I have spamassassin installed per the toaster and have set the spam level to 5. A certain domain for some reason is being marked as 8, but I need to allow them access to send us email. I have searched archives and spamassassin but only read about editing user_prefs. I don’t have user_prefs for each user. @4000442c0e3c2ad87ba4 [32041] info: spamd: connection from mail [127.0.0.1] at port 41001 @4000442c0e3c2fcf8a44 [32041] info: spamd: processing message [EMAIL PROTECTED] for clamav:89 @4000442c0e3d113dfa84 [32041] info: spamd: identified spam (7.5/5.0) for clamav:89 in 0.6 seconds, 2047 bytes. @4000442c0e3d115128ac [32041] info: spamd: result: Y 7 - AWL,BAYES_00,HTML_MESSAGE,MSGID_DOLLARS,RATWARE_MS_HASH,RATWARE_OUTLOOK_NONAME scantime=0.6,size=2047,user=clamav,uid=89,required_score=5.0,rhost=mail,raddr=127.0.0.1,rport=41001,mid=[EMAIL PROTECTED],bayes=0,autolearn=no man Mail::SpamAssassin::Conf look for whitelist You can place them in your /etc/mail/spamassassin/local.cf and restart spamd. Regards, Rick
Re: [toaster] attacked by spammer
saki wrote: Dear all, My mail server is attacked by spammer. I could not find any solution to stop this attack. Here is output from /var/log/qmail/current @4000442c433d07da23b4 status: local 0/10 remote 19/20 @4000442c433d07da373c starting delivery 588: msg 1170472 to remote [EMAIL PROTECTED] @4000442c433d07da4ac4 status: local 0/10 remote 20/20 @4000442c433d0f2e44c4 delivery 558: success: 168.95.5.17_accepted_message./Remote_host_said:_250_EAA20464_Message_accepted_for_delivery/ @4000442c433d0f2e601c status: local 0/10 remote 19/20 @4000442c433d0f2e778c starting delivery 589: msg 1170472 to remote [EMAIL PROTECTED] @4000442c433d0f2e8b14 status: local 0/10 remote 20/20 @4000442c433f226d7bf4 delivery 568: failure: 202.160.80.150_does_not_like_recipient./Remote_host_said:_554_M.5_[EMAIL PROTECTED]..._User_unknown(Local_Mailbox)/Giving_up_on_202.160.80.150./ @4000442c433f226d9b34 status: local 0/10 remote 19/20 please would you suggest me how to coup with this attack? Sounds like you have a web based email form or a compromised user or machine that is feeding the spam into your machine. I'd check the messages themselves to see where the headers said they came from. Rick
Re: [toaster] Emails stuck in local queue
Dennis Erickson wrote: Dennis Erickson wrote: Bill Shupp wrote: Dennis Erickson wrote: My users send emails with attachments that are usually around 10 to 12 mb per file to each other. The problem I am running into is that these emails are taking in upwards of an hour or more to be delivered to each other. These are strictly local emails. I've googled a few different ideas on this one and keep running into a brick wall... Any help or pointers in the right direction would be greatly appreciated. This may be of interest - I ran - ps axu - the following caught my eye... vpopmail 7458 0.0 0.0 2780 300 ?S09:00 0:00 bin/qmail-local -- domain.com /home/vpopmail/domains/domain.com domain.com-user - user domain.com [EMAIL PROTECTED] ./Maildir could this be a vpopmail issue? What version of vpopmail are you running and what options was it compiled with ? Rick
Re: [toaster] Greylisting
ElusiveMind wrote: Has anyone had luck in implementing the graylisting patch into the toaster? I've patched it, and compiled it in (along with the qmailtap patch) and mail seems to not be getting through. This is a development system so I'm going to let it sit a while and see if it just takes longer than the hour or so I've given it. I just was curious as to how many have implemented it into the toaster and what your results were. Hi, I run it on a few servers but I changed the default second attempt time to 1, so as soon as a server tries again, it is allowed through. Rick
Re: [toaster] Toaster compromised? Or system?
David wrote: *warning long email* Hi all, We have been running a Shupp toaster for about 18 months on a Redhat 9 box, and the other day it appears it was compromised by spammers. I thought if I posted a few things I found about the system drive perhaps someone might be able to help me figure out how/how to prevent this... apache 32499 32498 0 Feb08 ?S 0:00 \_ perl /tmp/dc.txt 67.159.2 apache 32503 32499 0 Feb08 ?S 0:00 \_ /bin/bash Hi, I believe that is the xmlprc exploit against apache/php (could be the phpbb exploit, but I'm pretty sure the dc.txt is part of the xmlrpc). Upgrade your php and apache, find the xmlrpc.php in question and fix it. You can then use a tool like qmail-remove to clean out the queue. Regards, Rick
Re: [toaster] Toaster compromised? Or system?
David wrote: Rick Macdougall wrote: Hi, I believe that is the xmlprc exploit against apache/php (could be the phpbb exploit, but I'm pretty sure the dc.txt is part of the xmlrpc). I'm running php 4.3.10 and I can't find any information about a xmlrpc exploit; I also can't find any entries in my logs about dc.txt. I will keep looking. http://news.netcraft.com/archives/2005/07/04/php_blogging_apps_vulnerable_to_xmlrpc_exploits.html Regards, Rick
Re: [toaster] 0.8.6
Bill Shupp wrote: PS: Simscan stable version is 1.2 ( with new features : RELAYCLIENT log line, --enable-spam-auth-user ) I plan to use it, along with the patch for calling ripmime with --disable-qmail-bounce. But for the record, it's not listed as stable, but rather test here: Just FYI, I have simscan 1.2 and the --disable-qmail-bounce patch running on a few servers here, nothing untoward to report. Regards, Rick
[toaster] MIssing vpopmail
Hi Ken, The http://shupp.org/software/vpopmail-5.4.13.tar.gz does not exist on your server but is listed on the toaster web page. Rick
Re: [toaster] Run chkuser before greylisting
Mick wrote: Dear list, Is that possible to run chkuser first and then greylisting? I found that my domains are forged by spamers. There are a lot of bounced messages which make my servers too busy to take record for greylisting. My idea is that if the user is non-exist, just bounce the message at smtp level, then greylisting won't keep the record in the database. It should be able to keep the greylisting database small. Any idea?? Thanks a lot. Hi, Just edit qmail-smtpd.c and move the greylisting code below the chkusr code. It's 3 or 4 lines to move. I do it on all my servers. Regards, Rick
Re: [toaster] Update for Greylisting
Bill Shupp wrote: Mick wrote: Bill Shupp wrote: Thanks for the tip, I'll put it in a shell script, and make a note of it on the site. This is done. See http://shupp.org/ for details. Regards, Bill Shupp I would suggest to optimize the table. That is why I added OPTIMIZE TABLE relaytofrom. You run that query in addition? Or as part of the delete query? Regards, Bill If you want to do that, do it nightly or weekly, or even monthly. An OPTIMIZE TABLE locks the table till it is completed and would not work so goodly in a high load environment. Just my $0.02 My greylist table before an Optimize records SizeOverhead relaytofrom 27,714 MyISAM18.0 MB 7,020 KB after an Optimize relaytofrom 27,717 MyISAM4.9 MB 0 KB The Optimize took approx 2.3 seconds to run. I've never run an Optimize on it before so that's a year of queries or so on a moderately busy server. Rick
Re: [toaster] pop3s problem
Yalcin Cekic wrote: Hi All, I have debian sarge mailbox. Sudenly pop3s stoped. When I check the log I see that tcpserver: pid 6630 from 10.0.0.40 tcpserver: ok 6630 0:193.255.84.149:995 :81.215.215.97::11419 2005.12.17 01:23:06 LOG5[6630:3083430656]: Using 'qmail-popup' as tcpwrapper service name 2005.12.17 01:23:06 LOG5[6630:3083430656]: Could not load DH parameters from /var/qmail/control/servercert.pem 2005.12.17 01:23:06 LOG4[6630:3083430656]: Diffie-Hellman initialization failed 2005.12.17 01:23:06 LOG3[6630:3083430656]: Error reading certificate file: /var/qmail/control/servercert.pem 2005.12.17 01:23:06 LOG3[6630:3083430656]: SSL_CTX_use_certificate_chain_file: error:0906D06C:PEM routines:PEM_read_bio:no start line I dont know why /var/qmail/control/servercert.pem corrupted and howto solve this problem. Thanks for your helps, Y.C Hi, If it is a new install have you run the update_tmprsadh ? If it's an old install, the the servercert.pem file over a year old ? If it's an old install remove /var/qmail/control/*.pem cd /var/src/netqmail-1.05/netqmail-1.05 make cert Regards, Rick PS backups are better than just rm /var/qmail/control/*.pem
Re: [toaster] greylisting update 20051215
Bill Shupp wrote: I have updated the greylisting patch to apply over the 0.8 patch cleanly. It also supports configuration via environment variables, rather than compiled in values, as well as logging to standard error. Please see the top of the patch for details: http://shupp.org/patches/greylisting-20051215.patch Thanks to Joshua Megerman for the environment config patch. Regards, Bill Shupp Just fyi, I find the 55 minute timeout way to high for most server installations. I'd consider changing to the default to at least 14 (as most real mail servers retry after 15 minutes). I currently run it at 1 minute and I've found no additional spam vs the 55 minute current default. YMMV! Regards, Rick
Re: [toaster] Relay problems - rcpthosts.
Nick Gilbert wrote: Hi, I have a local domain configured in rcpthosts and virtualdomains, but if I try and send mail from this domain I get the error: Sorry, that domain isn't in my list of allowed rcpthosts (#5.5.3 - chkuser) But the domain *IS* in my rcpthosts file, so why is qmail saying this? Does something in Bill's Toaster instructions disable support for entries in rcpthosts for the purposes of sending mail? The domain concerned can receive e-mail perfectly OK. Any help with this problem would be greatly appreciated as currently I'm having to use a server which is due to be decommissioned to send all my mail from. Hi, You have to allow relaying for the IP you are sending from. Just because the From domain is listed in rcpthosts doesn't mean the To domain is going to be allowed. You can allow relaying with smtp-auth, pop before smtp or by specifically allowing your IP to relay. HTH Rick
Re: [toaster] Problems with courier .... pls see below
Rick Macdougall wrote: [EMAIL PROTECTED] wrote: Hi all, when trying to update an old toaster installation to the new courier versions, i'm getting the following error when trying to install courier authd: checking for crypt... yes checking for crypt() prototype... 0 Cannot obtain information for userid 89: No such file or directory Any hints where the problem is and how to solve it? Running on a Suse 9.1 installation, dual xeon system. Help would be great tia Andreas Hummm, Kinda rings a bell. Is there a courierconfig or something similar in your path from the old install? updatedb and locate courier. Something is giving the old info to the new install. Rick Is this with the 4.x series courier ? Rick
Re: Ant: Re: Ant: Re: [toaster] Problems with courier .... pls see below
[EMAIL PROTECTED] wrote: --- Rick Macdougall [EMAIL PROTECTED] schrieb: [EMAIL PROTECTED] wrote: --- Rick Macdougall [EMAIL PROTECTED] schrieb: Is this with the 4.x series courier ? Rick Yes ... previous install was 3.x, now i tried to update to the provided 4.x Hi, Yah, there is some sort of authlib or confauth or something that it tries to run in the configure process if it exists. I had the same problem once. I think it was in /usr/local/authlib/something something. Can't help more because I had too many issues with the 4.x series and went back to the 3.x series. Regards, Rick Tried this - without any luck. And as I saw now, incoming mails are not delivered ... delivery 12: deferral: Unable_to_chdir_to_maildir._(#4.2.1)/ Back to the courier problems: Cannot obtain information for userid 89: No such file or directory This message comes from authinfo.c static int getmuid() { struct passwd *pw=getpwnam(MAILUSER); if (pw == NULL) { perror(Cannot obtain information for user MAILUSER); exit(1); } return (pw-pw_uid); } where is the error? in my opinion it can only be the getpwnam ... but this is all of my coding experience :( Anyway, thanks for your help, Rick Hi, No, the error is not from authinfo.c, one is userid the other is user. Gimme a few and I'll download the 4.x series and see where it is exactly, I'm pretty sure it comes from the auth deamon, not courier itself. Rick
Re: Ant: Re: Ant: Re: Ant: Re: [toaster] Problems with courier .... pls see below
[EMAIL PROTECTED] wrote: Hi, No, the error is not from authinfo.c, one is userid the other is user. Gimme a few and I'll download the 4.x series and see where it is exactly, I'm pretty sure it comes from the auth deamon, not courier itself. Rick You are right (there is a line with userid in authinfo.c, but the error doesnt come from there). I think its after line 25606 in the configure script. But as i said ... i have no programming experience :) It would be great, if you find time to have a look on this. TIA Andreas Hi, I'm pretty sure it's coming from courierauthconfig, still checking though. That's part of the courier-auth package. Regards, Rick
Re: Ant: Re: Ant: Re: Ant: Re: Ant: Re: [toaster] Problems with courier .... pls see below
[EMAIL PROTECTED] wrote: --- Rick Macdougall [EMAIL PROTECTED] schrieb: Hi, Still installing and no errors yet. Question, did you follow the toaster exactly or did you adlib a bit ? After i tried to update only selected packages (which does not work) I tried a fresh install (removed all packeges, only the data dir is left), following the rules exactly. Both did not work :( I think I remember setting --uid 89 or something when I got that error before. I had the authdaemon working, according to ps | aux. But it was not responding to queries with the error no such file. So I tried to set the mailuser/group with the ./configure parameters and since this Im getting this error message. :( After one try the authdaemon wasnt starting any longer ... and re-compiling crashes with the mentioned error. *hmpf* Hi, Try stop courier-authlib rm -fr /usr/local/etc/authlib re-install following the toaster instructions. All should be well. I just finished upgrading one server to 4.04 courier and all is working. Rick
Re: [toaster] Updating expired certs
Marcus Williams wrote: On 03/10/2005 15:12, Rick Macdougall wrote: Move the old ones and re-run the make cert (and update_tmprsdha) and mkomapdcert Do I only need to mv/rm the servercert and clientcert.pem files (ones a sym link anyway)? Or should I mv/rm all the pem files in /var/qmail/control. imap/pop certs updated correctly in place. Hi, I'd mv them all, they will be re-created by the make cert and update_tmp... Rick
Re: [toaster] RE: How to bind qmail to specific IP address
Nelson Sabater wrote: Yeah, that's what my setup is now. But I would need to bind the other IP addresses to other mail server programs. Eero Volotinen [EMAIL PROTECTED] wrote:Nelson Sabater wrote: Hi there! I have three IP addresses on my server, but I just need one IP address to be used by qmail and vpopmail. How do I do that? I'm hoping for your help. Thanks. Hi, tcpserver accepts a host part. Instead of 0 use x.x.x.x where x.x.x.x is the IP you want to bind to. example for all IP's #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` exec /usr/local/bin/softlimit -m 2600 \ /usr/local/bin/tcpserver -v -H -R -l 0 \ -x /home/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /var/qmail/bin/qmail-smtpd domain.com \ /home/vpopmail/bin/vchkpw /bin/true 21 for specific ip #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` exec /usr/local/bin/softlimit -m 2600 \ /usr/local/bin/tcpserver -v -H -R -l 0 \ -x /home/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID x.x.x.x smtp \ /var/qmail/bin/qmail-smtpd domain.com \ /home/vpopmail/bin/vchkpw /bin/true 21 Regards, Rick
Re: [toaster] Re: Maildirsize not updated
Bill Shupp wrote: Tom Collins wrote: It's a bug in vdelivermail. I believe I've fixed it in 5.4.12 Is it present in 5.4.10? Bill Hi, No it is not. I'm running 5.4.12 here on one machine with no problems so far. Regards, Rick
Re: [toaster] Greylisting Install Problems
[EMAIL PROTECTED] wrote: Stephen Harmon wrote: Hi Jason. Thanks for responding. I compiled Mysql from source using the following configure options: |/./configure --with-openssl --with-isam --prefix=/usr/local/mysql/ I did a locate mysql.h on my server and found it in the following location: | //usr/local/mysql/include/mysql/mysql.h/ If I am not mistaken, it looks like the devel libraries are installed. Is it looking for it in a different location? Well, if you installed MySQL by hand, then yeah.. :) So, based on that, I'd say you probably need to add /usr/local/mysql/include/mysql to the paths checked for when compiling. You can do this by adding -I/usr/local/mysql/include/mysql to conf-cc I believe. OK, I added -I/usr/local/mysql/include/mysql to the conf-cc file. It currently looks like this: cc -O2 -DTLS=20040120 -I/usr/local/ssl/include -I/usr/local/mysql/include/mysql However, I still get the error during make. I also tried going in the same directory and made a symbolic link to /usr/local/mysql/include/mysql, but that didn't help. Any other ideas? Hi, Change line 15 of local_scan.c to match your location of mysql.h Regards, Rick
Re: [toaster] Virus Stats
Dan Scrimpsher wrote: Has anyone used the Virus Stats tool (available at http://www.limelyte.net/software.php?p=virusstats) for simscan with Bill's toaster setup? I was going to give it a whirl, but I didnt want to break the setup that I have running now. Its would be nice to be able show the management a number on the amount of viruses that have been caught. We all know how managment likes numbers. :-) Hi, I only released it 2 days ago but we've been running this back end in production for a couple of month's now and running the actually database and front end for a couple of years. Regards, Rick
Re: [toaster] Encrypted zip, doc, etc.
Rich Kasting wrote: My toaster is in a Cisco shop and we have to double-encrypt the zip files we send to clients, due to obvious security concerns. I had to turn off outgoing scanning to accommodate this, for now. There is a setting in clamav to turn zip file scanning off, but I'd still like to scan zips. Is there a way for it to scan unencrypted zips and let encrypted ones pass through? Hi, Just testing this now but it seems to work so far. On line 523 of libclamav/scanners.c, version 0.84 of clamav, change if(size != zdirent.st_size) { to if(!encrypted size != zdirent.st_size) { and recompile. Regards, Rick