RE: [vchkpw] qmail + vpopmail + mysql + Redhat 8
From the error message, you can determine that vpopmail is not being run on that particular mailbox. failure: Sorry,_no_mailbox_here_by_that_name._(#5.1.1)/ Note the lack of vpopmail in that line... A typical vpopmail bounce (meaning that it got to the vdeliver application but when the look up went to the DB it didn't find it) will read: Sorry,_no_mailbox_here_by_that_name._vpopmail_(#5.1.1) Check your vpopmail install on the RH 8.0 machine. Tom Walsh Network Administrator http://www.ala.net/ -Original Message- From: Lapidus, Keith [mailto:[EMAIL PROTECTED]] Sent: Monday, December 30, 2002 9:45 AM To: [EMAIL PROTECTED] Subject: FW: [vchkpw] qmail + vpopmail + mysql + Redhat 8 Actually, vpopmail on the 8.0 box and is NFS exported to the 7.3 box. As for the user accounts, the mysql server is running on the 7.3 as a primary and is replicated on the 8.0 server. In fact, I currently have vpopmail setup to read from the 8.0 box mysql server and write to the 7.3 box mysql server. That works just fine. -Original Message- From: Matt Darcy [mailto:[EMAIL PROTECTED]] Sent: Monday, December 30, 2002 4:53 PM To: Lapidus, Keith; [EMAIL PROTECTED] Subject: RE: [vchkpw] qmail + vpopmail + mysql + Redhat 8 -Original Message- From: Lapidus, Keith [mailto:[EMAIL PROTECTED]] Sent: 30 December 2002 06:50 To: [EMAIL PROTECTED] Subject: [vchkpw] qmail + vpopmail + mysql + Redhat 8 I have two servers; one with Redhat 8 installed and one with redhat 7.3 installed. They both have mysql and qmail installed and configured identically. The redhat 7.3 server can send and receive email just fine using vpopmail 5.2.1. When I configure the Redhat 8 server to be the primary mailserver with vpopmail, always gives me the following error: failure: Sorry,_no_mailbox_here_by_that_name._(#5.1.1)/ I've tried the newer version of vpopmail but have not gotten it to work. Has anyone else gotten qmail and vpopmail to work with Redhat 8? [Matt Darcy] Looks like your user accounts are on the 7.3 server and database. export the vpopmail database and import it on the 8.0 box and copy the domains from $VPOPMAILHOME/domains on the 7.3 machine to the 8.0 $VPOPMAILHOME/domains Just a thought
RE: [vchkpw] qmail + vpopmail + mysql + Redhat 8
Keith, I have seen this problem one time in the past when I was setting up a Free BSD machine. I don't recall the specific details as to why it was doing this, just that is was. I think the problem is related to the configuration of qmail and specifically the assign file. Make sure that your assign file references the correct domain name and storage path... The storage path for the domian is highly important as it is where qmail looks for the .qmail-default that vdelivermail ends up running from... Hope that helps. Tom Walsh Network Administrator http://www.ala.net/ ::-Original Message- ::From: Lapidus, Keith [mailto:[EMAIL PROTECTED]] ::Sent: Monday, December 30, 2002 10:22 AM ::To: Tom Walsh; [EMAIL PROTECTED] ::Subject: RE: [vchkpw] qmail + vpopmail + mysql + Redhat 8 :: :: ::I understand where you are coming from, and I have installed and ::reinstalled vpopmail many times on the 8.0 machine, and have tried local ::commands to make sure vpopmail works and it does. For some reason, ::qmail is not using vpopmail. Do you think this is actually a qmail ::problem? :: ::-Original Message- ::From: Tom Walsh [mailto:[EMAIL PROTECTED]] ::Sent: Monday, December 30, 2002 9:59 AM ::To: Lapidus, Keith; [EMAIL PROTECTED] ::Subject: RE: [vchkpw] qmail + vpopmail + mysql + Redhat 8 :: :: ::From the error message, you can determine that vpopmail is not being run ::on that particular mailbox. :: ::failure: Sorry,_no_mailbox_here_by_that_name._(#5.1.1)/ :: ::Note the lack of vpopmail in that line... A typical vpopmail bounce ::(meaning that it got to the vdeliver application but when the look up ::went to the DB it didn't find it) will read: :: ::Sorry,_no_mailbox_here_by_that_name._vpopmail_(#5.1.1) :: ::Check your vpopmail install on the RH 8.0 machine. :: ::Tom Walsh ::Network Administrator ::http://www.ala.net/ :: :: ::-Original Message- ::From: Lapidus, Keith [mailto:[EMAIL PROTECTED]] ::Sent: Monday, December 30, 2002 9:45 AM ::To: [EMAIL PROTECTED] ::Subject: FW: [vchkpw] qmail + vpopmail + mysql + Redhat 8 :: :: :: :: ::Actually, vpopmail on the 8.0 box and is NFS exported to the 7.3 box. ::As for the user accounts, the mysql server is running on the 7.3 as a ::primary and is replicated on the 8.0 server. In fact, I currently have ::vpopmail setup to read from the 8.0 box mysql server and write to the ::7.3 box mysql server. That works just fine. -Original Message- ::From: Matt Darcy [mailto:[EMAIL PROTECTED]] ::Sent: Monday, December 30, 2002 4:53 PM ::To: Lapidus, Keith; [EMAIL PROTECTED] ::Subject: RE: [vchkpw] qmail + vpopmail + mysql + Redhat 8 :: :: :: ::-Original Message- ::From: Lapidus, Keith [mailto:[EMAIL PROTECTED]] ::Sent: 30 December 2002 06:50 ::To: [EMAIL PROTECTED] ::Subject: [vchkpw] qmail + vpopmail + mysql + Redhat 8 :: :: ::I have two servers; one with Redhat 8 installed and one with redhat 7.3 ::installed. They both have mysql and qmail installed and configured ::identically. The redhat 7.3 server can send and receive email just fine ::using vpopmail 5.2.1. When I configure the Redhat 8 server to be the ::primary mailserver with vpopmail, always gives me the following error: :: failure: Sorry,_no_mailbox_here_by_that_name._(#5.1.1)/ :: I've tried the newer version of vpopmail but have not gotten it to ::work. Has anyone else gotten qmail and vpopmail to work with Redhat 8? :: ::[Matt Darcy] Looks like your user accounts are on the 7.3 server and ::database. :: ::export the vpopmail database and import it on the 8.0 box and copy the ::domains from $VPOPMAILHOME/domains on the 7.3 machine to the 8.0 ::$VPOPMAILHOME/domains :: ::Just a thought :: ::
RE: [vchkpw] Newbie ?: Errno 13
double check the dirs below that... ./tmp ./new ./cur Make sure they have the correct permissions and ownership. Tom Walsh Network Administrator http://www.ala.net/ ::-Original Message- ::From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] ::Sent: Monday, December 30, 2002 10:57 AM ::To: vpopmail list ::Subject: [vchkpw] Newbie ?: Errno 13 :: :: ::Greetings, :: ::Sorry if this is an obvious one, but I can't find anything in the FAQ or ::docs that covers this error. Also, I'll admit right up front that I'm a ::(very) newly recovering sendmail user. :: ::The install is qmail + vpopmail + mysql (all latest versions) on a fully ::patched/updated RedHat 7.3 box. :: ::After successfully creating a virtuser and attempting to send mail to that ::virtuser, I get a bounce message back: :: ::[EMAIL PROTECTED]: ::/var/qmail/alias,buffalo,foo.bar.com ::can not open new email file errno=13 ::file=/home/vpopmail/domains/foo.bar.com/buffalo/Maildir/tmp/10 ::41266208.165 ::5.guest.yml.com,S=647 :: ::The dir in question has (I believe) the appropriate ownerships: :: ::drwx--5 vpopmail vchkpw 4096 Dec 28 15:08 Maildir :: ::Any clues for the clueless would be greatly appreciated. :: ::TIA, :: ::--Duncan :: ::
RE: [vchkpw] qmail + vpopmail + mysql + Redhat 8
Keith, In an effort to troubleshoot this particular problem... Would it be possible for you to alter the assign file to also include an entry for kelnet.net_ but point to the same information as the other entry in the assign file? Then see if it works... (this would test the rest of the vpopmail installation as it sits.) I am pretty sure it will because of the stray _ in there. I have to wonder where that is coming from. Seems like it might be a bug with the gcc compiler or the glibc itself... as I have heard there are some issues with that gcc compiler... I am not really sure... As I understand the process qmail-smtpd receives the mail and then hands it over to vckpw which mangles the user information into the EXT compatiable format [EMAIL PROTECTED] (which vdelievermail uses when the variables come from qmail-local/qmail-command). It might be possible that vckpw is suspect in RH8.0 when compiled with that version of gcc... I read that you tried the compiled binaries on RH8.0 but I think you are talking about qmail not vpopmail (which is where the issue probably resides). Good luck on getting it sorted... I could dig through the code, but I am having my own issues that I am trying to dig through the code to find right now... (post forth coming shortly). Let me know what you find out. I am always curious when something odd like this pops up. Tom Walsh Network Administrator http://www.ala.net/ ::-Original Message- ::From: Lapidus, Keith [mailto:[EMAIL PROTECTED]] ::Sent: Monday, December 30, 2002 12:21 PM ::To: Tom Walsh; [EMAIL PROTECTED] ::Subject: RE: [vchkpw] qmail + vpopmail + mysql + Redhat 8 :: :: ::Tom, :: ::Thanks for the info although I believe that everything is configured ::correctly. I did notice something interesting though. When I send mail ::to the 8.0 server and watch the log file for the starting delivery ::messages I see this: :: ::@40003e108cb13a39e81c new msg 196739 ::@40003e108cb13a39ff8c info msg 196739: bytes 57171 from ::[EMAIL PROTECTED] qp 13176 uid 502 ::@40003e108cb13ac7439c starting delivery 1: msg 196739 to local ::[EMAIL PROTECTED] ::@40003e108cb13ac75b0c status: local 1/10 remote 0/20 ::@40003e108cb13b17b944 delivery 1: failure: ::Sorry,_no_mailbox_here_by_that_name._(#5.1.1)/ ::@40003e108cb13b17d884 status: local 0/10 remote 0/20 :: ::Notice where it says starting delivery 1: msg 196739 to local ::[EMAIL PROTECTED] there is a _ attached to kelnet.net_. This ::would explain why qmail is not talking to vpopmail. I am not sure why ::this is happening because when I do the same thing on the 7.3 box, the ::extra _ is not there and the correct virtual domain is found as shown ::below: :: ::@40003e1089a12edf07f4 new msg 58686 ::@40003e1089a12edf234c info msg 58686: bytes 57192 from ::[EMAIL PROTECTED] qp 3843 uid 502 ::@40003e1089a1342ae96c starting delivery 21: msg 58686 to local ::[EMAIL PROTECTED] ::@40003e1089a1342b04c4 status: local 1/10 remote 0/20 ::@40003e1089a137502ddc delivery 21: success: did_0+0+1/ ::@40003e1089a137504d1c status: local 0/10 remote 0/20 ::@40003e1089a1375054ec end msg 58686 :: ::For grins, I recompiled qmail on the 7.3 box and installed the compiled ::binaries on the 8.0 box but still have this problem. My thoughts were ::that the 7.3 box is using gcc 2.96 and the 8.0 box is using gcc 3.2. :: ::Any thoughts or should I possibly defer to the qmail board or maybe ::downgrade to 7.3 from 8.0 redhat? :: ::-Original Message- ::From: Tom Walsh [mailto:[EMAIL PROTECTED]] ::Sent: Monday, December 30, 2002 11:09 AM ::To: Lapidus, Keith; [EMAIL PROTECTED] ::Subject: RE: [vchkpw] qmail + vpopmail + mysql + Redhat 8 :: :: ::Keith, :: ::I have seen this problem one time in the past when I was setting up a ::Free BSD machine. :: ::I don't recall the specific details as to why it was doing this, just ::that is was. :: ::I think the problem is related to the configuration of qmail and ::specifically the assign file. Make sure that your assign file references ::the correct domain name and storage path... :: ::The storage path for the domian is highly important as it is where qmail ::looks for the .qmail-default that vdelivermail ends up running from... :: ::Hope that helps. :: ::Tom Walsh ::Network Administrator ::http://www.ala.net/ :: :: -Original Message- From: Lapidus, Keith [mailto:[EMAIL PROTECTED]] Sent: Monday, December 30, 2002 10:22 AM To: Tom Walsh; [EMAIL PROTECTED] Subject: RE: [vchkpw] qmail + vpopmail + mysql + Redhat 8 I understand where you are coming from, and I have installed and reinstalled vpopmail many times on the 8.0 machine, and have tried ::local ::commands to make sure vpopmail works and it does. For some ::reason, ::qmail is not using vpopmail. Do you think this is actually a ::qmail ::problem? -Original Message- From: Tom Walsh [mailto:[EMAIL PROTECTED]] Sent: Monday, December 30, 2002
RE: [vchkpw] Hi all, problems with SPAM and Virus
Hare, Another one to check out is BlackHole (http://the.groovy.org/blackhole.shtml). I have done several fixes to make this work with vpopmail 5.2.1 (shame on you inter7 guys for treating a exit status 99 as a deferal... Bad programmer... no Jolt for you). BlackHole works great... and has many features including moving spam and viruii to an IMAP folder rather than the normal inbox to prevent POP3 download (a big plus in an ISP enviroment). Blacklist, whitelists, advanced dns filtering... and so on. All that and opensource too... it even can use an opensource virus scanner (clamscan, which is just a cool name for a virus program anyways... ;) Check it out, if you run into any trouble getting it to work with vpopmail, drop a line to the Blackhole mailing list... I am on both (vchkpw and blackhole)... Tom Walsh Network Administrator http://www.ala.net/ -Original Message- From: hare ram [mailto:[EMAIL PROTECTED]] Sent: Monday, January 06, 2003 4:53 AM To: [EMAIL PROTECTED] Subject: [vchkpw] Hi all, problems with SPAM and Virus Hi all its been long time iam using qmail+vpopmail+mysql+qmailadmin+sqwebmail i have serious problem now is, iam getting lot of SPAM mail to mail box of user ever iam not subscribed, and getting lot of email virus automatically Does any one point me to sort out this problem with out troubling my existing setup means, this server running live, i need to fix this problem on live any help will appriciate in advance thanks hare
[vchkpw] Server Swap Questions
We are investigating the procedure of moving our current mail server to newer (and perhaps more stable) hardware. (The current server expereinces random reboots, which are frustrating to say the least.) Our current configuration is a fBSD 4.2 machine running qmail+vpopmail using tcp.smtp.cdb file rather than db based tcp.smtp.cdb. The vpopmail DBs are located on another server that will not be upgraded, but be reused by the new server. We plan on setting up a new complete server, taking some down time to backup the existing vpopmail mail store (via tar?) restoring that on the new server, and then bringing up the new server. I am looking for someboy that has done this before to provide me with any gotchas that we might encounter. Here are some of the key points I for see: 1) backing up the current vpopmail store and restoring that on the new server and making sure the permissions are correctly assigned on the new server. 2) contents of tcp.smtp file (whitelists for RBLSMTPd, etc...) 3) anything else I am missing? I am going to write up the entire process to make sure we don't miss anything, but I was alos looking for some input on some of things that I might be missing, or not seeing. Any help is appreciated, Tom Walsh http://www.ala.net/
[vchkpw] Reverse DNS Filtering WAS: Inter7 mail server doesn't have reverse DNS!
[snip] ::If it's true that spammers don't have reverse DNS on their IP ::addresses, I wouldn't mind seeing the MTA adding a header like ::X-Possible-Spam: Host 209.218.8.2 does not have reverse DNS. and even ::X-Possible-Spam: Host 209.218.8.2 resolves to spam.com which does not ::resolve to 209.218.8.2. Then an email client could filter on that ::header or SpamAssassin could add a few points to the message's spam ::score. [/snip] Tom, Blackhole spam/virus filter does both of these checks as well as header tagging. It can also be installed into qmail at the queue level or run via .qmail-default or .qmail files (in vpopmail 5.2.1). http://iland.net/~ckennedy/blackhole.shtml It also integrates with Spamassassin with the latest version. (Although I haven't gotten it to work with the libspamc.so under FreeBSD yet.) Tom Walsh Network Administrator http://www.ala.net/
RE: [vchkpw] bogofilter with vpopmail?
:: furthermore you might want to try move the .qmail-bogo-spam file to :: /home/vpopmail/domains/robinbowes.com/.qmail-bogo-spam :: and move the .qmail file to :: /home/vpopmail/domains/robinbowes.com/.qmail-robin :: Would this catch everything delivered to [EMAIL PROTECTED] :: ::the problem is: i think vpopmail completly ignores ::~vpopmail/domain.com/user/.qmail-ext files. Clarification on this one point... Vpopmail doesn't ignore .qmail-ext files... the mail actually never makes it to vpopmail when you use a .qmail-ext file. The reason is order of precedence of .qmail files and how qmail treates them. .qmail-ext files placed in the domain directory are processed by qmail-local before the .qmail-default file for the domain. As such, vpopmail (vdelivermail, which is contained in .qmail-default) is never called. Like I said before... just a clarification. Tom Walsh Network Administrator http://www.ala.net/
RE: [vchkpw] bogofilter with vpopmail?
I just want to aplogize for the miscommunication. I have re-read the post again... And I am wrong. Not enough coffee this morning Oh... Nevermind. Tom sleepy Walsh ::-Original Message- ::From: Tom Walsh [mailto:[EMAIL PROTECTED] ::Sent: Monday, March 31, 2003 9:49 AM ::To: Justin Heesemann; [EMAIL PROTECTED] ::Subject: RE: [vchkpw] bogofilter with vpopmail? :: :: furthermore you might want to try move the .qmail-bogo-spam file to /home/vpopmail/domains/robinbowes.com/.qmail-bogo-spam and move the .qmail file to /home/vpopmail/domains/robinbowes.com/.qmail-robin Would this catch everything delivered to [EMAIL PROTECTED] the problem is: i think vpopmail completly ignores ~vpopmail/domain.com/user/.qmail-ext files. :: ::Clarification on this one point... :: ::Vpopmail doesn't ignore .qmail-ext files... the mail actually ::never makes it ::to vpopmail when you use a .qmail-ext file. :: ::The reason is order of precedence of .qmail files and how qmail treates ::them. :: ::.qmail-ext files placed in the domain directory are processed by ::qmail-local ::before the .qmail-default file for the domain. As such, vpopmail ::(vdelivermail, which is contained in .qmail-default) is never called. :: ::Like I said before... just a clarification. :: ::Tom Walsh ::Network Administrator ::http://www.ala.net/ :: :: :: ::
[vchkpw] qmail-smtpd-chkusr Patch Problem
I have patched my qmail to use the qmail-smtpd-chkusr functionality (on rcpt to: check to see if a user exists on the mail server and if the user doesn't send a 550). I have tested the functionality of qmail-smtpd (compiled with this patch and a couple others) and it works when I run it from the command line. My problem is when I run it from the tcpserver/supervise script the functionality doesn't work. I have managed to get it working by altering the -u and -g on the tcpserver command line to be root. When I do that it works flawlessly. It also works if I set the uid to root and set the gid to qmaild. My question (and I suppose directed at tonix): How can I get this to run with the proper user and group permissions of qmaild? Here are some of the details of my installation. /usr/bin/id -g qmaild 81 cat /etc/group |grep 81 qnofiles:*:81: ./supervise/smtp/run #!/bin/sh PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin export PATH QMAILUID=0 #NOFILESGID=0 #QMAILUID=`/usr/bin/id -u qmaild` NOFILESGID=`/usr/bin/id -g qmaild` exec softlimit -m 800 tcpserver -v -c 384 -p -R -x /usr/home/vpopmail/etc/tcp.smtp.cdb -u $QMAILUID -g $NOFILESGID 0 25 rblsmtpd -b -r relays.osirusoft.com -r relays.ordb.org fixcrio qmail-smtpd mail.ala.net /usr/home/vpopmail/bin/vchkpw /usr/bin/true 21 permissions on qmail-smtpd: -rwxr-xr-x 1 rootqmail 128528 Jun 5 16:26 qmail-smtpd I am assuming it has something to do with the setuid that the patch does, but I am unsure. Any pointers? Tom Walsh Network Admin http://www.ala.net/
[vchkpw] Migration Problems
We tried to migrate our mail server last night and everything was going along well until we brought the new machine online. We encountered a problem and I am not sure if it is a configuration option or not, but I am looking for some guidance. Our problem is when we migrated to the new server some of the mailboxes weren't being delivered to. We have maildirs in what appears to be two formats... 90% of the mailboxes are in the format of: /usr/home/vpopmail/domains/domain.com/a/username/Maildir but there are some mailboxes in the format of: /usr/home/vpopmail/domains/domain.com/username/Maildir Note the second one is missing the 0-9, A-Z directory structure. We migrated from a 5.2.1 installation, to a 5.3.20 installation. I don't know what the previous configuration options of vpopmail (5.2.1) were, but the new one (5.3.20) was: ./configure -enable-mysql=y -enable-default-domain=ala.net --enable-roaming -users=y -enable-defaultquota=100 0 --enable-clear-passwd=n -enable-learn-passwords=y --enable-mysql-repli cation=y -enable-logging=p --enable -auth-logging=y -enable-mysql-logging=y --enable-many-domains=n Is there some configuration option that I am missing? I noticed that there is a --enable-domains-dir=domains configuration option but I don't know if that directly applies to me or not. Or --enable-users-big-dir. Any help you can send my way would be greatly appreciated. Tom Walsh Network Administrator http://www.ala.net/
RE: [vchkpw] other fun vpopmail issues!
:: ::Okay on another note i'm having a boggling time getting the Seekable ::patch SpamAssassin wants to apply to vpopmail.. ::it patches fine but then on compile i get.. this is on a newly untared ::vpopmail with only allow-roaming users=y set in the config. :: :: ::gcc -I. -Icdb -g -O2 -Wall -c seek.c ::seek.c:24: conflicting types for `lseek' ::/usr/include/stdio.h:278: previous declaration of `lseek' ::*** Error code 1 :: :: ::has anyone else any idea what's going on? seems like vpopmail really ::doesn't like me this week. David, Which version of vpopmail are you applying this to? It sounds like you are patching a version that already has the seekable patch in it... I think it was added to the code base for all version after 5.3.7(?). The patch is only needed if you want to use a version older than that. Tom Walsh Network Adminstrator http://www.ala.net/
RE: [vchkpw] doublebounces non-.qmail-default | /var/vpopmail/bin/vdelivermail '' delete
Just put a comment in the .qmail or .qmail-username file... no need to invoke vdelivermail when you are going to throw it to /dev/null anyways... I have an account created on my mail server named null... in his .qmail file I have # nothing else... Has the same effect... Also note that .qmail-username is called before any vpopmail interaction. Any even better way to deal with doublebounces is to never let them into the queue in the first place... with tonix patch (smtpd-chkusr). Tom Walsh Network Administrator http://www.ala.net/ ::-Original Message- ::From: leonard [mailto:[EMAIL PROTECTED] ::Sent: Thursday, August 14, 2003 12:36 PM ::To: [EMAIL PROTECTED] ::Subject: [vchkpw] doublebounces non-.qmail-default | ::/var/vpopmail/bin/vdelivermail '' delete :: :: ::-BEGIN PGP SIGNED MESSAGE- ::Hash: SHA1 :: ::Hello, :: ::To deal with spam/double-bounces, ::I wrote in /var/qmail/control/doublebounceto : doublebounce ::which is the name for a .qmail-doublebounce file ::and in it I used | /var/vpopmail/bin/vdelivermail '' delete ::... like it was a .qmail-default. :: ::Is this possible for regulars .qmail-aliases too ? ::If not where do the eMails go ? :: ::Thank you, ::Maybe I found an easy way to deal w/ doublebounces... :: ::Guillaume :: ::-BEGIN PGP SIGNATURE- ::Version: GnuPG v1.2.1 (GNU/Linux) :: ::iD8DBQE/O8hooqOw021SWZYRAkXnAJwKfqEGnnGOJqV411VuciijYcBYrACffFPg ::rHK4gdi7Y0/OSWahNlcmIP4= ::=gdL7 ::-END PGP SIGNATURE- :: ::
RE: [vchkpw] doublebounces non-.qmail-default | /var/vpopmail/bin/vdelivermail '' delete
::Beware that this does not seem to work 100% with vpopmail. Check ::the archives ::for a better answer. :: ::As a side note, # is not like /dev/null, but perhaps you knew that. Upon further reflection I can see how that might be inferred. Just to be clear... dotqmail files are used as delivery instructions for qmail... and a # is actually nothing more than a comment... and with nothing else in the dotqmail file... the delivery agent doesn't know what else to do with the message and basically drops it to the floor and moves on. And in response to the vpopmail issue, which I wasn't aware of... if you created a .qmail-null file with a # in it... then it would bypass the vpopmail delivery agent... (Thank you Oden for bringing that to my attention.) I have used a .qmail file on my null user in both 5.2.1 and 5.3.20 (currently in production) with no problems. Same end result... Tom Walsh Network Administrator http://www.ala.net/
RE: [vchkpw] vpopmail mysql
:: hi folks, :: :: does work vpopmail with MySQL 4.1.0? or only with version 3? Just to provide a me too... We are currently using 4.0.13 in production coupled with replication and has worked flawlessly for us. (We dediced to go with 4.0.x because of the positive things I have heard with regard to speed performance coupled with replication.) Tom Walsh Network Administrator http://www.ala.net/
[vchkpw] vpopmail+spamassassin+clamscan
There was some discussion a while back about making SA work with vpopmail.
Most solutions I saw used .qmail-username or .qmail-default which wasn't the
right method for us. Below is a quick write up on how to use SA+clamscan
from a .qmail file in the users maildir. We also pull user preferences for
SA from SQL, so the line we use to call SA might not be what you want.
Delivery and hand off for scanning is handled by maildrop.
First and foremost, make certain that the user vpopmail has a valid shell...
this is very important as vdeliermail will run anything in the .qmail as the
user vpopmail, provided the application doesn't do a setuid/setgid, which
maildrop does not do. (That alone cost me 3 hours to troubleshoot.)
For each user you want to enable SA and virus scanning put the following in
a .qmail file in the users directory:
| /var/qmail/bin/preline /usr/local/bin/maildrop
/usr/home/vpopmail/domains/.mailfilter
Make sure that this file has been chmod'ed to 600 (u+rw) and is owned by
vpopmail:vchkpw otherwise it will not be run.
The .mailfilter listed above contains (some of this script has come from
another list member, but I forgot his name, if you contact me I will give
credit where credit is due), it must also be chmod'ed to 600 with owner
vpopmail:vchkpw :
import EXT
import HOST
VHOME=`/usr/home/vpopmail/bin/vuserinfo -d [EMAIL PROTECTED]
# Check for Spam if it is smaller than 250KB
if($SIZE 262144)
{
xfilter /usr/local/bin/spamc -d 192.168.1.2 -t 20 -f -u [EMAIL PROTECTED]
}
if ((/^X-Spam-Flag:.*YES/))
{
`/bin/test -d $VHOME/Maildir/.Spam`
if( $RETURNCODE == 1 )
{
`/var/qmail/bin/maildirmake $VHOME/Maildir/.Spam;
/usr/sbin/chown -R vpopmail:vchkpw $VHOME/Maildir/.Spam`
}
to $VHOME/Maildir/.Spam/
}
# If it isn't Spam, then we scan for Virus if it is smaller than 2MB in
size... anything larger... they are on their own
if($SIZE 200)
{
xfilter /usr/home/vpopmail/domains/clamscan.sh
}
if ((/^X-Virus-Status:.*INFECTED/))
{
`/bin/test -d $VHOME/Maildir/.Virus`
if ( $RETUNRCODE == 1 )
{
`/var/qmail/bin/maildirmake $VHOME/Maildir/.Virus;
/usr/sbin/chown -R vpopmail:vchkpw $VHOME/Maildir/.Virus`
}
to $VHOME/Maildir/.Virus/
}
#If it isn't Spam or Virus, then deliver normally
to $VHOME/Maildir/
The specific lines of interest are the xfilter lines. We use spamc/spamd to
offload the very CPU intensive process of spam scanning to another machine
on the private network. That is what the -d directive is for which tells SA
which IP to connect to for spamd...
The clamscan.sh file is a wrapper for the clamscan binary. We need to do
this because of the incompatibility between how clamscan operates and how
maildrop expects an xfilter program to operate. maildrop expects any message
it sends out to an xfilter program to be returned to it via stdout. The
problem is that the clamscan binary only returns the results of the scan,
not the message, so we have to create a shell script to pass the altered
message back to maildrop via stdout, also we use the shell script to alter
the exit code of clamscan (0 if clean and 1 if infected) to be compatible
with what maildrop expects. maildrop expects the application to return a
exit code of 0, so we have to alter it.
You will need bash in order to use this.
#!/usr/local/bin/bash
# Created by Tom Walsh
# slim at ala.net
MSG=$(/bin/cat /dev/stdin) # Is there a better way to do this?
SCAN=$(echo $MSG | /usr/local/bin/clamscan - --stdout --disable-summary)
EXIT=$?
VIRUS=$(echo $SCAN | awk '{print $2}')
SUBJECT=$(echo $MSG | /usr/local/bin/reformail -x Subject:)
if [ $EXIT == 1 ]; then
SUBJECT=**VIRUS** [$VIRUS] $SUBJECT
MSG=$(echo $MSG | /usr/local/bin/reformail -aX-Virus-Status:
INFECTED -iSubject: $(echo $SUBJECT))
else
MSG=$(echo $MSG | /usr/local/bin/reformail -aX-Virus-Status: CLEAN)
fi
echo $MSG
exit 0
And just for completeness... I have included our spamd config line to let
you know how to pull settings from SQL:
/usr/local/bin/spamd -a -d -q -x -m 50 -u spamd -i 192.168.1.2 -A
192.168.1.100 -A 192.168.1.101
The -i directive tells spamd to listen on IP 192.168.1.2, by default it only
listens on 127.0.0.1
The -A directives tell spamd which IPs to accept connections from.
You also need to odify your local.cf file to include the settings for
connecting to the SQL server All of that is covered in the README for
SQL: http://www.spamassassin.org/dist/sql/README
I hope that helps somebody... We are going to be ramping up the load on the
SA box shortly to see how well it scales... We are considering doing load
balancing via two SA boxes and a psuedo-random IP selector script that will
feed a variable $IP to the .mailfilter script above... something like:
IP=`/path/to/ipscript.sh`
xfilter /usr/local/bin/spamc -d $IP -t 20 -f -u [EMAIL PROTECTED]
If anybody has any comments or suggestions I would be willing to hear
them... I
RE: [vchkpw] doublebounces non-.qmail-default | /var/vpopmail/bin/vdelivermail '' delete
::Tom, I've been tracking this thread with great interest. But it's
::implementation didn't make complete sense. If I understand correctly:
::
::/var/qmail/control/doublebounceto
::: doublebouncentonull
::
::.qmail-doublebouncetonull
::#
::
::This method pipes a doublebounce to a comment, which is essentially a
::/dev/null and the message dies quietly.
::
::What I'm not understanding is where to put the .qmail-doubnull file
::in the vpopmail domains structure given that I have multiple domains
::hosted?
::
::Does it go into the qmail (/var/qmail/{alias|users}) environment or the
::vpopmail environment? Per domain or single instance? Where to put the
::.qmail
::
::Thanks for helping clarify, this sounds really helpful.
::D.
D.
As others have eluded to in follow-ups to your post... There are a couple of
different ways to accomplish this... It all depends on how you want to
implement it.
I am sure you can't put a fully qualified email address in doublebounceto
(been there done that)... qmail affixes the local domain
(/var/qmail/control/me) to your name in doublebounceto OR you can also add
another directive to the /var/qmail/control/... doublebouncehost... this
will concatenate with doublebounceto to create a fully qualified email
address to send double bounces to.
So for instance if you had in your /var/qmail/control/doublebounceto:
null
and your /var/qmail/control/me has:
mail.domain.com
then the null in the doublebounceto file will be expanded to:
[EMAIL PROTECTED]
OR if /var/qmail/control/doublebouncehost has:
domain2.com
then the null in the doublebounceto file will be expanded to:
[EMAIL PROTECTED]
If you don't have mail.domain.com or domain2.com as a vpopmail virtual
domains (entry in /var/qmail/users/assign), then qmail will assume that it
is a local user delivery (at least for mail.domain.com, an MX lookup would
be done for domain2.com if it isn't local ie: rcpthosts, morercpthosts,
etc). It will then consult the /var/qmail/alias/ dir to see if there is a
.qmail-null file there.
On the other hand if mail.domain.com or domain2.com _are_ vpopmail virtual
domains then you can put the .qmail-null file in the
~vpopmail/domains/mail.domain.com or ~vpopmail/domains/domain2.com
directory. Once again delivery will be handled properly.
To answer your other questions... the /var/qmail/control is qmail wide... so
all domains that qmail/vpopmail handle are covered by those directives.
Fun huh? :)
Tom Walsh
Network Administrator
http://www.ala.net/
RE: [vchkpw] vpopbull question
vpopbull expects a fully rfc compliant email message as its input. Make sure you have the email headers in place and correctly formatted. Also any aliased domains will have duplicate emails delivered Learned that one the hard way... Tom Walsh Network Administrator http://www.ala.net/ ::-Original Message- ::From: Evren Yurtesen [mailto:[EMAIL PROTECTED] ::Sent: Monday, August 18, 2003 6:57 AM ::To: [EMAIL PROTECTED] ::Subject: [vchkpw] vpopbull question :: :: ::I have a funny question, unless I set the date in the email file that I ::provide to vpopbull, the email is dated that its sent at about 1970 :) ::or the mail client assumes so... ::Is there any way to set the date automatically? :: ::Evren :: ::
RE: [vchkpw] Problems Upgrading from 5.3.20 to 5.3.24
::I think I may have found the problem. Was there a structural ::change from 5.3.20 ::to 5.3.24 in the mysql database? :: ::Just to see if I could create a new domain and have it work, I did the ::following: :: ::[EMAIL PROTECTED]:/usr/local/vpopmail/bin# ./vadddomain blah.com ::Please enter password for postmaster: ::enter password again: ::vmysql: sql error[3]: Table 'vpopmail' already exists ::vmysql: sql error[3]: ::vmysql: sql error[2]: Unknown column 'pw_clear_passwd' in 'field list' ::Error: Unable to chdir to vpopmail/users directory It sounds like you have clear passwords enabled in your vpopmail config, which I think is defautled to enabled. Reconfig and recompile vpopmail with the option --enable-clear-passwd=n and that should fix the error above. Some where (I forget which version) that option became enabled by default. This breaks upgrades from versions where it wasn't enabled by default (5.2.x). Tom Walsh Network Administrator http://www.ala.net/
RE: [vchkpw] vpopbull question
Ron, This was 5.2.0 or 5.2.1 I forget which one I was running at the time (about 2 months ago). I have since upgraded to 5.3.20, and have only sent each iteration of vpopbull to only one domain at a time. I had enough egg on my face (and an increased level of tech calls, those tech support techs can be such whinners when you create more call volume for them ;) ) to not dare try it any other way since that time. Let me know if you need to know specifically which version as I have to install these scsi drives and scsi card in another machine to know for sure. (Pulled them to repurpose the old mail server and didn't dare lose the data ;). Tom Walsh Network Administrator http://www.ala.net/ ::-Original Message- ::From: Ron Guerin [mailto:[EMAIL PROTECTED] ::Sent: Monday, August 18, 2003 2:08 PM ::To: Tom Walsh ::Cc: vpopmail ::Subject: RE: [vchkpw] vpopbull question :: :: ::On Mon, 2003-08-18 at 10:55, Tom Walsh wrote: :: :: Also any aliased domains will have duplicate emails ::delivered Learned :: that one the hard way... :: ::What version of vpopmail? I'm just curious if that behavior remains in ::the development version. That sounds like a bug. :: ::- Ron :: ::
RE: [vchkpw] synchronize control files
The only thing we have come up with is a scripted method (we remotely call the vpopmail binaries anyways). Bascially we do the following... Add the domain... Check that [EMAIL PROTECTED] is a valid mailbox, if it is, then we scp the various files (morercpthosts, rcpthosts, assign, virtualdomains). After they are copied over we MD5 them to make sure they are identical, then run the various apps to update them (qmail-newu, qmail-newmrh). I am positive this isn't the best solution, but the only one we have come up with to date. Tom Walsh
RE: [vchkpw] Spamassassin + qmail + vpopmail + procmail + courier-imapd + squirrelmail + qmail-scanner + clamav
::http://www.mail-archive.com/[EMAIL PROTECTED]/msg13511.html ::Where is says [EMAIL PROTECTED] in the above document, use [EMAIL PROTECTED] ::Also, I had to change a few things to fet this to work for me, like the ::locations of the binaries, and the X-Spam-Status header name, etc. I also have a more up to date version of the clamscan wrapper shell that is listed in the archives. It is available from http://mail.ala.net/spam/ It uses clamdscan/clamd now instead of just clamdscan... It isn't terribly secure, but does work... There was some talk about having it included in the clamscan distro in the contrib section but I don't know if the developers have done that yet. As an aside, you don't _have_ to have the QMAILQUEUE patch to run qmail-scanner. You can simply copy the old qmail-queue application out of the way to something like qmail-queue.orig and modify the source of the qmail-scanner app to find the original version of qmail-queue to hand off to and just name the qmail-scanner app to be qmail-queue. This method does not allow you to be selective on what you scan, like the QMAILQUEUE patch method allows however. Just some clarification on that. Tom Walsh Network Administrator http://www.ala.net/
RE: [vchkpw] maildrop mysql, and ongoing courier battles
::All I want to do is invoke maildrop from .qmail-default for some ::domains, and ::have maildrop read the users homedirs from the mysql db. :: ::Apparantly, it doesn't work. I tried virtually everything. I ::added the -V 9 ::option to maildrop for debugging, and it always says: Just a stab in the dark... but what shell do you have for the user vpopmail? is it a valid shell or something like /bin/nologin? Try using a valid shell for the vpopmail user. maildrop doesn't run setuid so it must be run under the shell of the executing user. At least that is what I encountered when trying to run maildrop from user level dot-qmail files. HTH, Tom Walsh Network Administrator http://www.ala.net/
RE: [vchkpw] Re: telnet authentification ?
[snip] ::What? webmail? Or POP3 + IMAP? Or all three? But a POP3-Webmail ::technically ain't possible [/snip] Just a point of correction... Horde/IMP uses IMAP or POP3 as a method of accessing the mailstore for a given user (and it is really an inefficient implementation too but that is a discussion for another list). I am not sure about others, but I know IMP has that functionality. Tom Walsh Network Administrator http://www.ala.net/
[vchkpw] enable-auth-logging purpose?
I am trying to get a clearer picture of what --enable-auth-logging does. The configure --help tells me that: --enable-auth-logging=y|n Turn on (y) or off (n, default) logging authentication attempts, only valid for mysql and oracle but then how does that relate to: --enable-mysql-logging=y|n Turn on (y) or off (n, default) logging detailed authentication attempts, only valid for mysql Does that mean that auth-logging is also responsible for information that ends up in the syslog? Also the screen after my configure (the configure summary screen?) conflicts with the configure --help. My summary screen says: auth logging = ON --enable-auth-logging=y (default) which is obviously contradictory to the line at the beginning of my message about what the --help contains. The vpopmail version I am running 5.3.20. I know that it is out of date, but it is installed in a production server cluster so I am not willing to play Russian roulette with a new version. TIA, Tom Walsh Network Administrator http://www.ala.net/
[vchkpw] vdelolduser question
Recently I tried to remove the auth-logging feature from our vpopmail configuration. First some background: I had determined that our configuration was still very master database dependant which is not one of our project goals. Basically we have local databases on each client in the mail cluster we are running. It works great because the master replicates the data to the slaves, so we don't have to worry about moving the data around. Our goal was to try and provide a reasonably available mail cluster for our clients, in that if the master was down (which handles mysql and nfs duties) the mail servers would queue messages and wait for the nfs to come backup. The problem we encountered was that with the vpopmail options we had used required constant update or insert queries (which are handled in the libvpopmail and sent to the master server because of the replication settings we used in vpopmail). So if the master was down... we had timeout issues with pop3 authentication. So I tried to recompile vpopmail without mysql-logging and auth-logging, but ran into a problem when compiling vpopmail 5.3.20 under FreeBSD 4.8. vdelolduser.c complained about an undefined function vget_lastauth and failed to compile (with the option --enable-auth-logging=n). Now... My question is this: I modified the vdelolduser.c and moved the #endif that had commented out the main() section of the vdelolduser.c if ENABLE_AUTH_LOGGING was not defined to the end of the file... So basically... I made it so that if ENABLE_AUTH_LOGGING wasn't enabled, none of the functions or the main section of vdeloldusers would be compiled. Would that have any negative effects? Other than the obvious that vdelolduser is a useless binary. We don't have a need for that anyways... So that is why I am asking here to see if it has any internal uses that I don't see. Any help or guidance is appreciated. Tom Walsh Network Administrator http://www.ala.net/
RE: [vchkpw] Vpopmail Problems
003-12-09 08:10:57.277587500 delivery 11292: success: link_REALLY_failed_/apps/vpopmail/domains/ Does anyone ever got this error ? I mailed once to this mailing list about this error but no one answered... can, I'm I emailing to the wrong maling list ? I have seen this error before, but only at the user directory level. When it occurs for me, what it means is that the user is missing the tmp or the new dir. When a message is first delivered to a mailbox, it is created I nthe ./tmp dir and then hardlinked to the ./new directory. So it sounds like something (a directory perhaps) is missing. HTH, Tom Walsh Network Administrator http://www.ala.net/
[vchkpw] Further Tweaks for better master/slave replication
In my never ending quest to achieve a truly redundant mail cluster, I have been trying to remove the suprious database functions that aren't needed in our installation. I have finally put into production our latest changes to remove the need for the vlog table (--enable-mysql-logging=n) as well as the lastauth table (--enable-auth-logging=n). I still have some updates that are hitting the master server that I don't think are necessary: replace into lastauth set user=username, domain=domain.com, remote_ip=webmail, timestamp=1071177181 And replace into relay ( ip_addr, timestamp ) values ( 192.168.1.100, 1071177219 ) I think I have an idea as to where these can be isolated, but wanted to ask the list and see what anybody had to say on the matter... The lastauth is obviously coming from sqwebmail (our webmail client). Do I have to recompile sqwebmail against the updated libvpopmail.a (the one that no longer has the lastauth code in it) to get it to stop updating the lastauth table? Or is there something else perhaps a config option in the sqwebmail itself? Or even worse hack the sqwebmail code to remove the lastauth call? It seems to reason that sqwebmail would only use lastauth in the database if it knew it was there so I think there is something to do with the libvpopmail.a rather than anything else. The relay I believe would be sorted if I removed the vpopmail configure option of --enable-roaming-users=y, but I want to make sure before I go ahead and do that. We already use a patched qmail-smtpd to allow smtpd-auth, so roaming users (with regard to vpopmail is redundant). Unless it is also needed for things like updates to the tcp.smtp.cdb database... Just looking for some clarification on that directive and what it will effect by setting it to no. Thanks in advance. Tom Walsh Network Administrator http://www.ala.net/
RE: [vchkpw] Further Tweaks for better master/slave replication
Tom, (I feel like I am talking to myself... But what else is new) We are not using Courier for our POP/IMAP (no IMAP at all). Instead we are using qmail-pop3d for pop auth, so something else is causing that relay entry to appear. Any other thoughts? Ideally, I would just like the server to use tcp.smtp.cdb file instead of the database... I am pretty sure that you need the --enable-roaming-users=y for it to use the cdb file, but I guess there is some logic in there that also adds the functionality to the database if the --use-mysql is enabled... I will trip through the code to see if I can find a reference to that... TIA, Tom Walsh Network Administrator http://www.ala.net/ -Original Message- From: Tom Collins [mailto:[EMAIL PROTECTED] Sent: Thursday, December 11, 2003 4:51 PM To: vpopmail list Subject: Re: [vchkpw] Further Tweaks for better master/slave replication On Thursday, December 11, 2003, at 02:36 PM, Tom Walsh wrote: The lastauth is obviously coming from sqwebmail (our webmail client). Do I have to recompile sqwebmail against the updated libvpopmail.a (the one that no longer has the lastauth code in it) to get it to stop updating the lastauth table? Or is there something else perhaps a config option in the sqwebmail itself? Or even worse hack the sqwebmail code to remove the lastauth call? It seems to reason that sqwebmail would only use lastauth in the database if it knew it was there so I think there is something to do with the libvpopmail.a rather than anything else. libvpopmail is statically linked into programs that use it, so updating vpopmail will always require that you recompile programs that interface to it (like sqwebmail). The relay entry could be from Courier-IMAP if you're using it as your POP/IMAP server. Recompile Courier since it links into libvpopmail as well, and that update may go away. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
[vchkpw] Uneven distribution of Mailboxes in virtual domain structure
I have noticed some unique behavior with regards to where vpopmail
decides to place a new user folder.
We have a domain with over 5000 mailboxes and vpopmail is using folders
under the domain to hold the maildirs.
For example:
[EMAIL PROTECTED] has the maildir location of:
~vpopmail/domains/domain.com/a/user1
There are subfolders ranging from 0-9 as well as A-Z and the letter a.
The break down of maildirs per directory is:
0 61
1 59
2 55
3 54
4 48
5 50
6 49
7 54
8 48
9 48
A 52
B 52
C 50
D 57
E 56
F 49
G 54
H 53
I 52
J 57
K 50
L 40
M 56
N 47
O 52
P 51
Q 52
R 39
S 44
T 48
U 40
V 35
W 36
X 30
Y 41
Z 36
a3485
(Generated with: for i in `ls -la | grep drw| awk '{print $9}'`; do echo
-n $i; ls -la $i | grep drw| wc -l; done)
It seems that a preponderance of maildirs are being created in the
directory a. To the point where I think the directory hash is suffering
(ufs based filesystems).
I have also had a problem with vpopmail removing deactivated accounts
completely. Sometimes when a users account is deactivated I can go back
to the users directory and find some dir (tmp, cur, or new) still
remaining. This causes a reactivation to fail with User's directory
already exists?. I then delete the users maildir remnants and the
reactivation occurs as it should.
I am also running NFS on the backend... So that might have something to
do with the removal problem... But is certainly not the problem with the
directory selection. Seems like more entropy is needed in the directory
selection algorithm.
The system is FreeBSD 4.8 running vpopmail 5.3.20 with an NFS backend
for the ~vpopmail/domains/.
Thoughts or comments?
Tom Walsh
Network Administrator
http://www.ala.net/
RE: [vchkpw] checkuser patch
Of course if the checkuser patch could consult a mysql database instead it would be cleaner but gotta live with what we have. If anyone has a better solution let me know. I run a cluster of qmail/vpopmail using mysql replication and NFS, and it all works flawlessly. I'm planning on integrating the chkuser patch shortly to start reducing the volume of queued bounces I have to deal with. To further Nick's comments... This (vpopmail front end servers with a common NFS store and users in mysql) is how we run now and it works great. The checkuser patch works perfectly with mysql because it makes calls to the libvpopmail.a to handle lookups, so if you have vpopmail compiled with the correct settings for mysql (vmysql.h and appropriate configure options) it works perfectly. A couple of gotchas though... If you are running a high concurrency on qmail-smtpd be sure that your mysql server has a similar max connection limit. If the checkuser cannot talk to the mysql server (too many connections) it will send out a rejection notice for a valid user (chkuser - 5.1.1 I think, been a while since I have seen one . Been there, done that, bought the cheap t-shirt.) I was never able to get the checkuser patch and our smtp-auth patch to work together. So if you are using an smtp-auth patch verify that both work together before moving it into production. And yes... It really does cut down on the double bounces... Previously before using the patch our qmail-queue use to run about 13K to 15K messages (and that was with a 2 day expire instead of the stock 7 day queuelength). We now run (combined among our servers) ~2000. Big difference. And we are very pleased with the checkuser patch... I worry about harvesting attacks against our server, as it lets the spammer know right away which address is valid and which isn't... But that really is a problem with the SMTP spec... Not the checkuser patch... We have been running the checkuser patch since July 2003 and have had no problems other than the SMTP-AUTH and mysql max_connections issues. Tom Walsh Network Administrator http://www.ala.net/
RE: [vchkpw] Spamassassin + Clamav Antivirus + vpopmail
I know qmail-scanner.pl, but is this a fast method ? Meanwhile.. My Spamassassin needs aproximately 10 seconds for scanning one message. Is this the normal duration ? I use a known spam message as a test bed for tuning performance of our SpamAssassin installation. You can run: cat /path/to/known/spam/message | spamassassin -D Review the output of this command to determine which processes are taking so long. More than likely you are making DNS calls to RBLs that aren't responding in a timely fashion or are using another service (pyzor, which we have had disabled since December) that is slow to return a response. With proper tuning your SpamAssassin can be made to scan messages in under .6 seconds with a full battary of external tests. (This is even on a 1GHz 512MB AMD Athlon machine.) If anybody is interested in some of the performance tweaks we have made to SA, please let me know. Tom Walsh Network Administrator http://www.ala.net/
RE: [vchkpw] Spamassassin + Clamav Antivirus + vpopmail
If anybody is interested in some of the performance tweaks we have made to SA, please let me know. Due to the response I got from this post... I have created a down and dirty SA config page... Please keep in mind these are only configuration tweaks... Not actually changes to the SA software. As always SA is limited by your CPU first, Memory second, and network connection third. Anyways here are the tweaks web page: http://www.expresshosting.net/howto/sa.html Tom Walsh
RE: [vchkpw] Spamassassin + Clamav Antivirus + vpopmail
On Mon, 2004-01-26 at 15:57, Tom Walsh wrote: I know qmail-scanner.pl, but is this a fast method ? Meanwhile.. My Spamassassin needs aproximately 10 seconds for scanning one message. Is this the normal duration ? I use a known spam message as a test bed for tuning performance of our SpamAssassin installation. You can run: cat /path/to/known/spam/message | spamassassin -D you should be using spamc and not spamassassin. spamd/spamc is a much better combination, especially on heavily loaded servers. Jeremy, While you are completely right spamc/spamd are a better combination for performance, there are no debugging abilities in spamc/spamd where as there are many debugging functionalities in the standalone spamassassin script. The purpose of my example was to help troubleshoot a slow spamassassin installation, not to provide a working solution to the problem. I stand by the fact that running spamassassin with the -D comamndline switch is an effective method of testing spamassassin and the various checks that SA performs. Tom Walsh Network Administrator http://www.ala.net/
RE: [vchkpw] qmail-scanner replacement
I would like to know if there's some program to replace qmail-scanner (I don't even need the anti-spam feature, I wanna just scan my messages with ClamAV). I have lots of mail servers and some of them are too large to run things written in perl. I'm looking for something made with real programming language, like C or C++. Eduardo M. Bragatto. As another alternative... Check out: http://projects.gasperino.org/scrubber/ Threaded, daemonized, modular, scanning. (Linux only we think.) We are looking this over right now... Very fast... But seems to be very beta... Tom Walsh Network Administrator http://www.ala.net/
RE: [vchkpw] Server Farm..
Thanks for the info! NP... A bunch of late nights info has not gone to waste. How do you find NFS performance? (Did you use any special tweaking/mount options?) And what are you using for auth?(NIS/LDAP etc) For the most part the NFS performance is good... Even with a 100BaseT switch as the backend switch for the NFS share. Runs on average about 400KBps constant, with spikes up to 2MBps due to remote rsync processes backing up data to the NFS store (we use it as our backup dumping ground as well), so it should scale rather well. Our current mount options are: rw,intr,nfsv3,dumbtimer,noatime,rdirplus,tcp,-r=32768,-w=32768 I have also heard that by altering the MTU of the internal (NFS) interface it is possible to achieve greater performance, but your switch must support Jumbo Frames, and I am only aware of a couple of GigE switches that support that. The rational behind this is that NFS's default packet size is 4K, so by bumping the MTU to a similarly large value 4K-6K there is no fragmenting of the NFS packet. At least so I have heard. ;) As for authentication, we only have a few admins so we just setup the accounts manually. We had considered NIS, but the reward to risk factor was a little to high for very minimal gain. I like LDAP, but the added complexity isn't something I want to deal with right now. Maybe in the future. I would like to consider a Linux alternative, but majority of our support staff are not Linux savvy... We are primarily a FreeBSD shop ourselves... I have a background in both BSD (HP-UX) as well as Linux so I can easily switch back and forth between the two. Occassionally I hit something that causes a problem (netstat -nap on FBSD doesn't work, and I really wish Linux had something like systat -vmstat) but I think that newer iterations of FBSD are close enough to Linux as far as the admin utils that I don't really have a problem. Our boss is talking more and more about the money being spent on Linux by major players (IBM, et al) and how FBSD is an after thought. The 3ware support in FBSD comes to mind on that one. 3Ware support will typically lag 6 months behind Linux. Our current mail cluster is FBSD based, but because of the need for DRBD, we have to switch our NFS to Linux, as (to my knowledge) FBSD doesn't have anything like DRBD available for it yet, barring a shared SCSI implementation. Mixing NFS from diffirent vendors I have been told can lead to weird problems and I just want to avoid that all together. Just out of interest - What are you using to sync data(configs etc) - You also mention NFS servers...So I assume you are running more than one behind a loadbalancer...how are you synching data between them? Our configs for qmail are being shared out from the NFS server (control/* users/*) with control/me being a symbolic link to /var/qmail/me so that each machine maintains their identity in the cluster. I am still not sold on this idea but I think that for diagnostic purposes it is probably the better solution. (--enable-file-locking=n in vpopmail) The NFS is only in the design phase right now. We have a single NFS server with RAID1+0. The plan is to have an additional server (also on the same internal LAN, behind the load balancer) that will be syncing all data from the master (read: current NFS server) to the slave via DRBD. The slave will monitor the master via heartbeat (http://www.linux-ha.org). Heartbeat runs a ping to the master server checking that the master still responds via serial cable on a set interval. In the event that heartbeat is unable to contact the master server the slave issues an arp broadcast effectively doing an arp poisoning on the current arp cache for the machines talking to the master. All subsequent traffic that was destined for the masters IP address will then be sent to the slave (fake is the app that handles that). I have not run any tests on this configuration as of yet, but it is planned. There is a minor delay in the arp propegation, but it is rather quick... Like 10-15 seconds. Hope that answers some of your questions. Tom Walsh Network Administrator http://www.ala.net/
