Re: [vchkpw] logging capabilities
d...@stean.ch wrote: hello there, i am using vpopmail 5.4.17 with cdb backend and i would like to know if there are some real logging capabilities for it. i have a rather big tool chain installed on the server around qmail and i need to have an overview of what happens with all the e-mails. this includes the path they took through that chain until they land inside the users maildir, or the reason and location they got rejected (spam,...). now, using for example vdelivermail with the option delete, qmail will log in either way that the delivery was successful, however, for the overall statistics i get a wrong result, because delete mail (wrong recipient) is not the same than a mail delivered to an existing account. as far as i know vdelivermail does not log anything? any plans for this ? You should really have the chkuser qmail patch installed and use bounce-no-mailbox instead of delete. Is there a reason why you are using delete rather than rejecting unknown users in the smtp conversation ? Regards, Rick !DSPAM:49f5b57f32684979047480!
Re: [vchkpw] logging capabilities
hello rick, yes i have two points why i dont use bounce-no-mailbox. one is dictionary based spamming, meaning that if one tries out hard enough, he will, by scanning with lots of recipients, find out what valid user accounts exist on my server. the other one is the problem called backscatter, sending spam by bouncing back. although there seems to be a patch in the wild for the latter. however, if the patch you mention would deny the communication, instead of reject the email, i would certainly use it. regards, stephan Quoting Rick Macdougall ri...@ummm-beer.com: d...@stean.ch wrote: hello there, i am using vpopmail 5.4.17 with cdb backend and i would like to know if there are some real logging capabilities for it. i have a rather big tool chain installed on the server around qmail and i need to have an overview of what happens with all the e-mails. this includes the path they took through that chain until they land inside the users maildir, or the reason and location they got rejected (spam,...). now, using for example vdelivermail with the option delete, qmail will log in either way that the delivery was successful, however, for the overall statistics i get a wrong result, because delete mail (wrong recipient) is not the same than a mail delivered to an existing account. as far as i know vdelivermail does not log anything? any plans for this ? You should really have the chkuser qmail patch installed and use bounce-no-mailbox instead of delete. Is there a reason why you are using delete rather than rejecting unknown users in the smtp conversation ? Regards, Rick !DSPAM:49f5c5c432681607416261!
Re: [vchkpw] logging capabilities
d...@stean.ch wrote: Backscatter exists only if you first accept the email and then later bounce it. By using bounce-no-mailbox, you tell the sending server during the smtp conversation that you are not going to accept email for that account as it does not exist, therefor you dont send backscatter, the other server however might. The chkusr patch is a very useful utility. You can configure how many invalid recipients to allow before ignoring the remaining smtp conversation. So if you set it to say 3, once the sending server gets 3 no such user hits, the rest of the addresses that are tried are ignored as being over threshold and circumventing the dictionary attack to a great extent. Deleting the spam, you are essentially saying that every single address to every single domain exists on your server. Shane hello rick, yes i have two points why i dont use bounce-no-mailbox. one is dictionary based spamming, meaning that if one tries out hard enough, he will, by scanning with lots of recipients, find out what valid user accounts exist on my server. the other one is the problem called backscatter, sending spam by bouncing back. although there seems to be a patch in the wild for the latter. however, if the patch you mention would deny the communication, instead of reject the email, i would certainly use it. regards, stephan Quoting Rick Macdougall ri...@ummm-beer.com: d...@stean.ch wrote: hello there, i am using vpopmail 5.4.17 with cdb backend and i would like to know if there are some real logging capabilities for it. i have a rather big tool chain installed on the server around qmail and i need to have an overview of what happens with all the e-mails. this includes the path they took through that chain until they land inside the users maildir, or the reason and location they got rejected (spam,...). now, using for example vdelivermail with the option delete, qmail will log in either way that the delivery was successful, however, for the overall statistics i get a wrong result, because delete mail (wrong recipient) is not the same than a mail delivered to an existing account. as far as i know vdelivermail does not log anything? any plans for this ? You should really have the chkuser qmail patch installed and use bounce-no-mailbox instead of delete. Is there a reason why you are using delete rather than rejecting unknown users in the smtp conversation ? Regards, Rick !DSPAM:49f5ccbf32682103613815!
Re: [vchkpw] logging capabilities
d...@stean.ch wrote: hello rick, yes i have two points why i dont use bounce-no-mailbox. one is dictionary based spamming, meaning that if one tries out hard enough, he will, by scanning with lots of recipients, find out what valid user accounts exist on my server. the other one is the problem called backscatter, sending spam by bouncing back. although there seems to be a patch in the wild for the latter. however, if the patch you mention would deny the communication, instead of reject the email, i would certainly use it. The patch in question rejects at the smtp communication level. It does not cause backscatter. It's rejects the email with a 551 User unknown response. It does not stop the dictionary attack scenario but it can be set to reject any email address after a configurable bad recipient limit has been reached. I'd recommend at least taking a look at everything it can do. It can be found at http://www.interazioni.it/opensource/chkuser/ and is incorporated into many qmail/vpopmail toaster scripts. Regards, Rick !DSPAM:49f532687681187851!
Re: [vchkpw] vpopmail 5.5 experiences during configure and install
Don't set a domain quota and it won't enforce one. Just an FYI. Great thanks. That could be usefull :) Is it off (as in not enforced) by default or do i need to specify a setting. The issue will be resolved with a linker flag which I accidentally did not re-implement when re-writing parts of the build system. Alright, no biggie then I'll need an error, or some sort of other info other than 'did not work' :) Please let me know any issues you come across. 5.5 will become the development version soon. Upon further investigation it appears that allthough the vadddomain command didnt create an error, it didnt create an entry in any database either. I tested the authentication as it is in /etc/vpopmail/vpopmail.mysql manually and that worked. mysql -uuser -ppassword -Ddatabase; Woops! Must be some issue with the FHS compliance pathing. I'll look into it. For now, do i copy the files into /etc/ or leave them where they are? I have it running on several large production servers. If there's anything that should be stable, it should be that daemon. Several months of development and testing went into that code. Great, im really curious about this daemon, at the moment we provide this with a realtime du -sm * through a socketserver, it is horribly slow on full mailboxes :) Sincerely, - Wouter van der Schagt !DSPAM:49f5ef1832681164811771!
Re: [vchkpw] vpopmail 5.5 experiences during configure and install
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wouter van der Schagt wrote: Don't set a domain quota and it won't enforce one. Just an FYI. Great thanks. That could be usefull :) Is it off (as in not enforced) by default or do i need to specify a setting. It's like any other quota. Unless you set one, there isn't one (NOQUOTA). Upon further investigation it appears that allthough the vadddomain command didnt create an error, it didnt create an entry in any database either. I tested the authentication as it is in /etc/vpopmail/vpopmail.mysql manually and that worked. mysql -uuser -ppassword -Ddatabase; Eh. Did you install the MySQL backend module? For now, do i copy the files into /etc/ or leave them where they are? It looks like it's going to use that alternate path whether you like it or not. It's not something you can just edit a single file. Many files contain that incorrect path now. Great, im really curious about this daemon, at the moment we provide this with a realtime du -sm * through a socketserver, it is horribly slow on full mailboxes :) You will notice that many of 5.5's binaries use the daemon. vuserinfo, vdominfo, vdelivermail, vchkpw, etc. It will be *a lot* faster than a du. - -- /* Matt Brookings m...@inter7.com GnuPG Key D9414F70 Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkn18MUACgkQ6QgvSNlBT3BS5QCeLcE3jwTlGYwEjspKStB7iF+9 U/UAn3Abxxj5aIKf9yR+Gz78+8WG6X1H =FAey -END PGP SIGNATURE-
