headers
Erwin Hoffmann | 9 Feb 20:52
Picon
Gravatar

Re: [WNYLUG-Users] QMail Under OpenSUSE 12.1

Hi 

Am 09.02.2012 um 20:33 schrieb Darin Perusich:

> You can still use SysV init script on OpenSUSE 12.1 even though
> systemd is the new facility for launching services. Based on the
> original email sent daemontools is somehow related to the problem,
> which in itself is another replacement for init script.
> 

Since Robert did now tell us HOW he installed Daemontools into the system -- thats all guessing.

Certainly, daemontools/supervise are not 'another replacement for init scripts' -- though some people
tweaked them to do so. 
In fact, DJB's daemontools were some how pioneering the idea of a service (launchd, systemd ....) though no
to be event-triggered.

Thus, what we need is  detailed description, how to set up daemontools under OpenSuSE 12.1 -- this would help
everybody. 
If you can contribute to this, please let us know. Otherwise, I need to have a look.

regards.
--eh.

> --
> Later,
> Darin
> 
> 
>
(Continue reading)

Permalink | Reply | 2 comments |
headers
Roger Walker | 9 Feb 16:10
Favicon
Gravatar

ampersand "&" in email address

	I'm seeing the following problem in the log files (minor changes
to protect the innocent and guilty):

info msg 1966555: bytes 468716 from <Food&Bev <at> remote.com> qp 27994
uid 220

info msg 1968033: bytes 223 from <food\@local.emailserver.com> qp 28003
uid 730

delivery 934057: deferral:
sh:_bev <at> remote.com:_command_not_found/Aack,_child_crashed._(#4.3.0)/

	So, qmail is separating the message delivery into being from
"food" at the host/domain name of the local qmail server, AND from "bev"
at the actual sender's host/domain name.

	It is, essentially, splitting the sender address at the ampersand
"&" and trying to send to the resulting two addresses.

	Is there a fix for this so qmail can handle it like any other
email?

	Thanks.
Permalink | Reply | 3 comments |
headers
Robert Wolfe | 9 Feb 15:43

QMail Under OpenSUSE 12.1

Hi all!

 

I am having an issue where I am trying to install netqmail/qmail under OpenSuSE 12.1 and I am able to get everything to build, however, it does not look as if daemontools is starting at any point.  Grepping a ps for svscan doesn’t yield any results.  Is there some change I need to make here in order to get this to run?

 

TIA!

Robert

Permalink | Reply | 4 comments |
headers
Mirko Steiner | 9 Feb 15:39
Gravatar

qmail giving up on postgrey graylisting (reply code 450)

Hello,

i got the following problem, when my qmail mailserver tries to deliver e-mails to a customer:

Feb 2 08:26:53 server03 qmail: 1328189213.767595 delivery 1: deferral:
88.198.51.134_does_not_like_recipient./Remote_host_said:_450_4.2.0_≤xxx <at> yyy.info>:_Recipient_address_ rejected:_Greylisted,_see_http://postgrey.schweikert.ch/help/yyy.info.html/Giving_up_on_11.22.33.44./

and qmail sends me:

-- qmail response --
Hi. This is the qmail-send program at xxx.yyy.de.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<yyy <at> xxx.info>:
This address no longer accepts mail.
-- qmail response --

i called the mailprovider, and they told me, that this problem is on our side (qmails fault), because our
mailserver doesn't try to resend the e-mail.

so what can/should i do?
Permalink | Reply | 3 comments |
headers
FC Mario Patty | 7 Feb 10:12
Picon
Gravatar

How to: qmail-smtpd for roaming users.

Hi guys,

I hope this is the right place to ask. We use qmail-ldap (qmailrocks installation) for our mail server for some time. To give people access to qmail-smtpd, we used to configure /var/qmail/control/qmail-smtpd.rules. Usually we use this configuration:


127.:allow,RELAYCLIENT="",SMTPAUTH="",AUTHREQUIRED="",QMAILQUEUE="/var/qmail/bin/simscan"
192.168.:allow,RELAYCLIENT="",SMTPAUTH="",AUTHREQUIRED="",QMAILQUEUE="/var/qmail/bin/simscan"
:allow,QMAILQUEUE="/var/qmail/bin/simscan",RETURNMXCHECK=""

Now we want to let roaming users to be able to use qmail-smtpd from anywhere outside from local LAN, so we change qmail-smtpd.rules into


127.:allow,RELAYCLIENT="",SMTPAUTH="",AUTHREQUIRED="",QMAILQUEUE="/var/qmail/bin/simscan"
192.168.:allow,RELAYCLIENT="",SMTPAUTH="",AUTHREQUIRED="",QMAILQUEUE="/var/qmail/bin/simscan"
:allow,RELAYCLIENT="",SMTPAUTH="",QMAILQUEUE="/var/qmail/bin/simscan"
:allow,QMAILQUEUE="/var/qmail/bin/simscan",RETURNMXCHECK=""

It is works (we can send to or receive email from gmail), with exception that we can send without authentication either. If we added AUTHREQUIRED="" in the third line, gmail cannot send email to our server. If we switched the third and fourth line (:allow,RELAYCLIENT line and :allow,QMAILQUEUE line), then qmail will never read (or act) the last line. Is there something we're missing here*? OR should we cooperate SMTPAUTH with PBS (we have

127.0.0.1:allow,NOPBS=""
# default allow
:allow

in /var/qmail/control/qmail-pop3d.rules.

* thinking about using SENDERCHECK too, but we still need authentication.

Thank-you in advance.


Best regards,
Mario

Permalink | Reply | 3 comments |
headers
Erwin Hoffmann | 4 Feb 19:26
Picon
Gravatar

Re: POP3 dictionary attacks -- change of bot strategy

Hi Andy

Am 04.02.2012 um 18:45 schrieb Andy Bradford:

> Thus said Erwin Hoffmann on Sat, 04 Feb 2012 13:51:02 +0100:
> 
>> a) Greetdelay'ing the  SMTP sessions -- working great for  years -- is
>> almost useless now.
> 
> What makes you think it is  worthless now? From my observation, it still
> seems relevant:
> 

Yupp. There seems to be clear dependence on the bots. 

If you check my original numbers I evaluated introducing the greetdelay into qmail, these numbers were
much higher than.

There was a typo in my first mail: The magic day was not December 13th, but rather December 3rd.

Some bot nets were uncovered during this period (http://nakedsecurity.sophos.com/koobface/). 

> $ grep 'tcpserver: pid .* from .*' current | wc -l
>   5520
> $ grep -c greetdelay current
> 1314
> $ echo '2k 1314 5520 /p' | dc
> .23
> 
> 23% is  not shabby in  my opinion.  It's  possible that the  bots hitting
> your servers have different behavior?
> 

I need to add, that I use the DNS 'paranoid' verification in sslserver and rejecting session which don't
have a PTR and A RR. 

But again: These numbers (and the efficiency of any anti-spam policies) depend on the exposure of spam
--which varies significantly among countries and sites.

regards.
--eh. 

> Andy
> 

--

-- 
Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de | PGP Key-Id: 7E4034BE
Permalink | Reply | 1 comment |
headers
Erwin Hoffmann | 4 Feb 13:51
Picon
Gravatar

POP3 dictionary attacks -- change of bot strategy

Hi everybody,

since roughly December 13th last year I see a significant change in the bots activities:

a) Greetdelay'ing the SMTP sessions -- working great for years -- is almost useless now.

b) In parallel with this change, I observe significant lexical/dictionary attacks against my POP3
service (POP3S not yet):

Yesterday:

2012-02-03 20:17:45.319228500 qmail-popup: pid 10225 Reject::AUTH::User: P:POP3U
S:202.165.183.164:unknown ?= 'utility'
2012-02-03 20:17:46.662410500 qmail-popup: pid 10228 Reject::AUTH::User: P:POP3U
S:202.165.183.164:unknown ?= 'utpal'
2012-02-03 20:17:48.001400500 qmail-popup: pid 10231 Reject::AUTH::User: P:POP3U
S:202.165.183.164:unknown ?= 'uucp'
2012-02-03 21:35:32.417104500 qmail-popup: pid 11081 Reject::AUTH::User: P:POP3U
S:120.65.9.164:unknown ?= 'david <at> 217'
2012-02-03 21:35:34.678555500 qmail-popup: pid 11086 Reject::AUTH::User: P:POP3U
S:120.65.9.164:unknown ?= 'dave <at> 217'
2012-02-03 21:35:36.939112500 qmail-popup: pid 11091 Reject::AUTH::User: P:POP3U
S:120.65.9.164:unknown ?= 'mike <at> 217'
2012-02-03 21:35:39.196582500 qmail-popup: pid 11108 Reject::AUTH::User: P:POP3U
S:120.65.9.164:unknown ?= 'tony <at> 217'

Today:

 qmail-popup: pid 17593 Reject::AUTH::User: P:POP3U S:81.169.140.224:h1989281.stratoserver.net ?= 'client'

.... resulting in a few thousand lookups every day. 

Thus, within my forthcoming Spamcontrol 2.7 I've included to log the POP3 username within qmail-popup.

Further, I will make a patch available against UCSPI-TCP enabling CIDR notation in the tcprules database.

regards.
--eh.

PS: Anybody who is interested should contact me for a beta version of both.

--

-- 
Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de | PGP Key-Id: 7E4034BE
Permalink | Reply | 1 comment |
headers
Robert Wolfe | 4 Feb 07:05

Using Smarthost to relay email from qmail

Hi all!  Crossposting this on the local LUG mailing list as well to see if anyone locally can help, too J

 

I have an account set up at JangoMail to use them as my SMTP relay service.  However, I was wondering what I needed to do to set up QMail to allow it to use them for relaying outgoing email using an username and password (SMTP AUTH) to send any outbound messages?

Permalink | Reply | 2 comments |
headers
Asif Iqbal | 3 Feb 08:56
Picon

tcpserver: status: 120/120

qmail smtpd was was working fine and most of the time in few years it
was usually 1/120 to 5/120

I am seeing all 120 incoming connections are staying filled up.

any non patch way to limit number of incoming connection per host
making it through port 25?

here is the qmail-showctl http://pastebin.com/mx9skbWk

--

-- 
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
Permalink | Reply | 4 comments |
headers
Paspao | 27 Jan 13:49
Picon
Gravatar

missing sender in send log

Hello ,

I see some bounces in my send log with from set to  <#@[]> . I can I avoid this playing with qmail configuration?

2012-01-20 09:50:14.896769500 info msg 1279008: bytes 1782 from <#@[]> qp 23339 uid 1001

Thank you
Paolo
Permalink | Reply | 1 comment |
headers
Peter Mikeska | 25 Jan 13:46
Picon
Gravatar

badmailfrom - sa-blacklist.current weird problem

Hello,


I apologize if this not exactly qmail only related. 
Im using badmailfrom extension to qmail. and I found out that on random basis i get 2 different files from  http://www.sa-blacklist.stearns.org/sa-blacklist/sa-blacklist.current.at-domains

when I do wget that file I got either 8.6MB file stated #sa-blacklist.at-domains: 200904171539
or much smaller file 782kb stated in first line - #sa-blacklist.at-domains: 201201250535 on random basis.

I still dont find out why its behaving like this , it kind of loadbalancer split brain or what ?

does any one know why Im getting this or experiencing similar ? cron is setup download each 12 hours. 

thank you for answer

miki

Permalink | Reply | 0 comments |

Gmane