qmail Digest 16 Nov 2000 11:00:00 -0000 Issue 1185
Topics (messages 52230 through 52310):
socket sending to qmail problem... pleaseeeee help...
52230 by: Luke Chiam
Re: Qmailanalog ...
52231 by: Michael Maier
Forwarding with same envelope address
52232 by: mark.sidell.org
52239 by: Brett Randall
52264 by: mark.sidell.org
Help - It's urgently - about .qmail-default
52233 by: Expert
A doubt about Qmailadmin
52234 by: Expert
52235 by: Mark Anderson
52236 by: James Raftery
Help with qmail and ezmlm
52237 by: Pedro Pires
52251 by: Ricardo Cerqueira
maildirmake query
52238 by: suresh
Re: secrets and lies
52240 by: Matthias Andree
52241 by: Matthias Andree
52249 by: Paul Jarc
52250 by: Paul Jarc
52252 by: Lipscomb, Al
52253 by: Paul Jarc
52254 by: Michael T. Babcock
52255 by: Michael T. Babcock
52257 by: David Dyer-Bennet
52258 by: David Dyer-Bennet
52263 by: Adam McKenna
52268 by: Dave Sill
52270 by: Dave Sill
52271 by: Dave Sill
52273 by: Adam McKenna
52274 by: Paul Jarc
52276 by: Michael T. Babcock
52277 by: Robin S. Socha
52278 by: Adam McKenna
52282 by: Ryan Russell
52283 by: David Dyer-Bennet
52285 by: Dave Sill
52287 by: Matthias Andree
52291 by: Adam McKenna
52293 by: Andre Oppermann
how to set the rights for maildir to be secure
52242 by: Ruprecht Helms
52243 by: Ruprecht Helms
52247 by: Brett Randall
52265 by: Dave Sill
52288 by: Brett Randall
tcpserver & virtual domain
52244 by: Kiran
52262 by: Dave Sill
maildrop-filter-query
52245 by: suresh
AUTOMAILDIRMAKE
52246 by: suresh
52267 by: Dave Sill
52275 by: Ricardo Cerqueira
adding an outgoing-only smtp server?
52248 by: James T. Perry
52266 by: Dave Sill
52280 by: James T. Perry
52289 by: Dave Sill
52306 by: James T. Perry
Re: running daemontools on qmail with large locals and rcpthosts files
52256 by: clemensF
52261 by: Dave Sill
Re: Alias - .qmail-default
52259 by: Dave Sill
Re: accepting and delivering locally for a different IP ...
52260 by: Dave Sill
52272 by: Wolfgang Zeikat
Tired of this virus
52269 by: Eric Garff
resend incoming mail to specific doamin
52279 by: Shakaib Sayyid
52286 by: Dave Sill
removing Delivered-To header...?
52281 by: Peter Cavender
52297 by: Aaron L. Meehan
cr.yp.to delays
52284 by: D. J. Bernstein
qmail and pgsql
52290 by: Dean Browett
Re: accessing $local in fastforward alias file
52292 by: Brian Reichert
re-process delivered mail
52294 by: Colin Humphreys
52305 by: Markus Stumpf
max number of virt. domains
52295 by: Marco Leeflang
qmailadmin add pop-account failure
52296 by: Marco Leeflang
Leave this lista
52298 by: Frederiko dos Santos Costa
52299 by: Jerry Lynde
Delivering mail locally
52300 by: Oliver Menzel
52301 by: Alex Pennace
rbl users beware: MSN blocked
52302 by: Jon Rust
52303 by: Scott D. Yelich
52308 by: Bruce Guenter
Duplicate messages.
52304 by: Andy Abshagen
Very strange timeout
52307 by: Kornyakov Yevgeniy
User Unknown
52309 by: CB
linux and reiserfs
52310 by: Van Liedekerke Franky
Administrivia:
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To bug my human owner, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
Thank you first.
I am writing a linux application trying to send email to a qmail server. I
am able to send a very small sized data across successfully and receive in
in a mailbox ok, but when the data size becomes larger, it seems that the
email vanished in the air!
Any idea? Below is the code...
==========================================
sockfd = socket ( PF_INET, SOCK_STREAM, 0 );
ina.sin_family = AF_INET;
ina.sin_addr.s_addr = inet_addr ( server );
ina.sin_port = htons ( portnum );
memset ( ina.sin_zero, 0, 8 );
connect ( sockfd, ( struct sockaddr * ) &ina, sizeof ( struct
sockaddr ) );
slen = strlen ( pstr );
ptmp = pstr;
sentlen = 0;
leftover = slen;
do {
sentlen = send ( sockfd, ptmp, slen-sentlen, 0 );
ptmp += sentlen;
} while ( ptmp < ( pstr + slen ) );
shutdown ( sockfd, 2 );
close ( sockfd );
==========================================
Daniel POGAC wrote:
> Can you help me with use qmail analog ??? I have installed qmailanalog and
> have log file without time stamps...
>
> I think that i use incorrect syntaxes...
I'm using the following very simple Script for general Mail Statistics:
root@foxdev1:/usr/local/samba/lib> cat /usr/bin/mailstat
#! /bin/sh
/usr/local/bin/tai64nfrac < /var/log/qmail/qmail-send/current >
/var/log/maillog
/usr/local/qmailanalog/bin/matchup < /var/log/maillog >
/var/log/maillog.matchup
/usr/local/qmailanalog/bin/zoverall < /var/log/maillog.matchup
rm -rf /var/log/maillog*
--
--^..^--------------------------------------------------
michael maier - system & development administrator
flatfox ag, hanauer landstrasse 196a
d-60314 frankfurt am main
fon +49.(0)69.50 95 98-308
fax +49.(0)69.50 95 98-101
email [EMAIL PROTECTED]
url http://www.flatfox.com - m a k e m y d a y
--------------------------------------------------------
My server mail.foo.com receives all email for the foo.com domain.
Most messages are to be delivered locally on this server.
But, messages sent to certain addresses, for example "[EMAIL PROTECTED]",
need to be forwarded to another server, xxx.foo.com. In addition, the
envelope address needs to be unchanged when the messages get
forwarded. That is, the envelope needs to remain "[EMAIL PROTECTED]"
when mail.foo.com forwards the message to xxx.foo.com.
I can't figure out how to do this, since it appears that qmail's
forwarding mechanism appears to be based on transformations of the
envelope address.
Thanks for your help.
--
Mark Sidell
Chief Programmer
Forte Agent
On Wed, 15 Nov 2000, [EMAIL PROTECTED] wrote:
> I can't figure out how to do this, since it appears that qmail's
> forwarding mechanism appears to be based on transformations of the
> envelope address.
No, qmail does not transform the envelope address. Create a
~user/.qmail (or ~alias/.qmail-user) with:
| forward "$LOCAL"@otherhost.foo.com
As long as the other host received mail for otherhost.foo.com, all
will be fine (I know, I'm doing it...)
--
B r e t t R a n d a l l
http://xbox.ipsware.com/
brett _ @ _ ipsware.com
On 16 Nov 2000 00:16:19 +1100, Brett Randall wrote:
> No, qmail does not transform the envelope address. Create a
> ~user/.qmail (or ~alias/.qmail-user) with:
>
> | forward "$LOCAL"@otherhost.foo.com
>
> As long as the other host received mail for otherhost.foo.com, all
> will be fine (I know, I'm doing it...)
I found that I needed to modify the alias line slightly, to remove the
local user name that is prefixed to the address:
| forward "${LOCAL#*-}"@otherhost.foo.com
That way, [EMAIL PROTECTED] will get sent as
[EMAIL PROTECTED] instead of
[EMAIL PROTECTED]
--
Mark Sidell
Chief Programmer
Forte Agent
Hi,
My .qmail-default have the line: | /var/qmail/bin/fastforward -d
/etc/aliases.cdb. The /etc/aliases have the line: MAILER-DAEMON:admin . I'm
receiving a lot of emails from someone trying to spam me but, the accounts
that the spammer is trying to spam doesn't exists so, the qmail send a
MAILER-DAEMON message to 'admin' saying that the account doesn't exists. I
disabled this line from .qmail-default in order to prevent the qmail from
send this message but, I looked at the logs and I saw that when a message to
an unknown arrive this logs the message like DID. My question is : Where
this
messages to an unknown user is stored ? Is this message discarded ?
Roberto Samarone Araujo
I installed Qmailadmin and created a virtual domain and some users
for this domain so, I have emails like : [EMAIL PROTECTED] and [EMAIL PROTECTED] , ok
it's perfect but, I would like to know how can I get the emails sent to this
users(xxx,yyy) if they aren't users from the system(they are only users for
email) ? I tried to type this users and his password through a POP conection
but, the qmail didn't accepted the pop connetion for get this users emails.
Roberto Samarone Araujo
I have set up Qmail and (as a temp messure) allowed open relaying so my
users
can send through the server. You can send mail to a user on the machine but
it
seems to go into nothingness. Never being delivered, never being bouced.
Nothing.
I don't even know where to start.
Mark Anderson
On Wed, Nov 15, 2000 at 12:18:46PM -0000, Mark Anderson wrote:
> I don't even know where to start.
Start by looking to your logs.
james
Hello
I'm using ezmlm.
I have a list of people in a list.
I use ezmlm-send to send the message in the following way
# ezmlm-send ~/list < "mail.file"
I've checked the queue and the emails of the users that the message is
suposed to go are ok.
But after the email is sent by qmail the email that apears in the "To:"
label isn't correct.
It apears like this "pedro.pires?[EMAIL PROTECTED]" and it should apear
"[EMAIL PROTECTED]"
Anyone have experienced this?
Thanks
Pedro Pires
On Wed, Nov 15, 2000 at 12:51:43PM -0000, Pedro Pires wrote:
> Hello
>
> I'm using ezmlm.
Good. Then try the list for ezmlm: [EMAIL PROTECTED]
>
> I have a list of people in a list.
>
> I use ezmlm-send to send the message in the following way
>
> # ezmlm-send ~/list < "mail.file"
>
> I've checked the queue and the emails of the users that the message is
> suposed to go are ok.
>
> But after the email is sent by qmail the email that apears in the "To:"
> label isn't correct.
>
> It apears like this "pedro.pires?[EMAIL PROTECTED]" and it should apear
> "[EMAIL PROTECTED]"
>
> Anyone have experienced this?
>
> Thanks
> Pedro Pires
>
--
+-------------------
| Ricardo Cerqueira
| PGP Key fingerprint - B7 05 13 CE 48 0A BF 1E 87 21 83 DB 28 DE 03 42
| Novis - Engenharia ISP / Rede Técnica
| Pç. Duque Saldanha, 1, 7º E / 1050-094 Lisboa / Portugal
| Tel: +351 2 1010 0000 - Fax: +351 2 1010 4459
PGP signature
Hello
I am still new to qmail,
I was wondering if it is possible to create maildir folder automatically as
a mails are recieved ,probably by calling maildirmake during delivery ?
thanx in advance
Suresh
Mithi.com Pvt. Ltd.
------------------------------------------
Send and receive mail in Indian languages
Register free at http://www.mailjol.com
Adam McKenna <[EMAIL PROTECTED]> writes:
> On Tue, Nov 14, 2000 at 09:11:32PM +0100, Matthias Andree wrote:
> > Mr. Schneier is respected for his expertise and cryptography, and just
> > because he states that head money for bugs is no good, does not make him
> > an M S type weenie.
>
> You're right, Bruce Scheiner is a god, and I'm really sorry for disagreeing
> with him.
That is not what I meant, even subtracting sarcasm, irony and
exaggeration. I'm saying that one particular opinion on a marginal topic
that you disagree with does not make Mr. Schneier a bad person. Get a
clue, in that you try to find out about that person as a whole before
judging him.
--
Matthias Andree
Adam McKenna <[EMAIL PROTECTED]> writes:
> For what its worth, I was only originally expression an opinion on the
> few paragraphs that Mate posted, from some book that I had never heard
> of, by a "B. Schneier" [sic] I didn't know who he was talking about at
> first, and I was reacting to getting attacked from all sides. Perhaps
> in the future when people post quotes from print, they should include
> a little bit more context, and perhaps an ISBN number to eliminate
> confusion.
Searching the Index of the Dortmund University Library:
Verfasser : Schneier, Bruce
Titel/Stichwort: Applied cryptography
HSTZusatz : protocols, algorithms and source code in C
Verf.Vorlag : Bruce Schneier
Ausgabebez. : 2. ed.
Verlagsort : New York [u.a.]
Verlag : Wiley
Preis/Einband : kart. : £ 41.50
ISBN/ISSN : 0-471-12845-7
: 0-471-11709-9
Jahr : 1996
Umfangsangabe : XXIII, 758 S. : graph. Darst.
[...]
While the left column is in German, you should be able to extract the
desired information. The German translation, "Angewandte Kryptographie",
is published by Addison-Wesley, Bonn sinc 1996; bases on ISBN
0-471-11709-9, ISBN 3-89319-854-7. Translators have been Katja Karsunke
and Thomas Merz, again, for what it's worth.
I assume the £ (Pound Sterling) sign should really be a $ (Dollar)
sign. Check with your favourite book store or library.
--
Matthias Andree
Adam McKenna <[EMAIL PROTECTED]> writes:
> On Tue, Nov 14, 2000 at 03:11:43PM -0500, Paul Jarc wrote:
> > Adam McKenna <[EMAIL PROTECTED]> writes:
> > > Not to mention that the whole point of freeware and open source
> > > software in general is to give everyone the ability to audit the
> > > software, not just a select few.
> >
> > Dan's software isn't open source. [...]
>
> I said, "freeware and open source software". Do you always selectively
> ignore part of what someone says to make your point?
I ignored it because I wasn't sure what you meant, and it wouldn't
matter much anyway.
If by "freeware" you meant "Free Software" in the GNU sense, then
Dan's software isn't that either, and I'd say Free Software isn't
about auditability so much as customizability.
If by "freeware" you meant "software that is available for zero
price", then that doesn't imply the source is available, so there's
obviously no inherent tie to easier auditability there.
If by "freeware" you meant software that is distributed for free with
source, then Dan's qualifies, but to say that auditability is the goal
of *all* such software is a terribly strong statement, and as I said,
I'm not aware of Dan ever stating that this was even *one* of *his*
goals, let alone "the whole point".
paul
Adam McKenna <[EMAIL PROTECTED]> writes:
> On Tue, Nov 14, 2000 at 03:35:35PM -0500, Paul Jarc wrote:
> > [EMAIL PROTECTED] writes:
> > > Whilst an audit is a good idea, I don't see how a competition and
> > > time in the field can actual make matters worse.
> >
> > It can make people think a program is secure when no audit has been
> > done, reducing the likelihood that anyone will call for an audit,
> > leaving holes undiscovered.
>
> And a formal audit can miss security holes, reducing the likelihood
> that anyone will call for further audits, leaving holes undiscovered
> -- it's a double-edged sword. Auditing is an ongoing process, not
> something which takes place at one point in time and unilaterally
> declares something "secure".
None of this conflicts with what I said above, though. An audit is
more likely to find holes than is casual scrutiny in the field. An
audit is likely to be better than no audit.
paul
> Just because it's ``often'' done doesn't mean it's correct. To me, and
> possibly others, open source is used to describe software that uses a
> licence conforming to the Open Source Definition.
>
I like: "3 a: completely free from concealment : exposed to general view or
knowledge b : exposed or vulnerable to attack or question"
BSD folks may like: "14 a (1) : characterized by lack of effective
regulation of various commercial enterprises (2) : not repressed by legal
controls b : free from checking or hampering restraints c : relatively
unguarded by opponents "
(from www.yourdictionary.com) for the use of "Open".
Now back to security and audits and the DJB world.
For software I want to look at the overall design first. Then I want to see
the "style" the coder used. This is not about what tab stops were used or
the brace style but how comments, defines, subroutines, variable names and
constants are used in the code.
I did this with DJBDNS and DNSCache. I see the strengths and weaknesses of
the code and feel that within the scope of the project it is acceptable. For
a larger project I would have objections. It is possible that DJB has files
of code documentation that he has not made public that would eliminate these
objections.
My next wish would be to conduct a formal code review with the author. To
sit down and have them explain each routine. Tell me why they chose one
method over another. "Audits" have merit but in my view they are not as
productive as a formal review with the author.
As for license, it appears that DJB has chosen to simply reserve his lawful
rights as the author. I would assume that this is the safest path as the
case law is very extensive for these rights. I am unaware of any case law
involving the GLP (in its many forms).
Adam McKenna <[EMAIL PROTECTED]> writes:
> On Wed, Nov 15, 2000 at 08:18:29PM +1300, Chris K. Young wrote:
> > I say that dist.html should be considered authoritative. There are
> > references in the qmail and djbdns documentation that contain the
> > URL to their respective pages.
>
> That's what you say. But there isn't a definitive license (i.e. LICENSE or
> COPYING) in the qmail distribution that explains those rights
There's nothing magical about those names. The names "dist.html" and
"softwarelaw.html" are just as good, and I don't see why they should
have to be included in the distribution.
> some web page could be altered or taken down at any time, leaving
> users without any rights whatsoever.
IANAL (are you?), but I doubt that a copyright holder can revoke
permission already granted in this way. The *record* (or rather,
*one* record) of permission could be removed, but how does that affect
the permission itself?
paul
Charles Cazabon wrote:
> However, as far as qmail goes: all the crackers in the world have had access
> to the qmail source code and design documentation for years, and none have
> yet found an exploitable security hole. You could consider that a fairly
> thorough audit-by-fire.
There is no proof any were trying either.
--
Michael T. Babcock, C.T.O. FibreSpeed
http://www.fibrespeed.net/~mbabcock
Adam McKenna wrote:
> On Tue, Nov 14, 2000 at 09:11:32PM +0100, Matthias Andree wrote:
>
>> Mr. Schneier is respected for his expertise and cryptography, and just
>> because he states that head money for bugs is no good, does not make him
>> an M S type weenie.
>
>
> You're right, Bruce Scheiner is a god, and I'm really sorry for disagreeing
> with him.
No, no ... this is a djb list -- HE is god, and Bruce is just respected ;-).
--
Michael T. Babcock, C.T.O. FibreSpeed
http://www.fibrespeed.net/~mbabcock
Paul Jarc <[EMAIL PROTECTED]> writes on 15 November 2000 at 11:07:43 -0500
> Adam McKenna <[EMAIL PROTECTED]> writes:
> > On Wed, Nov 15, 2000 at 08:18:29PM +1300, Chris K. Young wrote:
> > > I say that dist.html should be considered authoritative. There are
> > > references in the qmail and djbdns documentation that contain the
> > > URL to their respective pages.
> >
> > That's what you say. But there isn't a definitive license (i.e. LICENSE or
> > COPYING) in the qmail distribution that explains those rights
>
> There's nothing magical about those names. The names "dist.html" and
> "softwarelaw.html" are just as good, and I don't see why they should
> have to be included in the distribution.
In terms of convincing a corporate lawyer that it's okay to install
software on a corporate system, a specific license distributed with
the software specifically granting various permissions would be
extremely useful.
Dan is probably right that no special permissions are needed to make
normal uses of his code (which is what he says on his web pages), but
if the corporate lawyer isn't in agreement with him, he's going to say
"no". That's a corporate lawyer's job, after all.
> > some web page could be altered or taken down at any time, leaving
> > users without any rights whatsoever.
>
> IANAL (are you?), but I doubt that a copyright holder can revoke
> permission already granted in this way. The *record* (or rather,
> *one* record) of permission could be removed, but how does that affect
> the permission itself?
Demonstrating that the permission was granted gets harder if the pages
are taken down.
--
David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED]
SF: http://www.dd-b.net/dd-b/ Minicon: http://www.mnstf.org/minicon/
Photos: http://dd-b.lighthunters.net/
Mate Wierdl <[EMAIL PROTECTED]> writes on 15 November 2000 at 00:07:35 -0600
> On Tue, Nov 14, 2000 at 04:13:19PM -0500, Bennett Todd wrote:
> > efforts is on monitoring and risk management. With that as a given,
> > I expect he runs sendmail and BIND; things like qmail and djbdns are
> > for those of us who haven't given up on really completely securing
> > our systems:-).
>
> First I thought B.S. runs qmail and ezmlm, but it seems his
> mailinglist is run by DD-B. counterpane.com servers run postfix and
> sendmail---as you indicated.
Just for nit-picky precision, I don't run the list; it's run by one of
Bruce's employees, using my system, and the software I have installed
there.
--
David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED]
SF: http://www.dd-b.net/dd-b/ Minicon: http://www.mnstf.org/minicon/
Photos: http://dd-b.lighthunters.net/
On Wed, Nov 15, 2000 at 11:07:43AM -0500, Paul Jarc wrote:
> Adam McKenna <[EMAIL PROTECTED]> writes:
> > On Wed, Nov 15, 2000 at 08:18:29PM +1300, Chris K. Young wrote:
> > > I say that dist.html should be considered authoritative. There are
> > > references in the qmail and djbdns documentation that contain the
> > > URL to their respective pages.
> >
> > That's what you say. But there isn't a definitive license (i.e. LICENSE or
> > COPYING) in the qmail distribution that explains those rights
>
> There's nothing magical about those names. The names "dist.html" and
> "softwarelaw.html" are just as good, and I don't see why they should
> have to be included in the distribution.
>
> > some web page could be altered or taken down at any time, leaving
> > users without any rights whatsoever.
>
> IANAL (are you?), but I doubt that a copyright holder can revoke
> permission already granted in this way. The *record* (or rather,
> *one* record) of permission could be removed, but how does that affect
> the permission itself?
No, I'm not a lawyer, but to defend a copyright infringement claim in court
you would need some sort of proof that you had been given that permission,
and if a web page that can be taken down or modified at any time is the only
source, I can see how that would be unsettling to advocates of Free Software.
If a license had been included in the source tarball, then everyone who had
downloaded that tarball would also have a copy of the license, making it much
easier to prove the terms under which the software was released.
I'm not saying Dan would ever sue anyone for infringement, but then again I'm
not the person deciding whether or not something should go in main or
non-free (and if I was, I'd probably still put it in non-free, even though I
believe it loosely conforms.)
It's also worth mentioning that while softwarelaw.html describes Dan's
feelings about software/copyright law, it may or may not describe actual
software/copyright law (case law or otherwise). As far as I know, Dan is not
a lawyer either.
--Adam
--
Adam McKenna <[EMAIL PROTECTED]> | "No matter how much it changes,
http://flounder.net/publickey.html | technology's just a bunch of wires
GPG: 17A4 11F7 5E7E C2E7 08AA | connected to a bunch of other wires."
38B0 05D0 8BF7 2C6D 110A | Joe Rogan, _NewsRadio_
12:48pm up 158 days, 11:04, 11 users, load average: 0.05, 0.06, 0.01
"David Dyer-Bennet" <[EMAIL PROTECTED]> wrote:
>Dan is probably right that no special permissions are needed to make
>normal uses of his code (which is what he says on his web pages), but
>if the corporate lawyer isn't in agreement with him, he's going to say
>"no". That's a corporate lawyer's job, after all.
Anyone's lawyers disagree with Dan? If not, I don't see why Dan should
concern himself with convincing hypothetical lawyers...real lawyers
are enough of a challenge.
-Dave
Adam McKenna <[EMAIL PROTECTED]> wrote:
>I think "select few" as you have used it needs clarification -- even if only
>one half of one percent of all advanced C programmers are part of the "select
>few", that's still hundreds or thousands of people, and many of those people
>are part of the open source community.
That estimate may well be high. I've never seen books or training
covering the topic of security auditing C code. Where'd you get that
0.5%?
>A hell of a lot more, anyway, than
>are working at so-called "security firms", ready to stamp their approval on
>any product they get six or seven digit payments to "certify".
``So-called "security firms"'' that don't know what they're doing will
eventually be discovered for the frauds that they are. In the security
business, reputation is everything. An audit by some random "security
firm" might not mean anything, but an audit by a recognized authority
would.
-Dave
Bennett Todd <[EMAIL PROTECTED]> wrote:
>And a case could be made that the charming and personable way qmail
>has been represented in various public fora makes this audit-by-fire
>even better: at this point, there are enough people around the world
>who hate djb's guts and would never touch anything that he even
>advocated much less wrote, just because of how much they like his
>way of carrying on discussions in public mailing lists, that I kinda
>expect more than one person has gone wading through qmail with blood
>in his eye, desperately hoping to wipe the smug grin off djb's face
>and get him to knock off the damned gloating already. Hasn't
>happened yet. _That's_ trial by fire.
That's exactly what happened with Wietse Venema's "audit" of qmail
that turned up the qmail-smtpd DOS (which is trivially prevented by
proper installation (which INSTALL still doesn't cover, BTW)), which
prompted Dan's "audit" of Postfix that turned up the problems with the
world-writable maildrop.
-Dave
On Wed, Nov 15, 2000 at 02:16:38PM +0100, Matthias Andree wrote:
> Adam McKenna <[EMAIL PROTECTED]> writes:
>
> > On Tue, Nov 14, 2000 at 09:11:32PM +0100, Matthias Andree wrote:
> > > Mr. Schneier is respected for his expertise and cryptography, and just
> > > because he states that head money for bugs is no good, does not make him
> > > an M S type weenie.
> >
> > You're right, Bruce Scheiner is a god, and I'm really sorry for disagreeing
> > with him.
>
> That is not what I meant, even subtracting sarcasm, irony and
> exaggeration. I'm saying that one particular opinion on a marginal topic
> that you disagree with does not make Mr. Schneier a bad person. Get a
> clue, in that you try to find out about that person as a whole before
> judging him.
When, exactly, did I say he was a bad person? You are putting words in my
mouth.
Mate posted the following:
"He also thinks that even having a software out and used for a few
years without incidence does not imply that it is secure. He says,
the best way to evaluate the security of a product is to have it
audited by security experts."
And I responded in context. Whether or not you or Mr. Scheiier like it,
Microsoft has been using almost this exact argument to advocate their
software over Free Software for quite a while now.
I was informed (rather nastily) by Schneier disciples in subsequent postings
that this opinion is not actually held by Mr. Schneier, and I (rather
sarcastically) retracted my comments. Do we really need to dwell on this
anymore? Or are we just arguing for the sake of arguing?
I admit that I did not go look up "Secrets and Lies", buy it, read it, and
then read other material by B. Schneier before posting a reply, but whether
or not I am a self-proclaimed "security expert" (I'm not), I am relatively
informed and knowledgable about computer security, and I am entitled to my
opinion(s), whether or not they agree with Mr. Schneier's opinions, or the
opinions of anyone else on this list.
--Adam
--
Adam McKenna <[EMAIL PROTECTED]> | "No matter how much it changes,
http://flounder.net/publickey.html | technology's just a bunch of wires
GPG: 17A4 11F7 5E7E C2E7 08AA | connected to a bunch of other wires."
38B0 05D0 8BF7 2C6D 110A | Joe Rogan, _NewsRadio_
1:45pm up 158 days, 12:01, 10 users, load average: 0.00, 0.00, 0.00
Ryan Russell <[EMAIL PROTECTED]> writes:
> On Tue, 14 Nov 2000, Mate Wierdl wrote:
> > Indeed, it would be interesting what kind of testing he is running on
> > qmail, say (he says there are over 100 tests), and how he is trying to
> > make sure his software is secure.
>
> If you want to see some of the tests he does, check out rts.tests that
> comes in the djbdns distribution.
That sort of thing has its place, but it's not really related to
auditing at all. Mostly, it's good for detecting compilation
problems.
paul
Bennett Todd wrote:
> 2000-11-14-16:37:06 Lipscomb, Al:
>> "Free Software" as promoted by the Free Software Foundation (FSF)
>> is a different thing. I belive that the DJB software is Open
>> Source, but not free.
>
> Unlike Open Source, the phrase "free software" strongly predates the
> Free Software Foundation and they've made no attempt at branding it;
> rather, they pursue branding the GNU General Public License (GPL),
> which is stricter than (but compatible with) the Open Source
> Definition.
I must disagree with you here -- the FSF does indeed spend time and
effort to make sure that the term "Free Software" brings the FSF to
peoples' minds. Feel free to read the recent discussion between a 3D
library programmer and RMS (last week's slashdot articles?) -- RMS
spends much time pointing out that he will talk about "free software"
but not "open source" because "open source" is one thing and "free
software" is what the FSF is about.--
Michael T. Babcock, C.T.O. FibreSpeed
http://www.fibrespeed.net/~mbabcock
* Felix von Leitner <[EMAIL PROTECTED]> writes:
[...]
> The OpenBSD guys lost their credibility as software security authority
> when they decided to include sendmail as standard MTA.
Well, we all know why they cannot include qmail. :-/
> Theo is rumored to have said something like "There were no remote root
> exploits for two years, so it must be secure now, right?"
I don't have any sort of sexual relationship with Theo, but that's not
quite true. It's more like "we've had a look at the code and it looks
secure now, right?". And I know that *my* copies of OpenBSD are not
running sendmail.
--
Robin S. Socha <http://socha.net/>
On Wed, Nov 15, 2000 at 01:21:40PM -0500, Dave Sill wrote:
> Adam McKenna <[EMAIL PROTECTED]> wrote:
>
> >I think "select few" as you have used it needs clarification -- even if only
> >one half of one percent of all advanced C programmers are part of the "select
> >few", that's still hundreds or thousands of people, and many of those people
> >are part of the open source community.
>
> That estimate may well be high. I've never seen books or training
> covering the topic of security auditing C code. Where'd you get that
> 0.5%?
I pulled it out of somewhere.
> >A hell of a lot more, anyway, than
> >are working at so-called "security firms", ready to stamp their approval on
> >any product they get six or seven digit payments to "certify".
>
> ``So-called "security firms"'' that don't know what they're doing will
> eventually be discovered for the frauds that they are. In the security
> business, reputation is everything. An audit by some random "security
> firm" might not mean anything, but an audit by a recognized authority
> would.
It might. It also might not, because even the best auditors could miss
something.
--Adam
--
Adam McKenna <[EMAIL PROTECTED]> | "No matter how much it changes,
http://flounder.net/publickey.html | technology's just a bunch of wires
GPG: 17A4 11F7 5E7E C2E7 08AA | connected to a bunch of other wires."
38B0 05D0 8BF7 2C6D 110A | Joe Rogan, _NewsRadio_
2:18pm up 158 days, 12:35, 10 users, load average: 0.00, 0.00, 0.00
On 15 Nov 2000, Paul Jarc wrote:
> > If you want to see some of the tests he does, check out rts.tests that
> > comes in the djbdns distribution.
>
> That sort of thing has its place, but it's not really related to
> auditing at all. Mostly, it's good for detecting compilation
> problems.
>
Several of the things he checks for are related to too-long requests. In
my mind, that's checking for buffer overflows. Perhaps that wasn't the
intention.
Ryan
Dave Sill <[EMAIL PROTECTED]> writes on 15 November 2000 at 13:09:25 -0500
> "David Dyer-Bennet" <[EMAIL PROTECTED]> wrote:
>
> >Dan is probably right that no special permissions are needed to make
> >normal uses of his code (which is what he says on his web pages), but
> >if the corporate lawyer isn't in agreement with him, he's going to say
> >"no". That's a corporate lawyer's job, after all.
>
> Anyone's lawyers disagree with Dan? If not, I don't see why Dan should
> concern himself with convincing hypothetical lawyers...real lawyers
> are enough of a challenge.
Given the prevalence of licenses distributed with free software, I
believe LOTS of people's lawyers are of the opinion that it's of
value.
--
David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED]
SF: http://www.dd-b.net/dd-b/ Minicon: http://www.mnstf.org/minicon/
Photos: http://dd-b.lighthunters.net/
Adam McKenna <[EMAIL PROTECTED]> wrote:
>On Wed, Nov 15, 2000 at 01:21:40PM -0500, Dave Sill wrote:
>>
>> An audit by some random "security
>> firm" might not mean anything, but an audit by a recognized authority
>> would.
>
>It might. It also might not, because even the best auditors could miss
>something.
No, it *would* mean something. The fact that audit won't be perfect
and might miss something doesn't mean that audits are worthless, it
just means that they can't guarantee security.
-Dave
Adam McKenna <[EMAIL PROTECTED]> writes:
> When, exactly, did I say he was a bad person? You are putting words in my
> mouth.
I extracted that from the term "M$-weenie".
> And I responded in context. Whether or not you or Mr. Scheiier like it,
> Microsoft has been using almost this exact argument to advocate their
> software over Free Software for quite a while now.
Yes, and we can see how long it takes Microsoft to fix these issues,
particularly for localized software. You don't see the audit reports,
you don't know who makes them, and so on. You know that. Security by
obscurity cannot be alleviated by FUD.
> I admit that I did not go look up "Secrets and Lies", buy it, read it, and
> then read other material by B. Schneier before posting a reply, but whether
> or not I am a self-proclaimed "security expert" (I'm not), I am relatively
> informed and knowledgable about computer security, and I am entitled to my
> opinion(s), whether or not they agree with Mr. Schneier's opinions, or the
> opinions of anyone else on this list.
Of course, the presentation of your opinion, calling somebody you don't
know names, left room for desires.
--
Matthias Andree
On Wed, Nov 15, 2000 at 10:01:18PM +0100, Matthias Andree wrote:
> Of course, the presentation of your opinion, calling somebody you don't
> know names, left room for desires.
I said "sounds like". And in the context in which his opinion was presented,
it sounds a lot like MS's.
--Adam
--
Adam McKenna <[EMAIL PROTECTED]> | "No matter how much it changes,
http://flounder.net/publickey.html | technology's just a bunch of wires
GPG: 17A4 11F7 5E7E C2E7 08AA | connected to a bunch of other wires."
38B0 05D0 8BF7 2C6D 110A | Joe Rogan, _NewsRadio_
5:17pm up 158 days, 15:33, 10 users, load average: 0.06, 0.02, 0.00
Mate Wierdl wrote:
[included qmail list again]
> On Wed, Nov 15, 2000 at 12:29:14AM +0100, Andre Oppermann wrote:
> > I, as the author of the qmail-ldap patch, have looked deeply into the
> > guts of qmail and found it to be secure. If one actually reads the
> > source and see's the way Dan writes software he would find that qmail
> > is secure. The only possible holes are OS bugs or issues.
>
> Now that sounds really good. Does this mean you ran several
> systematic tests? Do you have any observation on DoS attacks like the
> "distributed" qmail-smtpd attack of Russ or the "queue attack" of
> Vietse where a local user could fill up the queue in seconds with
> 0 length files?
DoS attacks were not part of the evaluation. Since the focus of
qmail-ldap is closed non-shell mail servers also local attacks have
not been looked at in very deep detail.
What can be said truely is that qmail is safe from any remote attacks
in terms of exploiting bugs of buffer overflows via SMTP or POP3.
There are two kinds of DoS attacks; attacks that last as long as they
are mounted, as soon as it stop everything goes back to normal. And
attacks that make a system require manual intervention to make it
fulfill it's purpose again.
Given enough resources it is very well possible indeed to DoS qmail
by consuming all available SMTP sessions. While this attack qmail
will not bog down the whole machine and as soon as the attack is over
it will simply return to normal processing of messages. Sendmail on
the other hand (at least used to) fork until the whole machine bogs
down.
Another possible qmail attack is it's late bouncing for non-existent
users. Using a false envelope sender address you could fill up the
queue with double bounces. I consider this a more serious problem.
The decision to handle bouncing this way was appearently part of the
security and modularity concept of qmail. Qmail-ldap contains many
enhancements to check the envelope sender to make this more unlikely.
Never the less it is still possible. Whereas I still rest well at
night because this kind of attack requires significant remote
resources and is not likely to happen. Anyway, this kind of attack
can be mounted against other MTA's as well. It's simply a problem of
finite resources.
While not perfect in any given aspect qmail is surely one of the best,
if not the best, MTA you can run and trust on.
--
Andre
Hi,
I'm just setting up mailuser for using qmail. The defaultdeliverymethod
is Maildir. What is the best right for the maildirectories to be sure
that mails can be written in the users Maildir and no other unixuser can
make something else with mails that are not for him.
Actualy I have given the maildirs 707 and my maildir I have set to 703.
Regards,
Ruprecht
-----------------------------------------------------------
INTERNOLIX Standards for eBusiness
------------------------------------------------------------
INTERNOLIX AG
Ruprecht Helms
System-Engineer
http://www.internolix.com
mail:[EMAIL PROTECTED]
Weiherstr. 20 Tel: +49-[0]7533-9945-71
78465 Konstanz Fax: +49-[0]7533-9945-79
Hi,
I'm just setting up mailuser for using qmail. The defaultdeliverymethod
is Maildir. What is the best right for the maildirectories to be sure
that mails can be written in the users Maildir and no other unixuser can
make something else with mails that are not for him.
Actualy I have given the maildirs 707 and my maildir I have set to 703.
Regards,
Ruprecht
-----------------------------------------------------------
INTERNOLIX Standards for eBusiness
------------------------------------------------------------
INTERNOLIX AG
Ruprecht Helms
System-Engineer
http://www.internolix.com
mail:[EMAIL PROTECTED]
Weiherstr. 20 Tel: +49-[0]7533-9945-71
78465 Konstanz Fax: +49-[0]7533-9945-79
On Wed, 15 Nov 2000, [EMAIL PROTECTED] wrote:
> I'm just setting up mailuser for using qmail. The
> defaultdeliverymethod is Maildir. What is the best right for the
> maildirectories to be sure that mails can be written in the users
> Maildir and no other unixuser can make something else with mails
> that are not for him.
Is the maildir in their home folder? Then that is all that
matters. Set the numbers to whatever you like (777 if you really want
to). Since the parent folder ($HOME) is readable only by the owner (if
you haven't mangled the permissions), noone else will be able to read
~user/maildir/.
--
B r e t t R a n d a l l
http://xbox.ipsware.com/
brett _ @ _ ipsware.com
Brett Randall <[EMAIL PROTECTED]> wrote:
>Is the maildir in their home folder? Then that is all that
>matters.
Nope. The mode on the home directory matters, too.
>Set the numbers to whatever you like (777 if you really want
>to). Since the parent folder ($HOME) is readable only by the owner (if
>you haven't mangled the permissions), noone else will be able to read
>~user/maildir/.
All the world is not running whatever OS/distribution you happen to be
using, so it's not safe to assume that home directories aren't
publicly accessible. Even if every OS got this right, it'd still be
prudent to protect subdirectories in case the home dir mode gets
changed.
Only the user needs access to the maildir, so "chmod 700 ~/Maildir"
should do the trick.
-Dave
On Wed, 15 Nov 2000, [EMAIL PROTECTED] wrote:
> At 01:14 16.11.00 +1100, you wrote:
>>Then that is all that matters. Set the numbers to whatever you like
>>(777 if you really want to).
>
> with 777 you enable all, that's not I wont. I want the min, but mail
> must function.
I'm not sure you actually understand how unix works. All the folders
in /home shouldn't be accessible to other users anyhow. They should
only be able to access their own home dir. Therefore the same goes for
everything inside (including their maildir). I think you should go and
read a small book on unix administration before you go any further...
--
B r e t t R a n d a l l
http://xbox.ipsware.com/
brett _ @ _ ipsware.com
hi,
1. I am able to send & receive mails, but i need to start qmail manually
even though i have written the init scripts.
This is the error i get in the nohup.out which is created when starting
qmail file : nonup env - PATH="$PATH" svscan &
./run: Can't reopen pipe to command substitution (fd 4): No child processes
And on checking the files under /var/log/qmail directory I get the following
message :
@400000003a12898c17eccf2c tcpserver: fatal: unable to bind: address already
used.
The IP that has been assigned to this linux box is not being used anywhere
else.
2.One more thing was the machine was giving a 'host not found' error for the
2nd domain that i had given. I had assigned a
2nd domain and given the full entries in the locals and the rcpthosts
file. When i try to send a mail to that domain, it gives
me a "Host unknown (Name server: lists.example2.com.example2.com : host
not found)" error.The dns entries for the MX
and A records point to the correct machine but this error occurs. I tried
telnet into that domain on port 25. It accepted the
RCPT TO address and the data. But when i checked the logs i founs the
error :
Nov 15 18:54:33 lists qmail: 974294673.441538 delivery 37: deferral:
Sorry,_I_couldn't_find_any_host_by_that_name._(#4.1.2)/.
Now I am stuck here. Could u plz suggest a way out.
Again Thanks in Advance
Regards
Kiran
----- Original Message -----
From: Mike Smith <[EMAIL PROTECTED]>
To: Kiran <[EMAIL PROTECTED]>
Sent: Sunday, November 12, 2000 2:21 AM
Subject: Re: Fw: re-smtp port
>
>
> You still have previous qmail processes running. Assuming from your
previous
> mails, you don't have init scripts, yet. Just ps for the qmail-send
process and
> kill it. When it dies, the other three process running (qmail-lspawn,
> qmail-rspawn, and qmail-clean) will die, as well. Brutal, but effective.
>
> -Mike
>
> -----Original Message-----
> From: "Kiran" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>, "Denis Petrov" <[EMAIL PROTECTED]>
> Date: Sat, 11 Nov 2000 23:02:12 +0530
> Subject: Fw: re-smtp port
>
> >Hi,
> >
> >I was just looking into the logs. It gives an error message :
> >tcpserver: fatal: unable to bind: address already used.
> >
> >What could this mean?
> >
> >Kiran
> >----- Original Message -----
> >From: Kiran <[EMAIL PROTECTED]>
> >To: <[EMAIL PROTECTED]>; Denis Petrov <[EMAIL PROTECTED]>
> >Cc: <[EMAIL PROTECTED]>
> >Sent: Saturday, November 11, 2000 8:39 PM
> >Subject: Re: re-smtp port
> >
> >
> >> Hi,
> >> Thanks for that info. I was able to telnet to the particular port after
> >> adding the lines in inetd.conf.
> >>
> >> After this i was able to place the scripts etc for starting qmail
> >> automatically while booting. While installing the ucspi-tcp package i
> >> reliased that scripts for starting this were not avaliable . Could u
giude
> >> as to where to get these?
> >>
> >> Thanks in Advance
> >>
> >> Regards
> >> Kiran
> >>
> >> ----- Original Message -----
> >> From: vasudeva <[EMAIL PROTECTED]>
> >> To: <[EMAIL PROTECTED]>
> >> Sent: Saturday, November 11, 2000 1:27 PM
> >> Subject: re-smtp port
> >>
> >>
> >> > Hi,
> >> > could u inserted line related to smtp in
> >> > /etc/inetd.conf.. ? if not include the following line
> >> > # Smtp setup for qmail
> >> > smtp stream tcp nowait qmaild /var/qmail/bin/tcp-env
> >> > tcp-env /var/qmail/bin/qmail-smtpd
> >> >
> >> > and also check the file /etc/services the port 25
> >> > shoulb be enabled.
> >> >
> >> > Ok try this and get back to me
> >> >
> >> > Vasu
> >> > Systems Administrator
> >> > Eximsoft Technologies Pvt ltd.
> >> > Bangalore
> >> > email: [EMAIL PROTECTED]
> >> >
> >> >
> >> > =====
> >> >
> >> >
> >> > __________________________________________________
> >> > Do You Yahoo!?
> >> > Thousands of Stores. Millions of Products. All in one Place.
> >> > http://shopping.yahoo.com/
> >
> >
"Kiran" <[EMAIL PROTECTED]> wrote:
>1. I am able to send & receive mails, but i need to start qmail manually
>even though i have written the init scripts.
> This is the error i get in the nohup.out which is created when starting
>qmail file : nonup env - PATH="$PATH" svscan &
>
>./run: Can't reopen pipe to command substitution (fd 4): No child processes
Hmm, I wonder what's in your run script(s).
>And on checking the files under /var/log/qmail directory I get the following
>message :
>
>@400000003a12898c17eccf2c tcpserver: fatal: unable to bind: address already
>used.
tcpserver is trying to listen to some port (probably 25), but
something else is already listening on that port (e.g., sendmail,
inetd, xinetd, tcpserver).
>The IP that has been assigned to this linux box is not being used anywhere
>else.
The "address" it's talking about is a port number, not an IP address.
>2.One more thing was the machine was giving a 'host not found' error for the
>2nd domain that i had given. I had assigned a
> 2nd domain and given the full entries in the locals and the rcpthosts
>file. When i try to send a mail to that domain, it gives
> me a "Host unknown (Name server: lists.example2.com.example2.com : host
>not found)" error.The dns entries for the MX
> and A records point to the correct machine but this error occurs. I tried
>telnet into that domain on port 25. It accepted the
> RCPT TO address and the data. But when i checked the logs i founs the
>error :
>Nov 15 18:54:33 lists qmail: 974294673.441538 delivery 37: deferral:
>Sorry,_I_couldn't_find_any_host_by_that_name._(#4.1.2)/.
>
>Now I am stuck here. Could u plz suggest a way out.
Sure: provide some real information instead of a summary that says,
basically, "I did everything right but it doesn't work." The output of
qmail-showctl would be a good start.
-Dave
Is it possible to write a filter for maildrop such that it automatically
does a maildirmake and creates a maildir ,may it can read the message
,extract the user name and create a maildir for the same?I am sure this will
make it more scalable
Suresh
Mithi.com Pvt. Ltd.
------------------------------------------
Send and receive mail in Indian languages
Register free at http://www.mailjol.com
Hello
any knows what is automaildirmake
Suresh
Mithi.com Pvt. Ltd.
------------------------------------------
Send and receive mail in Indian languages
Register free at http://www.mailjol.com
"suresh" <[EMAIL PROTECTED]> wrote:
>any knows what is automaildirmake
No, but but I'm sure if you keep asking about it, someone will.
-Dave
On Wed, Nov 15, 2000 at 01:05:26PM -0500, Dave Sill wrote:
> "suresh" <[EMAIL PROTECTED]> wrote:
>
> >any knows what is automaildirmake
>
> No, but but I'm sure if you keep asking about it, someone will.
It's a feature of qmail-ldap. I haven't seen it anywhere else.
RC
--
+-------------------
| Ricardo Cerqueira
| PGP Key fingerprint - B7 05 13 CE 48 0A BF 1E 87 21 83 DB 28 DE 03 42
| Novis - Engenharia ISP / Rede Técnica
| Pç. Duque Saldanha, 1, 7º E / 1050-094 Lisboa / Portugal
| Tel: +351 2 1010 0000 - Fax: +351 2 1010 4459
PGP signature
Hi,
While thinking this over, I became confused so I was
wondering if someone could shed some light on adding
an outgoing-only qmail server to a network/domain.
Any docs, references, etc, for pointers are very much
appreciated.
What I would like to do is this:
host1 -> primary MX for incoming and outgoing
host2 -> outgoing only
host1 will be used for "regular" email traffic, with
legit user accounts, while host2 will be mainly used
for pumping out big loads of outgoing email (handling
large lists).
All bounces (and ofcourse all incoming email) will go
to host1.
Limited number of admins will be handling the lists on
host2, so all email intended to go out to list members
will be injected at host2 (e.g. not relayed from any
other hosts).
Thanks in advance,
jamie
#---------#---------#---------#---------#---------#---------#---------#
-- If somebody can help create a search engine for my room,
I will call them a Saint...
GUI == Graphical User Interference
"James T. Perry" <[EMAIL PROTECTED]> wrote:
>What I would like to do is this:
> host1 -> primary MX for incoming and outgoing
> host2 -> outgoing only
>
>host1 will be used for "regular" email traffic, with
>legit user accounts, while host2 will be mainly used
>for pumping out big loads of outgoing email (handling
>large lists).
>
>All bounces (and ofcourse all incoming email) will go
>to host1.
>Limited number of admins will be handling the lists on
>host2, so all email intended to go out to list members
>will be injected at host2 (e.g. not relayed from any
>other hosts).
OK, so where are you stuck? Install qmail on host1 and host2, but skip
qmail-smtpd on host2. Configure host2 to pretend to be either the MX
or host1 (e.g., in control/me replace host2 with host1).
-Dave
Hi Dave,
Dave Sill wrote:
> OK, so where are you stuck?
oops, sorry ;)
I must have sent out the message in the middle of my racing
thoughts.
I was wondering whether to include host2 also as an MX in the
dns records although host1 is the only MX handling incoming and
part of outgoing (none from host2).
> Install qmail on host1 and host2, but skip qmail-smtpd on
> host2. Configure host2 to pretend to be either the MX
> or host1 (e.g., in control/me replace host2 with host1).
Wow, that simple?
Thank you for your input.
(now I need to find myself another box :)
OTOH, this is where I am confused still:
If I'm correct, I don't need an MX entry for host2 in the
dns records right? (since it shouldn't respond to incoming
messages)
But if host2 sends email out as host1 without host2 listed
as an MX, wouldn't the IP address or "return-path" resolve
back to an "unknown" host, or get denied from the remote
smtp server?
Where-as, if host2 was listed also as an MX, qmail-smtpd is
not running on it so won't the messages get deferred/bounced
if any incoming connections were attempted?
(sorry for this confusion)
Thanks again.
cheers,
jamie
#---------#---------#---------#---------#---------#---------#---------#
-- If somebody can help create a search engine for my room,
I will call them a Saint...
GUI == Graphical User Interference
"James T. Perry" <[EMAIL PROTECTED]> wrote:
>I was wondering whether to include host2 also as an MX in the
>dns records although host1 is the only MX handling incoming and
>part of outgoing (none from host2).
No, only SMTP servers should be listed in MX's.
>If I'm correct, I don't need an MX entry for host2 in the
>dns records right? (since it shouldn't respond to incoming
>messages)
Right.
>But if host2 sends email out as host1 without host2 listed
>as an MX, wouldn't the IP address or "return-path" resolve
>back to an "unknown" host, or get denied from the remote
>smtp server?
A clever remote server might reverse lookup host2's IP address,
yes. I think it'd be sufficient to set control/helohost to host2's
FQDN. I don't know of any MTA's that check the return path hostname
against the HELO hostname.
>Where-as, if host2 was listed also as an MX, qmail-smtpd is
>not running on it so won't the messages get deferred/bounced
>if any incoming connections were attempted?
Yes, they would.
-Dave
Hi Dave,
I just wanted to thank you for giving me clarity (which also
set off a number of chain-reactions in my head :).
Best regards,
jamie
#---------#---------#---------#---------#---------#---------#---------#
-- If somebody can help create a search engine for my room,
I will call them a Saint...
GUI == Graphical User Interference
> Eric Yu:
> The file size for both /var/qmail/control/locals and rcpthosts exceeds
> 1M (this incl. around 65000 cobrands).
in this case you should allocate as much space in the ./run- files.
the routines activated usually return some result or -1 to indicate
failure. so you should establish the exact point of failure. then
you might want to try the environment settings (how big is the
resident set size of the different qmail programs?).
> 421 unable to read controls (#4.3.0)
could this mean a malloc failure?
clemens
[EMAIL PROTECTED] wrote:
>I'd upgraded my daemontools on qmail from version 0.53 to 0.7.
>The file size for both /var/qmail/control/locals and rcpthosts exceeds
>1M (this incl. around 65000 cobrands).
>However using the new daemontool with svscan somehow prevent qmail from
>running
>with big locals and rcpthosts, i hv try to reducing the file size to
>around 160K (around 10000 cobrands) and it works. However when i add
>5000 cobrand more into the locals and rcpthosts, it crashes again.
You should definitely be using control/morercphosts. See the
qmail-smtpd man page.
-Dave
"Expert" <[EMAIL PROTECTED]> wrote:
> My .qmail-default have the line: | /var/qmail/bin/fastforward -d
>/etc/aliases.cdb. The /etc/aliases have the line: MAILER-DAEMON: admin . I'm
>receiving a lot of emails from someone trying to spam me but, the accounts
>that the spamer is trying to spam doesn't exists so, the qmail send a
>MAILER-DAEMON message to admin saying that the account doesn't exists.
By default, qmail sends double bounces to postmaster, not
MAILER-DAEMON. Bounces and double bounces are sent *from*
MAILER-DAEMON, but removing a MAILER-DAEMON alias won't stop them from
being sent r delivered to postmaster.
>I disabled this line from .qmail-default in order to prevent the
>qmail from send this message but, I looked at the logs and I saw that
>when a message to an unknown arrive this logs the message DID.
What does "the message DID" mean?
>My question is : Where this messages to an unknown user is stored ?
They're not stored, they're returned to the sender (a bounce). If the
sender is invalid, the bounce bounces (a double bounce), which is sent
to postmaster on recipient's system.
>Is this message discarded ?
qmail doesn't discard messages, bounces, or double bounces, but triple
bounces (double bounces that can't be delivered to postmaster (or
doublebounceto)) *are* discarded.
-Dave
wolfgang zeikat <[EMAIL PROTECTED]> wrote:
>how can i make qmail accept mails for
>user@[123.123.123.123] when the machine 123.123.123.123 forwards all mails
>to our qmail server?
Put 123.123.123.123 in control/locals and control/rcpthosts.
-Dave
Dave Sill wrote:
> Put 123.123.123.123 in control/locals and control/rcpthosts.
>
> -Dave
ACK! i had mistyped the IP in both files, thanks for making me check
once more :)
wolfgang
I am using qmail-scanner, and it has been effectively blocking this
virus, although I'm tired of recieving the notifications about it (at
least 2-5 daily), yet I don't want to disable the mail me feature just
for this one virus. Aside from setting up a filter in my MUA to delete
these, I would prefer to block it on the qmail side before it reaches
the qmail-scanner program. Here is the header, it's all sorts of messed
up and they all come from different IP's (I think it's being spoofed),
and I've already attempted blocking it in the badmailfrom file as
anything from sexyfun.net:
Received: from ol53-251.openlink.com.br (HELO v5o0d0) (200.188.53.251)
by ns1.mycomputer.com with SMTP; 15 Nov 2000 17:30:50 -0000
From: Hahaha <[EMAIL PROTECTED]>
Subject: Branca de Neve pornô!
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="--VE5UJG9UBW9EJKLAV49Q7"
Any ideas?
Thanks for your time,
--
Eric Garff
MyComputer.com System Admin
Our Tools. Your Site.
Just remember, if the world didn't suck, we'd all fall off.
--
I need to resend all the incoming mail for an account to all the
receipents in the header having a specific domain. For instance
if I have the following in the header:
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED],[EMAIL PROTECTED]
I want to resend mail to only addresses for dom.com, in this
case a and c, b should be ignored while sending.
Thanks all.
Shakaib Sayyid
Shakaib Sayyid <[EMAIL PROTECTED]> wrote:
>I need to resend all the incoming mail for an account to all the
>receipents in the header having a specific domain. For instance
>if I have the following in the header:
>
>To: [EMAIL PROTECTED]
>Cc: [EMAIL PROTECTED],[EMAIL PROTECTED]
>
>I want to resend mail to only addresses for dom.com, in this
>case a and c, b should be ignored while sending.
Forward to a script that parses the headers, perhaps using mess822,
and forwards accordingly.
-Dave
Hi-
I have a qmail server hosting several virtual domains, and all mail
delivered to recipients in the virtual domains have a Delivered-To
header line indicating the "main" domain name of the server.
I want to delete this line, and I understand that the -d option to
preline is the way to do this, but *where* do do do this?
TIA
--Pete
Quoting Peter Cavender ([EMAIL PROTECTED]):
> Hi-
>
> I have a qmail server hosting several virtual domains, and all mail
> delivered to recipients in the virtual domains have a Delivered-To
> header line indicating the "main" domain name of the server.
Fascinating. Is that a government secret, or something?
Doesn't the Received header also mention what your domain name is?
> I want to delete this line, and I understand that the -d option to
> preline is the way to do this, but *where* do do do this?
Hmmm, but what program will you use to actually do the delivery?
You don't mention what mailbox format you're using.
Anyway, Delivered-To is there to prevent mail loops. Not all that
terrific an idea to cut them out.
Aaron
Adam McKenna writes:
> By the way, why are the cr.yp.to lists so slow lately?
UIC is paying its ISP for a measly 14Mbps. UIC has been hitting this
limit more and more frequently since the beginning of September. The
packet-loss rate averages over 2% now, even if you don't count the
recent 30-hour outage, and hits 25% at busy times.
UIC's computer center is an independently operated profit-making
enterprise. It has no incentive to pay for adequate network service.
Maybe the router is being flooded by some easily fixed source of
traffic; the computer center won't even bother investigating.
I am interested in hearing quotes from Chicago ISPs for independently
wiring the math department and providing various levels of network
service. We're at 851 S. Morgan.
---Dan
Hi,
Can anyone explain to me why when I compile qmail-1.03 with pgsql-0.14 patch
and run qmail-start I get a pid returned, but when I check the process list
it is not there? In order to call qmail-start, I'm calling the rc script the
comes supplied. This method worked well under mysql, but I just can't seem
to get qmail started under postgres.
TIA
--
Dean Browett
On Tue, Nov 14, 2000 at 04:19:22PM +0000, Tristan Graham wrote:
> Hi,
>
> I need to implement forwarding of the form user@somedomain ->
> user@someotherdomain. i.e. the original user at the original domain is
> propagated to the forwarded domain. Are there any mystical variables that
> can be used within the alias file ?
>
> If anyone can help I would be most grateful,
See forward(1)
NAME
forward - forward new mail to one or more addresses
SYNOPSIS
in .qmail: |forward address ...
And, as this is a command, see qmail-command(8):
NAME
qmail-command - user-specified mail delivery program
SYNOPSIS
in .qmailext: |command
And see ENVIRONMENT VARIABLES in that manpage.
So, something like
|forward "${LOCAL}@someotherdomain"
should do it...
>
> Tristan Graham,
> Inweb.
>
--
Brian 'you Bastard' Reichert <[EMAIL PROTECTED]>
37 Crystal Ave. #303 Daytime number: (603) 434-6842
Derry NH 03038-1713 USA Intel architecture: the left-hand path
I have a user that has requested his mail be forwarded to a new address.
This is fine, but is there a way to reprocess his allrready delivered
mail in $HOME/Maildir so that is sent on to the new forward address?
-Colin
On Thu, Nov 16, 2000 at 09:41:13AM +1100, Colin Humphreys wrote:
> I have a user that has requested his mail be forwarded to a new address.
>
> This is fine, but is there a way to reprocess his allrready delivered
> mail in $HOME/Maildir so that is sent on to the new forward address?
We frequently do the following:
1) configure the forward on your mailserver
2) use maildirsmtp to reinject the emails to your mailserver
Works for us
\Maex
--
SpaceNet GmbH | http://www.Space.Net/ | Stress is when you wake
Research & Development | mailto:[EMAIL PROTECTED] | up screaming and you
Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0 | realize you haven't
D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
What's the maximum number of virtual domains on one qmail-server and
administrated with qmailadmin??
greetings
Marco Leeflang
Leeflang-IT
Netherlands
I use qmailadmin-0.39 and vpopmail-4.9.6
If you push the add button in add pop account with empty fields i get 2
situations.
First after push the add button vpasswd for that domain is cleared, 0
bytes cdb files still ok.
Second a entry in vpasswd is add with no popaccount and username
information in it
vpasswd:
:2sLuN/OVWa6pw:1:0::/home/vpopmail/domains/leeflang-it.nl/:NOQUOTA
This entry can't deleted by qmailadmin, only just by hand.
Any idea's ???
greetings,
Marco Leeflang
Leeflang-IT
Netherlands
|
Can anyone explain me how I leave this list?
Please, somebody tell me...
Thanks
|
At 05:36 PM 11/15/2000, you wrote:
>Can anyone explain me how I leave this list? Please, somebody tell me...
>
>Thanks
you can unsub anytime you like, but you can never leave....
it's just like subscribing, only backwards...
hello,
perhaps this is another silly question, but I'm trying to deliver mail
locally. So if my server's domain is domain.com, and I try to send
mail to [EMAIL PROTECTED] from my own local account (ie:
[EMAIL PROTECTED] to [EMAIL PROTECTED]), qmail complaints that in the
MX list for domain.com, the first MX record points back to the original
server..
Which is currect, since the first MX record (with the highest priority)
is the actual host, I'm working on now.
Can anyone offer some insight?
Thanks!
Oliver
__________________________________________________
Do You Yahoo!?
Yahoo! Calendar - Get organized for the holidays!
http://calendar.yahoo.com/
On Wed, Nov 15, 2000 at 05:42:31PM -0800, Oliver Menzel wrote:
> hello,
> perhaps this is another silly question, but I'm trying to deliver mail
> locally. So if my server's domain is domain.com, and I try to send
> mail to [EMAIL PROTECTED] from my own local account (ie:
> [EMAIL PROTECTED] to [EMAIL PROTECTED]), qmail complaints that in the
> MX list for domain.com, the first MX record points back to the original
> server..
A lot of people asking for qmail help seem to be working with
"foo.com," "domain.com," etc. Why not help us by providing actual
domain names?
After that, post the output of qmail-showctl.
PGP signature
Just got a call from an angry MSN user.
http://www.internetnews.com/isp-news/article/0,,8_512791,00.html
jon
On Wed, 15 Nov 2000, Jon Rust wrote:
> Just got a call from an angry MSN user.
> http://www.internetnews.com/isp-news/article/0,,8_512791,00.html
> jon
It's too bad that companies can't set up two systems... one for people
who don't want to receive this spam crap and one for customers who lack
clue.
Amen for blocking MSN.
Scott
On Wed, Nov 15, 2000 at 06:58:30PM -0700, Scott D. Yelich wrote:
> It's too bad that companies can't set up two systems... one for people
> who don't want to receive this spam crap and one for customers who lack
> clue.
As well as us who actually want to collect spam (for research and
investigation purposes): http://em.ca/~bruceg/spam/
--
Bruce Guenter <[EMAIL PROTECTED]> http://em.ca/~bruceg/
PGP signature
OK. I've searched through some of the archives for a solution to this.
However I could not find an answer. We use qmail 1.03 with vpopmail 4.9.4
and MySQL 3.22.32. After adding a new domain we have started receiving some
duplicate messages on only that domain. I've yet to see it happen on any of
the others. Below are the logs which have the relevant delivery
information. Domain2.net is not located on the server domain1 and domain3
both are. The message going to domain3 was in duplicate where as the
message to domain1 was not. The header of the message is listed below as
well, the duplicate is identical to it down to ever letter. Does anyone
have any suggestions as to what we can do to resolve this?
Thanks
Andy Abshagen
System Administrator
Data-Vision, Inc.
219-243-8625, 888-925-8625
[EMAIL PROTECTED]
Nov 15 21:24:27 mail qmail: 974341467.079616 new msg 182107
Nov 15 21:24:27 mail qmail: 974341467.079878 info msg 182107: bytes 601 from
<[EMAIL PROTECTED]> qp 26530 uid
504
Nov 15 21:24:27 mail qmail: 974341467.088963 starting delivery 34992: msg
182107 to local [EMAIL PROTECTED]
Nov 15 21:24:27 mail qmail: 974341467.089138 status: local 1/120 remote
0/120
Nov 15 21:24:27 mail qmail: 974341467.158027 delivery 34992: success:
did_0+0+2/
Nov 15 21:24:27 mail qmail: 974341467.158235 status: local 0/120 remote
0/120
Nov 15 21:24:27 mail qmail: 974341467.158306 end msg 182107
Nov 15 21:24:28 mail qmail: 974341468.105875 new msg 182107
Nov 15 21:24:28 mail qmail: 974341468.106138 info msg 182107: bytes 601 from
<[EMAIL PROTECTED]> qp 26544 uid
504
Nov 15 21:24:28 mail qmail: 974341468.111806 starting delivery 34993: msg
182107 to local [EMAIL PROTECTED]
Nov 15 21:24:28 mail qmail: 974341468.111965 status: local 1/120 remote
0/120
Nov 15 21:24:28 mail qmail: 974341468.155358 delivery 34993: success:
did_0+0+1/
Nov 15 21:24:28 mail qmail: 974341468.155568 status: local 0/120 remote
0/120
Nov 15 21:24:28 mail qmail: 974341468.155638 end msg 182107
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 26530 invoked from network); 16 Nov 2000 02:24:26 -0000
Received: from omega.domain2.net (216.163.32.50)
by mail.domain4.com with SMTP; 16 Nov 2000 02:24:26 -0000
Received: from tc-34-124.domain2.net (omega.domain2.net [216.163.32.50])
by omega.qtm.net (8.9.3/8.9.3) with SMTP id VAA91363;
Wed, 15 Nov 2000 21:20:56 -0500 (EST)
(envelope-from [EMAIL PROTECTED])
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
Subject: dup test
Date: Thu, 16 Nov 2000 02:20:57 GMT
X-Mailer: Endymion MailMan Standard Edition v3.0.20
I have strange taimouts --
If clients (or other servers) d't use my
SMTP server during 10 (or more) minuts
appear timaut about 1 min.
After this timeout all working OK - without
some timeout till next pause from work SMTP server...
I use tcpserver with -R -H options and Slackware linux...
Hello everyone. I would really appreciate any help that can be
offered. First, in the interest of full disclosure let me say that I am
a newbie to Linux and qmail.
I have managed to install our Redhat 6.1 system and get it connected to
our LAN and the Internet. I now would like to set up the Linux machine
as a mail server.
Following the instructures given on Life with qmail, I am trying to
install qmail using the source codes. So far I a have downloaded qmail
and the two add-ons (daemontools and ucspi-tcp), and followed the steps
up to building (Section 2.5.5 in Life with qmail).
In the qmail-1.03 subdirectory, I typed make setup check
After a series of compling, I get the following response:
fatal: unable to find user alias
make: ***[auto_iods/c] Error 111 ,
and end up back at the root prompt.
Then, following the next directions, I typed ./config and then
./config-fast our.full.hostname at this prompt. I got the following
response:
bash: ./config: No such file or directory
bash* ./config-fast: No such file or directory
I have checked the user account tab in linuxconf treemenu and there are
users and aliases. My user account is Caroline and my e-mail alias is
MAILER-DAEMON. The user account is there.
My questions are:
1. Why did the make setup check command not find user alias file? How
do I create one?
2. Is the make+***[auto_iods/c}Error 111 warning a different problem.
If so, how do I correct this?
3. Why doesn't the ./config or ./config-fast command work? Will it work
once the user alias problem is fixed?
Thanks in advance for any advice. I sure need it.
CarolineT
Hi,
I've two questions:
1) I'm planning on using qmail with Redhat linux for a high-load machine
(hardware raid scsi disks). Now I don't want to know which linux is better,
but I would like to know what extra tuning the operating system requires?
Does hdparm can boost the HW raid I/O performance? Do I need to fiddle in
the /proc VFS for file-max,inode-max and stuff? A guideline for getting the
most out of qmail+linux would be great.
2) I've found many remarks on qmail and reiserfs, but nobody agrees on
wether it's good or bad. So I won't start that here all over again but I
would like to ask:
does anybody use qmail+reiserfs on a high-load production machine? If so,
what OS do you recommend and which extra patches to qmail do you
suggest/apply? Is it running stable, can it survive crashes? How did you
mount/created your reiserfs?
Franky
