Christian Lerrahn | 1 Aug 11:42 2007
Picon

SMTPS on netqmail

Hi,
I'd like to use netqmail as an SMTPS server. Now this is easy to set up
in a run script with an ssl wrapper (e.g. sslserver) but the problem I
have is that SMTP AUTH won't work. Netqmail will usually enforce
STARTTLS before AUTH. However, this does not make any sense for SMTPS
as the channel is already encrypted as soon as you connect. I imagine
this to be easily modified in a patch even though I haven't really
checked the source code for this particular thing, yet. As I imagine
that I am not the first one to require this functionality, I decided to
ask for if such a patch already exists. I'm happy to work with a second
binary but, of course, a binary where this STARTTLS/SMTP AUTH behaviour
is configurable would be very neat, too. Anyway, if anybody knows of an
existing patch for this, could you please point me to where to get it?

Cheers,
Christian

Charrua | 1 Aug 16:02 2007
Picon

Re: Redirect all messages from one domain to another domain

Thanks a lot. This works ok. :)

Before, I tested this, but with another variables, and don't work (USER, 
LOCAL, RECIPIENT)

Thanks again.

Andrés

Kyle Wheeler escribió:
> On Tuesday, July 31 at 05:53 PM, quoth Charrua:
>> If I recive a message in the domain2.com, redirect the message to the 
>> exact name account in the domain1.com:
>
>> How to make this without make one .qmail file by email account?
>> How I use .qmail-defaul file to make a generic redirect?
>
> # cat .qmail-default
> | forward $EXT <at> domain1.com
>
> ~Kyle

Kyle Wheeler | 1 Aug 17:37 2007
Picon

Re: Redirect all messages from one domain to another domain

On Wednesday, August  1 at 11:02 AM, quoth Charrua:
>Thanks a lot. This works ok. :)

You're quite welcome.

>Before, I tested this, but with another variables, and don't work 
>(USER, LOCAL, RECIPIENT)

Indeed, because of how qmail's virtual domaining works. When qmail 
makes a domain virtual, it prepends addresses with a string. For 
example, if you had the following in your virtualdomains file:

    domain2.com:foo

That means that domain2.com addresses are controlled by the user "foo" 
and all user <at> domain2.com addresses are internally rewritten as 
foo-user <at> domain2.com. Thus, when they're delivered, $USER is "foo", 
$LOCAL is "foo-user" and RECIPIENT is "foo-user <at> domain2.com". 
Obviously, what you're needing is the extension to the address 
("user"), which is stored in $EXT.

Those environment variables are spelled out and fully described in the 
qmail-command man page.

~Kyle
--

-- 
The government is like a baby's alimentary canal, with a happy 
appetite at one end and no responsibility at the other.
                                                      -- Ronald Reagan
(Continue reading)

Kyle Wheeler | 1 Aug 17:32 2007
Picon

Re: SMTPS on netqmail

On Wednesday, August  1 at 07:42 PM, quoth Christian Lerrahn:
> I'd like to use netqmail as an SMTPS server. Now this is easy to set 
> up in a run script with an ssl wrapper (e.g. sslserver) but the 
> problem I have is that SMTP AUTH won't work. Netqmail will usually 
> enforce STARTTLS before AUTH.

Netqmail does *not* usually enforce STARTTLS before AUTH. To get it to 
do that, you must have applied a patch of some kind. What patch did 
you use? Chances are (if its a good patch) it probably allows you to 
set some environment variable to circumvent the requirement.

An example of a patch that gives you that kind of control is JMS's set 
of patches, here: http://qmail.jms1.net/tls-auth.shtml

~Kyle
--

-- 
This job of playing God is a little too big for me. Nevertheless, 
someone has to do it, so I'll try my best to fake it.
                                                         -- Larry Wall
Shaohui Zheng | 1 Aug 16:11 2007
Picon

Re: Redirect all messages from one domain to another domain

you can use "env" command to get what variable can be used, if you embed this command in your script, it will write the output in mail log,

On 8/1/07, Charrua <charrua <at> kernel.net.uy> wrote:
Thanks a lot. This works ok. :)

Before, I tested this, but with another variables, and don't work (USER,
LOCAL, RECIPIENT)

Thanks again.

Andrés

Kyle Wheeler escribió:
> On Tuesday, July 31 at 05:53 PM, quoth Charrua:
>> If I recive a message in the domain2.com , redirect the message to the
>> exact name account in the domain1.com:
>
>> How to make this without make one .qmail file by email account?
>> How I use .qmail-defaul file to make a generic redirect?
>
> # cat .qmail-default
> | forward $EXT <at> domain1.com
>
> ~Kyle



--
Best regards
Shaohui
Christian Lerrahn | 2 Aug 02:23 2007
Picon

Re: SMTPS on netqmail

On Wed, 1 Aug 2007 10:32:22 -0500
Kyle Wheeler <kyle-qmail <at> memoryhole.net> wrote:

> On Wednesday, August  1 at 07:42 PM, quoth Christian Lerrahn:
> > I'd like to use netqmail as an SMTPS server. Now this is easy to
> > set up in a run script with an ssl wrapper (e.g. sslserver) but the 
> > problem I have is that SMTP AUTH won't work. Netqmail will usually 
> > enforce STARTTLS before AUTH.
> 
> Netqmail does *not* usually enforce STARTTLS before AUTH. To get it
> to do that, you must have applied a patch of some kind. What patch
> did you use? Chances are (if its a good patch) it probably allows you
> to set some environment variable to circumvent the requirement.
> 
> An example of a patch that gives you that kind of control is JMS's
> set of patches, here: http://qmail.jms1.net/tls-auth.shtml

You're right. I actually use the patch from http://shupp.org, too. The
patch actually has an smtps variable as you said, I'll try using that.
Thanks for the kind reply. I should have made sure that I have nothing
but the netqmail patch before. My mistake.

Cheers,
Christian

Suhaime Raeze | 2 Aug 17:20 2007

pop3 port is in filtered status

Dear all

i really need ur advice. Recently, users of my qmail server has been
complaining of slow downloading of emails via pop and also time out on the
mail server. My users are all local and the connection to and from the
server is fine.

Ive ran nmap to see if any of the ports are closed/filtered to the server.
I found out that the pop port 110 is filtered. When this happens the
connection to the email server timed out.

The server has been running perfectly for the past year. Is there any
reason that may have caused this situation and solution to it?

Thanks in advance

Kyle Wheeler | 2 Aug 17:51 2007
Picon

Re: pop3 port is in filtered status

On Thursday, August  2 at 11:20 PM, quoth Suhaime Raeze:
>Ive ran nmap to see if any of the ports are closed/filtered to the 
>server. I found out that the pop port 110 is filtered. When this 
>happens the connection to the email server timed out.

Nmap reports that a port is "filtered" that means that it is 
*completely* unresponsive.

Did you change anything recently? Upgrade anything? Install anything? 
Configure anything?

What do your pop3 logs say?

~Kyle
--

-- 
The government of the United States is not in any sense founded on the 
Christian Religion.
                                        -- US Treaty with Tripoly, 1797
Julian Grunnell | 3 Aug 16:28 2007
Picon
Picon

ucspi-tcp / rblsmtpd query

Hi - I know this is not strictly speaking a qmail query but can't see a qmail mailing list that deals specifically with rblsmtpd so I'll ask here on the off chance that someone knows whats going on. In a nutshell the rblsmtp daemon is querying IP's and the results are having the IP reversed and mail is getting blocked incorrectly. This is completely random and I've only been made aware of one example so far. A customer with several domains that sends via the IP 217.68.241.200.
 
snippet from /var/log/qmail/smtpd/current
 
2007-08-03 12:59:00.321447500 tcpserver: pid 27334 from 217.68.241.200
2007-08-03 12:59:00.321450500 tcpserver: ok 27334 inbound1.firstnet.net.uk:10.10.11.7:25 :217.68.241.200::38264
2007-08-03 12:59:00.323081500 rblsmtpd: 217.68.241.200 pid 27334: 451 http://www.spamhaus.org/query/bl?ip=200.241.68.217
 
actual IP is 217.68.241.200
spamhaus result is 200.241.68.217
 
The IP 200.241.68.217 is actually black liste and causing the mail from 217.68.241.200 to be rejected?
 
Anyone seen this odd behaviour before?
 
Thanks - Julian.
 

Julian Grunnell
3rd Line Technical Support
Pipex Communications

Tel: 0113 344 1304
Mob: 07803 649593
Web: http://www.pipex.com/

This e-mail is subject to: http://www.pipex.net/disclaimer.html

 
Charles Cazabon | 3 Aug 17:32 2007
Picon

Re: ucspi-tcp / rblsmtpd query

Julian Grunnell <julian.grunnell <at> pipex.net> wrote:
> Hi - I know this is not strictly speaking a qmail query but can't see a
> qmail mailing list that deals specifically with rblsmtpd so I'll ask here on
> the off chance that someone knows whats going on. In a nutshell the rblsmtp
> daemon is querying IP's and the results are having the IP reversed and mail
> is getting blocked incorrectly. This is completely random and I've only been
> made aware of one example so far. A customer with several domains that sends
> via the IP 217.68.241.200.
>  
> snippet from /var/log/qmail/smtpd/current
>  
> 2007-08-03 12:59:00.321447500 tcpserver: pid 27334 from 217.68.241.200
[...]
> 2007-08-03 12:59:00.323081500 rblsmtpd: 217.68.241.200 pid 27334: 451
> http://www.spamhaus.org/query/bl?ip=200.241.68.217
[...]  
> Anyone seen this odd behaviour before?

Hmmm, no.  First question: do you have any patches applied to your
daemontools or ucspi-tcp installations, or are they pure-djb?

Charles
--

-- 
--------------------------------------------------------------------------
Charles Cazabon                               <qmail <at> discworld.dyndns.org>
Read http://pyropus.ca/personal/writings/12-steps-to-qmail-list-bliss.html
My services include qmail consulting.  See http://pyropus.ca/ for details.
--------------------------------------------------------------------------


Gmane