doing something like this or a better way to
implement than what I suggest, etc.?
any feedback is appreciated.
Thank you,
- --
JT Moree
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFsS1MFI6sVJUR1B8RAjq7AKCV
ugins or by googling.
I wonder if some legitimate mailers might not be setting the MAIL FROM
properly even though the message has a From header. Does anyone have
experience with this issue?
Thank you,
- --
JT Moree
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using
don't understand the last paragraph in your proposal: If you whitelist
> sender addresses, why do you need the sender IP address? Or do you want
qpsmtpd works by IP address--not by domain names. The sender may be
forged so it can't be trusted. Reverse DNS lookups are also unreliable.
T
l server. Since the users are not available a
plugin can be used to query the real mail server.
Is there one available already that does this? It would vary based on
the mail server . . .
- --
JT Moree
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozill
e.
I see an rcpt_ldap plugin which does what I'm asking but we are not yet
using ldap. It could be used as a model for another one I guess . . .
thank you
- --
JT Moree
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using Gn
ays it is 0.7. Probably should change version if applying the patch?
- --
JT Moree
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFtQWoFI6sVJUR1B8RAlCpAJ9n5dqR3Lc4ESQx5nxWymToMThI2gCdHuww
UFM6eOvbYZIbTmAT4xla+SE=
=HNc8
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> So, essentially, I would whitelist on the email addresses, not on IP
> addresses, because I can't think of a reliable way how to get sender IP
> addresses from domain names.
these are all good points.
- --
JT Moree
-BEGIN
to errors and bounces. I am not 100% sure that I have weeded
those out. In fact I didn't weed anything out but did some tests and
couldn't get some of them to show up. I believe that I have a good list
but would like to do more tests before going live.
- --
JT Moree
-BEGIN PG
collect and make usuable a dynamic
list of 'good' email address (at least I need to - to make this work).
Perhaps I should create a new plugin with a new flag of greenlist or
even a new whitelist plugin based on this. Right now my implementation
will only affect the greylisting plugin.
- -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
JT Moree wrote:
> I am doing a fair amount of work to collect and make usuable a dynamic
> list of 'good' email address (at least I need to - to make this work).
>
> Perhaps I should create a new plugin with a new flag of gre
base connection going to be
rebuilt every time the plugin is run if I make it in register?
if so, is there a way to cache the connection by making it somewhere else?
thank you,
- --
JT Moree
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with
s called Greenlist.pm
and it's in the tarball. It will support file based backends as well as
sql but the file support is not finished.
- --
JT Moree
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozill
I cleanup a few more things I'll add the plugin to the wiki.
- --
JT Moree
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFyebNFI6sVJUR1B8RAjFsAJ0aj0XWiueVColIFebLzPJ0wnnuPACfd2wS
zxkprG1aYcDC6Ug6ewn0pA8=
=
necessary? Why not just turn on sender-permitted-from? That
plugin will allow those emails and they greylisting should ingore them.
Right?
- --
JT Moree
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFF4vIiFI6sV
ead of having the greylisting plugin look at the spf object you
could modify the spf plugin to create notes and modify greylisting to
look for notes.
Or is too much information needed to put it in notes?
- --
JT Moree
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Us
HTTP Response Status
403 Forbidden
Is this a permanent problem? Anyone in contact with the perl.org people?
--
JT Moree
process.
http://wiki.qpsmtpd.org/plugins:queue:http-forward looks promising.
Anyone have other ideas?
Thank you,
P.S. Google for qpsmtpd and archive gives lots of hits for the mailing
list archives.
--
JT Moree
on this topic? I'm sure there have been
some. or provide insight?
Thank you,
--
JT Moree
ueing:
- must write qp plugin to call some other outgoing mail program (writing
it all is out of the question)
- must handle two cases for local and remote mail
+ one less MTA to configure
- must configure all normal MTA->MDA stuff in qp instead
--
JT Moree
are there plugins to handle it?
--
JT Moree
look like you
sent an email to someone else?
- --
JT Moree
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGaBiJFI6sVJUR1B8RAgETAJ41zUTf8doMFrWAGjrUx3uY3fio4gCgj4A3
KgidtAcfpNZBsFQ3XFTOB5s=
=q7Kl
-END PGP SIGNATURE-
nd if needed this case could be handled
by the email client. I can see an t-bird extension that looks at mail
coming from a particular location/account and automatically strips the
forwarded message out.
- --
JT Moree
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (GNU/Linux)
e incentive to move to the
new and improved SMTP2.
I know. I'm living in lala land. But that's what it takes to make
improvements. We have to be tired of the status quo enough to want to
change.
--
JT Moree
27;modify
the SMTP' protocol. Even if it means you end up with QMTP in the end by
a different name it gives people the impression that there is less
barrier to adoption.
Still thinking outside the box ;) Thank you for entertaining my off
topic posts this long.
--
JT Moree
r options and qpsmtpd docs for
options and googling but I'm not finding anything helpful.
Can someone point me to a configuration option that might cause this
behaviour? perhaps because internal mail is allowed to relay? but then
where is the configuration for setting the hostname for non-rcpthosts?
Thank you,
--
JT Moree
he network so again I don't know why there are
two different behaviours.
I just noticed the version is 026 (2.6?). I may try to play with a
newer version of qpsmtpd later this week.
--
JT Moree
Peter J. Holzer wrote:
> On 2007-08-08 16:52:47 -0700, JT Moree wrote:
>> I did not setup the qpsmtpd servers at work and I am having an issue
>> that I cannot find the answer to in the wiki or with google.
>>
>> If I telnet to the server from inside the network I get
#This was inline. doing it here allows for better error handling
IP=`head -1 config/IP`
fi
exec $SOFTLIMIT -m 2500 \
$TCPSERVER -c 10 -v -R -p \
-u $QMAILDUID -g $NOFILESGID $IP $PORT \
./qpsmtpd 2>&1
--
JT Moree
variables in config files
instead of hard coding everything into the script?
I know this is just the script you are using but I'm wondering if the
default scripts could be improved.
Perhaps a script called run_fork in addition to the run script? I am
also looking at the Sys V init scripts from the wiki.
--
JT Moree
kserver \
--listen-address $IP \
--limit-connections 40 \
$PORTS
--
JT Moree
ng place?
Am I misunderstanding what whitelist does?
I haven't found anything when googling for these key terms and searching
the archives. The pod for whitelist_soft doesn't say anything about how
it does the whitelisting or having to deal with other modules such as
rcpt_to.
Thank you
--
JT Moree
methods that are
currently being used to allow them to send.
That is: offsite users are whitelisted by sender. Yes I know it's not a
good way to do it, but I inherited it and am working as fast as I can to
improve the systems.
--
JT Moree
ike whitelist_soft is doing and
whitelist_soft didn't work why would this plugin work? Is it the use of
OKALL instead of OK?
--
JT Moree
for relaying."
Thank you again for your plugin. I will be testing it soon.
--
JT Moree
it explicitly. Start with modifying the rcpt_to plugin
You should just need to add something like:
return OK if $self->transaction->notes('whitelistsender');
=cut
--
JT Moree
JT Moree wrote:
>> to your rcpt_to plugin.
>
> Thank you, I appreciate that but one more clarification. It's not MY
> rcpt_to plugin. It came with the stock qpsmtpd .40 tarball that I
> downloaded.
I'm sorry. It's rcpt_ok. NOT rctp_to
--
JT Moree
Gavin Carr wrote:
> On Thu, Aug 16, 2007 at 01:02:52PM -0700, JT Moree wrote:
>> Shouldn't the documentation for the whitelist_soft module mention that
>> it requires modifying the rest of the plugins?
>
> Yes, probably. My current dev version does say:
That's
it
shouldn't be called whitelist. A better name would be set_flag,
custom_flag, or something like that.
* Can I have the whitelist_soft plugin return OK at each stage? Will
that allow the process to work as I want. Right now whitelist_soft is
returning OK at mail and DECLINED at rcpt.
Thank you,
--
JT Moree
k for whitelisthost but it comes from a
different location than where whitelist_soft sets.
RHSBL
hook_mail - check all four. return DECLINED if any found
hook_rcpt - check all four. return DECLINED if any found
--
JT Moree
JT Moree wrote:
> So, I want spamassassin, dnsbl, and maybe rhsbl to skip processing if
> they see the whitelist flags. The whitelist_soft plugin uses
or in the case of using the regex_mailfrom plugin I'd have them do
return DECLINED if $self->connection->notes('regex_mailfrom');
--
JT Moree
I wrote some small helper scripts for parsing logs. Would they be
useful enough to include in qpsmtpd?
--
JT Moree
#!/bin/sh
usage()
{
cat << FOO
$0 - utility to parse qpsmtpd log messages for a given string and get the
whole transaction
Usage: $0 [grep options] text_to_fi
the case
> with prefork or Apache (also preforking).
Is there a message ID that is unique to each message?
--
JT Moree
tead of (or as
> addition to) the PID.
> +$self->{_transaction_id} = sprintf("%08X", rand(2**32 - 1));
Is this uique enough? what is the chance of getting the same random
number again? should it be a combination of the PID + time + rand?
--
JT Moree
JT Moree wrote:
>
> Is this uique enough? what is the chance of getting the same random
> number again? should it be a combination of the PID + time + rand?
>
my @sname = split(/\./, $self->qp->config("me"));
= $sname[0].$$.'r'.int( (( time ^ $$ ) *
sition to
implement something rather than nothing.
--
JT Moree
; that you can put the id in a db server as a double or unixtime which
> comes in quite handy when you've got a lot of volume.
Would each thread have a unique PID or are all the threads under the
parent PID? Is there a thread ID we could use. The system knows how to
differentiate each thread. Can we use that in combination with time and IP?
--
JT Moree
--
JT Moree
--- Begin Message ---
On Fri, 24 Aug 2007 11:52:07 -0700 "JT Moree" <[EMAIL PROTECTED]>
wrote:
>These are the approaches suggested so far. I added the last one as a
>combination of the others. Can we see a show of hands for the one
>people like the best?
P + local port at the same time, but this "should
> be impossible" if the networks are connected.
As in two clients behind a NAT sending to our server at the exact same
time? Might be possible from server farms or distributed mailing list
systems?
What do you guys think?
--
JT Moree
Matt Sergeant wrote:
> I've checked in $transaction->id support now. Please let me know if you
> think it's OK.
which method did you use?
--
JT Moree
Matt Sergeant wrote:
> On 28-Aug-07, at 3:12 PM, JT Moree wrote:
>
>> Matt Sergeant wrote:
>>> I've checked in $transaction->id support now. Please let me know if you
>>> think it's OK.
>>
>> which method did you use?
>
> hires_time.pi
;local_port || "0";
my $start = time;
my $id = "$$_$start.$lport_$ip:$rport";
--
JT Moree
es::Time
my $lip = $conn->local_ip();
my $rip = $conn->remote_ip();
my $rport = $conn->remote_port || "0";
my $lport = $conn->local_port || "0";
my $start = time;
my $id = "$$_$start_$lip:$lport_$rip:$rport";
--
JT Moree
transaction ID into core where everyone can know and rely
on it working the same way.
--
JT Moree
Guy Hulbert wrote:
> me = linux1
> -> linux1__
>
> me = linux2.example.com
> -> linux2.e
>
> If you run two instances you can call them 'thing1' and 'thing2'.
>
I'd rather not.
--
JT Moree
);
$SALT_HOST =~ tr/A-Za-z0-9//cd;
Is this being used anymore? I don't find a reference to $SALT_HOST in
the same file.
--
JT Moree
ay then be possible to implement something that all/most plugins could
use.
--
JT Moree
;> Yeah, I'm thinking of rolling a 0.41 with the changes we have now.
>
> +1
>
>
+1
this gets the transaction/message id fixes out too?
--
JT Moree
. spamassassin is
rejecting mail.
--
JT Moree
Systems Admin
www.kahalacorp.com
9311 E. Via de Ventura
Scottsdale, AZ 85258
480.362.4800 - main
480.362.4405 - direct
JT Moree wrote:
> What is the generally accepted method to have spamassassin NOT scan a
> message? i.e. return DECLINED
I was looking for a way to configure the plugin in qpsmtpd but it
probably makes more sense to put it in the spamassassin settings in
/root/.spamassassin/user_prefs or f
59 matches
Mail list logo
