Bob,
Using an external command is kind of ugly. What you would want to do is use
perl modules. It's simpler, cleaner, and faster. I've attached an old ldap
auth plugin, you just need to modify the base DN and the user matching
attribute, but it should search for the user, then try to bind as th
Charlie Brady wrote:
On Tue, 26 Apr 2005, Bob wrote:
John Peacock wrote:
I think the consensus (in July/August 2004) was to use stunnel as a
wrapper around qpsmtpd, e.g.
exec tcpserver (flags) stunnel (flags) qpsmtpd
and stunnel (of recent enough vintage) will just proxy the SMTP
transaction for
Completely off-topic, but it was fun to see Matt in the news:
"If you receive mail forwarded through, for example, a university alumni
account, the Sender ID check fails," said Matt Sergeant, a senior antispam
technologist at MessageLabs.
from:
http://news.com.com/Microsoft+pushes+spam-filter
Bryan Scott wrote:
> The Point:
>
> I wrote a plugin called "check_badbounce" that rejects *bounces only*
> from specific remote servers that try to bounce messages that didn't
> originate from my network in the first place. It does it using the HELO
> message received from the remote machine, so
Elliot Foster wrote:
> Bryan Scott wrote:
>
>>The Point:
>>
>>I wrote a plugin called "check_badbounce" that rejects *bounces only*
>>from specific remote servers that try to bounce messages that didn't
>>originate from my network in the first p
Bryan Scott wrote:
>
>
>>> On a similar note, I'm getting a few thousand spam/virus mails a day
>>> that are
>>> pretending to be from my own domain. This just checks if the sending
>>> address'
>>> domain is pretending to be a local.
>>>
>>> Perhaps this could be melded into 'badmailfrom', just
Hanno Hecker wrote:
> Hi,
>
> while setting up a new system with qpsmtpd and LDAP I took rcpt_ok and
> auth/auth_ldap_bind, mixed it a bit and this is the result ;-) It uses
> the same config file as auth_ldap_bind... Currently it's not in
> production use, some tests have been done to see if it w
g the server that it's "authoritative for
this domain" or not, so that it can reject mail from/to that domain. That would
be an example of a domain in "locals" whereas I'm most likely doing routing or
secondary for domains in "rcpthosts", so I don't w
Bob Dodds wrote:
Norman Maurer wrote:
Hi guys,
i just finished my first version of a dspam plugin for qpsmtpd. Here
is the link to the plugin..
plz have a look at it.
http://wiki.debian-made.de//space/snipsnap-index/downloads/dspam
http://wiki.debian-made.de//space/snipsnap-index/DSPA
Bob Dodds wrote:
Eye candy. http://perlq.org/filter.png
check_earlytalker and require_resolvable_from_host
and spf, and qpsmtpd in general, are doing a fine job.
Thanks to Matt Sergeant for recommending a longer
check_earlytalker wait time.
-Bob
Which leads me to ask:
1.) What was the lon
Skaag Argonius wrote:
I traced the log because it stuck again just now. I'm running 0.31-1
from svn now. Here are the last 3 lines in the log before it just
stopped working:
@400043b19a4b1b0d83a4 24652 size_threshold set to 0
@400043b19a4b1b0f7b8c 24652 spooling message to disk
@4
John Peacock wrote:
rik wrote:
If one of my user receive a virus, is it possibile to send an alert to his
recipient and save the email in a quarantine directory insted of blocking
the message?
Don't bother. All current viruses and worms forge the return address, so there
is no one t
John Peacock wrote:
Skaag Argonius wrote:
John Peacock wrote:
In the spirit of TMTOWtDI, I wrote a very small finger daemon which
runs on our primary server (which contains the vpopmail virtual
domains/users).
This is by far the best solution I heard about. Can you provide that
daemon
John Peacock wrote:
The company President has a laptop and uses Earthlink to get to the
Internet when on the road. Earthlink blocks port 25 except to their
own servers. We publish SPF records. Some stupid admins have turned
on mail blocking for SPF failures. The President's mail *always* h
John Peacock wrote:
Elliot Foster wrote:
You could also use port 587 (submission) non-ssl if you're just
trying to get around port 25 being blocked. That way you wouldn't
have to re-route the connections to localhost. You would also be
able to retain the connecting IP.
Bu
Bob Dodds wrote:
Elliot Foster wrote:
John Peacock wrote:
Elliot Foster wrote:
You could also use port 587 (submission) non-ssl if you're just
trying to get around port 25 being blocked. That way you wouldn't
have to re-route the connections to localhost. You would also b
Les Mikesell wrote:
On Fri, 2006-02-17 at 15:45, Ask Bjørn Hansen wrote:
On Feb 17, 2006, at 9:43 AM, Les Mikesell wrote:
Wouldn't it at some point be simpler to run sendmail as the
front end since it already knows how to do this stuff?
It depends.
I run qmail-smtpd (with TLS
Les Mikesell wrote:
On Fri, 2006-02-17 at 16:44, Elliot Foster wrote:
Yes, you could use sendmail and a milter instead of qpsmtpd, or you
could use a milter with qpsmtpd. What is your point? What
functionality is missing in qpsmtpd to which you're referring?
The one that broug
Les Mikesell wrote:
On Mon, 2006-02-20 at 16:47, Charlie Brady wrote:
Please stop feeding the troll. If we wanted to use sendmail, we'd use
sendmail. We don't want to talk about it on this list.
If Les has some improvements to make to qpsmtpd, then I'm sure they'd be
welcome. But I've see
Robin Bowes wrote:
The idea is, I create the MySQL connection + prepare the statement
handle just once in init() so I only need to execute the prepared
statement in the queue_post hook.
This works for the first message received, but not for subsequent messages.
Any idea why? Is my concept flaw
John Peacock wrote:
Peter J. Holzer wrote:
2) Net::DNS assigns a random id when the package is loaded and just
increments the id for each request. This also makes ID guessing easy.
What's worse, with forkserver the package is loaded in the parent
process, so every child goes through
up the user
based on the 'uid' attribute.
The configuration item 'ldap_allow_plain' specifies whether or not PLAIN/LOGIN
authentication should be advertised/allowed. If set to a true value, PLAIN
and LOGIN methods will be allowed. The default is set to not allow PLAIN or
LOGIN, only CRA
Matt Sergeant wrote:
On 11-Apr-06, at 2:56 AM, Elliot Foster wrote:
I would like to submit another plugin for your consideration. This
plugin is different from auth_ldap_bind in that it supports CRAM- MD5
authentication. The two plugins have different applications (mostly
due to
Lars Roland wrote:
Maybe this needs to be configurable - i.e. in some situations it might
be nice to just pull from the LDAP server periodically (i.e. pull the
entire user list once every hour, once every day or whatever floats
your boat) - other people may need to perform a LDAP look up for each
Matt Sergeant wrote:
On 11-Apr-06, at 12:02 PM, Elliot Foster wrote:
Matt Sergeant wrote:
On 11-Apr-06, at 2:56 AM, Elliot Foster wrote:
I would like to submit another plugin for your consideration.
This plugin is different from auth_ldap_bind in that it supports
CRAM- MD5
Matt Sergeant wrote:
On 11-Apr-06, at 12:37 PM, Elliot Foster wrote:
Yeah, basically in my experience LDAP is pretty slow for what it
does, and anything that can help that performance the better.
Interesting. I've found it to be rather good for what it does
(scalable fle
Peter J. Holzer wrote:
On 2006-04-12 10:40:50 +1000, john habermann wrote:
Hi Peter
On 4/7/06, Peter J. Holzer <[EMAIL PROTECTED]> wrote:
On 2006-04-07 14:55:58 +1000, john habermann wrote:
Since the error occurs within less than 1 second of the start of the
transmission, it can't be a time
John Peacock wrote:
I took at look at the domainkeys plugin here:
http://killa.net/infosec/domainkeys/
and fixed it up to work with the latest Mail::DomainKeys (which dropped
header() from the API with no direct replacement).
I thought I'd ask here if people think it should also sign out
I noticed that I hadn't received any of my danga mailing list content in
a while, and checked my logs to find:
@400044662b4a2f63f34c 28892 D check_earlytalker 207.7.148.197:56598
216.218.240.174:25 Connecting host started transmitting before SMTP
greeting
Which appears to be the danga
Larry Nedry wrote:
Hi Folks,
I need to run two copies of qpsmtpd on different IP addresses on the same
server and each will be configured differently. Has anyone tried this?
Are there any potential problems?
If they're on different IP addresses with different configs, just use
two copies of
Peter J. Holzer wrote:
On 2006-05-13 13:37:40 -0700, Elliot Foster wrote:
Larry Nedry wrote:
I need to run two copies of qpsmtpd on different IP addresses on the same
server and each will be configured differently. Has anyone tried this?
Are there any potential problems?
[...]
I think
Elliot Foster wrote:
I noticed that I hadn't received any of my danga mailing list content in
a while, and checked my logs to find:
@400044662b4a2f63f34c 28892 D check_earlytalker 207.7.148.197:56598
216.218.240.174:25 Connecting host started transmitting before SMTP
greeting
Larry Nedry wrote:
On 5/14/06 at 9:45 AM Peter J. Holzer wrote:
Not only a discussion, it has also been implemented: Simply set the
QPSMTPD_CONFIG environment variable.
It looks like QPSMTPD_CONFIG won't work with forkserver. I need to deploy
two instances with different IP addresses and fo
Peter J. Holzer wrote:
On 2006-05-14 11:56:08 -0700, Elliot Foster wrote:
Elliot Foster wrote:
I noticed that I hadn't received any of my danga mailing list content in
a while, and checked my logs to find:
@400044662b4a2f63f34c 28892 D check_earlytalker 207.7.148.197:
some effort into differentiating an early talker
from a "quitter before I say hello?"
Elliot
Elliot Foster wrote:
Elliot Foster wrote:
I noticed that I hadn't received any of my danga mailing list content
in a while, and checked my logs to find:
@400044662b4a2
[EMAIL PROTECTED] wrote:
On Tue, 23 May 2006, John Peacock wrote:
[EMAIL PROTECTED] wrote:
I am wondering if people might have ideas for running two
spamassassin plugins, each using a different set of configurations.
Strange setup, yes - a unique situation where I'd like to take adva
Devin Carraway wrote:
On Thu, Jun 22, 2006 at 11:32:11AM -0400, John Peacock wrote:
Michael C. Toren wrote:
Has anyone else running the earlytalker plugin had trouble accepting
mail from mac.com? I'm using a delay of 20 seconds.
[...]
I confess that I am using earlytalker with the default del
John Peacock wrote:
> Michael Holzt wrote:
>> However i came to the conclusion that the Date:-Headerchecking from
>> check_basicheaders is unreliable because there are other legitimate
>> clients as well who lack the Date: header. Its against the standard,
>> but its real life.
>
> We have some HP
Bryan Scott wrote:
I know this was discussed a few months ago. I've now installed Zimbra
on a test machine and I'm contemplating my options. As of yet I haven't
really taken things apart to see how hard it would be to shim any of my
custom stuff in.
Since Zimbra uses postfix as it's MTA, it
Hans Salvisberg wrote:
David Nicol wrote:
I would purpose
the existing IP address to the customers and give the inbounds a new IP.
Thank you for your reply, but there are only four users in this
organization and I can't use more than one IP for them.
I had a similar problem and changed my m
abhilash s wrote:
Hi,
I have configured qpsmtpd to use auth_ldap_bind . I used LOGIN as
Authentication type. It shows the following error :
@4000466e559b350ce4fc 6779 running plugin (auth-login): auth_ldap_bind
@4000466e559b350cf49c Use of uninitialized value in concatenation
(.) or
abhilash s wrote:
Could you please include the config line that you used for it? It looks
like the ldap_auth_filter_attr is unset, and/or it looks like the
username isn't coming through.
In my
/home/smtpd/config/plugin for using ldap_bind I just used the plugin
name like following
auth_ldap_b
Whoops, forgot to reply-to-all, resent to list..
abhilash s wrote:
Here is the actual problem . The username is '[EMAIL PROTECTED]' not
'abhilash' . Before when I tried thunderbird and using the PLAIN
authentication type it shows the same problem of finding user name
(abhilash) . The PLAIN aut
I don't bother using tcpserver or tcpsvd anymore, I use the --port arg like so:
#!/bin/sh
exec 2>&1 \
sh -c '
exec \
/usr/local/bin/softlimit -m 3000 \
/usr/bin/perl -T -I/path/to/qpsmtpd/lib \
/path/to/qpsmtpd/qpsmtpd-forkserver \
--listen-address 0 \
--port 25 \
--
JT Moree wrote:
Elliot Foster wrote:
I don't bother using tcpserver or tcpsvd anymore, I use the --port arg
like so:
#!/bin/sh
exec 2>&1 \
sh -c '
exec \
/usr/local/bin/softlimit -m 3000 \
/usr/bin/perl -T -I/path/to/qpsmtpd/lib \
/path/to/qpsmtpd/q
JT Moree wrote:
I created a run_fork. I had to change the location of softlimit on my
system so I included it as a variable. I guess I could create a
config/SOFTLIMIT file since everything else is in a file . . .
#!/bin/sh
# run_fork
# get dirname of executable so we can cd into it in case th
John Levine wrote:
1. the greylisting plugin uses a lock on the dbm file to prevent the
processes from clobbering each other. the GL plugin could be
re-written to use an RDBMS instead, that might help.
I have a well-known greylist patch for qmail-smtpd that I recently
ported over to qpsmtpd.
I wrote a plugin last weekend that logs mail summary to a DB (sqlite at the
moment, I plan on making it more flexible.) If anyone is interested, let me
know how I could modify it to make it more useful to you (logging message-id,
etc.) Suggestions/questions are welcome.
I plan on writing a w
JT Moree wrote:
What is the generally accepted method to have spamassassin NOT scan a
message? i.e. return DECLINED
For example we have two servers on campus as we are merging two
companies together. The two companies obviously have different domains
and users. We need to communicate with eac
[EMAIL PROTECTED] wrote:
What, exactly, is being done to validate sender/recipient email addresses
during a connection?
I am finding that there are many, otherwise legit, addresses with local
portions that are too long. RFC 2821 4.5.3.1 says 64 characters maximum,
yet I regularly see much longer
Chris Lewis wrote:
The rabid belief by some that RFC2142 mandated addresses MUST NOT be
filtered under any circumstances. Including people who misinterpret SPF
records ;-) [We publish ~all, some people interpret email .forwarded
thru something not in the SPF record to be forged and bounce it.]
Diego d'Ambra wrote:
Matt Sergeant wrote:
[...]
Some of these may have been solved in other places, but I would be
willing to test and check if they are still needed and patch against
latest revision.
Any interest?
Yes of course.
Great - sorry for the slow reply.
During move to vanilla q
Howard Miller wrote:
Hi,
I am getting vast amounts of information in my logs. The README says
"You can get more or less by
adjusting $TRACE_LEVEL in lib/Qpsmtpd.pm"
...except as far as I can see that variable is not set anywhere in
that file. There is a line...
sub TRACE_LEVEL { $T
Howard Miller wrote:
Actually... I've come to the conclusion I don't understand at all.
Without any logging plugins I still get logs from tcpserver (I'm using
daemontools to run it). There are two files in my config directory
'logging' and 'loglevel'. I don't know which one effects the logs
prod
viggy_prabhu wrote:
Hi friends,
I want to know if some work has been going on improving the present
auth_ldap_bind plugin. I want to authenticate users for directories
that do not allow anonymous bind. In fact I want to use most of the
features described in "FUTURE DIRECTION" heading. So if pres
55 matches
Mail list logo
