Re: [vchkpw] OFF-TOPIC: A good POP3/SMTP Proxy Server
Hi Tom and others. reviewing my previous discussions on this list over this same issue, I saw a guy that advised me to, instead of actually splitting the accounts through the mail servers, I should create a cluster using NFS where /var/vpopmail directory would be stored on the central server and exported to the NFS clients. My question is, would this be fast even over a slow link of 128kbps? Wouldn't it consume a lot of bandwidth every time a local user sends a big message for another user at the same location? I think that NFS won't prevent me from consuming the bandtwidth, so I still prefer to split the domain (it could be with the solution you told me) or by creating a POP3/SMTP proxy. Regards, bnegrao - Original Message - From: Tom Collins [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Tuesday, October 25, 2005 12:19 PM Subject: Re: [vchkpw] OFF-TOPIC: A good POP3/SMTP Proxy Server On Oct 25, 2005, at 5:55 AM, Bruno Negrao wrote: Instead, I want a POP3 proxy server integrated with SMTP, that could prevent the messages internal to Allentown to cross the internet link. I'd like the proxy server to keep the local messages right there in Allentown. Does someone know a product like that? There have been past conversations on the list about doing that with vpopmail on both ends. Here's the general gist: Location A has their POP mailboxes, and aliases to forward mail for users at location B to [EMAIL PROTECTED] Location B has their POP mailboxes, and aliases to forward mail for users at location A to [EMAIL PROTECTED] Both servers have domain.com in their rcpthosts, virtualdomains and users/assign files. Location A has loca.domain.com as an alias domain, and Location B has locb.domain.com as an alias domain (to domain.com). Users configure their email client to pick up mail as [EMAIL PROTECTED], but use [EMAIL PROTECTED] as their email address in the From header. In your case, you'd keep New York as your MX 0, and it would forward mail to Allentown as needed. People at the Allentown office who sent mail to each other, would have their mail stay on their local (locb) server. Mail to New York and any other Internet location will be quickly queued on the locb server. You might even be able to configure traffic priority on your dialup link to throttle smtp traffic over the dialup link to give preference to http (and other) traffic. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
Re: [vchkpw] OFF-TOPIC: A good POP3/SMTP Proxy Server
Hi all, This is the idea of a new kind of POP3/smtp proxy server that would prevent domain splitting. The POP3/SMTP proxy should: - learn which accounts are local, create their Maildirs automatically, deliver the local messages locally, and send any mail for the accounts not local to the MX0 mail server for that domain. - fetch the messages periodically from the central server, without waiting the local users to request them. The local users would always retrieve the messages already downloaded by the proxy server. - optionally, the proxy server could forward all external messages (destined for other domains) to the central server, giving it the chance to apply message policies, such as eMPF. Or the proxy server could fetch the policies from the central server and apply them by itself. Do you think this could work? Regards, bruno. - Original Message - From: Tom Collins [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Tuesday, October 25, 2005 12:19 PM Subject: Re: [vchkpw] OFF-TOPIC: A good POP3/SMTP Proxy Server On Oct 25, 2005, at 5:55 AM, Bruno Negrao wrote: Instead, I want a POP3 proxy server integrated with SMTP, that could prevent the messages internal to Allentown to cross the internet link. I'd like the proxy server to keep the local messages right there in Allentown. Does someone know a product like that? There have been past conversations on the list about doing that with vpopmail on both ends. Here's the general gist: Location A has their POP mailboxes, and aliases to forward mail for users at location B to [EMAIL PROTECTED] Location B has their POP mailboxes, and aliases to forward mail for users at location A to [EMAIL PROTECTED] Both servers have domain.com in their rcpthosts, virtualdomains and users/assign files. Location A has loca.domain.com as an alias domain, and Location B has locb.domain.com as an alias domain (to domain.com). Users configure their email client to pick up mail as [EMAIL PROTECTED], but use [EMAIL PROTECTED] as their email address in the From header. In your case, you'd keep New York as your MX 0, and it would forward mail to Allentown as needed. People at the Allentown office who sent mail to each other, would have their mail stay on their local (locb) server. Mail to New York and any other Internet location will be quickly queued on the locb server. You might even be able to configure traffic priority on your dialup link to throttle smtp traffic over the dialup link to give preference to http (and other) traffic. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
[vchkpw] high CPU
Hi, im having some serius problems with out pop server, its netqmail + vpopmail, at ramdom hours of the day vdeliver eats a lot of cpu, making the delivers really slow, look at this: top - 11:15:05 up 35 days, 17:01, 2 users, load average: 121.82, 121.93, 122.33 Tasks: 642 total, 1 running, 641 sleeping, 0 stopped, 0 zombie Cpu(s): 4.1% us, 10.3% sy, 0.0% ni, 31.1% id, 54.2% wa, 0.2% hi, 0.2% si Mem: 2075016k total, 936984k used, 1138032k free, 208680k buffers Swap: 4192924k total,43596k used, 4149328k free,46920k cached PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 28070 vpopmail 18 0 3696 1072 800 D 5.0 0.1 0:02.82 vdelivermail 28236 vpopmail 18 0 4376 1068 796 D 5.0 0.1 0:02.82 vdelivermail 28240 vpopmail 18 0 5080 1072 800 D 5.0 0.1 0:02.79 vdelivermail 27570 vpopmail 18 0 3808 1072 800 D 4.6 0.1 0:03.45 vdelivermail 27466 vpopmail 18 0 4332 1068 796 D 3.6 0.1 0:02.29 vdelivermail 27866 vpopmail 18 0 4496 1072 800 D 3.6 0.1 0:01.99 vdelivermail 27607 vpopmail 18 0 4864 1072 800 D 3.3 0.1 0:02.26 vdelivermail 29481 vpopmail 18 0 3996 1064 796 D 2.6 0.1 0:00.25 vdelivermail 29417 vpopmail 18 0 4392 1064 796 D 2.3 0.1 0:00.24 vdelivermail 29249 vpopmail 18 0 3724 1068 796 D 1.3 0.1 0:00.47 vdelivermail 29385 vpopmail 18 0 3992 1068 796 D 0.7 0.1 0:00.09 vdelivermail 29433 vpopmail 17 0 3824 1068 796 D 0.7 0.1 0:00.09 vdelivermail 29461 vpopmail 17 0 4464 1004 732 D 0.7 0.0 0:00.04 vdelivermail 29500 vpopmail 17 0 3928 1072 800 D 0.7 0.1 0:00.05 vdelivermail [... ETC ... there are a lot of these lines ~ 100+ ] The only solution is to restart the server. my system: [EMAIL PROTECTED] mmiranda]# ~vpopmail/bin/vuserinfo -v version: 5.4.9 [EMAIL PROTECTED] mmiranda]# cat /etc/redhat-release CentOS release 4.0 (Final) [EMAIL PROTECTED] mmiranda]# uname -a Linux thor.americatelsal.com 2.6.9-11.ELsmp #1 SMP Wed Jun 8 17:54:20 CDT 2005 i686 i686 i386 GNU/Linux Any help will be greatly apreciated. Thanks
Re: [vchkpw] high CPU
Miguel wrote: Hi, im having some serius problems with out pop server, its netqmail + vpopmail, at ramdom hours of the day vdeliver eats a lot of cpu, making the delivers really slow, look at this: top - 11:15:05 up 35 days, 17:01, 2 users, load average: 121.82, 121.93, 122.33 Tasks: 642 total, 1 running, 641 sleeping, 0 stopped, 0 zombie Cpu(s): 4.1% us, 10.3% sy, 0.0% ni, 31.1% id, 54.2% wa, 0.2% hi, 0.2% si Mem: 2075016k total, 936984k used, 1138032k free, 208680k buffers Swap: 4192924k total,43596k used, 4149328k free,46920k cached PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 28070 vpopmail 18 0 3696 1072 800 D 5.0 0.1 0:02.82 vdelivermail 28236 vpopmail 18 0 4376 1068 796 D 5.0 0.1 0:02.82 vdelivermail 28240 vpopmail 18 0 5080 1072 800 D 5.0 0.1 0:02.79 vdelivermail 27570 vpopmail 18 0 3808 1072 800 D 4.6 0.1 0:03.45 vdelivermail 27466 vpopmail 18 0 4332 1068 796 D 3.6 0.1 0:02.29 vdelivermail 27866 vpopmail 18 0 4496 1072 800 D 3.6 0.1 0:01.99 vdelivermail 27607 vpopmail 18 0 4864 1072 800 D 3.3 0.1 0:02.26 vdelivermail 29481 vpopmail 18 0 3996 1064 796 D 2.6 0.1 0:00.25 vdelivermail 29417 vpopmail 18 0 4392 1064 796 D 2.3 0.1 0:00.24 vdelivermail 29249 vpopmail 18 0 3724 1068 796 D 1.3 0.1 0:00.47 vdelivermail 29385 vpopmail 18 0 3992 1068 796 D 0.7 0.1 0:00.09 vdelivermail 29433 vpopmail 17 0 3824 1068 796 D 0.7 0.1 0:00.09 vdelivermail 29461 vpopmail 17 0 4464 1004 732 D 0.7 0.0 0:00.04 vdelivermail 29500 vpopmail 17 0 3928 1072 800 D 0.7 0.1 0:00.05 vdelivermail [... ETC ... there are a lot of these lines ~ 100+ ] The only solution is to restart the server. my system: [EMAIL PROTECTED] mmiranda]# ~vpopmail/bin/vuserinfo -v version: 5.4.9 [EMAIL PROTECTED] mmiranda]# cat /etc/redhat-release CentOS release 4.0 (Final) [EMAIL PROTECTED] mmiranda]# uname -a Linux thor.americatelsal.com 2.6.9-11.ELsmp #1 SMP Wed Jun 8 17:54:20 CDT 2005 i686 i686 i386 GNU/Linux Any help will be greatly apreciated. Thanks Hi, What options was vpopmail compiled with ? I'll bet you had domain quota support. Rick
Re: [vchkpw] high CPU
Rick Macdougall wrote: What options was vpopmail compiled with ? I'll bet you had domain quota support. Excelente point, i forgot to tell you that im using mysql 4.1.7 My configure: $ ./configure --enable-logging=p --enable-auth-module=mysql --enable-mysql-limits --enable-domainquotas --enable-learn-passwords=y is the domain quota a default flag?
Re: [vchkpw] high CPU
On Wednesday 26 October 2005 10:49 am, Miguel wrote: Rick Macdougall wrote: What options was vpopmail compiled with ? I'll bet you had domain quota support. Excelente point, i forgot to tell you that im using mysql 4.1.7 My configure: $ ./configure --enable-logging=p --enable-auth-module=mysql --enable-mysql-limits --enable-domainquotas --enable-learn-passwords=y is the domain quota a default flag? no, but it's right there, you have it enabled. disable it and your problems will disappear. -Jeremy -- Jeremy Kitchen ++ [EMAIL PROTECTED] In the beginning was The Word and The Word was Content-type: text/plain -- The Word of Bob. pgp9atV0ukFLd.pgp Description: PGP signature
Re: [vchkpw] high CPU
Jeremy Kitchen wrote: On Wednesday 26 October 2005 10:49 am, Miguel wrote: My configure: $ ./configure --enable-logging=p --enable-auth-module=mysql --enable-mysql-limits --enable-domainquotas --enable-learn-passwords=y is the domain quota a default flag? no, but it's right there, you have it enabled. disable it and your problems will disappear. thanks Jeremy, i'll disable it --- miguel
[vchkpw] 5.4.14
Any word? Originally we were to have a stable version of the new code for vdelivermail, etc. a week ago. -- Cheers, Steve
Re: [vchkpw] 5.4.14
On Oct 26, 2005, at 1:02 PM, Steve Cole wrote: Any word? Originally we were to have a stable version of the new code for vdelivermail, etc. a week ago. I don't have any changes since releasing 5.4.13. It should be safe to use 5.4.13 on production servers -- I've been using it on my server since it was released and haven't experienced any problems. The new vdelivermail code was originally released on March 20th, and hasn't had any significant changes since July 4th. I've moved it from the vpopmail-beta releases on SourceForge to vpopmail-stable. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
[vchkpw] CHKUSER 2.0.8b - banning IPs into tcp.smtp
CHKUSER 2.0.8b on qmail 1.03 and vpopmail 5.4.10. I LOVE that CHKUSER can single out the unknown recipients and block the offending SMTP session - big traffic control helper! However, I've got one domain that's really being hit hard by dictionary attacks. Some attack traffic is a few hits from many IPs, other traffic is many hits from few IPs. What I'd like to do is get something that's like an IDS that reads log output for CHKUSER rejections - currently only outputting to /var/log/qmail/smtp/current and have that information parsed for the specific domain and have the offending sender IP stuffed into a database (probably with a timestamp). Then I would build some scripted logic to query the database to figure out if I've been hit N number of times from an IP in a certain window of time; thus the trigger to update tcp.smtp with the offender. I think I might go ahead and just compile the tcp.smtp at each pass, that way I can keep tcp.smtp as compact as possible. Those who've stopped being naughty are taken off the blocklist eventually. Almost an RBL mentality I guess. (and yes, I AM running with the Spamhaus RBL also). I gotta believe some smart person already built this, but I don't know if it's called something specific. Big challenge for me is how to keep an eye on a logfile for any particular time (particularly given DJB's arcane date values in the above log file) and not end up reprocessing data I've already seen. Help appreciated and thanks! Dave.
[vchkpw] How expensive is reloading the tcp.smtp.cdb?
Related to my earlier post, how expensive is it - resource-wise - to reload a tcp.smtp file of 100-1000 lines? If I have processing that is updating tcp.smtp every 5-10 minutes and I choose to reload the cdb from that tcp.smtp, is that a bad idea? The qmailctl cdb command runs very fast for me now, but I don't have any idea what impact it has on any smtpd instances having to restart or re-read. Anyone know?
Re: [vchkpw] 5.4.14
Tom Collins wrote: I don't have any changes since releasing 5.4.13. It should be safe to use 5.4.13 on production servers -- I've been using it on my server since it was released and haven't experienced any problems. The new vdelivermail code was originally released on March 20th, and hasn't had any significant changes since July 4th. I've moved it from the vpopmail-beta releases on SourceForge to vpopmail-stable. I knew that. I just thought I would prod the alpha dog a little. :D
RE: [vchkpw] How expensive is reloading the tcp.smtp.cdb?
Put 1000 or so lines of data in a file and see :) You could probably write a script that would add say 192.168.1.1 through 192.168.4.255 and then run tcprules against it and see how long it takes. Charlie -Original Message- From: ISP Lists [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 26, 2005 3:05 PM To: vchkpw@inter7.com Subject: [vchkpw] How expensive is reloading the tcp.smtp.cdb? Related to my earlier post, how expensive is it - resource-wise - to reload a tcp.smtp file of 100-1000 lines? If I have processing that is updating tcp.smtp every 5-10 minutes and I choose to reload the cdb from that tcp.smtp, is that a bad idea? The qmailctl cdb command runs very fast for me now, but I don't have any idea what impact it has on any smtpd instances having to restart or re-read. Anyone know?
Re: [vchkpw] How expensive is reloading the tcp.smtp.cdb?
ISP Lists wrote: Related to my earlier post, how expensive is it - resource-wise - to reload a tcp.smtp file of 100-1000 lines? If it becomes expensive, you can use the SQL patch and do it with SQL. There's no hit at all to adding or removing items in that case (may be some with SQL, but I haven't had any performance issues, and after all, checkuser + vpopmail would both be using SQL in the first place).
Re: [vchkpw] How expensive is reloading the tcp.smtp.cdb?
I think his question was more on if reloading has any effect on running processes from qmail, rather than the reloading itself. Our mailserver is pretty busy and we reload it regularly without any problems. However we have less lines in the tcp.smtp file. - Original Message - From: Steve Cole [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Thursday, October 27, 2005 12:27 AM Subject: Re: [vchkpw] How expensive is reloading the tcp.smtp.cdb? ISP Lists wrote: Related to my earlier post, how expensive is it - resource-wise - to reload a tcp.smtp file of 100-1000 lines? If it becomes expensive, you can use the SQL patch and do it with SQL. There's no hit at all to adding or removing items in that case (may be some with SQL, but I haven't had any performance issues, and after all, checkuser + vpopmail would both be using SQL in the first place).
Re: [vchkpw] How expensive is reloading the tcp.smtp.cdb?
Wouter van der Schagt wrote: I think his question was more on if reloading has any effect on running processes from qmail, rather than the reloading itself. Our mailserver is pretty busy and we reload it regularly without any problems. However we have less lines in the tcp.smtp file. well, 10,000 lines in a CDB is practically NOTHING on a modern processor... but as for whether it will affect tcpserver, it could potentially but I can only imagine that the cdb driver is smart enough to figure things out... it's possible I suppose that a process may not get the latest update during the process either way since everything else is using the SQL server (an assumption on my part, but some small servers use the cdb back-end) he may as well patch tcpserver and use that too.
[vchkpw] vpopmail upgrade == qmail recompile needed ?
If I upgrade vpopmail from an earlier version (say from the same mainline eg from 5.4.10 to 5.4.13), than I have to recompile qmail - it is using Bill Shupp's 0.8 patch - if it is using chkuser ? What other programs is requiring recocmpilation if there is version change. (courier imap ? courier authdaemon ?) Whati is the current status of domain quotas ? Still unusuable ? (or There is light at the end of the tunnel ?) Regards, Peter
Re: [vchkpw] vpopmail upgrade == qmail recompile needed ?
Szeki - Inc wrote: If I upgrade vpopmail from an earlier version (say from the same mainline eg from 5.4.10 to 5.4.13), than I have to recompile qmail - it is using Bill Shupp's 0.8 patch - if it is using chkuser ? What other programs is requiring recocmpilation if there is version change. (courier imap ? courier authdaemon ?) Whati is the current status of domain quotas ? Still unusuable ? (or There is light at the end of the tunnel ?) Regards, Peter Hi, courier, qmail-admin, netqmail, anything else that uses libvpopmail (that's about it I think) Domain Quotas are not going to happen anytime soon I think, the over head of calculating the quota for a domain of 20K users is just too much. If you really need domain quotas, use a separate user for each domain and use system quotas. Of course you will then have to run qmail-smtpd as root. That's what we do here for those domains that need it. Regards, Rick
Re: [vchkpw] How expensive is reloading the tcp.smtp.cdb?
ISP Lists wrote: Related to my earlier post, how expensive is it - resource-wise - to reload a tcp.smtp file of 100-1000 lines? If I have processing that is updating tcp.smtp every 5-10 minutes and I choose to reload the cdb from that tcp.smtp, is that a bad idea? The qmailctl cdb command runs very fast for me now, but I don't have any idea what impact it has on any smtpd instances having to restart or re-read. Anyone know? Hi, You could reload a 100K lines flat file into a cdb file (tcp.smtp to tcp.smtp.cdb) every 10 seconds and you wouldn't notice the hit unless you were running on a P100. I know because I did this exact test for an rbl I run. Regards, Rick