[vchkpw] Dead aliases and EZMLM lists
I recently installed the magicmail-smtpd drop in replacement for the standard qmail-smtpd, which adds a significant number of spam control possibilities. Actually, spam traffic on my server, dropped to about half after the installation. Nonetheless, after installing, qmailadmin created aliases dont work (I can create, modify and delete, but) messages sent to an alias result in a User does not exist error and the message is bounced back. The same problem exists with ezmlm lists. I can create, modify, etc via qmailadmin, but messages sent to the lists get bounced back with the same User does not exist error. Any ideas? Thanks!! Max Esquivel
Re: [vchkpw] Better smtp logs
HI! Thanks to all!! I think I have what's required. I implemented recordio suggestion. Nonetheless, I think the chkuser patch solution is much better, although I have not implemented it yet. Again. Thanks Max On Feb 22, 2007, at 10:45 AM, Tom Collins wrote: On Feb 21, 2007, at 2:56 PM, Max Esquivel wrote: Is there any way to configure the smtp log to show which account is being logged in or auth'ed to send, sort of like what the pop log shows? Take a look at the chkuser patch http://www.interazioni.it/ opensource/chkuser/. It will log the SMTP envelope information, including what account authenticated. It also rejects email to non- existent users at the SMTP level, instead of waiting for it to get to vdelivermail and generate a bounce. Also consider simscan http://inter7.com/simscan/. It logs the sender, recipient, ip address and subject line of messages considered spam. You could modify it to log more headers if chkuser isn't giving you enough. -- Tom Collins - [EMAIL PROTECTED] Vpopmail - virtual domains for qmail: http://vpopmail.sf.net/ QmailAdmin - web interface for Vpopmail: http://qmailadmin.sf.net/
[vchkpw] Better smtp logs
Hi all. Im not sure this is the right ML so if it is not I apologize and please point me in the right direction. Thanks! I have a qmail server (qmail, vpopmail-no mysql). I have ssome 500 client email accounts distributed over some 30 domain names. Im having serious SPAM problems in the sense that some spammer is using legit username/pw combinatioss to authenticate and send his/her garbage. I cant , for the life of me, determine which accounts are suspect or are compromised. On my system, mail.log (/var/log/mail/ log) provides good info for pop and spamd activity, showing what user a pop connection is opened and closed for like so: Feb 21 14:48:57 sjo pop3d: Connection, ip=[:::190.10.14.44] Feb 21 14:48:57 sjo pop3d: LOGIN, [EMAIL PROTECTED], ip= [:::190.10.14.44] Feb 21 14:48:57 sjo pop3d: LOGOUT, [EMAIL PROTECTED], ip= [:::190.10.14.44], top=0, retr=0, rcvd=12, sent=39, time=0 Since I am interested in smtp though, I look at /var/log/qmail/smtpd/ current and find that the info only tells me the connecting IP, target IP and stasus info: @400045dccd01188edb8c tcpserver: pid 4555 from 82.237.85.167 @400045dccd01188ffc9c tcpserver: ok 4555 sjo.sinapsisglobal.com: 66.228.222.190:25 :82.237.85.167::4430 @400045dccd020d221944 tcpserver: end 4551 status 0 @400045dccd020d2228e4 tcpserver: status: 12/120 @400045dccd021e11902c tcpserver: end 4555 status 256 Is there any way to configure the smtp log to show which account is being logged in or auth'ed to send, sort of like what the pop log shows? Any help will be immensely appreciated. Max
Re: [vchkpw] Maintenance mail to all user / to a whole domain
Use vpopbull: usage: vpopbull [options] -f [email_file] [virtual_domain] [...] -v (print version number) -V (verbose) -f email_file (file with message contents) -e exclude_email_addr_file (list of addresses to exclude) -n (don't mail. Use with -V to list accounts) -c (default, copy file) -h (use hard links) -s (use symbolic links) Its also handy to list all the email accounts in your system (vpopbull -n -V) On Feb 2, 2007, at 9:06 AM, Renaud wrote: Hello, I'm using a qmail+vpopmail and I was wondering if you already heard about a solution that would let me send a mail to all existing users in the vpopmail database (or to all users of a specific domain) without the need to create a mailing list or an alias containing all of them? My current solution would be to actually update the subscribers list of such a mailing list every night.. (anyone could post to an alias, the users wouldn't like it :)) Thanks, Regards, Renaud
Re: [vchkpw] Qmail with Simscan, SA and ClamAv
Thanks all for the suggestions. Been looking at things in more detail: 1) Im not sure how many sessions we are handling. I do now we were maxing out at 120 connections per sec at peak times. 2) we do have spamc and spamd running. spamd --max-children 25 -x -v -d --pidfile=/var/run/spamd.pid 25 childs enough? 3) Running vpopmail and not using mysql. 4)We do have todo patch installed. 5) LOG Files: a) Mail.log at a glance these are all legitimate users with hosted domains on the server. looks pretty normal. b) Mail.err theres a lot of this entry: pop3d: Maximum connection limit reached for :::201.194.10.118 Looking at these IP's they correspond to the IP numbers of my country's ISP's through which most of my users connect to the internet, so that would seem to makes sense. Leaving number of max connections per IP as is for now. I found a lot of this as well: imapd: /usr/lib/courier-imap/etc/ shared/index: No such file or directory. (PS. all catch-alls are set to bounce, but I dont know if this is related in any way). c) simlog: there are quite a few, actually a LOT, of connect error 2 messages. Traced it back to p0f fingerprinting. Have turned it off and have also disabled checking mail from local users to the outside. Have simscan/SA/Clam running smoothly for about an hour now. Will wait for a peak in email traffic see how it handles it. Again. Thanks to all for observations and suggestions so far. I will continue to look at this and post back anything that may be useful. Max
