Re: [vchkpw] Re: roaming users
Alex, Jeremy, Michael and the rest, I just have to say that I have belonged to a number of email lists and this has to be the best one for signal to noise ratio. That being said, further investigations have lead me to some discoveries. I will share them with you briefly because the symptoms were a little confusing and lead me to think the problem was something other than what it actually is. This is one for the trouble shooting list that seems right up there with Is it plugged in? 1) After further testing I was able to determine that my smtp after pop3 auth is working fine. 2) After questioning the owner of one lovely little cafe he gave me the email to his network person. He was able to quickly determine the root of the problem. The public network that I use when I am out at lovely little cafe's is personaltelco.net. personaltelco.net blocks outgoing traffic to port 25 on any machine in the world. They do this for good reason. Spam control. By blocking outgoing smtp traffic on all of their public nodes they eliminate the possibility of some less than honorable people sending out masses of UCE's through open/broken relays. 3) This network person thanked me for my information and is now informing personaltelco.net that one of their nodes is broken and ALLOWING outgoing smtp traffic. Personaltelco is fixing that since they don't want a bunch of spammers wearing Rush Limbaugh lapel pins sucking up their bandwidth and getting them listed in an rbl. Possible Solutions: 1) Destroy all spammers and take back our network 2) Write a small proxy listener that I can connect to and forward the traffic to my smtp server. 3) Continue being happy using my sqwebmail install when I am out a lovely little cafes Of the possible solutions 3 seems to be the easiest, 2 will be the one that I will probably do and 1 seems like the funnest. Sorry for the noise and thanks for the help. I guess you learn something everyday. I've got to get back to work. sparky
Re: [vchkpw] Re: roaming users
On Wednesday 25 February 2004 1:47 pm, davila wrote: Alex, Jeremy, Michael and the rest, I just have to say that I have belonged to a number of email lists and this has to be the best one for signal to noise ratio. That being said, further investigations have lead me to some discoveries. I will share them with you briefly because the symptoms were a little confusing and lead me to think the problem was something other than what it actually is. This is one for the trouble shooting list that seems right up there with Is it plugged in? 1) After further testing I was able to determine that my smtp after pop3 auth is working fine. 2) After questioning the owner of one lovely little cafe he gave me the email to his network person. He was able to quickly determine the root of the problem. The public network that I use when I am out at lovely little cafe's is personaltelco.net. personaltelco.net blocks outgoing traffic to port 25 on any machine in the world. They do this for good reason. Spam control. By blocking outgoing smtp traffic on all of their public nodes they eliminate the possibility of some less than honorable people sending out masses of UCE's through open/broken relays. 3) This network person thanked me for my information and is now informing personaltelco.net that one of their nodes is broken and ALLOWING outgoing smtp traffic. Personaltelco is fixing that since they don't want a bunch of spammers wearing Rush Limbaugh lapel pins sucking up their bandwidth and getting them listed in an rbl. Possible Solutions: 1) Destroy all spammers and take back our network 2) Write a small proxy listener that I can connect to and forward the traffic to my smtp server. 3) Continue being happy using my sqwebmail install when I am out a lovely little cafes Of the possible solutions 3 seems to be the easiest, 2 will be the one that I will probably do and 1 seems like the funnest. Option 4: run an additional smtp tcpserver on port 587 ( mail message submission ) Most likely they are not blocking port 587 Ken Jones
[vchkpw] Re: roaming users
OR as Ken suggests I could just make my life easier and follow standard conventions. ;-) Ken Jones writes: On Wednesday 25 February 2004 1:47 pm, davila wrote: Alex, Jeremy, Michael and the rest, I just have to say that I have belonged to a number of email lists and this has to be the best one for signal to noise ratio. That being said, further investigations have lead me to some discoveries. I will share them with you briefly because the symptoms were a little confusing and lead me to think the problem was something other than what it actually is. This is one for the trouble shooting list that seems right up there with Is it plugged in? 1) After further testing I was able to determine that my smtp after pop3 auth is working fine. 2) After questioning the owner of one lovely little cafe he gave me the email to his network person. He was able to quickly determine the root of the problem. The public network that I use when I am out at lovely little cafe's is personaltelco.net. personaltelco.net blocks outgoing traffic to port 25 on any machine in the world. They do this for good reason. Spam control. By blocking outgoing smtp traffic on all of their public nodes they eliminate the possibility of some less than honorable people sending out masses of UCE's through open/broken relays. 3) This network person thanked me for my information and is now informing personaltelco.net that one of their nodes is broken and ALLOWING outgoing smtp traffic. Personaltelco is fixing that since they don't want a bunch of spammers wearing Rush Limbaugh lapel pins sucking up their bandwidth and getting them listed in an rbl. Possible Solutions: 1) Destroy all spammers and take back our network 2) Write a small proxy listener that I can connect to and forward the traffic to my smtp server. 3) Continue being happy using my sqwebmail install when I am out a lovely little cafes Of the possible solutions 3 seems to be the easiest, 2 will be the one that I will probably do and 1 seems like the funnest. Option 4: run an additional smtp tcpserver on port 587 ( mail message submission ) Most likely they are not blocking port 587 Ken Jones
Re: [vchkpw] Re: roaming users
davila wrote: 1) Destroy all spammers and take back our network 2) Write a small proxy listener that I can connect to and forward the traffic to my smtp server. 3) Continue being happy using my sqwebmail install when I am out a lovely little cafes Of the possible solutions 3 seems to be the easiest, 2 will be the one that I will probably do and 1 seems like the funnest. Sorry for the noise and thanks for the help. I guess you learn something everyday. I've got to get back to work. Actually, 1 is the best, if you can figure out how to do it. Hopefully something that gives them as much grief in their last few minutes of life as they have spread to the rest of the world! 2 isn't as hard as it seems at first. Just start a second instance of SMTP on a different port, and configure your mail client to send to that port. I used 24, and am able to slip mail out past my ISP that is also blocking port 25. (Which is a good idea IMHO. It stops all the mail servers that are built into the latest viruses.) Just copy your SMTP run script into a new directory, (possibly in /var/qmail/supervise) change 25 to 24 and link it to /services. It will still respect your settings for things like roaming users as long as you only change the port. Then there is #4, find out what outgoing mail server they are using, and point your mail client at it. The problem is you may have to change your outgoing mail settings a lot. I've recommended this to my clients for a long time. I have web hosting and incoming mail, but my clients access the internet through someone else. I have them point pop/imap at my server, and SMTP at their ISP's server. Rick
[vchkpw] Re: roaming users
Rick Great! I found exactly what you were talking about and indeed the ip addresses are there. I checked cron and the clearopensmtp job is there. I ran clearopensmtp by hand and it did not clear the file /home/vpopmail/etc/open-smtp I cleared the open-smtp file by hand and tried to send from my laptop rather than sqwebmail and still no dice. I have yet to read the docs for clearopensmtp. That may not be working correctly due to misconfiguration. Now that I know where to look I should beable to knock this one out quickly. Thanks for the help! sparky Rick Widmer writes: davila wrote: 1) there must be some way to clear that cache (if it exsists) ~vpopmail/bin/clearopensmtp does that job. Somewhere in your install instructions you should be adding that to crontab so it is run periodically. 2) I don't fully understand the concept of roaming users in vpopmail If you add --enable-roaming-users when you comile vpopmail, vdelivermail will add the IP address of mail users that successfully login to check mail to a list. (~vpopmail/etc/open_smtp) That list is combined with another list of clients that is always allowed to relay. (I don't remember right now where that list is kept. My base mail setup doesn't change much.) The combined lists ends up in a cdb file (~vpopmail/etc/tcp.smtp.cdb) which is used to decide if an incoming smtp request will be allowed. (Your file names may be different.) 3) there is some configuration bit that I missed that will when used allow me to send email from many lovely little cafes which are much closer to my house. If old entries are not removed, you are probably missing the cron job. If new entries are not being added, are you sure you are really using the right vdelivermail binary? If the binary is right maybe you have mixed two different sets of installation instructions. Different people put things in different places in their toasters, so you may not be able to mix them. To address these things I am asking: 1) If the cache does exsist where is the documention that tells me how to clear it? There isn't a lot of documentation... or there is a lot of documentation on the individual parts, but not much on how it all fits together. The biggest problem with Qmail is that it works so well, when there is a problem, I don't remember anything about how to set it up and I have to learn it all over. 2) If its possible to have roaming users to use variable ip addresses where is the documentation for that? It is possible. I mostly used Bill Shupp's patches and toaster, but I use CDB instead of MySQL, so I had to change a few things. http://www.shupp.org/ Rick
Re: [vchkpw] Re: roaming users
On Tue, 2004-02-24 at 18:33, davila wrote: Rick Great! I found exactly what you were talking about and indeed the ip addresses are there. I checked cron and the clearopensmtp job is there. I ran clearopensmtp by hand and it did not clear the file /home/vpopmail/etc/open-smtp I cleared the open-smtp file by hand and tried to send from my laptop rather than sqwebmail and still no dice. none of that should have any impact on your ability to connect to port 25. what are the contents of the ~vpopmail/etc/tcp.smtp file also, what ISP is your mail server on, and what ISP are you trying to connect to it from? -Jeremy -- Jeremy Kitchen Systems Administrator [EMAIL PROTECTED] Kitchen @ #qmail on EFNet - Join the party! . Inter7 Internet Technologies, Inc. www.inter7.com 866.528.3530 toll free 847.492.0470 int'l 847.492.0632 fax GNUPG key ID: 93BDD6CE
Re: [vchkpw] Re: roaming users
On Tue, 2004-02-24 at 19:02, Alex Martin wrote: davila wrote: I checked cron and the clearopensmtp job is there. I ran clearopensmtp by hand and it did not clear the file /home/vpopmail/etc/open-smtp I cleared the open-smtp file by hand and tried to send from my laptop rather than sqwebmail and still no dice. I have yet to read the docs for clearopensmtp. That may not be working correctly due to misconfiguration. Now that I know where to look I should beable to knock this one out quickly. I might guess that your /etc/tcp.smtp is not getting compiled into /etc/tcp.smtp.cdb. Usually this is done with '/usr/sbin/qmailctl cdb'. I am not familiar with roaming users but I believe that this tcp control system is used. See http://cr.yp.to/ucspi-tcp/tcpserver.html This is of course assuming you are using ucspi-tcp and probably daemontools. and whatever 'toaster' includes '/usr/sbin/qmailctl' remember, any 'qmailctl' file is NOT part of the standard qmail distribution, and may be COMPLETELY different from 'toaster' to 'toaster'. Do not assume that someone has the exact same set up as you, I try to be as general as possible with my advice so that I'm telling you exactly what you need to do, so long as you know how you have your system configured (which you should) Still though, the advice that has been given (at least what I have read so far) is off track of the problem. The problem is not that he can't relay, the problem is that he can't CONNECT. vpopmail's roaming-users support would have no impact on this, unless the default rule for the tcprules file being used for smtp is to deny the connection. -Jeremy -- Jeremy Kitchen Systems Administrator [EMAIL PROTECTED] Kitchen @ #qmail on EFNet - Join the party! . Inter7 Internet Technologies, Inc. www.inter7.com 866.528.3530 toll free 847.492.0470 int'l 847.492.0632 fax GNUPG key ID: 93BDD6CE
Re: [vchkpw] Re: roaming users
Hello, I might guess that your /etc/tcp.smtp is not getting compiled into /etc/tcp.smtp.cdb. Usually this is done with '/usr/sbin/qmailctl cdb'. I am not familiar with roaming users but I believe that this tcp control system is used. See http://cr.yp.to/ucspi-tcp/tcpserver.html This is of course assuming you are using ucspi-tcp and probably daemontools. and whatever 'toaster' includes '/usr/sbin/qmailctl' Sorry, I hadn't considered how unique this script is on my toaster. It originally came from Dave Sill's Life With Qmail. snip qmailctl script tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp /etc/tcp.smtp chmod 644 /etc/tcp.smtp.cdb echo Reloaded /etc/tcp.smtp. snip remember, any 'qmailctl' file is NOT part of the standard qmail distribution, and may be COMPLETELY different from 'toaster' to 'toaster'. Of course. I did assume though that considering he is using vpopmail that he followed this relatively standard toaster setup. Still though, the advice that has been given (at least what I have read so far) is off track of the problem. The problem is not that he can't relay, the problem is that he can't CONNECT. vpopmail's roaming-users support would have no impact on this, unless the default rule for the tcprules file being used for smtp is to deny the connection. I reread this and I think you are correct, I missed this. A default deny rule seems like it would explain this behavior. davila are you lurking? Alex Martin http://www.rettc.com
Re: [vchkpw] Re: roaming users
On Tue, 2004-02-24 at 20:00, Alex Martin wrote: Sorry, I hadn't considered how unique this script is on my toaster. It originally came from Dave Sill's Life With Qmail. snip qmailctl script tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp /etc/tcp.smtp chmod 644 /etc/tcp.smtp.cdb echo Reloaded /etc/tcp.smtp. snip that's more like it ;) remember, any 'qmailctl' file is NOT part of the standard qmail distribution, and may be COMPLETELY different from 'toaster' to 'toaster'. Of course. I did assume though that considering he is using vpopmail that he followed this relatively standard toaster setup. lots of 'toasters' are adding 'qmailctl' scripts. I even saw one that started/stopped svscan to control qmail. One would hope that he had the sense to follow LWQ, however, that is unfortunately not always the case. In fact, most people who have problems AREN'T using LWQ, and that's probably why they have problems ;) davila are you lurking? reminds me of irc :) [00:00:05] *** Joins #vpopmail - random_person [00:00:08] random_person hey guys, I've got a question [00:00:15] *** Quits - random_person (quit: leaving) -Jeremy -- Jeremy Kitchen Systems Administrator [EMAIL PROTECTED] Kitchen @ #qmail on EFNet - Join the party! . Inter7 Internet Technologies, Inc. www.inter7.com 866.528.3530 toll free 847.492.0470 int'l 847.492.0632 fax GNUPG key ID: 93BDD6CE
