Re: [vchkpw] Qmail alias and vpopmail/checkuser
Quey wrote: DAve wrote: I discovered something interesting the other day, something I really should have been paying attention to earlier. It would seem I cannot get an abuse address to work using qmail aliases in the /var/qmail/alias directory. Of course vadddomain does not create them for me. What is everyone else doing for abuse addresses with new domains? We have 450+ domains, most of which do not accept mail for abuse. I could knock out a quick wrapper for vadddomain, but a system wide alias would be killer as all abuse mail should come to myself and the other systems admin. your scripting process that executes adds the domain needs to be better written, ours adds the domains then adds the aliases... system(/home/vpopmail/bin/vadddomain -q 50MB $DOMAIN $PASS) == 0 or die AHFail(QmailAddDomainError); system(/home/vpopmail/bin/vadduser -q $DQUOTAM [EMAIL PROTECTED] $PASS) == 0 or die AHFail(QmailAddDU); system(/home/vpopmail/bin/valias -i [EMAIL PROTECTED] [EMAIL PROTECTED]) == 0 or die AHFail(QmailAddDAW) ; system(/home/vpopmail/bin/valias -i [EMAIL PROTECTED] [EMAIL PROTECTED]) == 0 or die AHFail(QmailAddDAI); system(/home/vpopmail/bin/valias -i [EMAIL PROTECTED] [EMAIL PROTECTED]) == 0 or die AHFail(QmailAddDAA); I don't have a wrapper around vadddomain, I said I could write a wrapper but I have not. I am wondering if there is anything I can do to have a global alias for abuse to save having an abuse address for every domain. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible.
[vchkpw] spam through blocking and chkuser..
Hello here is something very strange I have seen this morning.. I have dspam and tmda and when I looked a the logs of tmda this domain did not even showed up downloadsapple.com but I found the info in the smtp logs listed below so my question is how to prevent this one to come through? Does anyone have this problem? Have anyone seen it? smtpd 1016 grep downloadsapple.com * @400046c50c9002f0f3dc.s:@400046c4f56b1300f3bc CHKUSER accepted sender: from [EMAIL PROTECTED]:: remote mx2.downloadsapple.com:unknown:209.74.241.195 rcpt : sender accepted @400046c50c9002f0f3dc.s:@400046c4f56b2430946c CHKUSER accepted rcpt: from [EMAIL PROTECTED]:: remote mx2.downloadsapple.com:unknown:209.74.241.195 rcpt [EMAIL PROTECTED] : found existing recipient @400046c50c9002f0f3dc.s:@400046c4f56d03155844 simscan:[31694]:PASSTHRU (-2.30/6.00):1.3139s:Take our short Cigarette Survey and earn 100 bucks:209.74.241.195:[EMAIL PROTECTED]:[EMAIL PROTECTED]: current:@400046c54eef08ca927c CHKUSER accepted sender: from [EMAIL PROTECTED]:: remote mx7.downloadsapple.com:unknown:209.74.241.200 rcpt : sender accepted current:@400046c54eef169fb5bc CHKUSER accepted rcpt: from [EMAIL PROTECTED]:: remote mx7.downloadsapple.com:unknown:209.74.241.200 rcpt [EMAIL PROTECTED] : found existing recipient current:@400046c54ef00bdfb9ec simscan:[2865]:PASSTHRU (1.40/6.00):0.6944s:Americas Strongest Appetite Suppressant:209.74.241.200:[EMAIL PROTECTED]:[EMAIL PROTECTED]:
Re: [vchkpw] Qmail alias and vpopmail/checkuser
So you add all your new domains by hand ?? most of us have intergrated systems and something central that connects and doe sit all, be it a local custom CRM or one of the off shelf ones, so everything is linked, maybe you should be writing a wrapper :) DAve wrote: Quey wrote: DAve wrote: I discovered something interesting the other day, something I really should have been paying attention to earlier. It would seem I cannot get an abuse address to work using qmail aliases in the /var/qmail/alias directory. Of course vadddomain does not create them for me. What is everyone else doing for abuse addresses with new domains? We have 450+ domains, most of which do not accept mail for abuse. I could knock out a quick wrapper for vadddomain, but a system wide alias would be killer as all abuse mail should come to myself and the other systems admin. your scripting process that executes adds the domain needs to be better written, ours adds the domains then adds the aliases... system(/home/vpopmail/bin/vadddomain -q 50MB $DOMAIN $PASS) == 0 or die AHFail(QmailAddDomainError); system(/home/vpopmail/bin/vadduser -q $DQUOTAM [EMAIL PROTECTED] $PASS) == 0 or die AHFail(QmailAddDU); system(/home/vpopmail/bin/valias -i [EMAIL PROTECTED] [EMAIL PROTECTED]) == 0 or die AHFail(QmailAddDAW) ; system(/home/vpopmail/bin/valias -i [EMAIL PROTECTED] [EMAIL PROTECTED]) == 0 or die AHFail(QmailAddDAI); system(/home/vpopmail/bin/valias -i [EMAIL PROTECTED] [EMAIL PROTECTED]) == 0 or die AHFail(QmailAddDAA); I don't have a wrapper around vadddomain, I said I could write a wrapper but I have not. I am wondering if there is anything I can do to have a global alias for abuse to save having an abuse address for every domain. DAve
[vchkpw] smtp-auth and rblsmtpd
We have been using smtp-after-pop for a long time, but are also using smtp-auth for some purposes. When users authenticate via POP, a line like the following gets added to open-smtp: ww.xx.yy.zz:allow,RELAYCLIENT=,RBLSMTPD=,WHITELIST= 1187395788 This keeps the users from being affected by rblsmtpd. We added sorbs to our rblsmtpd to block dynamic IP pools, but it seems to be blocking our users that use smtp-auth. Our smtp-after-pop users work fine using the same dynamic IPs. We have some users that need to be able send via our servers but that do not have a POP account to authenticate against. Is there a way to get smtp-auth excluded from the rblsmtpd blocks? Trey Nolen
Re: [vchkpw] smtp-auth and rblsmtpd
Trey Nolen wrote: We have been using smtp-after-pop for a long time, but are also using smtp-auth for some purposes. When users authenticate via POP, a line like the following gets added to open-smtp: ww.xx.yy.zz:allow,RELAYCLIENT=,RBLSMTPD=,WHITELIST= 1187395788 This keeps the users from being affected by rblsmtpd. We added sorbs to our rblsmtpd to block dynamic IP pools, but it seems to be blocking our users that use smtp-auth. Our smtp-after-pop users work fine using the same dynamic IPs. We have some users that need to be able send via our servers but that do not have a POP account to authenticate against. Is there a way to get smtp-auth excluded from the rblsmtpd blocks? I would suggest starting another instance of qmail-smtpd on port 587 that does not use the rbls, and has its own tcp.submpt.cdb that allows anyone to connect, but does not ever set RELAYCLIENT. This allows all addresses, but will only allow relay for authenticated users. Port 587, is the default port for this kind of operation. My run file for the submission port is: #!/bin/sh QMAILUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` exec /usr/local/bin/softlimit -m 1000 \ /usr/local/bin/tcpserver -v -H -R -l 0 \ -x /mail/etc/tcp.submission.cdb -c $MAXSMTPD \ -u $QMAILUID -g $NOFILESGID 0 587 \ /var/qmail/bin/qmail-smptd \ /mail/bin/vchkpw /bin/true 21 /mail/bin/ is my ~vpopmail/bin, in absolute terms.
Re: [vchkpw] smtp-auth and rblsmtpd
I would suggest starting another instance of qmail-smtpd on port 587 that does not use the rbls, and has its own tcp.submpt.cdb that allows anyone to connect, but does not ever set RELAYCLIENT. This allows all addresses, but will only allow relay for authenticated users. Port 587, is the default port for this kind of operation. Thanks. We will start that, too. But, we do have a number of clients that are ALREADY using port 25 for smtp-auth. Is there any way to keep them from being affected by the rblmtpd? For instance, is there a way to pass a variable to tcpserver if the connection is authenticated via smtp-auth? Trey Nolen
Re: [vchkpw] smtp-auth and rblsmtpd
On 8/17/2007 9:13 PM, Trey Nolen wrote: being affected by the rblmtpd? For instance, is there a way to pass a variable to tcpserver if the connection is authenticated via smtp-auth? Not without patching. the process goes like this: user - tcpserver - rblsmtpd - qmail-smtpd (with smtp-auth) so, rblsmtpd has already intercepted your user before he's had the change to talk to qmail-smtpd and auth. there is at least one patch that puts rblsmtpd functionality inside qmail-smtpd for this purpose, but i'm having a hard time finding it. Based on http://lists.ziobudda.net/pipermail/qmail-it/2007-April/001698.html, I'm making an educated guess that the patch is at: http://lists.ziobudda.net/pipermail/qmail-it/attachments/20070410/7d59066d/qmail-dnsbl.bin -- Jeremy Kister http://jeremy.kister.net./
