from:"Phillip R. Shaw"

Re: [xmail] User password

2013-03-09 Thread Phillip R. Shaw

Really dumb question.
Are you sure you are hitting the correct xmail server?

From: xmail-boun...@xmailserver.org [mailto:xmail-boun...@xmailserver.org] On 
Behalf Of Barry Kavanagh
Sent: Saturday, March 09, 2013 10:06 AM
To: 'XMail Users Mailing List'
Subject: Re: [xmail] User password

Done, but it still returning the same error :(

From: xmail-boun...@xmailserver.org 
[mailto:xmail-boun...@xmailserver.org] On Behalf Of Chris Franklin
Sent: 08 March 2013 16:00
To: XMail Users Mailing List
Subject: Re: [xmail] User password

Edit your mailusers.tab file and change password field to "54525253" that will 
make the password 1776
The password field is the third field.



On Fri, Mar 8, 2013 at 10:48 AM, Barry Kavanagh 
mailto:barry.kavan...@onaitech.com>> wrote:
Hi Fred,

Thanks for your help, unfortunately port 6017 is closed I only have access
using the shell prompt and don't know the Xmail admin password but I do have
full root shell access.

Regards
Barry

-Original Message-
From: xmail-boun...@xmailserver.org 
[mailto:xmail-boun...@xmailserver.org]
On Behalf Of Fred
Sent: 08 March 2013 15:39
To: 'XMail Users Mailing List'
Subject: Re: [xmail] User password

I use this to control my server:

http://www.webifi.com/xmail/

It talks to XMail through TCP PORT 6017 which is where XMail listen for its
control protocol.

You could also telnet localhost 6017

Then type "root"[ TAB]"yourpassword"[enter] Then type
"userpasswd"[TAB]"domain"[TAB]"username"[TAB]"password"[enter]


-Original Message-
From: xmail-boun...@xmailserver.org 
[mailto:xmail-boun...@xmailserver.org]
On Behalf Of Barry Kavanagh
Sent: 8 mars 2013 09:00
To: xmail@xmailserver.org
Subject: [xmail] User password

I have an old Xmail server running on a Gentoo Vmware box with full root
access.I want to send a mail as user15 but can't remember the password.I
have very basic Linux :( I am trying to reset the password for user15

I have tried entering say "user15" "XYZ" and saving the file but it does not
work.

How do I successfully reset this Xmail user password when the server has no
X server and no web admin.

___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

Re: [xmail] User password

2013-03-08 Thread Phillip R. Shaw

I don't remember for sure that this worked, but I think what I had done in the 
past was edit the users file which has the encrypted passwords in it and just 
copy paste an encrypted password that I remembered to the one I was trying to 
set, then restart xmail.

Seems like I did something like that in the past.


From: xmail-boun...@xmailserver.org [xmail-boun...@xmailserver.org] on behalf 
of Barry Kavanagh [barry.kavan...@onaitech.com]
Sent: Friday, March 08, 2013 9:48 AM
To: 'XMail Users Mailing List'
Subject: Re: [xmail] User password

Hi Fred,

Thanks for your help, unfortunately port 6017 is closed I only have access
using the shell prompt and don't know the Xmail admin password but I do have
full root shell access.

Regards
Barry

-Original Message-
From: xmail-boun...@xmailserver.org [mailto:xmail-boun...@xmailserver.org]
On Behalf Of Fred
Sent: 08 March 2013 15:39
To: 'XMail Users Mailing List'
Subject: Re: [xmail] User password

I use this to control my server:

http://www.webifi.com/xmail/

It talks to XMail through TCP PORT 6017 which is where XMail listen for its
control protocol.

You could also telnet localhost 6017

Then type "root"[ TAB]"yourpassword"[enter] Then type
"userpasswd"[TAB]"domain"[TAB]"username"[TAB]"password"[enter]


-Original Message-
From: xmail-boun...@xmailserver.org [mailto:xmail-boun...@xmailserver.org]
On Behalf Of Barry Kavanagh
Sent: 8 mars 2013 09:00
To: xmail@xmailserver.org
Subject: [xmail] User password

I have an old Xmail server running on a Gentoo Vmware box with full root
access.I want to send a mail as user15 but can't remember the password.I
have very basic Linux :( I am trying to reset the password for user15

I have tried entering say "user15" "XYZ" and saving the file but it does not
work.

How do I successfully reset this Xmail user password when the server has no
X server and no web admin.

___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail
___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

Re: [xmail] GLST

2010-09-14 Thread Phillip R. Shaw

Replying late to this, but just now looking at the smtp log file.

Since Bloglines is closing down I started trying google reader.

Google does not (always) bind outbound messages to a server/IP. 

I see one message that came in from servr197 the first time, and then the next 
two retries for that message came from server69, and the 4th try came from 
server197.
The second message had the first two sends from server69, and the third is from 
servr197.

Both messages did eventually get delivered, but now I need to go back through 
the logs to see if I might be dropping some from this.

Phillip

-Original Message-
From: xmail-boun...@xmailserver.org [mailto:xmail-boun...@xmailserver.org] On 
Behalf Of Davide Libenzi
Sent: Tuesday, August 10, 2010 2:27 AM
To: XMail Users Mailing List
Subject: Re: [xmail] GLST

On Mon, 9 Aug 2010, Edinilson - ATINET wrote:

> Hi all,
> 
> Are you using SMTP Grey Listing (GLST module from Davide) with XMail?
> 
> Which range of ips (subnets) are you using in xnet parameter?
> 
> At this moment I´m whitelisting Hotmail and GMail ranges but I don´t know if 
> could be a good idea to whitelist others.

Don't many of them already know about greylisting and make sure outbound 
messages are bound to a given server/IP?

- Davide

___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

Re: [xmail] GLST

2010-08-10 Thread Phillip R. Shaw

Yahoo has always given me problems, seems like they are fairly greylist 
un-friendly.
I guess the part I have the problem with is the yahoo group emails, not sure 
about their regular email servers. One of the things they were doing was always 
creating an unique email address in the header so they could track 
non-deliveries. So when they added a new IP address to their email server farm 
I always lost a bunch of emails.
 
 
Phillip
 



From: xmail-boun...@xmailserver.org on behalf of Edinilson - ATINET
Sent: Mon 8/9/2010 8:41 AM
To: XMail Users Mailing List
Subject: [xmail] GLST



Hi all,

Are you using SMTP Grey Listing (GLST module from Davide) with XMail?

Which range of ips (subnets) are you using in xnet parameter?

At this moment I´m whitelisting Hotmail and GMail ranges but I don´t know if
could be a good idea to whitelist others.

Regards

Edinilson
-
ATINET-Professional Web Hosting
Tel Voz: (0xx11) 4412-0876
http://www.atinet.com.br  

___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail


<>___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

Re: [xmail] XMail 1.27-pre12

2010-01-21 Thread Phillip R. Shaw

I upgraded to pre12, and then to pre14, and have not seen a sign of the
problem with the long lines yet.

It's looking good to me.


Thanks
Phillip

-Original Message-
From: xmail-boun...@xmailserver.org
[mailto:xmail-boun...@xmailserver.org] On Behalf Of Davide Libenzi
Sent: Wednesday, January 20, 2010 1:07 AM
To: XMail mailing list
Subject: [xmail] XMail 1.27-pre12

Here are the links:

http://www.xmailserver.org/xmail-1.27-pre12.tar.gz
http://www.xmailserver.org/xmail-1.27-pre12.win32bin.zip

The ChangeLog is inside the archives, as usual.
There was still a place where XMail was truncating long line, and 
that's fixed too.



- Davide


___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail
___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

Re: [xmail] xmail 1.25 problem with a smtp headers

2010-01-19 Thread Phillip R. Shaw

Thinking about this a little more.
I don't think the problem is xmail receiving the lines that are too
long, I think it might be in xmail sending out the lines that are too
long.

Back to my email flow:
Xmail1 receives an email with the long line. My filter sees it is from
yahoo so it copies the mail file. The copy has a line that is about 1400
chars long.
XMail1 sends the message to XMail2 due to domain forwarding.
XMail2 receives an email with from address containing yahoo so it copies
the mail file. The copy has the long line broken with a CR in the middle
of it.

This is what happened with xmail 1.25, and since the first xmail server
wrote the mail file out with the long line I assume it probably received
it ok. But the second xmail server in the line is writing out a bad
line, so I assume it got a bad line.

I haven't looked at the xmail source to see if the sending of a long
line is the problem, just a theory at this point.

Couple comments on this.
It is NOT every message that gets it. Some days there are only one or
two, some days there are a dozen. This is out of 100 or so emails from
yahoo a day. 
I just started paying attention to it last November, I think it started
about mid month then. None of the emails have been important (it's yahoo
groups) so I haven't made it a priority.
XMail1 is in the DMZ while XMail2 is on my internal network. The mail is
just passing through a home router (SMC) which should not be doing
anything to the mail. (Should not, but maybe someone knows something
different about them).
And finally, I think the line is about 1400 chars without any white
space in it. I will try to paste it in here but don't know what outlook
is going to do with it. One big sold mess of garbage as far as I can
tell.

X-YMail-OSG:
4aFdVu0VM1l2Zxivn_LobWTcb1JNOyDLZE3BT3ph3bzDZBswapGQZg9e3XVHs3RF4rcbNLfE
IjEzWUl6RLGV2T9Wqlg6T1o.lRrfNUWFLfIxTYH3YUg5oBp8nfPSRxNL3pjMAEGQ8zS0ZeV.
LwlEcEMs0F2CPxEw1toRoGvkiEsmnm4GV3nLb.KGqnzJUlGm5gDC_JaRjCRU31C2V0utPZp_
y4dyb5fNRIK37A3sp23ld33EQMa4tCP_5jK6rJ_96mBvHIziomwTgwRZI7kl24Wr6fcAcuR8
ZsvAQi6LGkc6GHTKjdpNXb.x809BF.7_ygs5.4Dk_n0fY_D_aXQZXoKwqvy7r0JzOBnkajG8
73QZPAcw4LXoKSgbMT2E80igGtD9TA2j.LhQ93zeposBUvTx2dVJdeuoXy1QUHkuOw7mFm3Q
77XFlH5RXN51BRopUww27uHEYedO.0_eRsY40brovHGodOdw7RMVfXH8s3ZAwsFPcuq8iiNK
ROZ9H2jF137WURBU.wtmd79F3ZwVff6amUiqEONYowuMifEZ4m9GbZdMFhBBp5QumZLMPLAT
8cBp9dfpbAJf1E9_Uz5oFEFwNOLAqPaVJKC6L2S5vKrs5ls2jK29aFEWtoWHwD79VK4CYVA5
mgFi09Jny2lyGQLyaVp9ZYdF8joZcstcFRgOj3fji3HxapCQUzYuEYyq1gVCPJkesOj4zL1e
nsOaKUBFbLzRssyHcLv7X.n6geW0xElppJwPkWaBFiYx4n3zzZC8D4bZQJ9sswguNRT7KnAG
BTSQlKUp07qo18q3tDNKjkHFcWl9hzF9T44gYS4Y5s3SN.7CRDeD5uezwW1aJbGLY_gCinaQ
AkpUUHwm.3U00OZcRs1OcIvnT0fx.euDSsD49UipUAQA0NhS9KzqY1Qm2w0I.3eyOnYuI3on
B8Y1apDSry5UwLFKcZ00kP7baPXOviOCAb24SIbS6ycyUGmR_f7tJTa32IUhg3WQyMES2J7h
mKuMaReG_FPAiZW.MT9aSRdcSvVVCFFiLsA79Ch0R.cLM27JINHD5Js9A75I12.D3KPAYk7c
q.neVAfknC9f6jQgI5n9Km2ccZ20wBu2PZbtO5.HIAU99wAjHGzUu4YPFYANosBF.1qrGNe2
oO_zxJz1xWow2cVkhW1OQS.l1RhOqK7PXa2.LybLCdj9xZXgjgoEE9ckbE7OA4QTKyzMwl43
PpAnXG56tmT2eEvL0lmDzmrjD79Ezifwad0JOcKXsvY_VCIWdgsXRKLpQkiuSRNrmreKft5Q
u.ZWB0vpMGOI1vrh3D1RnG_HCw.t24YxhCytCUce9UBiBpSXWmTEf49AXlL75OFqrZxCNiJs
7xZMFPSYEuyLjuQ04dTvqypT3gamG.amNnpR2LxOCfLzy7KMR8P0GDbJLvkYgZJLBdLF84oH
LMEklFCpHjJRqKrnvEl3dtvG_4boiGa1thWBpqqGGLymMfkt6YYtTqPp7uoA..vB8LXm.sbD
KBJuC18L0cDDqSnCoWe6cgI1Fcmi0SFRJzymJGd7VNybCgPAnzX1glTXFr3IsFj.iqsDXvlS
rkuOktjXTqn_l6TgLDOvw7jLd3RXDDEETnbR0BmPW5OZzYrRSzPosaISEMUjJc7QFLHOH8bO
1Rp.yKykQDTIS.4-

Phillip

-Original Message-
From: xmail-boun...@xmailserver.org
[mailto:xmail-boun...@xmailserver.org] On Behalf Of Davide Libenzi
Sent: Wednesday, January 20, 2010 12:23 AM
To: XMail Users Mailing List
Subject: Re: [xmail] xmail 1.25 problem with a smtp headers

On Tue, 19 Jan 2010, Phillip R. Shaw wrote:

> Thinking about how to send myself an email with a line over a thousand
> chars long. Hope your are not thinking of telnet and counting that
many
> chars.
> 
> I'm on windows with the basic windows telnet client. Would redirecting
> an input file with the commands to telnet work? Or would that confuse
> xmail when it wasn't waiting for the responses?
> 
> What are the basic commands for sending an email? I can try that. That
> would let me put the long line in a file. I have the captured emails
> that I got with the filters if they would work anywhere in the
testing.
> 
> And checking, it appears that I don't have telnet on Vista but do on
> Windows2003. I didn't realize they had dropped it (or I didn't pick
all
> the options when I installed).

Just tried myself. No worky. Need to check better tomorrow. There must
be 
other places where lines are broken up ...

- Davide

___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail
___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

Re: [xmail] xmail 1.25 problem with a smtp headers

2010-01-19 Thread Phillip R. Shaw

Thinking about how to send myself an email with a line over a thousand
chars long. Hope your are not thinking of telnet and counting that many
chars.

I'm on windows with the basic windows telnet client. Would redirecting
an input file with the commands to telnet work? Or would that confuse
xmail when it wasn't waiting for the responses?

What are the basic commands for sending an email? I can try that. That
would let me put the long line in a file. I have the captured emails
that I got with the filters if they would work anywhere in the testing.

And checking, it appears that I don't have telnet on Vista but do on
Windows2003. I didn't realize they had dropped it (or I didn't pick all
the options when I installed).

Phillip

-Original Message-
From: xmail-boun...@xmailserver.org
[mailto:xmail-boun...@xmailserver.org] On Behalf Of Davide Libenzi
Sent: Tuesday, January 19, 2010 11:24 PM
To: XMail Users Mailing List
Subject: Re: [xmail] xmail 1.25 problem with a smtp headers

On Tue, 19 Jan 2010, Phillip R. Shaw wrote:

> I installed the pre11 to see how that works.
> I did get one bad email through, but it may have been sitting in the
> pipeline (spool file or something). Since you are rejecting the emails
> with lines too long now I am assuming that the email didn't arrive
new.
> 
> How/what would I see in the logs that would show if the emails are
being
> rejected by xmail?

No, XMail is not rejecting them.
Can you try to send an email to yourself with long Yahoo! headers?

- Davide

___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail
___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

Re: [xmail] xmail 1.25 problem with a smtp headers

2010-01-19 Thread Phillip R. Shaw

I installed the pre11 to see how that works.
I did get one bad email through, but it may have been sitting in the
pipeline (spool file or something). Since you are rejecting the emails
with lines too long now I am assuming that the email didn't arrive new.

How/what would I see in the logs that would show if the emails are being
rejected by xmail?

Thanks
Phillip

-Original Message-
From: xmail-boun...@xmailserver.org
[mailto:xmail-boun...@xmailserver.org] On Behalf Of Davide Libenzi
Sent: Tuesday, January 19, 2010 11:34 AM
To: XMail Users Mailing List
Subject: Re: [xmail] xmail 1.25 problem with a smtp headers

On Tue, 19 Jan 2010, CLEMENT Francis wrote:

> 
> In any cases, rfc2822 said that email lines should be no more than 998
> characters (http://tools.ietf.org/html/rfc2822#section-2.1.1)
including
> headers lines. (section 2.2.3) 
> 
> so Yahoo is sending X-YMail-OSG headers that break the rfc
> I think where is nothing to do except convince Yahoo to correct they
systems
> :/

Unfortunately XMail adds its own bug too. According to RFC2821, section
4.5.3.1
if you do not handle lines over a certain length, you are supposed to
give 
proper error.
XMail at the moment accepts those, but mishandles them. XMail 1.27-pre11
I 
will be releasing now should fix that problem ...

- Davide

___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail
___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

Re: [xmail] xmail 1.25 problem with a smtp headers

2010-01-19 Thread Phillip R. Shaw

Title: Re: [xmail] xmail 1.25 problem with a smtp headers



Not that I see, but it could be.
Actually on the broken message I am looking at the DomainKey-Signature looks like it is broken up correctly.. But the X-YMail-OSG is about 1400 chars long, with no breaks.
 
Actually looking at it, the X-YMail-OSG name is included in the DKIM-Signature header line, so just removing the line probably won't work.
 
Phillip
 


From: CLEMENT FrancisSent: Tue 1/19/2010 10:20 AMTo: XMail Users Mailing ListSubject: Re: [xmail] xmail 1.25 problem with a smtp headers

>-Message d'origine->De : xmail-boun...@xmailserver.org>[mailto:xmail-boun...@xmailserver.org]De la part de Phillip R. Shaw>Envoyé : mardi 19 janvier 2010 16:43>À : xmail@xmailserver.org>Objet : [xmail] xmail 1.25 problem with a smtp headers>>>I am receiving emails from yahoo groups and am running into a problem.>>A few (very few) of the emails have a header line them of X-YMail-OSG.>This line is extremely long and it appears that xmail is incorrectly>breaking it up into multiple lines. It appears that before xmail there>is a message with a very long line, and after there is a message with>extra line breaks and blank lines. The blank lines causes the next step>in the chain to read the email incorrectly.>>My mail flow is xmail receiving to do spam filtering, passed to another>xmail server for delivery, passed to exchange or kept for pop pickup. I>make copies of the emails in filters.out.tab in the first>xmail and then>make a copy in the second xmail in filters.in.tab. I can the>really long>line in the first copy but the second copy has the line messed up.>>Is this a known problem in xmail (1.25) and do newer versions handle it>better?>Any suggestions on how to handle these emails? Last resort is a filter>to remove (or correctly line break) these lines before they are>processed by xmail.>>I know the line is not rfc correct, but I'm not sure I can get yahoo to>filter them out.>>Does anyone know who puts this header in email? What is it for?>>>Thanks>Phillip Shaw>Yahoo send another header DomainKey-Signature that is a very very long oneline header, definitively much longer than the X-YMail-OSGDoes this one incorrectly break too ?(no sample yahoo mail in my inbox, sorry)Francis___xmail mailing listxmail@xmailserver.orghttp://xmailserver.org/mailman/listinfo/xmail
___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

[xmail] xmail 1.25 problem with a smtp headers

2010-01-19 Thread Phillip R. Shaw

I am receiving emails from yahoo groups and am running into a problem.

A few (very few) of the emails have a header line them of X-YMail-OSG.
This line is extremely long and it appears that xmail is incorrectly
breaking it up into multiple lines. It appears that before xmail there
is a message with a very long line, and after there is a message with
extra line breaks and blank lines. The blank lines causes the next step
in the chain to read the email incorrectly.

My mail flow is xmail receiving to do spam filtering, passed to another
xmail server for delivery, passed to exchange or kept for pop pickup. I
make copies of the emails in filters.out.tab in the first xmail and then
make a copy in the second xmail in filters.in.tab. I can the really long
line in the first copy but the second copy has the line messed up.

Is this a known problem in xmail (1.25) and do newer versions handle it
better? 
Any suggestions on how to handle these emails? Last resort is a filter
to remove (or correctly line break) these lines before they are
processed by xmail.

I know the line is not rfc correct, but I'm not sure I can get yahoo to
filter them out.

Does anyone know who puts this header in email? What is it for?


Thanks
Phillip Shaw

___
xmail mailing list
xmail@xmailserver.org
http://xmailserver.org/mailman/listinfo/xmail

[xmail] Re: glst.conf

2008-11-10 Thread Phillip R. Shaw

 [xmail] Re: glst.conf
The 3D should no= t be there, it means my email client put in some code that
got translated w= rong.   Sorry Phillip 


From: Rosario Pingaro
Sent: M= on 11/10/2008 9:51 AM
To: xmail@xmailserver.org
Subject: [xmail] Re: glst.conf



i esclude your assumption because the smt log shows the p= ublic IP.

whta the "3D" means into the xnet=3D3D192.168.0.0,255,255,= 0,0
regards

Rosario Pingaro

D. Lgs 196/2003
Il presente= messaggio contiene informazioni confidenziali, indirizzate
esclusivamen= te alle persone sopra indicate. Se il ricevente non =E8 tra
dette
person= e, non dovr=E0 intraprendere alcuna azione, tipo copia, stampa o
trasmet= tere il suo contenuto a terzi ed i relativi allegati, ma solo
informare = il mittente dell'errore e cancellare il messaggio. Il mittente
dovr=E0, = altres=EC, accertarsi che gli allegati non contengano virus prima
di
apr= irli.




- Original Message -
From: "Phillip R. = Shaw" <[EMAIL PROTECTED]>
To: 
Se= nt: Monday, November 10, 2008 3:58 PM
Subject: [xmail] Re: glst.conf
= 

>My guess is that the clients on the local network are connecti= ng =3D
>directly to the computer running glst.
>
>I thi= nk I set an xnet=3D3D192.168.0.0,255,255,0,0 in my glst.conf file to
=3D> get around this.
>
>I was running in the dark on this, s= o I'm not sure I didn't cause other
=3D
>problems with this.
>= 
>Phillip
>
>-Original Message-
>From: x= [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] =3D
>On B= ehalf Of Rosario Pingaro
>Sent: Monday, November 10, 2008 8:48 AM> To: xmail@xmailserver.org
>Subject: [xmail] Re: glst.conf
&= gt;
>i cleared the dbm file this morning,
>and get again the = private ip into the dbm file.
>
>Almost all of them are email = sent using Morzilla Thunderbird mail =3D
>lcient.
>
>th= is is a tipcial dbm record:
>192.168.0.2,[EMAIL PROTECTED],{ra=
[EMAIL PROTECTED];rtime=3D3D=3D
>4906dd0b,mtime=3D3D49= 06eaaa,mcnt=3D3D1,acnt=3D3D7\x00
>
>and the same client leav t= his smtp log into the server:
>"smtp.convergenze.it"   "sm= tp.convergenze.it"   "89.189.53.214" =3D
>"2008-11-10=3D20= 
>15:37:53"   "[127.0.0.1]"   "convergenze.it"&n= bsp;   =3D
>"[EMAIL PROTECTED] "=3D20
>"[EMAIL PROTECTED]"  =   "SAE6BD2"   "RCPT=3D3DOK" &nb= sp; ""
 =3D
>"0"=3D20
>""
>= ; "smtp.convergenze.it"   "smtp.convergenze.it"   "89.1= 89.53.214" =3D
>"2008-11-10=3D20
>15:37:53"   "[127= ..0.0.1]"   "convergenze.it"  &n= bsp; =3D
>"[EMAIL PROTECTED]"=3D20
>"[EMAIL PROTECTED] it""SAE6BD2"   &n= bsp;   "RECV=3D3DOK"   ""
= =3D
>"3629"=3D20
>""
>"smtp.convergenze.it" &nbs= p; "smtp.convergenze.it"   "89.189.53.214" =3D
>"2008-11-1= 0=3D20
>15:41:30"   "[127.0.0.1]"   "convergenze= ..it"=3D
>"[EMAIL PROTECTED] ail.it"=3D20
>"[EMAIL PROTECTED]" ="SAE6BF4"   "RCPT=3D3DOK"&nb= sp;  ""
 =3D
>"0"=3D20
>""> "smtp.convergenze.it"   "smtp.convergenze.it"  = "89.189.53.214" =3D
>"2008-11-10=3D20
>15:41:30"  = "[127.0.0.1]"   "convergenze.it" &n= bsp;  =3D
>"[EMAIL PROTECTED]"=3D20
>"[EMAIL PROTECTED] genze.it""SAE6BF4"  &n= bsp;"RECV=3D3DOK"   ""
   =   =3D
>"4882"=3D20
>""
>
>so it is recgnize= d as public ip, into the smtp log.
>
>I am more and more confi= dent that could be a problem into the glst
and=3D20
>morzilla client= ..
>
>Rosario Pingaro
>
>D. Lgs 196/2003
>I= l presente messaggio contiene informazioni confidenziali,
indirizzate=3D20> esclusivamente alle persone sopra indicate. Se il
riceventenon =3D= E8 tra =3D
>dette=3D20
>persone, non dovr=3DE0 intraprendere = alcuna azione, tipo copia, stampa
o=3D20
>trasmettere il suo contenu= to a terzi ed i relativi allegati, ma solo=3D20
>informare il mitten= te dell'errore e cancellare il messaggio. Il mittente
=3D
>
>d= ovr=3DE0, altres=3DEC, accertarsi che gli allegati non contengano virus
=3D= 
>prima di=3D20
>aprirli.
>
>
>
>
= >- Original Message -=3D20
>From: "Davide Libenzi" 
>To: 
>= ; Sent: Saturday, November 08, 2008 12:54 AM
>Subject: [xmail] Re: g= lst.conf
>
>
>>On Sat, 8 Nov 2008, Rosario Pi

[xmail] Re: glst.conf

2008-11-10 Thread Phillip R. Shaw

My guess is that the clients on the local network are connecting =
directly to the computer running glst.

I think I set an xnet=3D192.168.0.0,255,255,0,0 in my glst.conf file to =
get around this.

I was running in the dark on this, so I'm not sure I didn't cause other =
problems with this.

Phillip

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] =
On Behalf Of Rosario Pingaro
Sent: Monday, November 10, 2008 8:48 AM
To: xmail@xmailserver.org
Subject: [xmail] Re: glst.conf

i cleared the dbm file this morning,
and get again the private ip into the dbm file.

Almost all of them are email sent using Morzilla Thunderbird mail =
lcient.

this is a tipcial dbm record:
192.168.0.2,[EMAIL PROTECTED],[EMAIL PROTECTED];rtime=3D=
4906dd0b,mtime=3D4906eaaa,mcnt=3D1,acnt=3D7\x00

and the same client leav this smtp log into the server:
"smtp.convergenze.it"   "smtp.convergenze.it"   "89.189.53.214" =
"2008-11-10=20
15:37:53"   "[127.0.0.1]"   "convergenze.it"=
"[EMAIL PROTECTED]"=20
"[EMAIL PROTECTED]""SAE6BD2"   "RCPT=3DOK"   ""  =
"0"=20
""
"smtp.convergenze.it"   "smtp.convergenze.it"   "89.189.53.214" =
"2008-11-10=20
15:37:53"   "[127.0.0.1]"   "convergenze.it"=
"[EMAIL PROTECTED]"=20
"[EMAIL PROTECTED]""SAE6BD2"   "RECV=3DOK"   ""  =
"3629"=20
""
"smtp.convergenze.it"   "smtp.convergenze.it"   "89.189.53.214" =
"2008-11-10=20
15:41:30"   "[127.0.0.1]"   "convergenze.it"=
"[EMAIL PROTECTED]"=20
"[EMAIL PROTECTED]""SAE6BF4"   "RCPT=3DOK"   ""  =
"0"=20
""
"smtp.convergenze.it"   "smtp.convergenze.it"   "89.189.53.214" =
"2008-11-10=20
15:41:30"   "[127.0.0.1]"   "convergenze.it"=
"[EMAIL PROTECTED]"=20
"[EMAIL PROTECTED]""SAE6BF4"   "RECV=3DOK"   ""  =
"4882"=20
""

so it is recgnized as public ip, into the smtp log.

I am more and more confident that could be a problem into the glst and=20
morzilla client.

Rosario Pingaro

D. Lgs 196/2003
Il presente messaggio contiene informazioni confidenziali, indirizzate=20
esclusivamente alle persone sopra indicate. Se il ricevente non =E8 tra =
dette=20
persone, non dovr=E0 intraprendere alcuna azione, tipo copia, stampa o=20
trasmettere il suo contenuto a terzi ed i relativi allegati, ma solo=20
informare il mittente dell'errore e cancellare il messaggio. Il mittente =

dovr=E0, altres=EC, accertarsi che gli allegati non contengano virus =
prima di=20
aprirli.

- Original Message -=20
From: "Davide Libenzi" <[EMAIL PROTECTED]>
To: 
Sent: Saturday, November 08, 2008 12:54 AM
Subject: [xmail] Re: glst.conf

> On Sat, 8 Nov 2008, Rosario Pingaro wrote:
>
>> very very strange that xmail is configured to relay only a public =
subnet=20
>> and
>> then glst get private ip...
>> it is a logical observation.
>
> Try to remove the glst.dbm file, and see what you get. You might have
> stale entries in there.
> But, whatever IP you see in glst.dbm, that's the IP GLST and XMail =
see.
>
>
>
> - Davide
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe xmail" in
> the body of a message to [EMAIL PROTECTED]
> For general help: send the line "help" in the body of a message to
> [EMAIL PROTECTED]
>
>
>=20

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: hotmail delivery problems

2008-03-21 Thread Phillip R. Shaw

I agree the RFC's still require it. I agree that an MTA can reject with a 5xx 
if it does not like the message.
But, to say that a system that accepts all incoming email and filters at a 
later stage is required to send bounce messages on all the rejected email later 
is making a bad problem worse.

I am a perfect example of that. I reject at the MTA for RBLs. But accept pretty 
much everything else for later scanning on a much faster computer. I could send 
30-40 thousand bounce messages a day, to people that did not actually send the 
emails. But instead I just throw them away.

Requiring the internet connected MTA to do all the filtering is not practical 
for everyone, or even for most people. I am reasonable sure yahoo for one will 
queue up incoming email for later processing when the loads are high (new spam 
blast going on). For them to then send bounce messages for all the queued 
messages would flood many other servers. And I am sure that yahoo is not the 
only one that has an incoming volume great enough to only perform the fast 
checks on accepting the email and then do the more intense filtering later.

Keep in mind that most of the email received by internet connected MTA's is 
spam. Numbers vary but I don't remember seeing a number under 50% for many 
years and for my own servers it is 500 good to 20-60 thousand spam. It is not 
practical to try and filter all of them at the MTA connection time.

Phillip

From: Francesco Vertova
Sent: Fri 3/21/2008 1:43 PM
To: xmail@xmailserver.org
Subject: [xmail] Re: hotmail delivery problems

At 19.16 21/03/08, Phillip R. Shaw wrote:

> >>if a MTA accepts a message for delivery, it must either deliver or bounce..
>While this was a nice idea at one time, it really isn't desirable any more..
>
>Why? SPAM. I get thousands of emails that I accept but are then 
>rejected by my spam filtering. You don't want me sending all those 
>bounce messages to your users (whose email address was forged in the email).

If a MTA thinks an incoming mail is spam, it can reject it with a 
5xx. If it doesn't - i.e., accepts it for delivery - then it must 
deliver or bounce (indeed, I think it's required to do that by relevant RFCs).

>I would assume that hotmail (and the others) have user options that 
>say 'delete spam', so they don't have to look at it in their spam 
>folder. This could the reason that it goes into hotmail, and the 
>user never sees it. Some filtering is done when the email arrives, 
>but a lot of time more filtering is done later.

Yes, I think what is happening is that hotmail or others mark the 
mail as spam and place it somewhere, users don't realize it and say 
"I didn't receive it". Actually it is delivered, and users can read 
it if they like and know how.

Ciao, Francesco

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: hotmail delivery problems

2008-03-21 Thread Phillip R. Shaw

>>if a MTA accepts a message for delivery, it must either deliver or bounce..
While this was a nice idea at one time, it really isn't desirable any more.

Why? SPAM. I get thousands of emails that I accept but are then rejected by my 
spam filtering. You don't want me sending all those bounce messages to your 
users (whose email address was forged in the email).

I would assume that hotmail (and the others) have user options that say 'delete 
spam', so they don't have to look at it in their spam folder. This could the 
reason that it goes into hotmail, and the user never sees it. Some filtering is 
done when the email arrives, but a lot of time more filtering is done later.

I run a mail server from my home, with static ip's and rdns. But almost all 
mail I send to a yahoo account will go into the users spam folder until they 
say allow it. Doesn't matter what is in the email, if it was sent to one person 
or to several. I would love to receive a bounce for messages I actually sent, 
but I can not handle getting the bounces from every message that says it came 
from me.

Phillip

From: Francesco Vertova
Sent: Fri 3/21/2008 10:41 AM
To: xmail@xmailserver.org
Subject: [xmail] Re: hotmail delivery problems

At 12.47 21/03/08, David Lord wrote:
>On 21 Mar 2008, at 1:56, max toro q wrote:

> > I installed Xmail on win2k, and I have delivery problems to hotmail.
> > Some messages get delivered, some simply get lost. The log shows no
> > sign of problem.
>
>Yes but not very often. Mails are accepted but never delivered.

Not sure we're talking about the same thing, anyway from time to time 
my users complain that mails for hotmail accounts "are not 
delivered", meaning that the receiver did not receive them and the 
sender was not notified of any error. Every time I have investigated 
I found that hotmail did accept the message for delivery: smail logs 
say that. For me, this means that XMail did its job and the problem 
(if any: you know, 90% of a computer's problems lie between the 
keyboard and the chair ...) is with hotmail: if a MTA accepts a 
message for delivery, it must either deliver or bounce.

Ciao, Francesco

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] glst/filter question

2007-07-03 Thread Phillip R. Shaw

I am using glst with xmail and came up with a question.

In general, and glst in specific, is it more efficient to pass all the
parameters on the command line, or pass the file name and let the
program parse the mail file?

I am passing the email filename with the @@FILE macro and was thinking
it might be more efficient to pass the required arguments separately.

Any thoughts on which would be better?


Phillip

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] glst question

2007-05-15 Thread Phillip R. Shaw

How do people come up with, and keep current, their configurations for
greylisting.

I am specifically having problems with the 'xnet' settings staying
current.

Does someone keep a current list of subnets used by the larger mail
services?=20

I just got burned by yahoo groups using a subnet that I hadn't listed,
causing bounces and people getting dropped from the lists. Reacting
after people get dropped doesn't work well.

I get thousands of rejects a day, so I really can't manually scan for
them.

Anyone have a good way to keep up? Things to look for in the logs, or
queries to check?

Phillip
-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: Is this a problem, and if so where is it from

2007-01-18 Thread Phillip R. Shaw

Actually Symantec's default action is to drop the email. Which is why I turned 
that off, I was missing about half the emails on this list at the time. I 
currently have it set to just modify the subject to say it wasn't scanned. That 
way if I see it on a message that is not on this list (I have on a few in my 
junk email) I know to not open it.

I guess one of my questions is what is it supposed to do? Use the first 
Content-Transfer-Encoding, the last one, or try each of them? What is the mail 
client supposed to do? If there is an attachment, non-virus, that I want if it 
picks the wrong encoding it will trash the attachment wouldn't it?

Phillip

From: Davide Libenzi
Sent: Thu 1/18/2007 9:43 AM
To: xmail@xmailserver.org
Subject: [xmail] Re: Is this a problem, and if so where is it from

On Wed, 17 Jan 2007, Phillip R. Shaw wrote:

> 
> I am getting emails through the xmail list which Symantec's SMS SMTP
> gateway are flagging as un-scannable. I saw this a year ago and just
> turned off the warning but this time I think I found a pattern.

If that's the case, Symantec sux! :D
Think about it. I can embed a virus inside such properly crafted message 
and let it go though the scanning gateway. Now, the MUA is likely going to 
open it, and kaboom. Not good ;)

- Davide

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Is this a problem, and if so where is it from

2007-01-17 Thread Phillip R. Shaw


I am getting emails through the xmail list which Symantec's SMS SMTP
gateway are flagging as un-scannable. I saw this a year ago and just
turned off the warning but this time I think I found a pattern.

Some of the emails I receive through this list seem to have 2
Content-Transfer-Encoding tags in them. A lot of the time one will say
7bit and one will say 8bit.

2 examples are the messages just sent through from Bill Healy and from
Brian. But the message from waasssuup only had Content-Transfer-Encoding
tag in them.

Is this legit? I could see a scanner not knowing which encoding to use
and complaining about it. I did a quick search on google and did see one
patch to Ecartis that looked like it would add a second tag if one
already existed, but not sure it that is the problem or not.

I am showing the following headers in the message from Brian:
Message-ID: <[EMAIL PROTECTED]>
Date: Wed, 17 Jan 2007 20:46:15 -0500
From: Brian <[EMAIL PROTECTED]>
User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)
MIME-Version: 1.0
To:  xmail@xmailserver.org
Subject: [WARNING - NOT VIRUS SCANNED] [xmail] Re: Has filter processing
changed in version 1.24
References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
Content-type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 8bit
X-ecartis-version: Ecartis v1.0.0
Sender: [EMAIL PROTECTED]
Errors-to: [EMAIL PROTECTED]
X-original-sender: [EMAIL PROTECTED]
Precedence: bulk
Reply-to: xmail@xmailserver.org
X-list: xmail
X-Brightmail-Tracker: AA==
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 18 Jan 2007 01:47:17.0554 (UTC)
FILETIME=[95CA8920:01C73AA2]


Can anyone else verify that this is happening? And, if it is could it be
a problem or should I keep looking for something else.

Thanks

Phillip

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: Spammers - How to block them.

2006-02-14 Thread Phillip R. Shaw


Don't block on catchall. I would guess you have blocked yourself and/or
some of the major email ip addresses that you receive from.

Make a list of the dictionary addresses they are sending to and only
block those by adding the sending ip's in the spammers.tab. I use a
255.255.255.255 mask on them in the spammers.tab, only blocking the one
ip.

Do this by logging any email addresses that receive email, and then copy
the dictionary ones to the address file for the filter to use. I ended
up with a list of around 400 email addresses. (This is for a personal
domain).

You need to be careful doing this by making sure that there is no reason
for anyone to send to that email address. Don't block things like info,
postmaster, admin, sales, and so on. Those are common ones that get
spammed that you don't want to block at this level. Remember that you
are blocking saying that if a computer (maybe your isp's email server)
sends to this address I never want to receive email from that ip address
again. Very heavy handed.

Blocking the dictionary names is not the way to stop all spam, but it
will stop that majority of it if you are targeted. It does take a day or
two to get all the email addresses that are to be blocked, but it is
worth it.

And then delete the spammers.tab once in a while, I try to do it once a
week or so.

I have a very similar setup. The dictionary attack is probably coming
from zombie machines, which come and go very frequently. One of the
things I noticed about the attacks is that the mail will start coming
in. I would receive several hundred in a matter of a few minutes, but
only 3-5 from each ip address. It would be a large number of ip
addresses sending the mail. Return addresses and all of that varied
throughout the messages. Then it would repeat a short time later, with
new ip addresses and email addresses.

The problem with dnsbl was that I would get hit with an attack, and then
in a day or two the ip's would be listed in the dnsbl. It appeared that
someone got together a zombie net, sent the spam, and then gets most of
the machines listed. The listings worked great at some point, but if you
were in the leading edge of the attack you could get thousands of emails
before the ip's are listed.

The advantage of the spammers.tab (the way I understand it) is that if
the connecting ip is listed then the connection is dropped without
receiving any data. When you have limited bandwidth you don't want to
receive the entire message before deciding to drop it.


Phillip

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Henri van Riel
Sent: Tuesday, February 14, 2006 6:18 AM
To: Rob Arends
Cc: xmail@xmailserver.org
Subject: [xmail] Re: Spammers - How to block them.


Hello Rob,

> Henri, that does sound like it would work.

Sounds like it but there seems to be a glitch somewhere cause I wasn't
receiving *any* mail anymore... Bummer, and that on a day like
Valentine's day ;) I need to take a closer look at my script cause
outgoing mail goes through that script of mine too... Hadn't thought
of that.

One of the problems is that CustMapsList checking and my script take a
while to complete. Quite a while even which in fact makes the problem
worse. At times I have up to 25 servers connected to XMail trying to
deliver mail to users who don't even exist! I want to get rid of those
connection as quickly as possible to free smtp threads so they can
receive valid mails...

I was thinking, is setting SMTP-RDNSCheck to "1" in server.tab going
to be helpfull?

> The only thing to watch with your method, is that you block
> legitimate users that happen to key in the wrong address.

True. I was thinking of constantly tweaking the list of ip addresses
in spammers.tab to a maximum of 100 or so.

> I've had great success with greylisting (glst from Davide).
> I did have to tweak it a bit to deal with the likes of
> hotmail/yahoo/etc because of their many sending MTAs.

I'll have a look but it seems I need GDBM and stuff for it...

> Rob :-)

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Henri van Riel
> Sent: Tuesday, February 14, 2006 9:23 AM
> To: Jeff Buehler
> Cc: xmail@xmailserver.org
> Subject: [xmail] Re: Spammers - How to block them.


> Hi Jeff,

>> You can run ASSP on a different server than XMail.  Also, you can use

>> it simply to verify that the address being sent to is a valid one -
it 
>> does not need to perform Bayesian -filter based SPAM blocking unless 
>> you want it to (you could open up the ruleset, or you can have it 
>> simply tag the email that goes through with something if it thinks 
>> it's SPAM).  If what you need is to be able to close sessions to 
>> invalid addresses quickly, that is the only way I know how to do it.

> I'll certainly look into it but I don't like the idea of having to run
> something in front of XMail... Also, I'd need to install Perl on my
> mailserver which is *strictly* a mail

[xmail] Re: is there a new SPAM program out there?

2005-02-26 Thread Phillip R. Shaw

Welcome to the club :(

I have a list of about 400 email addresses that get hit all the time, I
reject 6-8000 messages a day. (max was around 20,000 at Christmas/new
years time frame)

I am pretty sure that the source ips are from virus infected machines
under control of a master program. And the ips will change frequently.

A couple good RBL lists will block most of the spam. But if you are like
me you will be on the leading edge of the usage so I normally got hit
and the next day the ip address was blocked.=20

I make up lots of email addresses, this is a personal domain, every
website I go to I make up a new email address for them. Means I can't
block non-existing addresses.

My solution was custom filter that checked against my list of spam trap
email addresses and if found add the sending ip to spammers.tab file.

This is not a general purpose spam filter, but using your examples if
you have never had a user [EMAIL PROTECTED] and that email address should
never have been used, then block any computer that tries to send to it.
Pretty hard core but with careful selecting of the email addresses I
think I have blocked most of (if not all) of this junk.

My real problem now is bandwidth :( Even blocking the messages, it takes
too much of my dialup bandwidth to just handle the connect/drop of the
messages.


Phillip Shaw


-Original Message-
From: Lev Shamilov [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 26, 2005 1:48 AM
To: Xmail Forum
Subject: [xmail] is there a new SPAM program out there?

The average size of SMTP log file on my network is 1 to 2 MB.
A couple of days ago it was 20MB. Well, I had situations like
this once in awhile. Usually some idiot spammer tries to send
mail through my server to non-existing addresses in my domain and
gets "RCPT=3DEAVAIL" response.  ...no big deal here.

So, usually I get lots of requests from 1 or 2 IP addresses.

But in this case, I got requests from lots of different IP
addresses. The strangest thing is that I had about 5 to 10
requests from the same IP address for non-existing email
addresses in alphabetical order, but then requests continue from
another IP address for the addresses in the sequential order. I
know it's the same spam program involved (may or may not be the
same computer as well), because the sender's computer name
(SMTPS.szClientDomain variable) is always the same - "main"

To be more clear, I get something like this:
from IP 1.2.3.4 "main" request to [EMAIL PROTECTED]
from IP 1.2.3.4 "main" request to [EMAIL PROTECTED]
from IP 1.2.3.4 "main" request to [EMAIL PROTECTED]
from IP 1.2.3.4 "main" request to [EMAIL PROTECTED]
...but then...
from IP 9.8.7.6 "main" request to [EMAIL PROTECTED]
from IP 9.8.7.6 "main" request to [EMAIL PROTECTED]
from IP 9.8.7.6 "main" request to [EMAIL PROTECTED]
from IP 9.8.7.6 "main" request to [EMAIL PROTECTED]
... and it continues on...

So I know it's the same spammer involved, because his computer
name is the same "main" and the email addresses are in
sequential order. But because IP address is changes after about
5 to 10 attempts, I don't know if there's only one computer
involved or maybe he is just relaying from other compromised
computers or servers.

So, (I'm just guessing) it looks like some program has a list of
domain names and possible combination of account names and it
tries to send some spam through thousands of different IP
addresses (unless they can impersonate the IP address or use
some proxy servers).

The bastard has pretty fast network as well, because between the
"2005-02-23 22:23:35" and "2005-02-23 22:31:04" he made
129,905 request from my server.

About 130 thousands requests in about 8 minutes !!!
My log just grow 19.5 MByte in 8 minutes.
By the way, it was a nice performance test :-)
But the question remains the same:

How can I prevent that in the future?
If I get too many request (status "RCPT=3DEAVAIL"   in my SMTP log)...




Thanks,
Lev Shamilov
<[EMAIL PROTECTED]>

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: Spam blocking filter

2004-12-31 Thread Phillip R. Shaw

Well, I've looked like a bigger fool before, so this one isn't so bad :)

Guess I have to rethink some of this.

It would be so much easier if we could just shoot people who send all this crap 
out.

Thanks for the quick response.

Phillip


-Original Message-
From:   Jason J. Ellingson [mailto:[EMAIL PROTECTED]
Sent:   Fri 12/31/2004 1:35 PM
To: xmail@xmailserver.org
Cc: 
Subject:[xmail] Re: Spam blocking filter
You can't have a macro because there may be more than one RCPT TO in the
PRE/POST DATA filter.

SMTP IN filter will only have one address (it is run for each RCPT), so
that's why it has one.

Jason J Ellingson
Sr. Web Software Developer

615.301.1682 : nashville
612.605.1132 : minneapolis

www.ellingson.com
[EMAIL PROTECTED]

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Phillip R. Shaw
Sent: Friday, December 31, 2004 1:13 PM
To: xmail@xmailserver.org
Subject: [xmail] Re: Spam blocking filter

Ok, I have been looking at this closer now. The SMTP-MaxErrors would be a
big help, but ... :(
I am guessing that it will implemented to be checked in the smtpsrv
processing. And since I am using filters.out.tab processing I won't have a
chance to bump the error count.

Am I correct in my new understanding of the filter processing that the
filter.out.tab is processed after all the smtp processing? It sure looks
like it.

So I have another request. Would it be possible to add a couple more macros
to the filter.[pre|post]-data.tab processing? What I am most interested is
the email address the message was sent to. I don't think the from address
has any real value, they are faked too often on junk, but someone would
probably want that as well.

I know the rcpt address is in the message file, and may resort to parsing it
out of there. First glance looked like it would require more then just
reading the 5th line of the file and doing a string compare.

Was there a reason for not implementing these macros for the pre|post
filters? Since the filters are at the data point all the header information
is available, isn't it? Or have I misread something in there?

Thanks

Phillip
(and the SMTP-MaxErrors is already in my server.tab, just waiting for
something to use it :))

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]





-- Binary/unsupported file stripped by Ecartis --
-- Type: application/ms-tnef
-- File: winmail.dat


-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: Spam blocking filter

2004-12-31 Thread Phillip R. Shaw

Ok, I have been looking at this closer now. The SMTP-MaxErrors would be a big 
help, but ... :(
I am guessing that it will implemented to be checked in the smtpsrv processing. 
And since I am using filters.out.tab processing I won't have a chance to bump 
the error count.

Am I correct in my new understanding of the filter processing that the 
filter.out.tab is processed after all the smtp processing? It sure looks like 
it.

So I have another request. Would it be possible to add a couple more macros to 
the filter.[pre|post]-data.tab processing? What I am most interested is the 
email address the message was sent to. I don't think the from address has any 
real value, they are faked too often on junk, but someone would probably want 
that as well.

I know the rcpt address is in the message file, and may resort to parsing it 
out of there. First glance looked like it would require more then just reading 
the 5th line of the file and doing a string compare.

Was there a reason for not implementing these macros for the pre|post filters? 
Since the filters are at the data point all the header information is 
available, isn't it? Or have I misread something in there?

Thanks

Phillip
(and the SMTP-MaxErrors is already in my server.tab, just waiting for something 
to use it :))

-Original Message-
From:   Davide Libenzi [mailto:[EMAIL PROTECTED]
Sent:   Mon 12/27/2004 1:12 PM
To: xmail@xmailserver.org
Cc: 
Subject:[xmail] Re: Spam blocking filter
On Mon, 27 Dec 2004, Shiloh Jennings wrote:

> Dictionary attack detection is something I really wish XMail could =
> natively
> do.  ModusMail was a package we used prior to XMail.  It could detect =
> and
> temporarily ban an IP address for a set period of time.  It actually =
> helped
> a lot.  You do not want to permanently ban such IP addresses, because =
> some
> dictionary attacks do get relayed through legit hosts/ISPs from hijacked
> email accounts from time to time.  Permanently banning the IP addresses =
> will
> eventually cause your email server to block a lot of legit email.  The
> feature in ModusMail let you set a duration for the block in additional =
> to a
> threshold for activating such a block.  There were a lot of things about
> ModusMail I did not like, but that dictionary attack detection stuff was
> actually really cool.

A new "SMTP-MaxErrors" inside the server.tab file. I let you immagine what 
it does ;)

- Davide

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

-- Binary/unsupported file stripped by Ecartis --
-- Type: application/ms-tnef
-- File: winmail.dat

-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Spam blocking filter

2004-12-27 Thread Phillip R. Shaw

Problem:

I am getting hit with a dictionary attack on my mail server over a =
limited bandwidth connection. Volume is slowly increasing, going to over =
4000 (maybe 6000 now) email messages a day. Over 90% of these are spam =
from the dictionary attack.

I do use a few blacklists, and they catch about 90% of them. But I seem =
to be on the bleeding edge of this stuff because I get the first batch =
of junk sent out before they are added to the blacklists.=20

I finally got tired of all the junk mail (and wasted bandwidth) and =
started looking for better ways to minimize it. I have a list of email =
addresses that are receiving email but the email addresses have never =
existed, anyone sending email to them is sending spam.=20

Current Solution:

So I decided to write a filter. I am trying to block the sending ip =
addresses and I am trying to block this as early as possible to cut down =
on my bandwidth usage. From what I can tell looking at the XMail source, =
if the sending IP address is listed in the spammers.tab file the =
connection is dropped before any real traffic happens. (The check is =
made at the time of connection before anything is sent or received).=20

So my plan is to add any senders that get through to me in the =
spammers.tab. When I receive an email I am looking up the email address =
that it was sent to. If that email address is in my list of bad email =
addresses I want to halt all email from that sending ip address by =
adding that ip to the spammers.tab.

In the filter.out.tab I have a filter that looks up the email address it =
was sent to. If the email address is in my list I am adding that ip =
address to the spammers.tab and returning a 4 from the filter.

This does seem to stop me from receiving the email. But it does appear =
that the spammers are able to send many emails on the same connection, =
without the server rechecking the spammers.tab.

So what I am looking for is an idea on how to have the filter do =
something that will cause all the checks to be redone. Ideally it would =
force the connection to be closed so when the spammer retries it would =
then be found in the spammers.tab and blocked.

Or if this is not the best way to implement this functionality, what are =
some other ideas? It does seem to be working pretty good, if I could =
just have the filter force the connection to be dropped it might be =
close to perfect.

Thanks

Phillip





-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: Feature Request

2004-10-27 Thread Phillip R. Shaw

Problem with this would be that it is xmail that reads and processes the server.tab 
file, little late to say what user it should run as.

Actually I think you can just set the user id and password on the service properties 
in the services manager.

Phillip

-Original Message-
From:   Chris Franklin [mailto:[EMAIL PROTECTED]
Sent:   Wed 10/27/2004 12:16 PM
To: [EMAIL PROTECTED]
Cc: 
Subject:[xmail] Feature Request
I'd be nice to have the option to have xmail run as a user other then root.
and setable by the server.tab file.

Ps. And yes i know you can do it by fallowing the directions found at  
http://www.spectr.org/sergey/HowTo-Chrooted-XMail.html. BUt i think a 
server.tab var. would be alot nicer / cleaner :)

-- Chris L. Franklin --
-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]





-- Binary/unsupported file stripped by Ecartis --
-- Type: application/ms-tnef
-- File: winmail.dat


-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

[xmail] Re: Missing mail

2003-10-05 Thread Phillip R Shaw


Let me add that I think I could be seeing a similar problem.

But since I am the one that doesn't get the email I haven't noticed until
the past week that there were emails that I should have gotten and don't
remember seeing.

I am not sure that I am seeing it, but I really think I would have
remembered renewal notices asking for money.

And, what can I add to this? Well, if I am seeing it then it is NOT related
to load. While I have 4-5 domains with 4-5 mailboxes, there are only 2 of us
using xmail, and neither of us generate any load coming or going.

But...

The address receiving the email came into the wildcard alias to the domain.
The mailproc.tab file for the address that got the email was:
"mailbox"
"redirect" "user1" "user2"

That is NOT an exact copy but you see how it was laid out.

Now user2 got all the mails redirected (pretty sure, I wish there was a flag
that said you didn't get an email you should have :))
And user2 only got some of the email (pretty damn sure)

I know I have seen questions about should the mailbox command be first or
last in the mailproc file, and if there was a difference in putting all the
redirects on one line or separating them.

Davide, could either of these be contributing to the possible problem?


Phillip

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Eugenio
Sent: Sunday, October 05, 2003 6:20 AM
To: [EMAIL PROTECTED]
Subject: [xmail] Re: Missing mail


Actually I analyzed logs more accurately and found that for the "missed"
mails there is no entry in the SMAIL log, while there are 2 in the SMTP log,
the first ending with RECP=OK, the other with RECV=OK.

I also checked that those mails are not in the spool directory (and
subdirectories).

Where am I wrong?

Eugenio

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Davide Libenzi
Sent: Saturday, October 04, 2003 7:31 PM
To: [EMAIL PROTECTED]
Subject: [xmail] Re: Missing mail

I'm sorry guys but the SMAIL log entry is generated *after* the message has
been *successfully* copied inside the destination mailbox (or sent to
the remote destination). Now, it is possible the it could be an OS bug (I
strongly doubt about it) or it is possible that there are mistakes in
"measuring" missing messages.


-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]



-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]

Re: [xmail] User password

Re: [xmail] User password

Re: [xmail] GLST

Re: [xmail] GLST

Re: [xmail] XMail 1.27-pre12

Re: [xmail] xmail 1.25 problem with a smtp headers

Re: [xmail] xmail 1.25 problem with a smtp headers

Re: [xmail] xmail 1.25 problem with a smtp headers

Re: [xmail] xmail 1.25 problem with a smtp headers

[xmail] xmail 1.25 problem with a smtp headers

[xmail] Re: glst.conf

[xmail] Re: glst.conf

[xmail] Re: hotmail delivery problems

[xmail] Re: hotmail delivery problems

[xmail] glst/filter question

[xmail] glst question

[xmail] Re: Is this a problem, and if so where is it from

[xmail] Is this a problem, and if so where is it from

[xmail] Re: Spammers - How to block them.

[xmail] Re: is there a new SPAM program out there?

[xmail] Re: Spam blocking filter

[xmail] Re: Spam blocking filter

[xmail] Spam blocking filter

[xmail] Re: Feature Request

[xmail] Re: Missing mail

25 matches

Site Navigation

Mail list logo

Footer information