RE: [vchkpw] Some help needed [Off-topic]
ah, yes that would be what I meant to say. Should read what I write before hitting send. Shane -Original Message- From: Lou Hevly [mailto:[EMAIL PROTECTED] Sent: Saturday, 30 August 2003 12:58 AM To: [EMAIL PROTECTED] Subject: RE: [vchkpw] Some help needed [Off-topic] At 16:12 29/08/03, Shane Chrisp wrote: >Add the line >1.2.3.4:deny,RBLSMTPD=" - Connections refused" >to your tcp.smtp file. The RBLSMTPD message is optional. Not optional, useless. When you deny the connection you can't send back a message. I believe what you want is either: 1.2.3.4:deny or 1.2.3.4::allow,RBLSMTPD="-Connections refused" -- Lou Hevly Manresa, Catalonia http://visca.com
RE: [vchkpw] Some help needed [Off-topic]
At 16:12 29/08/03, Shane Chrisp wrote: Add the line 1.2.3.4:deny,RBLSMTPD=" - Connections refused" to your tcp.smtp file. The RBLSMTPD message is optional. Not optional, useless. When you deny the connection you can't send back a message. I believe what you want is either: 1.2.3.4:deny or 1.2.3.4::allow,RBLSMTPD="-Connections refused" -- Lou Hevly Manresa, Catalonia http://visca.com
RE: [vchkpw] Some help needed [Off-topic]
Hi, > Add the line > 1.2.3.4:deny,RBLSMTPD=" - Connections refused" > to your tcp.smtp file. The RBLSMTPD message is optional. ...and it only has an effect if you run rblsmtpd from the ucspi-tcp package in front of qmail-smtpd. Jonas
Re: [vchkpw] Some help needed [Off-topic]
Hi Tanmaya, please respond only to the list. I'm subscribed. > can anyone tell me how to block a particular IP. Yes. > also, if i want to allow/block a network like > X.X.X.X/24 > Is it possible? Yes. http://cr.yp.to/ucspi-tcp/tcprules.html Jonas
RE: [vchkpw] Some help needed [Off-topic]
I should make that clearer.. to block say 192.168.1/24 put 192.168.1.:deny You can also block a range of addresses with 192.168-173.:deny see http://cr.yp.to/ucspi-tcp/tcprules.html for more info ... Add the line 1.2.3.4:deny,RBLSMTPD=" - Connections refused" to your tcp.smtp file. The RBLSMTPD message is optional. Shane -Original Message- From: Tanmaya Anand [mailto:[EMAIL PROTECTED] Sent: Friday, 29 August 2003 4:34 PM To: Jonas Pasche; [EMAIL PROTECTED] Subject: Re: [vchkpw] Some help needed [Off-topic] hi, It was a problem with my tcp.smtp config. can anyone tell me how to block a particular IP. also, if i want to allow/block a network like X.X.X.X/24 Is it possible? Thanks, Tanmaya
RE: [vchkpw] Some help needed [Off-topic]
Add the line 1.2.3.4:deny,RBLSMTPD=" - Connections refused" to your tcp.smtp file. The RBLSMTPD message is optional. Shane -Original Message- From: Tanmaya Anand [mailto:[EMAIL PROTECTED] Sent: Friday, 29 August 2003 4:34 PM To: Jonas Pasche; [EMAIL PROTECTED] Subject: Re: [vchkpw] Some help needed [Off-topic] hi, It was a problem with my tcp.smtp config. can anyone tell me how to block a particular IP. also, if i want to allow/block a network like X.X.X.X/24 Is it possible? Thanks, Tanmaya
Re: [vchkpw] Some help needed [Off-topic]
hi, It was a problem with my tcp.smtp config. can anyone tell me how to block a particular IP. also, if i want to allow/block a network like X.X.X.X/24 Is it possible? Thanks, Tanmaya - Original Message - From: "Jonas Pasche" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, August 29, 2003 3:29 AM Subject: Re: [vchkpw] Some help needed [Off-topic] > Hi Tanmaya, > > > Below is out of ps command on our mail server. > > Can anyone help me figureout is this any malacious attempt. > > The processlist doesn't tell us. > > 1) You have logs; look into them. If you don't understand them, >show them to us. > > 2) Look into the message files (/var/qmail/queue/mess/*/*) to see >what the actual contents are, to judge if there's a spammer on >the machine or you allowed a spammer to relay. > > Jonas > > > > >
Re: [vchkpw] Some help needed [Off-topic]
Hi Tanmaya, > Below is out of ps command on our mail server. > Can anyone help me figureout is this any malacious attempt. The processlist doesn't tell us. 1) You have logs; look into them. If you don't understand them, show them to us. 2) Look into the message files (/var/qmail/queue/mess/*/*) to see what the actual contents are, to judge if there's a spammer on the machine or you allowed a spammer to relay. Jonas
Re: [vchkpw] Some help needed [Off-topic]
Right, when I had this problem before, all I did was add the following line to my /var/qmail/control/smtproutes file: :ip.address.of.my.isp's.smtp.server qmailctl restart and then you should be good Darcy On Thursday, Aug 28, 2003, at 13:46 US/Eastern, Darcy Dueck wrote: I know AOL has implemented some blacklists of mail servers originating from Dynamic IP address blocks, so that could be a problem if it thinks you or your ISP are on a Dynamic IP range and your users are trying to send emails to users @aol.com http://postmaster.info.aol.com/ if this is the case then you will see aol's rejection messages in your qmail log. another possibility is that if this is a dynamic ip, the isp providing the connectivity to the internet may be blocking outbound port 25. if this is the case you will have to use the isp's smtp server for all outgoing mail (using /var/qmail/control/smtproutes). i have done this type of filtering at the isp's where i worked- when the local spammers figured out that they couldn't get around the block, they went elsewhere. it may also be that you're on one of the global blacklists. there's a tool at http://www.dnsstuff.com/ which can look up your ip in about a hundred different lists, within about fifteen seconds. just ignore things like blars and especially selwerd.cx (since they specifically tell you not to use their lists for blocking mail). peace. --- | John Simpson - KG4ZOW - Programmer at Large | | <[EMAIL PROTECTED]>http://www.jms1.net/ | ---
Re: [vchkpw] Some help needed [Off-topic]
On Thursday, Aug 28, 2003, at 13:46 US/Eastern, Darcy Dueck wrote: I know AOL has implemented some blacklists of mail servers originating from Dynamic IP address blocks, so that could be a problem if it thinks you or your ISP are on a Dynamic IP range and your users are trying to send emails to users @aol.com http://postmaster.info.aol.com/ if this is the case then you will see aol's rejection messages in your qmail log. another possibility is that if this is a dynamic ip, the isp providing the connectivity to the internet may be blocking outbound port 25. if this is the case you will have to use the isp's smtp server for all outgoing mail (using /var/qmail/control/smtproutes). i have done this type of filtering at the isp's where i worked- when the local spammers figured out that they couldn't get around the block, they went elsewhere. it may also be that you're on one of the global blacklists. there's a tool at http://www.dnsstuff.com/ which can look up your ip in about a hundred different lists, within about fifteen seconds. just ignore things like blars and especially selwerd.cx (since they specifically tell you not to use their lists for blocking mail). peace. --- | John Simpson - KG4ZOW - Programmer at Large | | <[EMAIL PROTECTED]>http://www.jms1.net/ | --- PGP.sig Description: PGP signature
Re: [vchkpw] Some help needed [Off-topic]
I know AOL has implemented some blacklists of mail servers originating from Dynamic IP address blocks, so that could be a problem if it thinks you or your ISP are on a Dynamic IP range and your users are trying to send emails to users @aol.com http://postmaster.info.aol.com/ Darcy Hi all, Below is out of ps command on our mail server. Can anyone help me figureout is this any malacious attempt. Regards, Tanmaya [EMAIL PROTECTED] ~]$ ps ax | grep qmail 17923 ? S 0:07 qmail-send 17924 ? S 0:06 splogger qmail 17925 ? S 0:00 qmail-lspawn |preline procmail 17927 ? S 0:00 /usr/local/bin/tcpserver 0 pop3 /var/qmail/bin/qmail- 17928 ? S 0:08 qmail-rspawn 17929 ? S 0:00 qmail-clean 31542 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] [EMAIL PROTECTED] 31591 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] fattyj 31884 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] superstarrsw@ 32293 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] [EMAIL PROTECTED] 577 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] sun1966sh 764 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] [EMAIL PROTECTED] 961 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] jea 1004 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] stevel 1085 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] hgh 1182 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] mslee 1675 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] ba 1717 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] an1ba 1746 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] [EMAIL PROTECTED] 1763 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] [EMAIL PROTECTED] 1810 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] [EMAIL PROTECTED] 1811 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] [EMAIL PROTECTED] 1817 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] [EMAIL PROTECTED]. 1818 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] [EMAIL PROTECTED] 1820 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] theallensplac
RE: [vchkpw] Some help needed [Off-topic]
You will need to supply a bit more information for anyone to be able to help you out. However it could be that your server is an open relay, that one of your users is spamming, or that you just felt like sending out loads of email. Post your qmail-smtpd and pop startup files, and what options you used to compile vpopmail with and im sure that someone will be able to shed some light on your problem. Shane -Original Message- From: Tanmaya Anand [mailto:[EMAIL PROTECTED] Sent: Thursday, 28 August 2003 10:03 PM To: [EMAIL PROTECTED] Subject: [vchkpw] Some help needed [Off-topic] Hi all, Below is out of ps command on our mail server. Can anyone help me figureout is this any malacious attempt. Regards, Tanmaya [EMAIL PROTECTED] ~]$ ps ax | grep qmail 17923 ?S 0:07 qmail-send 17924 ?S 0:06 splogger qmail 17925 ?S 0:00 qmail-lspawn |preline procmail 17927 ?S 0:00 /usr/local/bin/tcpserver 0 pop3 /var/qmail/bin/qmail- 17928 ?S 0:08 qmail-rspawn 17929 ?S 0:00 qmail-clean 31542 ?S 0:00 qmail-remote aol.com [EMAIL PROTECTED] [EMAIL PROTECTED] 31591 ?S 0:00 qmail-remote aol.com [EMAIL PROTECTED] fattyj 31884 ?S 0:00 qmail-remote aol.com [EMAIL PROTECTED] superstarrsw@ 32293 ?S 0:00 qmail-remote aol.com [EMAIL PROTECTED] [EMAIL PROTECTED] 577 ?S 0:00 qmail-remote aol.com [EMAIL PROTECTED] sun1966sh 764 ?S 0:00 qmail-remote aol.com [EMAIL PROTECTED] [EMAIL PROTECTED] 961 ?S 0:00 qmail-remote aol.com [EMAIL PROTECTED] jea 1004 ?S 0:00 qmail-remote aol.com [EMAIL PROTECTED] stevel 1085 ?S 0:00 qmail-remote aol.com [EMAIL PROTECTED] hgh 1182 ?S 0:00 qmail-remote aol.com [EMAIL PROTECTED] mslee 1675 ?S 0:00 qmail-remote aol.com [EMAIL PROTECTED] ba 1717 ?S 0:00 qmail-remote aol.com [EMAIL PROTECTED] an1ba 1746 ?S 0:00 qmail-remote aol.com [EMAIL PROTECTED] [EMAIL PROTECTED] 1763 ?S 0:00 qmail-remote aol.com [EMAIL PROTECTED] [EMAIL PROTECTED] 1810 ?S 0:00 qmail-remote aol.com [EMAIL PROTECTED] [EMAIL PROTECTED] 1811 ?S 0:00 qmail-remote aol.com [EMAIL PROTECTED] [EMAIL PROTECTED] 1817 ?S 0:00 qmail-remote aol.com [EMAIL PROTECTED] [EMAIL PROTECTED] 1818 ?S 0:00 qmail-remote aol.com [EMAIL PROTECTED] [EMAIL PROTECTED] 1820 ?S 0:00 qmail-remote aol.com [EMAIL PROTECTED] theallensplac
[vchkpw] Some help needed [Off-topic]
Hi all, Below is out of ps command on our mail server. Can anyone help me figureout is this any malacious attempt. Regards, Tanmaya [EMAIL PROTECTED] ~]$ ps ax | grep qmail17923 ? S 0:07 qmail-send17924 ? S 0:06 splogger qmail17925 ? S 0:00 qmail-lspawn |preline procmail17927 ? S 0:00 /usr/local/bin/tcpserver 0 pop3 /var/qmail/bin/qmail-17928 ? S 0:08 qmail-rspawn17929 ? S 0:00 qmail-clean31542 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] [EMAIL PROTECTED]31591 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] fattyj31884 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] superstarrsw@32293 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] [EMAIL PROTECTED] 577 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] sun1966sh 764 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] [EMAIL PROTECTED] 961 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] jea 1004 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] stevel 1085 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] hgh 1182 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] mslee 1675 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] ba 1717 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] an1ba 1746 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] [EMAIL PROTECTED] 1763 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] [EMAIL PROTECTED] 1810 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] [EMAIL PROTECTED] 1811 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] [EMAIL PROTECTED] 1817 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] [EMAIL PROTECTED]. 1818 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] [EMAIL PROTECTED] 1820 ? S 0:00 qmail-remote aol.com [EMAIL PROTECTED] theallensplac