RE: [vchkpw] Re: Qmailadmin feature request
> -Original Message- > From: Davide Giunchi [mailto:[EMAIL PROTECTED]] > Sent: Friday, February 07, 2003 4:56 AM > To: Rhett Hermer; [EMAIL PROTECTED] > Subject: Re: [vchkpw] Re: Qmailadmin feature request > > > Il 09:13, venerdì 7 febbraio 2003, Rhett Hermer ha scritto: > > If djb doesn't want to improve qmail with all of those > patches et al, then > > what's stopping us to write new MTA based on qmail design? > Is there any > > restriction that I am not aware of? > > I don't think that anybody here want to write > yet_another_mta, probably if > somebody is unhappy with qmail it will pass to postfix. > > Regards. > > -- > Davide Giunchi. > Membro del FoLUG (Forlí Linux User Group) - http://folug.linux.it > GPG Key available on http://www.keyserver.net > Fingerprint: 4BFF 2682 6A58 ECFE 071B A1A4 F2A3 9EFA 6494 81FD > > Not to mention there are those of us that don't want 300 patches integrated into qmail. Patches should be used on an as-needed basis, not simply because they exist. And even then, it's highly recommended that one look for an add-on app that will supply the requested feature instead of patching the qmail source. Regards, Robert Kropiewnicki
Re: [vchkpw] Re: Qmailadmin feature request
Il 09:13, venerdì 7 febbraio 2003, Rhett Hermer ha scritto: > If djb doesn't want to improve qmail with all of those patches et al, then > what's stopping us to write new MTA based on qmail design? Is there any > restriction that I am not aware of? I don't think that anybody here want to write yet_another_mta, probably if somebody is unhappy with qmail it will pass to postfix. Regards. -- Davide Giunchi. Membro del FoLUG (Forlí Linux User Group) - http://folug.linux.it GPG Key available on http://www.keyserver.net Fingerprint: 4BFF 2682 6A58 ECFE 071B A1A4 F2A3 9EFA 6494 81FD
Re: [vchkpw] Re: Qmailadmin feature request
If djb doesn't want to improve qmail with all of those patches et al, then what's stopping us to write new MTA based on qmail design? Is there any restriction that I am not aware of? - Original Message - From: "Davide Giunchi" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, February 06, 2003 9:01 PM Subject: Re: [vchkpw] Re: Qmailadmin feature request > > Just out of genuine curiosity, were you actually seeing problems that > > required each of those patches? I've been running a > > qmail/vpopmail/sqwebmail/qmailadmin setup for the past year now and have > > yet to actually find need for a patch. > > There's a lot of needs that plain qmail doesn't suite our needs, i can tell > you someone: > > - spam prevention, with plain qmail do you have only badmailfrom+tcp.smtp+rbl. > some patches make qmail use badmailto to filter against destination, regex in > badmailfrom/badmail to block particular domain or name, tarpitting to make > large-isp with a lot of ip enabled to relaying not too much vulnerable to > spam. > - content filtering: with qmail you cannot pass all emails to an external > filter (like perl script) to customize/filter the messages. With content > filter i intend virus filtering too > - smtp-auth-relaying: useful for big lan with some external users > - smtp-after-pop: vpopmail feature that do this is good for small traffic > network, but when you have 100 or more concurrent connection to the pop3 you > cannot use binary file but you must use a database. > > I could tell some of other needs, but i think that this is enought. > > Regards. > > -- > Davide Giunchi. > Membro del FoLUG (Forlí Linux User Group) - http://folug.linux.it > GPG Key available on http://www.keyserver.net > Fingerprint: 4BFF 2682 6A58 ECFE 071B A1A4 F2A3 9EFA 6494 81FD > > > >
Re: [vchkpw] Re: Qmailadmin feature request
This has been an ongoing argument on the qmail list. Some 'purists' believe that there is no need for any patch apart from QMAILQUEUE which dan has indicated he will probably include in the next version. While I was initially sceptical about this I can see some logic in what they are saying. Take TLS for example, why not just use a wrapper rather than a patch? Anyway, for those who are interested there are plenty of pros and cons listed in the qmail archives. cheers, iain. On Fri, 7 Feb 2003 06:01, Davide Giunchi wrote: > > Just out of genuine curiosity, were you actually seeing problems that > > required each of those patches? I've been running a > > qmail/vpopmail/sqwebmail/qmailadmin setup for the past year now and have > > yet to actually find need for a patch. > > There's a lot of needs that plain qmail doesn't suite our needs, i can tell > you someone: > > - spam prevention, with plain qmail do you have only > badmailfrom+tcp.smtp+rbl. some patches make qmail use badmailto to filter > against destination, regex in badmailfrom/badmail to block particular > domain or name, tarpitting to make large-isp with a lot of ip enabled to > relaying not too much vulnerable to spam. > - content filtering: with qmail you cannot pass all emails to an external > filter (like perl script) to customize/filter the messages. With content > filter i intend virus filtering too > - smtp-auth-relaying: useful for big lan with some external users > - smtp-after-pop: vpopmail feature that do this is good for small traffic > network, but when you have 100 or more concurrent connection to the pop3 > you cannot use binary file but you must use a database. > > I could tell some of other needs, but i think that this is enought. > > Regards.
Re: [vchkpw] Re: Qmailadmin feature request
> I just use vpopmail and tcpserver here. Was that insufficient for your > needs or does the method you describe offer something more/different? I > have quite a few concurrent pop3 users (maybe 50-70, not 100 [yet]) and > maybe half of that in IMAP sessions but haven't run into any problems with > tcprules. The problem is with the common setup for qmail/vpopmail on big/medium servers, i mean: 2 (minimum) real server that offer smtp+pop3+webmail, 1 mysql server and 1 NFS server that share the /home/vpopmail/domains to the realserver. In this common case if you want that one client that authenticate in rs1 (real server 1) can relaying even in rs2, so you must put tcp.smtp(.cdb) in the NFS share, when you have a lot of connections the .cdb must be recompiled for every connection so this work vi NFS begin to get slow. If you have a lot of connection you can use the patch by Matt Simerson http://matt.simerson.net/computing/mail/ to make ucspi-tcp not use tcp.smtp but the mysql db. If you have only one qmail server (so local disk) or a SAN server the smtp-after-pop feature would not be a problem, but with a NAS (nfs servers) all this unnecessary network traffic could slow down the server. Regards. -- Davide Giunchi. Membro del FoLUG (Forlí Linux User Group) - http://folug.linux.it GPG Key available on http://www.keyserver.net Fingerprint: 4BFF 2682 6A58 ECFE 071B A1A4 F2A3 9EFA 6494 81FD
Re: [vchkpw] Re: Qmailadmin feature request
> - smtp-auth-relaying: useful for big lan with some external users > - smtp-after-pop: vpopmail feature that do this is good for small traffic > network, but when you have 100 or more concurrent connection to the pop3 > you cannot use binary file but you must use a database. I just use vpopmail and tcpserver here. Was that insufficient for your needs or does the method you describe offer something more/different? I have quite a few concurrent pop3 users (maybe 50-70, not 100 [yet]) and maybe half of that in IMAP sessions but haven't run into any problems with tcprules. Mind you I'm using courier-pop3d and courier-imapd instead of qmail-pop3d. Regards, Andrew
Re: [vchkpw] Re: Qmailadmin feature request
> Just out of genuine curiosity, were you actually seeing problems that > required each of those patches? I've been running a > qmail/vpopmail/sqwebmail/qmailadmin setup for the past year now and have > yet to actually find need for a patch. There's a lot of needs that plain qmail doesn't suite our needs, i can tell you someone: - spam prevention, with plain qmail do you have only badmailfrom+tcp.smtp+rbl. some patches make qmail use badmailto to filter against destination, regex in badmailfrom/badmail to block particular domain or name, tarpitting to make large-isp with a lot of ip enabled to relaying not too much vulnerable to spam. - content filtering: with qmail you cannot pass all emails to an external filter (like perl script) to customize/filter the messages. With content filter i intend virus filtering too - smtp-auth-relaying: useful for big lan with some external users - smtp-after-pop: vpopmail feature that do this is good for small traffic network, but when you have 100 or more concurrent connection to the pop3 you cannot use binary file but you must use a database. I could tell some of other needs, but i think that this is enought. Regards. -- Davide Giunchi. Membro del FoLUG (Forlí Linux User Group) - http://folug.linux.it GPG Key available on http://www.keyserver.net Fingerprint: 4BFF 2682 6A58 ECFE 071B A1A4 F2A3 9EFA 6494 81FD
Re: [vchkpw] Re: Qmailadmin feature request
> Just out of genuine curiosity, were you actually seeing problems that > required each of those patches? I've been running a > qmail/vpopmail/sqwebmail/qmailadmin setup for the past year now and have > yet to actually find need for a patch. Not problems per se, but rather features I would like to have in the MTA. Things like badrcptto and properly bouncing MIME messages are important, and TLS is always good to have. The patches like ext-todo and qmtpc help with scalability, while badrcptto, tarpit, nullenvsender, qmail-queue and so on help with antispam/antivirus. qmail is a damned fine MTA, as I am sure everyone on this list already knows. As most on this list also know, it does have several shortcomings with its operation "in the real world." DJB isn't interested in further maintaining a "perfect" MTA, hence the need for the patches. Regards, Andrew
Re: [vchkpw] Re: Qmailadmin feature request
> yes, patch upon patches... the same thing that other's qmail administrator > has done. For this reaseon i've proposed the project described in my > previous mail about this thread. Exactly. I'm saying I've _got_ a master patch that does this, and none of the patches in the master list are esoteric or goofy (IMO) -- it might be a good starting point. Regards, Andrew
RE: [vchkpw] Re: Qmailadmin feature request
> -Original Message- > From: Andrew Kohlsmith [mailto:[EMAIL PROTECTED]] > Sent: Thursday, February 06, 2003 11:44 AM > To: [EMAIL PROTECTED] > Subject: Re: [vchkpw] Re: Qmailadmin feature request > > > > > I believe you're using the wrong MTA if you don't like > patches. :-) > > > Qmail is the "a patchy mail server" of mail servers. > > > I keep hoping that will change sometime soon. :) I guess no-one has > > released a patch that everyone just can't do without though. > > I've put together a monster patch which is a composite of all > of these > patches: > > badmailunk > badrcptto > qmail-queue-patch > accept-5xx > conredirect > qmail-1.03-mfcheck.3.patch > qmail-103-bigdns > tarpit > ext_todo-20020504 > nullenvsender-recipcount > qmail-0.0.0.0 > qmail-1.03-qmtpc > qmail-bouncecontrol > qmail-1.03-tls > netscape-progress > qmail-send.mimeheaders > qmail-pop3d+vpomail > > So far, so good. :-) > > > That says a lot for qmail's original design, which I like. > > I agree. However there are a lot of little things (as seen > in the patchlist > above) which I wish would be rolled in to the next qmail > release. I don't > think that's going to happen, though. DJB seems happy with > qmail the way it > is and to be honest, any changes means he has to check it all > over again for > security. Not fun. > > Regards, > Andrew > Andrew, Just out of genuine curiosity, were you actually seeing problems that required each of those patches? I've been running a qmail/vpopmail/sqwebmail/qmailadmin setup for the past year now and have yet to actually find need for a patch. Regards, Robert
Re: [vchkpw] Re: Qmailadmin feature request
> qmail-0.0.0.0 > qmail-1.03-qmtpc > qmail-bouncecontrol > qmail-1.03-tls > netscape-progress > qmail-send.mimeheaders > qmail-pop3d+vpomail > yes, patch upon patches... the same thing that other's qmail administrator has done. For this reaseon i've proposed the project described in my previous mail about this thread. > I agree. However there are a lot of little things (as seen in the > patchlist above) which I wish would be rolled in to the next qmail release. > I don't think that's going to happen, though. DJB seems happy with qmail > the way it is and to be honest, any changes means he has to check it all > over again for security. Not fun. I'm agree too, qmail-1.03 has been relased in '98 and djb doesn't seem to want to modify or upgrade it, and if it will be update i don't think that will insert third-part patches... djb is very selective (and strange) about this. Regards. -- Davide Giunchi. Membro del FoLUG (Forlí Linux User Group) - http://folug.linux.it GPG Key available on http://www.keyserver.net Fingerprint: 4BFF 2682 6A58 ECFE 071B A1A4 F2A3 9EFA 6494 81FD
Re: [vchkpw] Re: Qmailadmin feature request
> > I believe you're using the wrong MTA if you don't like patches. :-) > > Qmail is the "a patchy mail server" of mail servers. > I keep hoping that will change sometime soon. :) I guess no-one has > released a patch that everyone just can't do without though. I've put together a monster patch which is a composite of all of these patches: badmailunk badrcptto qmail-queue-patch accept-5xx conredirect qmail-1.03-mfcheck.3.patch qmail-103-bigdns tarpit ext_todo-20020504 nullenvsender-recipcount qmail-0.0.0.0 qmail-1.03-qmtpc qmail-bouncecontrol qmail-1.03-tls netscape-progress qmail-send.mimeheaders qmail-pop3d+vpomail So far, so good. :-) > That says a lot for qmail's original design, which I like. I agree. However there are a lot of little things (as seen in the patchlist above) which I wish would be rolled in to the next qmail release. I don't think that's going to happen, though. DJB seems happy with qmail the way it is and to be honest, any changes means he has to check it all over again for security. Not fun. Regards, Andrew
Re: [vchkpw] Re: Qmailadmin feature request
I think that is time to create a "qmail GPL project" , "qmail megapatch project" or something similiar a big patch developed in gpl'd like project. The problem is that patching a qmail mail server is very common, and when you have to apply a lot of patch to the same source you can't do it automatically and you must adjust it by hand an headache So a project that will put all this useful patches in a big patch will be very very useful, i think that the patch allowed must be very selected to maintain the qmail code clean as from djb, and the best would be that the feature will be enabled or disabled via one control file. I'm not a C programmer but i will learn it expecially to modify qmail/inter7 tools to suite my needs (i work a lot with this programs) so i cannot mantain the project, but help with it. What do you think about it? I'd appreciate any suggestion. Regards > On Thursday 06 February 2003 11:04, Andrew Kohlsmith wrote: > > > And secondly, I don't like patches. > > > > I believe you're using the wrong MTA if you don't like patches. :-) > > Qmail is the "a patchy mail server" of mail servers. > > I keep hoping that will change sometime soon. :) I guess no-one has > released a patch that everyone just can't do without though. > > That says a lot for qmail's original design, which I like. > > > Regards, > > Andrew -- Davide Giunchi. Membro del FoLUG (Forlí Linux User Group) - http://folug.linux.it GPG Key available on http://www.keyserver.net Fingerprint: 4BFF 2682 6A58 ECFE 071B A1A4 F2A3 9EFA 6494 81FD
Re: [vchkpw] Re: Qmailadmin feature request
On Thursday 06 February 2003 11:04, Andrew Kohlsmith wrote: > > And secondly, I don't like patches. > > I believe you're using the wrong MTA if you don't like patches. :-) > Qmail is the "a patchy mail server" of mail servers. I keep hoping that will change sometime soon. :) I guess no-one has released a patch that everyone just can't do without though. That says a lot for qmail's original design, which I like. > > Regards, > Andrew -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net We are actively looking for companies that do a lot of long distance faxing and want to cut their long distance bill by up to 50%. Contact [EMAIL PROTECTED] for more info.
Re: [vchkpw] Re: Qmailadmin feature request
> And secondly, I don't like patches. I believe you're using the wrong MTA if you don't like patches. :-) Qmail is the "a patchy mail server" of mail servers. Regards, Andrew
Re: [vchkpw] Re: Qmailadmin feature request
> > Hey, one of my clients bought a domain which was previously held by > > someone else. This of course meant that lots and lots of spammers were > > sending mails to a couple addresses on that domain, and he'd like to be > > able to mark certain explicit addresses for bouncing, while retaining the > > functionality of having all other misdirected mails sent to the > > postmaster. In short, while he'd like to be receiving the folks who > > misspell his name, he'd very much like not to be getting the spam sent > > consistently to a certain pair of addresses which no longer exist at his > > domain. > What I would like to see is a update made to the qmail smtp daemon > so it will look up the email account and return a "failure 500" message. > Then by default, the email addresses that don't match would be > failed and "hopefully" cleaned from the bulk mail lists. There already is a "badrcptto" patch for qmail. I have it in my mail server, along with TLS, some mime bounce fixes and so on. I believe it is located at http://patch.be/qmail/badrcptto.html. Regards, Andrew
Re: [vchkpw] Re: Qmailadmin feature request
On Thursday 06 February 2003 01:49, Ken Jones wrote: > On Wednesday 05 February 2003 18:22, you wrote: > It would be great if you knew of any C programmers with a few > hours to spare. then we could hook vpopmail into qmail-smtpd > and block the email right at the front door. I know C, and I occasionally have time to spare, but I don't know qmail, so it would take a long time to work out. Frankly, I think you're the most qualified person to undertake a job like that, Ken, since you wrote vpopmail. And secondly, I don't like patches. -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net We are actively looking for companies that do a lot of long distance faxing and want to cut their long distance bill by up to 50%. Contact [EMAIL PROTECTED] for more info.
[vchkpw] Re: Qmailadmin feature request
Hello Ken, On Thursday, February 6, 2003 at 7:49:33 AM you [KJ] wrote (at least in part): > It would be great if you knew of any C programmers with a few > hours to spare. then we could hook vpopmail into qmail-smtpd > and block the email right at the front door. You might have missed it, but there already is something like this that could maybe be used as a point to start at: http://www.interazioni.it/qmail/ It's written by "tonix" and was already mentioned some times. -- Best regards Peter Palmreuther Darwin's Law of Carcinogens: Cancer cures smoking.
[vchkpw] Re: Qmailadmin feature request
On Wednesday 05 February 2003 18:22, you wrote: > Hey, one of my clients bought a domain which was previously held by someone > else. This of course meant that lots and lots of spammers were sending > mails to a couple addresses on that domain, and he'd like to be able to > mark certain explicit addresses for bouncing, while retaining the > functionality of having all other misdirected mails sent to the postmaster. > In short, while he'd like to be receiving the folks who misspell his name, > he'd very much like not to be getting the spam sent consistently to a > certain pair of addresses which no longer exist at his domain. > > Has this feature been previously proposed? Or more importantly, might it > stand a chance of being implemented? What I would like to see is a update made to the qmail smtp daemon so it will look up the email account and return a "failure 500" message. Then by default, the email addresses that don't match would be failed and "hopefully" cleaned from the bulk mail lists. One natural, automatic fallout of the above design is that people who send email to his mispelled email address will get a message back saying the name was misspelled. That usually is good enough. A current fix you can make is to create a .qmail-"username" file where "username" is from a list of the couple of email addresses regularly spammed. Just put a "#" character in the file. Make sure it is owned by vpopmail.vchkpw and you are all set. qmail will just delete the email automatically. usually this fix is enough so the user is happy and they don't call back for another fix. It would be great if you knew of any C programmers with a few hours to spare. then we could hook vpopmail into qmail-smtpd and block the email right at the front door. -- - Ken Jones
