Thank you. -John
----- Original Message ----- From: "Devendra Singh" <[EMAIL PROTECTED]> To: "John Johnson" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, August 19, 2004 9:52 PM Subject: Re: [Qmail-scanner-general]qmail and iptables > At 19/08/04 10:22 (), John Johnson wrote: > > Can you share your switches you are using to call tcp server with this > >patch? Sounds nice and Would > >help with spam bombing as well. > > > >-John > > > >----- Original Message ----- > >From: "Devendra Singh" <[EMAIL PROTECTED]> > >To: <[EMAIL PROTECTED]> > >Sent: Wednesday, August 18, 2004 9:39 PM > >Subject: Re: [Qmail-scanner-general]qmail and iptables > > > > > > > > Check this Patch to ucspi-tcp. I have been using since many months. > > > http://linux.voyager.hr/ucspi-tcp/tcpserver-limits-2004-07-25.diff > > > > > > Earlier I was using tcpserver-limits-2004-01-24.diff but upgraded it to > >the > > > new version a few days back. > > > > > > I must say it's a wonderful patch to fight against Virus laden Bombing > >IPs. > > > Bravo, Matija Nalis for your wonderful patch. > > > > > > Devendra Singh > > > > > Hi John, > > Okay I would print my SMTPD-RUN script, but it does not make any > difference, it's a normal script which everyone uses. > > What is important is tcp.smtp. Here is my partial tcp.smtp (be carefull > about rolled over lines due to mail formattion): > > cat tcp.smtp > > ... > ... > ... > # ALLOW THESE IPS TO RELAY MAIL THROUGH OUR SERVER > # > # Ips of Our Net Servers are allowed to relay, > # and we won't bother doing any RBL checking. > # > 192.168.1.:allow,RELAYCLIENT="",RBLSMTPD="",MAXCONNIP="15",MAXLOAD="4500" > #192.168.1.141:allow,RELAYCLIENT="",RBLSMTPD="",MAXCONNIP="10",MAXLOAD="4500 " > #192.168.1.243:allow,RELAYCLIENT="",RBLSMTPD="",MAXCONNIP="10",MAXLOAD="4500 " > #192.168.1.11:allow,RELAYCLIENT="",RBLSMTPD="",MAXCONNIP="10",MAXLOAD="4500" > # > # Connections from localhost are allowed to relay > # (because the WebMail server runs on localhost), > # and obviously there is no point trying to perform an RBL check. > 127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD="" > # > :allow, LOCALMFCHECK="", MFDNSCHECK="", BADMIMETYPE="", MAXRECIPIENTS="20", > MAXCONNIP="5", MAXCONNC="10", MAXLOAD="4500", DIEMSG="421 MyDomain.com > Service temporarily unavailable due to too many connections from You, > closing transmission channel" > > I also grep the smtpd-log in case of load increase for "MAX" and > temporarily block the IPs with too many repetitive entries with firewall. > > Here is my smtpd-run script: > > #!/bin/sh > # when QMAILQUEUE is set, all mail will be sent to the nominated script > echo 'Starting qmail-smtpd...' > QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export QMAILQUEUE > VPOPMAILUID=`id -u vpopmail` > VPOPMAILGUID=`id -g vpopmail` > MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` > LOCAL=`head -1 /var/qmail/control/me` > # Setting the $LOCALMFCHECK variable will effectively enforce that the > # hostpart of the MAIL FROM: address correspond to one entry in our > ./rcpthosts (./morercpthosts) file. > # Commented for Putting the Check into /etc/tcp.smtp > # export LOCALMFCHECK="" > # Invoking the environment variable $MFDNSCHECK in the qmail-smtpd startup > script, > # enables globally the DNS check for the envelope's sender. > #export MFDNSCHECK="" > # HELODNSCHECK enables globally the DNS check for the client MTA's > HELO/EHLO greeting string. > # export HELODNSCHECK="" > # softlimit needs to be set at something large such as 15000000 > # to allow virusscanning software to run successfully > if [ -z "$VPOPMAILUID" -o -z "$VPOPMAILGUID" -o -z "$MAXSMTPD" -o -z > "$LOCAL" ]; > then > echo VPOPMAILUID, VPOPMAILGUID, MAXSMTPD, or LOCAL is unset in > echo /var/qmail/supervise/qmail-smtpd/run > exit 1 > fi > if [ ! -f /var/qmail/control/rcpthosts ]; then > echo "No /var/qmail/control/rcpthosts!" > echo "Refusing to start SMTP listener because it'll create an open > relay" > exit 1 > fi > exec /usr/local/bin/softlimit -m 15000000 \ > /usr/local/bin/tcpserver -H -l "$LOCAL" \ > -v -x /etc/tcp.smtp.cdb \ > -c "$MAXSMTPD" -r -u "$VPOPMAILUID" -g "$VPOPMAILGUID" 0 smtp \ > /usr/local/bin/rblsmtpd -b -C \ > -r 'bl.spamcop.net:Your message was rejected because the mail server you > use is configured to allow OPEN RELAY - More detailed information regarding > this problem is available from > http://www.spamcop.net/w3m?action=checkblock&ip=%IP% - Please forward this > error through to your email server support staff for easy resolution.' \ > -t 5 \ > /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true 2>&1 > > ______________________________________________________ > Devendra Singh > IndiaMART InterMESH Limited > (Global Gateway to Indian Market Place) > B-1, Sector 8, Noida, UP - 201301, India > EPABX : +91-120-2424945, +91-120-3094634, +91-9810646342 > Fax: +91-120-2424943 > http://www.indiamart.com > http://portals.indiamart.com > ______________________________________________________ > > > > ------------------------------------------------------- > SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media > 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 > Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. > http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 > _______________________________________________ > Qmail-scanner-general mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general > ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
