Re: [vchkpw] Two qmails in same machine
*yaawwnnn* Christopher Chan wrote: Quey wrote: ed wrote: On Fri, 09 Nov 2007 09:53:31 +1000 Quey [EMAIL PROTECTED] wrote: P.S. does 'wizzard' work on your sendmail? whats wizzard? I've heard of it, but I've heard of several things called wizzrd, each to their own. It's a shell exploit for sendmail. Some versions of sendmail shipped with the wizzard command, it was a built in back door. ah right I knew i heard of it, yes, wizard was a lame thing, but of course that was back in hte days when qmail was actually still being written by daniel, anyone running a version of sendmail from 2000 DESERVES anything and everything they get :) ...don't forget the bunch of exploits in 8.12.x between 2002 and 2003. I certainly won't. anyone running plain qmail from that same era also likewise deserves everything they get (backchatter anyoneG) you mean backscatter? !DSPAM:473a3eaf32001455814016!
Re: [vchkpw] Two qmails in same machine
ed wrote: On Fri, 09 Nov 2007 09:53:31 +1000 Quey [EMAIL PROTECTED] wrote: P.S. does 'wizzard' work on your sendmail? whats wizzard? I've heard of it, but I've heard of several things called wizzrd, each to their own. It's a shell exploit for sendmail. Some versions of sendmail shipped with the wizzard command, it was a built in back door. ah right I knew i heard of it, yes, wizard was a lame thing, but of course that was back in hte days when qmail was actually still being written by daniel, anyone running a version of sendmail from 2000 DESERVES anything and everything they get :) anyone running plain qmail from that same era also likewise deserves everything they get (backchatter anyoneG) !DSPAM:4738079e32001284511288!
Re: [vchkpw] Two qmails in same machine
Christopher Chan wrote: Quey wrote: ed wrote: I think you should off load the processing work. Look into running a remote clamd/spamassing, or setup multiple mail hubs jms has a guide on that at http://qmail.jms1.net I agree he needs to offload, but the jms1 way seems very cumbersome. We have sendmail boxes as front line, that do all the pre-connect tests easily without adding in 35 patches like we have to make qmail modern-ish and then anti virus/spam/phishing/etc tests, one important factor is the milter smf-sav which asks the database server (we call) qmaster (a vpopmail/mysql db server) if user exists to avoid backchatter, if it does, then sendmail sends to qrouter which is a simple qmail/vpopmail install that accepts the mail and puts it into the users dir (which are NFS attached) all the nfs stuff and qmaster and qrouter all operate on pvt address space, on second gbit port for added protection, but of course could be run on live net interfaces if you dont have the option of dual ethernet. What do you use for recipient verification on sendmail? milter-sav (in recipient mode only) the rest wont be commented on, since it'll be mine is bigger than yours BS and Rick has already ruled postfix/sendmail comments clearly OT and not tolerated. !DSPAM:4738084e32001006311424!
Re: [vchkpw] Two qmails in same machine
All that is needed is identical assign, rcpthosts and virtualdomains files for mail delivery and acceptance. Patched qmails may or may not need a bit more. I am retracting this comment if the setup is for one qmail instance to pass the mail to another qmail instance instead of both delivering to vpopmail. !DSPAM:4737c92e32001657985750!
Re: [vchkpw] Two qmails in same machine
Both qmail-smtpd instances can share the tcp.smtp.cdb file without trouble. Now that you actually brought up routing...I see that I have made a mistake. You must do your scanning with the /var/qmail instance or which ever vpopmail does it changes on. The other qmail instance must be the one that faces the internet. That should share the same rcpthosts file with the vpopmail supported qmail. Then you setup smtproutes to point all the domains to the scanning instance (/var/qmail). I have not looked at John's patches but I suspect you might need something else for recipient verification on the Internet facing instance...does your vpopmail installation support mysql? John Simpson's validrcppto will handle user verification provided you build the cdb file with his mkvalidrcptto script for the Internet facing qmail instance if your vpopmail does not use mysql. Also, the scanner instance will then not need recipient verification support at all. !DSPAM:4737ce2132001692820061!
Re: [vchkpw] Two qmails in same machine
OK then so I could have a box in wich I do... take qmail sources and patch them with johns (great and nice) patch... make setup check and ./config-fast fqdn after this after this change /var/qmail for /var/qmail-scanning-server in conf-local... and again ./config-fast fqdn after this setup proper supervise scripts and I could share between two qmails vpopmail (and his ddbb), tcp.smtp.cdb file and all and only have to be careful that when I add a domain with vpopmail or anything else to rsync files modified by vpopmail in users for Internet qmail... and in internet qmail to have smtproutes file throwing all mail passed rcpt to check (that will be of course on Internet server) to localhost listening qmail server that scans mail... then this is all? am I wrong? and that's it??¿ there's no any known reason because this could crash... I mean there's no specification by John Simpson or Dan Bernstein that this shouldn't done then? Thanks a lot thruthly P.D. If this works great I'll share with you it, make some howto, or scripts for syncing qmail control directories or... :) So I have think that I could compile qmail one time and copy to two different locations for example /var/qmail and /var/qmail-scanning-server... is this possible? and is this possible without having two different vpopmails? two different databases for smtp auth... (Internet qmail scanner will be relay too) two differents tcp rules file... so could I share everything between them? What do you think about this idea have just had? You cannot compile qmail one time and install in two locations. You need to change conf-qmail for the second installation. After make setup check of the first install, do 'echo /var/qmail-scanning-server conf-qmail; make setup check' Nor do you need two different vpopmails. They can share the same databases...the problem really is keeping the configuration files in sync or just symlink /var/qmail-scanning-server/users/assign to /var/qmail/users/assign and other files that vpopmail touches. !DSPAM:473428ac32007128935933!
Re: [vchkpw] Two qmails in same machine
On Friday 09 November 2007 04:52:16 am [EMAIL PROTECTED] wrote: OK then so I could have a box in wich I do... take qmail sources and patch them with johns (great and nice) patch... make setup check and ./config-fast fqdn after this after this change /var/qmail for /var/qmail-scanning-server in conf-local... and again ./config-fast fqdn Close, but this will actually not work. The value in conf-qmail gets compiled in, so you need to do a make clean; make setup check again after changing it. My suggestion is that you actually keep 2 copies of your qmail source tree in case you need to recompile for whatever reason, that way you know you're rebuilding the correct one... after this setup proper supervise scripts and I could share between two qmails vpopmail (and his ddbb), tcp.smtp.cdb file and all and only have to be careful that when I add a domain with vpopmail or anything else to rsync files modified by vpopmail in users for Internet qmail... and in internet qmail to have smtproutes file throwing all mail passed rcpt to check (that will be of course on Internet server) to localhost listening qmail server that scans mail... then this is all? am I wrong? and that's it??¿ there's no any known reason because this could crash... I mean there's no specification by John Simpson or Dan Bernstein that this shouldn't done then? Multiple qmails using one vpopmail isn't something I've done, but multiple qmails on one box is something many people have done, including myself. There's no reason I can think of that sharing vpopmail would be a problem as long as you had all the right config files in place. Josh -- Joshua Megerman SJGames MIB #5273 - OGRE AI Testing Division You can't win; You can't break even; You can't even quit the game. - Layman's translation of the Laws of Thermodynamics [EMAIL PROTECTED] !DSPAM:47345d2932006435332393!
[vchkpw] Two qmails in same machine
Hi, I'm gonna setup a qmail mailserver for mailscanning for a huge site... I have think that setting a qmail with qmail-scanner for real time scanning could be too slow because perhaps could arrive there... don't know 300 simultaneos mails.. so I think that could be better to setup a qmail-mail-server that only does rcpt checks and mfchecks in the Internet site and another qmail server not listening in internet interface that makes mail scanning in a reasonable time and in a reasonable number of simultaneous scans... (don't know 50 simultaneous for example...). The internet qmail server will pass from for example 50 to 50 mails to scanning qmail server... and this last to pass to they're respective mailservers... it's only going to be a scanning mailserver... So I have think that I could compile qmail one time and copy to two different locations for example /var/qmail and /var/qmail-scanning-server... is this possible? and is this possible without having two different vpopmails? two different databases for smtp auth... (Internet qmail scanner will be relay too) two differents tcp rules file... so could I share everything between them? What do you think about this idea have just had? Thanks a lot mates :) !DSPAM:4733037d32001973881648!
Re: [vchkpw] Two qmails in same machine
On Thu, 8 Nov 2007 15:47:53 +0100 (CET) [EMAIL PROTECTED] wrote: Thanks a lot Ed! here it sais how to setup a mail system in wich you can have one scanning machine and a mailbox server.. this is what I'm trying to do... but this won't be very helpful for me in this time because the mailbox server it's not qmail.. so there is no sense on passing him rcptto.cdb or other control files... and when I have a mail hub I have this document does but other way... my problem is not... how to share info between qmails to work... my main problem is how to handle the max incomming traffic as possible and with minimum machine... and I have thought that idea... thanks a lot anyway mate :) If you have just one box then you're screwed because you cant magic the processor time. If you have greater than one box the think of ways to get virus processing away form the box that receives the mail, perhaps if you're in an office lan, then deploy a virtual IP address protocol, so that one of the workstations can handle the virus scanning process at that time... might be interesting. Clamd can work over TCP/IP, IIRC, so too can spamassassin... Perhaps run dedicated servers for these elsewhere. I don't know your setup, so anything is possible really. -- The Teletype machine to the bathroom is doing the twist because of the Dali-Lama. Sun Microsystems is quitting. :: http://www.s5h.net/ :: http://www.s5h.net/gpg signature.asc Description: PGP signature !DSPAM:4733217332004705251552!
Re: [vchkpw] Two qmails in same machine
On Thu, 8 Nov 2007 14:01:07 +0100 (CET) [EMAIL PROTECTED] wrote: I'm gonna setup a qmail mailserver for mailscanning for a huge site... I have think that setting a qmail with qmail-scanner for real time scanning could be too slow because perhaps could arrive there... don't know 300 simultaneos mails.. so I think that could be better to setup a qmail-mail-server that only does rcpt checks and mfchecks in the Internet site and another qmail server not listening in internet interface that makes mail scanning in a reasonable time and in a reasonable number of simultaneous scans... (don't know 50 simultaneous for example...). The internet qmail server will pass from for example 50 to 50 mails to scanning qmail server... and this last to pass to they're respective mailservers... it's only going to be a scanning mailserver... So I have think that I could compile qmail one time and copy to two different locations for example /var/qmail and /var/qmail-scanning-server... is this possible? and is this possible without having two different vpopmails? two different databases for smtp auth... (Internet qmail scanner will be relay too) two differents tcp rules file... so could I share everything between them? What do you think about this idea have just had? I think you should off load the processing work. Look into running a remote clamd/spamassing, or setup multiple mail hubs jms has a guide on that at http://qmail.jms1.net -- The 5 1/4 Floppy Drive to the gas station is smelling funky because of Brian Bird. OneMain.com is crank calling George W Bush. :: http://www.s5h.net/ :: http://www.s5h.net/gpg signature.asc Description: PGP signature !DSPAM:4733184632002077116758!
Re: [vchkpw] Two qmails in same machine
On Thu, 8 Nov 2007 14:01:07 +0100 (CET) [EMAIL PROTECTED] wrote: I'm gonna setup a qmail mailserver for mailscanning for a huge site... I have think that setting a qmail with qmail-scanner for real time scanning could be too slow because perhaps could arrive there... don't know 300 simultaneos mails.. so I think that could be better to setup a qmail-mail-server that only does rcpt checks and mfchecks in the Internet site and another qmail server not listening in internet interface that makes mail scanning in a reasonable time and in a reasonable number of simultaneous scans... (don't know 50 simultaneous for example...). The internet qmail server will pass from for example 50 to 50 mails to scanning qmail server... and this last to pass to they're respective mailservers... it's only going to be a scanning mailserver... So I have think that I could compile qmail one time and copy to two different locations for example /var/qmail and /var/qmail-scanning-server... is this possible? and is this possible without having two different vpopmails? two different databases for smtp auth... (Internet qmail scanner will be relay too) two differents tcp rules file... so could I share everything between them? What do you think about this idea have just had? I think you should off load the processing work. Look into running a remote clamd/spamassing, or setup multiple mail hubs jms has a guide on that at http://qmail.jms1.net -- The 5 1/4 Floppy Drive to the gas station is smelling funky because of Brian Bird. OneMain.com is crank calling George W Bush. :: http://www.s5h.net/ :: http://www.s5h.net/gpg Thanks a lot Ed! here it sais how to setup a mail system in wich you can have one scanning machine and a mailbox server.. this is what I'm trying to do... but this won't be very helpful for me in this time because the mailbox server it's not qmail.. so there is no sense on passing him rcptto.cdb or other control files... and when I have a mail hub I have this document does but other way... my problem is not... how to share info between qmails to work... my main problem is how to handle the max incomming traffic as possible and with minimum machine... and I have thought that idea... thanks a lot anyway mate :) !DSPAM:47331c8032009427817746!
Re: [vchkpw] Two qmails in same machine
On Thu, 8 Nov 2007 14:01:07 +0100 (CET) [EMAIL PROTECTED] wrote: I'm gonna setup a qmail mailserver for mailscanning for a huge site... I have think that setting a qmail with qmail-scanner for real time scanning could be too slow because perhaps could arrive there... don't know 300 simultaneos mails.. so I think that could be better to setup a qmail-mail-server that only does rcpt checks and mfchecks in the Internet site and another qmail server not listening in internet interface that makes mail scanning in a reasonable time and in a reasonable number of simultaneous scans... (don't know 50 simultaneous for example...). The internet qmail server will pass from for example 50 to 50 mails to scanning qmail server... and this last to pass to they're respective mailservers... it's only going to be a scanning mailserver... So I have think that I could compile qmail one time and copy to two different locations for example /var/qmail and /var/qmail-scanning-server... is this possible? and is this possible without having two different vpopmails? two different databases for smtp auth... (Internet qmail scanner will be relay too) two differents tcp rules file... so could I share everything between them? What do you think about this idea have just had? I think you should off load the processing work. Look into running a remote clamd/spamassing, or setup multiple mail hubs jms has a guide on that at http://qmail.jms1.net Not only that, but I would look into an alternative to qmail-scanner. It's a great package (and the one I started using to do virus scanning way back when), but the overhead of launching perl for each scan can be a killer. This is especially true if your concern is about lots of messages at once. I'd suggest looking at a compiled queue replacement program, like simscan or qmail-scanner (I've used both - I currently use simscan, but only because it's still being developed and I'd like to eventually use it for spam scanning as well). Also, if you don't do the virus scanning at the initial SMTP level, you end up bouncing viruses... Josh P.S. One last hint: put you scanning directory on a ramdisk - it speeds things up a ton! Joshua Megerman SJGames MIB #5273 - OGRE AI Testing Division You can't win; You can't break even; You can't even quit the game. - Layman's translation of the Laws of Thermodynamics [EMAIL PROTECTED] !DSPAM:473322fd32009061814407!
Re: [vchkpw] Two qmails in same machine
On Thu, 08 Nov 2007 08:52:57 -0600 Rick Romero [EMAIL PROTECTED] wrote: Not entirely, If the main issue is timeouts during SMTP, he can move his scanning to '127.0.0.1', and remove it from his external IP. That will ensure he can receive an email from the outside in its entirety. He can throttle connections to 127.0.0.1 to prevent overload, and he won't bounce mail due to SMTP timeouts. You don't want to lose a/v scanning on your external IP, so another qmail install, with spam-only qmail-scanner, would be the cheapest solution. Why not? Moving it to a pool of AV scanning boxes would be a good idea. I'm not suggesting that the caller be moved, but the work is moved. So the MX gets the mail, but uses the clam client to talk to a clam server that's in a pool... somewhere. That would seem to be a good use of resources to me. The resource pool could be a loadbalancer for example, if one works with an office LAN that would be a good use of boxes that are doing nothing more than running a xscreensaver. -- The SCSI Controller to Toshi Station is sending 11 because of the newbie thinking 'halt' means 'exit'. Valve Software is RNA. :: http://www.s5h.net/ :: http://www.s5h.net/gpg signature.asc Description: PGP signature !DSPAM:47332bfe32001437679716!
Re: [vchkpw] Two qmails in same machine
On Thu, 2007-11-08 at 14:47 +, ed wrote: On Thu, 8 Nov 2007 15:47:53 +0100 (CET) [EMAIL PROTECTED] wrote: Thanks a lot Ed! here it sais how to setup a mail system in wich you can have one scanning machine and a mailbox server.. this is what I'm trying to do... but this won't be very helpful for me in this time because the mailbox server it's not qmail.. so there is no sense on passing him rcptto.cdb or other control files... and when I have a mail hub I have this document does but other way... my problem is not... how to share info between qmails to work... my main problem is how to handle the max incomming traffic as possible and with minimum machine... and I have thought that idea... thanks a lot anyway mate :) If you have just one box then you're screwed because you cant magic the processor time. Not entirely, If the main issue is timeouts during SMTP, he can move his scanning to '127.0.0.1', and remove it from his external IP. That will ensure he can receive an email from the outside in its entirety. He can throttle connections to 127.0.0.1 to prevent overload, and he won't bounce mail due to SMTP timeouts. You don't want to lose a/v scanning on your external IP, so another qmail install, with spam-only qmail-scanner, would be the cheapest solution. If you have greater than one box the think of ways to get virus processing away form the box that receives the mail, perhaps if you're in an office lan, then deploy a virtual IP address protocol, so that one of the workstations can handle the virus scanning process at that time... might be interesting. I'd try simscan as well, it's a bit faster than qmail-scanner. But Ed really is right - the ultimate solution is more hardware. I now have a machine dedicated to only doing SpamAssassin scans... Rick !DSPAM:4733248632007426914367!
Re: [vchkpw] Two qmails in same machine
On Thu, 2007-11-08 at 17:20 +0100, [EMAIL PROTECTED] wrote: On Thu, 08 Nov 2007 08:52:57 -0600 Rick Romero [EMAIL PROTECTED] wrote: Not entirely, If the main issue is timeouts during SMTP, he can move his scanning to '127.0.0.1', and remove it from his external IP. That will ensure he can receive an email from the outside in its entirety. He can throttle connections to 127.0.0.1 to prevent overload, and he won't bounce mail due to SMTP timeouts. You don't want to lose a/v scanning on your external IP, so another qmail install, with spam-only qmail-scanner, would be the cheapest solution. Why not? Moving it to a pool of AV scanning boxes would be a good idea. I'm not suggesting that the caller be moved, but the work is moved. So the MX gets the mail, but uses the clam client to talk to a clam server that's in a pool... somewhere. That would seem to be a good use of resources to me. The resource pool could be a loadbalancer for example, if one works with an office LAN that would be a good use of boxes that are doing nothing more than running a xscreensaver. -- The SCSI Controller to Toshi Station is sending 11 because of the newbie thinking 'halt' means 'exit'. Valve Software is RNA. :: http://www.s5h.net/ :: http://www.s5h.net/gpg Hi! Perhaps I should have said that this server will be housed and that I can't set more than one server because of the cost... so I needed to do something as this... but don't know if it would work or could have problems... I assume not.. because is the same way than setting a ssl smtp on port 465.. it shares everything with qmails 25 port server... but I needed to know if any of you have tested if this works... Yes, basically: Do an alternate qmail install (qmail2) Install your qmail-scanner on qmail2 with only antivirus scanning. Assuming you're running supervised: create a /service/smtp2/run that only binds to your external IP (correct the paths) create a /service/send2/ like /service/send, but with correct paths change/add /var/qmail2/control/smtproutes to contain only: :127.0.0.1 modify your /service/smtp/run so it only binds to 127.0.0.1 What you did was install a blank qmail (make sure the basics are there so you don't have an open relay, etc) into qmail2. All it does is bind to your external IP, recieve email, a/v scan it, and forward it to 127.0.0.1. Since 127.0.0.1 is your original qmail install, it will handle everything as it did before. It can get confusing - so make sure you backup everything before you accidentally edit/delete something in /var/qmail instead of /var/qmail2 :) Rick !DSPAM:4733438c32001116414286!
Re: [vchkpw] Two qmails in same machine
Rick Romero ha scritto: On Thu, 2007-11-08 at 17:20 +0100, [EMAIL PROTECTED] wrote: On Thu, 08 Nov 2007 08:52:57 -0600 Rick Romero [EMAIL PROTECTED] wrote: Not entirely, If the main issue is timeouts during SMTP, he can move his scanning to '127.0.0.1', and remove it from his external IP. That will ensure he can receive an email from the outside in its entirety. He can throttle connections to 127.0.0.1 to prevent overload, and he won't bounce mail due to SMTP timeouts. You don't want to lose a/v scanning on your external IP, so another qmail install, with spam-only qmail-scanner, would be the cheapest solution. Why not? Moving it to a pool of AV scanning boxes would be a good idea. I'm not suggesting that the caller be moved, but the work is moved. So the MX gets the mail, but uses the clam client to talk to a clam server that's in a pool... somewhere. That would seem to be a good use of resources to me. The resource pool could be a loadbalancer for example, if one works with an office LAN that would be a good use of boxes that are doing nothing more than running a xscreensaver. -- The SCSI Controller to Toshi Station is sending 11 because of the newbie thinking 'halt' means 'exit'. Valve Software is RNA. :: http://www.s5h.net/ :: http://www.s5h.net/gpg Hi! Perhaps I should have said that this server will be housed and that I can't set more than one server because of the cost... so I needed to do something as this... but don't know if it would work or could have problems... I assume not.. because is the same way than setting a ssl smtp on port 465.. it shares everything with qmails 25 port server... but I needed to know if any of you have tested if this works... Yes, basically: Do an alternate qmail install (qmail2) Install your qmail-scanner on qmail2 with only antivirus scanning. Assuming you're running supervised: create a /service/smtp2/run that only binds to your external IP (correct the paths) create a /service/send2/ like /service/send, but with correct paths change/add /var/qmail2/control/smtproutes to contain only: :127.0.0.1 modify your /service/smtp/run so it only binds to 127.0.0.1 What you did was install a blank qmail (make sure the basics are there so you don't have an open relay, etc) into qmail2. All it does is bind to your external IP, recieve email, a/v scan it, and forward it to 127.0.0.1. Since 127.0.0.1 is your original qmail install, it will handle everything as it did before. It can get confusing - so make sure you backup everything before you accidentally edit/delete something in /var/qmail instead of /var/qmail2 :) What about qmail users? Usually qmail cd according to user's home directory. Tonino Rick -- [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED] !DSPAM:47334c5e32003395413649!
Re: [vchkpw] Two qmails in same machine
On Thu, 2007-11-08 at 18:50 +0100, tonix (Antonio Nati) wrote: Rick Romero ha scritto: On Thu, 2007-11-08 at 17:20 +0100, [EMAIL PROTECTED] wrote: On Thu, 08 Nov 2007 08:52:57 -0600 Rick Romero [EMAIL PROTECTED] wrote: Not entirely, If the main issue is timeouts during SMTP, he can move his scanning to '127.0.0.1', and remove it from his external IP. That will ensure he can receive an email from the outside in its entirety. He can throttle connections to 127.0.0.1 to prevent overload, and he won't bounce mail due to SMTP timeouts. You don't want to lose a/v scanning on your external IP, so another qmail install, with spam-only qmail-scanner, would be the cheapest solution. Why not? Moving it to a pool of AV scanning boxes would be a good idea. I'm not suggesting that the caller be moved, but the work is moved. So the MX gets the mail, but uses the clam client to talk to a clam server that's in a pool... somewhere. That would seem to be a good use of resources to me. The resource pool could be a loadbalancer for example, if one works with an office LAN that would be a good use of boxes that are doing nothing more than running a xscreensaver. -- The SCSI Controller to Toshi Station is sending 11 because of the newbie thinking 'halt' means 'exit'. Valve Software is RNA. :: http://www.s5h.net/ :: http://www.s5h.net/gpg Hi! Perhaps I should have said that this server will be housed and that I can't set more than one server because of the cost... so I needed to do something as this... but don't know if it would work or could have problems... I assume not.. because is the same way than setting a ssl smtp on port 465.. it shares everything with qmails 25 port server... but I needed to know if any of you have tested if this works... Yes, basically: Do an alternate qmail install (qmail2) Install your qmail-scanner on qmail2 with only antivirus scanning. Assuming you're running supervised: create a /service/smtp2/run that only binds to your external IP (correct the paths) create a /service/send2/ like /service/send, but with correct paths change/add /var/qmail2/control/smtproutes to contain only: :127.0.0.1 modify your /service/smtp/run so it only binds to 127.0.0.1 What you did was install a blank qmail (make sure the basics are there so you don't have an open relay, etc) into qmail2. All it does is bind to your external IP, recieve email, a/v scan it, and forward it to 127.0.0.1. Since 127.0.0.1 is your original qmail install, it will handle everything as it did before. It can get confusing - so make sure you backup everything before you accidentally edit/delete something in /var/qmail instead of /var/qmail2 :) What about qmail users? Usually qmail cd according to user's home directory. If everything is smtproute forwarded to 127.0.0.1 your qmail2 need not know about any users - as long as it's not using chkuser. All he should need is qmail2/control/rcpthosts to contain the domains he's receiving for. /var/qmail would do the actual user check (either with chkuser during smtp or during the actual delivery) and bouce it back to /var/qmail2, which should send bounce back out through /var/qmail :P So if there are a ton of 'fake' user deliveries, qmail2 should be setup using chkuser... but I moved /var/qmail onto only 127.0.0.1 for the example so he wouldn't have to worry about duplicating individual user info... Rick !DSPAM:473350d232002423038714!
Re: [vchkpw] Two qmails in same machine
Rick Macdougall wrote: Quey wrote: We have sendmail boxes as front line, that do all the pre-connect tests easily without adding in 35 patches like we have to make qmail modern-ish and then anti virus/spam/phishing/etc tests, one important factor is the milter smf-sav which asks the database server (we call) qmaster (a vpopmail/mysql db server) if user exists to avoid backchatter, if it does, then sendmail sends to qrouter which is a simple qmail/vpopmail install that accepts the mail and puts it into the users dir (which are NFS attached) all the nfs stuff and qmaster and qrouter all operate on pvt address space, on second gbit port for added protection, but of course could be run on live net interfaces if you dont have the option of dual ethernet. (we tried postfix with its remote recipient verification, but it cant handle the loads and even its author recommends not to use on very busy systems, we dont use qmail on the front line boxes because we dont have to fear breaking patches trying to incorporate RBL, SPF, SAV, DNS checks, badmx zone checks, bad helo, force helo, and milter-regex to stop all home users etc etc etc, sure we might end up geting qmail to do all these, but after how many hours, when with sendmail its just there and adding a milter after another milter cant break patching like with qmail :) ) We do the same thing but with Bill Shupp's qmail toaster (and no additional patches). Each external MX talks to two SA servers in We have several other anti-lamer connection tests, and i've never seen one qmail patch with the lot that we need, like I said i'm sure they are out there to mix and match if we have the time to manually apply them, but cant be bothered with wasting hours doing it :) its not very productive to take 3 hours to search out and find, then manually apply and get everything working in co-operation. round robin and then the mail is delivered to the end user pop/smtp server (soon to be delivered directly by the external MX's, whoot!). Yep, we find that we can use 8 front lines to one qmail mail router as the front-lines do all the hard work, we could possible even double that amount. It's all mounted NFS on a netapps and we use MySQL as a backend Auth running on two sql servers mounted iSCSI on the netapps for the databases. Yep NetApps FAS's are unbeatable in performance, and price isn't too bad either :) Works well. Surely does. !DSPAM:47339fd232001351018053!
Re: [vchkpw] Two qmails in same machine
ed wrote: tests easily without adding in 35 patches like we have to make qmail For clarity we must separate the jms projects from what you're stating above. The 35 patches may be so if you get them one-by-one from the qmail.org site, but that is not so with the jms project. jms has combined many patches into a single patch set, which makes all the work of applying the 35 patches much easier. As I wrote earlier there is no one single patch that does everything we want to do even with toaster etc we still have to find and manually apply patches and hope they still work, as I also wrote we might be able to find some obscure patch that does in combo with other patches what we wont, but its all about productivity, how can you justify 3 hours on one project when using a competitors product, it can be all done in 10 minutes, that might be fine for some small office, but large corporations don't tolerate this waste. modern-ish and then anti virus/spam/phishing/etc tests, one important factor is the milter smf-sav which asks the database server (we call) qmaster (a vpopmail/mysql db server) if user exists to avoid backchatter, if it does, then sendmail sends to qrouter which is a simple qmail/vpopmail install that accepts the mail and puts it into the users dir (which are NFS attached) all the nfs stuff and qmaster and qrouter all operate on pvt address space, on second gbit port for added protection, but of course could be run on live net interfaces if you dont have the option of dual ethernet. (we tried postfix with its remote recipient verification, but it cant handle the loads and even its author recommends not to use on very busy systems, we dont use qmail on the front line boxes because we dont have to fear breaking patches trying to incorporate RBL, SPF, SAV, DNS checks, badmx zone checks, bad helo, force helo, and milter-regex to stop all home users etc etc etc, sure we might end up geting qmail to do all these, but after how many hours, when with sendmail its just there and adding a milter after another milter cant break patching like with qmail :) ) This seems more like a qmail vs postfix vs sendmail rant, but not really, I have tried them all, and nothing comes close to the combo of Qmail and Vpopmail for performance, stability reliability. Which is why wee went down the track we did. seriously, qmail isn't that much of a big deal to implement. It's very well thoughtout and if you value the unix modus vivendi then you can See my earlier comments... time wasting... P.S. does 'wizzard' work on your sendmail? whats wizzard? I've heard of it, but I've heard of several things called wizzrd, each to their own. !DSPAM:4733a18332001322513715!
Re: [vchkpw] Two qmails in same machine
On Fri, 09 Nov 2007 08:19:54 +1000 Quey [EMAIL PROTECTED] wrote: ed wrote: I think you should off load the processing work. Look into running a remote clamd/spamassing, or setup multiple mail hubs jms has a guide on that at http://qmail.jms1.net I agree he needs to offload, but the jms1 way seems very cumbersome. Not really, it's simple enough for some qmail rocks folk to enjoy. We have sendmail boxes as front line, that do all the pre-connect tests easily without adding in 35 patches like we have to make qmail For clarity we must separate the jms projects from what you're stating above. The 35 patches may be so if you get them one-by-one from the qmail.org site, but that is not so with the jms project. jms has combined many patches into a single patch set, which makes all the work of applying the 35 patches much easier. modern-ish and then anti virus/spam/phishing/etc tests, one important factor is the milter smf-sav which asks the database server (we call) qmaster (a vpopmail/mysql db server) if user exists to avoid backchatter, if it does, then sendmail sends to qrouter which is a simple qmail/vpopmail install that accepts the mail and puts it into the users dir (which are NFS attached) all the nfs stuff and qmaster and qrouter all operate on pvt address space, on second gbit port for added protection, but of course could be run on live net interfaces if you dont have the option of dual ethernet. (we tried postfix with its remote recipient verification, but it cant handle the loads and even its author recommends not to use on very busy systems, we dont use qmail on the front line boxes because we dont have to fear breaking patches trying to incorporate RBL, SPF, SAV, DNS checks, badmx zone checks, bad helo, force helo, and milter-regex to stop all home users etc etc etc, sure we might end up geting qmail to do all these, but after how many hours, when with sendmail its just there and adding a milter after another milter cant break patching like with qmail :) ) This seems more like a qmail vs postfix vs sendmail rant, but seriously, qmail isn't that much of a big deal to implement. It's very well thoughtout and if you value the unix modus vivendi then you can appreciate the simplicity of having one small program doing one job, and pipe it to something else to do another stage. Really, it's not so hard, but I choose not to venture further into any my mail server brings all the guys to the yard debate. If sendmail works for you then great, but I'm not going to advocate sendmail to anyone. P.S. does 'wizzard' work on your sendmail? -- The Ether to the Verizon Switch is sending 11 because of Brian Bird. Homer Simpson is going bankrupt. :: http://www.s5h.net/ :: http://www.s5h.net/gpg signature.asc Description: PGP signature !DSPAM:47338e4f32007151283676!
Re: [vchkpw] Two qmails in same machine
ed wrote: I think you should off load the processing work. Look into running a remote clamd/spamassing, or setup multiple mail hubs jms has a guide on that at http://qmail.jms1.net I agree he needs to offload, but the jms1 way seems very cumbersome. We have sendmail boxes as front line, that do all the pre-connect tests easily without adding in 35 patches like we have to make qmail modern-ish and then anti virus/spam/phishing/etc tests, one important factor is the milter smf-sav which asks the database server (we call) qmaster (a vpopmail/mysql db server) if user exists to avoid backchatter, if it does, then sendmail sends to qrouter which is a simple qmail/vpopmail install that accepts the mail and puts it into the users dir (which are NFS attached) all the nfs stuff and qmaster and qrouter all operate on pvt address space, on second gbit port for added protection, but of course could be run on live net interfaces if you dont have the option of dual ethernet. (we tried postfix with its remote recipient verification, but it cant handle the loads and even its author recommends not to use on very busy systems, we dont use qmail on the front line boxes because we dont have to fear breaking patches trying to incorporate RBL, SPF, SAV, DNS checks, badmx zone checks, bad helo, force helo, and milter-regex to stop all home users etc etc etc, sure we might end up geting qmail to do all these, but after how many hours, when with sendmail its just there and adding a milter after another milter cant break patching like with qmail :) ) !DSPAM:47338b9532001131219061!
Re: [vchkpw] Two qmails in same machine
Quey wrote: We have sendmail boxes as front line, that do all the pre-connect tests easily without adding in 35 patches like we have to make qmail modern-ish and then anti virus/spam/phishing/etc tests, one important factor is the milter smf-sav which asks the database server (we call) qmaster (a vpopmail/mysql db server) if user exists to avoid backchatter, if it does, then sendmail sends to qrouter which is a simple qmail/vpopmail install that accepts the mail and puts it into the users dir (which are NFS attached) all the nfs stuff and qmaster and qrouter all operate on pvt address space, on second gbit port for added protection, but of course could be run on live net interfaces if you dont have the option of dual ethernet. (we tried postfix with its remote recipient verification, but it cant handle the loads and even its author recommends not to use on very busy systems, we dont use qmail on the front line boxes because we dont have to fear breaking patches trying to incorporate RBL, SPF, SAV, DNS checks, badmx zone checks, bad helo, force helo, and milter-regex to stop all home users etc etc etc, sure we might end up geting qmail to do all these, but after how many hours, when with sendmail its just there and adding a milter after another milter cant break patching like with qmail :) ) We do the same thing but with Bill Shupp's qmail toaster (and no additional patches). Each external MX talks to two SA servers in round robin and then the mail is delivered to the end user pop/smtp server (soon to be delivered directly by the external MX's, whoot!). It's all mounted NFS on a netapps and we use MySQL as a backend Auth running on two sql servers mounted iSCSI on the netapps for the databases. Works well. Just my $0.02 CAD. Regards, Rick !DSPAM:4733921a32001988532304!
Re: [vchkpw] Two qmails in same machine
Quey wrote: ed wrote: I think you should off load the processing work. Look into running a remote clamd/spamassing, or setup multiple mail hubs jms has a guide on that at http://qmail.jms1.net I agree he needs to offload, but the jms1 way seems very cumbersome. We have sendmail boxes as front line, that do all the pre-connect tests easily without adding in 35 patches like we have to make qmail modern-ish and then anti virus/spam/phishing/etc tests, one important factor is the milter smf-sav which asks the database server (we call) qmaster (a vpopmail/mysql db server) if user exists to avoid backchatter, if it does, then sendmail sends to qrouter which is a simple qmail/vpopmail install that accepts the mail and puts it into the users dir (which are NFS attached) all the nfs stuff and qmaster and qrouter all operate on pvt address space, on second gbit port for added protection, but of course could be run on live net interfaces if you dont have the option of dual ethernet. What do you use for recipient verification on sendmail? (we tried postfix with its remote recipient verification, but it cant handle the loads and even its author recommends not to use on very busy systems, we dont use qmail on the front line boxes because we dont have to fear breaking patches trying to incorporate RBL, SPF, SAV, DNS checks, badmx zone checks, bad helo, force helo, and milter-regex to stop all home users etc etc etc, sure we might end up geting qmail to do all these, but after how many hours, when with sendmail its just there and adding a milter after another milter cant break patching like with qmail :) ) That is odd. At Outblaze where I ripped out an inhouse custom sendmail (let's forget about the security holes that require immediate attention), I believe that, even if the sendmail mysql patch had some form of mysql pooling like postfix and thus not kill the mysql server with hundreds of connections (sendmail was configured to spawn up to 600 child processes but mysql connections are only opened after mails get past the filter rules), it would still not handle the load that postfix can (configured to handle 800-1000 connections depending on whether there is a flood of sorts, lower number when more ham is coming in) since 600 is the maximum we can configure for sendmail before the box starts swapping and load average was also higher when sendmail was running. Interesting that you find a complete opposite experience. Where does postfix fail? Large queues due to perhaps a larger ham to spam ratio in your environment? OB had something like minimum 90% spam so they managed with just dual PIII 800Mhz, 1G, dual scsi boxes on the frontends. Around 30 or so before I left. Wietse recommend that postfix not be used in very busy systems? That I find hard to believe. Perhaps you can post a link to his post. !DSPAM:4733cc7832001129620903!
Re: [vchkpw] Two qmails in same machine
So I have think that I could compile qmail one time and copy to two different locations for example /var/qmail and /var/qmail-scanning-server... is this possible? and is this possible without having two different vpopmails? two different databases for smtp auth... (Internet qmail scanner will be relay too) two differents tcp rules file... so could I share everything between them? What do you think about this idea have just had? You cannot compile qmail one time and install in two locations. You need to change conf-qmail for the second installation. After make setup check of the first install, do 'echo /var/qmail-scanning-server conf-qmail; make setup check' Nor do you need two different vpopmails. They can share the same databases...the problem really is keeping the configuration files in sync or just symlink /var/qmail-scanning-server/users/assign to /var/qmail/users/assign and other files that vpopmail touches. !DSPAM:4733ce4f32001150090198!