[vchkpw] When I updated user's quota, maildirsize file is not with correct quota
For example: A user's quota is 1M, and some mails are in its Inbox, and I was checked its directory, the maildirsize file is there. When I changed this user's quota to 3M, after a mail come in, the quota's total number is same as before. Who knows how to solve this problem?
Re: [vchkpw] When I updated user's quota, maildirsize file is not with correct quota
How did you change quota? Tonino At 27/03/03 27/03/03 +0800, [EMAIL PROTECTED] wrote: For example: A user's quota is 1M, and some mails are in its Inbox, and I was checked its directory, the maildirsize file is there. When I changed this user's quota to 3M, after a mail come in, the quota's total number is same as before. Who knows how to solve this problem? [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
Re: [vchkpw] pipes in .qmail-files vpopmail 5.3.19
I have copied the vdelivermail binary over from the working Solaris 2.7 machine onto my non-working Solaris 2.8 machine... it acts identical. Any Ideas? Please? -jim - Original Message - From: Jim [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 25, 2003 3:20 AM Subject: [vchkpw] pipes in .qmail-files vpopmail 5.3.19 [...]
Re: [vchkpw] vadddomain path problem
On Wednesday 26 March 2003 08:53 pm, Moshe Jacobson wrote: On 27 Mar 2003, Jonas Pasche wrote: That's not a bug, but the first occurence of the balanced tree feature of vpopmail that applies both to the number of domains and to the number of users in a given domain. I have a little beef with the balanced tree thing. I started out by adding about 120 domains to my mail server, and it of course put about 20 into the 0/ subdirectory. The problem is, I deleted about 20 of them (which mostly all came out of the base directory)... and now, when I create new ones, it doesn't put them in the base dir even though there is still room there for more, but it just continues creating them in the 0/ subdirectory. Is this intended? Yes. I called it cutting corners or opertunitist programming. By the time I had the add a new user/directory code working I didn't have time to update the delete a user/directory feature to support backing up in the balenced tree. This leads to domain rot if you will. The code also does not support filling in holes or rebalencing. A safe rebalence batch program might be more useful. It would be easier to write wouldn't break the current code. Feel free to crack open the code and add in the features you want. You can also use the --enable-users-big-dir=n configure option to put all the domains/users in the same dir. Ken Jones Why doesn't it create new domains in the highest possible directory? Thanks, Moshe
Re: [vchkpw] When I updated user's quota, maildirsize file is notwith correct quota
Hi baby_moon, A user's quota is 1M, and some mails are in its Inbox, and I was checked its directory, the maildirsize file is there. When I changed this user's quota to 3M, after a mail come in, the quota's total number is same as before. Who knows how to solve this problem? It's not a problem; you're simply mixing things up. The maildirsize file doesn't show the quota setting of a user, but the _actual size_ of the Maildir, so changing the quota doesn't affect the maildirsize file in any way. The quota setting of each user is saved in the vpasswd file. Jonas
Re: [vchkpw] pipes in .qmail-files vpopmail 5.3.19
On Thursday, March 27, 2003, at 09:41, you wrote: I have copied the vdelivermail binary over from the working Solaris 2.7 machine onto my non-working Solaris 2.8 machine... it acts identical. If you have no pipes in the command, does vdelivermail work as normal? Marcus -- Marcus Williams - http://www.onq2.com Quintic Ltd, 39 Newnham Road, Cambridge, UK
Re: [vchkpw] pipes in .qmail-files vpopmail 5.3.19
If you have no pipes in the command, does vdelivermail work as normal? yes, it does. No problems. Thanks for your reply, jim. PS sorry for sending the first email directly to you, marcus -- 5:30am and i copy-and-pasted the wrong address :-/
[vchkpw] Re: Small patch
Jonas,
On Saturday, March 15, 2003, at 02:04:04 [GMT +0100] (which was 02:04
where I live) you wrote:
JP Thanks, but that's useless until you tell us to which file it should be
JP applied ;-)
You're quite right. Sorry for the late response.
JP You should use the unified diff format (diff -u) in general; it
JP automatically includes the filenames in its output.
--- ../vpopmail-5.3.7/vchkpw.c Fri Jun 21 18:05:59 2002
+++ vchkpw.cTue Jan 28 11:26:35 2003
@@ -555,6 +555,14 @@
pw_uid = pw-pw_uid;
pw_gid = pw-pw_gid;
pw_dir = pw-pw_dir;
+
+ /* show success but with no password */
+ if ( ENABLE_LOGGING == 1 || ENABLE_LOGGING == 4) {
+ snprintf(LogLine, LOG_LINE_SIZE, %s: system password login success %s:%s,
+ VchkpwLogName, TheUser, IpAddr);
+ vlog(VLOG_AUTH, TheUser, TheDomain, ThePass, TheName, IpAddr, LogLine);
+ }
+
#ifdef POP_AUTH_OPEN_RELAY
if ( LocalPort != 25 LocalPort != 465 ) {
open_smtp_relay();
Note that on this system I'm not quite up-to-date to the latest
release yet, and I haven't checked if something like this made it into
the code in the meanwhile. Also the location in the file may be off
now.
--
With kind regards,
Maurice Snellen
[vchkpw] vpopmail 5.3.1[6,9] logging
I'm not exactly sure when it quit but I've noticed that authentications via vchkpw are no longer logged. Vpopmail is configured as follows and my pop3 daemon is qmail, run as shown below. I've also attempted logging via syslog (rather than multilog) and I still get no authentication logging. service/pop/run #!/bin/sh exec softlimit -m 200 tcpserver -R 0 pop3 qmail-popup mail.cadillac.net \ /usr/local/vpopmail/bin/vchkpw qmail-pop3d Maildir 21 vpopmail 5.3.19 Current settings --- vpopmail directory = /usr/local/vpopmail uid = 89 gid = 89 ip alias = OFF --enable-ip-alias-domains=n (default) address extentions = OFF --enable-qmail-ext=n (default) roaming users = ON --enable-roaming-users=y tcpserver file = /usr/local/vpopmail/etc/tcp.smtp open_smtp file = /usr/local/vpopmail/etc/open-smtp user quota = 1S,1C -enable-hardquota=1S,1C domain quotas = OFF --enable-domainquotas=n (default) auth module = mysql --enable-mysql=y mysql replication = ON --enable-mysql-replication=y table optimization = many domains --enable-many-domains=y (default) system passwords = OFF --enable-passwd=n (default) file locking = ON --enable-file-locking=y (default) file sync = OFF --enable-file-sync=n disable vdelivermail fsync (default) make seekable = ON --enable-make-seekable=y (default) auth logging = ON --enable-auth-logging=y (default) mysql logging = OFF --enable-mysql-logging=n (default) clear passwd = ON --enable-clear-passwd=y (default) users big dir = ON --enable-users-big-dir=y (default) valias processing = OFF --enable-valias=n mysql limits = OFF --enable-mysql-limits=n (default) pop syslog = show failure attempts with clear text password --enable-logging=p default domain = --enable-default-domain= auth inc = -I/usr/local/include/mysql auth lib = -L/usr/local/lib/mysql -lmysqlclient -lz
Re: [vchkpw] pipes in .qmail-files vpopmail 5.3.19
On Thursday, March 27, 2003, at 10:29, you wrote: If you have no pipes in the command, does vdelivermail work as normal? yes, it does. No problems. Okay bearing in mind I'm no Solaris expert so someone else may want to jump in here - what output do you get if you do something like: HOST=broadviewnet.net; EXT=tester; export EXT HOST; echo To: [EMAIL PROTECTED] | truss /home/vpopmail/bin/vdelivermail '' bounce_no_mailbox (all one line - I've broken it up) I've put truss where I'd normally put strace on Linux although I'm not sure what the equivalent of strace is on Solaris (I think its truss). Hopefully the cmd line above will generate the same segfault and the output may give an idea of where. You may also want to add a pipe to /usr/bin/spamc in between the echo and vdelivermail. If the output is large feel free to mail it me off list. Marcus -- Marcus Williams - http://www.onq2.com Quintic Ltd, 39 Newnham Road, Cambridge, UK
Re: [vchkpw] When I updated user's quota, maildirsize file is not with correct quota
Hi baby_moon, A user's quota is 1M, and some mails are in its Inbox, and I was checked its directory, the maildirsize file is there. When I changed this user's quota to 3M, after a mail come in, the quota's total number is same as before. Who knows how to solve this problem? It's not a problem; you're simply mixing things up. The maildirsize file doesn't show the quota setting of a user, but the _actual size_ of the Maildir, so changing the quota doesn't affect the maildirsize file in any way. The quota setting of each user is saved in the vpasswd file. Jonas One more note on this. vpopmail uses user quotas as specified in the vpopmail password entry, not the maildirsize file. courier and other maildir++ quota compliant code uses the quota as specified in the maildirsize file. So if you change the quota via qmailadmin or vpopmail utilities, it will update the quota in the password entry. This is what vpopmail uses to enforce the quota, not the one in maildirsize. If you just remove the maildirsize file, it will automatically be recreated (with the proper quota in it). So it may be worth a patch to update the utility that updates the quota to also remove the maildirsize file for that user. Brian
[vchkpw] Inter7 mail server doesn't have reverse DNS!
Apparently a server named ns1.inter7.com is doing the delivery for the vchkpw mailing list. This wouldn't be a problem except that it doesn't have reverse DNS. I started blocking connections to my mail server from servers who don't have DNS and my vpopmail and qmailadmin list traffic stopped. After a day of no messages, I determined that by then I really *should* have had some messages arrive. I removed my DNS checks and voila, mailing list messages started flowing in. Someone at Inter7 ought to have a look at that. Ken? Vol? Matt [EMAIL PROTECTED]:/var/log/mail/smtp # dig ns1.inter7.com. ;; ANSWER SECTION: ns1.inter7.com. 2d23h56m3s IN A 209.218.8.2 [EMAIL PROTECTED]:/var/log/mail/smtp # dig -x 209.218.8.2 ; DiG 8.3 -x ;; res options: init recurs defnam dnsrch ;; got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 2 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUERY SECTION: ;; 2.8.218.209.in-addr.arpa, type = ANY, class = IN Delivered-To: mailing list [EMAIL PROTECTED] Received: (qmail 60493 invoked by uid 85); 27 Mar 2003 14:15:27 - Received: from [EMAIL PROTECTED] by cadillac.mi.us by uid 89 with qmail-scanner-1.15 (spamassassin: 2.44. Clear:SA:0(-0.5/10.0):. Processed in 1.900033 secs); 27 Mar 2003 14:15:27 - Received: from unknown (HELO ns1.inter7.com) (209.218.8.2) by matt-serv2.cdlc.mi.voyager.net with SMTP; 27 Mar 2003 14:15:25 -
Re: [vchkpw] vlimits patch [1/??]
On Thursday 27 March 2003 14:35, you wrote: Could someone provide details of what vlimits patch does. I have seen some interesting threads about it thanks Matt. basically it lets you limit the usage of a vpopmail controlled domain. this means: limit the max no of pop accounts/forwards/aliases/mailinglists set max domain quota and max message limit (per domain) set default quota/message limit for every new user limit the permissions you have with qmail-admin so far for theory. at the moment the max number of pop accounts isn't enforced in vpopmail (actually vpopmail really doesn't care).. and most other features also only work with qmailadmin. i'm going to provide patches for the other tools, so that you won't be able to create a vpopmail pop account when max_popaccounts=10 and there already are 10 popmail accounts.. this will be more difficult for the forwards/mailingslists, as they just aliases. (and there is a limit for aliases as well). same for autoresponders. to limit autoresponders/mailinglists one would have to define a autoresponder at compile time (one thing that i think we should do) -- Mit internetten Grüßen / Best Regards --- Justin Heesemannionium Technologies [EMAIL PROTECTED]www.ionium.org
Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!
On Thu, 2003-03-27 at 10:21, Matt Simerson wrote: Apparently a server named ns1.inter7.com is doing the delivery for the vchkpw mailing list. This wouldn't be a problem except that it doesn't have reverse DNS. I started blocking connections to my mail server from servers who don't have DNS and my vpopmail and qmailadmin list traffic stopped. You'll be losing a lot more legit mail than just this list if you do that. - Ron
Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!
You'll be losing a lot more legit mail than just this list if you do that. Agreed. There is no rule that demands reverse DNS. It's a nicety and that's it. Regards, Andrew
RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!
Title: RE: [vchkpw] Inter7 mail server doesn't have reverse DNS! We currently run our hosted systems requiring reverse DNS and haven't really had any complaints about mail not being received. While there's no rule requiring reverse DNS, systems without it are much more likely to be spam originators in my experience with our system. The few systems I've come across that legitimately send mail but had broken reverse DNS were more than happy, and able, to fix it quickly and understood immediately the point of rejecting connections on such a condition. Nicholas Harring System Administrator Webley Systems, Inc 877-609-4795 -Original Message- From: Andrew Kohlsmith [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 27, 2003 9:47 AM To: [EMAIL PROTECTED] Subject: Re: [vchkpw] Inter7 mail server doesn't have reverse DNS! You'll be losing a lot more legit mail than just this list if you do that. Agreed. There is no rule that demands reverse DNS. It's a nicety and that's it. Regards, Andrew
RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!
It is becoming more and more prevalent that ISPs are denying recipt of e-mails that do not have a reverse DNS on their e-mail domains. Mainly because of so many spammers using forged headers. --- Nick Harring [EMAIL PROTECTED] wrote: We currently run our hosted systems requiring reverse DNS and haven't really had any complaints about mail not being received. While there's no rule requiring reverse DNS, systems without it are much more likely to be spam originators in my experience with our system. The few systems I've come across that legitimately send mail but had broken reverse DNS were more than happy, and able, to fix it quickly and understood immediately the point of rejecting connections on such a condition. Nicholas Harring System Administrator Webley Systems, Inc 877-609-4795 -Original Message- From: Andrew Kohlsmith [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 9:47 AM To: [EMAIL PROTECTED] Subject: Re: [vchkpw] Inter7 mail server doesn't have reverse DNS! You'll be losing a lot more legit mail than just this list if you do that. Agreed. There is no rule that demands reverse DNS. It's a nicety and that's it. Regards, Andrew
Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!
On Thursday, March 27, 2003, at 10:35 AM, Ron Guerin wrote: On Thu, 2003-03-27 at 10:21, Matt Simerson wrote: Apparently a server named ns1.inter7.com is doing the delivery for the vchkpw mailing list. This wouldn't be a problem except that it doesn't have reverse DNS. I started blocking connections to my mail server from servers who don't have DNS and my vpopmail and qmailadmin list traffic stopped. You'll be losing a lot more legit mail than just this list if you do that. - Ron I have managed several dozen mail systems supporting over 100,000 users. I am not naive to that simple fact. However, this is my personal mail server and I've decided that if you can't set up DNS for your mail server properly, I don't want to receive mail from you. It's that simple. In this case, I'm sure it's an oversight on the part of the Inter7 guys. As soon as they get it straightened out, I'll be once again blocking connections from servers without reverse DNS. I'm writing a logging program that parses out log smtp logs and lets me know how many connections I've blocked, which rule blocked the connection (spamhaus, spamcop, rbl, reverse dns, etc), and the IP I blocked. Matt
RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!
On Thu, 2003-03-27 at 10:55, Nick Harring wrote: We currently run our hosted systems requiring reverse DNS and haven't really had any complaints about mail not being received. While there's no rule requiring reverse DNS, systems without it are much more likely to be spam originators in my experience with our system. The few systems I've come across that legitimately send mail but had broken reverse DNS were more than happy, and able, to fix it quickly and understood immediately the point of rejecting connections on such a condition. If you've chosen to deliberately break your mail server like this, that is of course your choice to make. I just hope you've informed your customers. - Ron
Re: [vchkpw] Failure in Delivery of Mail to local(virtual Domain) Maildir
Hi Ken, That was a bad of me. I put the wrong password in the vmysql.h file. But now I've corrected it and recompiled and I have granted permissions to the user on the mysql vpopmail database. But mysql is now doing the run away game and it's no more authenticating anything from vpopmail command to pop logins. Pls remind me how I can solve this one. Olugbenga - Original Message - From: Ken Jones [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, March 26, 2003 11:03 PM Subject: Re: [vchkpw] Failure in Delivery of Mail to local(virtual Domain) Maildir Check your vpopmail vmysql.h file for the UPDATE server entries. Make sure those are valid. KenJones On Wednesday 26 March 2003 04:01 pm, [EMAIL PROTECTED] wrote: Pls I need urgent help!!! I Have set up a few servers with Qmail+vpopmail+mysql. But can't find the solution to this problem. 1.Vpopmail commands work fine with the mysql database and 2. POP authentications through vchkpw are properly authenticated on the mysql database. 3. Outbound (remote) mails are promptly delivered. 4. But all inbound mails get hung up in the queue .I confirmed this using qmail-qstat qmail-qread. 5. When I send a doqueue and monitor read the /var/log/qmail/qmail-send/current log I observer this error message. @40003e80bfe7144da3b4 delivery 7: deferral: could_not_connect_to_mysql_update_server_Can't_connect_to_local_MySQL_serve r_through_socket_'/var/lib/mysql/mysql.sock'_(111)_with_database/could_not_ c onnect_to_mysql_update_server_Can't_connect_to_local_MySQL_server_through_s o cket_'/var/lib/mysql/mysql.sock'_(111)/ 6. While all outbound(remote) mails are being delivered properly. Inbound(local) mails never get delivered but keep generating this error. It is funny because the SQL database responds rightly to all the standard tests. and I have even gone as far as running the repair program on the vpopmail MYI database. /Maildir/ keyword is correctly entered in qmail/rc. Any help will be greatly appreciated. Olugbenga Oyebande
RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!
On Thu, 2003-03-27 at 11:05, Nick Harring wrote: Rather than questioning why we would refuse to accept from non-reversible hosts, why don't we ask why anyone would set a host up without reverse DNS? Rather than question why you've deliberately broken your mail server, I should explain to you why some people running legit servers don't comply with your arbitrary requirements? A better question is why I'm wasting my time trying to explain things to someone who top-posts and sends HTML to mailing lists. - Ron
[vchkpw] qmailadmin Invalid Login
I make a new install of qmailadmin but now I can't login with any account. Where are the config files for password of vpopmail and/or qmail and/or qmailadmin. It's not me who makes the first install. I found on the disk running openbsd : /var/qmail /var/vpopmail /var/www/cgi-bin/qmailadmin /usr/local/share/qmailadmin Thanx for your help Yves
RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!
Just because I feel like a smart-ass today.. I suppose the rule about top posting is 'posted' right next to the reverse DNS one? Look at that.. now it's all out of order.. :P On Thu, 2003-03-27 at 10:12, Ron Guerin wrote: On Thu, 2003-03-27 at 11:05, Nick Harring wrote: Rather than questioning why we would refuse to accept from non-reversible hosts, why don't we ask why anyone would set a host up without reverse DNS? Rather than question why you've deliberately broken your mail server, I should explain to you why some people running legit servers don't comply with your arbitrary requirements? A better question is why I'm wasting my time trying to explain things to someone who top-posts and sends HTML to mailing lists. - Ron
Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!
Oh my, Nick top-posted. Quickly, someone call out the firing squad. Where you choose to reply to in a message body is a matter of personal preference. It is NOT a breach of email etiquette to prefer a way other than your personal preference. In a list thread, many tend to prefer a top-post as it's assumed that they've already read the thread and thus no longer have a need for what follows, except possibly as a reference (hence the choice to include rather than snip it). The rules of email etiquette exist for the benefit of email users, not for anal retentive users to LART others with. On to the matter of DNS blocks; we aren't going to agree on this matter. You consider my mail server broken. I consider it optimized. I, and many others, will continue to block connections from mail servers without reverse DNS. Live with it. Per Arie's question on exactly what I block based upon, it's quite simple. Your reverse DNS must be set. Period. It doesn't have to match. Asking it to match would be, IMHO, a bad idea. The how is quite simple: Contents of ~vpopmail/etc/tcp.smtp 1.127.:allow,RELAYCLIENT= 2.209.218.8.2:allow 3.=:allow,QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue.pl 4.:allow,RBLSMTPD=Blocked - Reverse DNS queries for your IP fail. You cannot send me mail. 5.#:allow,RBLSMTPD=-Blocked - Reverse DNS queries for your IP fail. You cannot send me mail. 1. Obvious, allowing localhost to relay. 2. Allows traffic from the inter7 mailing list (with no reverse DNS) 3. Matches any mail message with reverse dns. 4. Matches what's left (no reverse DNS). By setting the RBLSMTPD environment variable, we actually get to pass a message back to the mail server we're blocking telling them why. That gives them a chance to fix it before the messages bounces. They'll get a message like this in their mail logs: Mar 27 08:40:43 seattle qmail: 1048783243.397888 info msg 6469: bytes 258 from [EMAIL PROTECTED] qp 13226 uid 0 Mar 27 08:40:43 seattle qmail: 1048783243.438981 starting delivery 533: msg 6469 to remote [EMAIL PROTECTED] Mar 27 08:40:43 seattle qmail: 1048783243.979048 delivery 533: deferral: 207.89.154.94_does_not_like_recipient./Remote_host_said:_451_Blocked_- _Reverse_DNS_queries_for_your_IP_failed._You_cannot_send_me_mail./ Giving_up_on_207.89.154.94./ Mar 27 08:40:43 seattle qmail: 1048783243.979779 status: local 0/10 remote 0/2 5. If you want to be a little more aggressive about it, use the 5th line instead of the fourth. Notice the '-' character in there. That tells rblsmtpd to return a permanent error (ie, don't try again!). Mar 27 08:42:40 seattle qmail: 1048783360.776812 info msg 6475: bytes 250 from [EMAIL PROTECTED] qp 13464 uid 0 Mar 27 08:42:40 seattle qmail: 1048783360.805534 starting delivery 534: msg 6475 to remote [EMAIL PROTECTED] Mar 27 08:42:41 seattle qmail: 1048783361.259737 delivery 534: failure: 207.89.154.94_does_not_like_recipient./Remote_host_said:_553_Blocked_- _Reverse_DNS_queries_for_your_IP_fail._You_cannot_send_me_mail./ Giving_up_on_207.89.154.94./ Mar 27 08:42:41 seattle qmail: 1048783361.269637 bounce msg 6475 qp 13467 Mar 27 08:42:41 seattle qmail: 1048783361.270564 end msg 6475 Notice that in the second case, the message bounces immediately. It's your mail server, you have to decide what policy you think is best. Bouncing messages seems to get more attention, and gets it faster than deferring connections. That's all there is to it. Of course, that assumes you are running rblsmtpd as part of your smtp invocation. Matt On Thursday, March 27, 2003, at 11:12 AM, Ron Guerin wrote: On Thu, 2003-03-27 at 11:05, Nick Harring wrote: Rather than questioning why we would refuse to accept from non-reversible hosts, why don't we ask why anyone would set a host up without reverse DNS? Rather than question why you've deliberately broken your mail server, I should explain to you why some people running legit servers don't comply with your arbitrary requirements? A better question is why I'm wasting my time trying to explain things to someone who top-posts and sends HTML to mailing lists. - Ron
Re: [vchkpw] About to release new devel version 5.3.20
On Tuesday, March 25, 2003, at 04:25 PM, Robin Bowes wrote: I'm about to release a new 5.3.20 devel version. Does anyone have any patches they would like to submit? No, but would it be difficult to move mysql options from vmysql.h to configure options, e.g. ./configure \ --with-mysql-update-server=servername \ --with-mysql-update-user=username \ --with-mysql-update-password=password \ --with-mysql-read-server=servername \ --with-mysql-read-user=username \ --with-mysql-read-password=password The --with-mysql-read-* options could be optional, i.e. use the update server values if the read server is not present. I'd really like to see this. Cheers, R. I would like to see that as well. :) Matt
RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!
At 08:01 AM 03-27-2003, Ron Guerin wrote: On Thu, 2003-03-27 at 10:55, Nick Harring wrote: We currently run our hosted systems requiring reverse DNS and haven't really had any complaints about mail not being received. While there's no rule requiring reverse DNS, systems without it are much more likely to be spam originators in my experience with our system. The few systems I've come across that legitimately send mail but had broken reverse DNS were more than happy, and able, to fix it quickly and understood immediately the point of rejecting connections on such a condition. If you've chosen to deliberately break your mail server like this, that is of course your choice to make. I just hope you've informed your customers. Please provide a reference to a requirement that a mailserver must accept mail from sources that do not have reverse DNS in place. For that matter, please provide a reference to a requirement that a mailserver must accept mail, regardless of reason. It's one thing to say if you've chosen to deliberately run your mail server like this, it's entirely different to claim that a mailserver is broken by running it like this. Paul Theodoropoulos http://www.anastrophe.com http://folding.stanford.edu The Nicest Misanthrope on the Net
Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!
I don't want to be rude or anything... but what does this thread have to do with vpopmail? Please take your holy wars elsewhere. The original poster should've emailed the people at Inter7 rather than this list. Rick
RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!
At 08:12 AM 03-27-2003, Ron Guerin wrote: On Thu, 2003-03-27 at 11:05, Nick Harring wrote: Rather than questioning why we would refuse to accept from non-reversible hosts, why don't we ask why anyone would set a host up without reverse DNS? Rather than question why you've deliberately broken your mail server, I should explain to you why some people running legit servers don't comply with your arbitrary requirements? A better question is why I'm wasting my time trying to explain things to someone who top-posts and sends HTML to mailing lists. rather than trumping up your argument with etiquette fascism, how about pointing out a relevant RFC that backs up your [baseless] opinion that a mailserver must accept messages from a site without reverse DNS? ever heard of RFC 2505? apparently not. Paul Theodoropoulos http://www.anastrophe.com http://folding.stanford.edu The Nicest Misanthrope on the Net
RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!
On Thu, 2003-03-27 at 12:22, Paul Theodoropoulos wrote: rather than trumping up your argument with etiquette fascism, how about pointing out a relevant RFC that backs up your [baseless] opinion that a mailserver must accept messages from a site without reverse DNS? Please, spare me your righteous anger. You may continue to operate a broken mail server. I never said you couldn't. I frankly don't care who you don't get mail from. My mistake for letting the other fellow know what a bad idea it is. - Ron
RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!
At 09:32 AM 03-27-2003, Ron Guerin wrote: On Thu, 2003-03-27 at 12:22, Paul Theodoropoulos wrote: rather than trumping up your argument with etiquette fascism, how about pointing out a relevant RFC that backs up your [baseless] opinion that a mailserver must accept messages from a site without reverse DNS? Please, spare me your righteous anger. You may continue to operate a broken mail server. I never said you couldn't. I frankly don't care who you don't get mail from. My mistake for letting the other fellow know what a bad idea it is. translation: i don't know the RFC's, I have no basis for claiming that other's mailserver are broken, and I'll continue to evade directly confronting my error and apologizing for my mistaken claim by pretending to take 'the high road' you didn't say what a bad idea it is. you said his mailserver was broken. prove it. put up or shut up. Paul Theodoropoulos http://www.anastrophe.com http://folding.stanford.edu The Nicest Misanthrope on the Net
RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!
On Thu, 2003-03-27 at 12:40, Paul Theodoropoulos wrote: translation: i don't know the RFC's, I have no basis for claiming that other's mailserver are broken, and I'll continue to evade directly confronting my error and apologizing for my mistaken claim by pretending to take 'the high road' I'm not mistaken, I'm just not interested in your diversion. The RFCs also don't say it's wrong to reject every third connection. you didn't say what a bad idea it is. you said his mailserver was broken. prove it. put up or shut up. Oh please. Get a clue you ass. - Ron
RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!
At 09:43 AM 03-27-2003, Ron Guerin wrote: On Thu, 2003-03-27 at 12:40, Paul Theodoropoulos wrote: translation: i don't know the RFC's, I have no basis for claiming that other's mailserver are broken, and I'll continue to evade directly confronting my error and apologizing for my mistaken claim by pretending to take 'the high road' I'm not mistaken, I'm just not interested in your diversion. The RFCs also don't say it's wrong to reject every third connection. you didn't say what a bad idea it is. you said his mailserver was broken. prove it. put up or shut up. Oh please. Get a clue you ass. lacking a cogent argument, he resorts to ad hominem. a classic rhetorical diversion. in short: the original claim was baseless. No mailserver is broken for refusing messages from sites that have no in-addr.arpa in place. Paul Theodoropoulos http://www.anastrophe.com http://folding.stanford.edu The Nicest Misanthrope on the Net
Re: [vchkpw] 2 servers
The Mail server that does the scanning needs to have the MX and you will need to edit the smtproutes file to forward mail for all domains to the second server... -John - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March 27, 2003 8:13 AM Subject: [vchkpw] 2 servers Hello, How can I do to have 2 qmail servers on 2 differents machines ? - The first on firewall.domain.com for scan virus with qmail-scanner - The second mail.domain.com on network for delivery virtuals domains with vpopmail Thanx for your help Yves Roumagnac
Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!
diversion. in short: the original claim was baseless. No mailserver is broken for refusing messages from sites that have no in-addr.arpa in place. Please. No mailserver is broken for refusing messages from sites run by [ethnic group]. No mailserver is broken for refusing messages from sites with an even IP address. No mailserver is broken for refusing messages delievered by air-mail. There is no guideline saying that servers MUST refuse mail from sites with no in-addr.arpa. Therefore your stance is on shaky ground -- you are going above and beyond the relevant RFCs that the protocol relies on to achieve a goal. Embrace and extend, anyone? You don't mind rejecting mail based on lack of in-addr.arpa. I do. Who cares? When your customers come to you and say that they aren't getting mail and you ask the other ISP to fix their problem and they won't, who's at fault? You are in this case, because you are going above and beyond what the RFC dictates as minimum requirements. There is nothing stating you can't have a nameserver without a valid reverse lookup, and if you are expecting the world to follow you, you have delusions of grandeur. Whether that is acceptable to you or not is your (and your customer's) worry, not mine. I am under no obligation to correct my mistake simply because you don't like it and have configured your servers not to like it. Regards, Andrew
Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!
- Original Message - From: Matt Simerson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March 27, 2003 7:21 AM Subject: [vchkpw] Inter7 mail server doesn't have reverse DNS! I started blocking connections to my mail server from servers who don't have DNS and my vpopmail and qmailadmin list traffic stopped. Matt, How much actual SPAM did your now-misconfigured mailserver actually block with this tactic during that time? Before anyone flames me, consider that this is a serious question and I am very interested in the answer. Thanks. Rick Up
Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!
Hi, I know on my mail server that approx 32% of the spam that I personally receive have no reverse DNS entries. I just checked on the last 200 of them and that's where the 32% comes from. Oh, let me qualify that statement by saying that I don't list ISP mail servers or what appear to be real ISP mail servers. So that 32% might drop down to around 10 or 20% if I added those IP's back into the list. I have no idea what percentage of valid email doesn't have a reverse DNS entry since I don't add non-spam to my rbl list. Regards, Rick - Original Message - From: Rick Updegrove [EMAIL PROTECTED] To: Matt Simerson [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, March 27, 2003 1:18 PM Subject: Re: [vchkpw] Inter7 mail server doesn't have reverse DNS! - Original Message - From: Matt Simerson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March 27, 2003 7:21 AM Subject: [vchkpw] Inter7 mail server doesn't have reverse DNS! I started blocking connections to my mail server from servers who don't have DNS and my vpopmail and qmailadmin list traffic stopped. Matt, How much actual SPAM did your now-misconfigured mailserver actually block with this tactic during that time? Before anyone flames me, consider that this is a serious question and I am very interested in the answer.
RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!
On Thu, 27 Mar 2003, Nick Harring wrote: Rather than questioning why we would refuse to accept from non-reversible hosts, why don't we ask why anyone would set a host up without reverse DNS? Because they're not running DJBDNS. :) ducks C Nicholas Harring System Administrator Webley Systems, Inc 877-609-4795 -Original Message- From: Ron Guerin [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 10:02 AM To: vpopmail Subject: RE: [vchkpw] Inter7 mail server doesn't have reverse DNS! On Thu, 2003-03-27 at 10:55, Nick Harring wrote: We currently run our hosted systems requiring reverse DNS and haven't really had any complaints about mail not being received. While there's no rule requiring reverse DNS, systems without it are much more likely to be spam originators in my experience with our system. The few systems I've come across that legitimately send mail but had broken reverse DNS were more than happy, and able, to fix it quickly and understood immediately the point of rejecting connections on such a condition. If you've chosen to deliberately break your mail server like this, that is of course your choice to make. I just hope you've informed your customers. - Ron
Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!
On Thursday, March 27, 2003, at 10:22 AM, Paul Theodoropoulos wrote: rather than trumping up your argument with etiquette fascism, how about pointing out a relevant RFC that backs up your [baseless] opinion that a mailserver must accept messages from a site without reverse DNS? ever heard of RFC 2505? apparently not. I hadn't read RFC2505 http://zvon.org/tmRFC/RFC2505/Output/index.html until now, but I took the time to do so. It has some good advice, but I didn't see any mention of refusing mail from hosts without reverse DNS. It does talk about refusing mail based on the FQDN that reverse DNS resolves to (section 2.5), but I think it's a stretch to extend that to IP addresses that don't have reverse DNS. I agree with others that the first post should have gone to Inter7 (perhaps [EMAIL PROTECTED]) and not this list. If someone wants to add spam filters to their personal mail server that deny mail from hosts without reverse DNS, that's fine with me. If they think it's a good idea and tell others about it, I think it's a good idea for others to provide constructive feedback on why they disagree. If it's true that spammers don't have reverse DNS on their IP addresses, I wouldn't mind seeing the MTA adding a header like X-Possible-Spam: Host 209.218.8.2 does not have reverse DNS. and even X-Possible-Spam: Host 209.218.8.2 resolves to spam.com which does not resolve to 209.218.8.2. Then an email client could filter on that header or SpamAssassin could add a few points to the message's spam score. -- Tom Collins [EMAIL PROTECTED]
Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!
Question... Would 208.32.76.233 pass the test? It has a revers ptr, but some mail servers block it claiming it does not have one. ~jb
Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!
On Thursday, March 27, 2003, at 01:18 PM, Rick Updegrove wrote: - Original Message - From: Matt Simerson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March 27, 2003 7:21 AM Subject: [vchkpw] Inter7 mail server doesn't have reverse DNS! I started blocking connections to my mail server from servers who don't have DNS and my vpopmail and qmailadmin list traffic stopped. Matt, How much actual SPAM did your now-misconfigured mailserver actually block with this tactic during that time? Before anyone flames me, consider that this is a serious question and I am very interested in the answer. Thanks. Rick Up Todays Total Blocks: 875 spamhaus=637 spamcop = 127 reverse = 66 dsbl = 44 ordb = 1 Due to reverse DNS failure: 66 Unique mail server IP block: 23 Matt
[vchkpw] Reverse DNS Filtering WAS: Inter7 mail server doesn't have reverse DNS!
[snip] ::If it's true that spammers don't have reverse DNS on their IP ::addresses, I wouldn't mind seeing the MTA adding a header like ::X-Possible-Spam: Host 209.218.8.2 does not have reverse DNS. and even ::X-Possible-Spam: Host 209.218.8.2 resolves to spam.com which does not ::resolve to 209.218.8.2. Then an email client could filter on that ::header or SpamAssassin could add a few points to the message's spam ::score. [/snip] Tom, Blackhole spam/virus filter does both of these checks as well as header tagging. It can also be installed into qmail at the queue level or run via .qmail-default or .qmail files (in vpopmail 5.2.1). http://iland.net/~ckennedy/blackhole.shtml It also integrates with Spamassassin with the latest version. (Although I haven't gotten it to work with the libspamc.so under FreeBSD yet.) Tom Walsh Network Administrator http://www.ala.net/
Re: [vchkpw] pipes in .qmail-files vpopmail 5.3.19
Hi, I have just went to a third party machine (my friends) in which i had no part of compiling or installing qmail/vpopmail. he is running on Solaris 2.8 without any of the patches i have, and the symptom is identical. I also appoligize in advance for this rather large message going to the list, but I think the community will benefit in the long run. Okay bearing in mind I'm no Solaris expert so someone else may want to jump in here - what output do you get if you do something like: keep in mind /home/vpopmail is a sym link to /home/unix11/vpopmail here. unix11 HOST=broadviewnet.net; EXT=tester; export EXT HOST; unix11 echo To: [EMAIL PROTECTED] | truss /home/vpopmail/bin/vdelivermail '' bounce_no_mailbox execve(/home/unix11/vpopmail/bin/vdelivermail, 0xE99C, 0xE9AC) argc = 3 mmap(0x, 4096, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANON, -1, 0) = 0xEF7B resolvepath(/usr/lib/ld.so.1, /usr/lib/ld.so.1, 1023) = 16 open(/var/ld/ld.config, O_RDONLY) Err#2 ENOENT stat(/usr/local/lib/libsocket.so.1, 0xE0C4) Err#2 ENOENT stat(/usr/lib/libsocket.so.1, 0xE0C4) = 0 open(/usr/lib/libsocket.so.1, O_RDONLY) = 3 fstat(3, 0xE0C4)= 0 mmap(0x, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xEF7A mmap(0x, 114688, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xEF78 mmap(0xEF79A000, 4365, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 40960) = 0xEF79A000 munmap(0xEF78A000, 65536) = 0 memcntl(0xEF78, 14496, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0 close(3)= 0 stat(/usr/local/lib/libnsl.so.1, 0xE0C4) Err#2 ENOENT stat(/usr/lib/libnsl.so.1, 0xE0C4)= 0 open(/usr/lib/libnsl.so.1, O_RDONLY) = 3 fstat(3, 0xE0C4)= 0 mmap(0xEF7A, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xEF7A mmap(0x, 712704, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xEF6C mmap(0xEF75E000, 32828, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 581632) = 0xEF75E000 mmap(0xEF767000, 26920, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANON, -1, 0) = 0xEF767000 munmap(0xEF74D000, 69632) = 0 memcntl(0xEF6C, 82528, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0 close(3)= 0 stat(/usr/local/lib/libcrypt_i.so.1, 0xE0C4) Err#2 ENOENT stat(/usr/lib/libcrypt_i.so.1, 0xE0C4)= 0 open(/usr/lib/libcrypt_i.so.1, O_RDONLY) = 3 fstat(3, 0xE0C4)= 0 mmap(0xEF7A, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xEF7A mmap(0x, 77824, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xEF6A mmap(0xEF6B2000, 1612, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 8192) = 0xEF6B2000 munmap(0xEF6A2000, 65536) = 0 mmap(0x, 4096, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANON, -1, 0) = 0xEF69 memcntl(0xEF6A, 3628, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0 close(3)= 0 stat(/usr/local/lib/libc.so.1, 0xE0C4)Err#2 ENOENT stat(/usr/lib/libc.so.1, 0xE0C4) = 0 open(/usr/lib/libc.so.1, O_RDONLY)= 3 fstat(3, 0xE0C4)= 0 mmap(0xEF7A, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xEF7A mmap(0x, 802816, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xEF5C mmap(0xEF67C000, 24748, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 704512) = 0xEF67C000 mmap(0xEF683000, 2628, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANON, -1, 0) = 0xEF683000 munmap(0xEF66C000, 65536) = 0 memcntl(0xEF5C, 113448, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0 close(3)= 0 stat(/usr/local/lib/libdl.so.1, 0xE0C4) Err#2 ENOENT stat(/usr/lib/libdl.so.1, 0xE0C4) = 0 open(/usr/lib/libdl.so.1, O_RDONLY) = 3 fstat(3, 0xE0C4)= 0 mmap(0xEF7A, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xEF7A close(3)= 0 stat(/usr/local/lib/libmp.so.2, 0xE0C4) Err#2 ENOENT stat(/usr/lib/libmp.so.2, 0xE0C4) = 0 open(/usr/lib/libmp.so.2, O_RDONLY) = 3 fstat(3, 0xE0C4)= 0 mmap(0x, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xEF5B mmap(0x, 86016, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xEF59 mmap(0xEF5A4000, 865, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 16384) = 0xEF5A4000 munmap(0xEF593000, 69632) = 0 memcntl(0xEF59, 3124, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0 close(3)= 0 stat(/usr/local/lib/libgen.so.1, 0xE0C4) Err#2 ENOENT stat(/usr/lib/libgen.so.1, 0xE0C4)= 0
Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!
At 10:04 AM 03-27-2003, you wrote: diversion. in short: the original claim was baseless. No mailserver is broken for refusing messages from sites that have no in-addr.arpa in place. Please. No mailserver is broken for refusing messages from sites run by [ethnic group]. No mailserver is broken for refusing messages from sites with an even IP address. No mailserver is broken for refusing messages delievered by air-mail. those are all true. the term in contention is broken. obviously, if a mailserver is refusing messages from sites with even IP addresses (whatever those are, how is an IP address even or odd?) *and the reason for that refusal is not known*, then it's broken. If it's been purposely configured that way, it's not broken, regardless of how bizarre it may seem. There is no guideline saying that servers MUST refuse mail from sites with no in-addr.arpa. Therefore your stance is on shaky ground -- you are going above and beyond the relevant RFCs that the protocol relies on to achieve a goal. Embrace and extend, anyone? You don't mind rejecting mail based on lack of in-addr.arpa. I do. don't confuse me with the person who configured his mailserver that way. None of my mailservers - across three ISP currently - block mail based on lack of in-addr.arpa. I'm merely defending the choice of someone to do so, and pointing out that making that choice does not inherently make the mailserver broken. Who cares? When your customers come to you and say that they aren't getting mail and you ask the other ISP to fix their problem and they won't, who's at fault? You are in this case, because you are going above and beyond what the RFC dictates as minimum requirements. actually, the fault becomes excruciatingly fuzzy at that point. does an administrator have a right to run his mailserver in a way that protects it from large amounts of spam? for that matter, what about spam filtering not based upon in-addr.arpa lookup that blocks messages inadvertently? no spam filter is 100% perfect, though some bayesian filters appear to be approaching that. what do you do when a customer runs a mailing list where they share with friends particularly funny examples of spam? the messages contain spam, but aren't spam themselves - yet virtually every spam filter out there would block them. there are no black white answers in this area. There is nothing stating you can't have a nameserver without a valid reverse lookup, and if you are expecting the world to follow you, you have delusions of grandeur. who's talking about in-addr.arpa for nameservers? Whether that is acceptable to you or not is your (and your customer's) worry, not mine. I am under no obligation to correct my mistake simply because you don't like it and have configured your servers not to like it. and likewise, i hope you realize. Regards, Andrew Paul Theodoropoulos http://www.anastrophe.com http://folding.stanford.edu The Nicest Misanthrope on the Net
Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!
Would 208.32.76.233 pass the test? It has a revers ptr, but some mail servers block it claiming it does not have one. I dunno, I don't block mail from servers with no reverse DNS, or whose reverse DNS does not map to the same name as its forward DNS. :-) Regards, Andrew
Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!
On Thursday, March 27, 2003, at 01:35 PM, Tom Collins wrote: On Thursday, March 27, 2003, at 10:22 AM, Paul Theodoropoulos wrote: rather than trumping up your argument with etiquette fascism, how about pointing out a relevant RFC that backs up your [baseless] opinion that a mailserver must accept messages from a site without reverse DNS? ever heard of RFC 2505? apparently not. I hadn't read RFC2505 http://zvon.org/tmRFC/RFC2505/Output/index.html until now, but I took the time to do so. It has some good advice, but I didn't see any mention of refusing mail from hosts without reverse DNS. It does talk about refusing mail based on the FQDN that reverse DNS resolves to (section 2.5), but I think it's a stretch to extend that to IP addresses that don't have reverse DNS. I don't think that's stretching at all. Having an IP not resolve at all *is* a form of resolution. It resolves to an empty value. If you look at how I'm doing the block, I am doing almost exactly what the RFC describes and refusing based on the FQDN of the mail server. If the FQDN is empty, I refuse the connection. I agree with others that the first post should have gone to Inter7 (perhaps [EMAIL PROTECTED]) and not this list. I made the original post, and I agree, partially. If my intent was solely to get Inter7 to fix the reverse DNS, then I would agree completely. I've already fixed the problem on my end by adding a special rule for their mail servers IP. However, I also wanted to hear what a few other postmasters had to say about it. Posting privately would not have afforded that luxury. I have enjoyed hearing what a few others think about blocking based on DNS. I haven't done it in quite a few years. If someone wants to add spam filters to their personal mail server that deny mail from hosts without reverse DNS, that's fine with me. If they think it's a good idea and tell others about it, I think it's a good idea for others to provide constructive feedback on why they disagree. I couldn't agree more. However, calling a mail server broken because it's not set up the way you'd prefer isn't constructive. :) If it's true that spammers don't have reverse DNS on their IP addresses, I wouldn't mind seeing the MTA adding a header like X-Possible-Spam: Host 209.218.8.2 does not have reverse DNS. and even X-Possible-Spam: Host 209.218.8.2 resolves to spam.com which does not resolve to 209.218.8.2. Then an email client could filter on that header or SpamAssassin could add a few points to the message's spam score. That's easy enough to do in qmail-scanner, and on my production servers, that's just another check in SpamAssassin to determine a messages spam score. What I'm attempting to do is block the spam *before* it has to be processed by the more heavy weight utilities like AV and SA. Matt
Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!
those are all true. the term in contention is broken. obviously, if a mailserver is refusing messages from sites with even IP addresses (whatever those are, how is an IP address even or odd?) *and the reason for that refusal is not known*, then it's broken. If it's been purposely configured that way, it's not broken, regardless of how bizarre it may seem. Agreed. Totally agreed. don't confuse me with the person who configured his mailserver that way. None of my mailservers - across three ISP currently - block mail based on lack of in-addr.arpa. I'm merely defending the choice of someone to do so, and pointing out that making that choice does not inherently make the mailserver broken. Noted, and I apologize. I think that we're actually arguing the same point. actually, the fault becomes excruciatingly fuzzy at that point. does an administrator have a right to run his mailserver in a way that protects it from large amounts of spam? for that matter, what about spam filtering not I have not seen any proof that spammers tend to spam from addresses which don't resolve. I mean the ISP I run has a reverse address for every IP in our IP ranges -- in theory anyone spamming from us would get through the filter, at least until we ToS'd them. For me, rejecting email before the data is accepted by my mail server is a holy grail. However I content-filter so I can't reject the mail based on content until I actually see the content. And with my servers, I deliver mail deemed spam into a 'spam' IMAP folder and the user is free to view it or ignore it at their discretion. All that the OP is doing is moving that up a level and actually telling the other server that a) it's not accepted and b) saving himself the bandwidth. Both, in my opinion, are noble causes. However, I also believe that if you are not adhereing to RFCs for inter-server communication that you are not being a good 'net citizen. My users don't get their spam, but I'm also following the RFC (much closer) to the letter than the OP, who rejects email if the server does not have a reverse IP mapping. Where is the line? That is a very good question. I agree that it's your server and you really can run it any way you please, but if you're going above and beyond the requirements of an RFC, you're no longer following that RFC and is (in my mind) the internet equivalent to driving in a residential area with a failed muffer or a stereo cranked to the max. You can _do_ it, but it's not _nice_. As the OP stated, it's for his personal mail server. He has no customers. I would not be able to get away with it with my ISP. If I _could_ get away with it, would I? I don't think so, as per the previous paragraph. based upon in-addr.arpa lookup that blocks messages inadvertently? no spam filter is 100% perfect, though some bayesian filters appear to be approaching that. what do you do when a customer runs a mailing list where they share with friends particularly funny examples of spam? the messages contain spam, but aren't spam themselves - yet virtually every spam filter out there would block them. Agreed, although that is what whitelists and learning filters are all about. Offhand, I woudl love to see a learning filter which filtered funny spam from not funny spam. :-) Whether that is acceptable to you or not is your (and your customer's) worry, not mine. I am under no obligation to correct my mistake simply because you don't like it and have configured your servers not to like it. and likewise, i hope you realize. Agreed. As I said earlier, it's your (as in the owner's) box, they can do with it as they please. But if he were to come to me and say YOUR DNS is broken, fix it! I would not be so kind, as he's brought it upon himself to extend the SMTP RFCs and for (in my experience) limited utility. Regards, Andrew ... trying to get back on topic... So... how's them vpopmails coming along? :-)
Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!
others think about blocking based on DNS. I haven't done it in quite a few years. Haven't done what, started a flamewar? :-) (honestly, that is meant to be funny, not an attack) Regards, Andrew
RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!
Title: RE: [vchkpw] Inter7 mail server doesn't have reverse DNS! As the only other person on this apparently doing this, I thought I'd just weigh in briefly (again) with regards to why we do it. For those folks who're worried about the sanctity of my users email, don't be. My users understand what is occuring, and have requested, over and over, stricter spam filtering. I would heavily disagree that my servers are broken, and I would also say I'm not extending any RFC. I don't claim that what I'm doing is RFC mandated, or even supported by one. Honestly, if the RFC doesn't speak one way or the other, its fair game. That's the way quite a few things on the Internet have worked in the past, continue to work now, and most likely will in the future. Honestly, quite a few qmail admins are bending RFCs if they run qmtp daemons and embed the information to indicate this in the numeric values of their MX records. There is no RFC on this, no other mail client, to my knowledge, knows about it, etc. I, quite obviously, side with all the people who say it may or may not be a good idea, but it certainly isn't broken. Spam is a huge problem for my users, for a number of reasons, and this was the next best step my predecessor and myself could find. It seems to have cut down the volume of spam, though I don't really maintain much tracking data on it. So far I've had good luck in my interactions with administrators of other mail systems, however I certainly wouldn't consider it their duty to advertise a non-required piece of information in their dns. Nicholas Harring System Administrator Webley Systems, Inc 877-609-4795 -Original Message- From: Andrew Kohlsmith [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 27, 2003 1:03 PM To: [EMAIL PROTECTED] Subject: Re: [vchkpw] Inter7 mail server doesn't have reverse DNS! those are all true. the term in contention is broken. obviously, if a mailserver is refusing messages from sites with even IP addresses (whatever those are, how is an IP address even or odd?) *and the reason for that refusal is not known*, then it's broken. If it's been purposely configured that way, it's not broken, regardless of how bizarre it may seem. Agreed. Totally agreed. don't confuse me with the person who configured his mailserver that way. None of my mailservers - across three ISP currently - block mail based on lack of in-addr.arpa. I'm merely defending the choice of someone to do so, and pointing out that making that choice does not inherently make the mailserver broken. Noted, and I apologize. I think that we're actually arguing the same point. actually, the fault becomes excruciatingly fuzzy at that point. does an administrator have a right to run his mailserver in a way that protects it from large amounts of spam? for that matter, what about spam filtering not I have not seen any proof that spammers tend to spam from addresses which don't resolve. I mean the ISP I run has a reverse address for every IP in our IP ranges -- in theory anyone spamming from us would get through the filter, at least until we ToS'd them. For me, rejecting email before the data is accepted by my mail server is a holy grail. However I content-filter so I can't reject the mail based on content until I actually see the content. And with my servers, I deliver mail deemed spam into a 'spam' IMAP folder and the user is free to view it or ignore it at their discretion. All that the OP is doing is moving that up a level and actually telling the other server that a) it's not accepted and b) saving himself the bandwidth. Both, in my opinion, are noble causes. However, I also believe that if you are not adhereing to RFCs for inter-server communication that you are not being a good 'net citizen. My users don't get their spam, but I'm also following the RFC (much closer) to the letter than the OP, who rejects email if the server does not have a reverse IP mapping. Where is the line? That is a very good question. I agree that it's your server and you really can run it any way you please, but if you're going above and beyond the requirements of an RFC, you're no longer following that RFC and is (in my mind) the internet equivalent to driving in a residential area with a failed muffer or a stereo cranked to the max. You can _do_ it, but it's not _nice_. As the OP stated, it's for his personal mail server. He has no customers. I would not be able to get away with it with my ISP. If I _could_ get away with it, would I? I don't think so, as per the previous paragraph. based upon in-addr.arpa lookup that blocks messages inadvertently? no spam filter is 100% perfect, though some bayesian filters appear to be approaching that. what do you do when a customer runs a mailing list where they share with friends particularly funny examples of spam? the messages contain spam, but aren't spam themselves - yet virtually every spam filter out there would block them.
[vchkpw] Question
Hi there, I have 3 server with vpopmail And in my script to start qmail I have: csh -cf '/var/qmail/rc ' env - PATH=/var/qmail/bin:/usr/local/bin \ tcpserver -H -R -x /home/vpopmail/etc/tcp.smtp.cdb \ -c20 -u201 -g90 0 smtp /var/qmail/bin/qmail-smtpd 21 /dev/null env - PATH=/var/qmail/bin:/usr/local/bin \ tcpserver 0 pop-3 /var/qmail/bin/qmail-popup siper.interplanet.com.mx \ /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir /usr/lib/courier-imap/libexec/imapd.rc start And I have romming users, the problem is that the automatic smtp is not working even though the open-smtp is working and adding IP from my users, can you help me fix it. Thanks in advanced
Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!
lol ya all :-) btw matt simerson, if you code hacks to make your smtpd do more loging like you said before that you have made it do logging of what kinds of blocks it does, please feel free to publish them if you like, if not allready, Greetings /Raboo P.S. this is probibly one of the top ten biggest posts in the vchkpw mailinglist
Re[2]: [vchkpw] Inter7 mail server doesn't have reverse DNS!
Hi guys.. Would you please to stop this 'holy war' It wasting my bandwith. thanks.. -- best regards made [EMAIL PROTECTED]
Re: [vchkpw] When I updated user's quota, maildirsize file is not with correct quota
Hi baby_moon, A user's quota is 1M, and some mails are in its Inbox, and I was checked its directory, the maildirsize file is there. When I changed this user's quota to 3M, after a mail come in, the quota's total number is same as before. Who knows how to solve this problem? It's not a problem; you're simply mixing things up. The maildirsize file doesn't show the quota setting of a user, but the _actual size_ of the Maildir, so changing the quota doesn't affect the maildirsize file in any way. The quota setting of each user is saved in the vpasswd file. Jonas One more note on this. vpopmail uses user quotas as specified in the vpopmail password entry, not the maildirsize file. courier and other maildir++ quota compliant code uses the quota as specified in the maildirsize file. So if you change the quota via qmailadmin or vpopmail utilities, it will update the quota in the password entry. This is what vpopmail uses to enforce the quota, not the one in maildirsize. If you just remove the maildirsize file, it will automatically be recreated (with the proper quota in it). So it may be worth a patch to update the utility that updates the quota to also remove the maildirsize file for that user. Brian Exactly, I found that use vsetuserquota to set user quota will remove maildirsize file. But I use vqadmin for modify user quota, and it doesn't remove maildirsize file. I modified vqadmin, add same code of vsetuserquota to vqadmin. Now the problem is solved already. Thank u for ur comments.
