qmail Digest 18 Sep 1999 10:00:01 -0000 Issue 763
Topics (messages 30408 through 30444):
Re: Mail client and sorting
30408 by: Mikko H�nninen
30414 by: Mirko Zeibig
Re: Kurt's Closet on qmail
30409 by: Russ Allbery
30410 by: Petr Novotny
30412 by: Russ Allbery
sending big file
30411 by: Jan Stanik
Re: Qmail woes
30413 by: Dave Sill
Re: URGENT: HELP BIG ATTACHMENTS NOT RECIVING
30415 by: Dave Sill
ANNOUNCE: /var/qmail/control/locals and regex
30416 by: Robert Sander
30426 by: Russell Nelson
Re: When will qmail back off to the next MX?
30417 by: Greg Owen
30422 by: Lyndon Griffin
30423 by: Greg Owen
30435 by: phil.ipal.net
30437 by: phil.ipal.net
30439 by: Russell Nelson
30442 by: phil.ipal.net
"." in an email address
30418 by: Eric Davis
30420 by: Tomasz Papszun
30421 by: Russell Nelson
30438 by: phil.ipal.net
30440 by: Russell Nelson
US encyrption laws relaxed - way to go Dan!
30419 by: Brian D. Kohl
30424 by: craig.jcb-sc.com
30425 by: hsilver.pyx.net
30429 by: Vince Vielhaber
30430 by: craig.jcb-sc.com
30431 by: Vince Vielhaber
Re: locals and regex
30427 by: Robert Sander
Re: Default time for server UTC?
30428 by: Joseph R. Junkin
SMTP AUTH ?
30432 by: John R Levine
30433 by: Scott Ellis
Message time/dates
30434 by: Paul Farber
Re: How do you set the From and Received: line dates to match the one in the Date:
line ?
30436 by: Cyril Bitterich
http://pobox.com/~djb/ezmlm.html
30441 by: Mark Thomas
30443 by: Chris Johnson
30444 by: Robert Varga
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To bug my human owner, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
Anand Buddhdev <[EMAIL PROTECTED]> wrote on Fri, 17 Sep 1999:
> Elm comes with a filter utility to sort mail into different folders. If
> you want to do filtering with other mail clients, you can use procmail
> or maildrop.
Actually, last I heard was that support for filter was discontinued in
the current elm release version(s). I'd personally recommend using
procmail or maildrop with elm, even if filter was available.
> Netscape can thread messages, but I also suggest you look at mutt
> (http://www.mutt.org). Although it's not X-based, it is very nice.
Mutt is indeed very nice, especially for people who have been using elm
though by no means limited to them. And it also supports qmail-style
maildirs (to add some qmail-relevance to the discussion...).
Mikko
--
// Mikko H�nninen, aka. Wizzu // [EMAIL PROTECTED] // http://www.iki.fi/wiz/
// The Corrs list maintainer // net.freak // DALnet IRC operator /
// Interests: roleplaying, Linux, the Net, fantasy & scifi, the Corrs /
"You watching MTV while I lie dreaming in an MT bed" -- The Corrs
On Fri, Sep 17, 1999 at 02:44:53PM +0300, Mikko H�nninen wrote:
> Mutt is indeed very nice, especially for people who have been using elm
> though by no means limited to them. And it also supports qmail-style
> maildirs (to add some qmail-relevance to the discussion...).
I like mutt as well and use it most of the time (except when it comes to
clean up my imap-folders, then a drag'n'drop-thing comes handy).
To make this a bit qmail-specific: distribution of your mail, depends:
- I have a multidrop-pop-mailbox where every mail sent to @picard.inka.de is
thrown in.
- So I just subscribe with mirko-qmail@, mirko-php@ to lists and have the
corresponding .qmail-qmail, .qmail-php in my home-dir, which will deliver it
in folders, ala ~/lists/qmail/
- I took these out of my standard ~/mail-folder as imapd is not very happy
with more than 1000 messages/folder ;-).
Regards
Mirko
--
mailto:[EMAIL PROTECTED]
privat: http://sites.inka.de/picard
qmail, ldap and rh-isdn & Commerce: http://www.webideal.de/#downloads
be aware of culture www.uni-karlsruhe.de/~etcetera
Chris Green <[EMAIL PROTECTED]> writes:
> Surely also, since you haven't accepted the 'new' contract you can still
> (under basic copyright law) modify the software etc. and thus bypass the
> bit that asks you to accept the new terms anyway.
Basic copyright law, by my reading, does not grant you the right to modify
software that you own, believe it or not. Please don't take my word for
it; check it yourself. You can download a copy of the law from the
Library of Congress copyright page.
--
Russ Allbery ([EMAIL PROTECTED]) <URL:http://www.eyrie.org/~eagle/>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 17 Sep 99, at 5:15, Russ Allbery wrote:
> > Surely also, since you haven't accepted the 'new' contract you can still
> > (under basic copyright law) modify the software etc. and thus bypass the
> > bit that asks you to accept the new terms anyway.
>
> Basic copyright law, by my reading, does not grant you the right to modify
> software that you own, believe it or not. Please don't take my word for
> it; check it yourself. You can download a copy of the law from the
> Library of Congress copyright page.
And you said that the copyright law is the same all over the world:
The Czech copyright law explicitely permits to make modifications
for your own use, and even you're allowed to as much reverse
engineering as you need to keep the software doing what you
bought it for (my wording is inexact).
On the other hand, the Czech law assumes that a program is
essentially a book. Plus, it pretty much forbids free software by
stating that the author must be paid for the copyright...
But the bottom line is: The licence for qmail may or may not hold.
It's not as straightforward as many other licences are. There are
people who are distracted by that, and those people get to the front
pages on some respected sites (SecurityPortal).
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60
Comment: http://community.wow.net/grt/qdpgp.html
iQA/AwUBN+JColMwP8g7qbw/EQImWgCg0668/r3cNZzczl3dVCKgQ3dAcCAAoI7P
CrNF5Hx1yZWVGD93Ue6W31lr
=Mmfl
-----END PGP SIGNATURE-----
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
[Tom Waits]
Petr Novotny <[EMAIL PROTECTED]> writes:
> And you said that the copyright law is the same all over the world:
*Mostly*. There are differences, particularly in the areas of exceptions
for particular types of works, and I think the US law is considerably more
complicated in the area of audio recordings.
> The Czech copyright law explicitely permits to make modifications for
> your own use, and even you're allowed to as much reverse engineering as
> you need to keep the software doing what you bought it for (my wording
> is inexact).
That sounds like a much saner approach.
> On the other hand, the Czech law assumes that a program is essentially a
> book. Plus, it pretty much forbids free software by stating that the
> author must be paid for the copyright...
That, on the other hand... *wry grin*
> But the bottom line is: The licence for qmail may or may not hold. It's
> not as straightforward as many other licences are.
Yup. Exactly.
--
Russ Allbery ([EMAIL PROTECTED]) <URL:http://www.eyrie.org/~eagle/>
Hi,
We use qmail (on FreeBSD 4) as a relay smtp server, and
some of our customers with dialup access have problem to send
"big" files (over 500 kB) through this server. It takes too much time,
and then error message (timeout or TCP error) appears. It does not
depend on user's mail client (similar error with Pegasus Mail and
Outlook Express).
With sendmail, I had no problems.
Can You help me, please?
Thanks,
--
Jan Stanik
[EMAIL PROTECTED]
Telenor Internet,s.r.o
"Bryan J. Ischo" <[EMAIL PROTECTED]> wrote:
>I followed the instructions in the qmail HOWTO and got rid of sendmail
>entirely. But later in the day I discovered that emails simply were
>not getting delivered.
Didn't you test it after the install?
>qmail-smtpd was happily accepting them for
>delivery but where they went, who knows. We are using /var/mail
>files for receiving mail (for compatibility with our IMAP and POP
>servers). These files stopped being updated and I can find no
>traces of received mail anywhere in /var/qmail/queue.
Did you run qmail-qstat and qmail-qread? If your logging was working,
the qmail-send logs would be helpful.
>I was unable
>to send mail using the /bin/mail program on the mail host.
What does "unable to send mail" mean? Did the command return an error?
Did everything appear normal, except that the mail wasn't delivered
where you expected it? "I did some things and they didn't work" isn't
terribly helpful.
>So I
>tried the old sendmail.bak sendmail executable and, after making it
>suid again, it worked. So I removed the links from /usr/lib/sendmail
>and /usr/sbin/sendmail to /var/qmail/bin/sendmail, and replaced those
>links with links to the old sendmail.bak. Now users are receiving
>mail again. I find it very strange.
Yes, I find it strange that one would use Sendmail's sendmail in a
qmail installation, too. :-)
>My guess is that the fact that /var/qmail/bin/sendmail being
>group qmail and all of our mail files in /var/mail being group
>mail, and the fact that /var/qmail/bin/sendmail is not suid or
>anything, meant that it didn't have permissions to write mail
>to the mail files.
Sorry, that's not even close. The qmail sendmail just calls
qmail-inject, which places the message in qmail's queue, where's it's
picked up by qmail-send and passed to qmail-lspawn &|
qmail-rspawn. For a local delivery, qmail-lspawn calls qmail-local,
which, in your configuration, would invoke /bin/mail to do the final
delivery.
>Anyone know if there's any hope of recovering the mails which were
>lost at this time?
Hope? Sure. Whether they can or not depends upon what happened to
them. qmail is pretty careful not to toss messages, but /bin/mail
might not be.
>Silently lost mail files are the worst case
>scenario for a mail server and I am really afraid that that's what
>we have here.
If that happened, it wasn't qmail's fault, it was yours.
>The second problem we have is that qmail doesn't seem to log
>properly.
Correction: the second problem you have is that your qmail isn't
logging properly. qmail *does* log just fine for hundreds or thousands
of users. If yours isn't logging, it's because something is fubar'd
on your system.
>Qmail is started via:
>
>qmail-start '|preline -f /bin/mail "$USER"' splogger qmail
Where'd you get that? Have you looked at /var/qmail/boot/binm2?
>But where do the messages get logged?
splogger sends them to syslog. What syslog does with them is between
you and syslog. See "man syslogd" and "more /etc/syslog.conf".
>At no time have we ever
>received any log messages from qmail except for the following
>in /var/adm/messages:
>
>Sep 16 20:55:35 level qmail: 937529735.086563 alert: oh no! lost spawn
>connection! dying...
>
>Which occurred when I manually killed qmail when restarting it.
That's very strange. If that message was logged, you should have also
logged, at least, the startup message from qmail-send. If you do:
echo foo | /var/qmail/bin/splogger qmail
Does a message get logged?
Personally, I wouldn't spend much time trying to figure out syslog. I
use daemontools. See:
http://Web.InfoAve.Net/~dsill/lwq.html#start-qmail
-Dave
Manohar Pradhan <[EMAIL PROTECTED]> wrote:
>I have a problem with my qmail server (qmail 1.03). I can send/receive
>normal emails but when i try to send attachments and big files, then the
>SMTP server won't answer and it takes very long time. Can anybody give me
>some idea why it is happening?
Not really, unless you give us some more information. "It doesn't
work" isn't terribly useful.
>From "Life with qmail"
<http://Web.InfoAve.Net/~dsill/lwq.html#qmail-list>:
When you ask questions, please try to include sufficient details to
make it possible for people to respond:
What did you do? What's your configuration? Include qmail-showctl
output if you're not sure what's important. What action did you
take?
What did you expect to happen? What was the outcome you were
trying to achieve? Don't assume the reader can guess.
What did happen? Describe the actual result. Include log file
clippings and copies of messages, with headers.
Specifically:
What client are you using?
What happens when you try to send big messages?
What do the logs show?
-Dave
Hi!
There is now a webpage for the regex-patch at
http://beteigeuze.cs.tu-berlin.de/linux/qmail/
--
Greetings
Robert Sander
home.pages.de/~gurubert, pgp available there
Robert Sander writes:
> Hi!
>
> There is now a webpage for the regex-patch at
>
> http://beteigeuze.cs.tu-berlin.de/linux/qmail/
What problem does this solve that a virtualdomain does not? Yes,
control/locals allows only literal entries, but control/virtualdomains
allows wildcards of the form ".foo.bar:piffle" to match "biff.foo.bar".
It also allows "baz.foo.bar:" to *not* be caught by the preceding entry.
--
-russ nelson <[EMAIL PROTECTED]> http://russnelson.com
Crynwr sells support for free software | PGPok | Government schools are so
521 Pleasant Valley Rd. | +1 315 268 1925 voice | bad that any rank amateur
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | can outdo them. Homeschool!
> > Sorry? Did I miss an earlier message? Where does it say
> > it's a violation?
>
> Quoting RFC821:
>
> One important reply is the connection greeting. Normally, a
> receiver will send a 220 "Service ready" reply when the
> connection is completed.
But the Xerox servers aren't accepting a connection. The apparent
accepted connection is a side effect of the Raptor proxy firewall. If that
firewall wasn't in the way, they'd just refuse connection and qmail would
back off to the next MX immediately.
> Tell them to fix their SMTP servers, don't work around their
> breakage.
If anyone is broken here, its my firewall, not their mail setup. No
one here LIKES their mail setup, but that doesn't make it broken; it
conforms with all relevant RFCs that I'm aware of.
--
gowen -- Greg Owen -- [EMAIL PROTECTED]
> If Qmail did it "the same way", it would make Qmail more
> acceptable to users.
Ouch - even that one is beyond me ;)
If qmail did anything the same way as other MTA's --- well, I'm not so sure
I can express it. We're here because qmail doesn't do anything like other
MTA's - it's one of qmail's most redeeming qualities.
<:) Lyndon Grifin
> I was provided some information on how to modify the Qmail
> code to address this issue, but being a non-programmer, I
> decided not to go butchering the code. Here's the details...
Karl,
I've looked through qmail-remote.c and, the long and short of it is,
the design makes it extremely difficult to modify the behavior of qmail to
accomodate this combination of problems. The code snippet you listed won't
do it; if the connection is dropped, smtpcode() will never return to allow
that snippet to execute.
I guess I'm off to natter at the firewall people to see if they can
modify the behavior of the firewall.
--
gowen -- Greg Owen -- [EMAIL PROTECTED]
Russell Nelson wrote:
> A host that persistently refuses to run the SMTP protocol on the SMTP
> port cannot be said to be running SMTP.
So why not fall back to another one that does?
> Tell them to fix their SMTP servers, don't work around their
> breakage.
Isn't the design philosophy of the Internet supposed to be one where it is
desireable to work around breakage?
--
Phil Howard | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
phil | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
at | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
ipal | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
dot | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
net | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Racer X wrote:
> so qmail is within its "legal" boundaries in the way it handles MX records.
> without an RFC that specifies different behaviors for different situations,
> MX handling will always be a gray area. for instance:
Would it be within its "legal" boundaries to handle it differently in ways
some have suggested?
> * if the primary host gives you a temporary error, should you fall back to
> the next MX? how fast, immediately or wait a while? if you wait a while,
> maybe the temporary error will go away?
Make it configurable.
> * what if a fallback gives you a temp error? should you reset your MX
> preference to the primary? how soon?
Make it configurable.
> * if any host gives you a permanent error, should you try all other hosts?
> (this may be answered in some rfc, i dunno)
Make it configurable.
> * there's clearly a difference between a "connect refused", "host not
> responding", "host answers but disconnects without notice", all these kind
> of error conditions. how should they be handled wrt MX?
Make it configurable.
> * how often do you check for an updated MX list? every time you send the
> mail? if so, should you keep track of what the preferences used to be?
Make it configurable.
> an RFC would be the ideal way to answer these. doing it "like everyone else
> does" isn't valid. doing it "the way sendmail does" is even worse.
Agreed. But in some cases I have found things can work better by violating
RFCs. I don't like to distribute software that violates the RFCs, unless it
would do so only if the administrator gets to choose to do so, and is aware
that such a choice is a violation. I have no qualms about distributing or
using any software that works that way.
> btw, in case you weren't aware, your "make qmail more acceptable to users"
> argument isn't going to impress people around here.
Sounds like the debate I have with the FreeBSD people over their refusal to
support ATAPI devices attaced as master on an IDE channel just because the
specifications described it as a slave device ... at a time before secondary
IDE was common place (Linux and MS Windows work fine with master ATAPI).
Sticking to standards does have an important purpose. Deviating from them
should never be done lightly. But it should not be ruled out, either. In
many cases, such deviations have to be done to fully evaluate a proposed
change in the standards. And sometimes, old standards are not re-visited
because de-factor standards born out of deviant usage have established
themselves and there is no pressure to formalize them when other standards
work is more pressing.
There is also another saying common in computers and networking, especially
in regard to conformance to standards: Be conservative in what you produce
and be liberal in what you accept.
I have interpreted that to mean that if something does not conform to the
standard, but I also don't have to go out of my way to detect and understand
what is meant, I _may_ (and some would like this to be _should_) go ahead
and accept it with the obvious semantics.
I don't know of any protocol that specifically says that accepting a
connection and then summarily dropping it with no output has any particular
meaning in that standard. But I would readily classify this as a failure
not unlike a connection refusal. I recognize this because I happen to know
that there are cases where this is unavoidable. One example is that the
UNIX socket API is a deficient standard for lacking the ability to allow
user space processes to act on an incoming connection in a way that is seen
as a connection refusal.
If you can write a "bounce/relay" type of program that listens on a port and
for each connection coming in, connects to another specified host and port,
and passes all traffic both ways, but in the case of a connection refusal by
the target host, gives a connection refusal to the incoming connection it
gets, then I am proven wrong (and will have use for your code).
People want things that work well and work right. Unfortunately there is
disagreement on what both of those things mean. I see both sendmail and
qmail as fitting neither, but qmail is closer. In choosing which mail
server I will run on the new servers I am working on, I have to evaulate how
easy or difficult it will be to make things work as I need them to work.
I've probably ruled out FreeBSD (but I will see if 4.0 fixes things). I
have not ruled out qmail at all because qmail is probably easy to hack. But
indeed, this issue has added to what I will need to do with qmail to make it
"workable" (as I define it).
--
Phil Howard | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
phil | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
at | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
ipal | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
dot | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
net | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] writes:
> Russell Nelson wrote:
>
> > A host that persistently refuses to run the SMTP protocol on the SMTP
> > port cannot be said to be running SMTP.
>
> So why not fall back to another one that does?
Because you claimed that it was speaking SMTP. Upon examination, it
isn't. Your MX records are false. Why should I send your server any
mail at all, since it may not be the right server at all?
> > Tell them to fix their SMTP servers, don't work around their
> > breakage.
>
> Isn't the design philosophy of the Internet supposed to be one where it is
> desireable to work around breakage?
Nope, because if you do that, people never notice the breakage. If
something is working (even if it takes special efforts to keep it
working, e.g. contacting the wrong host first), they quite reasonably
conclude that it isn't broken, and they don't fix it.
--
-russ nelson <[EMAIL PROTECTED]> http://russnelson.com
Crynwr sells support for free software | PGPok | Government schools are so
521 Pleasant Valley Rd. | +1 315 268 1925 voice | bad that any rank amateur
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | can outdo them. Homeschool!
Russell Nelson wrote:
> [EMAIL PROTECTED] writes:
> > Russell Nelson wrote:
> >
> > > A host that persistently refuses to run the SMTP protocol on the SMTP
> > > port cannot be said to be running SMTP.
> >
> > So why not fall back to another one that does?
>
> Because you claimed that it was speaking SMTP. Upon examination, it
> isn't. Your MX records are false. Why should I send your server any
> mail at all, since it may not be the right server at all?
If it isn't speaking SMTP right then, it's BROKEN right then. But that's
no different than if it isn't accepting connections right then, which is
also a case of it's BROKEN right then.
Either way it's BROKEN right then.
Now you can just requeue the mail and try again later. If you do, then
you are presuming that perhaps it will be fixed later on, but before the
expiration of the mail.
So why not send the mail on to at least the WORKING secondary MX? That
at least gets it out of your queue, putting the storage burden on whoever
is supposedly doing queueing service for the crappy server.
> > > Tell them to fix their SMTP servers, don't work around their
> > > breakage.
> >
> > Isn't the design philosophy of the Internet supposed to be one where it is
> > desireable to work around breakage?
>
> Nope, because if you do that, people never notice the breakage. If
> something is working (even if it takes special efforts to keep it
> working, e.g. contacting the wrong host first), they quite reasonably
> conclude that it isn't broken, and they don't fix it.
How is it that people won't notice the breakage if the primary mail server
isn't accepting mail? If the server accepts connections, and then keeps
closing them, it's not going to get its mail even from then secondary MX.
I think they will eventually notice they are not getting their mail if it
disconnects just the same as if it was refusing connections.
Doesn't this really come down to a difference between the WAY a mail server
is broken? But I'm not seeing any argument about why the WAY it is broken
is more important than merely the fact that it is broken.
--
Phil Howard | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
phil | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
at | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
ipal | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
dot | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
net | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
I'm probably brain farting really badly today, but here goes a question.
I have a client who wants to do an email address like [EMAIL PROTECTED]
and qmail is refusing to deliver to the mailbox. I am using alias files
to redirect the email to the right account such that the alias file
a-who.am.i has the value of [EMAIL PROTECTED]
For all other users on the system, none of them using periods in their
email box names, email works great. This one user is the only blemish
though on our system. Did I miss something basic in the setup of qmail
or will this not work? Any help in solving this is greatly appreciated.
Thank you very much in advance.
-Eric Davis
[EMAIL PROTECTED]
On Fri, 17 Sep 1999 at 17:33:00 -0400, Eric Davis wrote:
> I'm probably brain farting really badly today, but here goes a question.
> I have a client who wants to do an email address like [EMAIL PROTECTED]
> and qmail is refusing to deliver to the mailbox. I am using alias files
> to redirect the email to the right account such that the alias file
> a-who.am.i has the value of [EMAIL PROTECTED]
>
> For all other users on the system, none of them using periods in their
> email box names, email works great. This one user is the only blemish
> though on our system. Did I miss something basic in the setup of qmail
> or will this not work? Any help in solving this is greatly appreciated.
> Thank you very much in advance.
>From the FAQ:
4.6. How do I create aliases with dots? I tried setting up
~alias/.qmail-P.D.Q.Bach, but it doesn't do anything.
Answer: Use .qmail-p:d:q:bach. Dots are converted to colons, and
uppercase is converted to lowercase.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
Eric Davis writes:
> I'm probably brain farting really badly today, but here goes a question.
> I have a client who wants to do an email address like [EMAIL PROTECTED]
> and qmail is refusing to deliver to the mailbox. I am using alias files
> to redirect the email to the right account such that the alias file
> a-who.am.i has the value of [EMAIL PROTECTED]
Try this:
echo '[EMAIL PROTECTED]' >~alias/.qmail-who:am:i
When a filename is constructed, dots are replaced with colons. This
prevents tricks with ../../../, while still allowing the use of
".qmail-foo/bar".
--
-russ nelson <[EMAIL PROTECTED]> http://russnelson.com
Crynwr sells support for free software | PGPok | Government schools are so
521 Pleasant Valley Rd. | +1 315 268 1925 voice | bad that any rank amateur
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | can outdo them. Homeschool!
Russell Nelson wrote:
> echo '[EMAIL PROTECTED]' >~alias/.qmail-who:am:i
>
> When a filename is constructed, dots are replaced with colons. This
> prevents tricks with ../../../, while still allowing the use of
> ".qmail-foo/bar".
Do the slashes get translated, or can they be used to do tricks with
subdirectories?
--
Phil Howard | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
phil | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
at | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
ipal | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
dot | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
net | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] writes:
> Russell Nelson wrote:
> > When a filename is constructed, dots are replaced with colons. This
> > prevents tricks with ../../../, while still allowing the use of
> > ".qmail-foo/bar".
>
> Do the slashes get translated, or can they be used to do tricks with
> subdirectories?
The latter, except that they look funny. You have to have a
subdirectory named .qmail-foo, and you put dot-qmail commands in a
file named bar. And the extension is foo/bar, so you have to send
mail to user-foo/bar.
--
-russ nelson <[EMAIL PROTECTED]> http://russnelson.com
Crynwr sells support for free software | PGPok | Government schools are so
521 Pleasant Valley Rd. | +1 315 268 1925 voice | bad that any rank amateur
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | can outdo them. Homeschool!
See it in Forbes, a huge relaxing of the US encyrption laws, and a quote
from the CEO of my company, Chemconnect! as well a paragraph on Bernstein.
Way cool.
http://www.forbes.com/tool/html/99/Sep/0916/mu3.htm
>See it in Forbes, a huge relaxing of the US encyrption laws, and a quote
>from the CEO of my company, Chemconnect! as well a paragraph on Bernstein.
>
>Way cool.
>
>http://www.forbes.com/tool/html/99/Sep/0916/mu3.htm
Way to go Dan indeed!
And way to perform some useful truth-detecting, John Gilmore! (His quote
appears at the end of the article. I hope his fears turn out to be
unfounded.)
tq vm, (burley)
http://www.wired.com/news
W I R E D N E W S
- - - - - - - - - -
Decoding the Crypto Policy Change
by Declan McCullagh
Why did the Clinton administration cave on crypto? What caused the
nation's top generals and cops to back down this week after spending
the better part of a decade warning Congress of the dangers of privacy
-protecting encryption products?
Why would attorney general Janet Reno inexplicably change her mind
and embrace overseas sales of encryption when as recently as July she
warned Congress of the "rising threat from the criminal community of
commercially available encryption?"
See also: Clinton Relaxes Crypto Exports and Crypto Law: Little Guy
Loses
It can't simply be that tech firms were pressing forward this fall
with a House floor vote to relax export rules. National security and
law enforcement backers in the Senate could easily filibuster the
measure. Besides, Clinton had threatened to veto it.
It could be the presidential ambitions of Vice President Gore, who
just happened to be in Silicon Valley around the time of the White
House press conference Thursday. Still, while tech CEOs can get angry
over the antediluvian crypto regulations Gore has supported, they
regard Y2K liability and Internet taxation as more important issues.
Another answer might lie in a little-noticed section of the
legislation the White House has sent to Congress. It says that during
civil cases or criminal prosecutions, the Feds can use decrypted
evidence in court without revealing how they descrambled it.
"The court shall enter such orders and take such other action as may
be necessary and appropriate to preserve the confidentiality of the
technique used by the governmental entity," Section 2716 of the
proposed Cyberspace Electronic Security Act says.
There are a few explanations. The most obvious one goes as follows:
Encryption programs, like other software, can be buggy. The US
National Security Agency and other supersecret federal codebreakers
have the billion-dollar budgets and hyper-smart analysts needed to
unearth the bugs that lurk in commercial products. (As recent events
have shown, Microsoft Windows and Hotmail have as many security holes
as a sieve after an encounter with a 12-gauge shotgun.)
If the Clinton crypto proposal became law, the codebreakers'
knowledge could be used to decipher communications or introduce
decrypted messages during a trial.
"Most crypto products are insecure. They have bugs. They have them
all the time. The NSA and the FBI will be working even harder to find
them," says John Gilmore, a veteran programmer and board member of the
Electronic Frontier Foundation.
Providing additional evidence for that view are Reno's comments on
Thursday. When asked why she signed onto a deal that didn't seem to
provide many obvious benefits to law enforcement, she had a ready
response.
"[The bill covers] the protection of methods used so that ... we will
not have to reveal them in one matter and be prevented, therefore,
from using them in the next matter that comes along," the attorney
general said.
Funding for codebreaking and uncovering security holes also gets a
boost. The White House has recommended US$80 million be allocated to
an FBI technical center that it says will let police respond "to the
increasing use of encryption by criminals."
Anther reason for the sea change on crypto is decidedly more
conspiratorial. But it has backers among civil libertarians and a
former NSA analyst who told Wired News the explanation was "likely."
It says that since the feds will continue to have control of legal
encryption exports, and since they can stall a license application for
years and cost a company millions in lost sales, the US government has
a sizeable amount of leverage. The Commerce Department and NSA could
simply pressure a firm to insert flaws into its encryption products
with a back door for someone who knows how to pick the lock.
Under the current and proposed new regulations, the NSA conducts a
technical analysis of the product a company wishes to export.
According to cryptographers who have experienced the process, it
usually takes a few months and involves face-to-face meetings with NSA
officials.
"This may be a recipe for government-industry collusion, to build
back doors into encryption products," says David Sobel, general
counsel for the Electronic Privacy Information Center and a veteran
litigator.
Sobel points to another part of the proposed law to bolster his claim
: It says any such information that a company whispers to the Feds
will remain secret.
That section "generally prohibits the government from disclosing
trade secrets disclosed to it [by a company] to assist it in obtaining
access to information protected by encryption," according to a summary
prepared by the administration.
Is there precedent? You bet. Just this month, a debate flared over
whether or not Microsoft put a back door in Windows granting the NSA
secret access to computers that run the operating system.
While that widespread speculation has not been confirmed, other NSA
back doors have been.
In the 1982 book The Puzzle Palace, author James Bamford showed how
the agency's predecessor in 1945 coerced Western Union, RCA, and ITT
Communications to turn over telegraph traffic to the feds.
"Cooperation may be expected for the complete intercept coverage of
this material," an internal agency memo said. ITT and RCA gave the
government full access, while Western Union limited the number of
messages it handed over. The arrangement, according to Bamford, lasted
at least two decades.
In 1995, The Baltimore Sun reported that for decades NSA had rigged
the encryption products of Crypto AG, a Swiss firm, so US
eavesdroppers could easily break their codes.
The six-part story, based on interviews with former employees and
company documents, said Crypto AG sold its security products to some
120 countries, including prime US intelligence targets such as Iran,
Iraq, Libya, and Yugoslavia. Crypto AG disputed the allegation.
"It's a popular practice. It has long historical roots," says EFF's
Gilmore. "There's a very long history of [the NSA] going quietly to
some ex-military guy who happens to run the company and say, 'You
could do your country a big favor if...'"
Could the security flaw be detected? Probably not, said Gilmore, who
during a previous job paid a programmer to spend months disassembling
parts of Adobe's PostScript interpreter. "Reverse engineering is real
work. The average company would rather pay an engineer to build a
product rather than tear apart a competitors'."
-----------------------
NOTE: In accordance with Title 17 U.S.C. section 107, this material is
distributed without profit or payment to those who have expressed a prior
interest in receiving this information for non-profit research and
educational purposes only. This material may not be copied or quoted,
placed on any web site or other open forum without the express consent of
the copyright owner.
-----------------------
On 17-Sep-99 [EMAIL PROTECTED] wrote:
>>See it in Forbes, a huge relaxing of the US encyrption laws, and a quote
>>from the CEO of my company, Chemconnect! as well a paragraph on Bernstein.
>>
>>Way cool.
>>
>>http://www.forbes.com/tool/html/99/Sep/0916/mu3.htm
>
> Way to go Dan indeed!
>
> And way to perform some useful truth-detecting, John Gilmore! (His quote
> appears at the end of the article. I hope his fears turn out to be
> unfounded.)
>
> tq vm, (burley)
Wired seemed to have a slightly different take, but I stopped reading the
Forbes article before I got to Gilmore's comment.
http://www.wired.com/news/news/politics/story/21790.html
Vince.
--
==========================================================================
Vince Vielhaber -- KA8CSH email: [EMAIL PROTECTED] flame-mail: /dev/null
# include <std/disclaimers.h> TEAM-OS2
Online Campground Directory http://www.camping-usa.com
Online Giftshop Superstore http://www.cloudninegifts.com
==========================================================================
>Wired seemed to have a slightly different take, but I stopped reading the
>Forbes article before I got to Gilmore's comment.
>
>http://www.wired.com/news/news/politics/story/21790.html
I think that's the article forwarded to this list that I just read
earlier. A Gilmore comment was in that article as well. Wired
didn't strike me as having a different take so much as a vastly
more detailed, in-depth article, including plenty of historical
information, allegations of conspiracies of various sorts, and
so on.
Personally, it's kinda weird -- I'm happy to have qmail up and
running, even though it probably never deals with more than 300
emails in a day. I'm delighted with the more positive, freedom-
oriented aspects of this crypto development, even though I don't
really ever use crypto myself. And I support the Second Amendment,
even though I don't like guns.
I guess I just really appreciate the efforts of others to preserve
my freedoms, even ones I have little or no intention of ever exercising.
Again, thanks, Dan!
tq vm, (burley)
On 17-Sep-99 [EMAIL PROTECTED] wrote:
>>Wired seemed to have a slightly different take, but I stopped reading the
>>Forbes article before I got to Gilmore's comment.
>>
>>http://www.wired.com/news/news/politics/story/21790.html
>
> I think that's the article forwarded to this list that I just read
> earlier. A Gilmore comment was in that article as well. Wired
> didn't strike me as having a different take so much as a vastly
> more detailed, in-depth article, including plenty of historical
> information, allegations of conspiracies of various sorts, and
> so on.
That's what I thought when I first saw it posted, but it's a different
article with a different slant. It is referenced in the one posted tho.
Vince.
--
==========================================================================
Vince Vielhaber -- KA8CSH email: [EMAIL PROTECTED] flame-mail: /dev/null
# include <std/disclaimers.h> TEAM-OS2
Online Campground Directory http://www.camping-usa.com
Online Giftshop Superstore http://www.cloudninegifts.com
==========================================================================
Hi!
So this must be worked out in the docs, or?
Greetings
--
Robert Sander "Is it Friday yet?"
@Home http://home.pages.de/~gurubert
pgp available there
Well, my disk crashed last night and I had to rebuild the machine from
the ground up. Took about 8 hours with RH 6, It has been a while since I
configured bind and qmail.
I see that there is now a tcpserver version of pop3, great, no need for
inetd at all now!
Thank god I have beeen archiving this mailing list, it is like having my
own personal tech support. I was able to search back and find the answer
to every problem I had.
My server time problem should be fixed now.
Thanks to all on this list!
Joe Junkin
[EMAIL PROTECTED]
Sam wrote:
>
> Joseph R. Junkin writes:
>
> > Sam wrote:
> > > That's because your time and timezone settings are woefully broken.
> >
> > Yes, I have a PST time, yet my 'date' shows system timezone is EST.
> >
> > So I just set my time and timezone correctly. You are saying Qmail
> > doesn't care what timezone I am in, as long as the time is correct.
> >
> > Now the time is correct on my server and my problem should now be fixed!
>
> No it's not. Your message was dated 3:13PM.
>
> --
> Sam
Has anyone tried to add SMTP AUTH to the qmail SMTP daemon? I hear from an
extremely reliable source that sendmail 8.10 will have it, so it seems like
for better or worse this will be the way that people solve the roaming user
problem.
Regards,
John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner
Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
There is a patch that adds AUTH capabilities on www.nimh.org. Works great
for me, been running it for awhile now.
Scott
----- Original Message -----
From: "John R Levine" <[EMAIL PROTECTED]>
To: "qmail list" <[EMAIL PROTECTED]>
Sent: Friday, September 17, 1999 2:59 PM
Subject: SMTP AUTH ?
> Has anyone tried to add SMTP AUTH to the qmail SMTP daemon? I hear from
an
> extremely reliable source that sendmail 8.10 will have it, so it seems
like
> for better or worse this will be the way that people solve the roaming
user
> problem.
>
> Regards,
> John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for
Dummies",
> Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer
Commissioner
> Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36
A3 47
>
>
Hello all,
I've been getting a few calls about times and dates on e-mails.
Ex, just got a call and the lady said that it's taking two days to get her
mail from AOL... the e-mail header she read to me said the mail was
recieved on 9/12 at 15:38... but it took two additional days to show up in
her inbox as the time/date the showed up in Outlook express was 9/14 (not
in the headers.... just on the diplay). I said the she may not have
checked the mail for two days (as the header said I recvd 2 days prior)..
she insists that there is a problem.
Any ideas??
Paul D. Farber II
Farber Technology
Ph. 570-628-5303
Fax 570-628-5545
[EMAIL PROTECTED]
Hi Ric,
> Anyway, The email headers generated for the From line
> and the Received: line are 7 Hours ahead of the actual
> time sent. The Date: line shows the correct time.
As far as I know you are 7 hours behind GMT.
> >>Date: Thu, 16 Sep 1999 12:56:33 -0700
And Q-Mail just takes UTC as a timestamp. As you can see from the Header
of my mail there seems to be the same problem. But why should I try to
read your local time and wonder how the message could be delivered
before it was even sent?
Ciao,
Cyril
I am trying to setup qmail for the first time. Being a newbie to Linux, I
need all of the help I can get. I keep seing references to this, but I
cannot see anything under pobox.com/.
I even got this message after signing up to this mailing list.
See http://pobox.com/~djb/qmail.html for more information about qmail.
Please read http://pobox.com/~djb/qmail/faq.html before sending your
question to the qmail mailing list.
I use a pobox.com address myself, and have never seen any reference to qmail
out there? I have tried several html documents from the Qmail.org home page
that points there that are not available.
Anybody have any clues. I can get to pobox.com and login and change my
redirects, passwords, etc. Getting to the pobox.com server is not a
problem.
Also:::: Setting up User Masquerading, mentions adding statements to your
environment. Is this one of the .files in my home directory?
MarkT.
On Sat, Sep 18, 1999 at 01:54:40AM -0500, Mark Thomas wrote:
> I am trying to setup qmail for the first time. Being a newbie to Linux, I
> need all of the help I can get. I keep seing references to this, but I
> cannot see anything under pobox.com/.
>
> I even got this message after signing up to this mailing list.
> See http://pobox.com/~djb/qmail.html for more information about qmail.
> Please read http://pobox.com/~djb/qmail/faq.html before sending your
> question to the qmail mailing list.
Just follow these instructions literally. Don't try to "see anything under
pobox.com," whatever that might mean. Access the cited URLs, and there you will
find the desired information.
Chris
On Sat, 18 Sep 1999, Mark Thomas wrote:
> Also:::: Setting up User Masquerading, mentions adding statements to your
> environment. Is this one of the .files in my home directory?
Nope. It is issuing
export QMAILUSER='your_localpart_to_appear'
-like commands in your profile file depending on which shell you use (eg.
.bash_profile in bash)
Of course it works only on locally queued messages (not on SMTP).
Robert Varga
